Welcome to TiddlyWiki created by Jeremy Ruston; Copyright © 2004-2007 Jeremy Ruston, Copyright © 2007-2011 UnaMesa Association
/% |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!show
<<tiddler {{
var co=config.options;
if (co.chkShowLeftSidebar===undefined) co.chkShowLeftSidebar=true;
var mm=document.getElementById('mainMenu');
var da=document.getElementById('displayArea');
if (mm) {
mm.style.display=co.chkShowLeftSidebar?'block':'none';
da.style.marginLeft=co.chkShowLeftSidebar?'':'1em';
}
'';}}>><html><nowiki><a href='javascript:;' title="$2"
onmouseover="
this.href='javascript:void(eval(decodeURIComponent(%22(function(){try{('
+encodeURIComponent(encodeURIComponent(this.onclick))
+')()}catch(e){alert(e.description?e.description:e.toString())}})()%22)))';"
onclick="
var co=config.options;
var opt='chkShowLeftSidebar';
var show=co[opt]=!co[opt];
var mm=document.getElementById('mainMenu');
var da=document.getElementById('displayArea');
if (mm) {
mm.style.display=show?'block':'none';
da.style.marginLeft=show?'':'1em';
}
saveOptionCookie(opt);
var labelShow=co.txtToggleLeftSideBarLabelShow||'►';
var labelHide=co.txtToggleLeftSideBarLabelHide||'◄';
if (this.innerHTML==labelShow||this.innerHTML==labelHide)
this.innerHTML=show?labelHide:labelShow;
this.title=(show?'masquer':'montrer')+' le menu à gauche';
var sm=document.getElementById('storyMenu');
if (sm) config.refreshers.content(sm);
return false;
">$1</a></html>
!end
%/<<tiddler {{
var src='.ToggleLeftSidebar';
src+(tiddler&&tiddler.title==src?'##info':'##show');
}} with: {{
var co=config.options;
var labelShow=co.txtToggleLeftSideBarLabelShow||'►◁'; /%0C%/
var labelHide=co.txtToggleLeftSideBarLabelHide||'◄▷'; /%0C%/
'$1'!='$'+'1'?'$1':(co.chkShowLeftSidebar?labelHide:labelShow);
}} {{
var tip=(config.options.chkShowLeftSidebar?'cacher':'montrer')+' le menu gauche'; /%0C%/
'$2'!='$'+'2'?'$2':tip;
}}>>
/% |Author|Eric Shulman|License|https://www.TiddlyTools.com/#LegalStatements|
%/<html><nowiki><a href="javascript:;" title="masquer/montrer l'en-tête" /%0C%/
onmouseover="
this.href='javascript:void(eval(decodeURIComponent(%22(function(){try{('
+encodeURIComponent(encodeURIComponent(this.onclick))
+')()}catch(e){alert(e.description?e.description:e.toString())}})()%22)))';"
onclick="
var c=document.getElementById('contentWrapper'); if (!c) return;
for (var i=0; i<c.childNodes.length; i++)
if (hasClass(c.childNodes[i],'header')) { var h=c.childNodes[i]; break; }
if (!h) return;
config.options.chkHideSiteTitles=h.style.display!='none';
h.style.display=config.options.chkHideSiteTitles?'none':'block';
saveOptionCookie('chkHideSiteTitles');
return false;
">△▼</a></html>
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
*/
//{{{
version.extensions.BreadcrumbsPlugin= {major: 2, minor: 1, revision: 4, date: new Date(2011,2,16)};
var defaults={
chkShowBreadcrumbs: true,
chkReorderBreadcrumbs: true,
chkCreateDefaultBreadcrumbs: true,
chkShowStartupBreadcrumbs: false,
chkBreadcrumbsReverse: false,
chkBreadcrumbsLimit: false,
txtBreadcrumbsLimit: 5,
chkBreadcrumbsLimitOpenTiddlers:false,
txtBreadcrumbsLimitOpenTiddlers:3,
chkBreadcrumbsHideHomeLink: false,
chkBreadcrumbsSave: false,
txtBreadcrumbsHomeSeparator: ' | ',
txtBreadcrumbsCrumbSeparator: ' > '
};
for (var id in defaults) if (config.options[id]===undefined)
config.options[id]=defaults[id];
config.macros.breadcrumbs = {
crumbs: [], // the list of current breadcrumbs
askMsg: "Save current breadcrumbs before clearing?\n"
+"Press OK to save, or CANCEL to continue without saving.",
saveMsg: 'Enter the name of a tiddler in which to save the current breadcrumbs',
saveTitle: 'SavedBreadcrumbs',
handler: function(place,macroName,params,wikifier,paramString,tiddler) {
var area=createTiddlyElement(place,"span",null,"breadCrumbs",null);
area.setAttribute("homeSep",params[0]||config.options.txtBreadcrumbsHomeSeparator);
area.setAttribute("crumbSep",params[1]||config.options.txtBreadcrumbsCrumbSeparator);
this.render(area);
},
add: function (title) {
var thisCrumb = title;
var ind = this.crumbs.indexOf(thisCrumb);
if(ind === -1)
this.crumbs.push(thisCrumb);
else if (config.options.chkReorderBreadcrumbs)
this.crumbs.push(this.crumbs.splice(ind,1)[0]); // reorder crumbs
else
this.crumbs=this.crumbs.slice(0,ind+1); // trim crumbs
if (config.options.chkBreadcrumbsLimitOpenTiddlers)
this.limitOpenTiddlers();
this.refresh();
return false;
},
getAreas: function() {
var crumbAreas=[];
// find all DIVs with classname=="breadCrumbs"
var all=document.getElementsByTagName("*");
for (var i=0; i<all.length; i++)
try{ if (hasClass(all[i],"breadCrumbs")) crumbAreas.push(all[i]); } catch(e) {;}
// or, find single DIV w/fixed ID (backward compatibility)
var byID=document.getElementById("breadCrumbs")
if (byID && !hasClass(byID,"breadCrumbs")) crumbAreas.push(byID);
if (!crumbAreas.length && config.options.chkCreateDefaultBreadcrumbs) {
// no crumbs display... create one
var defaultArea = createTiddlyElement(null,"span",null,"breadCrumbs",null);
defaultArea.style.display= "none";
var targetArea= document.getElementById("tiddlerDisplay");
targetArea.parentNode.insertBefore(defaultArea,targetArea);
crumbAreas.push(defaultArea);
}
return crumbAreas;
},
refresh: function() {
var crumbAreas=this.getAreas();
for (var i=0; i<crumbAreas.length; i++) {
crumbAreas[i].style.display = config.options.chkShowBreadcrumbs?"inline":"none";
removeChildren(crumbAreas[i]);
this.render(crumbAreas[i]);
}
},
render: function(here) {
var co=config.options; var out=""
if (!co.chkBreadcrumbsHideHomeLink) {
createTiddlyButton(here,"Accueil",null,this.home,"tiddlyLink tiddlyLinkExisting");
out+=here.getAttribute("homeSep")||config.options.txtBreadcrumbsHomeSeparator;
}
for (c=0; c<this.crumbs.length; c++) // remove non-existing tiddlers from crumbs
if (!store.tiddlerExists(this.crumbs[c]) && !store.isShadowTiddler(this.crumbs[c]))
this.crumbs.splice(c,1);
var count=this.crumbs.length;
if (co.chkBreadcrumbsLimit && co.txtBreadcrumbsLimit<count) count=co.txtBreadcrumbsLimit;
var list=[];
for (c=this.crumbs.length-count; c<this.crumbs.length; c++) list.push('[['+this.crumbs[c]+']]');
if (co.chkBreadcrumbsReverse) list.reverse();
out+=list.join(here.getAttribute("crumbSep")||config.options.txtBreadcrumbsCrumbSeparator);
wikify(out,here);
},
home: function() {
var cmb=config.macros.breadcrumbs;
if (config.options.chkBreadcrumbsSave && confirm(cmb.askMsg)) cmb.saveCrumbs();
story.closeAllTiddlers(); restart();
cmb.crumbs = []; var crumbAreas=cmb.getAreas();
for (var i=0; i<crumbAreas.length; i++) crumbAreas[i].style.display = "none";
return false;
},
saveCrumbs: function() {
var tid=prompt(this.saveMsg,this.saveTitle); if (!tid||!tid.length) return; // cancelled by user
var t=store.getTiddler(tid);
if(t && !confirm(config.messages.overwriteWarning.format([tid]))) return;
var who=config.options.txtUserName;
var when=new Date();
var text='[['+this.crumbs.join(']]\n[[')+']]';
var tags=t?t.tags:[]; tags.pushUnique('story');
var fields=t?t.fields:{};
store.saveTiddler(tid,tid,text,who,when,tags,fields);
story.displayTiddler(null,tid);
story.refreshTiddler(tid,null,true);
displayMessage(tid+' has been '+(t?'updated':'created'));
},
limitOpenTiddlers: function() {
var limit=config.options.txtBreadcrumbsLimitOpenTiddlers; if (limit<1) limit=1;
for (c=this.crumbs.length-1; c>=0; c--) {
var tid=this.crumbs[c];
var elem=story.getTiddler(tid);
if (elem) { // tiddler is displayed
if (limit <=0) { // display limit has been reached
if (elem.getAttribute("dirty")=="true") { // tiddler is being edited
var msg= "'"+tid+"' is currently being edited.\n\n"
+"Press OK to save and close this tiddler\n"
+"or press Cancel to leave it opened";
if (confirm(msg)) {
story.closeTiddler(tid);
}
}
else story.closeTiddler(this.crumbs[c]);
}
limit--;
}
}
}
};
//}}}
// // PreviousTiddler ('back') command and macro
//{{{
config.commands.previousTiddler = {
text: 'back',
tooltip: 'view the previous tiddler',
handler: function(event,src,title) {
var crumbs=config.macros.breadcrumbs.crumbs;
if (crumbs.length<2) config.macros.breadcrumbs.home();
else story.displayTiddler(story.findContainingTiddler(src),crumbs[crumbs.length-2]);
return false;
}
};
config.macros.previousTiddler= {
label: 'back',
prompt: 'view the previous tiddler',
handler: function(place,macroName,params,wikifier,paramString,tiddler) {
var label=params.shift(); if (!label) label=this.label;
var prompt=params.shift(); if (!prompt) prompt=this.prompt;
createTiddlyButton(place,label,prompt,function(ev){
return config.commands.previousTiddler.handler(ev,this)
});
}
}//}}}
// // HIJACKS
//{{{
// update crumbs when a tiddler is displayed
if (Story.prototype.breadCrumbs_coreDisplayTiddler==undefined)
Story.prototype.breadCrumbs_coreDisplayTiddler=Story.prototype.displayTiddler;
Story.prototype.displayTiddler = function(srcElement,tiddler) {
var title=(tiddler instanceof Tiddler)?tiddler.title:tiddler;
this.breadCrumbs_coreDisplayTiddler.apply(this,arguments);
if (!startingUp || config.options.chkShowStartupBreadcrumbs)
config.macros.breadcrumbs.add(title);
}
// update crumbs when a tiddler is deleted
if (TiddlyWiki.prototype.breadCrumbs_coreRemoveTiddler==undefined)
TiddlyWiki.prototype.breadCrumbs_coreRemoveTiddler=TiddlyWiki.prototype.removeTiddler;
TiddlyWiki.prototype.removeTiddler= function() {
this.breadCrumbs_coreRemoveTiddler.apply(this,arguments);
config.macros.breadcrumbs.refresh();
}
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!Configuration
<<<
<<option chkDisableWikiLinks>> Disable ALL automatic WikiWord tiddler links
<<option chkAllowLinksFromShadowTiddlers>> ... except for WikiWords //contained in// shadow tiddlers
<<option chkDisableNonExistingWikiLinks>> Disable automatic WikiWord links for non-existing tiddlers
Disable automatic WikiWord links for words listed in: <<option txtDisableWikiLinksList>>
Disable automatic WikiWord links for tiddlers tagged with: <<option txtDisableWikiLinksTag>>
<<<
!Code
*/
//{{{
version.extensions.DisableWikiLinksPlugin= {major: 1, minor: 6, revision: 0, date: new Date(2008,7,22)};
if (config.options.chkDisableNonExistingWikiLinks==undefined) config.options.chkDisableNonExistingWikiLinks= false;
if (config.options.chkDisableWikiLinks==undefined) config.options.chkDisableWikiLinks=false;
if (config.options.txtDisableWikiLinksList==undefined) config.options.txtDisableWikiLinksList="DisableWikiLinksList";
if (config.options.chkAllowLinksFromShadowTiddlers==undefined) config.options.chkAllowLinksFromShadowTiddlers=true;
if (config.options.txtDisableWikiLinksTag==undefined) config.options.txtDisableWikiLinksTag="excludeWikiWords";
// find the formatter for wikiLink and replace handler with 'pass-thru' rendering
initDisableWikiLinksFormatter();
function initDisableWikiLinksFormatter() {
for (var i=0; i<config.formatters.length && config.formatters[i].name!="wikiLink"; i++);
config.formatters[i].coreHandler=config.formatters[i].handler;
config.formatters[i].handler=function(w) {
// supress any leading "~" (if present)
var skip=(w.matchText.substr(0,1)==config.textPrimitives.unWikiLink)?1:0;
var title=w.matchText.substr(skip);
var exists=store.tiddlerExists(title);
var inShadow=w.tiddler && store.isShadowTiddler(w.tiddler.title);
// check for excluded Tiddler
if (w.tiddler && w.tiddler.isTagged(config.options.txtDisableWikiLinksTag))
{ w.outputText(w.output,w.matchStart+skip,w.nextMatch); return; }
// check for specific excluded wiki words
var t=store.getTiddlerText(config.options.txtDisableWikiLinksList);
if (t && t.length && t.indexOf(w.matchText)!=-1)
{ w.outputText(w.output,w.matchStart+skip,w.nextMatch); return; }
// if not disabling links from shadows (default setting)
if (config.options.chkAllowLinksFromShadowTiddlers && inShadow)
return this.coreHandler(w);
// check for non-existing non-shadow tiddler
if (config.options.chkDisableNonExistingWikiLinks && !exists)
{ w.outputText(w.output,w.matchStart+skip,w.nextMatch); return; }
// if not enabled, just do standard WikiWord link formatting
if (!config.options.chkDisableWikiLinks)
return this.coreHandler(w);
// just return text without linking
w.outputText(w.output,w.matchStart+skip,w.nextMatch)
}
}
Tiddler.prototype.coreAutoLinkWikiWords = Tiddler.prototype.autoLinkWikiWords;
Tiddler.prototype.autoLinkWikiWords = function()
{
if (!config.options.chkDisableWikiLinks)
return this.coreAutoLinkWikiWords.apply(this,arguments);
return false;
}
Tiddler.prototype.disableWikiLinks_changed = Tiddler.prototype.changed;
Tiddler.prototype.changed = function()
{
this.disableWikiLinks_changed.apply(this,arguments);
var t=store.getTiddlerText(config.options.txtDisableWikiLinksList,"").readBracketedList();
if (t.length) for (var i=0; i<t.length; i++)
if (this.links.contains(t[i]))
this.links.splice(this.links.indexOf(t[i]),1);
};
//}}}
/* |Author|Yakov Litvin|Forked from|[[abego.ForEachTiddlerPlugin|http://tiddlywiki.abego-software.de/#ForEachTiddlerPlugin]], by Udo Borkowski| */
//{{{
(function(){
// Only install once
if (version.extensions.ForEachTiddlerPlugin) {
alert("Warning: more than one copy of ForEachTiddlerPlugin is set to be launched");
return;
} else
version.extensions.ForEachTiddlerPlugin = {
source: "[repository url here]",
licence: "[licence url here]",
copyright: "Copyright (c) Yakov Litvin, 2012 [url of the meta page]"
};
config.macros.forEachTiddler = {
actions: {
addToList: {},
write: {}
}
};
config.macros.forEachTiddler.handler = function(place,macroName,params,wikifier,paramString,tiddler) {
var parsedParams = this.parseParams(params);
if (parsedParams.errorText) {
this.handleError(place, parsedParams.errorText);
return;
}//else
parsedParams.place = place;
parsedParams.inTiddler = tiddler? tiddler : getContainingTiddler(place);
parsedParams.actionName = parsedParams.actionName ? parsedParams.actionName : "addToList";
var actionName = parsedParams.actionName;
var action = this.actions[actionName];
if (!action) {
this.handleError(place, "Unknown action '"+actionName+"'.");
return;
}
var element = document.createElement(action.element);
jQuery(element).attr({ refresh: "macro", macroName: macroName }).data(parsedParams);
place.appendChild(element);
this.refresh(element);
};
config.macros.forEachTiddler.refresh = function(element) {
var parsedParams = jQuery(element).data(),
action = this.actions[parsedParams.actionName];
jQuery(element).empty();
try {
var tiddlersAndContext = this.getTiddlersAndContext(parsedParams);
action.handler(element, tiddlersAndContext.tiddlers,
parsedParams.actionParameter, tiddlersAndContext.context);
} catch (e) {
this.handleError(place, e);
}
};
config.macros.forEachTiddler.getTiddlersAndContext = function(parameter) {
var context = config.macros.forEachTiddler.createContext(parameter.place, parameter.filter, parameter.whereClause, parameter.sortClause, parameter.sortAscending, parameter.actionName, parameter.actionParameter, parameter.scriptText, parameter.tiddlyWikiPath, parameter.inTiddler);
var tiddlyWiki = parameter.tiddlyWikiPath ? this.loadTiddlyWiki(parameter.tiddlyWikiPath) : store;
context["tiddlyWiki"] = tiddlyWiki;
var tiddlers = this.findTiddlers(parameter.filter, parameter.whereClause, context, tiddlyWiki);
context["tiddlers"] = tiddlers;
if (parameter.sortClause)
this.sortTiddlers(tiddlers, parameter.sortClause, parameter.sortAscending, context);
return {tiddlers: tiddlers, context: context};
};
config.macros.forEachTiddler.actions.addToList.element = "ul";
config.macros.forEachTiddler.actions.addToList.handler = function(place, tiddlers, parameter, context) {
var p = 0;
if (parameter.length > p) {
config.macros.forEachTiddler.createExtraParameterErrorElement(place, "addToList", parameter, p);
return;
}
for (var i = 0; i < tiddlers.length; i++) {
var tiddler = tiddlers[i];
var listItem = document.createElement("li");
place.appendChild(listItem);
createTiddlyLink(listItem, tiddler.title, true);
}
};
var parseNamedParameter = function(name, parameter, i) {
var beginExpression = null;
if ((i < parameter.length) && parameter[i] == name) {
i++;
if (i >= parameter.length) {
throw "Missing text behind '%0'".format([name]);
}
return config.macros.forEachTiddler.paramEncode(parameter[i]);
}
return null;
}
config.macros.forEachTiddler.actions.write.element = "span";
config.macros.forEachTiddler.actions.write.handler = function(place, tiddlers, parameter, context) {
var p = 0;
if (p >= parameter.length) {
this.handleError(place, "Missing expression behind 'write'.");
return;
}
var textExpression = config.macros.forEachTiddler.paramEncode(parameter[p]);
p++;
var beginExpression = parseNamedParameter("begin", parameter, p);
if (beginExpression !== null)
p += 2;
var endExpression = parseNamedParameter("end", parameter, p);
if (endExpression !== null)
p += 2;
var noneExpression = parseNamedParameter("none", parameter, p);
if (noneExpression !== null)
p += 2;
var filename = null;
var lineSeparator = undefined;
if ((p < parameter.length) && parameter[p] == "toFile") {
p++;
if (p >= parameter.length) {
this.handleError(place, "Filename expected behind 'toFile' of 'write' action.");
return;
}
filename = config.macros.forEachTiddler.getLocalPath(config.macros.forEachTiddler.paramEncode(parameter[p]));
p++;
if ((p < parameter.length) && parameter[p] == "withLineSeparator") {
p++;
if (p >= parameter.length) {
this.handleError(place, "Line separator text expected behind 'withLineSeparator' of 'write' action.");
return;
}
lineSeparator = config.macros.forEachTiddler.paramEncode(parameter[p]);
p++;
}
}
if (parameter.length > p) {
config.macros.forEachTiddler.createExtraParameterErrorElement(place, "write", parameter, p);
return;
}
var func = config.macros.forEachTiddler.getEvalTiddlerFunction(textExpression, context);
var count = tiddlers.length;
var text = "";
if (count > 0 && beginExpression)
text += config.macros.forEachTiddler.getEvalTiddlerFunction(beginExpression, context)(undefined, context, count, undefined);
for (var i = 0; i < count; i++) {
var tiddler = tiddlers[i];
text += func(tiddler, context, count, i);
}
if (count > 0 && endExpression)
text += config.macros.forEachTiddler.getEvalTiddlerFunction(endExpression, context)(undefined, context, count, undefined);
if (count == 0 && noneExpression)
text += config.macros.forEachTiddler.getEvalTiddlerFunction(noneExpression, context)(undefined, context, count, undefined);
if (filename) {
if (lineSeparator !== undefined) {
lineSeparator = lineSeparator.replace(/\\n/mg, "\n").replace(/\\r/mg, "\r");
text = text.replace(/\n/mg,lineSeparator);
}
saveFile(filename, convertUnicodeToUTF8(text));
} else
wikify(text, place, null/* highlightRegExp */, context.inTiddler);
};
config.macros.forEachTiddler.parseParams = function(params) {
var i = 0; // index running over the params
var tiddlyWikiPath = undefined;
if ((i < params.length) && params[i] == "in") {
i++;
if (i >= params.length)
return { errorText: "TiddlyWiki path expected behind 'in'." };
tiddlyWikiPath = this.paramEncode((i < params.length) ? params[i] : "");
i++;
}
if ((i < params.length) && params[i] == "filter") {
i++;
var filter = (i < params.length) ? params[i] : undefined;
i++;
}
var whereClause ="true";
if ((i < params.length) && params[i] == "where") {
i++;
whereClause = this.paramEncode((i < params.length) ? params[i] : "");
i++;
}
var sortClause = null;
var sortAscending = true;
if ((i < params.length) && params[i] == "sortBy") {
i++;
if (i >= params.length)
return { errorText: "sortClause missing behind 'sortBy'." };
sortClause = this.paramEncode(params[i]);
i++;
if ((i < params.length) && (params[i] == "ascending" || params[i] == "descending")) {
sortAscending = params[i] == "ascending";
i++;
}
}
var scriptText = null;
if ((i < params.length) && params[i] == "script") {
i++;
scriptText = this.paramEncode((i < params.length) ? params[i] : "");
i++;
}
var actionName = "addToList";
if (i < params.length) {
if (!config.macros.forEachTiddler.actions[params[i]])
return { errorText: "Unknown action '"+params[i]+"'." };
else {
actionName = params[i];
i++;
}
}
var actionParameter = params.slice(i);
return {
filter: filter,
whereClause: whereClause,
sortClause: sortClause,
sortAscending: sortAscending,
actionName: actionName,
actionParameter: actionParameter,
scriptText: scriptText,
tiddlyWikiPath: tiddlyWikiPath
}
};
var getContainingTiddler = function(e) {
while(e && !hasClass(e,"tiddler"))
e = e.parentNode;
var title = e ? e.getAttribute("tiddler") : null;
return title ? store.getTiddler(title) : null;
};
config.macros.forEachTiddler.createContext = function(placeParam, filterParam, whereClauseParam, sortClauseParam, sortAscendingParam, actionNameParam, actionParameterParam, scriptText, tiddlyWikiPathParam, inTiddlerParam) {
return {
place : placeParam,
filter : filterParam,
whereClause : whereClauseParam,
sortClause : sortClauseParam,
sortAscending : sortAscendingParam,
script : scriptText,
actionName : actionNameParam,
actionParameter : actionParameterParam,
tiddlyWikiPath : tiddlyWikiPathParam,
inTiddler : inTiddlerParam, // the tiddler containing the <<forEachTiddler ...>> macro call.
viewerTiddler : getContainingTiddler(placeParam) //the tiddler showing the forEachTiddler result
};
};
config.macros.forEachTiddler.loadTiddlyWiki = function(path, idPrefix) {
if (!idPrefix) {
idPrefix = "store";
}
var lenPrefix = idPrefix.length;
var content = loadFile(this.getLocalPath(path));
if(content === null) {
throw "TiddlyWiki '"+path+"' not found.";
}
var tiddlyWiki = new TiddlyWiki();
if (!tiddlyWiki.importTiddlyWiki(content))
throw "File '"+path+"' is not a TiddlyWiki.";
tiddlyWiki.dirty = false;
return tiddlyWiki;
};
config.macros.forEachTiddler.getEvalTiddlerFunction = function (javaScriptExpression, context) {
var script = context["script"];
var functionText = "var theFunction = function(tiddler, context, count, index) { return "+javaScriptExpression+"}";
var fullText = (script ? script+";" : "")+functionText+";theFunction;";
return eval(fullText);
};
config.macros.forEachTiddler.findTiddlers = function(filter, whereClause, context, tiddlyWiki) {
var result = [];
var func = config.macros.forEachTiddler.getEvalTiddlerFunction(whereClause, context);
if(filter) {
var tids = tiddlyWiki.filterTiddlers(filter);
for(var i = 0; i < tids.length; i++)
if(func(tids[i], context, undefined, undefined))
result.push(tids[i]);
} else
tiddlyWiki.forEachTiddler(function(title,tiddler) {
if(func(tiddler, context, undefined, undefined))
result.push(tiddler);
});
return result;
};
config.macros.forEachTiddler.sortAscending = function(tiddlerA, tiddlerB) {
return ((tiddlerA.forEachTiddlerSortValue == tiddlerB.forEachTiddlerSortValue)
? 0
: ((tiddlerA.forEachTiddlerSortValue < tiddlerB.forEachTiddlerSortValue)
? -1
: +1))
};
config.macros.forEachTiddler.sortDescending = function(tiddlerA, tiddlerB) {
return ((tiddlerA.forEachTiddlerSortValue == tiddlerB.forEachTiddlerSortValue)
? 0
: ((tiddlerA.forEachTiddlerSortValue < tiddlerB.forEachTiddlerSortValue)
? +1
: -1))
};
config.macros.forEachTiddler.sortTiddlers = function(tiddlers, sortClause, ascending, context) {
var func = config.macros.forEachTiddler.getEvalTiddlerFunction(sortClause, context);
var count = tiddlers.length;
var i;
for (i = 0; i < count; i++) {
var tiddler = tiddlers[i];
tiddler.forEachTiddlerSortValue = func(tiddler,context, undefined, undefined);
}
tiddlers.sort(ascending ? this.sortAscending : this.sortDescending);
for (i = 0; i < tiddlers.length; i++)
delete tiddlers[i].forEachTiddlerSortValue;
};
config.macros.forEachTiddler.createErrorElement = function(place, exception) {
var message = (exception.description) ? exception.description : exception.toString();
return createTiddlyElement(place,"span",null,"forEachTiddlerError","<<forEachTiddler ...>>: "+message);
};
config.macros.forEachTiddler.handleError = function(place, exception) {
if (place) {
this.createErrorElement(place, exception);
} else {
throw exception;
}
};
config.macros.forEachTiddler.createExtraParameterErrorElement = function(place, actionName, parameter, firstUnusedIndex) {
var message = "Extra parameter behind '"+actionName+"':";
for (var i = firstUnusedIndex; i < parameter.length; i++) {
message += " "+parameter[i];
}
this.handleError(place, message);
};
config.macros.forEachTiddler.paramEncode = function(s) {
var reGTGT = new RegExp("\\$\\)\\)","mg");
var reGT = new RegExp("\\$\\)","mg");
return s.replace(reGTGT, ">>").replace(reGT, ">");
};
config.macros.forEachTiddler.getLocalPath = function(originalPath) {
var originalAbsolutePath = originalPath;
if(originalAbsolutePath.search(/^((http(s)?)|(file)):/) != 0) {
if (originalAbsolutePath.search(/^(.\:\\)|(\\\\)|(\/)/) != 0){// is relative?
var currentUrl = document.location.toString();
var currentPath = (currentUrl.lastIndexOf("/") > -1) ?
currentUrl.substr(0, currentUrl.lastIndexOf("/") + 1) :
currentUrl + "/";
originalAbsolutePath = currentPath + originalAbsolutePath;
} else
originalAbsolutePath = "file://" + originalAbsolutePath;
originalAbsolutePath = originalAbsolutePath.replace(/\\/mg,"/");
}
return getLocalPath(originalAbsolutePath);
};
setStylesheet(
".forEachTiddlerError{color: #ffffff;background-color: #880000;}",
"forEachTiddler");
config.macros.fet = config.macros.forEachTiddler;
String.prototype.startsWith = function(prefix) {
var n = prefix.length;
return (this.length >= n) && (this.slice(0, n) == prefix);
};
String.prototype.endsWith = function(suffix) {
var n = suffix.length;
return (this.length >= n) && (this.right(n) == suffix);
};
String.prototype.contains = function(substring) {
return this.indexOf(substring) >= 0;
};
})();
Tiddler.prototype.getSlice = function(sliceName,defaultText) {
var re = TiddlyWiki.prototype.slicesRE;
re.lastIndex = 0;
var m = re.exec(this.text);
while(m) {
if(m[2]) {
if(m[2] == sliceName)
return m[3];
} else {
if(m[5] == sliceName)
return m[6];
}
m = re.exec(this.text);
}
return defaultText;
};
Tiddler.prototype.getSection = function(sectionName,defaultText) {
var beginSectionRegExp = new RegExp("(^!{1,6}[ \t]*" + sectionName.escapeRegExp() + "[ \t]*\n)","mg"),
sectionTerminatorRegExp = /^!/mg;
var match = beginSectionRegExp.exec(this.text), sectionText;
if(match) {
sectionText = this.text.substr(match.index+match[1].length);
match = sectionTerminatorRegExp.exec(sectionText);
if(match)
sectionText = sectionText.substr(0,match.index-1); // don't include final \n
return sectionText
}
return defaultText;
};
//}}}
/* |Author|Eric Shulman|1.1.1|License|http://www.TiddlyTools.com/#LegalStatements|
!Code
*/
//{{{
version.extensions.FramedLinksPlugin= {major: 1, minor: 1, revision: 1, date: new Date(2008,11,14)};
var co=config.options; // abbreviation
if (co.chkFramedLinks==undefined) co.chkFramedLinks=false;
if (co.chkFramedLinksTag==undefined) co.chkFramedLinksTag=true;
if (co.txtFramedLinksTag==undefined) co.txtFramedLinksTag="framedLinks";
if (co.txtFrameWidth==undefined) co.txtFrameWidth="100%";
if (co.txtFrameHeight==undefined) co.txtFrameHeight="80%";
window.framedLinks_createExternalLink=createExternalLink;
window.createExternalLink=function(place,url)
{
var link=this.framedLinks_createExternalLink.apply(this,arguments);
link.onclick=function(ev) { var e=ev?ev:window.event;
var co=config.options; // abbreviation
var here=story.findContainingTiddler(this);
if (here) var tid=store.getTiddler(here.getAttribute("tiddler"));
var enabled=co.chkFramedLinks || co.chkFramedLinksTag && tid && tid.isTagged(co.txtFramedLinksTag);
if (!enabled || e.ctrlKey || e.shiftKey || e.altKey) return; // BYPASS
var p=this.parentNode;
var f=this.nextSibling?this.nextSibling.firstChild:null; // get the IFRAME... maybe...
var w=co.txtFrameWidth; if (!w || !w.length) w="100%";
var h=co.txtFrameHeight; if (!h || !h.length) h="80%";
if (h.indexOf("%")) h=(findWindowHeight()*h.replace(/%/,"")/100)+"px"; // calc height as % of window
var showing=f && f.nodeName.toUpperCase()=="IFRAME"; // does IFRAME really exist?
var stretchCell=p.nodeName.toUpperCase()=="TD" && w.indexOf("%")!=-1 && w.replace(/%/,"")>=100;
if (!showing) { // create an iframe
link.style.display="block"; // force IFRAME onto line following link
if (stretchCell) { p.setAttribute("savedWidth",p.style.width); p.style.width="100%"; } // adjust TD so IFRAME stretches
var wrapper=createTiddlyElement(null,"span"); // wrapper for slider animation
wrapper.setAttribute("url",this.href); // for async loading of frame after animation completes
var f=createTiddlyElement(wrapper,"iframe"); // create IFRAME
f.style.backgroundColor="#fff"; f.style.width=w; f.style.height=h;
p.insertBefore(wrapper,this.nextSibling);
function loadURL(wrapper) { var f=wrapper.firstChild; var url=wrapper.getAttribute("url");
var d=f.contentDocument?f.contentDocument:(f.contentWindow?f.contentWindow.document:f.document);
d.open(); d.writeln("<html>connecting to "+url+"</html>"); d.close();
try { f.src=url; } // if the iframe can't handle the href
catch(e) { alert(e.description?e.description:e.toString()); } // ... then report the error
window.scrollTo(0,ensureVisible(wrapper));
}
if (!co.chkAnimate) loadURL(wrapper);
else {
var morph=new Slider(wrapper,true);
morph.callback=loadURL;
morph.properties.push({style: 'width', start: 0, end: 100, template: '%0%'});
anim.startAnimating(morph);
}
} else { // remove iframe
link.style.display="inline"; // restore link style
if (stretchCell) p.style.width=p.getAttribute("savedWidth"); // restore previous width of TD
if (!co.chkAnimate) p.removeChild(f.parentNode);
else {
var morph=new Slider(f.parentNode,false,false,"all");
morph.properties.push({style: 'width', start: 100, end: 0, template: '%0%'});
anim.startAnimating(morph);
}
}
e.cancelBubble=true; if (e.stopPropagation) e.stopPropagation(); return false;
}
return link;
}
//}}}
/* |Author|SaqImtiaz|Version|1.11|0C_Tuned| */
//{{{
config.hoverMenu={};
config.hoverMenu.settings={ align: 'right', x: 4, y: 100 };
config.hoverMenu.handler=function()
{
var theMenu = createTiddlyElement(document.getElementById("contentWrapper"), "div","hoverMenu");
theMenu.setAttribute("refresh","content");
theMenu.setAttribute("tiddler","HoverMenu");
var menuContent = store.getTiddlerText("HoverMenu");
wikify(menuContent,theMenu);
var Xloc = this.settings.x;
Yloc =this.settings.y;
var ns = (navigator.appName.indexOf("Netscape") != -1);
function SetMenu(id)
{
var GetElements=document.getElementById?document.getElementById(id):document.all?document.all[id]:document.layers[id];
if(document.layers)GetElements.style=GetElements;
GetElements.sP=function(x,y){this.style[config.hoverMenu.settings.align]=x +"px";this.style.top=y +"px";};
GetElements.x = Xloc;
GetElements.y = findScrollY();
GetElements.y += Yloc;
return GetElements;
}
window.LoCate_XY=function()
{
var pY = findScrollY();
ftlObj.y += (pY + Yloc - ftlObj.y)/15;
ftlObj.sP(ftlObj.x, ftlObj.y);
setTimeout("LoCate_XY()", 10);
}
ftlObj = SetMenu("hoverMenu");
LoCate_XY();
};
window.old_lewcid_hovermenu_restart = restart;
restart = function()
{
window.old_lewcid_hovermenu_restart();
config.hoverMenu.handler();
};
setStylesheet(
"#hoverMenu .button, #hoverMenu .tiddlyLink {border:none; background:#00F; color:#fff; padding:0 20px; float:right; margin-bottom:5px;}\sn"+
"#hoverMenu .button:hover, #hoverMenu .tiddlyLink:hover {border:none; color:#939597; background:#F5DF4D; padding:0 30px; float:right; margin-bottom:5px;}\sn"+
"#hoverMenu .button {width:100%; text-align:center}"+
"#hoverMenu { position:absolute; width:10px;}\sn"+
"\sn","hoverMenuStyles");
config.macros.renameButton={};
config.macros.renameButton.handler = function(place,macroName,params,wikifier,paramString,tiddler)
{
if (place.lastChild.tagName!="BR")
{
place.lastChild.firstChild.data = params[0];
if (params[1]) {place.lastChild.title = params[1];}
}
};
config.shadowTiddlers["HoverMenu"]="<<top>><<jump ≡→ '' top>>^^[[SolarStorm]]^^^^[[CCM]]^^^^[[CCSK]]^^^^[[CAIQ]]^^^^[[Agenda]]^^^^[[Hebdo|Newsletters]]^^^^[[Outils]]^^^^[[Veille|Veille Web]]^^";
config.macros.top={};
config.macros.top.handler=function(place,macroName)
{ createTiddlyButton(place,"→↑↑","↑ Haut de page ↑",this.onclick); }
config.macros.top.onclick=function()
{ window.scrollTo(0,0); };
config.commands.top =
{ text:" ^ ", tooltip:"^ Haut de page ^" };
config.commands.top.handler = function(event,src,title)
{ window.scrollTo(0,0); }
config.macros.jump= {};
config.macros.jump.handler = function (place,macroName,params,wikifier,paramString,tiddler)
{
var label = (params[0] && params[0]!=".")? params[0]: 'jump';
var tooltip = (params[1] && params[1]!=".")? params[1]: '→ Aller vers un article déjà ouvert';
var top = (params[2] && params[2]=='top') ? true: false;
var btn =createTiddlyButton(place,label,tooltip,this.onclick);
if (top==true)
btn.setAttribute("top","true")
}
config.macros.jump.onclick = function(e)
{
if (!e) var e = window.event;
var theTarget = resolveTarget(e);
var top = theTarget.getAttribute("top");
var popup = Popup.create(this);
if(popup)
{
if(top=="true")
{createTiddlyButton(createTiddlyElement(popup,"li"),'↑ Tout en Haut ↑','→ Aller tout en haut de cette page',config.macros.jump.top);
createTiddlyElement(popup,"hr");}
story.forEachTiddler(function(title,element) {
createTiddlyLink(createTiddlyElement(popup,"li"),title,true);
});
}
Popup.show(popup,false);
e.cancelBubble = true;
if (e.stopPropagation) e.stopPropagation();
return false;
}
config.macros.jump.top = function()
{
window.scrollTo(0,0);
}
Popup.show = function(unused,slowly)
{
var curr = Popup.stack[Popup.stack.length-1];
var rootLeft = findPosX(curr.root);
var rootTop = findPosY(curr.root);
var rootHeight = curr.root.offsetHeight;
var popupLeft = rootLeft;
var popupTop = rootTop + rootHeight;
var popupWidth = curr.popup.offsetWidth;
var winWidth = findWindowWidth();
if (isChild(curr.root,'hoverMenu'))
var x = config.hoverMenu.settings.x;
else
var x = 0;
if(popupLeft + popupWidth+x > winWidth)
popupLeft = winWidth - popupWidth -x;
if (isChild(curr.root,'hoverMenu'))
{curr.popup.style.right = x + "px";}
else
curr.popup.style.left = popupLeft + "px";
curr.popup.style.top = popupTop + "px";
curr.popup.style.display = "block";
addClass(curr.root,"highlight");
if(config.options.chkAnimate)
anim.startAnimating(new Scroller(curr.popup,slowly));
else
window.scrollTo(0,ensureVisible(curr.popup));
}
window.isChild = function(e,parentId) {
while (e != null) {
var parent = document.getElementById(parentId);
if (parent == e) return true;
e = e.parentNode;
}
return false;
};
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!Configuration
<<<
Use {{{<hide linebreaks>}}} within HTML content to wiki-style rendering of line breaks. To //always// omit all line breaks from the rendered output, you can set this option:
><<option chkHTMLHideLinebreaks>> ignore all line breaks
which can also be 'hard coded' into your document by adding the following to a tiddler, tagged with <<tag systemConfig>>
>{{{config.options.chkHTMLHideLinebreaks=true;}}}
<<<
!Code
*/
//{{{
version.extensions.HTMLFormattingPlugin= {major: 2, minor: 4, revision: 1, date: new Date(2010,5,7)};
// find the formatter for HTML and replace the handler
initHTMLFormatter();
function initHTMLFormatter()
{
for (var i=0; i<config.formatters.length && config.formatters[i].name!="html"; i++);
if (i<config.formatters.length) config.formatters[i].handler=function(w) {
if (!this.lookaheadRegExp)
this.lookaheadRegExp = new RegExp(this.lookahead,"mg");
this.lookaheadRegExp.lastIndex = w.matchStart;
var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
if(lookaheadMatch && lookaheadMatch.index == w.matchStart) {
var html=lookaheadMatch[1];
// if <nowiki> is present, just let browser handle it!
if (html.indexOf('<nowiki>')!=-1)
createTiddlyElement(w.output,"span").innerHTML=html;
else {
// if <hide linebreaks> is present, or chkHTMLHideLinebreaks is set
// suppress wiki-style literal handling of newlines
if (config.options.chkHTMLHideLinebreaks||(html.indexOf('<hide linebreaks>')!=-1))
html=html.replace(/\n/g,' ');
// remove all \r's added by IE textarea and mask newlines and macro brackets
html=html.replace(/\r/g,'').replace(/\n/g,'\\n').replace(/<</g,'%%(').replace(/>>/g,')%%');
// create span, let browser parse HTML
var e=createTiddlyElement(w.output,"span"); e.innerHTML=html;
// then re-render text nodes as wiki-formatted content
wikifyTextNodes(e,w);
}
w.nextMatch = this.lookaheadRegExp.lastIndex; // continue parsing
}
}
}
// wikify #text nodes that remain after HTML content is processed (pre-order recursion)
function wikifyTextNodes(theNode,w)
{
function unmask(s) { return s.replace(/\%%\(/g,'<<').replace(/\)\%%/g,'>>').replace(/\\n/g,'\n'); }
switch (theNode.nodeName.toLowerCase()) {
case 'style': case 'option': case 'select':
theNode.innerHTML=unmask(theNode.innerHTML);
break;
case 'textarea':
theNode.value=unmask(theNode.value);
break;
case '#text':
var txt=unmask(theNode.nodeValue);
var newNode=createTiddlyElement(null,"span");
theNode.parentNode.replaceChild(newNode,theNode);
wikify(txt,newNode,highlightHack,w.tiddler);
break;
default:
for (var i=0;i<theNode.childNodes.length;i++)
wikifyTextNodes(theNode.childNodes.item(i),w); // recursion
break;
}
}
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!Code
*/
//{{{
version.extensions.ImageSizePlugin= {major: 1, minor: 2, revision: 2, date: new Date(2010,7,24)};
//}}}
//{{{
var f=config.formatters[config.formatters.findByField("name","image")];
f.match="\\[[<>]?[Ii][Mm][Gg](?:\\([^,]*,[^\\)]*\\))?\\[";
f.lookaheadRegExp=/\[([<]?)(>?)[Ii][Mm][Gg](?:\(([^,]*),([^\)]*)\))?\[(?:([^\|\]]+)\|)?([^\[\]\|]+)\](?:\[([^\]]*)\])?\]/mg;
f.handler=function(w) {
this.lookaheadRegExp.lastIndex = w.matchStart;
var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
if(lookaheadMatch && lookaheadMatch.index == w.matchStart) {
var floatLeft=lookaheadMatch[1];
var floatRight=lookaheadMatch[2];
var width=lookaheadMatch[3];
var height=lookaheadMatch[4];
var tooltip=lookaheadMatch[5];
var src=lookaheadMatch[6];
var link=lookaheadMatch[7];
var e = w.output;
if(link) { // LINKED IMAGE
if (config.formatterHelpers.isExternalLink(link)) {
if (config.macros.attach && config.macros.attach.isAttachment(link)) {
// see [[AttachFilePluginFormatters]]
e = createExternalLink(w.output,link);
e.href=config.macros.attach.getAttachment(link);
e.title = config.macros.attach.linkTooltip + link;
} else
e = createExternalLink(w.output,link);
} else
e = createTiddlyLink(w.output,link,false,null,w.isStatic);
addClass(e,"imageLink");
}
var img = createTiddlyElement(e,"img");
if(floatLeft) img.align="left"; else if(floatRight) img.align="right";
if(width||height) {
var x=width.trim(); var y=height.trim();
var stretchW=(x.substr(x.length-1,1)=='+'); if (stretchW) x=x.substr(0,x.length-1);
var stretchH=(y.substr(y.length-1,1)=='+'); if (stretchH) y=y.substr(0,y.length-1);
if (x.substr(0,2)=="{{")
{ try{x=eval(x.substr(2,x.length-4))} catch(e){displayMessage(e.description||e.toString())} }
if (y.substr(0,2)=="{{")
{ try{y=eval(y.substr(2,y.length-4))} catch(e){displayMessage(e.description||e.toString())} }
img.style.width=x.trim(); img.style.height=y.trim();
config.formatterHelpers.addStretchHandlers(img,stretchW,stretchH);
}
if(tooltip) img.title = tooltip;
if (config.macros.attach && config.macros.attach.isAttachment(src))
src=config.macros.attach.getAttachment(src); // see [[AttachFilePluginFormatters]]
else if (config.formatterHelpers.resolvePath) { // see [[ImagePathPlugin]]
if (config.browser.isIE || config.browser.isSafari) {
img.onerror=(function(){
this.src=config.formatterHelpers.resolvePath(this.src,false);
return false;
});
} else
src=config.formatterHelpers.resolvePath(src,true);
}
img.src=src;
w.nextMatch = this.lookaheadRegExp.lastIndex;
}
}
config.formatterHelpers.imageSize={
tip: '', dragtip: 'DRAG=étirer/réduire, '
}
config.formatterHelpers.addStretchHandlers=function(e,stretchW,stretchH) {
e.title=((stretchW||stretchH)?this.imageSize.dragtip:'')+this.imageSize.tip;
e.statusMsg='width=%0, height=%1';
e.style.cursor='move';
e.originalW=e.style.width;
e.originalH=e.style.height;
e.minW=Math.max(e.offsetWidth/20,10);
e.minH=Math.max(e.offsetHeight/20,10);
e.stretchW=stretchW;
e.stretchH=stretchH;
e.onmousedown=function(ev) { var ev=ev||window.event;
this.sizing=true;
this.startX=!config.browser.isIE?ev.pageX:(ev.clientX+findScrollX());
this.startY=!config.browser.isIE?ev.pageY:(ev.clientY+findScrollY());
this.startW=this.offsetWidth;
this.startH=this.offsetHeight;
return false;
};
e.onmousemove=function(ev) { var ev=ev||window.event;
if (this.sizing) {
var s=this.style;
var currX=!config.browser.isIE?ev.pageX:(ev.clientX+findScrollX());
var currY=!config.browser.isIE?ev.pageY:(ev.clientY+findScrollY());
var newW=(currX-this.offsetLeft)/(this.startX-this.offsetLeft)*this.startW;
var newH=(currY-this.offsetTop )/(this.startY-this.offsetTop )*this.startH;
if (this.stretchW) s.width =Math.floor(Math.max(newW,this.minW))+'px';
if (this.stretchH) s.height=Math.floor(Math.max(newH,this.minH))+'px';
clearMessage(); displayMessage(this.statusMsg.format([s.width,s.height]));
}
return false;
};
e.onmouseup=function(ev) { var ev=ev||window.event;
if (ev.shiftKey) { this.style.width=this.style.height=''; }
if (ev.ctrlKey) { this.style.width=this.originalW; this.style.height=this.originalH; }
this.sizing=false;
clearMessage();
return false;
};
e.onmouseout=function(ev) { var ev=ev||window.event;
this.sizing=false;
clearMessage();
return false;
};
}
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|!Code
*/
//{{{
version.extensions.InlineJavascriptPlugin= {major: 1, minor: 9, revision: 6, date: new Date(2010,12,15)};
config.formatters.push( {
name: "inlineJavascript",
match: "\\<script",
lookahead: "\\<script(?: type=\\\"[^\\\"]*\\\")?(?: src=\\\"([^\\\"]*)\\\")?(?: label=\\\"([^\\\"]*)\\\")?(?: title=\\\"([^\\\"]*)\\\")?(?: key=\\\"([^\\\"]*)\\\")?( show)?\\>((?:.|\\n)*?)\\</script\\>",
handler: function(w) {
var lookaheadRegExp = new RegExp(this.lookahead,"mg");
lookaheadRegExp.lastIndex = w.matchStart;
var lookaheadMatch = lookaheadRegExp.exec(w.source)
if(lookaheadMatch && lookaheadMatch.index == w.matchStart) {
var src=lookaheadMatch[1];
var label=lookaheadMatch[2];
var tip=lookaheadMatch[3];
var key=lookaheadMatch[4];
var show=lookaheadMatch[5];
var code=lookaheadMatch[6];
if (src) { // external script library
var script = document.createElement("script"); script.src = src;
document.body.appendChild(script); document.body.removeChild(script);
}
if (code) { // inline code
if (show) // display source in tiddler
wikify("{{{\n"+lookaheadMatch[0]+"\n}}}\n",w.output);
if (label) { // create 'onclick' command link
var link=createTiddlyElement(w.output,"a",null,"tiddlyLinkExisting",wikifyPlainText(label));
var fixup=code.replace(/document.write\s*\(/gi,'place.bufferedHTML+=(');
link.code="function _out(place,tiddler){"+fixup+"\n};_out(this,this.tiddler);"
link.tiddler=w.tiddler;
link.onclick=function(){
this.bufferedHTML="";
try{ var r=eval(this.code);
if(this.bufferedHTML.length || (typeof(r)==="string")&&r.length)
var s=this.parentNode.insertBefore(document.createElement("span"),this.nextSibling);
if(this.bufferedHTML.length)
s.innerHTML=this.bufferedHTML;
if((typeof(r)==="string")&&r.length) {
wikify(r,s,null,this.tiddler);
return false;
} else return r!==undefined?r:false;
} catch(e){alert(e.description||e.toString());return false;}
};
link.setAttribute("title",tip||"");
var URIcode='javascript:void(eval(decodeURIComponent(%22(function(){try{';
URIcode+=encodeURIComponent(encodeURIComponent(code.replace(/\n/g,' ')));
URIcode+='}catch(e){alert(e.description||e.toString())}})()%22)))';
link.setAttribute("href",URIcode);
link.style.cursor="pointer";
if (key) link.accessKey=key.substr(0,1); // single character only
}
else { // run script immediately
var fixup=code.replace(/document.write\s*\(/gi,'place.innerHTML+=(');
var c="function _out(place,tiddler){"+fixup+"\n};_out(w.output,w.tiddler);";
try { var out=eval(c); }
catch(e) { out=e.description?e.description:e.toString(); }
if (out && out.length) wikify(out,w.output,w.highlightRegExp,w.tiddler);
}
}
w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
}
}
} )
//}}}
// // Backward-compatibility for TW2.1.x and earlier
//{{{
if (typeof(wikifyPlainText)=="undefined") window.wikifyPlainText=function(text,limit,tiddler) {
if(limit > 0) text = text.substr(0,limit);
var wikifier = new Wikifier(text,formatter,null,tiddler);
return wikifier.wikifyPlain();
}
//}}}
// // GLOBAL FUNCTION: $(...) -- 'shorthand' convenience syntax for document.getElementById()
//{{{
if (typeof($)=='undefined') { function $(id) { return document.getElementById(id.replace(/^#/,'')); } }
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!Configuration
<<<
<<option chkFloatingSlidersAnimate>> allow floating sliders to animate when opening/closing
<<<
!Code
*/
//{{{
version.extensions.NestedSlidersPlugin= {major: 2, minor: 4, revision: 9, date: new Date(2008,11,15)};
// options for deferred rendering of sliders that are not initially displayed
if (config.options.chkFloatingSlidersAnimate===undefined)
config.options.chkFloatingSlidersAnimate=false; // avoid clipping problems in IE
// default styles for 'floating' class
setStylesheet(".floatingPanel { position:absolute; z-index:10; padding:0.5em; margin:0em; \
background-color:#fff; color:#014; border:1px solid #000; text-align:left; }","floatingPanelStylesheet");
// if removeCookie() function is not defined by TW core, define it here.
if (window.removeCookie===undefined) {
window.removeCookie=function(name) {
document.cookie = name+'=; expires=Thu, 01-Jan-1970 00:00:01 UTC; path=/;';
}
}
config.formatters.push( {
name: "nestedSliders",
match: "\\n?\\+{3}",
terminator: "\\s*\\={3}\\n?",
lookahead: "\\n?\\+{3}(\\+)?(\\([^\\)]*\\))?(\\!*)?(\\^(?:[^\\^\\*\\@\\[\\>]*\\^)?)?(\\*)?(\\@)?(?:\\{\\{([\\w]+[\\s\\w]*)\\{)?(\\[[^\\]]*\\])?(\\[[^\\]]*\\])?(?:\\}{3})?(\\#[^:]*\\:)?(\\>)?(\\.\\.\\.)?\\s*",
handler: function(w)
{
lookaheadRegExp = new RegExp(this.lookahead,"mg");
lookaheadRegExp.lastIndex = w.matchStart;
var lookaheadMatch = lookaheadRegExp.exec(w.source)
if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
{
var defopen=lookaheadMatch[1];
var cookiename=lookaheadMatch[2];
var header=lookaheadMatch[3];
var panelwidth=lookaheadMatch[4];
var transient=lookaheadMatch[5];
var hover=lookaheadMatch[6];
var buttonClass=lookaheadMatch[7];
var label=lookaheadMatch[8];
var openlabel=lookaheadMatch[9];
var panelID=lookaheadMatch[10];
var blockquote=lookaheadMatch[11];
var deferred=lookaheadMatch[12];
// location for rendering button and panel
var place=w.output;
// default to closed, no cookie, no accesskey, no alternate text/tip
var show="none"; var cookie=""; var key="";
var closedtext=">"; var closedtip="";
var openedtext="<"; var openedtip="";
// extra "+", default to open
if (defopen) show="block";
// cookie, use saved open/closed state
if (cookiename) {
cookie=cookiename.trim().slice(1,-1);
cookie="chkSlider"+cookie;
if (config.options[cookie]==undefined)
{ config.options[cookie] = (show=="block") }
show=config.options[cookie]?"block":"none";
}
// parse label/tooltip/accesskey: [label=X|tooltip]
if (label) {
var parts=label.trim().slice(1,-1).split("|");
closedtext=parts.shift();
if (closedtext.substr(closedtext.length-2,1)=="=")
{ key=closedtext.substr(closedtext.length-1,1); closedtext=closedtext.slice(0,-2); }
openedtext=closedtext;
if (parts.length) closedtip=openedtip=parts.join("|");
else { closedtip="afficher "+closedtext; openedtip="masquer "+closedtext; }
}
// parse alternate label/tooltip: [label|tooltip]
if (openlabel) {
var parts=openlabel.trim().slice(1,-1).split("|");
openedtext=parts.shift();
if (parts.length) openedtip=parts.join("|");
else openedtip="hide "+openedtext;
}
var title=show=='block'?openedtext:closedtext;
var tooltip=show=='block'?openedtip:closedtip;
// create the button
if (header) { // use "Hn" header format instead of button/link
var lvl=(header.length>5)?5:header.length;
var btn = createTiddlyElement(createTiddlyElement(place,"h"+lvl,null,null,null),"a",null,buttonClass,title);
btn.onclick=onClickNestedSlider;
btn.setAttribute("href","javascript:;");
btn.setAttribute("title",tooltip);
}
else
var btn = createTiddlyButton(place,title,tooltip,onClickNestedSlider,buttonClass);
btn.innerHTML=title; // enables use of HTML entities in label
// set extra button attributes
btn.setAttribute("closedtext",closedtext);
btn.setAttribute("closedtip",closedtip);
btn.setAttribute("openedtext",openedtext);
btn.setAttribute("openedtip",openedtip);
btn.sliderCookie = cookie; // save the cookiename (if any) in the button object
btn.defOpen=defopen!=null; // save default open/closed state (boolean)
btn.keyparam=key; // save the access key letter ("" if none)
if (key.length) {
btn.setAttribute("accessKey",key); // init access key
btn.onfocus=function(){this.setAttribute("accessKey",this.keyparam);}; // **reclaim** access key on focus
}
btn.setAttribute("hover",hover?"true":"false");
btn.onmouseover=function(ev) {
// optional 'open on hover' handling
if (this.getAttribute("hover")=="true" && this.sliderPanel.style.display=='none') {
document.onclick.call(document,ev); // close transients
onClickNestedSlider(ev); // open this slider
}
// mouseover on button aligns floater position with button
if (window.adjustSliderPos) window.adjustSliderPos(this.parentNode,this,this.sliderPanel);
}
// create slider panel
var panelClass=panelwidth?"floatingPanel":"sliderPanel";
if (panelID) panelID=panelID.slice(1,-1); // trim off delimiters
var panel=createTiddlyElement(place,"div",panelID,panelClass,null);
panel.button = btn; // so the slider panel know which button it belongs to
btn.sliderPanel=panel; // so the button knows which slider panel it belongs to
panel.defaultPanelWidth=(panelwidth && panelwidth.length>2)?panelwidth.slice(1,-1):"";
panel.setAttribute("transient",transient=="*"?"true":"false");
panel.style.display = show;
panel.style.width=panel.defaultPanelWidth;
panel.onmouseover=function(event) // mouseover on panel aligns floater position with button
{ if (window.adjustSliderPos) window.adjustSliderPos(this.parentNode,this.button,this); }
// render slider (or defer until shown)
w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
if ((show=="block")||!deferred) {
// render now if panel is supposed to be shown or NOT deferred rendering
w.subWikify(blockquote?createTiddlyElement(panel,"blockquote"):panel,this.terminator);
// align floater position with button
if (window.adjustSliderPos) window.adjustSliderPos(place,btn,panel);
}
else {
var src = w.source.substr(w.nextMatch);
var endpos=findMatchingDelimiter(src,"+++","===");
panel.setAttribute("raw",src.substr(0,endpos));
panel.setAttribute("blockquote",blockquote?"true":"false");
panel.setAttribute("rendered","false");
w.nextMatch += endpos+3;
if (w.source.substr(w.nextMatch,1)=="\n") w.nextMatch++;
}
}
}
}
)
function findMatchingDelimiter(src,starttext,endtext) {
var startpos = 0;
var endpos = src.indexOf(endtext);
// check for nested delimiters
while (src.substring(startpos,endpos-1).indexOf(starttext)!=-1) {
// count number of nested 'starts'
var startcount=0;
var temp = src.substring(startpos,endpos-1);
var pos=temp.indexOf(starttext);
while (pos!=-1) { startcount++; pos=temp.indexOf(starttext,pos+starttext.length); }
// set up to check for additional 'starts' after adjusting endpos
startpos=endpos+endtext.length;
// find endpos for corresponding number of matching 'ends'
while (startcount && endpos!=-1) {
endpos = src.indexOf(endtext,endpos+endtext.length);
startcount--;
}
}
return (endpos==-1)?src.length:endpos;
}
//}}}
//{{{
window.onClickNestedSlider=function(e)
{
if (!e) var e = window.event;
var theTarget = resolveTarget(e);
while (theTarget && theTarget.sliderPanel==undefined) theTarget=theTarget.parentNode;
if (!theTarget) return false;
var theSlider = theTarget.sliderPanel;
var isOpen = theSlider.style.display!="none";
// if SHIFT-CLICK, dock panel first (see [[MoveablePanelPlugin]])
if (e.shiftKey && config.macros.moveablePanel) config.macros.moveablePanel.dock(theSlider,e);
// toggle label
theTarget.innerHTML=isOpen?theTarget.getAttribute("closedText"):theTarget.getAttribute("openedText");
// toggle tooltip
theTarget.setAttribute("title",isOpen?theTarget.getAttribute("closedTip"):theTarget.getAttribute("openedTip"));
// deferred rendering (if needed)
if (theSlider.getAttribute("rendered")=="false") {
var place=theSlider;
if (theSlider.getAttribute("blockquote")=="true")
place=createTiddlyElement(place,"blockquote");
wikify(theSlider.getAttribute("raw"),place);
theSlider.setAttribute("rendered","true");
}
// show/hide the slider
if(config.options.chkAnimate && (!hasClass(theSlider,'floatingPanel') || config.options.chkFloatingSlidersAnimate))
anim.startAnimating(new Slider(theSlider,!isOpen,e.shiftKey || e.altKey,"none"));
else
theSlider.style.display = isOpen ? "none" : "block";
// reset to default width (might have been changed via plugin code)
theSlider.style.width=theSlider.defaultPanelWidth;
// align floater panel position with target button
if (!isOpen && window.adjustSliderPos) window.adjustSliderPos(theSlider.parentNode,theTarget,theSlider);
// if showing panel, set focus to first 'focus-able' element in panel
if (theSlider.style.display!="none") {
var ctrls=theSlider.getElementsByTagName("*");
for (var c=0; c<ctrls.length; c++) {
var t=ctrls[c].tagName.toLowerCase();
if ((t=="input" && ctrls[c].type!="hidden") || t=="textarea" || t=="select")
{ try{ ctrls[c].focus(); } catch(err){;} break; }
}
}
var cookie=theTarget.sliderCookie;
if (cookie && cookie.length) {
config.options[cookie]=!isOpen;
if (config.options[cookie]!=theTarget.defOpen) window.saveOptionCookie(cookie);
else window.removeCookie(cookie); // remove cookie if slider is in default display state
}
// prevent SHIFT-CLICK from being processed by browser (opens blank window... yuck!)
// prevent clicks *within* a slider button from being processed by browser
// but allow plain click to bubble up to page background (to close transients, if any)
if (e.shiftKey || theTarget!=resolveTarget(e))
{ e.cancelBubble=true; if (e.stopPropagation) e.stopPropagation(); }
Popup.remove(); // close open popup (if any)
return false;
}
//}}}
//{{{
// click in document background closes transient panels
document.nestedSliders_savedOnClick=document.onclick;
document.onclick=function(ev) { if (!ev) var ev=window.event; var target=resolveTarget(ev);
if (document.nestedSliders_savedOnClick)
var retval=document.nestedSliders_savedOnClick.apply(this,arguments);
// if click was inside a popup... leave transient panels alone
var p=target; while (p) if (hasClass(p,"popup")) break; else p=p.parentNode;
if (p) return retval;
// if click was inside transient panel (or something contained by a transient panel), leave it alone
var p=target; while (p) {
if ((hasClass(p,"floatingPanel")||hasClass(p,"sliderPanel"))&&p.getAttribute("transient")=="true") break;
p=p.parentNode;
}
if (p) return retval;
// otherwise, find and close all transient panels...
var all=document.all?document.all:document.getElementsByTagName("DIV");
for (var i=0; i<all.length; i++) {
// if it is not a transient panel, or the click was on the button that opened this panel, don't close it.
if (all[i].getAttribute("transient")!="true" || all[i].button==target) continue;
// otherwise, if the panel is currently visible, close it by clicking it's button
if (all[i].style.display!="none") window.onClickNestedSlider({target:all[i].button})
if (!hasClass(all[i],"floatingPanel")&&!hasClass(all[i],"sliderPanel")) all[i].style.display="none";
}
return retval;
};
//}}}
//{{{
// adjust floating panel position based on button position
if (window.adjustSliderPos==undefined) window.adjustSliderPos=function(place,btn,panel) {
if (hasClass(panel,"floatingPanel") && !hasClass(panel,"undocked")) {
// see [[MoveablePanelPlugin]] for use of 'undocked'
var rightEdge=document.body.offsetWidth-1;
var panelWidth=panel.offsetWidth;
var left=0;
var top=btn.offsetHeight;
if (place.style.position=="relative" && findPosX(btn)+panelWidth>rightEdge) {
left-=findPosX(btn)+panelWidth-rightEdge; // shift panel relative to button
if (findPosX(btn)+left<0) left=-findPosX(btn); // stay within left edge
}
if (place.style.position!="relative") {
var left=findPosX(btn);
var top=findPosY(btn)+btn.offsetHeight;
var p=place; while (p && !hasClass(p,'floatingPanel')) p=p.parentNode;
if (p) { left-=findPosX(p); top-=findPosY(p); }
if (left+panelWidth>rightEdge) left=rightEdge-panelWidth;
if (left<0) left=0;
}
panel.style.left=left+"px"; panel.style.top=top+"px";
}
}
//}}}
//{{{
// TW2.1 and earlier:
// hijack Slider stop handler so overflow is visible after animation has completed
Slider.prototype.coreStop = Slider.prototype.stop;
Slider.prototype.stop = function()
{ this.coreStop.apply(this,arguments); this.element.style.overflow = "visible"; }
// TW2.2+
// hijack Morpher stop handler so sliderPanel/floatingPanel overflow is visible after animation has completed
if (version.major+.1*version.minor+.01*version.revision>=2.2) {
Morpher.prototype.coreStop = Morpher.prototype.stop;
Morpher.prototype.stop = function() {
this.coreStop.apply(this,arguments);
var e=this.element;
if (hasClass(e,"sliderPanel")||hasClass(e,"floatingPanel")) {
// adjust panel overflow and position after animation
e.style.overflow = "visible";
if (window.adjustSliderPos) window.adjustSliderPos(e.parentNode,e.button,e);
}
};
}
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
*/
//{{{
version.extensions.QuoteOfTheDayPlugin= {major: 1, minor: 4, revision: 1, date: new Date(2008,3,21)};
config.macros.QOTD = {
clickTooltip: "click to view another item",
timerTooltip: "auto-timer stopped... 'mouseout' to restart timer",
timerClickTooltip: "auto-timer stopped... click to view another item, or 'mouseout' to restart timer",
handler:
function(place,macroName,params) {
var tid=params.shift(); // source tiddler containing HR-separated quotes
var p=params.shift();
var click=true; // allow click for next item
var inline=false; // wrap in slider for animation effect
var random=true; // pick an item at random (default for "quote of the day" usage)
var folder=false; // use local filesystem folder list
var cookie=""; // default to no cookie
var next=0; // default to first item (or random item)
while (p) {
if (p.toLowerCase()=="noclick") var click=false;
if (p.toLowerCase()=="inline") var inline=true;
if (p.toLowerCase()=="norandom") var random=false;
if (p.toLowerCase().substr(0,7)=="cookie:") var cookie=p.substr(8);
if (!isNaN(p)) var delay=p;
p=params.shift();
}
if ((click||delay) && !inline) {
var panel = createTiddlyElement(null,"div",null,"sliderPanel");
panel.style.display="none";
place.appendChild(panel);
var here=createTiddlyElement(panel,click?"a":"span",null,"QOTD");
}
else
var here=createTiddlyElement(place,click?"a":"span",null,"QOTD");
here.id=(new Date()).convertToYYYYMMDDHHMMSSMMM()+Math.random().toString(); // unique ID
// get items from tiddler or file list
var list=store.getTiddlerText(tid,"");
if (!list||!list.length) { // not a tiddler... maybe an image directory?
var list=this.getImageFileList(tid);
if (!list.length) { // maybe relative path... fixup and try again
var h=document.location.href;
var p=getLocalPath(decodeURIComponent(h.substr(0,h.lastIndexOf("/")+1)));
var list=this.getImageFileList(p+tid);
}
}
if (!list||!list.length) return false; // no contents... nothing to display!
here.setAttribute("list",list);
if (delay) here.setAttribute("delay",delay);
here.setAttribute("random",random);
here.setAttribute("cookie",cookie);
if (click) {
here.title=this.clickTooltip
if (!inline) here.style.display="block";
here.setAttribute("href","javascript:;");
here.onclick=function(event)
{ config.macros.QOTD.showNextItem(this); }
}
if (config.options["txtQOTD_"+cookie]!=undefined) next=parseInt(config.options["txtQOTD_"+cookie]);
here.setAttribute("nextItem",next);
config.macros.QOTD.showNextItem(here);
if (delay) {
here.title=click?this.timerClickTooltip:this.timerTooltip
here.onmouseover=function(event)
{ clearTimeout(this.ticker); };
here.onmouseout=function(event)
{ this.ticker=setTimeout("config.macros.QOTD.tick('"+this.id+"')",this.getAttribute("delay")); };
here.ticker=setTimeout("config.macros.QOTD.tick('"+here.id+"')",delay);
}
},
tick: function(id) {
var here=document.getElementById(id); if (!here) return;
config.macros.QOTD.showNextItem(here);
here.ticker=setTimeout("config.macros.QOTD.tick('"+id+"')",here.getAttribute("delay"));
},
showNextItem:
function (here) {
// hide containing slider panel (if any)
var p=here.parentNode;
if (p.className=="sliderPanel") p.style.display = "none"
// get a new quote
var index=here.getAttribute("nextItem");
var items=here.getAttribute("list").split("\n----\n");
if (index<0||index>=items.length) index=0;
if (here.getAttribute("random")=="true") index=Math.floor(Math.random()*items.length);
var txt=items[index];
// re-render quote display element, and advance index counter
removeChildren(here); wikify(txt,here);
index++; here.setAttribute("nextItem",index);
var cookie=here.getAttribute("cookie");
if (cookie.length) {
config.options["txtQOTD_"+cookie]=index.toString();
saveOptionCookie("txtQOTD_"+cookie);
}
// redisplay slider panel (if any)
if (p.className=="sliderPanel") {
if(anim && config.options.chkAnimate)
anim.startAnimating(new Slider(p,true,false,"none"));
else p.style.display="block";
}
},
getImageFileList: function(cwd) { // returns HR-separated list of image files
function isImage(fn) {
var ext=fn.substr(fn.length-3,3).toLowerCase();
return ext=="jpg"||ext=="gif"||ext=="png";
}
var files=[];
if (config.browser.isIE) {
cwd=cwd.replace(/\//g,"\\");
// IE uses ActiveX to read filesystem info
var fso = new ActiveXObject("Scripting.FileSystemObject");
if(!fso.FolderExists(cwd)) return [];
var dir=fso.GetFolder(cwd);
for(var f=new Enumerator(dir.Files); !f.atEnd(); f.moveNext())
if (isImage(f.item().path)) files.push("[img[%0]]".format(["file:///"+f.item().path.replace(/\\/g,"/")]));
} else {
// FireFox (mozilla) uses "components" to read filesystem info
// get security access
if(!window.Components) return;
try { netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); }
catch(e) { alert(e.description?e.description:e.toString()); return []; }
// open/validate directory
var file=Components.classes["@mozilla.org/file/local;1"].createInstance(Components.interfaces.nsILocalFile);
try { file.initWithPath(cwd); } catch(e) { return []; }
if (!file.exists() || !file.isDirectory()) { return []; }
var folder=file.directoryEntries;
while (folder.hasMoreElements()) {
var f=folder.getNext().QueryInterface(Components.interfaces.nsILocalFile);
if (f instanceof Components.interfaces.nsILocalFile)
if (isImage(f.path)) files.push("[img[%0]]".format(["file:///"+f.path.replace(/\\/g,"/")]));
}
}
return files.join("\n----\n");
}
}
//}}}
/% |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
!end
!show
<<tiddler {{
var here=story.findContainingTiddler(place); if (here) {
var nodes=here.getElementsByTagName("*");
for (var i=0; i<nodes.length; i++) if (hasClass(nodes[i],"title"))
{ removeChildren(nodes[i]); wikify("$1",nodes[i]); break; }
}
'';}}>>
!end
%/<<tiddler {{'.ReplaceTiddlerTitle##'+('$1'=='$'+'1'?'info':'show')}} with: [[$1]]>>
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements|
*/
//{{{
version.extensions.SinglePageModePlugin= {major: 2, minor: 9, revision: 7, date: new Date(2010,11,30)};
//}}}
//{{{
config.paramifiers.SPM = { onstart: function(v) {
config.options.chkSinglePageMode=eval(v);
if (config.options.chkSinglePageMode && config.options.chkSinglePagePermalink && !config.browser.isSafari) {
config.lastURL = window.location.hash;
if (!config.SPMTimer) config.SPMTimer=window.setInterval(function() {checkLastURL();},1000);
}
} };
//}}}
//{{{
if (config.options.chkSinglePageMode==undefined)
config.options.chkSinglePageMode=false;
if (config.options.chkSinglePagePermalink==undefined)
config.options.chkSinglePagePermalink=true;
if (config.options.chkSinglePageKeepFoldedTiddlers==undefined)
config.options.chkSinglePageKeepFoldedTiddlers=false;
if (config.options.chkSinglePageKeepEditedTiddlers==undefined)
config.options.chkSinglePageKeepEditedTiddlers=false;
if (config.options.chkTopOfPageMode==undefined)
config.options.chkTopOfPageMode=false;
if (config.options.chkBottomOfPageMode==undefined)
config.options.chkBottomOfPageMode=false;
if (config.options.chkSinglePageAutoScroll==undefined)
config.options.chkSinglePageAutoScroll=false;
//}}}
//{{{
config.SPMTimer = 0;
config.lastURL = window.location.hash;
function checkLastURL()
{
if (!config.options.chkSinglePageMode)
{ window.clearInterval(config.SPMTimer); config.SPMTimer=0; return; }
if (config.lastURL == window.location.hash) return; // no change in hash
var tids=decodeURIComponent(window.location.hash.substr(1)).readBracketedList();
if (tids.length==1) // permalink (single tiddler in URL)
story.displayTiddler(null,tids[0]);
else { // restore permaview or default view
config.lastURL = window.location.hash;
if (!tids.length) tids=store.getTiddlerText("DefaultTiddlers").readBracketedList();
story.closeAllTiddlers();
story.displayTiddlers(null,tids);
}
}
if (Story.prototype.SPM_coreDisplayTiddler==undefined)
Story.prototype.SPM_coreDisplayTiddler=Story.prototype.displayTiddler;
Story.prototype.displayTiddler = function(srcElement,tiddler,template,animate,slowly)
{
var title=(tiddler instanceof Tiddler)?tiddler.title:tiddler;
var tiddlerElem=story.getTiddler(title); // ==null unless tiddler is already displayed
var opt=config.options;
var single=opt.chkSinglePageMode && !startingUp;
var top=opt.chkTopOfPageMode && !startingUp;
var bottom=opt.chkBottomOfPageMode && !startingUp;
if (single) {
story.forEachTiddler(function(tid,elem) {
// skip current tiddler and, optionally, tiddlers that are folded.
if ( tid==title
|| (opt.chkSinglePageKeepFoldedTiddlers && elem.getAttribute("folded")=="true"))
return;
// if a tiddler is being edited, ask before closing
if (elem.getAttribute("dirty")=="true") {
if (opt.chkSinglePageKeepEditedTiddlers) return;
// if tiddler to be displayed is already shown, then leave active tiddler editor as is
// (occurs when switching between view and edit modes)
if (tiddlerElem) return;
// otherwise, ask for permission
var msg="'"+tid+"' is currently being edited.\n\n";
msg+="Press OK to save and close this tiddler\nor press Cancel to leave it opened";
if (!confirm(msg)) return; else story.saveTiddler(tid);
}
story.closeTiddler(tid);
});
}
else if (top)
arguments[0]=null;
else if (bottom)
arguments[0]="bottom";
if (single && opt.chkSinglePagePermalink && !config.browser.isSafari) {
window.location.hash = encodeURIComponent(String.encodeTiddlyLink(title));
config.lastURL = window.location.hash;
document.title = wikifyPlain("SiteTitle") + " - " + title;
if (!config.SPMTimer) config.SPMTimer=window.setInterval(function() {checkLastURL();},1000);
}
if (tiddlerElem && tiddlerElem.getAttribute("dirty")=="true") { // editing... move tiddler without re-rendering
var isTopTiddler=(tiddlerElem.previousSibling==null);
if (!isTopTiddler && (single || top))
tiddlerElem.parentNode.insertBefore(tiddlerElem,tiddlerElem.parentNode.firstChild);
else if (bottom)
tiddlerElem.parentNode.insertBefore(tiddlerElem,null);
else this.SPM_coreDisplayTiddler.apply(this,arguments); // let CORE render tiddler
} else
this.SPM_coreDisplayTiddler.apply(this,arguments); // let CORE render tiddler
var tiddlerElem=story.getTiddler(title);
if (tiddlerElem&&opt.chkSinglePageAutoScroll) {
// scroll to top of page or top of tiddler
var isTopTiddler=(tiddlerElem.previousSibling==null);
var yPos=isTopTiddler?0:ensureVisible(tiddlerElem);
// if animating, defer scroll until after animation completes
var delay=opt.chkAnimate?config.animDuration+10:0;
setTimeout("window.scrollTo(0,"+yPos+")",delay);
}
}
if (Story.prototype.SPM_coreDisplayTiddlers==undefined)
Story.prototype.SPM_coreDisplayTiddlers=Story.prototype.displayTiddlers;
Story.prototype.displayTiddlers = function() {
// suspend single/top/bottom modes when showing multiple tiddlers
var opt=config.options;
var saveSPM=opt.chkSinglePageMode; opt.chkSinglePageMode=false;
var saveTPM=opt.chkTopOfPageMode; opt.chkTopOfPageMode=false;
var saveBPM=opt.chkBottomOfPageMode; opt.chkBottomOfPageMode=false;
this.SPM_coreDisplayTiddlers.apply(this,arguments);
opt.chkBottomOfPageMode=saveBPM;
opt.chkTopOfPageMode=saveTPM;
opt.chkSinglePageMode=saveSPM;
}
//}}}
/* |Author|Eric Shulman|License|http://www.TiddlyTools.com/#LegalStatements| */
//{{{
version.extensions.WikifyPlugin= {major: 1, minor: 1, revision: 4, date: new Date(2009,3,29)};
config.macros.wikify={
handler: function(place,macroName,params,wikifier,paramString,tiddler) {
var fmt=params.shift();
var values=[];
var out="";
if (!fmt.match(/\%[0-9]/g) && params.length) // format has no markers, just join all params with spaces
out=fmt+" "+params.join(" ");
else { // format param has markers, get values and perform substitution
while (p=params.shift()) values.push(this.getFieldReference(place,p));
out=fmt.format(values);
}
if (macroName=="wikiCalc") out=eval(out).toString();
wikify(out.unescapeLineBreaks(),place,null,tiddler);
},
getFieldReference: function(place,p) { // "slicename::tiddlername" or "fieldname@tiddlername" or "fieldname"
if (typeof p != "string") return p; // literal non-string value... just return it...
var parts=p.split(config.textPrimitives.sliceSeparator);
if (parts.length==2) {// maybe a slice reference?
var tid=parts[0]; var slice=parts[1];
if (!tid || !tid.length || tid=="here") { // no target (or "here"), use containing tiddler
tid=story.findContainingTiddler(place);
if (tid) tid=tid.getAttribute("tiddler")
else tid="SiteSlices"; // fallback for 'non-tiddler' areas (e.g, header, sidebar, etc.)
}
var val=store.getTiddlerSlice(tid,slice); // get tiddler slice value
}
if (val==undefined) {// not a slice, or slice not found, maybe a field reference?
var parts=p.split("@");
var field=parts[0];
if (!field || !field.length) field="checked"; // missing fieldname, fallback: checked@tiddlername
var tid=parts[1];
if (!tid || !tid.length || tid=="here") { // no target (or "here"), use containing tiddler
tid=story.findContainingTiddler(place);
if (tid) tid=tid.getAttribute("tiddler")
else tid="SiteFields"; // fallback for 'non-tiddler' areas (e.g, header, sidebar, etc.)
}
var val=store.getValue(tid,field);
}
// not a slice or field, or slice/field not found... return value unchanged
return val===undefined?p:val;
}
}
//}}}
//{{{
// define alternative macroName for triggering pre-rendering call to eval()
config.macros.wikiCalc=config.macros.wikify;
//}}}
<!--{{{-->
<span class='yourSearchNumber' macro='foundTiddler number'></span>
<span class='yourSearchTitle' macro='foundTiddler title text 100'/></span> —
<span class='yourSearchTags' macro='foundTiddler field tags 0'/></span>
<!--}}}-->
/* |YourSearchPlugin v2.1.6 (2012-04-19)|http://tiddlywiki.abego-software.de/#YourSearchPlugin|https://github.com/abego/YourSearchPlugin|
|Author|UdoBorkowski (ub [at] abego-software [dot] de)|[[BSD open source license|http://www.abego-software.de/legal/apl-v10.html]]| */
///%
if(!version.extensions.YourSearchPlugin){version.extensions.YourSearchPlugin={major:2,minor:1,revision:6,source:"http://tiddlywiki.abego-software.de/#YourSearchPlugin",licence:"[[BSD open source license (abego Software)|http://www.abego-software.de/legal/apl-v10.html]]",copyright:"Copyright (c) abego Software GmbH, 2005-2012 (www.abego-software.de)"};if(!window.abego){window.abego={}}if(!Array.forEach){Array.forEach=function(c,e,d){for(var b=0,a=c.length;b<a;b++){e.call(d,c[b],b,c)}};Array.prototype.forEach=function(d,c){for(var b=0,a=this.length;b<a;b++){d.call(c,this[b],b,this)}}}abego.toInt=function(b,a){if(!b){return a}var c=parseInt(b);return(c==NaN)?a:c};abego.createEllipsis=function(a){var b=createTiddlyElement(a,"span");b.innerHTML="…"};abego.shallowCopy=function(b){if(!b){return b}var a={};for(var c in b){a[c]=b[c]}return a};abego.copyOptions=function(a){return !a?{}:abego.shallowCopy(a)};abego.countStrings=function(d,c){if(!c){return 0}var a=c.length;var f=0;var e=0;while(true){var b=d.indexOf(c,e);if(b<0){return f}f++;e=b+a}return f};abego.getBracedText=function(j,e,a){if(!e){e=0}var k=/\{([^\}]*)\}/gm;k.lastIndex=e;var d=k.exec(j);if(d){var l=d[1];var b=abego.countStrings(l,"{");if(!b){if(a){a.lastIndex=k.lastIndex}return l}var g=j.length;for(var f=k.lastIndex;f<g&&b;f++){var h=j.charAt(f);if(h=="{"){b++}else{if(h=="}"){b--}}}if(!b){if(a){a.lastIndex=f-1}return j.substring(d.index+1,f-1)}}};abego.select=function(d,c,b,a){if(!a){a=[]}d.forEach(function(e){if(c.call(b,e)){a.push(e)}});return a};abego.consumeEvent=function(a){if(a.stopPropagation){a.stopPropagation()}if(a.preventDefault){a.preventDefault()}a.cancelBubble=true;a.returnValue=true};abego.TiddlerFilterTerm=function(d,b){if(!b){b={}}var c=d;if(!b.textIsRegExp){c=d.escapeRegExp();if(b.fullWordMatch){c="\\b"+c+"\\b"}}var a=new RegExp(c,"m"+(b.caseSensitive?"":"i"));this.tester=new abego.MultiFieldRegExpTester(a,b.fields,b.withExtendedFields)};abego.TiddlerFilterTerm.prototype.test=function(a){return this.tester.test(a)};abego.parseNewTiddlerCommandLine=function(c){var a=/(.*?)\.(?:\s+|$)([^#]*)(#.*)?/.exec(c);if(!a){a=/([^#]*)()(#.*)?/.exec(c)}if(a){var d;if(a[3]){var b=a[3].replace(/#/g,"");d=b.parseParams("tag")}else{d=[[]]}var e=a[2]?a[2].trim():"";d.push({name:"text",value:e});d[0].text=[e];return{title:a[1].trim(),params:d}}else{return{title:c.trim(),params:[[]]}}};abego.parseTiddlerFilterTerm=function(queryText,offset,options){var re=/\s*(?:(?:\{([^\}]*)\})|(?:(=)|([#%!])|(?:(\w+)\s*\:(?!\/\/))|(?:(?:("(?:(?:\\")|[^"])+")|(?:\/((?:(?:\\\/)|[^\/])+)\/)|(\w+\:\/\/[^\s]+)|([^\s\)\-\"]+)))))/mg;var shortCuts={"!":"title","%":"text","#":"tags"};var fieldNames={};var fullWordMatch=false;re.lastIndex=offset;while(true){var i=re.lastIndex;var m=re.exec(queryText);if(!m||m.index!=i){throw"Word or String literal expected"}if(m[1]){var lastIndexRef={};var code=abego.getBracedText(queryText,0,lastIndexRef);if(!code){throw"Invalid {...} syntax"}var f=Function("tiddler","return ("+code+");");return{func:f,lastIndex:lastIndexRef.lastIndex,markRE:null}}if(m[2]){fullWordMatch=true}else{if(m[3]){fieldNames[shortCuts[m[3]]]=1}else{if(m[4]){fieldNames[m[4]]=1}else{var textIsRegExp=m[6];var text=m[5]?window.eval(m[5]):m[6]?m[6]:m[7]?m[7]:m[8];options=abego.copyOptions(options);options.fullWordMatch=fullWordMatch;options.textIsRegExp=textIsRegExp;var fields=[];for(var n in fieldNames){fields.push(n)}if(fields.length==0){options.fields=options.defaultFields}else{options.fields=fields;options.withExtendedFields=false}var term=new abego.TiddlerFilterTerm(text,options);var markREText=textIsRegExp?text:text.escapeRegExp();if(markREText&&fullWordMatch){markREText="\\b"+markREText+"\\b"}return{func:function(tiddler){return term.test(tiddler)},lastIndex:re.lastIndex,markRE:markREText?"(?:"+markREText+")":null}}}}}};abego.BoolExp=function(i,c,j){this.s=i;var h=j&&j.defaultOperationIs_OR;var e=/\s*\)/g;var f=/\s*(?:(and|\&\&)|(or|\|\|))/gi;var b=/\s*(\-|not)?(\s*\()?/gi;var a;var d=function(p){b.lastIndex=p;var l=b.exec(i);var o=false;var k=null;if(l&&l.index==p){p+=l[0].length;o=l[1];if(l[2]){var n=a(p);e.lastIndex=n.lastIndex;if(!e.exec(i)){throw"Missing ')'"}k={func:n.func,lastIndex:e.lastIndex,markRE:n.markRE}}}if(!k){k=c(i,p,j)}if(o){k.func=(function(m){return function(q){return !m(q)}})(k.func);k.markRE=null}return k};a=function(s){var n=d(s);while(true){var p=n.lastIndex;f.lastIndex=p;var k=f.exec(i);var o;var q;if(k&&k.index==p){o=!k[1];q=d(f.lastIndex)}else{try{q=d(p)}catch(r){return n}o=h}n.func=(function(t,m,l){return l?function(u){return t(u)||m(u)}:function(u){return t(u)&&m(u)}})(n.func,q.func,o);n.lastIndex=q.lastIndex;if(!n.markRE){n.markRE=q.markRE}else{if(q.markRE){n.markRE=n.markRE+"|"+q.markRE}}}};var g=a(0);this.evalFunc=g.func;if(g.markRE){this.markRegExp=new RegExp(g.markRE,j.caseSensitive?"mg":"img")}};abego.BoolExp.prototype.exec=function(){return this.evalFunc.apply(this,arguments)};abego.BoolExp.prototype.getMarkRegExp=function(){return this.markRegExp};abego.BoolExp.prototype.toString=function(){return this.s};abego.MultiFieldRegExpTester=function(b,a,c){this.re=b;this.fields=a?a:["title","text","tags"];this.withExtendedFields=c};abego.MultiFieldRegExpTester.prototype.test=function(b){var d=this.re;for(var a=0;a<this.fields.length;a++){var c=store.getValue(b,this.fields[a]);if(typeof c=="string"&&d.test(c)){return this.fields[a]}}if(this.withExtendedFields){return store.forEachField(b,function(e,g,f){return typeof f=="string"&&d.test(f)?g:null},true)}return null};abego.TiddlerQuery=function(b,a,d,c,e){if(d){this.regExp=new RegExp(b,a?"mg":"img");this.tester=new abego.MultiFieldRegExpTester(this.regExp,c,e)}else{this.expr=new abego.BoolExp(b,abego.parseTiddlerFilterTerm,{defaultFields:c,caseSensitive:a,withExtendedFields:e})}this.getQueryText=function(){return b};this.getUseRegExp=function(){return d};this.getCaseSensitive=function(){return a};this.getDefaultFields=function(){return c};this.getWithExtendedFields=function(){return e}};abego.TiddlerQuery.prototype.test=function(a){if(!a){return false}if(this.regExp){return this.tester.test(a)}return this.expr.exec(a)};abego.TiddlerQuery.prototype.filter=function(a){return abego.select(a,this.test,this)};abego.TiddlerQuery.prototype.getMarkRegExp=function(){if(this.regExp){return"".search(this.regExp)>=0?null:this.regExp}return this.expr.getMarkRegExp()};abego.TiddlerQuery.prototype.toString=function(){return(this.regExp?this.regExp:this.expr).toString()};abego.PageWiseRenderer=function(){this.firstIndexOnPage=0};merge(abego.PageWiseRenderer.prototype,{setItems:function(a){this.items=a;this.setFirstIndexOnPage(0)},getMaxPagesInNavigation:function(){return 10},getItemsCount:function(a){return this.items?this.items.length:0},getCurrentPageIndex:function(){return Math.floor(this.firstIndexOnPage/this.getItemsPerPage())},getLastPageIndex:function(){return Math.floor((this.getItemsCount()-1)/this.getItemsPerPage())},setFirstIndexOnPage:function(a){this.firstIndexOnPage=Math.min(Math.max(0,a),this.getItemsCount()-1)},getFirstIndexOnPage:function(){this.firstIndexOnPage=Math.floor(this.firstIndexOnPage/this.getItemsPerPage())*this.getItemsPerPage();return this.firstIndexOnPage},getLastIndexOnPage:function(){return Math.min(this.getFirstIndexOnPage()+this.getItemsPerPage()-1,this.getItemsCount()-1)},onPageChanged:function(a,b){},renderPage:function(a){if(a.beginRendering){a.beginRendering(this)}try{if(this.getItemsCount()){var d=this.getLastIndexOnPage();var c=-1;for(var b=this.getFirstIndexOnPage();b<=d;b++){c++;a.render(this,this.items[b],b,c)}}}finally{if(a.endRendering){a.endRendering(this)}}},addPageNavigation:function(c){if(!this.getItemsCount()){return}var k=this;var g=function(n){if(!n){n=window.event}abego.consumeEvent(n);var i=abego.toInt(this.getAttribute("page"),0);var m=k.getCurrentPageIndex();if(i==m){return}var l=i*k.getItemsPerPage();k.setFirstIndexOnPage(l);k.onPageChanged(i,m)};var e;var h=this.getCurrentPageIndex();var f=this.getLastPageIndex();if(h>0){e=createTiddlyButton(c,"Précédent","Page précédente (Raccourci: Alt-'<')",g,"prev");e.setAttribute("page",(h-1).toString());e.setAttribute("accessKey","<")}for(var d=-this.getMaxPagesInNavigation();d<this.getMaxPagesInNavigation();d++){var b=h+d;if(b<0){continue}if(b>f){break}var a=(d+h+1).toString();var j=b==h?"currentPage":"otherPage";e=createTiddlyButton(c,a,"Aller page %0".format([a]),g,j);e.setAttribute("page",(b).toString())}if(h<f){e=createTiddlyButton(c,"Suivant","Page suivante (Raccourci: Alt-'>')",g,"next");e.setAttribute("page",(h+1).toString());e.setAttribute("accessKey",">")}}});abego.LimitedTextRenderer=function(){var l=40;var c=4;var k=function(p,z,v){var q=p.length;if(q==0){p.push({start:z,end:v});return}var u=0;for(;u<q;u++){var w=p[u];if(w.start<=v&&z<=w.end){var o;var s=u+1;for(;s<q;s++){o=p[s];if(o.start>v||z>w.end){break}}var x=z;var y=v;for(var t=u;t<s;t++){o=p[t];x=Math.min(x,o.start);y=Math.max(y,o.end)}p.splice(u,s-u,{start:x,end:y});return}if(w.start>v){break}}p.splice(u,0,{start:z,end:v})};var d=function(n){var q=0;for(var p=0;p<n.length;p++){var o=n[p];q+=o.end-o.start}return q};var b=function(n){return(n>="a"&&n<="z")||(n>="A"&&n<="Z")||n=="_"};var f=function(p,r){if(!b(p[r])){return null}for(var o=r-1;o>=0&&b(p[o]);o--){}var q=o+1;var t=p.length;for(o=r+1;o<t&&b(p[o]);o++){}return{start:q,end:o}};var a=function(o,q,p){var n;if(p){n=f(o,q)}else{if(q<=0){return q}n=f(o,q-1)}if(!n){return q}if(p){if(n.start>=q-c){return n.start}if(n.end<=q+c){return n.end}}else{if(n.end<=q+c){return n.end}if(n.start>=q-c){return n.start}}return q};var j=function(r,q){var n=[];if(q){var u=0;do{q.lastIndex=u;var o=q.exec(r);if(o){if(u<o.index){var p=r.substring(u,o.index);n.push({text:p})}n.push({text:o[0],isMatch:true});u=o.index+o[0].length}else{n.push({text:r.substr(u)});break}}while(true)}else{n.push({text:r})}return n};var i=function(p){var n=0;for(var o=0;o<p.length;o++){if(p[o].isMatch){n++}}return n};var h=function(v,u,q,t,o){var w=Math.max(Math.floor(o/(t+1)),l);var n=Math.max(w-(q-u),0);var r=Math.min(Math.floor(q+n/3),v.length);var p=Math.max(r-w,0);p=a(v,p,true);r=a(v,r,false);return{start:p,end:r}};var m=function(r,y,o){var n=[];var v=i(r);var u=0;for(var p=0;p<r.length;p++){var x=r[p];var w=x.text;if(x.isMatch){var q=h(y,u,u+w.length,v,o);k(n,q.start,q.end)}u+=w.length}return n};var g=function(t,p,o){var n=o-d(p);while(n>0){if(p.length==0){k(p,0,a(t,o,false));return}else{var q=p[0];var v;var r;if(q.start==0){v=q.end;if(p.length>1){r=p[1].start}else{k(p,v,a(t,v+n,false));return}}else{v=0;r=q.start}var u=Math.min(r,v+n);k(p,v,u);n-=(u-v)}}};var e=function(p,x,w,n,o){if(n.length==0){return}var u=function(z,I,D,F,C){var H;var G;var E=0;var B=0;var A=0;for(;B<D.length;B++){H=D[B];G=H.text;if(F<E+G.length){A=F-E;break}E+=G.length}var y=C-F;for(;B<D.length&&y>0;B++){H=D[B];G=H.text.substr(A);A=0;if(G.length>y){G=G.substr(0,y)}if(H.isMatch){createTiddlyElement(z,"span",null,"marked",G)}else{createTiddlyText(z,G)}y-=G.length}if(C<I.length){abego.createEllipsis(z)}};if(n[0].start>0){abego.createEllipsis(p)}var q=o;for(var r=0;r<n.length&&q>0;r++){var t=n[r];var v=Math.min(t.end-t.start,q);u(p,x,w,t.start,t.start+v);q-=v}};this.render=function(p,q,o,t){if(q.length<o){o=q.length}var r=j(q,t);var n=m(r,q,o);g(q,n,o);e(p,q,r,n,o)}};(function(){function alertAndThrow(msg){alert(msg);throw msg}if(version.major<2||(version.major==2&&version.minor<1)){alertAndThrow("YourSearchPlugin requires TiddlyWiki 2.1 or newer.\n\nCheck the archive for YourSearch plugins\nsupporting older versions of TiddlyWiki.\n\nArchive: http://tiddlywiki.abego-software.de/archive")}abego.YourSearch={};var lastResults=undefined;var lastQuery=undefined;var setLastResults=function(array){lastResults=array};var getLastResults=function(){return lastResults?lastResults:[]};var getLastResultsCount=function(){return lastResults?lastResults.length:0};var matchInTitleWeight=4;var precisionInTitleWeight=10;var matchInTagsWeight=2;var getMatchCount=function(s,re){var m=s.match(re);return m?m.length:0};var standardRankFunction=function(tiddler,query){var markRE=query.getMarkRegExp();if(!markRE){return 1}var matchesInTitle=tiddler.title.match(markRE);var nMatchesInTitle=matchesInTitle?matchesInTitle.length:0;var nMatchesInTags=getMatchCount(tiddler.getTags(),markRE);var lengthOfMatchesInTitle=matchesInTitle?matchesInTitle.join("").length:0;var precisionInTitle=tiddler.title.length>0?lengthOfMatchesInTitle/tiddler.title.length:0;var rank=nMatchesInTitle*matchInTitleWeight+nMatchesInTags*matchInTagsWeight+precisionInTitle*precisionInTitleWeight+1;return rank};var findMatches=function(store,searchText,caseSensitive,useRegExp,sortField,excludeTag){lastQuery=null;var candidates=store.reverseLookup("tags",excludeTag,false);try{var defaultFields=[];if(config.options.chkSearchInTitle){defaultFields.push("title")}if(config.options.chkSearchInText){defaultFields.push("text")}if(config.options.chkSearchInTags){defaultFields.push("tags")}lastQuery=new abego.TiddlerQuery(searchText,caseSensitive,useRegExp,defaultFields,config.options.chkSearchExtendedFields)}catch(e){return[]}var results=lastQuery.filter(candidates);var rankFunction=abego.YourSearch.getRankFunction();for(var i=0;i<results.length;i++){var tiddler=results[i];var rank=rankFunction(tiddler,lastQuery);tiddler.searchRank=rank}if(!sortField){sortField="title"}var sortFunction=function(a,b){var searchRankDiff=a.searchRank-b.searchRank;if(searchRankDiff==0){if(a[sortField]==b[sortField]){return(0)}else{return(a[sortField]<b[sortField])?-1:+1}}else{return(searchRankDiff>0)?-1:+1}};results.sort(sortFunction);return results};var maxCharsInTitle=80;var maxCharsInTags=50;var maxCharsInText=250;var maxCharsInField=50;var itemsPerPageDefault=25;var itemsPerPageWithPreviewDefault=10;var yourSearchResultID="yourSearchResult";var yourSearchResultItemsID="yourSearchResultItems";var lastSearchText=null;var resultElement=null;var searchInputField=null;var searchButton=null;var lastNewTiddlerButton=null;var initStylesheet=function(){if(version.extensions.YourSearchPlugin.styleSheetInited){return}version.extensions.YourSearchPlugin.styleSheetInited=true;setStylesheet(store.getTiddlerText("YourSearchStyleSheet"),"yourSearch")};var isResultOpen=function(){return resultElement!=null&&resultElement.parentNode==document.body};var closeResult=function(){if(isResultOpen()){document.body.removeChild(resultElement)}};var closeResultAndDisplayTiddler=function(e){closeResult();var title=this.getAttribute("tiddlyLink");if(title){var withHilite=this.getAttribute("withHilite");var oldHighlightHack=highlightHack;if(withHilite&&withHilite=="true"&&lastQuery){highlightHack=lastQuery.getMarkRegExp()}story.displayTiddler(this,title);highlightHack=oldHighlightHack}return(false)};var adjustResultPositionAndSize=function(){if(!searchInputField){return}var root=searchInputField;var rootLeft=findPosX(root);var rootTop=findPosY(root);var rootHeight=root.offsetHeight;var popupLeft=rootLeft;var popupTop=rootTop+rootHeight;var winWidth=findWindowWidth();if(winWidth<resultElement.offsetWidth){resultElement.style.width=(winWidth-100)+"px";winWidth=findWindowWidth()}var popupWidth=resultElement.offsetWidth;if(popupLeft+popupWidth>winWidth){popupLeft=winWidth-popupWidth-30}if(popupLeft<0){popupLeft=0}resultElement.style.left=popupLeft+"px";resultElement.style.top=popupTop+"px";resultElement.style.display="block"};var scrollVisible=function(){if(resultElement){window.scrollTo(0,ensureVisible(resultElement))}if(searchInputField){window.scrollTo(0,ensureVisible(searchInputField))}};var ensureResultIsDisplayedNicely=function(){adjustResultPositionAndSize();scrollVisible()};var indexInPage=undefined;var currentTiddler=undefined;var pager=new abego.PageWiseRenderer();var MyItemRenderer=function(parent){this.itemHtml=store.getTiddlerText(".YourSearchItemTemplate");if(!this.itemHtml){alertAndThrow(".YourSearchItemTemplate not found")}this.place=document.getElementById(yourSearchResultItemsID);if(!this.place){this.place=createTiddlyElement(parent,"div",yourSearchResultItemsID)}};merge(MyItemRenderer.prototype,{render:function(pager,object,index,indexOnPage){indexInPage=indexOnPage;currentTiddler=object;var item=createTiddlyElement(this.place,"div",null,"yourSearchItem");item.innerHTML=this.itemHtml;applyHtmlMacros(item,null);refreshElements(item,null)},endRendering:function(pager){currentTiddler=null}});var refreshResult=function(){if(!resultElement||!searchInputField){return}var html=store.getTiddlerText("YourSearchResultTemplate");if(!html){html="<b>Tiddler YourSearchResultTemplate not found</b>"}resultElement.innerHTML=html;applyHtmlMacros(resultElement,null);refreshElements(resultElement,null);var itemRenderer=new MyItemRenderer(resultElement);pager.renderPage(itemRenderer);ensureResultIsDisplayedNicely()};pager.getItemsPerPage=function(){var n=(config.options.chkPreviewText)?abego.toInt(config.options.txtItemsPerPageWithPreview,itemsPerPageWithPreviewDefault):abego.toInt(config.options.txtItemsPerPage,itemsPerPageDefault);return(n>0)?n:1};pager.onPageChanged=function(){refreshResult()};var reopenResultIfApplicable=function(){if(searchInputField==null||!config.options.chkUseYourSearch){return}if((searchInputField.value==lastSearchText)&&lastSearchText&&!isResultOpen()){if(resultElement&&(resultElement.parentNode!=document.body)){document.body.appendChild(resultElement);ensureResultIsDisplayedNicely()}else{abego.YourSearch.onShowResult(true)}}};var invalidateResult=function(){closeResult();resultElement=null;lastSearchText=null};var isDescendantOrSelf=function(self,e){while(e!=null){if(self==e){return true}e=e.parentNode}return false};var onDocumentClick=function(e){if(e.target==searchInputField){return}if(e.target==searchButton){return}if(resultElement&&isDescendantOrSelf(resultElement,e.target)){return}closeResult()};var onDocumentKeyup=function(e){if(e.keyCode==27){closeResult()}};addEvent(document,"click",onDocumentClick);addEvent(document,"keyup",onDocumentKeyup);var myStorySearch=function(text,useCaseSensitive,useRegExp){lastSearchText=text;setLastResults(findMatches(store,text,useCaseSensitive,useRegExp,"title","excludeSearch"));abego.YourSearch.onShowResult()};var myMacroSearchHandler=function(place,macroName,params,wikifier,paramString,tiddler){initStylesheet();lastSearchText="";var searchTimeout=null;var doSearch=function(txt){if(config.options.chkUseYourSearch){myStorySearch(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch)}else{story.search(txt.value,config.options.chkCaseSensitiveSearch,config.options.chkRegExpSearch)}lastSearchText=txt.value};var clickHandler=function(e){doSearch(searchInputField);return false};var keyHandler=function(e){if(!e){e=window.event}searchInputField=this;switch(e.keyCode){case 13:if(e.ctrlKey&&lastNewTiddlerButton&&isResultOpen()){lastNewTiddlerButton.onclick.apply(lastNewTiddlerButton,[e])}else{doSearch(this)}break;case 27:if(isResultOpen()){closeResult()}else{this.value="";clearMessage()}break}if(String.fromCharCode(e.keyCode)==this.accessKey||e.altKey){reopenResultIfApplicable()}if(this.value.length<3&&searchTimeout){clearTimeout(searchTimeout)}if(this.value.length>2){if(this.value!=lastSearchText){if(!config.options.chkUseYourSearch||config.options.chkSearchAsYouType){if(searchTimeout){clearTimeout(searchTimeout)}var txt=this;searchTimeout=setTimeout(function(){doSearch(txt)},500)}}else{if(searchTimeout){clearTimeout(searchTimeout)}}}if(this.value.length==0){closeResult()}};var focusHandler=function(e){this.select();clearMessage();reopenResultIfApplicable()};var args=paramString.parseParams("list",null,true);var buttonAtRight=getFlag(args,"buttonAtRight");var sizeTextbox=getParam(args,"sizeTextbox",this.sizeTextbox);var txt=createTiddlyElement(null,"input",null,"txtOptionInput searchField",null);if(params[0]){txt.value=params[0]}txt.onkeyup=keyHandler;txt.onfocus=focusHandler;txt.setAttribute("size",sizeTextbox);txt.setAttribute("accessKey",this.accessKey);txt.setAttribute("autocomplete","off");if(config.browser.isSafari){txt.setAttribute("type","search");txt.setAttribute("results","5")}else{if(!config.browser.isIE){txt.setAttribute("type","text")}}var btn=createTiddlyButton(null,this.label,this.prompt,clickHandler);if(place){if(!buttonAtRight){place.appendChild(btn)}place.appendChild(txt);if(buttonAtRight){place.appendChild(btn)}}searchInputField=txt;searchButton=btn};var openAllFoundTiddlers=function(){closeResult();var results=getLastResults();var n=results.length;if(n){var titles=[];for(var i=0;i<n;i++){titles.push(results[i].title)}story.displayTiddlers(null,titles)}};var createOptionWithRefresh=function(place,optionParams,wikifier,tiddler){invokeMacro(place,"option",optionParams,wikifier,tiddler);var elem=place.lastChild;var oldOnClick=elem.onclick;elem.onclick=function(e){var result=oldOnClick.apply(this,arguments);refreshResult();return result};return elem};var removeTextDecoration=function(s){var removeThis=["''","{{{","}}}","//","<<<","/***","***/"];var reText="";for(var i=0;i<removeThis.length;i++){if(i!=0){reText+="|"}reText+="("+removeThis[i].escapeRegExp()+")"}return s.replace(new RegExp(reText,"mg"),"").trim()};var getShortCutNumber=function(){var i=indexInPage;return(i>=0&&i<=9)?(i<9?(i+1):0):-1};var limitedTextRenderer=new abego.LimitedTextRenderer();var renderLimitedText=function(place,s,maxLen){limitedTextRenderer.render(place,s,maxLen,lastQuery.getMarkRegExp())};var oldTiddlyWikiSaveTiddler=TiddlyWiki.prototype.saveTiddler;TiddlyWiki.prototype.saveTiddler=function(title,newTitle,newBody,modifier,modified,tags,fields){oldTiddlyWikiSaveTiddler.apply(this,arguments);invalidateResult()};var oldTiddlyWikiRemoveTiddler=TiddlyWiki.prototype.removeTiddler;TiddlyWiki.prototype.removeTiddler=function(title){oldTiddlyWikiRemoveTiddler.apply(this,arguments);invalidateResult()};config.macros.yourSearch={label:"yourSearch",prompt:"Gives access to the current/last YourSearch result",handler:function(place,macroName,params,wikifier,paramString,tiddler){if(params.length==0){return}var name=params[0];var func=config.macros.yourSearch.funcs[name];if(func){func(place,macroName,params,wikifier,paramString,tiddler)}},tests:{"true":function(){return true},"false":function(){return false},found:function(){return getLastResultsCount()>0},previewText:function(){return config.options.chkPreviewText}},funcs:{itemRange:function(place){if(getLastResultsCount()){var lastIndex=pager.getLastIndexOnPage();var s="%0 - %1".format([pager.getFirstIndexOnPage()+1,lastIndex+1]);createTiddlyText(place,s)}},count:function(place){createTiddlyText(place,getLastResultsCount().toString())},query:function(place){if(lastQuery){createTiddlyText(place,lastQuery.toString())}},version:function(place){var t="YourSearch %0.%1.%2".format([version.extensions.YourSearchPlugin.major,version.extensions.YourSearchPlugin.minor,version.extensions.YourSearchPlugin.revision]);var e=createTiddlyElement(place,"a");e.setAttribute("href","http://tiddlywiki.abego-software.de/#YourSearchPlugin");e.innerHTML='<font color="black" weight="bold" face="Arial, Helvetica, sans-serif">'+t+"<font>"},copyright:function(place){var e=createTiddlyElement(place,"a");e.setAttribute("href","http://www.abego-software.de");e.innerHTML='<font color="black" face="Arial, Helvetica, sans-serif">© 2005-2019 <b><font color="blue">abego</font></b> Software<font>'},newTiddlerButton:function(place){if(lastQuery){var r=abego.parseNewTiddlerCommandLine(lastQuery.getQueryText());var btn=config.macros.newTiddler.createNewTiddlerButton(place,r.title,r.params,"","",null,"text");var oldOnClick=btn.onclick;btn.onclick=function(){closeResult();oldOnClick.apply(this,arguments)};lastNewTiddlerButton=btn}},linkButton:function(place,macroName,params,wikifier,paramString,tiddler){if(params<2){return}var tiddlyLink=params[1];var text=params<3?tiddlyLink:params[2];var tooltip=params<4?text:params[3];var accessKey=params<5?null:params[4];var btn=createTiddlyButton(place,text,tooltip,closeResultAndDisplayTiddler,null,null,accessKey);btn.setAttribute("tiddlyLink",tiddlyLink)},closeButton:function(place,macroName,params,wikifier,paramString,tiddler){createTiddlyButton(place,"Fermer","Fermer la zone de recherche (touche \'ESC\')",closeResult)},openAllButton:function(place,macroName,params,wikifier,paramString,tiddler){var n=getLastResultsCount();if(n==0){return}var title=n==1?"open tiddler":"Ouvrir les %0 articles".format([n]);var button=createTiddlyButton(place,title,"Ouvrir tous les articles (Raccourci : Alt-O)",openAllFoundTiddlers);button.setAttribute("accessKey","O")},naviBar:function(place,macroName,params,wikifier,paramString,tiddler){pager.addPageNavigation(place)},"if":function(place,macroName,params,wikifier,paramString,tiddler){if(params.length<2){return}var testName=params[1];var negate=(testName=="not");if(negate){if(params.length<3){return}testName=params[2]}var test=config.macros.yourSearch.tests[testName];var showIt=false;try{if(test){showIt=test(place,macroName,params,wikifier,paramString,tiddler)!=negate}else{showIt=(!eval(testName))==negate}}catch(ex){}if(!showIt){place.style.display="none"}},chkPreviewText:function(place,macroName,params,wikifier,paramString,tiddler){var elem=createOptionWithRefresh(place,"chkPreviewText",wikifier,tiddler);elem.setAttribute("accessKey","P");elem.title="Prévisualisation des articles (Raccourci : Alt-P)";return elem}}};config.macros.foundTiddler={label:"foundTiddler",prompt:"Provides information on the tiddler currently processed on the YourSearch result page",handler:function(place,macroName,params,wikifier,paramString,tiddler){var name=params[0];var func=config.macros.foundTiddler.funcs[name];if(func){func(place,macroName,params,wikifier,paramString,tiddler)}},funcs:{title:function(place,macroName,params,wikifier,paramString,tiddler){if(!currentTiddler){return}var shortcutNumber=getShortCutNumber();var tooltip=shortcutNumber>=0?"Ouvrir l\'article (Raccourci : Alt-%0)".format([shortcutNumber.toString()]):"Open tiddler";var btn=createTiddlyButton(place,null,tooltip,closeResultAndDisplayTiddler,null);btn.setAttribute("tiddlyLink",currentTiddler.title);btn.setAttribute("withHilite","true");renderLimitedText(btn,currentTiddler.title,maxCharsInTitle);if(shortcutNumber>=0){btn.setAttribute("accessKey",shortcutNumber.toString())}},tags:function(place,macroName,params,wikifier,paramString,tiddler){if(!currentTiddler){return}renderLimitedText(place,currentTiddler.getTags(),maxCharsInTags)},text:function(place,macroName,params,wikifier,paramString,tiddler){if(!currentTiddler){return}renderLimitedText(place,removeTextDecoration(currentTiddler.text),maxCharsInText)},field:function(place,macroName,params,wikifier,paramString,tiddler){if(!currentTiddler){return}var name=params[1];var len=params.length>2?abego.toInt(params[2],maxCharsInField):maxCharsInField;var v=store.getValue(currentTiddler,name);if(v){renderLimitedText(place,removeTextDecoration(v),len)}},number:function(place,macroName,params,wikifier,paramString,tiddler){var numberToDisplay=getShortCutNumber();if(numberToDisplay>=0){var text="%0)".format([numberToDisplay.toString()]);createTiddlyElement(place,"span",null,"shortcutNumber",text)}}}};var opts={chkUseYourSearch:true,chkPreviewText:true,chkSearchAsYouType:true,chkSearchInTitle:true,chkSearchInText:true,chkSearchInTags:true,chkSearchExtendedFields:true,txtItemsPerPage:itemsPerPageDefault,txtItemsPerPageWithPreview:itemsPerPageWithPreviewDefault};for(var n in opts){if(config.options[n]==undefined){config.options[n]=opts[n]}}config.shadowTiddlers.AdvancedOptions+="\n<<option chkUseYourSearch>> Use 'Your Search' ";config.shadowTiddlers.YourSearchStyleSheet="/***\n!~YourSearchResult Stylesheet\n***/\n/*{{{*/\n.yourSearchResult {\n\tposition: absolute;\n\twidth: 800px;\n\n\tpadding: 0.2em;\n\tlist-style: none;\n\tmargin: 0;\n\n\tbackground: #f0f8ff;\n\tborder: 1px solid DarkGray;\n}\n\n/*}}}*/\n/***\n!!Summary Section\n***/\n/*{{{*/\n.yourSearchResult .summary {\n\tborder-bottom-width: thin;\n\tborder-bottom-style: solid;\n\tborder-bottom-color: #999999;\n\tpadding-bottom: 4px;\n}\n\n.yourSearchRange, .yourSearchCount, .yourSearchQuery {\n\tfont-weight: bold;\n}\n\n.yourSearchResult .summary .button {\n\tfont-size: 10px;\n\n\tpadding-left: 0.3em;\n\tpadding-right: 0.3em;\n}\n\n.yourSearchResult .summary .chkBoxLabel {\n\tfont-size: 10px;\n\n\tpadding-right: 0.3em;\n}\n\n/*}}}*/\n/***\n!!Items Area\n***/\n/*{{{*/\n.yourSearchResult .marked {\n\tbackground: none;\n\tfont-weight: bold;\n}\n\n.yourSearchItem {\n\tmargin-top: 2px;\n}\n\n.yourSearchNumber {\n\tcolor: #0000FF;\n}\n\n\n.yourSearchTags {\n\tcolor: #3333ff;\n}\n\n.yourSearchText {\n\tcolor: #000080;\n\tmargin-bottom: 6px;\n}\n\n/*}}}*/\n/***\n!!Footer\n***/\n/*{{{*/\n.yourSearchFooter {\n\tmargin-top: 8px;\n\tborder-top-width: thin;\n\tborder-top-style: solid;\n\tborder-top-color: #999999;\n}\n\n.yourSearchFooter a:hover{\n\tbackground: none;\n\tcolor: none;\n}\n/*}}}*/\n/***\n!!Navigation Bar\n***/\n/*{{{*/\n.yourSearchNaviBar a {\n\tfont-size: 16px;\n\tmargin-left: 4px;\n\tmargin-right: 4px;\n\tcolor: black;\n\ttext-decoration: underline;\n}\n\n.yourSearchNaviBar a:hover {\n\tbackground-color: none;\n}\n\n.yourSearchNaviBar .prev {\n\tfont-weight: bold;\n\tcolor: blue;\n}\n\n.yourSearchNaviBar .currentPage {\n\tcolor: #0000FF;\n\ttext-decoration: none;\n}\n\n.yourSearchNaviBar .next {\n\tfont-weight: bold;\n\tcolor: blue;\n}\n/*}}}*/\n";config.shadowTiddlers.YourSearchResultTemplate='<!--\n{{{\n-->\n<span macro="yourSearch if found">\n<!-- The Summary Header ============================================ -->\n<table class="summary" border="0" width="100%" cellspacing="0" cellpadding="0"><tbody>\n <tr>\n\t<td align="left">\n\t\tYourSearch Result <span class="yourSearchRange" macro="yourSearch itemRange"></span>\n\t\t of <span class="yourSearchCount" macro="yourSearch count"></span>\n\t\tfor <span class="yourSearchQuery" macro="yourSearch query"></span>\n\t</td>\n\t<td class="yourSearchButtons" align="right">\n\t\t<span macro="yourSearch newTiddlerButton"></span>\n\t\t<span macro="yourSearch openAllButton"></span>\n\t\t<span macro="yourSearch closeButton"></span>\n\t</td>\n </tr>\n</tbody></table>\n\n<!-- The List of Found Tiddlers ============================================ -->\n<div id="yourSearchResultItems" itemsPerPage="25" itemsPerPageWithPreview="10"></div>\n\n<!-- The Footer (with the Navigation) ============================================ -->\n<table class="yourSearchFooter" border="0" width="100%" cellspacing="0" cellpadding="0"><tbody>\n <tr>\n\t<td align="left">\n\t\tNombre de pages : <span class="yourSearchNaviBar" macro="yourSearch naviBar"></span>\n\t</td>\n\t<td align="right"><span macro="yourSearch version"></span>, <span macro="yourSearch copyright"></span>\n\t</td>\n </tr>\n</tbody></table>\n<!-- end of the \'tiddlers found\' case =========================================== -->\n</span>\n\n\n<!-- The "No tiddlers found" case =========================================== -->\n<span macro="yourSearch if not found">\n<table class="summary" border="0" width="100%" cellspacing="0" cellpadding="0"><tbody>\n <tr>\n\t<td align="left">\n\t\tRecherche infructueuse: aucun article trouvé pour <span class="yourSearchQuery" macro="yourSearch query"></span>.\n\t</td>\n\t<td class="yourSearchButtons" align="right">\n\t\t<span macro="yourSearch closeButton"></span>\n\t</td>\n </tr>\n</tbody></table>\n</span>\n\n\n<!--\n}}}\n-->\n';config.shadowTiddlers.YourSearchItemTemplate="<!--\n{{{\n-->\n<span class='yourSearchNumber' macro='foundTiddler number'></span>\n<span class='yourSearchTitle' macro='foundTiddler title'/></span> - \n<span class='yourSearchTags' macro='foundTiddler field tags 50'/></span>\n<span macro=\"yourSearch if previewText\"><div class='yourSearchText' macro='foundTiddler field text 250'/></div></span>\n<!--\n}}}\n-->";config.shadowTiddlers.YourSearch="<<tiddler [[YourSearch Help]]>>";config.shadowTiddlers["YourSearch Result"]="The popup-like window displaying the result of a YourSearch query.";config.macros.search.handler=myMacroSearchHandler;var checkForOtherHijacker=function(){if(config.macros.search.handler!=myMacroSearchHandler){alert("Message from YourSearchPlugin:\n\n\nAnother plugin has disabled the 'Your Search' features.\n\n\nYou may disable the other plugin or change the load order of \nthe plugins (by changing the names of the tiddlers)\nto enable the 'Your Search' features.")}};setTimeout(checkForOtherHijacker,5000);abego.YourSearch.getStandardRankFunction=function(){return standardRankFunction};abego.YourSearch.getRankFunction=function(){return abego.YourSearch.getStandardRankFunction()};abego.YourSearch.getCurrentTiddler=function(){return currentTiddler};abego.YourSearch.closeResult=function(){closeResult()};abego.YourSearch.getFoundTiddlers=function(){return lastResults};abego.YourSearch.getQuery=function(){return lastQuery};abego.YourSearch.onShowResult=function(useOldResult){highlightHack=lastQuery?lastQuery.getMarkRegExp():null;if(!useOldResult){pager.setItems(getLastResults())}if(!resultElement){resultElement=createTiddlyElement(document.body,"div",yourSearchResultID,"yourSearchResult")}else{if(resultElement.parentNode!=document.body){document.body.appendChild(resultElement)}}refreshResult();highlightHack=null}})()};
//%/
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title+"]] \"Consulter ["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"////"'>>
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title.substr(0,7)+"]] \""+tiddler.title+"\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"////"'>>
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '"* [["+tiddler.title+"]] \n"'>><<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title+"]] \"Consulter ["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"//Aucun élément.//"'>>
{{ss2col{
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '"* [["+tiddler.title+"]] \n"'>>}}}<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title.substr(0,10)+"]] \"Consulter ["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"//Aucun élément.//"'>>
{{ss2col{
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '"* [["+tiddler.title+"]] \n"'>>}}}<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title.substring(13, tiddler.title.length)+"]] \"Consulter ["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"//Aucun élément.//"'>>
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title.substr(0,10)+"]] \"["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"//Aucun élément.//"'>>
<<forEachTiddler where 'tiddler.tags.containsAll(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '"* [["+tiddler.title+"]]\n"' begin '""' end '""' none '"* Aucune publication pour le moment\n"'>>
<<forEachTiddler where 'tiddler.tags.containsAny(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '(index < 24) ? "|"+tiddler.title.substr(0,10)+"|[["+tiddler.title.substr(13,254)+"|"+tiddler.title+"]]|\n" : ""' begin '"|Date|!$2 |\n"' end '""' none '"* Aucune publication\n"'>>
[>img(200px,auto)[iCSA/K4CCCSK.png]]Le [[Chapitre Français]] de la [[Cloud Security Alliance]] organise une formation officielle [[CCSK]] pour le ''CCSK Foundation'' et le ''CCSK Plus''.
Elle se déroulera la semaine du $1.
Elle sera dispensée ''en français'' par ''+++[Guillaume Boutisseau] [img(98%,1px)[iCSF/BluePixel.gif]]^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]] ==='', ''CCSK Authorized Instructor''^^1^^.
Comme il n'est pas possible de garantir que les conditions nécessaires à la réalisation d'une formation en présentiel soient réunies pour le mois de juin 2020, les interventions se dérouleront par visio-conférence sous la forme de classes virtuelles.
Les dates proposées sont les suivantes :
* ''$2'' : ''CCSK Foundation'' en français
* ''$3'' : ''CCSK Plus'' en français
Les inscriptions sont ouvertes sur le site de CloudSecurityPass ⇒ ''[[CloudSecurityAlliance.fr/go/CSPass|http://CloudSecurityAlliance.fr/go/CSPass]]''
Pour toute information complémentaire, vous pouvez aussi nous contacter sur [img(200px,auto)[iCSF/Email-CSA_FR.png]]
[img(98%,1px)[iCSF/BluePixel.gif]]
^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]]
<<tiddler [[arOund0C]]>>
[<img(100px,auto)[iCSA/logoCSAFR.png]]{{floatL{
|ssTablN0|k
|| <html><i class="fa fa-home" aria-hidden="true"></i></html> ||__[[Accueil]]__|
|| <html><i class="fa fa-chalkboard-teacher" aria-hidden="true"></i></html> ||__[[CSA FR|Chapitre Français]]__|
|| [img[iCSF/flag_fr.png]] ||__[[Traductions]]__|
|| <html><i class="fa fa-info-circle" aria-hidden="true"></i></html> ||__[[Actualités]]__|
|| <html><i class="fa fa-blog" aria-hidden="true"></i></html> ||__[[Blog]]__|
|| <html><i class="fa fa-book" aria-hidden="true"></i></html> ||__[[Publications]]__|
|bgcolor:#CCC;| <html><i class="fa fa-pencil-alt" aria-hidden="true"></i></html> |bgcolor:#CCC;|[[Newsletters]]|
|bgcolor:#CCC;| <html><i class="fa fa-eye" aria-hidden="true"></i></html> |bgcolor:#CCC;|[[Veille Web]]|
|bgcolor:#CCC;| <html><i class="fa fa-book-reader" aria-hidden="true"></i></html> |bgcolor:#CCC;|[[Références]]|
|bgcolor:#CCC;| <html><i class="fa fa-tools" aria-hidden="true"></i></html> |bgcolor:#CCC;|[[Outils]]|
|| <html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> ||__[[Alertes|Alertes et Vulnérabilités]]__|
|| <html><i class="fa fa-podcast" aria-hidden="true"></i></html> ||__[[Podcasts]]__|
|| <html><i class="fa fa-video" aria-hidden="true"></i></html> ||__[[Webinars|CloudBytes]]__|
|| <html><i class="fa fa-calendar-alt" aria-hidden="true"></i></html> ||__[[Agenda]]__|
|| <html><i class="fa fa-archive" aria-hidden="true"></i></html> ||__[[Archives]]__|
|| ^^→^^ ||^^[[Contact]]^^|
|>|>|>|<<search 'Moteur de Recherche'>>|
|>|>|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|>|>|[img[LinkedIN|iCSF/In.png][LinkedIN]][img[Slack|iCSF/Slack_icon2.png][Slack]][img[Twitter|iCSF/Twitter_icon.png][Twitter]][img[iCSF/inEnglish.png][in English]]|
[img(100px,auto)[iCSA/badgeCSAFR.png]]
<<tiddler RollLeftCol>>[img(50%,1px)[iCSF/BluePixel.gif]]}}}
In this article, you can find the translation of the ''Menu'', and the links to all ''Weekly Newsletters'' published in English {{arOund{ ENG }}} - that is since early February 2020.
<<tabs tEnglish 'Menu' 'Menu' [[in English##Menu]] 'Weekly Newsletters' 'All weekly Newsletters in English' [[in English##Actu]]>>
/%
!Menu
|!Icon|!{{arOund{ FRA }}} -- Menu in French |!{{arOund{ ENG }}} -- Menu in English |
| @@color:#014;<html><i class="fa fa-home" aria-hidden="true"></i></html>@@ |[[Accueil]]|[[Home|Accueil]]|
| @@color:#014;<html><i class="fa fa-chalkboard-teacher" aria-hidden="true"></i></html>@@ |[[CSA FR|Chapitre Français]]|Details on the [[French Chapter|Chapitre Français]]|
| @@color:#014;<html><i class="fa fa-info-circle" aria-hidden="true"></i></html>@@ |[[Actualités]]|[[News|Actualités]] about CSA, the French Chapter, and general Cloud and Security topics |
| @@color:#014;<html><i class="fa fa-blog" aria-hidden="true"></i></html>@@ |[[Blog]]|[[Blog]] posts on the CSA or on the French Chapter web sites|
| @@color:#014;<html><i class="fa fa-book" aria-hidden="true"></i></html>@@ |[[Publications]]|[[Artefacts and Publications|Publications]] by CSA or major actors|
| @@color:#014;<html><i class="fa fa-eye" aria-hidden="true"></i></html>@@ |[[Veille Web]]|[[Cloud and Security watch|Veille Web]] with dozens of links per week|
| @@color:#014;<html><i class="fa fa-pencil-alt" aria-hidden="true"></i></html>@@ |[[Newsletters]]|[[Weekly newsletters|Newsletters]] published on Sundays or on Mondays|
| @@color:#014;<html><i class="fa fa-book-reader" aria-hidden="true"></i></html>@@ |[[Références]]|[[Sites and documents of reference|Références]]|
| @@color:#014;<html><i class="fa fa-tools" aria-hidden="true"></i></html>@@ |[[Outils]]|[[Cloud and Security tools|Outils]]|
| @@color:#014;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html>@@ |[[Alertes|Alertes et Vulnérabilités]]|[[Alerts et Vulnerabilities|Alertes et Vulnérabilités]]|
| @@color:#014;<html><i class="fa fa-podcast" aria-hidden="true"></i></html>@@ |__[[Podcasts]]__|__[[CSA Podcasts|Podcasts]]__|
| @@color:#014;<html><i class="fa fa-video" aria-hidden="true"></i></html>@@ |__[[Webinars|CloudBytes]]__|__[[CloudBytes Webinars|CloudBytes]]__|
| @@color:#014;<html><i class="fa fa-archive" aria-hidden="true"></i></html>@@ |[[Archives]]|[[Site archives since 2010|Archives]]|
|[img[iCSF/flag_fr.png]]|__[[Traductions]]__|__[[CSA documents translated into French|Traductions]]__|
| → |[[Contact]]|[[How to contact a French Chapter representative|Contact]]|
|>|>| [img[LinkedIN|iCSF/In.png][LinkedIN]][img[Slack|iCSF/Slack_icon2.png][Slack]][img[Twitter|iCSF/Twitter_icon.png][Twitter]] |
|>|>| Search engine: <<search>> |
!Actu
<<tiddler fAll2LiTabs10 with: ActuEN","_EN_>>
!end
%/
Chapitre Français •<<tiddler .ToggleLeftSidebar>>•
<!--{{{-->
<div class='toolbar' macro='toolbar [[ToolbarCommands::ViewToolbar]]'></div>
<div class='title' macro='view title'></div>
<div class='viewer' macro='view text wikified'></div>
<div class='viewer' macro='tiddler ReplaceDoubleClick'></div>
<div class='tagClear'></div>
<!--}}}-->
//{{{
config.options.txtUserName='CSA-FR';
config.options.chkAnimate=false;
config.options.chkRegExpSearch=false;
config.options.chkCaseSensitiveSearch=false;
config.options.chkOpenInNewWindow=true;
config.messages.tiddlerLinkTooltip="→ %0";
config.messages.externalLinkTooltip="→ %0";
config.options.chkHideSiteTitles=true;
config.macros.search.prompt="Recherche sur ce site";
config.macros.search.successMsg="%1 → %0 article(s)";
config.macros.search.failureMsg="%0 → Aucun article";
config.macros.search.label="Recherche";
merge(config.views.wikified,{ dateFormat: "0DD.0MM.YYYY",});
merge(config.macros.search,{ label: "", prompt: "Moteur de recherche local",});
config.options.chkUseYourSearch=true;
config.options.chkPreviewText=false;
config.options.chkSearchAsYouType=false;
config.options.chkSearchInTitle=true;
config.options.chkSearchInText=true;
config.options.chkSearchInTags=true;
config.options.chkSearchExtendedFields=false;
config.options.txtItemsPerPage=10;
config.options.txtItemsPerPageWithPreview=10;
config.options.chkShowLeftSidebar=true;
config.options.chkDisableWikiLinks=true;
config.options.chkAllowLinksFromShadowTiddlers=true;
config.options.chkDisableNonExistingWikiLinks=true;
config.options.chkSinglePageAutoScroll=true;
config.options.chkSinglePagePermalink=false;
config.options.chkSinglePageMode=false;
config.options.chkTopOfPageMode=true;
config.options.chkBottomOfPageMode=false;
config.options.chkShowBreadcrumbs=true;
config.options.txtBreadcrumbsLimit=8;
config.options.chkReorderBreadcrumbs=true;
config.options.txtBreadcrumbsCrumbSeparator=" <html><i class='fa fa-shoe-prints' aria-hidden='true'></i><i class='fa fa-shoe-prints' aria-hidden='true'></i></html> ";
config.options.chkBreadcrumbsSave=false;
config.options.chkShowStartupBreadcrumbs=false;
config.options.chkBreadcrumbsReverse=false;
config.options.chkBreadcrumbsLimitOpenTiddlers=true;
config.options.txtBreadcrumbsLimitOpenTiddlers=20;
config.options.chkBreadcrumbsHideHomeLink=false;
config.options.chkCreateDefaultBreadcrumbs=true;
config.options.chkFramedLinks=false;
config.options.chkFramedLinksTag=true;
config.options.txtFramedLinksTag='_EmbedFrame';
config.options.txtFrameWidth='98%';
config.options.txtFrameHeight='33%';
readOnly=true;
config.options.chkHttpReadOnly=true;
config.options.chkBackstage=false;
showBackstage=false;
merge(config.shadowTiddlers,{ ToolbarCommands: '|~ViewToolbar|closeTiddler closeOthers|\n|~EditToolbar|+saveTiddler -cancelTiddler deleteTiddler|',});
merge(config.commands.closeTiddler,{ text: "[fermer]", tooltip: "Fermer cet article" });
merge(config.commands.closeOthers,{ text: "[isoler]", tooltip: "Fermer les autres articles" });
//}}}
/*{{{*/
/* Alignement */
.floatL { display:block;text-align:left; }
.floatR { display:block;text-align:right; }
.floatC { display:block;text-align:center; }
.ssTabl99 {width:99%}
.ssTabl96 {width:96%}
.ssTabl2,
.ssTabl2 td,
.ssTabl2 th,
.ssTabl2 tbody
{ table-layout:fixed; width:98%; }
.ssTabl98N0,
.ssTabl98N0 table,
.ssTabl98N0 td,
.ssTabl98N0 tr,
.ssTabl98N0 th,
.ssTabl98N0 tbody
{ border:0 !important; width:98%; table-layout:fixed; }
.ssCol30 {width:30%; float:left; margin-left:1%; margin-right:1%; border-color:#014; border-style:solid; border-width:3px; }
.ssCol45 {width:45%; float:left; margin-left:1%;}
/* multi-column tiddler content (not supported in Internet Explorer) */
.ss2col { display:block; -moz-column-count:2; -moz-column-gap:1em; -moz-column-width:50%; /* FireFox */ -webkit-column-count:2; -webkit-column-gap:1em; -webkit-column-width:50%; /* Safari */ column-count:2; column-gap:1em; column-width:50%; /* Opera */ }
.clear {clear:both;}
/* ssTablN0 : table without tr/th/td borders */
.ssTablN0, .ssTablN0 table, .ssTablN0 tr, .ssTablN0 th, .ssTablN0 td, .ssTablN0 tbody { border:0 !important; }
/* ssTablN0 : table without tr/td borders borders, but with th borders */
.ssTablN0L, .ssTablN0L tr, .ssTablN0L td, .ssTablN0L tbody { border:0 !important; }
/* {font-size:.70em;} */
body {font-size:.8em;font-family:Verdana,times,serif; margin:0; padding:0;}
pre, .tagged, .tagging, #messageArea, .popup, .tiddlyLink, .button { border-radius: 5px; }
.tiddlyLink { padding: 0px 2px; margin: 0 -2px; }
img[align="left"] { margin-right: .5em; }
img[align="right"] { margin-left: .5em; }
.toolbar {text-align:left; font-size:.7em;}
img {border:2px solid [[ColorPalette::Background]];}
.headerShadow {position:relative; padding:0.5em 0em 1em 1em; left:-1px; top:-1px;}
.headerForeground {position:absolute; padding:0.5em 0em 1em 1em; left:0px; top:0px;}
.headerShadow .right { position: absolute; top: 0; }
.headerShadow .right { right: 0; }
.headerForeground .right { display: none; }
/* InlineTabs */
.tabSelected {font-weight:bold; font-size:125%; color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::TertiaryPale]]; border-left:2px solid [[ColorPalette::PrimaryMid]]; border-top:2px solid [[ColorPalette::PrimaryLight]]; border-right:2px solid [[ColorPalette::PrimaryMid]]; border-bottom-style:2px solid [[ColorPalette::PrimaryMid]]; }
.tabContents {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::Background]]; border:2px solid [[ColorPalette::PrimaryMid]];}
/* StyleSheetRotate90 */
.ssRot90 { float:left; width:0.6em; font-size:100%; font-family:Verdana,times,serif; line-height:60%; color:#014 !important; background:inherit !important; transform: rotate(90deg);}
/* StyleSheetLetters */
.arOund {border:2px solid #014; background-color:#FFF; color:#014; font-style:italic; font-size:0.9em; text-align:center; padding:0.1em 0.5em 0.1em 0.5em; }}
.arOund200 {border:2px solid #014; background-color:#FFF; color:#014; font-style:italic; font-size:200%; text-align:center; padding:0.1em 0.5em 0.1em 0.5em; }}
.xxxxblue200 { float:left; width:0.6em; font-size:200%; font-family:Verdana,times,serif; line-height:60%; color:#014 !important; background:inherit !important; }
.firstletter { width:0.6em; font-size:250%; font-family:Verdana,times,serif; line-height:60%; color:#014 !important; background:inherit !important; }
/* .firstletterC { float:center; width:0.6em; font-size:250%; line-height:60%; color:#014 !important; background:inherit !important; } */
.FirstLetter { width:0.6em; font-size:150%; font-family:Verdana,times,serif; line-height:60%; !important; background:inherit !important; }
.Blue250 { float:left; width:0.6em; font-size:250%; font-family:Verdana,times,serif; line-height:60%; color:#014 !important; background:inherit !important; }
/* StyleSheetTableList */
.viewer ul {margin-top:0; margin-bottom:0;}
.viewer {text-align:justify;}
.viewer th {background:[[ColorPalette::TertiaryPale]]; color:[[ColorPalette::PrimaryMid]];}
/* NestedSlidersPlugin */
.floatingPanel { z-index:700; padding:1em; margin:0em; border:1px solid; -moz-border-radius:1em; font-size:8pt; text-align:left; }
.floatingPanel hr { margin:2px 0 1px 0; padding:0; }
#sidebarOptions .sliderPanel { margin:0; padding:0; font-size:1em; background:transparent; }
#sidebarOptions .sliderPanel a { font-weight:normal; }
#sidebarOptions .sliderPanel blockquote { margin:0;padding:0;margin-left:1em; border-left:1px dotted; padding-left:1em }
.selected .floatingPanel .button,
.selected .floatingPanel a:link,
.selected .floatingPanel a:hover,
.selected .floatingPanel a:visited,
.floatingPanel .button,
.floatingPanel a:link,
.floatingPanel a:hover,
.floatingPanel a:visited { color:[[ColorPalette::PrimaryDark]] !important; }
.QOTD { color:#014 !important; background:inherit !important; }
.horizTag li.listTitle { display:none }
.horizTag li { display:inline; font-size:90%; }
.horizTag ul { display:inline; margin:0px; padding:0px;}
.viewer td { vertical-align:top; }
.viewer th { vertical-align:top; }
.viewer dl { margin:0; }
.size75 { font-size:75%; }
/*}}}*/
[img(400px,4px)[iCSF/BluePixel.gif]]
[img(200px,auto)[iCSF/Email-CSA_FR.png]]
|ssTablN0|k
|+++^*[mobile] <<tiddler [[MainMenu]]>>=== ^^<<tiddler .ToggleLeftSidebar>>^^| • <<tiddler [[Categories]]>> |
|| ^^<<tiddler RollHeader>>^^ |
[>img(200px,auto)[iCSA/logoCSAFR.png]]Le [[Chapitre Français]] de la [[Cloud Security Alliance]] est une association formée pour faire la promotion des meilleures pratiques de sécurité au sein des infrastructures Cloud Computing.
Il se charge notamment :
* d'adapter certains documents de la [[Cloud Security Alliance]] aux spécificités françaises (notamment réglementaires)
* de favoriser les bonnes pratiques de sécurité auprès des prestataires et founisseurs de Cloud français et auprès des Entreprises qui batissent des Clouds Privés
* de publier de nouvelles recommandations de sécurité relatives au Cloud Computing
* de traduire certains documents de la [[Cloud Security Alliance]] en français
* de mener des actions pour former et évangéliser sur la sécurité du Cloud Computing
* de participer à la communauté des chapitres européens regroupés sous l'appellation "''CSA EMEA''"[>img(200px,auto)[iCSF/CSA-EMEA.png]]
* d'établir des relations avec la presse et avec des groupes de travail similaires traitant soit du Cloud Computing, soit de la Sécurité
* de participer à tout type d'événements ou de conférences liés à la sécurité du Cloud Computing
[img(25%,1px)[iCSF/BluePixel.gif]]
Le site du [[Chapitre Français]] de la [[Cloud Security Alliance]] est https://www.CloudSecurityAlliance.fr/
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler [[Partenariats - ISEP-FC - Masteres Spécialisés]]>>
Le site de la [[Cloud Security Alliance]] est https://www.CloudSecurityAlliance.org/
[img(25%,1px)[iCSF/BluePixel.gif]]
{{floatC{[img(400px,auto)[iCSF/Email-CSA_FR.png]]
[img(100px,auto)[iCSF/Cloud_Question.png]]
@@font-size:75%;@@
+++*[Protection des données] <<tiddler [[Protection des Données]]>>=== }}}
| !Sur les aspects protection des données, RGPD et similaires, et pour les éléments suivants | !la réponse est simple |
| • Identité et coordonnées du responsable de traitement •
• Identité et coordonnées du délégué à la protection des données •
• Catégories de données collectées •
• Finalités du traitement •
• Base juridique du traitement •
• Destinataires des données •
• Transferts de données en dehors de l'UE •
• Conservation des données •
• Exercice des droits •
• Soumission d'une réclamation auprès de l'autorité de contrôle •
• Cookies • | ''c'est sans objet''
car ...
• aucune donnée n'est collectée sur le site •
• aucun cookie n'est utilisé •
• aucun traitement de données n'est réalisé •
[img(50%,1px)[iCSF/BluePixel.gif]]
Pour toute demande de précision, utilisez l'adresse
[img(200px,auto)[iCSF/Email-CSA_FR.png][iCSF/cloud-security-alliance-fr.png]]
[img(50%,1px)[iCSF/BluePixel.gif]] |
|<<tiddler AgendaFR+EN>>|
<<tiddler fAll2Tabs with: _Archives>><<tiddler .ReplaceTiddlerTitle with: [[Archives du Site]]>>
<<tiddler fAll2Tabs7 with: _Histo21>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2021]]>>
<<tiddler fAll2Tabs7 with: _Histo20>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2020]]>>
<<tiddler fAll2Tabs7 with: _Histo19>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2019]]>>
<<tiddler fAll2Tabs7 with: _Histo18>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2018]]>>
Les archives ''2017'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo17>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2017]]>>
Les archives ''2016'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo16>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2016]]>>
Les archives ''2015'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo15>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2015]]>>
Les archives ''2014'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo14>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2014]]>>
Les archives ''2013'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo13>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2013]]>>
Les archives ''2012'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo12>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2012]]>>
Les archives ''2011'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo11>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2011]]>>
Les archives ''2010'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo10>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2010]]>>
Les archives ''2009'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo09>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2009]]>>
Les archives ''2008'' sont en cours de reconstruction
<<tiddler fAll2Tabs7 with: _Histo08>><<tiddler .ReplaceTiddlerTitle with: [[Archives 2008]]>>
<script label="[?]" title="affiche une aide pour naviguer sur ce site">
if (window.version) {
var msg='Aide à la navigation sur ce site\n'
+'• Texte en bleu gras : lien direct vers un article\n'
+'• ◄▷ : masque/affiche le menu à gauche\n'
+'• » : déplier/replier opour accéder à un article, un URL ou des détails\n'
+'• [?] : cette aide ... :-)\n';
alert(msg); } return false;
</script> • Catégories : [[CAIQ]] • [[CCAK]] • [[CCM]] • [[CCSK]] • [[Cryptographie]] • [[ERP]] • [[Incidents]] • [[IoT]] • [[Menaces]] • [[Panorama]] • [[RGPD]] • [[Santé|Health]] • [[SDP]] • [[STAR]] • [[Vulnérabilités]] •
<<tiddler [[CSA Circle]]>>
Pour rejoindre l'espace collaboratif [[CSA Circle]] du [[Chapitre Français]], rien de plus simple :
* Suivre ''[[CloudSecurityAlliance.fr/go/Circle|https://CloudSecurityAlliance.fr/go/Circle]]''.
* Cliquer sur le bouton rouge "Sign In" [img(40px,auto)[iCSF/OSignIn.jpg]] en haut à droite de l'écran.
* S'enregistrer en sélectionnant le bouton "Sign Up" [img(40px,auto)[iCSF/OSignUp.jpg]].
* Une fois connecté, afficher les communautés [img(60px,auto)[iCSF/OCommunities.jpg]] et choisir ''France Chapter'' pour s'inscrire.
<<tiddler fAll2LiTabs13end with: _CloudBytes>>
!Le [[Chapitre Français|CSA-FR]] de la [[Cloud Security Alliance]]
[>img(200px,auto)[iCSA/logoCSAFR.png]]
Le [[Chapitre Français|CSA-FR]] de la [[Cloud Security Alliance]] a été créé en décembre 2010 par ''[[Olivier Caleff|https://www.linkedin.com/in/caleff]]'' et ''[[Pierre Vacherand|https://www.linkedin.com/in/pierrevacherand/]]''.
Après un bon début, le [[Chapitre français|CSA-FR]] a tourné au ralenti entre 2013 et 2017.
Les activités se sont concentrées autour de participations et contributions à des événements de la [[Cloud Security Alliance]] en Europe, à des participations dans des groupes de travail de la [[Cloud Security Alliance]], et à une participation très active dans le domaine de la formation (voir ci-dessous)
En 2018, les activités reprennent avec :
* La participation à deux salons (Mars et Novembre 2018)
* La poursuite des partenariats pour les activités de formation
* L'animation du groupe LinkedIn : https://www.linkedin.com/groups/3758242
* La préparation de la relance des réunions des membres du [[Chapitre français|CSA-FR]]
__Contact :__ https://CloudSecurityAlliance.fr et [img(200px,auto)[iCSF/Email-CSA_FR.png]]
!Les partenariats
<<tiddler [[Partenariats - ISEP-FC - Masteres Spécialisés]]>>
<<tabs tCSA 'Présentation' 'Présentation' [[Cloud Security Alliance##Pres]] 'Historique' 'Historique' [[Cloud Security Alliance##Histo]] 'Mission' 'Mission' [[Cloud Security Alliance##Mission]] 'Groups de Travail' 'Groupes de Travail' [[Cloud Security Alliance##WG]] 'Liens' 'Liens' [[Cloud Security Alliance##Links]]>>
/%
!Pres
__''Présentation''__[>img(200px,auto)[iCSF/cloud-security-alliance.png]]
La [[Cloud Security Alliance]] (CSA) est une organisation à but non lucratif qui a pour mission :
* de promouvoir de bonnes pratiques en matière d'assurance de la sécurité dans le Cloud Computing
* de fournir des formations sur les utilisations du Cloud Computing pour aider à sécuriser toutes les autres formes d'informatique
La [[Cloud Security Alliance]] est dirigée par une vaste coalition de praticiens de l'industrie, d'entreprises, d'associations et d'autres intervenants clés.
[img(25%,1px)[iCSF/BluePixel.gif]]
!Histo
__''Historique''__[>img(200px,auto)[iCSF/cloud-security-alliance.png]]
Les enjeux et opportunités du cloud computing ont fait l'objet d'une attention particulière en 2008 au sein de la communauté de la sécurité de l'information.
Lors du forum CISO de l'ISSA à Las Vegas, en novembre 2008, le concept de d'une Alliance pour la sécurité du Cloud Computing ([[Cloud Security Alliance]]) a vu le jour. Après une présentation des tendances émergentes par ''[[Jim Reavis|https://www.linkedin.com/in/jimreavis/]]'', dont un appel à l'action pour la sécurisation du cloud computing, ''Jim Reavis'' et ''[[Nils Puhlmann|https://www.linkedin.com/in/npuhlmann/]]'' ont présenté la mission et la stratégie initiales de la CSA. Une série de réunions organisationnelles avec des chefs de file de l'industrie au début de décembre 2008 a officialisé la fondation de la CSA.
Le travail de sensibilisation auprès de la communauté de la sécurité de l'information pour créer un support de travail initial en vue de la Conférence RSA 2009 a donné lieu à des échanges entre des dizaines de bénévoles pour la recherche, l'auteur, la rédaction et la révision du premier livre blanc.
[img(25%,1px)[iCSF/BluePixel.gif]]
!Mission
__''Mission''__[>img(200px,auto)[iCSF/cloud-security-alliance.png]]
Promouvoir l'utilisation des meilleures pratiques pour fournir une assurance de sécurité dans le Cloud Computing, et fournir de l'éducation sur les utilisations du Cloud Computing pour aider à sécuriser toutes les autres formes d'informatique.
[img(25%,1px)[iCSF/BluePixel.gif]]
!WG
__''Groupes de Travail''__
<<tiddler [[Groupes de Travail]]>>
[img(25%,1px)[iCSF/BluePixel.gif]]
!Links
__''Liens''__
{{ss2col{
* ''Site Web CSA'' → https://CloudSecurityAlliance.org
* ''Flux RSS'' → https://cloudsecurityalliance.org/feed/
* Tous les articles → https://cloudsecurityalliance.org/articles/
* Blog → https://blog.cloudsecurityalliance.org/
* Publications → https://cloudsecurityalliance.org/research/artifacts/
* Communiqués de Presse → https://cloudsecurityalliance.org/press-releases/
* Groupes de travail → https://cloudsecurityalliance.org/meetings/
* Recherche → https://cloudsecurityalliance.org/research/
* Commentaires → https://cloudsecurityalliance.org/research/contribute/
* Couverture Presse → https://blog.cloudsecurityalliance.org/press-coverage/
* Registre ''STAR'' → https://cloudsecurityalliance.org/star/registry/
* Aspects ''RGPD'' → https://gdpr.cloudsecurityalliance.org/
* Formation ''CCAK'' → https://cloudsecurityalliance.org/education/ccak/
* Formation ''CCSK'' → https://ccsk.cloudsecurityalliance.org/
* Groupe __LinkedIN__ → https://www.linkedin.com/groups/1864210/profile
* Flux __Twitter__ → https://twitter.com/cloudsa
}}}[img(25%,1px)[iCSF/BluePixel.gif]]
!end
%/
<<tiddler [[Cloud Security Alliance]]>>
[>img(100px,auto)[iCSA/K4QCCSK.png]]Le [[Chapitre Français]] participe à l'organisation de sessions de formation officielle et ''certifiante'' [[CCSK]] ''en français'' ''CCSK Foundation'' et le ''CCSK Plus''.
Les prochaines sessions auront lieu :
* ''lundi 10 et mardi 11 mars 2021'' : session CCSK Foundation
* lundi 10, mardi 11 et ''mercredi 12 mars 2021'' : session CCSK Plus
Elles comprennent tous les modules théoriques, ainsi que des exercices pratiques dans le cloud AWS (CCSK Plus), ainsi que la possibilité de passer l'examen de certification CCSK.
Elles sont dispensées par +++^*[Guillaume Boutisseau]> [img(98%,1px)[iCSF/BluePixel.gif]]<<tiddler [[Guillaume Boutisseau]]>>[img(98%,1px)[iCSF/BluePixel.gif]] ===, ''CCSK Authorized Instructor'' de la société [img(100px,auto)[iCSF/K4CSP.png][https://CloudSecurityPass.com/]]).
Les inscriptions sont ouvertes ⇒ ''[[CloudSecurityPass|http://CloudSecurityAlliance.fr/go/CSPass]]''
Pour toute information complémentaire, vous pouvez aussi nous contacter sur ~~[img(200px,auto)[iCSF/Email-CSA_FR.png]]~~
|ssTablN0|k
|>|>|>|>|>|background-color:#014; @@color:#FFF;''La galaxie CSA''@@ |
|background-color:#EEF;[img(100px,auto)[CCM|iCSA/CAOBCCM.png][CCM]]|background-color:#EEF;[img(100px,auto)[Menaces|iCSA/TopThreats_logo.png][Menaces]]|background-color:#EEF;[img(100px,auto)[CCSK|iCSA/H8UBCCSK.png][CCSK]]|background-color:#EEF;[img(100px,auto)[CAIQ|iCSA/CSA-CAI.png][CAIQ]]|background-color:#EEF;[img(100px,auto)[CCSK|iCSA/CCAK.png][CCAK]]|background-color:#EEF;|
[img(40%,1px)[iCSF/BluePixel.gif]][img[iCSF/In.png][https://www.linkedin.com/groups/3758242]] [img(40%,1px)[iCSF/BluePixel.gif]]
Lien vers le groupe ''LinkedIN'' du [[Chapitre Français]] de la [[Cloud Security Alliance]]
:→ https://www.linkedin.com/groups/3758242
^^Quelques autres groupes "Sécurité du Cloud"+++*[ici]>
* Cloud Computing, Cybersecurity, SaaS & Virtualization ⇒ https://www.linkedin.com/groups/45151/
* Cloud Technology Professionals ⇒ https://www.linkedin.com/groups/1346907/
* CyberSecurity Community ⇒ https://www.linkedin.com/groups/3799371/
* Information Security Careers Network (ISCN) ⇒ https://www.linkedin.com/groups/1368287/
* Information Security Network ⇒ https://www.linkedin.com/groups/80784/
* SaaS & Cloud Security Experts ⇒ https://www.linkedin.com/groups/122748/
* Security Experts - A Global Group ⇒ https://www.linkedin.com/groups/957667/
* The Virtualization & Cloud Computing Group ⇒ https://www.linkedin.com/groups/57400/
=== ^^
<<tiddler fAll2LiTabs10 with: PodC>>
<<QOTD RolledHeader 1852 noclick norandom>>
__[[Point de situation sur l'affaire SolarWids/SolarStorm|SolarStorm]]__ → l'actualité
----
__[[Prochaine formation CCSK en français|Prochain CCSK en français]]_ → la formation officielle CCSK de la ''Cloud Security Alliance''
----
__[[Veille Cloud et Sécurité|Dernière Veille Mensuelle]]__ → l'actualité
----
__[[Actualités CSA|Latest Actu_M]]__ → l'actualité Cloud Security Alliance France et monde
----
__[[Alertes Cloud et Sécurité|Latest Alert_M]]__ → les alertes
----
__[[Publications CSA|Latest Publ_M]]__ → les publications de la Cloud Security Alliance
----
__[[Newsletters Hebdomadaires|Latest News_M]]__ → nouveautés et veille hebdomadaire
----
__[[Blog CSA|Latest Blog_M]]__ → les articles de Blog du [[Chapitre Français]] et de la [[Cloud Security Alliance]]
----
Espace [[Slack]] du [[Chapitre Français]] : ''[[csafr.slack.com|https://CloudSecurityAlliance.fr/go/Slack]]''
<<QOTD RolledLeftCol 3704 noclick norandom>>
__[[Prochaine formation CCSK en français|Prochain CCSK en français]]_
[img(125px,auto)[CCSK|iCSA/K4PCCSK.png][http://cloudsecurityalliance.fr/go/CSPass]]
----
[img[Lien vers l'espace Slack du Chapitre Français|iCSF/Slack_ani.gif][https://CloudSecurityAlliance.fr/go/Slack]]''[[csafr.slack.com|https://CloudSecurityAlliance.fr/go/Slack]]''
----
L'espace __[[Slack]]__ du [[Chapitre|Chapitre Français]]
[[Français|Chapitre Français]] de la [[Cloud|Cloud Security Alliance]]
[[Security Alliance|Cloud Security Alliance]]
----
__Circle__
[[CSA Circle]]
[img(125px,auto)[Circle|iCSA/CircleCSA.png][https://CloudSecurityAlliance.fr/go/Circle]]
----
__Références__
[[Cloud Controls Matrix]]
[img(125px,auto)[CCM|iCSA/CAOBCCM.png][Cloud Controls Matrix]]
[img(40%,1px)[iCSF/BluePixel.gif]][img[Lien vers l'espace Slack du Chapitre Français|iCSF/Slack_ani.gif][https://CloudSecurityAlliance.fr/go/Slack]] [img(40%,1px)[iCSF/BluePixel.gif]]
Lien vers l'espace ''Slack'' du [[Chapitre Français]] de la [[Cloud Security Alliance]]
:→'' https://csafr.slack.com ''
Seuls 3 documents de la [[Cloud Security Alliance]] ont été traduits en Français.
Après revue par la communauté, ce sont des versions définitives, même si les retours de la communauté ont été très faibles, voire inexistants dans certains cas.
Mais ces documents ont le mérite d'exister grâce aux efforts et au financement de la [[Cloud Security Alliance]], alors utilisez-les !
|!Document|!Description du sujet abordé|!Version|!Format|!Lien|!Date|
|[[CCM]]|Cloud Controls Matrix|v3.0.1|.xlsx|''[[CloudSecurityAlliance.fr/go/FRCCM|https://CloudSecurityAlliance.fr/go/FRCCM/]]''|2020.05.07|
|[[CAIQ]]|Consensus Assessments Initiative Questionnaire|v3.0.1|.xlsx|''[[CloudSecurityAlliance.fr/go/FRCAIQ|https://CloudSecurityAlliance.fr/go/FRCAIQ/]]''|2020.05.07|
|[[PLA CoC|RGPD - Présentation]]|Code of Conduct Privacy Level Agreement|v3.1|.xlsx|''[[CloudSecurityAlliance.fr/go/FRPLACOC|https://CloudSecurityAlliance.fr/go/FRPLACOC/]]''|2020.05.07|
[img(40%,1px)[iCSF/BluePixel.gif]][img[Lien vers le compte Twitter du Chapitre Français|iCSF/Twitter_icon.png][https://twitter.com/cloudsaFR]] [img(40%,1px)[iCSF/BluePixel.gif]]
Lien vers le flux Twitter du [[Chapitre Français]] de la [[Cloud Security Alliance]]
:→ https://twitter.com/cloudsaFR
[img(40%,1px)[iCSF/BluePixel.gif]][img[Lien vers le compte Twitter du Chapitre Français|iCSF/Twitter_icon.png][https://twitter.com/cloudsaFR]] [img(40%,1px)[iCSF/BluePixel.gif]]
__Autres flux Twitter à suivre :__
* Flux de la [[Cloud Security Alliance]]
:→ https://twitter.com/cloudsa
* Flux ''CSACloudbytes''
:→ https://twitter.com/hashtag/CSACloudbytes
* __À lire / Must read__
* __Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages__
:» Attaques / Attacks • Incidents • Fuites de données / Leaks • Pannes / Outages
* __Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities__
:» Risques / Risks • Menaces / Threats • Vulnérabilités / Vulnerabilities
* __Bonnes Pratiques et Techniques de Détection / Best Practices, and Detection__
:» Bonnes pratiques / Best Practices • Détection / Detection
* __Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications__
:» Rapports / Reports • Sondages / Surveys • Études / Studies • Publications
* __Cloud Services Providers, Solutions et Outils / CSPs, Solutions, and Tools__
:» AWS (Amazon) • Azure (Microsoft) • GCP (Google) • Oracle • Kubernetes • Docker • Containers • Workloads • Outils / Tools
* __Conférences, Podcasts, Veilles hebdomadaires 'Cloud et Sécurité' / Conferences, Podcasts, Weekly 'Cloud and Security' Watch__
:» Conférences / Conferences • Podcasts • Veilles / Newsletters
* __Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance__
:» Juridique / Legal • Réglementation / Regulatory • Conformité / Compliance
* __Marché, Acquisitions / Market, Acquisitions__
:» Marché / Market • Acquisitions
* __Divers / Miscellaneous__
:» Privacy Shield • SASE • Zero Trust • ... • Autres / Others''
<<tabs tVeille 'Veille 2021' 'Veille 2021' [[Veille Web##2021]] 'Veille 2020' 'Veille 2020' [[Veille Web##2020]] 'Veille 2019' 'Veille 2019' [[Veille Web##2019]] 'Veille 2018' 'Veille 2018' [[Veille Web##2018]] 'Veille 201x' 'Veille 201x' [[Veille Web##201x]] >>
/%
!2021
<<tiddler fAll2Tabs7 with: _Veille21>>
!2020
<<tiddler fAll2Tabs7 with: _Veille20>>
!2019
<<tiddler fAll2Tabs7 with: _Veille19>>
!2018
<<tiddler fAll2Tabs7 with: _Veille18>>
!201x
<<tiddler fAll2Tabs7 with: _Veille1x>>
!end
%/
<<tiddler .ReplaceTiddlerTitle with: "Veille Web Cloud et Sécurité">>
Les archives sont organisées par année, de 20__''17''__ à 20__''08''__.
|ssTabl2|k
|!Dernière mise à jour du site le @@font-size:125%;@@ |!Les dernières publications |
|<<tiddler [[Accueil_L]]>> |<<tiddler [[Accueil_R]]>>
Archives du site et historique : → [[ici|Archives]] ←[img(99%,1px)[iCSF/BluePixel.gif]] |
<<tiddler .ReplaceTiddlerTitle with: [[Bienvenue sur le site du Chapitre Français de la Cloud Security Alliance]]>>
!!@@color:#014;<html><i class="fa fa-pencil-alt fa-2x" aria-hidden="true"></i></html>@@ Newsletter Hebdomadaire Cloud et Sécurité[>img(100px,auto)[iCSA/logoCSAFR.png]]
La veille active "Cloud et Sécurité" avec des nouvelles de la [[CSA]], ses publications et la revue du Web. La dernière est datée du //''<<tiddler [[LatestWeeklyFR]]>>''// et disponible ⇒__[[ici|Dernière Newsletter]]__⇐ [img(99%,4px)[iCSF/BluePixel.gif]]
!!@@color:#014;<html><i class="fa fa-users fa-2x" aria-hidden="true"></i></html>@@ Rejoignez Circle la plate-forme collaborative de la CSA
[>img(150px,auto)[iCSA/CircleCSA.png][2020.03.19 - Ouverture de la plateforme collaborative CSA Circle]]Inscrivez-vous sur [[CSA Circle]] la plateforme collaborative de la [[CSA]] en suivant [[les instructions|2020.03.19 - Ouverture de la plateforme collaborative CSA Circle]].
[img(99%,4px)[iCSF/BluePixel.gif]]
!!@@color:#014;<html><i class="fa fa-calendar-alt fa-2x" aria-hidden="true"></i></html>@@ Agenda
<<tiddler [[AgendaFR+EN]]>>[img(99%,4px)[iCSF/BluePixel.gif]]
!!@@color:#014;<html><i class="fa fa-graduation-cap fa-2x" aria-hidden="true"></i></html>@@ Formation CCSK et CCSK+ en français en mars 2021
<<tiddler [[Formations CCSK en français]]>>
[img(99%,4px)[iCSF/BluePixel.gif]]
^^<<tiddler Accueil_R_MM>>[img(99%,1px)[iCSF/BluePixel.gif]]^^
^^<<tiddler Accueil_R_MM-1>>[img(99%,1px)[iCSF/BluePixel.gif]]^^
^^<<tiddler Accueil_R_MM-2>>[img(99%,1px)[iCSF/BluePixel.gif]]^^
^^<<tiddler Accueil_R_MM-3>>[img(99%,1px)[iCSF/BluePixel.gif]]^^
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Mai 2021|2021.05.31 - Veille - Mai 2021]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
* En cours de rédaction /% <<tiddler fAll2List with: '202105","_Show_' >> %/
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Avril 2021|2021.04.30 - Veille - Avril 2021]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
* En cours de rédaction /% <<tiddler fAll2List with: '202104","_Show_' >> %/
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Mars 2021|2021.03.31 - Veille - Mars 2021]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
* En cours de rédaction /% <<tiddler fAll2List with: '202103","_Show_' >> %/
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Février 2021|2021.02.28 - Veille - Février 2021]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202102","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Janvier 2021|2021.01.31 - Veille - Janvier 2021]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202101","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Décembre 2020|2020.12.31 - Veille - Décembre 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202012","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Novembre 2020|2020.11.30 - Veille - Novembre 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202011","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Octobre 2020|2020.10.31 - Veille - Octobre 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202010","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Septembre 2020|2020.09.30 - Veille - Septembre 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202009","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Août 2020|2020.08.31 - Veille - Août 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202008","_Show_' >>
!!@@color:#014;<html><i class="fa fa-eye fa-2x" aria-hidden="true"></i></html>@@ __@@color:#009;font-size:112%;''[[Veille Web Juillet 2020|2020.07.31 - Veille - Juillet 2020]]''@@__[>img(100px,auto)[iCSA/logoCSAFR.png]]
<<tiddler fAll2List with: '202007","_Show_' >>
|ssTabl98N0|k
| {{arOund{0.C.}}}|
|ssTabl98N0|k
| {{arOund{G.B.}}}|
''Guillaume Boutisseau'' de la société de la société [img(100px,auto)[iCSF/K4CSP.png][https://CloudSecurityPass.com/]], est un "formateur certifié CCSK".
* Son attestation "''CCSK Authorized Instructor''" est consultable sur le site de la Cloud Security Alliance+++*[»]> ^^ https://cloudsecurityalliance.org/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdkVKIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--d3415bd77ff8e91832bfd76f3426ff27902b3c4a/ccsk-ttt-Guillaume-Boutisseau.pdf ^^ ===
* A ce jour, il a déjà formé plus de 175 personnes avec un taux de satisfaction des participants de 98%+++*[»]> ~~Source : https://cloudsecuritypass.com/#about ~~ ===
* Il est aussi CCSP (ISC)^^2^^ ID:552407.
Il a rédigé plusieurs articles sur le CCSK pour le Chapitre Français de la CSA :
<<tiddler fAll2List with: '_GB0","CCSK'>>
<<tabs tPoint 'COLORS' 'COLORS' [[.##COLORS]] 'TODO' 'TODO' [[.##TODO]] 'AdvOptions' 'AdvOptions' [[.##AdvOptions]] 'Dates' 'Dates' [[.##Dates]] 'LINKS' 'LINKS' [[.##LINKS]] 'URLs' 'URLs' [[.##URLs]]>>
/%
!COLORS
|>|>|>|>| @@background-color:#F00; RED #F00 @@ • @@background-color:#0F0; GREEN #0F0 @@ • @@background-color:#00F; BLUE #00F @@ |
|>|>|>|>|!|
|bgcolor:#939597; 2021 PANTONE [[17-5104 TCX|https://www.pantone.com/color-finder/17-5104-TCX]] |#939597 Ultimate Gray|
|bgcolor:#F5DF4D; 2021 PANTONE [[13-0647 TCX|https://www.pantone.com/color-finder/13-0647-TCX]] |#F5DF4D Illuminating|
|bgcolor:#0F4C81; 2020 PANTONE [[19-4052 TCX|https://www.pantone.com/color-finder/19-4052-TCX]] |#0F4C81 Classic Blue|
|>|>|>|>|!|
|bgcolor:#fff; Background |#fff Background|
|bgcolor:#000; Foreground |#000 Foreground|
|>|>|>|>|!|
|bgcolor:#8cf; PrimaryPale |#8cf PrimaryPale|
|bgcolor:#18f; PrimaryLight |#18f PrimaryLight|
|bgcolor:#04b; PrimaryMid |#04b PrimaryMid|
|bgcolor:#014; PrimaryDark |#014 PrimaryDark|
|>|>|>|>|!|
|bgcolor:#ffc; SecondaryPale |#ffc SecondaryPale|
|bgcolor:#fe8; SecondaryLight |#fe8 SecondaryLight|
|bgcolor:#db4; SecondaryMid |#db4 SecondaryMid|
|bgcolor:#841; SecondaryDark |#841 SecondaryDark|
|>|>|>|>|!|
|bgcolor:#eee; TertiaryPale |#eee TertiaryPale|
|bgcolor:#ccc; TertiaryLight |#ccc TertiaryLight|
|bgcolor:#999; TertiaryMid |#999 TertiaryMid|
|bgcolor:#666; TertiaryDark |#666 TertiaryDark|
|>|>|>|>|!|
|bgcolor:#f88; Error |#f88 Error:|
|>|>|>|>|!|
!TODO
+++*[T0D0 »] <<tiddler fAll2Tabs with: T0D0>>===
!AdvOptions
+++*[AdvancedOptions »] <<tiddler AdvancedOptions>>===
!Dates
| |!0|!1|!2|!3|!4|!5|!6|!7|!8|!9|
|!0| 0| 1| 2| 3| 4| 5| 6| 7| 8| 9|
|!1| a| b| c| d| e| f| g| h| i| j|
|!2| k| l| m| n| o| p| q| r| s| t|
|!3| u| v| w| x| y| z| A| B| C| D|
|!4| E| F| G| H| I| J| K| L| M| N|
|!5| O| P| Q| R| S| T| U| V| W| X|
|!6| Y| Z| +| =| -| (| )|‘’|“”|«»|
|>|>|>|>|>|>|>|>|>|>| « ⇐ ⇒ » |
!LINKS
+++*[CloudSecurityAlliance.org »] <html><div align="center"><iframe src="https://CloudSecurityAlliance.org" frameborder="0" width="100%" height="600"></iframe></div></html> ===
+++*[Circle »] <html><div align="center"><iframe src="https://Circle.CloudSecurityAlliance.org" frameborder="0" width="100%" height="600"></iframe></div></html> ===
!URLs
Pas d'URLs !
!end
LatestMonthlyUpdates - <<tiddler fAny2List24_2 with: 'AAAAMM","AAAAMM-1' 'Dernières mises à jour'>>
fAny2List24_2 - <<forEachTiddler where 'tiddler.tags.containsAny(["$1"])' sortBy 'tiddler.title.toUpperCase()' descending write '(index < 24) ? "• "+tiddler.title.substr(0,10)+" → [["+tiddler.title.substr(13,254)+"|"+tiddler.title+"]].\n" : ""' begin '"!!Date & $2\n"' end '""' none '"* Aucune publication\n"'>>
a - (a)rtefacts
b - (b)log
c - (c)onference
d - (d)rafts/request4comments
p - (p)ublications
r - press (r)eleases
w - webcast
x - (x) CSA URL - blog copy'n'paste
z - (z) Initial URLs
%/
|>|>|>|!Nomenclature / References|
|!MITRE ATT&CK|>|>|ID:''[[G0118|https://attack.mitre.org/groups/G0118/]]'' (UNC2452) +++^*[Détails] <<tiddler [[KSolarMitre]]>>=== |
|!Menaces/Malware #1|FireEye : ''Sunburst'' (//backdoor//)|Microsoft : ''Solorigate''|
|!Menaces/Malware #2|FireEye : ''Teardrop'' (//dropper//, //post-exploitation//)|
|!Menaces/Malware #3|Crowdstrike : ''Sunspot'' (//implant//)|
|!Menaces/Malware #4|Palo Alto : ''SuperNova'' (//webshell//)|
|!Menaces/Malware #5|Symantec : ''Raindrop'' (//loader//)|
|!Menaces/Malware #6|FireEye : ''Sunshuttle''(//C2 backdoor//)|(similaire à GoldMax ?)|
|!Menaces/Malware #7|Microsoft : ''GoldMax'' (//C2 backdoor//)|(similaire à Sunshuttle ?)|
|!Menaces/Malware #8|Microsoft : ''Sibot'' (//persistence//, //downloader//)|
|!Menaces/Malware #9|Microsoft : ''GoldFinder'' (//man-in-the-middle detector//)|
|!Vulnerabilité(s)|''CVE-2020-10148''|''CVE-2020-14005''|''CVE-2020-27869''|
|!Outils d'attaque|''AdFind''|''Cobalt Strike''|''Mimikatz''|
|~|''CVE-2020-27870''|''CVE-2020-27871''|''Golden SAML''|
|!Similarités de code|''Kazuar''|''7-zip''|
|!Groupe(s) d'attaquants
//"attribution"//|FireEye : ''UNC2452''|Palo Alto : ''SolarStorm''|Volexity : ''Dark Halo''|
|~|Microsoft : ''Nobelium''|CrowdStrike : ''StellarParticle''|Recorded Future : ''APT 29'' ou ''APT 41''|
|~|>||Média : ''APT 29'' / ''Cozy Bear''|
|>|>|>||
|>|>|>|!Synthèse / Summary|
|>|<<tiddler KSolarExecFR>> |>|<<tiddler KSolarExecEN>> |
|>|>|>||
|>|>|>|!Contre-mesures / Counter measurements|
|>|<<tiddler KSolarCounterFR>> |>|<<tiddler KSolarCounterEN>> |
!Principales dates
|2019.08.06|Attaquants|Début de constitution de l'infrastructure d'attaque| [img(500px,auto)[iCSF/L1BSW.jpg]]
Source : [[Blog SolarWinds du 11.01.2021|https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/]][img(75%,1px)[iCSF/BluePixel.gif]][img(500px,auto)[iCSF/KCOPA.jpg]]
Source : [[Blog Palo Alto Networks du 24.12.2020|https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/]][img(75%,1px)[iCSF/BluePixel.gif]] |
|2019.10.26|Attaquants|Premières traces de compromission du code de Solarwinds Orion|~|
|!2020.03|Attaquants|!Début de la diffusion de mises à jour compromises de Solarwinds Orion|~|
|!2020.06|Attaquants|!Fin de la diffusion de mises à jour compromises de Solarwinds Orion|~|
|!2020.12.08|//FireEye//|!Annonce de la compromission et mise à disposition d'IOCs|~|
|2020.12.13|//FireEye//|Diffusion du rapport détaillé de FireEye sur la compromission|~|
|2020.12.15|//SolarWinds//|Diffusion du premier avis de sécurité par Solarwinds|~|
|2020.12.15|//SolarWinds//|Diffusion des premiers correctifs par Solarwinds|~|
|2020.12.16|//Microsoft//|Mise à jour de //Defender// pour détecter les binaires Orion malveillants|~|
|2020.12.16|//Microsoft//|Mise en évidence de compromission exploitant //Microsoft Azure//|~|
|2020.12.24|//Palo Alto Networks//|[[Publication d'une chronologie de l'attaque|https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/]] qui fait remonter la préparation de l'attaque à au moins août 2019 et une phase de compromission active à mars 2020|~|
|!2020.12.24|CISA|!Diffusion de l'utilitaire [[Sparrow|https://github.com/cisagov/Sparrow]].ps1, un outil pour détecter des comptes et des applications potentiellement comprimis dans les environnement Azure/M365|~|
|!2020.12.24|//CrowdStrike//|!Diffusion de l'outil [[CRT for Azure|https://github.com/CrowdStrike/CRT]]|~|
|2021.01.12|@@color:#F00;solarleaks[.]net@@|Site proposant à la vente des données soit-disant exfiltrées lors de l'attaque|~|
!Cibles Solarwinds
Extrait de l'avis de SolarWinds, dont la dernière mise à jour date du 24 décembre 2020
SolarWinds a établi que les versions compromises sont les suivantes :
* plateforme 2019.4 HF5, version 2019.4.5200.9083
* plateforme 2020.2 RC1, version 2020.2.100.12219
* plateforme 2020.2 RC2, version 2020.2.5200.12394
* plateforme 2020.2, 2020.2 HF1, version 2020.2.5300.12432
Par ailleurs, ''les systèmes qui ont, à un moment donné, exécuté l'une des versions compromises de SolarWinds mentionnées ci-dessous devraient être analysés pour détecter tout signe de compromission''.
Les dernières versions non vulnérables à SUNBURST ou SUPERNOVA sont ls suivantes :
* plateforme 2019.4 HF 6 (diffusé le 14.12.2020)
* plateforme 2020.2.1 HF 2 (diffusé le 15.12.2020)
* plateforme 2019.2 SUPERNOVA Patch (diffusé le 23.12.2020)
* plateforme 2018.4 SUPERNOVA Patch (diffusé le 23.12.2020)
* plateforme 2018.2 SUPERNOVA Patch (diffusé le 23.12.2020)
!Prévention
* appliquer les correctifs suivants :
** Plate-forme Orion v2020.2 sans correctif ou 2020.2 HF 1 : ''mise à niveau vers la plate-forme Orion version 2020.2.1 HF 2''.
** La version 2020.2.1 HF 2 sans correctif est désormais disponible sur le +++^*[portail client SolarWinds] https://customerportal.solarwinds.com ===.
** Plate-forme Orion v2019.4 HF 5 : mise à jour vers 2019.4 HF 6
* Analyser et éventuellement bloquer l'accès aux serveurs C2 comme décrit dans les différentes analyses et avis de sécurité.
!Vecteurs potentiels d'attaque
* d'après __Volexity__ : observation d'une nouvelle technique pour contourner l'authentification multi-facteur (MFA) //Duo Security// visant à accéder à la boîte aux lettres d'un utilisateur via le service //Outlook Web App// (//OWA//)
* d'après __Palo Alto Networks__ : identification d'une deuxième porte dérobée appelée SUPERNOVA et utilisée dans certains cas. Il s'agirait d'une un "code encoquillé" (//WebShell//) déposé et exécuté via l'exploitation d'une vulnérabilité
* le __CISA__ signale qu'elle enquête sur d'autres vecteurs d'accès initial comme l'utilisation d'un "Golden SAML", qui a été décrit plus en détail par //Sygnia//
* d'après __Brian Krebs__: un vecteur pourrait avoir été une faille signalée précédemment dans VMware (non confirmé)
* la __NSA__ a publié un rapport, décrivant deux techniques utilisées pour faire passer l'accès des réseaux locaux compromis à une infrastructure basée sur le cloud.
* __Crowdstrike__ et __Microsoft__ ont identifié que SolarWinds pourrait avoir été compromis via le compte Azure Cloud de Microsoft d'un revendeur.
!Les victimes
Faire a liste des victimes n'est pas un axe de recherche de cet article, sauf si elles ont un lien avec le Cloud.
Cela explique que les informations ci-dessous ''ne sont pas exhaustives et n'ont pas vocation à l'être''.
* Etats-Unis : ^^[[U.S. Department of the Treasury|https://www.reuters.com/article/BigStory12/idUSKBN28N0PG]] • [[U.S. Department of Commerce|https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html]] • [[U.S. National Telecommunications and Information Administration (NTIA)|https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html]] • [[U.S. Department of State|https://www.washingtonpost.com/national-security/dhs-is-third-federal-agency-hacked-in-major-russian-cyberespionage-campaign/2020/12/14/41f8fc98-3e3c-11eb-8bc0-ae155bee4aff_story.html]] • [[The National Institutes of Health (NIH)|https://www.washingtonpost.com/national-security/dhs-is-third-federal-agency-hacked-in-major-russian-cyberespionage-campaign/2020/12/14/41f8fc98-3e3c-11eb-8bc0-ae155bee4aff_story.html]] • [[U.S. Department of Homeland Security (DHS)|https://www.washingtonpost.com/national-security/dhs-is-third-federal-agency-hacked-in-major-russian-cyberespionage-campaign/2020/12/14/41f8fc98-3e3c-11eb-8bc0-ae155bee4aff_story.html]] • [[U.S. Department of Energy (DOE)|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/]] • [[U.S. National Nuclear Security Administration (NNSA)|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/]] • [[Quelques états|https://www.bloomberg.com/news/articles/2020-12-17/u-s-states-were-also-hacked-in-suspected-russian-attack]]^^
* Canada : ^^[[City of Kingston, Ontario, Canada|https://www.netresec.com/?page=Blog&month=2020-12&post=Reassembling-Victim-Domain-Fragments-from-SUNBURST-DNS]]^^
Le 25 janvier 2021, NetreseC a identifié 23 victimes en faisant une analyse DNS : +++^*[détails]
Titre : Twenty-three SUNBURST Targets Identified
Lien → https://www.netresec.com/?page=Blog&month=2021-01&post=Twenty-three-SUNBURST-Targets-Identified
Noms de domaines Active Directory internes : central.pima.gov, cisco.com, corp.qualys.com, coxnet.cox.com, ddsn.gov fc.gov fox.local ggsg-us.cisco.com, HQ.FIDELIS, jpso.gov lagnr.chevrontexaco.net logitech.local los.local mgt.srb.europa*, ng.ds.army.mil nsanet.local paloaltonetworks*, phpds.org scc.state.va.us, suk.sas.com vgn.viasatgsd.com wctc.msft WincoreWindows.local ===.
![img(30px,auto)[iCSF/Francais.gif]]Synthèse de la situation
La société ''FireEye'' a annoncé le ''8 décembre 2020'' avoir été victime d'une attaque menée par des acteurs étatiques de type APT (//Advanced Persistant Threat//).
Lors de son analyse, elle a découvert :
* que les outils utilisés par ses équipes de tests d'intrusion avaient été accédés et compromis
* que son origine était liée à une mise à jour logicielle malveillante de la plateforme ''SolarWinds Orion'', soit une attaque de la chaîne d'approvisionnement (//Supply-Chain//).
** SolarWinds est une plateforme de gestion des actifs qui est utilisée par environ 300.000 clients dans le monde, dont de nombreuses entités qui gèrent des infrastructures critiques, et que 18.000 d'entre eux auraient seraient victimes de cette attaque.
* qu'il s'agissait d'une attaque massive qui affectait de nombreuses autres entreprises et administrations gouvernementales et militaires, notamment américaines.
Plusieurs correctifs pour la plateforme //SolarWinds Orion// sont disponibles et les binaires malveillants sont détectés et supprimés, notamment par //Microsoft Defender//.
L'infrastructure d'attaque C2 a été saisie par Microsoft et est maintenant utilisé comme un mécanisme de type "Killswitch" pour la rendre inopérante.
Compte-tenu de la grande complexité de l'attaque, les analyses sont toujours en cours, et ont mis en évidence :
* qu'il y avait d'autres vecteurs initiaux d'attaque et d'accès
* l'existence d'au moins une deuxième porte dérobée utilisée dans certains cas, ce qui tendrait à indiquer la présence d'un deuxième groupe d'attaquants.
** un code d'exploitation de démonstration (//Proof of Concept//) est disponible
* ''la compromission d'environnements Active Directory, AzureAD et M365''
* ''la compromission initiale de la société Solarwinds se serait produite au travers d'un revendeur Microsoft Azure''
* ''l'exploitation de la vulnérabilité 'Golden SAML' (découverte fin 2017'')
Le 12 janvier 2021, le site //@@color:#F00;solarleaks[.]net@@// apparaît et annonce proposer à la vente des données soit-disant exfiltrées lors de l'attaque.
Outre les onglets suivants, il y a des liens vers les analyses et les IOCs les plus pertinents sur le +++^*[GitHub du The Center for Threat-Informed Defense] [>img(100px,100px)[iCSF/MECTID.jpg]] https://github.com/center-for-threat-informed-defense === qui traite de ''+++^*[Solarigate] https://github.com/center-for-threat-informed-defense/public-resources/tree/master/solorigate ===''.
![img(30px,auto)[iCSF/Anglais.gif]]Status
On ''December 8th, 2020'' ''FireEye'' declared being victim of an state-sponsored attack APT (//Advanced Persistent Threat//).
Analysis showed that:
* the tools used by its Red Team pen-testers had been accessed and compromised
* it originated from a malicious software update of the ''SolarWinds Orion'' platform, a //Supply-Chain// attack.
** SolarWinds is an asset management platform that is used by approximately 300,000 customers worldwide, including many entities that manage critical infrastructure, of which 18,000 are believed to have fallen victim to this attack.
* this was a massive attack that affected many other companies and government and military agencies, including the United States.
Several patches for the SolarWinds Orion platform are available and malicious binaries are detected and removed, including by Microsoft Defender.
The C2 attack infrastructure was seized by Microsoft and is now being used as a "Killswitch" mechanism to render it inoperable.
Given the high complexity of the attack, analyses are still in progress, and have highlighted:
* that there were other initial attack and access vectors
* the existence of at least a second back door used in some cases, which would tend to indicate the presence of a second attacking group.
** a Proof of Concept is available
* ''Compromising Active Directory, AzureAD and M365 environments ''
* ''the initial compromise of Solarwinds would have occurred through a Microsoft Azure reseller''
* ''exploitation of the 'Golden SAML' vulnerability (discovered at the end of 2017)''
On January 12th 2021, the //@@color:#F00;solarleaks[.]net@@// Web site puts on sale allegedly exfiltrated data during the attack.
along with links in the next tabs, some analysis and IOCs are also listed in the +++^*[GitHub of the The Center for Threat-Informed Defense] [>img(100px,100px)[iCSF/MECTID.jpg]] https://github.com/center-for-threat-informed-defense === dealing with ''+++^*[Solarigate] https://github.com/center-for-threat-informed-defense/public-resources/tree/master/solorigate ===''.
![img(30px,auto)[iCSF/Francais.gif]]Contre-mesures
* Application des correctifs sur les +++^*[systèmes vulnérables Solarwinds] <<tiddler [[KSolarTargets]]>> ===
* Détecter les outils FireEye compromis à partir des indicateurs de compromission (//IOC//) disponibles
* Recherche de compromission (//Threat Hunting//) sur tous les composants concernés, y compris dans Microsoft Azure
* Utilisation des +++^*[outils] <<tiddler [[KSolarTools]]>> === mis à disposition par le //CISA//, //CrowdStrike// et autres
* Consulter les principaux avis et blogs +++^*[officiels] <<tiddler [[KSolarOfficial]]>> === ou +++^*[d'éditeurs et de chercheurs] <<tiddler [[KSolarOthers]]>> === riches d'enseignements
![img(30px,auto)[iCSF/Anglais.gif]]Countermeasurement
* Enforce patching on +++^*[vulnerable Solarwinds systems] <<tiddler [[KSolarTargets]]>> ===
* Detecter compromissed FireEye tools based on the available //IOCs//
* Perform //Threat Hunting// on all components, including Microsoft Azure
* Use available +++^*[detection tools] <<tiddler [[KSolarTools]]>> === from //CISA//, //CrowdStrike//, and others
* Watch out for advisories and blog posts from +++^*[official] <<tiddler [[KSolarOfficial]]>> === or +++^*[primary or secondary] <<tiddler [[KSolarOthers]]>> === sources
!Avis officiels d'agences de sécurité / Cyber Security Agencies Advisories
|>|>|>|bgcolor:#F5DF4D;Ce fond indique des mises à jour du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|bgcolor:#F5DF4D;2021.02.08|CISA|![[Malware Analysis Report (AR21-039A) MAR-10318845-1.v1 - SUNBURST|https://us-cert.cisa.gov/ncas/analysis-reports/ar21-039a]], [[IOCs (MAR-10318845-1.v1.stix)|https://us-cert.cisa.gov/sites/default/files/publications/MAR-10318845-1.v1.WHITE_stix.xml]]|
|bgcolor:#F5DF4D;2021.02.08|CISA|![[Malware Analysis Report (AR21-039B) MAR-10320115-1.v1 - TEARDROP|https://us-cert.cisa.gov/ncas/analysis-reports/ar21-039b]], [[IOCs (MAR-10320115-1.v1.stix)|https://us-cert.cisa.gov/sites/default/files/publications/MAR-10320115-1.v1.WHITE_stix.xmll]]|
|>|>|>|!|
|bgcolor:#F5DF4D;2021.01.27|CISA|![[Malware Analysis Report (AR21-027A) MAR-10319053-1.v1 - Supernova|https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a]], [[IOCs (MAR-10319053-1.v1.stix)|https://us-cert.cisa.gov/sites/default/files/publications/MAR-10319053-1.v1.WHITE_stix.xml]]|
|>|>|>|!|
|bgcolor:#F5DF4D;2021.01.07|CISA|![[AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations|https://us-cert.cisa.gov/ncas/alerts/aa20-352a]] (mise à jour) |
|~|~| → publication initiale : 2020.12.17|
|>|>|>|!|
|bgcolor:#F5DF4D;2021.02.04|CERT-EU|[[Critical Vulnerabilities in SolarWinds Orion Platform (CERT-EU Security Advisory 2021-008)|https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-008.pdf]]|
|bgcolor:#F5DF4D;2021.02.04|CISA|![[Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments |https://us-cert.cisa.gov/ncas/alerts/aa21-008a]] |
|~|~| → publication initiale : 2021.01.08|
|>|>|>|!|
|bgcolor:#F5DF4D;2021.01.28|CERT/CC|!VU#843464 [[SolarWinds Orion API authentication bypass allows remote command execution|https://kb.cert.org/vuls/id/843464]] (màj)|
|bgcolor:#F5DF4D;2021.01.27|CISA|[[CISA Malware Analysis on Supernova|https://us-cert.cisa.gov/ncas/current-activity/2021/01/27/cisa-malware-analysis-supernova]]|
|bgcolor:#F5DF4D;2021.01.27|CISA|![[Malware Analysis Report (AR21-027A) MAR-10319053-1.v1 - Supernova|https://us-cert.gov/ncas/analysis-reports/ar21-027a]], [[IOCs (MAR-10319053-1.v1.stix)|https://us-cert.cisa.gov/sites/default/files/publications/MAR-10319053-1.v1.WHITE_stix.xm]]|
|>|>|>|!|
|2021.01.14|CERT/CC|!VU#843464 [[SolarWinds Orion API authentication bypass allows remote command execution|https://kb.cert.org/vuls/id/843464]] (obsolète)|
|~|~| → publication initiale : 2020.12.24|
|>|>|>|!|
|2021.01.07|CERT-FR[>img[iCSF/flag_fr.png]]|CERTFR-2020-ALE-026 : [[Présence de code malveillant dans SolarWinds Orion|https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-026/]]|
|~|~| → publication initiale : 2020.12.23|
|2021.01.06|US Department of Justice|[[Department of Justice Statement on Solarwinds Update|https://www.justice.gov/opa/pr/department-justice-statement-solarwinds-update]]|
|2021.01.05|CISA|[[Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)|https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure]]|
|>|>|>|!|
|2020.12.30|CISA|![[CISA Releases Free Detection Tool for Azure/M365 Environment|https://us-cert.cisa.gov/ncas/current-activity/2020/12/24/cisa-releases-free-detection-tool-azurem365-environment]] |
|~|~| → publication initiale : 2020.12.24|
|2020.12.30|Centre Canadien pour la Cybersécurité[>img[iCSF/flag_fr.png]]|AL20-031 : [[Recommandations relatives à la compromission de la chaîne d'approvisionnement SolarWinds|https://cyber.gc.ca/fr/avis/recommandations-relatives-la-compromission-de-la-chaine-dapprovisionnement-solarwinds]] ([[English|https://cyber.gc.ca/en/alerts/recommendations-solarwinds-supply-chain-compromise]])|
|~|~| → publication initiale : 2020.12.24|
|>|>|>|!|
|2020.12.26|CERT/CC|!VU#843464 [[SolarWinds Orion API authentication bypass allows remote command execution|https://kb.cert.org/vuls/id/843464]] (obsolète)|
|>|>|>|!|
|2020.12.23|DHS|[[Supply Chain Compromise|https://www.cisa.gov/supply-chain-compromise]]|
|2020.12.23|DHS|[[What Every Leader Needs to Know About the Ongoing APT Cyber Activity|https://www.cisa.gov/sites/default/files/publications/CISA%20Insights%20-%20What%20Every%20Leader%20Needs%20to%20Know%20About%20the%20Ongoing%20APT%20Cyber%20Activity%20-%20FINAL_508.pdf]]|
|2020.12.23|CISA|[[CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity|https://us-cert.cisa.gov/ncas/current-activity/2020/12/23/cisa-releases-cisa-insights-and-creates-webpage-ongoing-apt-cyber]]|
|>|>|>|!|
|2020.12.22|ICO (UK)|[[UK organisations using SolarWinds Orion platform should check whether personal data has been affected|https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/12/uk-organisations-using-solarwinds-orion-platform-should-check-whether-personal-data-has-been-affected/]]|
|2020.12.19|CISA|[[CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise|https://us-cert.cisa.gov/ncas/current-activity/2020/12/19/cisa-updates-alert-and-releases-supplemental-guidance-emergency]]|
|2020.12.17|CISA|[[NSA Releases Cybersecurity Advisory on Detecting Abuse of Authentication Mechanisms|https://us-cert.cisa.gov/ncas/current-activity/2020/12/17/nsa-releases-cybersecurity-advisory-detecting-abuse-authentication]]|
|2020.12.17|CISA|AA20-352A: [[Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations|https://us-cert.cisa.gov/ncas/alerts/aa20-352a]]|
|2020.12.17|NSA|[[Detecting Abuse of Authentication Mechanisms|https://media.defense.gov/2020/Dec/17/2002554125/-1/-1/0/AUTHENTICATION_MECHANISMS_CSA_U_OO_198854_20.PDF]]|
|2020.12.16|CISA|[[Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI)|https://www.cisa.gov/news/2020/12/16/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure]]|
|2020.12.14|CERT-FR[>img[iCSF/flag_fr.png]]|[[Présence de code malveillant dans SolarWinds Orion|https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-026/]]|
|>|>|>|!|
|2020.12.13|DHS|![[Mitigate SolarWinds Orion Code Compromise|https://cyber.dhs.gov/ed/21-01/]] |
|2020.12.13|CISA|[[CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products|https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network]]|
|2020.12.13|CISA|[[Active Exploitation of SolarWinds Software|https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software]]|
!Sources primaires : chercheurs en cybersécurité / Primary sources : cybersecurity researchers
|>|>|>|bgcolor:#F5DF4D;Ce fond indique des mises à jour ''pertinentes'' du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.26|//Microsoft//|[[Microsoft Open Sources CodeQL Queries Used To Hunt For Solorigate Activity|https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.22|//FireEye//|![[Light in the Dark: Hunting for SUNBURST|http://www.fireeye.com/blog/products-and-services/2021/02/light-in-the-dark-hunting-for-sunburst.html]] |
|!|>|>||
|bgcolor:#F5DF4D;2021.02.18|//Microsoft//|![[Microsoft Internal Solorigate Investigation – Final Update|https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/]] |
|bgcolor:#F5DF4D;2021.02.18|//Microsoft//|![[Turning the page on Solorigate and opening the next chapter for the security community|https://www.microsoft.com/security/blog/?p=92881]] |
|!|>|>||
|bgcolor:#F5DF4D;2021.02.17|NetreseC|![[Targeting Process for the SolarWinds Backdoor|https://www.netresec.com/?page=Blog&month=2021-02&post=Targeting-Process-for-the-SolarWinds-Backdoor]] |
|!|>|>||
|bgcolor:#F5DF4D;2021.02.05|Bernard Ourghanlian|![[L’affaire Solarwinds et quelques réflexions sur la sécurité de la chaine d’approvisionnement du logiciel|https://www.linkedin.com/pulse/laffaire-solarwinds-et-quelques-r%C3%A9flexions-sur-la-de-du-ourghanlian/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.05|SANS|![[SolarWinds - A SANS Lightning Summit Recap|https://www.sans.org/blog/solarwinds-sans-lightning-summit-recap]] |
|!|>|>||
|bgcolor:#F5DF4D;2021.02.04|//Duo Security//|[[SolarWinds Patches Two New Flaws in Orion|https://duo.com/decipher/solarwinds-patches-two-new-flaws-in-orion]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.03|Reuters|![[Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources|https://www.reuters.com/article/us-cyber-solarwinds-china-idUSKBN2A22K8]] |
|bgcolor:#F5DF4D;2021.02.03|//Trustwave//|[[Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities|https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/]]|
|bgcolor:#F5DF4D;2021.02.03|//Checkpoint Software//|[[SolarWinds Explained|https://research.checkpoint.com/2021/solarwinds-explained/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.02|Wall Street Journal|[[Hackers Lurked in SolarWinds Email System for at Least 9 Months, CEO Says|https://www.wsj.com/articles/hackers-lurked-in-solarwinds-email-system-for-at-least-9-months-ceo-says-11612317963]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.02.01|//Qualys//|[[Unpacking the CVEs in the FireEye Breach – Start Here First|https://blog.qualys.com/vulnerabilities-research/2021/02/01/unpacking-the-fireeye-breach-start-here-first]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.01.29|//SolarWinds//|![[SolarWinds Security Advisory|https://www.solarwinds.com/securityadvisory]] (màj)|
|bgcolor:#F5DF4D;2021.01.29|//Mnemonic//|[[Threat Advisory: SolarWinds Supply Chain Compromise|https://www.mnemonic.no/blog/threat-advisory-solarwinds/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.01.28|//Checkpoint Software//|![[Deep into the SunBurst Attack|https://research.checkpoint.com/2021/deep-into-the-sunburst-attack/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.01.27|CISA|![[Malware Analysis Report (AR21-027A) MAR-10319053-1.v1 - Supernova|https://us-cert.gov/ncas/analysis-reports/ar21-027a]], [[IOCs (MAR-10319053-1.v1.stix)|https://us-cert.cisa.gov/sites/default/files/publications/MAR-10319053-1.v1.WHITE_stix.xm]]|
|bgcolor:#F5DF4D;2021.01.27|MITRE ATT&CK|![[Identifying UNC2452-Related Techniques for ATT&CK|https://medium.com/mitre-attack/identifying-unc2452-related-techniques-9f7b6c7f3714]] (màj) |
|bgcolor:#F5DF4D;2021.01.27|//Domain Tools//|[[73. SUNBURST on the Scene|https://www.domaintools.com/resources/podcasts/73-sunburst-on-the-scene]] ([[podcast|https://soundcloud.com/breakingbadness/73-sunburst-on-the-scene]])|
|bgcolor:#F5DF4D;2021.01.27|//SentinelOne//|[[Inside the Mind of the SUNBURST Adversary|https://www.sentinelone.com/blog/inside-the-mind-of-the-sunburst-adversary/]] (podcast)|
|bgcolor:#F5DF4D;2021.01.27|//Checkpoint Software//|[[Are your Endpoints Affected by the SolarWinds Sunburst Attack?|https://blog.checkpoint.com/2021/01/27/are-your-endpoints-affected-by-the-solarwinds-sunburst-attack/]]|
|!|>|>||
|bgcolor:#F5DF4D;2021.01.26|Institute for Critical Infrastructure Technology|[[Lessons Learned from NASA: Operating in a Compromised Environment – Trusted Recovery from the SolarWinds Breach|https://icitech.org/operating-in-a-compromised-environment-solarwinds/]] ([[Rapport|https://secureservercdn.net/166.62.108.22/5kb.d9b.myftpupload.com/wp-content/uploads/2021/01/Operating-in-a-CompEnviron_SolarWinds_Case-Study_Jerry_Davis.pdf]])|
|!|>|>||
|bgcolor:#F5DF4D;2021.01.25|MITRE|![[UNC2452|https://attack.mitre.org/groups/G0118/]] (màj)|
|bgcolor:#F5DF4D;2021.01.25|//NetreseC//|![[Twenty-three SUNBURST Targets Identified|https://www.netresec.com/?page=Blog&month=2021-01&post=Twenty-three-SUNBURST-Targets-Identified]] |
|!|>|>||
|bgcolor:#F5DF4D;2021.01.22|//DomainTools//|[[Change in Perspective on the Utility of SUNBURST-related Network Indicators|https://www.domaintools.com/resources/blog/change-in-perspective-on-the-utility-of-sunburst-related-network-indicators]]|
|bgcolor:#F5DF4D;2021.01.22|SANS|[[Solar Winds of Change|http://www.sans.org/cyber-security-summit/archives/download/34615]] (après incription)|
|bgcolor:#F5DF4D;2021.01.22|SANS|[[SUNBURST: DGA or DNS Tunneling|http://www.sans.org/cyber-security-summit/archives/download/34740]] (après incription)|
|bgcolor:#F5DF4D;2021.01.22|SANS|[[Post Mortem: The First 72 Hours of SUNBURST Threat Intelligence Research|http://www.sans.org/cyber-security-summit/archives/download/34695]] (après incription)|
|bgcolor:#F5DF4D;2021.01.22|//Symantec//|![[SolarWinds: How Sunburst Sends Data Back to the Attackers|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-sending-data]]|
|bgcolor:#F5DF4D;2021.01.22|//SOC Prime//|[[New Raindrop Malware Connected to SolarWinds Breach|https://socprime.com/blog/new-raindrop-malware-connected-to-solarwinds-breach/]]|
|!|>|>||
|2021.01.21|//Zero Day Initiative//|[[Three Bugs in Orion’s Belt: Chaining Multiple bugs for Unauthenticated RCE in the SolarWinds Orion Platform|https://www.thezdi.com/blog/2021/1/20/three-bugs-in-orions-belt-chaining-multiple-bugs-for-unauthenticated-rce-in-the-solarwinds-orion-platform]]|
|2021.01.21|//LogRythm//|[[Windows Certificate Export Detections Inspired By The Solarwinds Compromise By Fireeyes Identifier Unc2452|https://logrhythm.com/windows-certificate-export-detections-inspired-by-the-solarwinds-compromise-by-fireeyes-identifier-unc2452/]]|
|!|>|>||
|2021.01.20|//Microsoft//|[[Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop|https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/]]|
|2021.01.20|//Crowdstrike//|[[Stellar Performances: How CrowdStrike Machine Learning Handles the SUNSPOT Malware|https://www.crowdstrike.com/blog/stellar-performances-how-crowdstrike-machine-learning-handles-the-sunspot-malware/]]|
|!|>|>||
|2021.01.19|//FireEye//|![[Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452|https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html]]|
|2021.01.19|//FireEye//| → Whitepaper [[Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452|https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/wp-m-unc2452-2021-000343-01.pdf]]|
|2021.01.19|//Malwarebytes//|[[Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments|https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/]]|
|2021.01.19|//Duo Security//|[[New Raindrop Tool Tied to SolarWinds Attackers|https://duo.com/decipher/new-raindrop-tool-tied-to-solarwinds-attackers]]|
|!|>|>||
|2021.01.18|//Symantec//|![[Raindrop: New Malware Discovered in SolarWinds Investigation|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware]]|
|!|>|>||
|2021.01.15|//Symantec//|![[SolarWinds: Insights into Attacker Command and Control Process|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-command-control]]|
|!|>|>||
|2021.01.14|//Domain Tools//|![[The Devil's in the Details: SUNBURST Attribution|https://www.domaintools.com/resources/blog/the-devils-in-the-details-sunburst-attribution]] |
|2021.01.14|//Trusted Sec//|[[RisingSun: Decoding SUNBURST C2 to Identify Infected Hosts Without Network Telemetry|https://www.trustedsec.com/blog/risingsun-decoding-sunburst-c2-to-identify-infected-hosts-without-network-telemetry/]]|
|2021.01.14|//Microsoft//|[[Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender|https://www.microsoft.com/security/blog/2021/01/14/increasing-resilience-against-solorigate-and-other-sophisticated-attacks-with-microsoft-defender/]]|
|!|>|>||
|2021.01.13|//Logrhythm//|[[Sunspot Malware Scoured Servers for SolarWinds Builds That it Could Weaponize|https://logrhythm.com/in-the-news/sunspot-malware-scoured-servers-for-solarwinds-builds-that-it-could-weaponize/]]|
|!|>|>||
|2021.01.13|//Domain Tools//|Podcast [[71. Throwing Caution to the SolarWinds|https://www.domaintools.com/resources/podcasts/71-throwing-caution-to-the-solarwinds]]|
|2021.01.13|//Domain Tools//|[[SolarWinds: Between The Clouds|https://blog.radware.com/security/cloudsecurity/2021/01/solarwinds-between-the-clouds/]]|
|!|>|>||
|2021.01.12|Brian Krebs|[[SolarWinds: What Hit Us Could Hit Others|https://krebsonsecurity.com/2021/01/solarwinds-what-hit-us-could-hit-others/]]|
|2021.01.12|//Cisco//|[[Cisco Event Response: SolarWinds Orion Platform Software Attack|https://tools.cisco.com/security/center/resources/solarwinds_orion_event_response]]|
|2021.01.12|//Rapid7//|[[Update on SolarWinds Supply-Chain Attack: SUNSPOT and New Malware Family Associations|https://blog.rapid7.com/2021/01/12/update-on-solarwinds-supply-chain-attack-sunspot-and-new-malware-family-associations/]]|
|!|>|>||
|2021.01.11|//SolarWinds//|![[New Findings From Our Investigation of SUNBURST|https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/]] |
|2021.01.11|//Kaspersky//|![[Sunburst backdoor – code overlaps with Kazuar|https://securelist.com/sunburst-backdoor-kazuar/99981/]] |
|2021.01.11|//Threatpost//|[[SolarWinds Hack Potentially Linked to Turla APT|https://threatpost.com/solarwinds-hack-linked-turla-apt/162918/]]|
|2021.01.11|//CrowdStrike//|![[SUNSPOT: An Implant in the Build Process|https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/]] |
|2021.01.11|//Recorded Future//|[[SolarWinds: The CSO Perspective|https://www.recordedfuture.com/solarwinds-cso-perspective/]]|
|2021.01.11|//Recorded Future//|[[SolarWinds Orion Breach – What It Means for the Industry Writ Large|https://www.recordedfuture.com/podcast-episode-191/]] (podcast)|
|2021.01.11|//NetreseC//|![[Robust Indicators of Compromise for SUNBURST|https://www.netresec.com/?page=Blog&month=2021-01&post=Robust-Indicators-of-Compromise-for-SUNBURST]] |
|!|>|>||
|2021.01.08|//Splunk//|[[A Golden SAML Journey: SolarWinds Continued|https://www.splunk.com/en_us/blog/security/a-golden-saml-journey-solarwinds-continued.html]]|
|!|>|>||
|2021.01.07|Solarwinds|[[FAQ: Security Advisory|https://www.solarwinds.com/securityadvisory/faq]]|
|2021.01.07|//DarkTrace//|[[Dissecting the SolarWinds hack without the use of signatures|https://www.darktrace.com/en/blog/dissecting-the-solar-winds-hack-without-the-use-of-signatures/]]|
|2021.01.07|//SentinelOne//|[[SentinelOne Releases Free SUNBURST Attack Identification Assessment Tool|https://www.businesswire.com/news/home/20210105005647/en/SentinelOne-Releases-Free-SUNBURST-Attack-Identification-Assessment-Tool]]|
|2021.01.07|//SentinelOne//| → [[SolarWinds Countermeasures|https://github.com/SentineLabs/SolarWinds_Countermeasures]]|
|2021.01.07|//Symantec//|![[SolarWinds: How a Rare DGA Helped Attacker Communications Fly Under the Radar|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-unique-dga]]|
|!|>|>||
|2021.01.04|//Qualys//|[[Technical Deep Dive Into SolarWinds Breach|https://blog.qualys.com/vulnerabilities-research/2021/01/04/technical-deep-dive-into-solarwinds-breach]]|
|2020.01.04|//Duo Security//|[[SolarWinds Attackers Accessed, But Did Not Modify, Microsoft Source Code|https://duo.com/decipher/solarwinds-attackers-accessed-but-did-not-modify-microsoft-source-code]]|
|!|>|>||
|2021.01.25|^^MITRE^^|!^^[[UNC2452|https://attack.mitre.org/groups/G0118/]]^^|
|2021.01.05|//Picus Security//|![[Six Stages of Dealing with a Global Security Incident|https://www.picussecurity.com/resource/blog/six-stages-of-dealing-with-a-global-security-incident]]|
|2021.01.05|//SecureWorks//|[[Update on SolarWinds Threat: Identity is the New Perimeter|https://www.secureworks.com/blog/update-on-solarwinds-threat-identity-is-the-new-perimeter]]|
|!|>|>||
|2021.01.04|//NetreseC//|[[Finding Targeted SUNBURST Victims with pDNS|https://www.netresec.com/?page=Blog&month=2021-01&post=Finding-Targeted-SUNBURST-Victims-with-pDNS]]|
|2021.01.04|//Duo Security//|[[CISA Identifies Multiple Vectors Used by SolarWinds Attackers|https://duo.com/decipher/cisa-identifies-multiple-vectors-used-by-solarwinds-attackers]]|
|2021.01.04|//SOC Prime//|[[Golden SAML Attack: Another Method Used by APT Group Behind SolarWinds Hack|https://socprime.com/blog/golden-saml-attack-method-used-by-apt-group-behind-solarwinds-hack/]]|
|!|>|>||
|2021.01.03|//Shift Left//|[[#Solorigate : SUPERNOVA forensics using Code Property Graph|https://blog.shiftleft.io/solorigate-supernova-forensics-using-code-property-graph-b92b56e48bb0]]|
|!|>|>||
|2020.12.31|MITRE ATT&CK|![[Identifying UNC2452-Related Techniques for ATT&CK|https://medium.com/mitre-attack/identifying-unc2452-related-techniques-9f7b6c7f3714]]|
|2020.12.31|//Microsoft//|![[Solorigate Resource Center|https://aka.ms/solorigate]] |
|2020.12.31|//Microsoft//|![[Solorigate Identity Indicators of Compromise|https://aka.ms/solorigateidentityiocs]] |
|2020.12.31|//Microsoft//|[[Microsoft Internal Solorigate Investigation Update|https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/]]|
|2020.12.31|//Microsoft//|![[Azure AD workbook to help you assess Solorigate risk|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-workbook-to-help-you-assess-solorigate-risk/ba-p/2010718]] |
|2020.12.31|//SolarWinds//|[[SolarWinds Security Advisory|https://www.solarwinds.com/securityadvisory]] (mise à jour)|
|2020.12.31|//BlackHills//|[[Podcast: Discussing Implications of the SolarWinds Breach(es)|https://content.blubrry.com/bhis/Implications_of_the_SolarWinds_Breach.mp3]]|
|2020.12.31|//BlackHills//|[[Webcast: Discussing Implications of the SolarWinds Breach(es)|https://www.blackhillsinfosec.com/webcast-discussing-implications-of-the-solarwinds-breaches/]] ([[YouTube|https://youtu.be/WtqDpH-g4rA]])|
|!|>|>||
|2020.12.30|//Recorded Future//|[[SolarWinds Attribution: Are We Getting Ahead of Ourselves?|https://www.recordedfuture.com/solarwinds-attribution/]]|
|2020.12.30|//Recorded Future//| → [[Are We Getting Ahead of Ourselves? An Analysis of UNC2452 Attribution|https://go.recordedfuture.com/hubfs/reports/pov-2020-1230.pdf]] (pdf)|
|!|>|>||
|2020.12.29|//SolarWinds//|[[Our Commitment to Cooperation|https://orangematter.solarwinds.com/2020/12/29/our-commitment-to-cooperation/]]|
|2020.12.29|//Zero Networks//|[[Examining the SolarWinds Supply Chain Attack - Executive Summary|https://zeronetworks.com/blog/examining_solarwinds_supply_chain_attack_summary/]]|
|2020.12.29|//Zero Networks//|![[Examining the SolarWinds Supply Chain Attack - Deep Dive|https://zeronetworks.com/blog/examining_solarwinds_supply_chain_attack/]]|
|2020.12.29|//NetreseC//|[[Extracting Security Products from SUNBURST DNS Beacons|https://www.netresec.com/?page=Blog&month=2020-12&post=Extracting-Security-Products-from-SUNBURST-DNS-Beacons]]|
|2020.12.29|//Anomali//|[[Actionable Threat Intelligence Available for Sunburst Cyber Attacks on SolarWinds|https://www.anomali.com/blog/actionable-threat-intelligence-available-for-sunburst-cyber-attacks-on-solarwinds]]|
|2020.12.29|//Anomali//|[[Download Actionable Sunburst Threat Intelligence Today!|https://www.anomali.com/learn/sunburst/download-actionable-sunburst-threat-intelligence]]|
|2020.12.29|//RiskRecon//|[[Entities Signaling to SUNBURST C2 Infrastructure|https://blog.riskrecon.com/entities-signaling-to-sunburst-c2-infrastructure]]|
|2020.12.29|//RiskRecon//| → [[Data File of Entities Signaling to SolarWinds SUNBURST C2 Infrastructure|https://www.riskrecon.com/analysis-of-sunburst-signaling-entities]]|
|2020.12.29|//Cloud Vector//|[[API vulnerabilities at the center of SolarWinds SUPERNOVA Malware|https://www.cloudvector.com/api-vulnerabilities-at-the-center-of-solarwinds-supernova-malware/]]|
|!|>|>||
|2020.12.28|//Microsoft//|![[Using Microsoft 365 Defender to protect against Solorigate|https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-protection-against-solorigate/]] |
|2020.12.28|Dancho Danchez|[[Exposing the Solarwinds Malware Campaign - An OSINT Analysis|https://ddanchev.blogspot.com/2020/12/exposing-solarwinds-malware-campaign.html]]|
|2020.12.28|//Shift Left//|[[#Solorigate : A Month of Reckoning for SaaS software creators and consumers|https://blog.shiftleft.io/a-month-of-reckoning-for-saas-software-creators-and-consumers-da791a4189e9]]|
|2020.12.28|//Shift Left//|[[#Solorigate : SolarWinds SUNBRUST backdoor investigation using ShiftLeft's Code Property Graph|https://blog.shiftleft.io/solarwinds-sunbrust-backdoor-investigation-using-shiftlefts-code-property-graph-c7349ca65428]]|
|2020.12.28|//SOC Prime//|[[SUPERNOVA Backdoor: A Second APT Group Abused SolarWinds Flaw to Deploy Web Shell Malware|https://socprime.com/blog/supernova-backdoor-a-second-apt-group-abused-solarwinds-flaw-to-deploy-web-shell-malware/]]|
|>|>|>|!|
|2020.12.26|//Logrhythm//|[[How to Detect and Search for SolarWinds IOCs in LogRhythm|https://logrhythm.com/blog/how-to-detect-and-search-for-solarwinds-iocs-in-logrhythm/]]|
|>|>|>|!|
|20201.12.26|//Shift Left//|[[#Solorigate : SUNBURST SolarWinds BackDoor : Crime Scene Forensics and detection techniques|https://blog.shiftleft.io/sunburst-solarwinds-backdoor-crime-scene-forensics-part-2-continued-3bcd8361f055]]|
|>|>|>|!|
|2020.12.24|SolarWinds|![[Mitigate your Orion Platform environment from the risk of the SUPERNOVA vulnerability using a new PowerShell script|https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip]] (pdf à extraire) |
|2020.12.24|SwitHack|[[SolarWinds Supply-chain Compromises|https://gist.github.com/SwitHak/8b59e740b187511caad1bf06caa44df1]]|
|2020.12.24|//FireEye//|![[SUNBURST Additional Technical Details|https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html]] |
|2020.12.24|//Zscaler//|[[The Hitchhiker's Guide to SolarWinds Incident Response|https://www.zscaler.com/blogs/security-research/hitchhikers-guide-solarwinds-incident-response]]|
|2020.12.24|//Cyfirma//|[[SOLARWINDS HACK – Sunburst, Supernova and more|https://www.cyfirma.com/solarwinds-hack-sunburst-supernova-and-more/]]|
|!|>|>||
|2020.12.23|//Sygnia//|![[Detection and Hunting of Golden SAML Attack|https://www.sygnia.co/golden-saml-advisory]] |
|2020.12.23|//Crowdstrike//|[[CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory|https://www.crowdstrike.com/blog/crowdstrike-launches-free-tool-to-identify-and-help-mitigate-risks-in-azure-active-directory/]]|
|2020.12.23|//Sentinel One//|[[SolarWinds - Understanding & Detecting the SUPERNOVA Webshell Trojan|https://labs.sentinelone.com/solarwinds-understanding-detecting-the-supernova-webshell-trojan/]]|
|2020.12.23|//Kaspersky//|[[How we protect our users against the Sunburst backdoor|https://securelist.com/how-we-protect-against-sunburst-backdoor/99959/]]|
|2020.12.23|//Palo Alto Networks//|![[A Timeline Perspective of the SolarStorm Supply-Chain Attack|https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/]] |
|2020.12.23|//Ermetic//|![[Cloud infrastructure is not immune from the SolarWinds Orion breach|https://ermetic.com/whats-new/blog/cloud-infrastructure-is-not-immune-from-the-solarwinds-orion-breach/]] |
|2020.12.23|//KPMG//|[[SolarWinds Orion|https://advisory.kpmg.us/articles/2020/solarwinds-orion.html]] ([[avis|https://advisory.kpmg.us/content/dam/advisory/en/pdfs/2020/solarwinds-orion.pdf|]])|
|2020.12.23|//Kaspersky//|[[How we protect our users against the Sunburst backdoor|https://securelist.com/how-we-protect-against-sunburst-backdoor/99959/]]|
|2020.12.23|//Hunters.ai//|[[SUNBURST: How it Happened and How to Minimize the Risk of Future Nation-State Attacks|https://hunters.ai/blog/sunburst-how-it-happened-and-how-to-minimize-the-risk-of-future-nation-state-attacks/]]|
|2020.12.23|//Prevasio//|[[DNS Tunneling In The SolarWinds Supply Chain Attack|https://blog.prevasio.com/2020/12/dns-tunneling-in-solarwinds-supply.html]] |
|2020.12.23|//Recorded Future//|[[SolarWinds: What the Intelligence Tells Us |https://www.recordedfuture.com/solarwinds-attack-update/]]|
|!|>|>||
|2020.12.22|//Microsoft//|![[Azure AD workbook to help you assess Solorigate risk|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-workbook-to-help-you-assess-solorigate-risk/ba-p/2010718]]|
|2020.12.22|MITRE ATT&CK|!^^[[Identifying UNC2452-Related Techniques for ATT&CK|https://medium.com/mitre-attack/identifying-unc2452-related-techniques-9f7b6c7f3714]] (obsolète)^^|
|2020.12.22|//Qualys//|[[Qualys Security Advisory: SolarWinds / FireEye|https://blog.qualys.com/qualys-insights/2020/12/22/qualys-security-advisory-solarwinds-fireeye]]|
|2020.12.22|//Infoblox//|[[SolarWinds and SUNBURST Update|https://blogs.infoblox.com/cyber-threat-intelligence/solarwinds-and-sunburst-update/]]|
|2020.12.22|//Checkpoint Software//|[[SUNBURST, TEARDROP and the NetSec New Normal|https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal/]]|
|2020.12.22|//Prevasio//|[[Sunburst Backdoor, Part III: DGA & Security Software|https://blog.prevasio.com/2020/12/sunburst-backdoor-part-iii-dga-security.html]]|
|!|>|>||
|2020.12.21|//Microsoft//|![[Understanding "Solorigate"'s Identity IOCs - for Identity Vendors and their customers|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/understanding-quot-solorigate-quot-s-identity-iocs-for-identity/ba-p/2007610]] |
|2020.12.21|//Tripwire//|[[Continue Clean-up of Compromised SolarWinds Software|https://www.tripwire.com/state-of-security/security-data-protection/continue-clean-up-of-compromised-solarwinds-software/]]|
|2020.12.21|//Microsoft//|![[Advice for incident responders on recovery from systemic identity compromises |https://www.microsoft.com/security/blog/2020/12/21/advice-for-incident-responders-on-recovery-from-systemic-identity-compromises/]] |
|2020.12.21|//McAfee//|[[How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise|https://www.mcafee.com/blogs/other-blogs/mcafee-labs/how-a-device-to-cloud-architecture-defends-against-the-solarwinds-supply-chain-compromise/]]|
|2020.12.21|//CyberInt Research//|[[SolarWinds Supply Chain Attack|https://blog.cyberint.com/solarwinds-supply-chain-attack]]|
|2020.12.21|//Checkpoint Software//|![[Best Practice: Identifying And Mitigating The Impact Of Sunburst|https://blog.checkpoint.com/2020/12/21/best-practice-identifying-and-mitigating-the-impact-of-sunburst/]] |
|2020.12.21|//Carbon Black//|[[TAU Threat Analysis: Insights on the SolarWinds Breach|https://www.carbonblack.com/blog/tau-threat-analysis-insights-on-the-solarwinds-breach/]]|
|2020.12.21|//VMware//|[[https://www.vmware.com/company/news/updates/2020/vmware-statement-solarwinds-supply-chain-compromise.html|https://www.vmware.com/company/news/updates/2020/vmware-statement-solarwinds-supply-chain-compromise.html]]|
|>|>|>|!|
|2020.12.19|//VX-Underground//|//[[Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromis eMultiple Global Victims With SUNBURST Backdoor|https://vx-underground.org/samples/Exotic/DarkHalo/HighlyEvasiveAttackerLeveragesSolarWindsSupplyChaintoCompromiseMultipleGlobalVictimsWithSUNBURSTBackdoor.pdf]]// (pdf)|
|!|>|>||
|2020.12.18|//Cloudflare//|![[Trend data on the SolarWinds Orion compromise|https://blog.cloudflare.com/solarwinds-orion-compromise-trend-data/]] |
|2020.12.18|Krebs on Security|[[VMware Flaw a Vector in SolarWinds Breach?|https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/]]|
|2020.12.18|Energy.gov|[[DOE Update on Cyber Incident Related to Solar Winds Compromise|https://www.energy.gov/articles/doe-update-cyber-incident-related-solar-winds-compromise]]|
|2020.12.18|//Tripwire//|[[VERT Alert: SolarWinds Supply Chain Attack|https://www.tripwire.com/state-of-security/vert/vert-alert-solar-winds-supply-chain-attack/]]|
|2020.12.18|//Sentinel One//|[[SolarWinds SUNBURST Backdoor: Inside the APT Campaign|https://labs.sentinelone.com/solarwinds-sunburst-backdoor-inside-the-stealthy-apt-campaign/]]|
|2020.12.18|//Kaspersky//|![[Sunburst: connecting the dots in the DNS requests|https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/]] |
|2020.12.18|//Palo Alto Networks//|[[Palo Alto Networks Rapid Response: Navigating the SolarStorm Attack|https://blog.paloaltonetworks.com/2020/12/solarwinds-statement-solarstorm/]]|
|2020.12.18|//Microsoft//|[[Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers|https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/]]|
|2020.12.18|//Cloudflare//|[[A quirk in the SUNBURST DGA algorithm|https://blog.cloudflare.com/a-quirk-in-the-sunburst-dga-algorithm/]]|
|2020.12.18|//Domain Tools//|[[Continuous Eruption: Further Analysis of the SolarWinds Supply Chain Incident|https://www.domaintools.com/resources/blog/continuous-eruption-further-analysis-of-the-solarwinds-supply-incident]]|
|2020.12.18|//Domain Tools//|Podcast [[70. Gone with the SolarWind|https://www.domaintools.com/resources/podcasts/70-gone-with-the-solarwind]]|
|2020.12.18|Pastebin|[[SolarWinds hacking DGA decoded|https://pastebin.com/f05i8B1Q]]|
|2020.12.18|Ntop|[[Efficiently Detecting and Blocking SunBurst Malware|https://www.ntop.org/ndpi/efficiently-detecting-and-blocking-sunburst-malware/]]|
|2020.12.18|//Qianxin//|[[First Disclosure of Target:Domain Name Generation Algorithm of SolarWinds Supply Chain Attack can be Cracked|https://ti.qianxin.com/blog/articles/First-Disclosure-of-Target:Domain-Name-Generation-Algorithm-of-SolarWinds-Supply-Chain-Attack-can-be-Cracked/]]|
|!|>|>||
|2020.12.17|//Prevasio//|![[Sunburst Backdoor, Part II: DGA & The List of Victims|https://blog.prevasio.com/2020/12/sunburst-backdoor-part-ii-dga-list-of.html]] |
|2020.12.17|//Palo Alto Networks//|[[SUPERNOVA: A Novel .NET Webshell|https://unit42.paloaltonetworks.com/solarstorm-supernova/]]|
|2020.12.17|//Microsoft//|[[A moment of reckoning: the need for a strong and global cybersecurity response|https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/]]|
|2020.12.17|//McAfee//|[[Additional Analysis into the SUNBURST Backdoor|https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/]]|
|2020.12.17|//TrustedSec//|![[SolarWinds Backdoor (Sunburst) Incident Response Playbook|https://www.trustedsec.com/blog/solarwinds-backdoor-sunburst-incident-response-playbook/]] |
|2020.12.17|//CipherCloud//|[[Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S. Government Hack|https://www.ciphercloud.com/mitigating-cloud-supply-chain-risk-office-365-and-azure-exploited-in-massive-u-s-government-hack/]]|
|2020.12.17|//NetreseC//|![[Reassembling Victim Domain Fragments from SUNBURST DNS|https://www.netresec.com/?page=Blog&month=2020-12&post=Reassembling-Victim-Domain-Fragments-from-SUNBURST-DNS]] |
|2020.12.17|//Anomali//|[[FireEye, SolarWinds Hacks Show that Detection is Key to Solid Defense|https://www.anomali.com/blog/fireeye-solarwinds-hacks-show-that-detection-is-key-to-solid-defense]]|
|!|>|>||
|2020.12.16|Krebs on Security|[[Malicious Domain in SolarWinds Hack Turned into 'Killswitch'|https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/]]|
|2020.12.16|//Volexity//|![[Responding to the SolarWinds Breach: Detect, Prevent, and Remediate the Dark Halo Supply Chain Attack|https://www.volexity.com/blog/2020/12/16/responding-to-the-solarwinds-breach/]] |
|2020.12.16|//Security Intelligence//|[[Update on Widespread Supply-Chain Compromise|https://securityintelligence.com/posts/update-widespread-supply-chain-compromise/]]|
|2020.12.16|//Reversing Labs//|[[SunBurst: the next level of stealth|https://blog.reversinglabs.com/blog/sunburst-the-next-level-of-stealth]]|
|2020.12.16|//Prevailion//|[[Cybersecurity Solarwinds Activity|https://www.linkedin.com/posts/karimhijazi_prevailionknows-cybersecurity-solarwinds-activity-6744862284868390912-BUb1/]]|
|2020.12.16|//McAfee//|[[SUNBURST Malware and SolarWinds Supply Chain Compromise|https://www.mcafee.com/blogs/other-blogs/mcafee-labs/sunburst-malware-and-solarwinds-supply-chain-compromise/]]|
|2020.12.16|//Deep Instinct//|[[Sunburst Trojan: What You Need to Know|https://www.deepinstinct.com/2020/12/16/sunburst-trojan-what-you-need-to-know/]]|
|2020.12.16|//Intsights//|[[The FireEye Breach and the SolarWinds Supply Chain Compromise Campaign|https://intsights.com/blog/the-fireeye-breach-and-the-solarwinds-supply-chain-compromise-campaign]]|
|2020.12.16|//Krypt3ia//|[[Supply Chain Attacks and Nation State Pwnage: A Primer|https://krypt3ia.wordpress.com/2020/12/16/supply-chain-attacks-and-nation-state-pwnage-a-primer/]]|
|!|>|>||
|2020.12.15|Mubix "Rob" Fuller|![[SolarFlare Release: Password Dumper for SolarWinds Orion|https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/]]|
|2020.12.15|Bruce Schneier|[[How the SolarWinds Hackers Bypassed Duo's Multi-Factor Authentication|https://www.schneier.com/blog/archives/2020/12/how-the-solarwinds-hackers-bypassed-duo-multi-factor-authentication.html]]|
|2020.12.15|//Microsoft//|[[Ensuring customers are protected from Solorigate|https://www.microsoft.com/security/blog/2020/12/15/ensuring-customers-are-protected-from-solorigate/]]|
|2020.12.15|//Symantec//|[[Sunburst: Supply Chain Attack Targets SolarWinds Users|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sunburst-supply-chain-attack-solarwinds]]|
|2020.12.15|//SonicWall//|[[Massive Supply-Chain Attack Targets SolarWinds Orion Platform |https://blog.sonicwall.com/en-us/2020/12/massive-supply-chain-attack-targets-solarwinds-orion-platform/]]|
|2020.12.15|//Prevasio//|[[Sunburst Backdoor: A Deeper Look Into The SolarWinds' Supply Chain Malware |https://blog.prevasio.com/2020/12/sunburst-backdoor-deeper-look-into.html]]|
|2020.12.15|//Picus Security//|[[Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds Breach|https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach]]|
|2020.12.15|//SecureWorks//|[[Secureworks' Response to Recent Nation-State Cyberattacks|https://www.secureworks.com/blog/secureworks-response-to-recent-nation-state-cyberattacks]]|
|2020.12.15|//GuidePoint//|[[SUPERNOVA SolarWinds .NET Webshell Analysis|https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/]]|
|!|>|>||
|2020.12.14|SANS Handlers Diary|[[SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)|https://isc.sans.edu/diary/rss/26884]]|
|2020.12.14|Krebs on Security|[[U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise|https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/]]|
|2020.12.14|Krebs on Security|[[SolarWinds Hack Could Affect 18K Customers|https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/]]|
|2020.12.14|//Volexity//|![[Dark Halo Leverages SolarWinds Compromise to Breach Organizations|https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/]]|
|2020.12.14|//Solarwinds//|[[Solarwinds Corporation report to SEC|https://d18rn0p25nwr6d.cloudfront.net/CIK-0001739942/57108215-4458-4dd8-a5bf-55bd5e34d451.pdf]]|
|2020.12.14|//RiskIQ//|[[SolarWinds Orion Hack: Know if You're Affected and Defend Your Attack Surface|https://www.riskiq.com/blog/external-threat-management/solarwinds-orion-hack/]]|
|2020.12.14|//Palo Alto Networks//|[[Threat Brief: SolarStorm and SUNBURST Customer Coverage|https://unit42.paloaltonetworks.com/fireeye-solarstorm-sunburst/]]|
|2020.12.14|//Malware Bytes//|[[SolarWinds advanced cyberattack: What happened and what to do now|https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/]]|
|2020.12.14|//SOC Prime//|[[Sunburst Backdoor Detection: Solarwinds Supply Chain Attack on FireEye and US Agencies|https://socprime.com/blog/sunburst-backdoor-detection-solarwinds-supply-chain-attack-on-fireeye-and-us-agencies/]]|
|2020.12.14|//Cisco//|[[Threat Advisory: SolarWinds supply chain attack|https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html]]|
|2020.12.14|//Cisco//|[[SolarWinds Orion Platform Supply Chain Attack|https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-solarwinds-supply-chain-attack]]|
|2020.12.14|//Cisco//|[[FireEye Breach Detection Guidance|https://blog.talosintelligence.com/2020/12/fireeye-breach-guidance.html]]|
|2020.12.14|//Tenable//|![[Solorigate: SolarWinds Orion Platform Contained a Backdoor Since March 2020 (SUNBURST)|https://www.tenable.com/blog/solorigate-solarwinds-orion-platform-contained-a-backdoor-since-march-2020-sunburst]]|
|2020.12.14|//Cado Security//|[[Responding to Solarigate|https://www.cadosecurity.com/post/responding-to-solarigate]]|
|2020.12.14|//Symantec//|[[Sunburst: Supply Chain Attack Targets SolarWinds Users|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sunburst-supply-chain-attack-solarwinds]]|
|2020.12.14|//Domain Tools//|[[Unraveling Network Infrastructure Linked to the SolarWinds Hack|https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack]]|
|2020.12.14|//True Sec//|![[SolarWinds Orion and UNC2452 – Summary and Recommendations|https://www.trustedsec.com/blog/solarwinds-orion-and-unc2452-summary-and-recommendations/]] |
|2020.12.14|//Splunk//|[[Using Splunk to Detect Sunburst Backdoor|https://www.splunk.com/en_us/blog/security/sunburst-backdoor-detections-in-splunk.html]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-063 SolarWinds Network Performance Monitor ExecuteExternalProgram Command Injection Remote Code Execution Vulnerability (CVE-2020-14005)|https://www.zerodayinitiative.com/advisories/ZDI-21-063/]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-064 SolarWinds Network Performance Monitor WriteToFile SQL Injection Privilege Escalation Vulnerability (CVE-2020-27869)|https://www.zerodayinitiative.com/advisories/ZDI-21-064/]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-065 SolarWinds Network Performance Monitor ExecuteVBScript Command Injection Remote Code Execution Vulnerability (CVE-2020-14005)|https://www.zerodayinitiative.com/advisories/ZDI-21-065/]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-066 SolarWinds Network Performance Monitor ExportToPDF Directory Traversal Information Disclosure Vulnerability (CVE-2020-27870)|https://www.zerodayinitiative.com/advisories/ZDI-21-066/]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-067 SolarWinds Network Performance Monitor VulnerabilitySettings Directory Traversal Arbitrary File Creation Vulnerability (CVE-2020-27871)|https://www.zerodayinitiative.com/advisories/ZDI-21-067/]]|
|2020.12.14|//Zero Day Initiative//|[[ZDI-21-06 (CVE-2020- )|https://www.zerodayinitiative.com/advisories/ZDI-21-06/]]|
|>|>|>|!|
|2020.12.13|//TrueSec//|[[The SolarWinds Orion SUNBURST supply-chain Attack|https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/]]|
|2020.12.13|//SolarWinds//|[[SolarWinds Security Advisory|https://www.solarwinds.com/securityadvisory]] (obsolète)|
|2020.12.13|//Microsoft//|![[Important steps for customers to protect themselves from recent nation-state cyberattacks|http://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/]] |
|2020.12.13|//Microsoft//|![[Customer Guidance on Recent Nation-State Cyber Attacks|https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/]] |
|2020.12.13|//Microsoft//|[[Trojan:MSIL/Solorigate.B!dha|https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:MSIL/Solorigate.B!dha]]|
|2020.12.13|//FireEye//|[[Global Intrusion Campaign Leverages Software Supply Chain Compromise|https://www.fireeye.com/blog/products-and-services/2020/12/global-intrusion-campaign-leverages-software-supply-chain-compromise.html]]|
|2020.12.13|//FireEye//|[[FireEye Mandiant SunBurst Countermeasures|https://github.com/fireeye/sunburst_countermeasures]] (Snort, Yara, IOC, ClamAV)|
|!|>|>||
|2020.12.12|//FireEye//|[[Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor|https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html]]|
|!|>|>||
|2020.12.11|//Picus Security//|[[It is Time to Take Action - How to Defend Against FireEye's Red Team Tools|https://www.picussecurity.com/resource/blog/how-to-defend-against-fireeye-s-red-team-tools]]|
|!|>|>||
|2020.12.10|//Picus Security//|[[Tactics, Techniques and Procedures (TTPs) Utilized by FireEye's Red Team Tools|https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools]]|
|2020.12.10|//SOC Prime//|[[FireEye Breach: Leaked Red Team Toolkit Detection|https://socprime.com/blog/fireeye-breach-leaked-red-team-toolkit-detection/]]|
|2020.12.10|//Malware Bytes//|[[Malwarebytes detects leaked tools from FireEye breach|https://blog.malwarebytes.com/malwarebytes-news/2020/12/malwarebytes-detects-leaked-tools-from-fireeye-breach/]]|
|2020.12.10|//Intsights//|[[Flash Alert: FireEye Breach|https://intsights.com/blog/flash-alert-fireeye-breach]]|
|!|>|>||
|2020.12.08|//FireEye//|![[FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community|https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html]] |
|2020.12.08|//FireEye//|![[Unauthorized Access of FireEye Red Team Tools|https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html]] |
|>|>|>|!|
|2017.11.27|//CyberArk//|![[Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps|https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps]] |
|2017.05.03|//Palo Alto Network//|[[Kazuar: Multiplatform Espionage Backdoor with API Access|https://unit42.paloaltonetworks.com/unit42-kazuar-multiplatform-espionage-backdoor-api-access/]]|
|2016.01.14|//Symantec//|[[The Waterbug attack group|https://docs.broadcom.com/doc/waterbug-attack-group]]|
!Sources secondaires / Secondary sources
|>|>|>|bgcolor:#F5DF4D;Ce fond indique des mises à jour ''pertinentes'' du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.19|//Risk Recon//|[[How the World Responded to SolarWinds Orion - Part 2|https://blog.riskrecon.com/how-the-world-responded-to-solarwinds-orion-a-view-from-the-internet-part-2]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.18|Bleeping Computer|[[Microsoft: SolarWinds hackers downloaded some Azure, Exchange source code|https://www.bleepingcomputer.com/news/microsoft/microsoft-solarwinds-hackers-downloaded-some-azure-exchange-source-code/]]|
|bgcolor:#F5DF4D;2021.02.18|JiPé|![[Incidents MindMaps / SOLORIGATE_SUNBURST|https://github.com/jipegit/IncidentsMindMaps/tree/main/SOLORIGATE_SUNBURST]] ([[image|https://github.com/jipegit/IncidentsMindMaps/raw/main/SOLORIGATE_SUNBURST/SOLORIGATE_SUNBURST.png]]) |
|bgcolor:#F5DF4D;2021.02.18|Dark Reading|[[Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy|https://www.darkreading.com/vulnerabilities---threats/hiding-in-plain-sight-what-the-solarwinds-attack-revealed-about-efficacy/a/d-id/1340140]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.16|//Akamai//|[[SolarWinds Hack and the Case of DNS Security|http://feedproxy.google.com/~r/TheAkamaiBlog/~3/NYBTmg4HS00/solarwinds-hack-and-the-case-of-dns-security.html]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.12|//Risk Recon//|[[How the World Responded to SolarWinds Orion – Part 1|https://blog.riskrecon.com/how-the-world-responded-to-solarwinds-orion-a-view-from-the-internet-part-1]]|
|bgcolor:#F5DF4D;2021.02.12|//Thinkst//|[[On SolarWinds, Supply Chains and Enterprise Networks|https://blog.thinkst.com/2021/02/on-solarwinds-supply-chains-and_12.html]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.10|//Infoblox//|[[TEARDROP Malware|https://blogs.infoblox.com/cyber-threat-intelligence/teardrop-malware/]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.09|//trustwave//|[[Discussing the SolarWinds Discovery|https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/discussing-the-solarwinds-discovery/]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.05|Security Week|[[Microsoft Says Its Services Not Used as Entry Point by SolarWinds Hackers|https://www.securityweek.com/microsoft-says-its-services-not-used-entry-point-solarwinds-hackers]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.03|Bleeping Computer|[[SolarWinds patches critical vulnerabilities in the Orion platform|https://www.bleepingcomputer.com/news/security/solarwinds-patches-critical-vulnerabilities-in-the-orion-platform/]]|
|bgcolor:#F5DF4D;2021.02.03|MSSP Alert|[[SolarWinds Patches 3 Vulnerabilities Discovered by MSSP Trustwave, SpiderLabs|https://www.msspalert.com/cybersecurity-news/solarwinds-patches-three-vulnerabilities/]]|
|bgcolor:#F5DF4D;2021.02.03|Security Week|[[China-Linked Hackers Exploited SolarWinds Flaw in U.S. Government Attack: Report|https://www.securityweek.com/china-linked-hackers-exploited-solarwinds-flaw-us-government-attack-report]]|
|bgcolor:#F5DF4D;2021.02.03|Security Week|[[SolarWinds Product Vulnerabilities Allow Hackers to Take Full Control of Systems|https://www.securityweek.com/solarwinds-product-vulnerabilities-allow-hackers-take-full-control-systems]]|
|bgcolor:#F5DF4D;2021.02.03|Dark Reading|[[SolarWinds Attackers Spent Months in Corporate Email System: Report|https://www.darkreading.com/perimeter/solarwinds-attackers-spent-months-in-corporate-email-system-report/d/d-id/1340047]]|
|bgcolor:#F5DF4D;2021.02.03|//Threatpost//|[[Second SolarWinds Attack Group Breaks into USDA Payroll|https://threatpost.com/second-solarwinds-attack-group-usda-payroll/163635/
|bgcolor:#F5DF4D;2021.02.03|//Threatpost//|[[SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover|https://threatpost.com/solarwinds-orion-bug-remote-code-execution/163618/]]|
|bgcolor:#F5DF4D;2021.02.03|//Infocyte//|[[Responding to Microsoft 365 Attacks|https://www.infocyte.com/blog/2021/02/03/responding-to-microsoft-365-attacks/]]|
|bgcolor:#F5DF4D;2021.02.03|Bruce Schneier|[[More SolarWinds News|https://www.schneier.com/blog/archives/2021/02/more-solarwinds-news.html]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.02.01|No Limit Sécu|[[Solarwinds, illustration d’une attaque de type "supply chain"|https://www.nolimitsecu.fr/solarwinds/]] ([[podcast|https://www.nolimitsecu.fr/wp-content/uploads/NoLimitSecu-305-SolarWinds.mp3]])|
|bgcolor:#F5DF4D;2021.02.01|Security Week|[[CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds|https://www.securityweek.com/cisa-says-many-victims-solarwinds-hackers-had-no-direct-link-solarwinds]]|
|>|>|>||
|2021.01.31|NoLimitSécu[>img[iCSF/flag_fr.png]]|[[Episode #305 : Solarwinds, illustration d’une attaque de type "supply chain"|https://www.nolimitsecu.fr/solarwinds/]] ([[podcast|https://www.nolimitsecu.fr/wp-content/uploads/NoLimitSecu-305-SolarWinds.mp3]])|
|>|>|>||
|2021.01.30|Ars Technica|[[30% of "SolarWinds hack" victims didn’t actually use SolarWinds|https://arstechnica.com/information-technology/2021/01/30-of-solarwinds-hack-victims-didnt-actually-use-solarwinds/]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.01.29|//Hashed Out//|![[https://www.thesslstore.com/blog/all-you-need-to-know-about-the-solarwinds-hack/
|bgcolor:#F5DF4D;2021.01.29|//Talos / Cisco//|[[Talos Takes Ep. #39: SolarWinds' implications for IoT and OT|https://blog.talosintelligence.com/2021/01/talos-takes-ep-39-solarwinds.html]] ([[podcast|https://talos-intelligence-site.s3.amazonaws.com/production/podcast_files/Talos%20Takes%20Ep.%20%2340%3A%20Lessons%20learned%20from%20our%20conversations%20with%20a%20ransomware%20operator/1612537053/TTEP40LockBitInterview.mp3]])|
|2021.01.29|//Aon//|[[Cloudy with a Chance of Persistent Email Access|https://www.aon.com/cyber-solutions/aon_cyber_labs/cloudy-with-a-chance-of-persistent-email-access/]]|
|>|>|>||
|2021.01.28|//Threatpost//|[[Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball|https://threatpost.com/mimecast-solarwinds-hack-security-vendor-victims/163431/]]|
|>|>|>||
|2021.01.27|Security Week|[[Hundreds of Industrial Organizations Received Sunburst Malware in SolarWinds Attack|https://www.securityweek.com/hundreds-industrial-organizations-received-sunburst-malware-solarwinds-attack]]|
|>|>|>||
|bgcolor:#F5DF4D;2021.01.26|//Forcepoint//|[[Inside the Mind of the #Sunburst Adversary - Ep. 117|https://www.forcepoint.com/resources/podcasts/inside-mind-sunburst-adversary-ep-117]]|
|bgcolor:#F5DF4D;2021.01.26|Bleeping Computer|[[Mimecast links security breach to SolarWinds hackers|https://www.bleepingcomputer.com/news/security/mimecast-links-security-breach-to-solarwinds-hackers/]]|
|2021.01.26|Dark Reading|[[Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks|https://www.darkreading.com/application-security/mimecast-recent-certificate-compromise-tied-to-solarwinds-attacks/d/d-id/1339984]]|
|>|>|>||
|2021.01.23|//TrapX//|[[Lessons from the solarwinds breach: there is nothing new under the sun?|https://www.trapx.com/lessons-from-the-solarwinds-breach-there-is-nothing-new-under-the-sun/]]
|>|>|>||
|2021.01.22|GBHackers on Security|[[Microsoft Research Reveals SolarWinds Hackers Stealthily Evaded Detection|https://gbhackers.com/solarwinds-attack-chain/]]|
|>|>|>||
|2021.01.21|Robinson+Cole|[[SolarWinds Insured Losses Estimated at $90 Million|https://www.dataprivacyandsecurityinsider.com/2021/01/solarwinds-insured-losses-estimated-at-90-million/]]|
|2021.01.21|Security Week|[[Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers|https://www.securityweek.com/microsoft-details-opsec-anti-forensic-techniques-used-solarwinds-hackers]]|
|>|>|>||
|2021.01.20|Bleeping Computer|[[Microsoft shares how SolarWinds hackers evaded detection|https://www.bleepingcomputer.com/news/security/microsoft-shares-how-solarwinds-hackers-evaded-detection/]]|
|2021.01.20|Dark Reading|[[Microsoft Releases New Info on SolarWinds Attack Chain|https://www.darkreading.com/attacks-breaches/microsoft-releases-new-info-on-solarwinds-attack-chain/d/d-id/1339940]]|
|2021.01.20|//Threatpost//|[[Malwarebytes Hit by SolarWinds Attackers|https://threatpost.com/malwarebytes-solarwinds-attackers/163190/]]|
|>|>|>||
|2021.01.19|Bleeping Computer|![[SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-used-7-zip-code-to-hide-raindrop-cobalt-strike-loader/]] |
|2021.01.19|Bleeping Computer|[[Malwarebytes says SolarWinds hackers accessed its internal emails|https://www.bleepingcomputer.com/news/security/malwarebytes-says-solarwinds-hackers-accessed-its-internal-emails/]]|
|2021.01.19|Dark Reading|[[SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics|https://www.darkreading.com/threat-intelligence/solarwinds-attack-underscores-new-dimension-in-cyber-espionage-tactics/d/d-id/1339928]]|
|2021.01.19|Security Week|[[FireEye Releases New Open Source Tool in Response to SolarWinds Hack|https://www.securityweek.com/fireeye-releases-new-open-source-tool-response-solarwinds-hack]]|
|2021.01.19|Security Week|[[SolarWinds Hackers Used 'Raindrop' Malware for Lateral Movement|https://www.securityweek.com/solarwinds-hackers-used-raindrop-malware-lateral-movement]]|
|2021.01.19|//Threatpost//|[[SolarWinds Malware Arsenal Widens with Raindrop|https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/]]|
|>|>|>||
|2021.01.18|//Zscaler//|[[Supply Chain Attacks|https://www.zscaler.com/blogs/product-insights/supply-chain-attack]]|
|2021.01.18|//Digital Shadows//|Podcast '[[ShadowTalk Update: Sunburst, Sunspot, and more on SolarWinds!|https://www.digitalshadows.com/blog-and-research/shadowtalk-update-sunburst-sunspot-and-more-on-solarwinds/]]'|
|>|>|>||
|2021.01.17|//WhoisXML API//|![[Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs|http://www.circleid.com/posts/20210117-cyberthreat-intel-analysis-expansion-of-solarwinds-identified-iocs/]] |
|>|>|>||
|2021.01.13|Dark Reading|[[SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns|https://www.darkreading.com/threat-intelligence/solarwinds-attackers-may-have-hit-mimecast-driving-new-concerns/d/d-id/1339895]]|
|>|>|>||
|2021.01.12|Wall Street Journal|[[SolarWinds Hackers' Attack on Email Security Company Raises New Red Flags|https://www.wsj.com/articles/solarwinds-hackers-attack-on-email-security-company-raises-new-red-flags-11610510375]]|
|2021.01.12|Bleeping Computer|![[New Sunspot malware found while investigating SolarWinds hack|https://www.bleepingcomputer.com/news/security/new-sunspot-malware-found-while-investigating-solarwinds-hack/]] |
|2021.01.12|Bleeping Computer|![[SolarLeaks site claims to sell data stolen in SolarWinds attacks|https://www.bleepingcomputer.com/news/security/solarleaks-site-claims-to-sell-data-stolen-in-solarwinds-attacks/]] |
|2021.01.12|Dark Reading|[[More SolarWinds Attack Details Emerge|https://www.darkreading.com/threat-intelligence/more-solarwinds-attack-details-emerge/d/d-id/1339885]]|
|bgcolor:#F5DF4D;2021.01.12|GBHackers on Security|[[SolarWinds Hack – Multiple Similarities Found Between Sunburst Backdoor and Turla's Backdoor|https://gbhackers.com/solarwinds-backdoor-similarities/]]|
|2021.01.11|Security Week|[[Kaspersky Connects SolarWinds Attack Code to Known Russian APT Group|https://www.securityweek.com/malware-used-solarwinds-attack-linked-backdoor-attributed-turla-cyberspies]]|
|2021.01.11|Secplicity|[[The Hack of the Decade|https://www.secplicity.org/2021/01/11/the-hack-of-the-decade/]] ([[podcast|https://media.blubrry.com/the_443/content.blubrry.com/the_443/The_443-131-The_Hack_of_the_Decade.mp3]])|
|>|>|>||
|2021.01.07|Dark Reading|![[FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack|https://www.darkreading.com/threat-intelligence/fireeyes-mandia-severity-zero-alert-led-to-discovery-of-solarwinds-attack/d/d-id/1339851]] |
|2021.01.07|Dark Reading|[[DoJ's Microsoft 365 Email Accounts Compromised in SolarWinds Attacks|Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reportssed-in-solarwinds-attacks/d/d-id/1339842]]|
|2021.01.06|Bruce Schneier|[[Russia's SolarWinds Attack and Software Security|https://www.schneier.com/blog/archives/2021/01/russias-solarwinds-attack-and-software-security.html]]|
|2021.01.05|Bruce Schneier|[[Latest on the SVR's SolarWinds Hack|https://www.schneier.com/blog/archives/2021/01/latest-on-the-svrs-solarwinds-hack.html]]|
|>|>|>||
|2020.12.31|Bleeping Computer|[[Microsoft: SolarWinds hackers accessed our source code|https://www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-accessed-our-source-code/]]|
|2020.12.31|Dark Reading|[[Microsoft Reveals That Russian Attackers Accessed Some of Its Source Code|https://www.darkreading.com/attacks-breaches/microsoft-reveals-that-russian-attackers-accessed-some-of-its-source-code/d/d-id/1339816]]|
|>|>|>||
|2020.12.30|01 Net[>img[iCSF/flag_fr.png]]|[[SolarWinds : le mystère du hack de l'année élucidé par Microsoft ?|https://www.01net.com/actualites/solarwinds-le-mystere-du-hack-de-l-annee-elucide-par-microsoft-2026032.html]]|
|2020.12.30|GBHackers on Security|[[SolarWinds Hackers Aimed to Access Victim Cloud Assets after deploying the Solorigate Backdoor|https://gbhackers.com/solarsinds-targets-cloud-assets/]]|
|2020.12.30|Bleeping Computer|[[DHS orders federal agencies to update SolarWinds Orion platform|https://www.bleepingcomputer.com/news/security/dhs-orders-federal-agencies-to-update-solarwinds-orion-platform/]]|
|2020.12.30|Security Week|[[Shields Up: How to Tackle Supply Chain Risk Hazards|https://www.securityweek.com/shields-how-tackle-supply-chain-risk-hazards]]|
|>|>|>||
|2020.12.29|Bleeping Computer|[[Microsoft: SolarWinds hackers' goal was the victims' cloud data|https://www.bleepingcomputer.com/news/security/microsoft-solarwinds-hackers-goal-was-the-victims-cloud-data/]]|
|>|>|>||
|2020.12.28|Bleeping Computer|[[CISA releases Azure, Microsoft 365 malicious activity detection tool|https://www.bleepingcomputer.com/news/security/cisa-releases-azure-microsoft-365-malicious-activity-detection-tool/]]|
|>|>|>|!|
|2020.12.27|Forbes|[[Dissecting The SolarWinds Hack For Greater Insights With A Cybersecurity Evangelist|https://www.forbes.com/sites/louiscolumbus/2021/12/27/dissecting-the-solarwinds-hack-for-greater-insights-with-a-cybersecurity-evangelist/]]|
|>|>|>||
|2020.12.26|Bleeping Computer|[[SolarWinds releases updated advisory for new SUPERNOVA malware|https://www.bleepingcomputer.com/news/security/solarwinds-releases-updated-advisory-for-new-supernova-malware/]]|
|2020.12.26|Bleeping Computer|[[VMware latest to confirm breach in SolarWinds hacking campaign|https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/]]|
|>|>|>||
|2020.12.25|Washington Post|[[Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk|https://www.washingtonpost.com/national-security/russia-hack-microsoft-cloud/2020/12/24/dbfaa9c6-4590-11eb-975c-d17b8815a66d_story.html]]|
|2020.12.25|Reuters|[[Suspected Russian hackers used Microsoft vendors to breach customers|https://reuters.com/article/us-global-cyber-usa/suspected-russian-hackers-made-failed-attempt-to-breach-crowdstrike-company-says-idUSKBN28Y1BF]]|
|2020.12.25|Bleeping Computer|[[CrowdStrike releases free Azure security tool after failed hack|https://www.bleepingcomputer.com/news/security/crowdstrike-releases-free-azure-security-tool-after-failed-hack/]]|
|2020.12.25|Security Boulevard|[[SUNBURST SolarWinds BackDoor : Crime Scene Forensics Part 2 (continued)|https://securityboulevard.com/2020/12/sunburst-solarwinds-backdoor-crime-scene-forensics-part-2-continued/]]|
|>|>|>||
|2020.12.24|The Hill|[[Hackers accessed Microsoft cloud customers' information through third party: report|https://thehill.com/policy/technology/531649-hackers-accessed-microsoft-cloud-customers-information-through-third-party]]|
|2020.12.24|Reuters|[[U.S. cyber agency says SolarWinds hackers are 'impacting' state, local governments|https://www.reuters.com/article/us-global-cyber-usa/u-s-cyber-agency-says-solarwinds-hackers-are-impacting-state-local-governments-idUSKBN28Y09L]]|
|2020.12.24|Reuters|[[Suspected Russian hackers used Microsoft vendors to breach customers|https://www.reuters.com/article/us-global-cyber-usa-idUSKBN28Y1BF]]|
|2020.12.24|The Intercept|[[SolarWinds Hack Infected Critical Infrastructure, Including Power Industry|https://theintercept.com/2020/12/24/solarwinds-hack-power-infrastructure/]]|
|>|>|>||
|2020.12.23|Security Week|[[Millions of Devices Affected by Vulnerabilities Used in Stolen FireEye Tools|https://www.securityweek.com/millions-devices-affected-vulnerabilities-used-stolen-fireeye-tools]]|
|2020.12.23|Bleeping Computer|[[UK privacy watchdog warns SolarWinds victims to report data breaches|https://www.bleepingcomputer.com/news/security/uk-privacy-watchdog-warns-solarwinds-victims-to-report-data-breaches/]]|
|2020.12.23|//Security Risk Advisors//|[[SolarWinds Breach: How do we stop this from happening again?|https://sra.io/blog/solarwinds-breach-how-do-we-stop-this-from-happening-again/]]|
|2020.12.23|//XM Cyber//|[[Here's How the Recent SolarWinds Supply Chain Attack Could Be Easily Stopped|https://www.xmcyber.com/heres-how-the-recent-solarwinds-supply-chain-attack-could-be-easily-stopped/]]|
|2020.12.23|GeekWire|[[How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack|https://www.geekwire.com/2020/solarwinds-hackers-targeting-cloud-services-unprecedented-cyberattack/]]|
|>|>|>||
|2020.12.22|//McAfee//|[[How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise|https://www.mcafee.com/blogs/other-blogs/mcafee-labs/how-a-device-to-cloud-architecture-defends-against-the-solarwinds-supply-chain-compromise/]]|
|2020.12.22|Reuters|[['Dozens of email accounts' were hacked at U.S. Treasury -Senator Wyden|https://www.reuters.com/article/us-global-cyber/u-s-treasury-confirms-solarwinds-hack-as-more-officials-blame-russia-idUSKBN28V2DX]]|
|2020.12.22|Hack Read|[[The ongoing investigation into the SolarWinds supply chain cyberattack indicates the involvement of another APT group|https://www.hackread.com/two-groups-breached-solarwinds-orion-software-microsoft/]]|
|2020.12.22|Dark Reading|[[SolarWinds Campaign Focuses Attention on 'Golden SAML' Attack Vector|https://www.darkreading.com/attacks-breaches/solarwinds-campaign-focuses-attention-on-golden-saml-attack-vector/d/d-id/1339794]]|
|2020.12.22|Bleeping Computer|[[SolarWinds victims revealed after cracking the Sunburst malware DGA|https://www.bleepingcomputer.com/news/security/solarwinds-victims-revealed-after-cracking-the-sunburst-malware-dga/]]|
|2020.12.22|Bleeping Computer|[[SolarWinds hackers breached US Treasury officials' email accounts|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breached-us-treasury-officials-email-accounts/]]|
|2020.12.22|GBHakers on Security|[[NSA Warns of Cloud Attacks on Authentication Mechanisms|https://gbhackers.com/nsa-warns-of-cloud-attacks/]]|
|>|>|>||
|2020.12.21|The Register|[[Well, on the bright side, the SolarWinds Sunburst attack will spur the cybersecurity field to evolve all over again|https://www.theregister.com/2020/12/21/solarwinds_sunburst_evolve/]]|
|2020.12.21|Security Week|[[VMware, Cisco Reveal Impact of SolarWinds Incident|https://www.securityweek.com/vmware-cisco-reveal-impact-solarwinds-incident]]|
|2020.12.21|Reuters|[[U.S. Treasury has not seen any damage from widespread hack-CNBC|https://www.reuters.com/article/us-usa-cyber-breach-treasury/u-s-treasury-has-not-seen-any-damage-from-widespread-hack-cnbc-idUSKBN28V1X0]]|
|2020.12.21|Help Net Security|[[SolarWinds is the tip of the iceberg|https://www.helpnetsecurity.com/2020/12/21/solarwinds-cybersecurity/]]|
|2020.12.21|Dark Reading|[[We Have a National Cybersecurity Emergency -- Here's How We Can Respond|https://www.darkreading.com/vulnerabilities---threats/we-have-a-national-cybersecurity-emergency----heres-how-we-can-respond/a/d-id/1339766]]|
|2020.12.21|Dark Reading|[[Cisco, Intel, Deloitte Among Victims of SolarWinds Breach: Report|https://www.darkreading.com/threat-intelligence/cisco-intel-deloitte-among-victims-of-solarwinds-breach-report/d/d-id/1339780]]|
|2020.12.21|CSO Online|[[How to prepare for the next SolarWinds-like threat|https://www.csoonline.com/article/3601796/how-to-prepare-for-the-next-solarwinds-like-threat.html]]|
|2020.12.21|Bleeping Computer|[[VMware latest to confirm breach in SolarWinds hacking campaign|https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/]]|
|2020.12.21|Bleeping Computer|[[New SUPERNOVA backdoor found in SolarWinds cyberattack analysis|https://www.bleepingcomputer.com/news/security/new-supernova-backdoor-found-in-solarwinds-cyberattack-analysis/]]|
|2020.12.21|//Cyjax//|[[SolarWinds Supply Chain Attack - Summary and Analysis|https://www.cyjax.com/2020/12/21/solarwinds-supply-chain-attack-summary-and-analysis/]]|
|>|>|>|!|
|2020.12.19|Bleeping Computer|[[The SolarWinds cyberattack: The hack, the victims, and what we know|https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the-hack-the-victims-and-what-we-know/]]|
|>|>|>||
|2020.12.18|Dark Reading|[[Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates|https://www.darkreading.com/attacks-breaches/microsoft-confirms-its-network-was-breached-with-tainted-solarwinds-updates/d/d-id/1339769]]|
|2020.12.18|Dark Reading|[[5 Key Takeaways From the SolarWinds Breach|https://www.darkreading.com/5-key-takeaways-from-the-solarwinds-breach/d/d-id/1339764]]|
|2020.12.18|Bleeping Computer|[[US think tank breached three times in a row by SolarWinds hackers|https://www.bleepingcomputer.com/news/security/us-think-tank-breached-three-times-in-a-row-by-solarwinds-hackers/]]|
|2020.12.18|Bleeping Computer|[[Microsoft identifies 40+ victims of SolarWinds hack, 80% from US|https://www.bleepingcomputer.com/news/security/microsoft-identifies-40-plus-victims-of-solarwinds-hack-80-percent-from-us/]]|
|2020.12.18|Bleeping Computer|[[Microsoft confirms breach in SolarWinds hack, denies infecting others|https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-breach-in-solarwinds-hack-denies-infecting-others/]]|
|2020.12.18|Help Net Security|[[Microsoft was also a victim of the SolarWinds supply chain hack|https://www.helpnetsecurity.com/2020/12/18/microsoft-solarwinds/]]|
|2020.12.18|Security Week|[[Microsoft, Energy Department and Others Named as Victims of SolarWinds Attack|https://www.securityweek.com/microsoft-energy-department-and-others-named-victims-solarwinds-attack]]|
|2020.12.18|The New Stack|[[SolarWinds, the World's Biggest Security Failure and Open Source's Better Answer|https://thenewstack.io/solarwinds-the-worlds-biggest-security-failure-and-open-sources-better-answer/]]|
|2020.12.18|//Security Scorecard//|[[SolarWinds Compromise May Have Begun 5 Months Earlier Than Suspected|https://securityscorecard.com/blog/solarwinds-compromise-may-have-begun-5-months-earlier-than-suspected]]|
|>|>|>||
|2020.12.17|//Radware//|[[FireEye Hack Turns into a Global Supply Chain Attack|https://blog.radware.com/security/2020/12/fireeye-hack-turns-into-a-global-supply-chain-attack/]]|
|2020.12.17|Dark Reading|[[CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach|https://www.darkreading.com/attacks-breaches/cisa-solarwinds-not-the-only-initial-attack-vector-in-massive-breach/d/d-id/1339755]]|
|2020.12.17|Bleeping Computer|[[SolarWinds hackers breach US nuclear weapons agency|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/]]|
|2020.12.17|Bleeping Computer|[[US think tank breached three times in a row by SolarWinds hackers|https://www.bleepingcomputer.com/news/security/nation-state-hackers-breached-us-think-tank-thrice-in-a-row/]]|
|2020.12.17|Bleeping Computer|[[FBI, CISA officially confirm US govt hacks after SolarWinds breach|https://www.bleepingcomputer.com/news/security/fbi-cisa-officially-confirm-us-govt-hacks-after-solarwinds-breach/]]|
|2020.12.17|Bleeping Computer|[[CISA: Hackers breached US govt using more than SolarWinds backdoor|https://www.bleepingcomputer.com/news/security/cisa-hackers-breached-us-govt-using-more-than-solarwinds-backdoor/]]|
|2020.12.17|//Lacework//|[[SolarWinds & the Software Supply Chain|https://www.lacework.com/solarwinds-the-software-supply-chain/]]|
|2020.12.17|//Anomali//|[[The FireEye, SolarWinds Hacks: Adversaries Want Access, How To Protect Your Organization|https://www.anomali.com/resources/podcasts/the-fireeye-solarwinds-hacks-adversaries-want-access-how-to-protect-your-organization]] (podcast)|
|202012.17|//Shift Left//|[[#Solorigate : SUNBURST SolarWinds BackDoor : Crime Scene Forensics|https://medium.com/swlh/sunburst-solarwinds-breach-crime-scene-forensics-continued-aef0ab568e03]]|
|>|>|>||
|2020.12.16|Help Net Security|[[SolarWinds hackers' capabilities include bypassing MFA|https://www.helpnetsecurity.com/2020/12/16/solarwinds-hackers-capabilities/]]|
|2020.12.16|Dark Reading|[[FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond|https://www.darkreading.com/attacks-breaches/fireeye-identifies-killswitch-for-solarwinds-malware-as-victims-scramble-to-respond/d/d-id/1339746]]|
|2020.12.16|Bleeping Computer|[[FireEye, Microsoft create kill switch for SolarWinds backdoor|https://www.bleepingcomputer.com/news/security/fireeye-microsoft-create-kill-switch-for-solarwinds-backdoor/]]|
|2020.12.16|//RedSeal//|[[Lessons for All of Us From the SolarWinds Orion Compromise |https://www.redseal.net/responding-to-the-solarwinds-orion-compromise/]]|
|>|>|>||
|2020.12.15|SANS|[[What You Need to Know About the SolarWinds Supply-Chain Attack|https://www.sans.org/blog/what-you-need-to-know-about-the-solarwinds-supply-chain-attack/]]|
|2020.12.15|Reuters|[[U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack|https://www.reuters.com/article/global-cyber/u-s-homeland-security-thousands-of-businesses-scramble-after-suspected-russian-hack-idUSKBN28O1Z3]]|
|2020.12.15|Dark Reading|[[Concerns Run High as More Details of SolarWinds Hack Emerge|https://www.darkreading.com/attacks-breaches/concerns-run-high-as-more-details-of-solarwinds-hack-emerge/d/d-id/1339726]]|
|2020.12.15|Bleeping Computer|[[Microsoft to quarantine compromised SolarWinds binaries tomorrow|https://www.bleepingcomputer.com/news/security/microsoft-to-quarantine-compromised-solarwinds-binaries-tomorrow/]]|
|2020.12.15|//Cycode//|[[Six AppSec Learnings from Solar Winds|https://cycode.com/blog/six-appsec-learnings-from-solar-winds/]]|
|2020.12.15|//Shift Left//|[[Visual Notes Solarwinds Supply Chain Compromise Using Sunburst Backdoor Detected by Fireeye|https://blog.shiftleft.io/visual-notes-solarwinds-supply-chain-compromise-using-sunburst-backdoor-detected-by-fireeye-561e097fff3c]]|
|>|>|>||
|2020.12.14|Politico|[[Massively disruptive' cyber crisis engulfs multiple agencies|https://www.politico.com/news/2020/12/14/massively-disruptive-cyber-crisis-engulfs-multiple-agencies-445376]]|
|2020.12.14|Help Net Security|[[Hackers breached U.S. government agencies via compromised SolarWinds Orion software|https://www.helpnetsecurity.com/2020/12/14/compromised-solarwinds-orion/]]|
|2020.12.14|Dark Reading|[[18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack |https://www.darkreading.com/attacks-breaches/18000-organizations-possibly-compromised-in-massive-supply-chain-cyberattack-/d/d-id/1339716]]|
|2020.12.14|Bleeping Computer|[[US govt, FireEye breached after SolarWinds supply-chain attack|https://www.bleepingcomputer.com/news/security/us-govt-fireeye-breached-after-solarwinds-supply-chain-attack/]]|
|2020.12.15|//Malwarebytes//|[[SolarWinds advanced cyberattack: What happened and what to do now|https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/]]|
|>|>|>|!|
|2020.12.13|Washington Post|[[Russian government hackers are behind a broad espionage campaign that has compromised U.S. agencies, including Treasury and Commerce|https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html]]|
|2020.12.13|The Hacker News|[[US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor|https://thehackernews.com/2020/12/us-agencies-and-fireeye-were-hacked.html]]|
|2020.12.13|The Guardian|[[US treasury hacked by foreign government group - report|https://www.theguardian.com/technology/2020/dec/13/us-treasury-hacked-group-backed-by-foreign-government-report]]|
|2020.12.13|Security Week|[[US Investigating Computer Hacks of Government Agencies|https://www.securityweek.com/us-investigating-computer-hacks-government-agencies]]|
|2020.12.13|New York Times|[[Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect|https://www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html]]|
|>|>|>||
|2020.12.10|Dark Reading|[[FireEye Breach Fallout Yet to Be Felt|https://www.darkreading.com/threat-intelligence/fireeye-breach-fallout-yet-to-be-felt/d/d-id/1339680]]|
|>|>|>||
|2020.12.08|Dark Reading|[[Nation-State Hackers Breached FireEye, Stole Its Red Team Tools|https://www.darkreading.com/attacks-breaches/nation-state-hackers-breached-fireeye-stole-its-red-team-tools/d/d-id/1339652]]|
|>|>|>|!|
!Autres Sources / Other sources
|>|>|>|Ce fond indique des mises à jour ''pertinentes'' du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|2021.02.26|Security Week|[[Microsoft Releases Open Source Resources for Solorigate Threat Hunting|https://www.securityweek.com/microsoft-releases-open-source-resources-solorigate-threat-hunting]]|
|2021.02.23|Dark Reading|[[SolarWinds Attackers Lurked for 'Several Months' in FireEye's Network|https://www.darkreading.com/threat-intelligence/solarwinds-attackers-lurked-for-several-months-in-fireeyes-network/d/d-id/1340239]]|
|2021.02.15|The Register|[[Microsoft says it found 1,000-plus developers' fingerprints on the SolarWinds attack|https://www.theregister.com/2021/02/15/solarwinds_microsoft_fireeye_analysis/]]|
|2021.02.12|//Thinkst//|[[On SolarWinds, Supply Chains and Enterprise Networks|https://blog.thinkst.com/2021/02/on-solarwinds-supply-chains-and_12.html]]|
|2021.02.14|CBS News|[[SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments|https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-02-14/]]|
|2021.02.11|Dark Reading|[[7 Things We Know So Far About the SolarWinds Attacks|https://www.darkreading.com/attacks-breaches/7-things-we-know-so-far-about-the-solarwinds-attacks/d/d-id/1340134]]|
|2021.02.07|E-Hacking News|[[SolarWinds CEO: "SolarWinds Orion Development Program was Exploited by the Hackers"|https://www.ehackingnews.com/2021/02/solarwinds-ceo-solarwinds-orion.html]]|
|2021.02.05|//McAfee//|[[6 Best Practices for SecOps in the Wake of the Sunburst Threat Campaign|https://www.mcafee.com/blogs/enterprise/security-operations/6-best-practices-for-secops-in-the-wake-of-the-sunburst-threat-campaign/]]|
|2021.02.03|//Perimeter 81//|[[Make Sure the Next SolarWinds Isn’t In Your Supply Chain|https://www.perimeter81.com/blog/cloud/how-to-make-sure-the-next-solarwinds-isnt-in-your-supply-chain/]]|
|2021.01.29|Wall Street Journal|[[ |https://www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-solarwinds-software-investigators-say-11611921601]]|
|2021.01.27|//Cybereason//|[[SolarWinds Attacks Highlight Advantage of Indicators of Behavior for Early Detection|https://www.cybereason.com/blog/solarwinds-attacks-highlight-advantage-of-indicators-of-behavior-for-early-detection]]|
|2021.01.26|Security Week|[[More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack|https://www.securityweek.com/more-cybersecurity-firms-confirm-being-hit-solarwinds-hack]]|
|2021.01.20|Security Week|[[Malwarebytes Targeted by SolarWinds Hackers|https://www.securityweek.com/malwarebytes-targeted-solarwinds-hackers]]|
|2021.01.15|//Varonis//|[[Threat Update 21 – SolarLeaks|https://www.varonis.com/blog/threat-update-21-solarleaks/]] ([[vidéo|https://www.youtube.com/watch?v=TSAbkRAM1qo]])|
|2021.01.15|//Avast//|[[Microsoft source code allegedly for sale on SolarLeaks site|https://blog.avast.com/solarleaks-selling-alleged-source-code-from-microsoft-cisco-avast]]|
|2021.01.14|//eSentire//|[[The SolarWinds supply chain compromise (Part 2)|https://www.esentire.com/blog/the-solarwinds-supply-chain-compromise-part-2]]|
|2021.01.14|Wall Street Journal|[[SolarWinds Hack Forces Reckoning With Supply-Chain Security|https://www.wsj.com/articles/solarwinds-hack-forces-reckoning-with-supply-chain-security-11610620200]]|
|2021.01.13|Security Week|[[SolarLeaks: Files Allegedly Obtained in SolarWinds Hack Offered for Sale|https://www.securityweek.com/solarleaks-files-allegedly-obtained-solarwinds-hack-offered-sale]]|
|2021.01.13|Security Week|[[Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack|https://www.securityweek.com/mimecast-discloses-certificate-incident-possibly-related-solarwinds-hack]]|
|2021.01.12|//RiskRecon//|[[Three key questions and answers surrounding the SolarWinds Breach|https://blog.riskrecon.com/securing-the-supply-chain-next-steps-following-the-solarwinds-event]]|
|2021.01.12|//Cloud Passage//|[[SolarWinds Orion Compromise Vulnerability Mitigation|https://www.cloudpassage.com/articles/solarwinds-orion-compromise-mitigation/]]|
|2021.01.12|Wall Street Journal|[[SolarWinds Discloses Earlier Evidence of Hack|https://www.wsj.com/articles/solarwinds-discloses-earlier-evidence-of-hack-11610473937]]|
|2021.01.07|Security Week|[[Continuous Updates: Everything You Need to Know About the SolarWinds Attack|https://www.securityweek.com/continuous-updates-everything-you-need-know-about-solarwinds-attack]]|
|2021.01.07|Wall Street Journal|[[Federal Judiciary’s Systems Likely Breached in SolarWinds Hack|https://www.wsj.com/articles/federal-judiciarys-systems-likely-breached-in-solarwinds-hack-11610040175]]|
|2021.01.07|Reuters|[[Hacking victim SolarWinds hires ex-Homeland Security official Krebs as consultant|https://www.reuters.com/article/global-cyber-solarwinds/hacking-victim-solarwinds-hires-ex-homeland-security-official-krebs-as-consultant-idUSL1N2JJ069]]|
|2021.01.07|Dark Reading| → [[SolarWinds Hires Chris Krebs and Alex Stamos for Breach Recovery|https://www.darkreading.com/threat-intelligence/solarwinds-hires-chris-krebs-and-alex-stamos-for-breach-recovery/d/d-id/1339861]]|
|2021.01.07|Tech Beacon|[[SolarWinds hack: Who's to blame? It's complicated|https://techbeacon.com/security/solarwinds-hack-whos-blame-its-complicated]]|
|2021.01.07|JetBrains|[[An Update on SolarWinds|https://blog.jetbrains.com/blog/2021/01/07/an-update-on-solarwinds/]]|
|2021.01.07|Bleeping Computer| &rarrd; [[JetBrains denies involvement in the SolarWinds supply-chain hack|https://www.bleepingcomputer.com/news/security/jetbrains-denies-involvement-in-the-solarwinds-supply-chain-hack/]]|
|2021.01.07|Dark Reading|[[Investigation Launched Into Role of JetBrains Product in SolarWinds Hack: Reports|https://www.securityweek.com/investigation-launched-role-jetbrains-product-solarwinds-hack-reports]]|
|2021.01.07|DZone|[[API Security Weekly / Vulnerability: SolarWinds|https://dzone.com/articles/api-security-weekly-issue-115]]|
|2021.01.06|Wall Street Journal|[[SolarWinds Hack Breached Justice Department System|https://www.wsj.com/articles/solarwinds-hack-breached-justice-department-systems-11609958761]]|
|2021.01.06|New York Times|[[Widely Used Software Company May Be Entry Point for Huge U.S. Hacking|https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html]]|
|2021.01.06|Reuters|[[FBI probe of major hack includes project-management software from JetBrains: sources|https://www.reuters.com/article/us-global-cyber-jetbrains/fbi-probe-of-major-hack-includes-project-management-software-from-jetbrains-sources-idUSKBN29B2RR]]|
|2021.01.06|JetBrains|[[Statement on the Story from The New York Times Regarding JetBrains and SolarWinds|https://blog.jetbrains.com/blog/2021/01/06/statement-on-the-story-from-the-new-york-times-regarding-jetbrains-and-solarwinds/]]|
|2021.01.06|Bleeping Computer|[[SolarWinds hackers had access to over 3,000 US DOJ email accounts|https://www.bleepingcomputer.com/news/security/solarwinds-hackers-had-access-to-over-3-000-us-doj-email-accounts/]]|
|2021.01.06|Security Week|[[Class Action Lawsuit Filed Against SolarWinds Over Hack|https://www.securityweek.com/class-action-lawsuit-filed-against-solarwinds-over-hack]]|
|2021.01.05|Dark Reading|[[FBI, CISA, NSA & ODNI Cite Russia in Joint Statement on 'Serious' SolarWinds Attacks|https://www.darkreading.com/risk/fbi-cisa-nsa-and-odni-cite-russia-in-joint-statement-on-serious-solarwinds-attacks/d/d-id/1339829]]|
|2021.01.05|Dark Reading|[[SolarWinds Hit With Class-Action Lawsuit Following Orion Breach|https://www.darkreading.com/threat-intelligence/solarwinds-hit-with-class-action-lawsuit-following-orion-breach/d/d-id/1339831]]|
|2021.01.04|Security Week|[[Over 250 Organizations Breached via SolarWinds Supply Chain Hack: Report|https://www.securityweek.com/over-250-organizations-breached-solarwinds-supply-chain-hack-report]]|
|2021.01.04|The Telegraph|[[SolarWinds Hack 'May Have Started in Eastern Europe', US Investigators Believe|https://www.telegraph.co.uk/technology/2021/01/04/solarwinds-hack-may-have-started-eastern-europe-us-investigators/]]|
|2021.01.03|Romain du Marais[img[iCSF/flag_fr.png]]|[[Décryptage : Finir 2020 avec un énorme piratage - SolarWinds et FireEye|https://www.youtube.com/watch?v=_mb32hajks4]]|
|2021.01.02|New York Times|[[As Understanding of Russian Hacking Grows, So Does Alarm|https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html]]|
|2020.12.31|//Palo Alto Networks//|[[Cortex XDR: Fortify the SOC Against SolarStorm, Variants and Imitators|https://blog.paloaltonetworks.com/2020/12/cortex-solarstorm-variants-imitators/]]|
|2020.12.31|//XM Cyber//|[[Lessons Learned from the SolarWinds SUNBURST Attack|https://www.xmcyber.com/lessons-learned-from-the-solarwinds-sunburst-attack/]]|
|2020.12.29|//CyCognito//|[[SUNBURST exposes supply chain security risks|https://www.cycognito.com/blog/cyber-risks-and-the-importance-of-attack-surface-management]]|
|2020.12.28|GeekWire|[[How hacked is hacked? Here's a ‘hack scale' to better understand the SolarWinds cyberattacks|https://www.geekwire.com/2020/hacked-hacked-heres-hack-scale-better-understand-solarwinds-cyberattacks/]]|
|2020.12.28|//eSentire//|[[The SolarWinds supply chain compromise|https://www.esentire.com/blog/threat-intelligence-the-solarwinds-compromise]]|
|2020.12.22|//VIPRE//|[[FireEye/SolarWinds/SUNBURST Hack – What You Need to Know|https://www.vipre.com/blog/fireeye-solarwinds-sunburst-hack-what-you-need-to-know/]]|
|2020.12.22|//Cybereason//|[[Cybereason vs. SolarWinds Supply Chain Attack|https://www.cybereason.com/blog/cybereason-vs-solarwinds-supply-chain-attack]]|
|2020.12.21|Wall Street Journal|[[SolarWinds Hack Hit Office Home to Top Treasury Department Officials|https://www.wsj.com/articles/barr-points-finger-at-russia-for-solarwinds-hack-11608573971]]|
|2020.12.18|//Shared Assessments//|[[Resolve to Prepare for Supply Chain Cyber Attacks with Better Vendor Risk Management Practices in 2021|https://sharedassessments.org/blog/resolve-to-prepare-for-supply-chain-cyber-attacks-with-better-vendor-risk-management-practices-in-2021/]]|
|2020.12.17|//FireEye//|[[DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors|https://www.fireeye.com/blog/products-and-services/2020/12/how-mandiant-tracks-uncategorized-threat-actors.html]]|
|2020.12.17|Security Week|[[Supply Chain Attack: CISA Warns of New Initial Attack Vectors Posing 'Grave Risk'|https://www.securityweek.com/supply-chain-attack-cisa-warns-new-initial-attack-vectors-posing-grave-risk]]
|2020.12.17|Fedscoop|[[SolarWinds recap: All of the federal agencies caught up in the Orion breach|https://www.fedscoop.com/solarwinds-recap-federal-agencies-caught-orion-breach/]]|
|2020.12.17|Reuters|[[Exclusive : Microsoft Breached in Suspected Russian Hack Using SolarWinds|https://www.reuters.com/article/global-cyber-microsoft-exclusive-int-idUSKBN28R3BW]]|
|2020.12.17|The Intercept|[[Russian Hackers Have Been Inside Austin City Network for Months|https://theintercept.com/2020/12/17/russia-hack-austin-texas/]]|
|2020.12.16|GeekWire|[[Microsoft unleashes ‘Death Star' on SolarWinds hackers in extraordinary response to breach|https://www.geekwire.com/2020/microsoft-unleashes-death-star-solarwinds-hackers-extraordinary-response-breach/]]|
|2020.12.15|Wall Street Journal|[[Suspected Russian Cyberattack Began With Ubiquitous Software Company|https://www.wsj.com/articles/suspected-russian-cyberattack-began-with-a-little-known-but-ubiquitous-software-company-11608036495]]|
|2020.12.15|Security Week|[[Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank|https://www.securityweek.com/group-behind-solarwinds-hack-bypassed-mfa-access-emails-us-think-tank]]|
|2020.12.14|Reuters|[[Scope of Russian Hack Becomes Clear : Multiple U.S. Agencies Were Hit|https://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html]]|
|2020.12.14|Reuters|[[Suspected Russian Hackers Spied on U.S. Treasury Emails|https://www.reuters.com/article/us-usa-cyber-treasury-exclusive-idUSKBN28N0PG]]|
|2020.12.14|Reuters|[[Suspected Russian Hackers Breached U.S. Department of Homeland Security|https://www.reuters.com/article/us-global-cyber-usa-dhs-idUSKBN28O2LY]]|
|2020.12.14|Reuters|[[Global Security Teams Assess Impact of Suspected Russian Cyber Attack|https//www.reuters.com/article/us-usa-cyber-treasury-britain-idUSKBN28O1K3]]|
|2020.12.14|Lawfare|[[Quick Thoughts on the Russia Hack|https://www.lawfareblog.com/quick-thoughts-russia-hack]]|
|2020.12.14|Lawfare|[[The SolarWinds Breach: Why Your Work Computers Are Down Today|https://www.lawfareblog.com/solarwinds-breach-why-your-work-computers-are-down-today]]|
|2020.12.14|The Register|[[Backdoored SolarWinds Software, Linked to US Govt Hacks, in Wide Use throughout the British Public Sector|https://www.theregister.com/2020/12/14/solarwinds_public_sector/]]|
|2020.12.13|New York Times|[[Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect|https://www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html]]|
|2020.12.08|Reuters|[[U.S. Cybersecurity Firm FireEye Discloses Breach, Theft of Hacking Tools|https://www.reuters.com/article/us-fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-hacking-tools-idUSKBN28I31E]]|
!Outils et codes d'exploitation disponibles
|>|>|>|bgcolor:#F5DF4D;Ce fond indique des mises à jour du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|bgcolor:#F5DF4D;2021.02.16|//NetreseC//|[[SunburstDomainDecoder v2.0|https://www.netresec.com/files/SunburstDomainDecoder.zip]] (zip)|
|>|>|>||
|2021.01.12|//FireEye//|[[Mandiant Azure AD Investigator: Focusing on UNC2452 TTPs|https://github.com/fireeye/Mandiant-Azure-AD-Investigator]]|
|>|>|>||
|2021.01.07|//SentinelOne//|[[SolarWinds Countermeasures|https://github.com/SentineLabs/SolarWinds_Countermeasures]]|
|>|>|>||
|2020.12.24|CISA|![[Sparrow.ps1|https://github.com/cisagov/Sparrow]] aide à détecter des comptes et des applications potentiellement compromis dans l'environnement Azure/M365|
|2020.12.24|//CrowdStrike//|![[CrowdStrike Reporting Tool for Azure (CRT)|https://github.com/CrowdStrike/CRT]]|
|2020.12.24|//SolarWinds//|![[Mitigate-TestAction.ps1|https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip]] met à jour la 'web.config' pour contrer l'exploitation de code à distance (RCE) via TestAction (script powershell à extraire) |
|>|>|>||
|2020.12.22|//True Sec//|[[Sunburst Decoder|https://github.com/Truesec/sunburst-decoder]]|
|>|>|>||
|2020.12.16|Rohit Bansal|[[subdomain & #DGA domain names, #SolarWinds, attacked by #UNC2452 @0xrb|https://pastebin.com/6EDgCKxd]]|
|>|>|>||
|2020.12.15|//Microsoft//|[[Outil de détection Microsoft|https://github.com/Azure/Azure-Sentinel/blob/master/Detections/SigninLogs/AzureAADPowerShellAnomaly.yaml]]|
|2020.12.15|//QiAnXin//|[[SunBurst DGA Decode Script|https://github.com/RedDrip7/SunBurst_DGA_Decode]]|
|>|>|>|!|
|2017.11.27|//CyberArk//|[[shimit|https://github.com/cyberark/shimit]] : script en python tool qui lance l'attaque 'Golden SAML'|
!Indicateurs de compromission/IOCs et marqueurs disponibles
|>|>|>|bgcolor:#F5DF4D;Ce fond indique des mises à jour du tableau depuis la semaine dernière |
|!Dates|!Sources|!Titres et Liens|
|2021.01.17|//WhoisXML API//|![[Cyber Threat Intel Analysis and Expansion of SolarWinds Identified IoCs|http://www.circleid.com/posts/20210117-cyberthreat-intel-analysis-expansion-of-solarwinds-identified-iocs/]] |
|>|>|>|!|
|2021.01.11|//CrowdStrike//|![[SUNSPOT: An Implant in the Build Process|https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/]] |
|2021.01.11|Malpedia|![[Kazuar|https://malpedia.caad.fkie.fraunhofer.de/details/win.kazuar]] ([[règles YARA|https://malpedia.caad.fkie.fraunhofer.de/yara/win.kazuar]])|
|>|>|>|!|
|2021.01.07|CISA|![[AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations|https://us-cert.cisa.gov/ncas/alerts/aa20-352a]] (mise à jour) |
|>|>|>|!|
|2021.01.04|Itay Cohen|[[SUNBURST Cracked|https://github.com/ITAYC0HEN/SUNBURST-Cracked]]: Sunburst modified version of the malicious backdoor in a class named OrionImprovementBusinessLayer, decompiled with some modifications|
|>|>|>|!|
|2020.12.29|Jin Wook Kim|[[CVE-2020-10148 SolarWinds Orion local file disclosure & PoC (Tested)|https://twitter.com/wugeej/status/1343792263806164997?s=21]]|
|2020.12.29|0xsha|[[Solarwinds_Orion_LFD.py|https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965]]: Code de démonstration CVE-2020-10148|
|>|>|>|!|
|2020.12.23|//Palo Alto Networks//|![[A Timeline Perspective of the SolarStorm Supply-Chain Attack|https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/]] |
|2020.12.22|etlownoise|[[fakesunburst: Defanged version of sunburst backdoor|https://github.com/etlownoise/fakesunburst]]|
|2020.12.22|//Checkpoint Software//|[[SUNBURST, TEARDROP and the NetSec New Normal|https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal/]]|
|>|>|>|!|
|2020.12.19|Bleeping Computer|[[The SolarWinds cyberattack: The hack, the victims, and what we know|https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the-hack-the-victims-and-what-we-know/]]|
|2020.12.18|//Microsoft//|[[Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers|https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/]]|
|2020.12.18|//Sentinel One//|[[SolarWinds SUNBURST Backdoor: Inside the APT Campaign|https://labs.sentinelone.com/solarwinds-sunburst-backdoor-inside-the-stealthy-apt-campaign/]]|
|2020.12.17|CISA|![[AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations|https://us-cert.cisa.gov/ncas/alerts/aa20-352a]] |
|2020.12.17|//Palo Alto Networks//|[[SUPERNOVA: A Novel .NET Webshell|https://unit42.paloaltonetworks.com/solarstorm-supernova/]]|
|2020.12.17|//McAfee//|[[Additional Analysis into the SUNBURST Backdoor|https://www.mcafee.com/blogs/other-blogs/mcafee-labs/additional-analysis-into-the-sunburst-backdoor/]]|
|2020.12.16|//Reversing Labs//|[[SunBurst: the next level of stealth|https://blog.reversinglabs.com/blog/sunburst-the-next-level-of-stealth]]|
|2020.12.16|Rohit Bansal|[[subdomain & #DGA domain names, #SolarWinds, attacked by #UNC2452 @0xrb|https://pastebin.com/6EDgCKxd]]|
|2020.12.15|OS Context|[[SUNBURST: Unredacted pDNS information available|https://ioc.oscontext.io/]]|
|2020.12.15||[[SolarWinds/SunBurst FNV-1a-XOR hash founds analysis|https://docs.google.com/spreadsheets/d/1u0_Df5OMsdzZcTkBDiaAtObbIOkMa5xbeXdKk_k0vWs/edit#gid=0]]|
|2020.12.15|//Symantec//|[[Sunburst: Supply Chain Attack Targets SolarWinds Users|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sunburst-supply-chain-attack-solarwinds]]|
|2020.12.15|//Sophos//|[[Threathunt for the Solarwinds Compromise|https://github.com/sophos-cybersecurity/solarwinds-threathunt]]|
|2020.12.15|//Netskope//|[[Netskope Threat Coverage: SUNBURST & FireEye Red Team (Offensive Security) Tools|https://www.netskope.com/blog/netskope-threat-coverage-sunburst-fireeye-red-team-offensive-security-tools]]|
|2020.12.15|//Picus Security//|[[Tactics, Techniques, and Procedures (TTPs) Used in the SolarWinds Breach|https://www.picussecurity.com/resource/blog/ttps-used-in-the-solarwinds-breach]]|
|2020.12.15|//Elastic|[[Elastic Security provides free and open protections for SUNBURST|https://www.elastic.co/fr/blog/elastic-security-provides-free-and-open-protections-for-sunburst]]|
|2020.12.15|Pastebin|[[Compromised systems according to RedDrip|https://pastebin.com/raw/G7mnW5Zk]]|
|2020.12.14|John Bambenek|[[Sunburst Indicators|https://github.com/bambenek/research/tree/main/sunburst]]|
|2020.12.14|//Volexity//|![[Dark Halo Leverages SolarWinds Compromise to Breach Organizations|https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/]]|
|2020.12.14|//Cado Security//|[[Responding to Solarigate|https://www.cadosecurity.com/post/responding-to-solarigate]]|
|2020.12.14|//Sophos//|[[TEARDROP IOCs|https://github.com/sophos-cybersecurity/solarwinds-threathunt/blob/master/iocs.csv]]|
|2020.12.13|Malware Bazaar|[[sunburst|https://bazaar.abuse.ch/browse.php?search=tag%3Asunburst]] (@@màj: 28.12.2020@@)|
|2020.12.13|//Microsoft//|![[Customer Guidance on Recent Nation-State Cyber Attacks|https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/]] |
|2020.12.13|//FireEye//|![[FireEye Mandiant SunBurst Countermeasures|https://github.com/fireeye/sunburst_countermeasures]]|
|2020.12.13|Joe Slowik|[[CNAME records associated with the #SUNBURST malware C2 beacon via @DomainTools Iris|https://twitter.com/jfslowik/status/1338321984527228928]] ([[pastebin|https://pastebin.com/T0SRGkWq]]))|
|>|>|>|!|
|2020.12.12|//FireEye//|[[Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor|https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html]]|
|2020.12.11|//Picus Security//|[[It is Time to Take Action - How to Defend Against FireEye's Red Team Tools|https://www.picussecurity.com/resource/blog/how-to-defend-against-fireeye-s-red-team-tools]]|
|2020.12.10|//Picus Security//|[[Tactics, Techniques and Procedures (TTPs) Utilized by FireEye's Red Team Tools|https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools]]|
|2020.12||[[SunBurst2|https://docs.google.com/spreadsheets/d/1fpyFt0GL2Swxn0Ihw43eu-kM7HlJXni0EvFYqqMRTz8/edit#gid=339435444]]|
|>|>|>|!|
!Source: MITRE ATT&CK [[G0118|https://attack.mitre.org/groups/G0118/]]
{{ss2col{
* [[T1003|https://attack.mitre.org/techniques/T1003]] OS Credential Dumping: DCSync
* [[T1005|https://attack.mitre.org/techniques/T1005]] Data from Local System
* [[T1018|https://attack.mitre.org/techniques/T1018]] Remote System Discovery
* [[T1021|https://attack.mitre.org/techniques/T1021]] Remote Services: Windows Remote Management
* [[T1027|https://attack.mitre.org/techniques/T1027]] Obfuscated Files or Information
* [[T1036|https://attack.mitre.org/techniques/T1036]] Masquerading
* [[T1047|https://attack.mitre.org/techniques/T1047]] Windows Management Instrumentation
* [[T1048|https://attack.mitre.org/techniques/T1048]] Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
* [[T1053|https://attack.mitre.org/techniques/T1053]] Scheduled Task/Job: Scheduled Task
* [[T1057|https://attack.mitre.org/techniques/T1057]] Process Discovery
* [[T1059|https://attack.mitre.org/techniques/T1059]] Command and Scripting Interpreter: PowerShell
* [[T1069|https://attack.mitre.org/techniques/T1069]] Permission Groups Discovery
* [[T1070|https://attack.mitre.org/techniques/T1070]] Indicator Removal on Host
* [[T1071|https://attack.mitre.org/techniques/T1071]] Application Layer Protocol: Web Protocols
* [[T1074|https://attack.mitre.org/techniques/T1074]] Data Staged: Remote Data Staging
* [[T1078|https://attack.mitre.org/techniques/T1078]] Valid Accounts
* [[T1082|https://attack.mitre.org/techniques/T1082]] System Information Discovery
* [[T1083|https://attack.mitre.org/techniques/T1083]] File and Directory Discovery
* [[T1087|https://attack.mitre.org/techniques/T1087]] Account Discovery
* [[T1090|https://attack.mitre.org/techniques/T1090]] Proxy: Internal Proxy
* [[T1098|https://attack.mitre.org/techniques/T1098]] Account Manipulation: Exchange Email Delegate Permissions
* [[T1105|https://attack.mitre.org/techniques/T1105]] Ingress Tool Transfer
* [[T1114|https://attack.mitre.org/techniques/T1114]] Email Collection: Remote Email Collection
* [[T1140|https://attack.mitre.org/techniques/T1140]] Deobfuscate/Decode Files or Information
* [[T1190|https://attack.mitre.org/techniques/T1190]] Exploit Public-Facing Application
* [[T1195|https://attack.mitre.org/techniques/T1195]] Supply Chain Compromise: Compromise Software Supply Chain
* [[T1218|https://attack.mitre.org/techniques/T1218]] Signed Binary Proxy Execution: Rundll32
* [[T1482|https://attack.mitre.org/techniques/T1482]] Domain Trust Discovery
* [[T1484|https://attack.mitre.org/techniques/T1484]] Domain Policy Modification: Domain Trust Modification
* [[T1546|https://attack.mitre.org/techniques/T1546]] Event Triggered Execution: Windows Management Instrumentation Event Subscription
* [[T1550|https://attack.mitre.org/techniques/T1550]] Use Alternate Authentication Material
* [[T1552|https://attack.mitre.org/techniques/T1552]] Unsecured Credentials: Private Keys
* [[T1553|https://attack.mitre.org/techniques/T1553]] Subvert Trust Controls: Code Signing
* [[T1555|https://attack.mitre.org/techniques/T1555]] Credentials from Password Stores
* [[T1558|https://attack.mitre.org/techniques/T1558]] Steal or Forge Kerberos Tickets: Kerberoasting
* [[T1560|https://attack.mitre.org/techniques/T1560]] Archive Collected Data: Archive via Utility
* [[T1562|https://attack.mitre.org/techniques/T1562]] Impair Defenses: Disable or Modify System Firewall
* [[T1568|https://attack.mitre.org/techniques/T1568]] Dynamic Resolution
* [[T1587|https://attack.mitre.org/techniques/T1587]] Develop Capabilities: Malware
* [[T1606|https://attack.mitre.org/techniques/T1606]] Forge Web Credentials: Web Cookies
}}}
<<tiddler [[2020.06.05 - Vers un Cloud souverain européen avec GAIA-X ?]]>>
[img(75%,1px)[iCSF/BluePixel.gif]]
Extrait d'un micro-article d'Arnaud Alcabez sur LinkedIN//
<<<
[>img(500px,auto)[iCSF/L1GAIA.jpg]]Vocabulaire GAIA-X donné durant la plénière du French GAIA-X Hub.
* Un "Data Space" est constitué de deux unités de base : Les objets et les infrastructures.
** Voici quelques "Data Spaces" : Énergie, Mobilité, Santé, Finance, Aérospatial, Green Deal. (L'Agriculture n'a pas été citée).
* Les "Data Spaces" sont sectoriels dans un premier temps et à plus long terme, transversaux. Leur substrat : L’échange – et la valorisation – de données dans un contexte "souverain".
* Contexte "Souverain" : La capacité des propriétaires de données à en disposer pleinement. C’est-à-dire de décider à la fois de leur localisation, de qui peut les traiter et à quelles fins.
* Chaque "Data Space" compte à sa tête un "Préfigurateur" dont l'objectif est de mettre sur pied un groupe de travail. Il réunit des entreprises intéressées, puis dialogue avec les acteurs de la filière industrielle du cloud.
* Chaque "Data Space" doit disposer d'objets en "Jumeaux Numériques" (digital twins), c'est à dire des objets de l’écosystème qui seront traités indifféremment par les infrastructures.
* Les "Data Spaces" pourront être reliés par "Jonctions", comme par exemple entre les "Data Spaces" « Énergie » et « Mobilité ». La "Jonction" sera définie par un "Comité au niveau européen" dont la construction reste à l’étude.
<<<
//(source: Arnaud Alcabez)
<<tiddler [[2021.02.28 - Veille - Février 2021]]>>
* 2021.''07.22'' → distanciel/online • SecurityWeek [[Cloud Security Summit|https://www.securityweek.com/securityweek-announces-virtual-cybersecurity-event-schedule-2021]]
* 2021.''11.23 & 24'' → "Cloud & Cyber Security Expo" • Paris Porte de Versailles
/% * 2021.''03.03'' → distanciel/online • ''[[Google Cloud Security Talks|https://cloudonair.withgoogle.com/events/security-talks-march-2021]]''
* 2021.''04.13 & 14'' → distanciel/online • ''EMEA Summit, Secure the Cloud Across Borders'' %/
<<tiddler [[2021.02.14 - Newsletter #103]]>>
[>img[iCSF/SolarWinds.jpg]]{{floatC{@@color:#00F;Dernière mise à jour le ''10 février 2021'' • Last update on ''February 10th, 2021''@@}}}
<<tabs tSolar 'Synthèse' '' [[KSolarExec]] 'Chronologie' '' [[KSolarChrono]] 'Cibles initiales' '' [[KSolarTargets]] 'Vecteurs' '' [[KSolarVectors]] 'Victimes' '' [[KSolarVictims]] 'Sources Officielles' '' [[KSolarOfficial]] 'Sources Primaires' '' [[KSolarPrimary]] 'Sources Secondaires' '' [[KSolarSecondary]] 'Autres' '' [[KSolarOthers]] 'Outils' '' [[KSolarTools]] 'IOCs' '' [[KSolarIOCs]]>><<tiddler [[arOund0C]]>>
<<tiddler [[Prochain CCSK en français]]>>
<<tiddler fFormCCSK with: 'lundi 10 mars 2021' 'lundi 10 et mardi 11 mars 2021' 'lundi 10, mardi 11 et mercredi 12 mars 2021'>>
<<tiddler [[2021.02.10 - Actu : Point de situation sur l'incident SolarWinds/SolarStorm]]>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202103>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202103>>
<<tiddler fAll2Tabs10 with: VeilleM","_202103>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - mars 2021]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202103>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - mars 2021]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - mars 2021]]>><<tiddler fAll2LiTabs13end with: 'Actu","202103'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202103'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - mars 2021]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202103'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - mars 2021]]>>
Aucun article pour le moment/%
!//§TITLE§//
[>img(150px,auto)[iCSA/§IMG§.jpg]]^^Article publié le §DD-XX§ mars 2021 sur le blog de la CSA, et sur le site de §SITE§ le §DD-TBD§ §MM-TBD§ 2021
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/03/§DD-XX§/§sURL-TBD§/ /% ''[[CloudSecurityAlliance.fr/go/§sGO-CSA§/|https://CloudSecurityAlliance.fr/go/§GO-CSA§/]]''
* Site §SITE-TBD§ ⇒ https://§URL-SITE§/ /% ''[[CloudSecurityAlliance.fr/go/§sGO-SITE§/|https://CloudSecurityAlliance.fr/go/§sGO-SITE§/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
%/
|>|<<tiddler [[2021.03.07 - Weekly Newsletter Hebdomadaire #106]]>> |
|>|<<tiddler [[2021.03.07 - Veille Hebdomadaire - 07 mars]]>>|
!Newsletter Hebdomadaire / Weekly Newsletter • 1 au 7 mars 2021 / March 1st to 7th, 2021
!!1 - Informations CSA / CSA News and Updates
* Actu / News: Bilan / Status ''[[SolarWinds/SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Formation / Training[img[iCSF/flag_fr.png]]: session CCSK en mars / Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
+++*[»]> <<tiddler [[]]>>===
!!2 - Veille / News Watch ([[50+ liens / 50+ links|2021.03.07 - Veille Hebdomadaire - 03 mars]])
* __À lire / Must Read__
** ''
* __Rapports / Reports__
** ''
* __Cloud Services Providers__
** AWS
** Azure
** GCP
** Kubernetes
** Docker & Containers
* __Autres Veilles / Other News Watch__
** TL;DR Security # • The Cloud Security Reading List #
* __Podcasts__
** ''
* __Marché / Market__
** ''
* __Acquisitions__
** ''
* __Divers / Miscellaneous__
** ''
!!3 - Agenda
<<tiddler AgendaFR+EN>>
!!4 - Lien direct / Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/L2L/|https://CloudSecurityAlliance.fr/go/L2L/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 07 mars 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!§MM-FR§|!Sources|!Titres et Liens|
|>|>|>|!À lire / Must read |
|>|>|>||
|>|>|!Menaces / Threats |
|>|>||
|>|>|!Bonnes Pratiques / Best Practices |
|>|>||
|>|>|!Rapports / Reports |
|>|>||
|>|>|!Cloud Services Providers |
|>|>|''AWS (Amazon)'' |
|>|>|''Azure (Microsoft)'' |
|>|>|''GCP (Google)'' |
|>|>|''Kubernetes'' |
|>|>|''Docker'' |
|>|>|''Containers'' |
|>|>||
|>|>|!Veilles hebdomadaires 'Cloud et Sécurité' / Weekly 'Cloud and Security' Watch |
|>|>||
|>|>|!Podcasts |
|>|>||
|>|>|!Réglementation / Regulatory |
|>|>||
|>|>|!Marché / Market |
|>|>||
|>|>|!Acquisitions |
|>|>||
|>|>|!Divers / Miscellaneous |
<<tiddler [[arOund0C]]>>
<<tiddler [[2021.02.Actu]]>>
<<tiddler [[2021.02.28 - Alertes]]>>
<<tiddler [[2021.02.Blog]]>>
<<tiddler [[2021.02.News]]>>
<<tiddler [[2021.02.Publ]]>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202102>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202102>>
<<tiddler fAll2Tabs10 with: VeilleM","_202102>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - février 2021]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202102>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - février 2021]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - février 2021]]>><<tiddler fAll2LiTabs13end with: 'Actu","202102'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202102'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - février 2021]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202102'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - février 2021]]>>
!//CSA STAR Attestation and STAR Certification Case Studies//
[>img(150px,auto)[iCSA/L2SBC.png]]^^Article publié le 28 février 2021 sur le blog de la CSA
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/28/csa-star-attestation-and-star-certification-case-studies/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//2020 Hindsight and 2021 Foresight: Lessons Learned in the Work From Home Era//
[>img(150px,auto)[iCSA/L2QB2.jpg]]^^Article publié le 26 février 2021 sur le blog de la CSA, et le 23 février sur le site de CloudVector
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/26/2020-hindsight-and-2021-foresight-lessons-learned-in-the-work-from-home-era/
* Site CloudVector ⇒ https://www.cloudvector.com/2020-hindsight-and-2021-foresight-lessons-learned-in-the-work-from-home-era/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//How to Secure Your CDE and Achieve PCI DSS Compliance//
[>img(150px,auto)[iCSA/L2IBH.jpg]]^^Article publié le 18 février 2021 sur le blog de la CSA et le 31 janvier 2021 sur celui de la société TokenEx.
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/18/how-to-secure-your-cde-and-achieve-pci-dss-compliance/
* Site TokenEx → https://www.tokenex.com/blog/how-to-secure-your-cde-and-achieve-pci-dss-compliance
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//How to choose a Zero Trust architecture: SDP or Reverse-Proxy?//
[>img(150px,auto)[iCSA/L2FBH.jpg]]^^Article publié le 15 février 2021 sur le blog de la CSA et le 19 octobre 2020 sur celui de la société Wandera.
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/15/how-to-choose-a-zero-trust-architecture-sdp-or-reverse-proxy/
* Site Wandera → https://www.wandera.com/how-to-choose-a-zero-trust-network-access-architecture-software-defined-perimeter-or-reverse-proxy/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Abuse in the Cloud//
[>img(150px,auto)[iCSA/L2CBA.jpg]]^^Article publié le 12 février 2021 sur le blog de la CSA et sur celui de la société Salesforce.
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/12/abuse-in-the-cloud/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//What is 3-D Secure Authentication, and Why Do I Need It?//
[>img(150px,auto)[iCSA/L2BBW.jpg]]^^Article publié le 11 février 2021 sur le blog de la CSA et le 9 novembre 2020 sur celui de la société TokenEx
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/11/what-is-3-d-secure-authentication-and-why-do-i-need-it/
* Site TokenEx → https://www.tokenex.com/blog/what-is-3-d-secure-authentication-and-why-do-i-need-it
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Give us your feedback on potential CPE course topics//
[>img(150px,auto)[iCSA/L29BG.jpg]]^^Article publié le 9 février 2021 sur le blog de la CSA
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/08/give-us-your-feedback-on-potential-cpe-course-topics/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//How to avoid the biggest mistakes with your SaaS security//
[>img(150px,auto)[iCSA/L28BH.jpg]]^^Article publié le 8 février 2021 sur le blog de la CSA et le 27 janvier 2021 sur celui de la société Wandera
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/08/how-to-avoid-the-biggest-mistakes-with-your-saas-security/
* Site Wandera → https://www.wandera.com/how-to-avoid-the-biggest-mistakes-with-your-saas-security/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Benefits of the CCSK in Your Job Search//
[>img(150px,auto)[iCSA/L27BB.png]]^^Article publié le 8 février 2021 sur le blog de la CSA
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/07/benefits-of-the-ccsk-in-your-job-search/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//3 Data Strategies that will be Critical for Surviving 2021//
[>img(150px,auto)[iCSA/L25BT.jpg]]^^Article publié le 5 février 2021 sur le blog de la CSA
* Lien ⇒ https://cloudsecurityalliance.org/blog/2021/02/05/3-data-strategies-that-will-be-critical-for-surviving-2021/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Security Alliance Announces 2021 CSA Research Fellows//
[>img(150px,auto)[iCSF/cloud-security-alliance.png]]^^Communiqué de presse publié le 4 février 2021
* Lien → https://cloudsecurityalliance.org/press-releases/2021/02/04/cloud-security-alliance-announces-2021-csa-research-fellows/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Transitioning Traditional Apps into the Cloud//
[>img(150px,auto)[iCSA/L23BT.jpg]]^^Article publié le 3 février 2021 sur le blog de la CSA et sur le blog de la société Intezer
* Lien → https://cloudsecurityalliance.org/blog/2021/02/03/transitioning-traditional-apps-into-the-cloud/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//2020 Hindsight and 2021 Foresight – Lessons Learned and Predictions for the Velocity of Business//
[>img(150px,auto)[iCSA/L21B2.jpg]]^^Article publié le 1er février 2021 sur le blog de la CSA, et sur le site de CloudVector
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/02/01/2020-hindsight-and-2021-foresight-lessons-learned-and-predictions-for-the-velocity-of-business/
* Site CloudVector ⇒ https://www.cloudvector.com/2020-hindsight-and-2021-foresight-lessons-learned-and-predictions-for-the-velocity-of-business/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
|>|<<tiddler [[2021.02.28 - Weekly Newsletter Hebdomadaire #105]]>> |
|>|<<tiddler [[2021.02.28 - Veille Hebdomadaire - 28 février]]>>|
!Newsletter Hebdomadaire / Weekly Newsletter • 22 au 28 février 2021 / February 22th to 28th, 2021
!!1 - Informations CSA / CSA News and Updates
* Actu / News: Bilan / Status ''[[SolarWinds/SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Formation / Training[img[iCSF/flag_fr.png]]: session CCSK en mars / Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
+++*[»]> <<tiddler [[]]>>===
!!2 - Veille / News Watch ([[50+ liens / 50+ links|2021.02.28 - Veille Hebdomadaire - 02 février]])
* __À lire / Must Read__
** '' ''
2021.02.25 - Publication : 'Confidence in Post Quantum Algorithms'
* __Rapports / Reports__
** '' ''
* __Cloud Services Providers__
** AWS
** Azure
** GCP
** Kubernetes
** Docker & Containers
* __Autres Veilles / Other News Watch__
** TL;DR Security # • The Cloud Security Reading List #
* __Podcasts__
** '' ''
* __Marché / Market__
** '' ''
* __Acquisitions__
** '' ''
* __Divers / Miscellaneous__
** '' ''
!!3 - Agenda
<<tiddler AgendaFR+EN>>
!!4 - Lien direct / Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/L2L/|https://CloudSecurityAlliance.fr/go/L2L/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 28 février 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Février|!Sources|!Titres et Liens|
|>|>|>|!À lire / Must read |
|>|>|>||
|>|>|!Menaces / Threats |
|>|>|!Attaques / Attacks |
|2021.02.26|[[Kaiji Goes Through Update but Code Reuse Detects It|https://www.intezer.com/blog/cloud-security/kaiji-goes-through-update-but-code-reuse-detects-it/]]|
|>|>||
|>|>|!Bonnes Pratiques / Best Practices |
|>|>||
|>|>|!Rapports / Reports |
|2021.02.25|//Check Point Research//|[[Helping You Immunize Your Organization Against the Cyber Pandemic: Check Point Research’s 2021 Security Report|https://research.checkpoint.com/2021/helping-you-immunize-your-organization-against-the-cyber-pandemic-check-point-researchs-2021-security-report/]]|
|2021.02.25|//Check Point Research//| → [[2021 Security Report|https://pages.checkpoint.com/cyber-security-report-2021.html]]|
|2021.02.25|//Intezer//|[[Year of the Gopher: 2020 Go Malware Round-Up|https://www.intezer.com/blog/malware-analysis/year-of-the-gopher-2020-go-malware-round-up/]]|
|2021.02.25|//Radware//|[[Digital Threat Actors: Organized Criminals|https://blog.radware.com/security/2021/02/digital-threat-actors-organized-criminals/]]|
|>|>||
|>|>|!Cloud Services Providers |
|>|>|''AWS (Amazon)'' |
|2021.02.24|SANS Handlers Diary|![[Forensicating Azure VMs|https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/]] |
|>|>|''Azure (Microsoft)'' |
|2021.02.25|SANS Handlers Diary|![[Forensicating Azure VMs|https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/]] |
|>|>|''GCP (Google)'' |
|>|>|''Kubernetes'' |
|>|>|''Docker'' |
|>|>|''Containers'' |
|>|>||
|>|>|!Veilles hebdomadaires 'Cloud et Sécurité' / Weekly 'Cloud and Security' Watch |
|>|>||
|>|>|!Podcasts |
|>|>||
|>|>|!Réglementation / Regulatory |
|>|>||
|>|>|!Marché / Market |
|>|>||
|>|>|!Acquisitions |
|>|>||
|>|>|!Divers / Miscellaneous |
<<tiddler [[arOund0C]]>>
!"//Confidence in Post Quantum Algorithms//"
[>img(200px,auto)[iCSA/L2PPC.png]]Publication du 25 février 2021
<<<
//NIST made the recent announcement of its Round 3 candidates for future post-quantum cryptography or quantum safe standards. As the world prepares to transition to post-quantum cryptography, it is essential to understand how much analysis has been done on the security of the individual post quantum algorithms and classes of algorithms.
The focus of this note is on the cryptanalytic and mathematical research that adds to building meaningful confidence in the algorithm's security as evidenced in publications. This is not analysis about implementation, performance nor application to protocols.//
<<<
!!!Liens
* Annonce et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/confidence-in-post-quantum-algorithms/
* Blog ⇒ https://cloudsecurityalliance.org/blog/2021/02/25/building-confidence-in-quantum-resistant-algorithms-how-much-analysis-is-needed/
* Téléchargement ⇒ https://cloudsecurityalliance.org/download/artifacts/confidence-in-post-quantum-algorithms/
/%
|[[AWS Exposable Resources|https://github.com/SummitRoute/aws_exposable_resources]]|//Scott Piper//|Resource types that can be publicly exposed on AWS|
|2021.02.21|Marco Lancini|[[Security Logging in Cloud Environments - AWS|https://www.marcolancini.it/2021/blog-security-logging-cloud-environments-aws/]]|
|2021.02.24|InfoSecurity Mag|[[Legal Firm Leaks 15,000 Cases Via the Cloud|https://www.infosecurity-magazine.com/news/legal-firm-leaks-15000-cases-via/]]|
|2021.02.24|//Google Cloud//|#248 [[Cloud Spanner Revisited with Dilraj Kaur and Christoph Bussler|https://www.gcppodcast.com/post/episode-248-cloud-spanner-revisited-with-dilraj-kaur-and-christoph-bussler/]] ([[podcast|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.248.mp3]], [[transcript|]])|
|2021.02.24|Security and Cloud 24/7|[[Modern cloud virtualization|https://security-24-7.com/modern-cloud-virtualization/]]|
|2021.02.24|TL;DR Sec|[[#72 - Finding Access Control Bugs, Supply Chain Security, Security Logging in AWS|https://tldrsec.com/blog/tldr-sec-072/]]|
|2020.05.27|//Google Cloud//|#222 [[Security Operations with Elliott Abraham and Jason Bisson|https://www.gcppodcast.com/post/episode-222-security-operations-with-elliott-abraham-and-jason-bisson/]] ([[podcast|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.222.mp3]], [[transcript|https://www.gcppodcast.com/post/episode-222-security-operations-with-elliott-abraham-and-jason-bisson/]])|
|2017.02.22|//Google Cloud//|#62 [[[Cloud Spanner with Deepti Srivastava|https://www.gcppodcast.com/post/episode-62-cloud-spanner-with-deepti-srivastava/]] ([[podcast|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.62.mp3]], [[transcript|https://www.gcppodcast.com/post/episode-62-cloud-spanner-with-deepti-srivastava/]])
CLAM Framework|https://storage.googleapis.com/gcppodcast_files/CLAM%20Framework%20for%20Google%20Cloud.pdf
https://cloud.google.com/logging/docs/view/logs-viewer-interface
|2021.02.19|//Netskope//|[[Understanding Cloud as an Attack Vector|https://www.netskope.com/blog/understanding-cloud-as-an-attack-vector]]|
|2021.02.24|//Netskope//|[[Netskope Research Finds Majority of Malware Now Delivered via Cloud Apps|https://www.prnewswire.com/news-releases/netskope-research-finds-majority-of-malware-now-delivered-via-cloud-apps-301234270.html]]|
|2021.02.24|//Netskope//| → [[February 2021 Netskope Cloud and Threat Report|
https://www.netskope.com/netskope-threat-labs/cloud-threat-report&a=%C2%A0Netskope+Cloud+and+Threat+Report
|2021.02.24|Dark Reading|[[61% of Malware Delivered via Cloud Apps: Report|https://www.darkreading.com/operations/61--of-malware-delivered-via-cloud-apps-report/d/d-id/1340251]]|
|2021.02.19|//AVAR//|[[Understanding Cloud as an Attack Vector|https://aavar.org/index.php/cloud-as-an-attack-vector/]]|
|[[https://www.netskope.com/netskope-threat-labs
|[[https://www.netskope.com/netskope-threat-labs/cloud-threat-report
%/
|>|<<tiddler [[2021.02.21 - Weekly Newsletter Hebdomadaire #104]]>> |
|>|<<tiddler [[2021.02.21 - Veille Hebdomadaire - 21 février]]>>|
!Newsletter Hebdomadaire / Weekly Newsletter • 8 au 14 février 2021 / February 8th to 14th, 2021[>img(100px,auto)[iCSF/Work.gif]]
!!1 - Informations CSA / CSA News and Updates
* Actu / News: Bilan / Status ''[[SolarWinds/SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Formation / Training[img[iCSF/flag_fr.png]]: session CCSK en mars / Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
* Blog: 'Cloud Security for SaaS Startups'+++*[»]> <<tiddler [[2021.02.19 - Blog : 'Cloud Security for SaaS Startups']]>>===
* Inscription / Registration: 'CSA EMEA Summit 2021'+++*[»]> <<tiddler [[2021.02.15 - Annonce du 'CSA EMEA Summit 2021']]>>===
!!2 - Veille / News Watch ([[40+ liens / 40+ links|2021.02.21 - Veille Hebdomadaire - 21 février]])
* __À lire / Must Read__
** 'Help Shape ATT&CK for Containers' (MITRE Engenuity)
/%
* __Rapports / Reports__
** ' '
* __Cloud Services Providers__
** AWS
** Azure
** GCP
** Kubernetes
** Docker & Containers
* __Autres Veilles / Other News Watch__
** TL;DR Security # • The Cloud Security Reading List #
* __Podcasts__
** ' '
* __Marché / Market__
** ' '
* __Acquisitions__
** ' '
* __Divers / Miscellaneous__
** ' '
%/
!!3 - Agenda
<<tiddler AgendaFR+EN>>
!!4 - Lien direct / Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/L2L/|https://CloudSecurityAlliance.fr/go/L2L/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 21 février 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Février|!Sources|!Titres et Liens|
|>|>|>|!À lire / Must read |
|2021.02.18|MITRE Engenuity|![[Update: Help Shape ATT&CK for Containers|https://medium.com/mitre-engenuity/update-help-shape-att-ck-for-containers-bfcd24515df5]]|
|>|>|>||
|>|>|!Attaques / Attacks |
|2021.02.15|Bleeping Computer|[[Microsoft will alert Office 365 admins of Forms phishing attempts|https://www.bleepingcomputer.com/news/security/microsoft-will-alert-office-365-admins-of-forms-phishing-attempts/]]|
|2021.02.18|//Dark Trace//|![[Two-factor authentication (2FA) compromised: Microsoft account takeover|https://www.darktrace.com/en/blog/two-factor-authentication-2-fa-compromised-microsoft-account-takeover/]] |
|2021.02.17|BetaNews|[[SolarWinds-style email compromise attacks go mainstream|https://betanews.com/2021/02/17/solarwinds-email-compromise-attacks-mainstream/]]|
|2021.02.17|CSO Online|[[How to defend against OAuth-enabled cloud-based attacks|https://www.csoonline.com/article/3607348/how-to-defend-against-oauth-enabled-cloud-based-attacks.html#tk.rss_cloudsecurity]]|
|>|>|>||
|>|>|!Menaces / Threats |
|2021.02.15|Container Journal|[[As API Threats Multiply, Cybersecurity Lags|https://containerjournal.com/features/as-api-threats-multiply-cybersecurity-lags/]]|
|2021.02.16|//Avanan//|[[Slack and Teams Are The Next Big Vectors. Are You Protected?|https://www.avanan.com/blog/slack-and-teams-are-the-next-big-vectors.-are-you-protected]]|
|2021.02.19|DevOps.com|[[Cloud Misconfigurations Threaten Cloud Migration|https://www.csoonline.com/article/3607348/how-to-defend-against-oauth-enabled-cloud-based-attacks.html#tk.rss_cloudsecurity]]|
|2021.02.19|//Netskope//|[[Understanding Cloud as an Attack Vector|https://www.netskope.com/blog/understanding-cloud-as-an-attack-vector]]|
|>|>||
|>|>|!Bonnes Pratiques / Best Practices |
|2021.02.17|TechBeacon|[[How to make your cloud service cyber resilient|https://techbeacon.com/security/how-make-your-cloud-service-cyber-resilient]]|
|2021.02.17|SD Supra|[[Health Care Organizations and Cloud Service Providers Receive Guidance on Cloud Security Measures|https://www.lexology.com/library/detail.aspx?g=53fb1353-c1da-4a61-bd47-a43632bc2c87]]|
|>|>||
|>|>|!Rapports / Reports |
|>|>||
|>|>|!Cloud Services Providers |
|>|>|''AWS (Amazon)'' |
|2021.02.16|Scott Piper|![[AWS security project ideas|https://summitroute.com/blog/2021/02/16/aws_security_project_ideas/]] |
|2021.02.19|Infosec Write-Ups|[[From AWS S3 Misconfiguration to Sensitive Data Exposure|https://infosecwriteups.com/from-aws-s3-misconfiguration-to-sensitive-data-exposure-784f37a30bf9]]|
|2021.02.19|//Amazon AWS//|[[How to continuously audit and limit security groups with AWS Firewall Manager|https://aws.amazon.com/blogs/security/how-to-continuously-audit-and-limit-security-groups-with-aws-firewall-manager/]]|
|2021.02.18|//Amazon AWS//|[[AWS and EU data transfers: strengthened commitments to protect customer data|https://aws.amazon.com/blogs/security/aws-and-eu-data-transfers-strengthened-commitments-to-protect-customer-data/]]|
|2021.02.19|//Cloudonaut//|[[AWS Client VPN: Connected with the Cloud|https://cloudonaut.io/aws-client-vpn-connected-with-the-cloud/]]|
|>|>|''Azure (Microsoft)'' |
|2021.02.20|//Microsoft Azure//|[[Using KQL to Ingest External Data In Azure Sentinel|https://www.managedsentinel.com/2021/02/20/using-kql-to-ingest-external-data/]]|
|2021.02.16|//Microsoft Azure//|[[Azure Firewall Premium now in preview|https://azure.microsoft.com/blog/azure-firewall-premium-now-in-preview-2/]]|
|2021.02.16|Bleeping Computer| → [[Microsoft releases Azure Firewall Premium in public preview|https://www.bleepingcomputer.com/news/security/microsoft-releases-azure-firewall-premium-in-public-preview/]]|
|2021.02.19|Redmond Mag.|[[Microsoft Previewing Improvements to Azure Front Door and Azure Firewall|https://redmondmag.1105cms01.com/articles/2021/02/18/azure-front-door-and-azure-firewall.aspx]]|
|>|>|''GCP (Google)'' |
|2021.02.17|//Google Cloud//|[[New private cloud networking whitepaper for Google Cloud VMware Engine|https://cloud.google.com/blog/products/compute/a-new-google-cloud-vmware-engine-networking-whitepaper]]|
|2021.02.17|//Google Cloud//| → [[Private cloud networking for Google Cloud VMware Engine|https://services.google.com/fh/files/misc/ciso-guide-to-security-transformation.pdf]] (pdf)|
|2021.02.17|Silicon Angle|[[Google debuts Cloud Domains to help enterprises manage their domain names|https://siliconangle.com/2021/02/17/google-debuts-cloud-domains-help-enterprises-manage-domain-names/]]|
|2021.02.16|//Google Cloud//|![[New whitepaper: CISO’s guide to Cloud Security Transformation|https://cloud.google.com/blog/products/identity-security/cisos-guide-to-cloud-security-transformation]] ([[pdf|https://services.google.com/fh/files/misc/ciso-guide-to-security-transformation.pdf]]) |
|2021.02.16|//Google Cloud//|[[Discover and invoke services across clusters with GKE multi-cluster services|https://cloud.google.com/blog/products/containers-kubernetes/introducing-gke-multi-cluster-services]]|
|>|>|''Kubernetes'' |
|2021.02.20|kloudle|[[CVE-2020–15257 What is it and how does it impact your Docker and Kubernetes environments?|https://medium.com/kloudle/cve-2020-15257-what-is-it-and-how-does-it-impact-your-docker-and-kubernetes-environments-8d27975b9c63]]|
|2021.02.17|Daniel Neumann|[[Cloud Native Club – Kubernetes Policies|https://www.danielstechblog.io/cloud-native-club-kubernetes-policies/]]|
|>|>|''Docker'' |
|>|>|''Containers'' |
|>|>||
|>|>|!Veilles hebdomadaires 'Cloud et Sécurité' / Weekly 'Cloud and Security' Watch |
|2021.02.21|Marco Lancini|[[The Cloud Security Reading List #75|https://cloudseclist.com/issues/issue-75/]]|
|2021.02.17|//Netskope//|[[Cloud Threats Memo: Surprising Findings from Q4 2020 Phishing Trends Report|https://www.netskope.com/blog/cloud-threats-memo-surprising-findings-from-q4-2020-phishing-trends-report]]|
|2021.02.17|TL;DR Security|[[#71 - Securing CI/CD, Electron Security, Growing Your Userbase by Ignoring ‘Virality’|https://tldrsec.com/blog/tldr-sec-071/]]|
|>|>||
|>|>|!Podcasts |
|2021.02.21|Cloud Security Podcast|[[Kubernetes Security at Scale in A CI/CD Pipeline - Michael Fraser|https://anchor.fm/cloudsecuritypodcast/episodes/Kubernetes-Security-at-Scale-in-A-CICD-Pipeline---Michael-Fraser-eqn73p]]|
|>|>||
|>|>|!Réglementation / Regulatory |
|>|>||
|>|>|!Marché / Market |
|>|>||
|>|>|!Acquisitions |
|2021.02.18|//Crowdstrike//|[[CrowdStrike Redefines True XDR With Humio Acquisition|https://www.crowdstrike.com/blog/taking-our-falcon-xdr-platform-further/]]|
|2021.02.18|//Crowdstrike//| → [[CrowdStrike To Acquire Humio|https://www.crowdstrike.com/press-releases/crowdstrike-to-acquire-humio/]]|
|2021.02.18|MSSP Alert| → [[CrowdStrike Acquires XDR, Cloud Log Management Company Humio|https://www.msspalert.com/investments/crowdstrike-acquires-humio/]]|
|2021.02.19|SiliconAngle|[[SailPoint acquires Intello to increase visibility into SaaS apps|https://siliconangle.com/2021/02/18/sailpoint-acquires-intello-increase-visibility-saas-apps/]]|
|>|>||
|>|>|!Autres / Others |
|>|>|''Chiffrement / Encryption'' |
|2021.02.18|Help Net Security|[[Homomorphic encryption: Myths and misconceptions|https://www.helpnetsecurity.com/2021/02/18/homomorphic-encryption-myths-misconceptions/]]|
|>|>|''Détection / Detection'' |
|2021.02.19|//Logrhythm//|[[Threat Detection in the Public Cloud: Cloud Security Solutions|https://logrhythm.com/blog/threat-detection-in-the-public-cloud-cloud-security-solutions/]]|
|>|>|''DevSecOps'' |
|2021.02.18|//DevSecOps//|[[This Old DevOps Toolchain: DevSecOps Edition|http://feedproxy.google.com/~r/PaloAltoNetworks/~3/q_RLFD1lFe0/]]|
|>|>|''Divers / Miscellaneous'' |
|2021.02.17|//Virtus Lab//|[[Migrating a gigantic financial system to 20,000 pods in the cloud|https://medium.com/virtuslab/migrating-a-gigantic-financial-system-to-20-000-pods-in-the-cloud-220d5fcfcbc0]]|
|2021.02.18|//Tenable//|[[Cloud Security: Why You Shouldn’t Ignore Ephemeral Assets|https://www.tenable.com/blog/cloud-security-why-you-shouldn-t-ignore-ephemeral-assets]]|
|2021.02.18|DZone|[[The Theory and Motive Behind Active/Active Multi-Region Architectures|https://dzone.com/articles/the-theory-and-motive-behind-activeactive-multi-re]]|
|2021.02.18|//DivvyCloud//|[[2021 Cloud Security Executive Summit Preview|https://divvycloud.com/blog-2021-cloud-security-executive-summit-preview/]]|
|2021.02.19|//Rapid7//|[[Take the Full-Stack Approach to Securing Your Modern Attack Surface|https://blog.rapid7.com/2021/02/19/take-the-full-stack-approach-to-securing-your-modern-attack-surface/]]|
|2021.02.19|//Palo Alto Networks//|[[The Cloud Shift Is Now: Boost Your Enterprise Security Portfolio|https://blog.paloaltonetworks.com/2021/02/cloud-shift/]]|
<<tiddler [[arOund0C]]>>
!//Cloud Security for SaaS Startups Part 1: Requirements for Early Stages of a Startup//
Article basé sur le document "Cloud Security for Startups guidelines" rédigé par le Chapitre israëlien de la CSA.
<<<
[>img(250px,auto)[iCSA/L2JBC.jpg]]//Background Information security is a complicated subject even for mature enterprises, so it’s no wonder that startups find the area challenging. Planning, implementing and maintaining good-practice security are not only necessary, but can also serve as an important advantage that can be leveraged as a marketing differentiator.
A common challenge for Software-as-a-Service (SaaS) Startups is gaining and maintaining customers’ trust. To help address this challenge, the CSA Israel Chapter created guidelines to help SaaS organizations meet the most important security and privacy requirements presented by customers considering new services and products.
In this blog we provide a preview of the information and guidelines available in the full Cloud Security for Startups paper. In part one of this series we will cover:
* Security requirements for early stages of a startup
* Why you should pay attention to security early in the game
* What to consider when choosing a cloud platform
Who should read this blog?
* Cloud-based startups who wish to understand their security roadmap.
* Founders, CTOs, product managers and architects.
!Security Requirements for Early Stages of a Startup
[>img(250px,auto)[iCSA/HBKPC.png]]Startups must plan their security posture according to the progress they make in funding and product development. To help startups evaluate necessary security requirements, we have outlined three phases of SaaS startups maturity:
* Phase 1: Inception. From idea to first customers. In the phase between idea and the first customer, budget generally is limited, so startups should focus on laying building blocks for future potential security needs.
* Phase 2: Prepare for Growth. When the startup has paying customers.
* Phase 3: Maturity. When a startup has gained a strong, positive reputation and enough customers to create profit, it is time to advance to a more mature security posture.
When examining which security controls should be implemented for each phase, there is a difference between market sectors and the type of data your startups collect. As a general rule, if startup characteristics match any of the following, the company should prepare to move faster through phases of maturity discussed above.
* If a startup’s target customers have become enterprises, the company can expect to be questioned about participation in the shared responsibility model, identity management and security policies.
* If the data a startup stores contains high volumes of PII or sensitive PII (e.g. health information or financial details).
* If a startup must comply with especially strict regulations and laws (e.g. HIPAA, GDPR, Privacy Act).
* If a startup’s target sectors include representatives from the industries of health, government, financial or homeland security, the startup must then expect industry-specific regulations and additional security needs regarding its location of services.
__Tip:__ The Cloud Security Alliance Cloud Controls Matrix (CCM) is an excellent tool for mapping the security requirements of various laws, regulations and standards, and for better understanding future challenges.
!Why Pay Attention to Security Early in the Game?
* Implementing security measures early on can help a startup gain customer trust and meet the compliance requirements that will come later.
* Some startup’s customers have internal IT security requirements that will need to be implemented by the startup.
* Inadequate attention to security risks early in the lifecycle of a startup may lead to “technical debt,” which may be too expensive to resolve later.
* Adequate attention to IT security needs—especially to the startup’s intellectual property (IP)—can significantly influence the startup’s valuation and reduce risk to investors
!Choosing a Cloud Platform
There are many parameters to consider when choosing an IaaS/PaaS provider. Many of these parameters are not directly related to cloud security, but the following are directly implicated.
* Service location. When targeting enterprises from a specific geographic jurisdiction, it is recommended to keep customers’ data in the same geographic location. Doing so can relieve compliance efforts and create a competitive advantage.
* Regulations. SaaS startups should strive to work with service providers who adhere to the same regulation regime and standards as their designated market.
* Ecosystem. A SaaS startups usually strives to consume external software and services in order to reduce development hours. A large ecosystem of knowledge, tools and third-party software is an advantage for cloud providers.
__Tips__
* When targeting enterprises in the US, EU and/or APAC, consider deploying data storage into all of these regions to meet compliance.
* IaaS will provide better flexibility and control than PaaS, if you own your server’s configuration. However, choosing a PaaS provider also establishes a responsibility to secure those servers.
Interested in learning more? Download the ''Cloud Security for Startups guidelines'' to learn more recommendations for improving security as a SaaS company.
!Acknowledgments
The content for this blog was created by the Israeli chapter of the Cloud Security Alliance (CSA). The Israeli chapter of the Cloud Security Alliance was founded by security professionals united in a desire to promote responsible cloud adoption in the Israeli market and and deliver useful knowledge and global best practices to the Israeli innovation scene.
Creators : Moshe Ferber, Shahar Geiger Maor, Yael Nishry, Contributors, Marius Aharonovich, Ron Peled, Yuval Reut, Ofer Smadari, Omer Taran//
<<<
!!!Liens
* Blog ⇒ https://cloudsecurityalliance.org/blog/2021/02/19/cloud-security-for-saas-startups-part-1-requirements-for-early-stages-of-a-startup/
* Publication ⇒ https://cloudsecurityalliance.org/artifacts/cloud-security-for-startups/
Le ''CSA EMEA Summit'' aura lieu les ''13 et 14 avril 2021'' en mode distanciel. [>img(400px,auto)[iCSA/K4DWE.png]]
__''Programme''__
|>|!Mardi 13 avril 2021||>|!Mercredi 14 avril 2021|
| 9:15|Introduction|!| 9:15|Introduction|
| 9:30|Marnix Dekker, ENISA|~| 9:30|à préciser|
|10:00|CSA Research: Enterprise Architecture|~|10:00|CSA Research: SDP & Zero Trust|
|10:30|Keynote, Palo Alto Networks|~|10:30|Nicolas Casimir, Zscaler|
|11:00|Mario Maawad, La Caixa Bank|~|11:00|à préciser|
|12:00|à préciser|~|12:00|à préciser|
|12:30|Pause|~|12:30|Pause|
|13:30|Table ronde :
Cloud Controls Matrix (CCM) for SMEs|!|13:30|International Data Transfer Panel|
|14:30|à préciser|~|14:30|What should the auditor know about Cloud Computing?|
|15:00|Edward Amoroso, Tag Cyber LLC|~|15:00|à préciser|
Pour le programme en cours de rédaction et s'inscrire :
* Lien ⇒ https://web.cvent.com/event/d94328da-1ae2-4079-8bd7-c4230289805b/summary
!//Cloud Incident Response Working Group Charter//
<<<
[>img(150px,auto)[iCSA/K4LPC.png]]//In today’s connected era, a comprehensive incident response strategy is an integral aspect of any organization aiming to manage and lower their risk profile. Many organizations without a solid incident response plan have been rudely awakened after their first cloud incident encounter. Significant downtime can happen due to numerous reasons, such as a natural disaster, human error, or cyber attacks. A good incident response plan helps to ensure that your organization is well-prepared at all times. There are, however, different considerations when it comes to incident response strategies for cloud-based infrastructure and systems, due in part to the nature of its shared responsibility.
''How is incident response different in the cloud?''
Migrating systems to the cloud is not a lift-and-shift process – which also applies to the incident response process. Cloud is a different realm altogether, and expectedly, cloud incident response is too. The three key aspects that set cloud incident response apart from traditional incident response processes are governance, visibility, and the shared responsibility of the cloud.
''CSA is creating a holistic Cloud Incident Response Framework.''
With the abundance of Cloud Incident Response (CIR) standards, frameworks and guidelines available in the industry, CSA aims to provide a holistic and consistent view across widely used frameworks for the user. The aim is to serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, along with serving as a transparent and common framework for CSPs to share cloud incident response practices with their customers.//
<<<
La dernière publication de ce groups de travail est détaillée [[ici|2020.04.21 - Publication : Cadre de réponse aux incidents dans le Cloud]]
!!!Liens
* Annonce et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/cloud-incident-response-working-group-charter/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/download/artifacts/cloud-incident-response-working-group-charter/
* le groupe de travail 'Cloud Incident Response' ⇒ https://cloudsecurityalliance.org/research/working-groups/cloud-incident-response/
* Publication initiale ⇒ https://cloudsecurityalliance.org/artifacts/cloud-incident-response-framework-a-quick-guide/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/downloads/artifacts/cloud-incident-response-framework-a-quick-guide/
<<tiddler [[arOund0C]]>>
|>|<<tiddler [[2021.02.14 - Weekly Newsletter Hebdomadaire #103]]>> |
|>|<<tiddler [[2021.02.14 - Veille Hebdomadaire - 14 février]]>>|
!Newsletter Hebdomadaire / Weekly Newsletter • 8 au 14 février 2021 / February 8th to 14th, 2021
!!1 - Informations CSA / CSA News and Updates
* Actu / News: Bilan / Status ''[[SolarWinds/SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Formation / Training[img[iCSF/flag_fr.png]]: session CCSK en mars / Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
* Publication : Aider à améliorer la présentation / Help improve the presentation+++*[»]> <<tiddler [[2021.02.12 - Site Web CSA : aidez à en améliorer la présentation des publications]]>>===
!!2 - Veille / News Watch ([[60+ liens / 60+ links|2021.02.14 - Veille Hebdomadaire - 14 février]])
* __À lire / Must Read__
** 'AzureAD & Microsoft 365 KillChain'
* __Rapports / Reports__
** Ransomware Report 2021' (//Risk Sense//) • '2021 Cloud Data Security Report - Government' (//Netwrix//)
* __Cloud Services Providers__
** AWS
*** 'Cloud Security Monitoring on AWS' (SANS)
*** 'Case of the doppelgänger AWS account' (//One Cloud Please//)
*** 'Amazon AWS security: resilience, zero trust, intrusion kill chain prevention, and risk assessment'
** Azure
*** 'Enhancing Security Through Collaboration on Azure Cloud' (Center for Internet Security)
*** 'Behind the scenes: Building Azure integrations for ASC alerts' (//Expel//)
*** 'Mapping between Azure Security Benchmark & CIS Microsoft Azure Foundations Benchmark available now!' (//Microsoft//)
*** 'Microsoft to alert Office 365 users of nation-state hacking activity'
** GCP
*** '6 best practices for effective Cloud NAT monitoring' (//Google//)
*** 'Google Drive Trash: Deleting, Recovering and Everything in Between' (//Spanning//)
** Kubernetes
*** 'Addressing Kubernetes Data Protection Challenges'
*** 'The Kubernetes API Server: Exploring its security impact and how to lock it down' (//Alien Vault//)
** Docker & Containers
*** 'Container security: Privilege escalation bug patched in Docker Engine'
*** 'Threat Actors Now Target Docker via Container Escape Features' (//Trendmicro//)
*** 'Docker image history modification - why you can't trust "docker history"'
* __Autres Veilles / Other News Watch__
** TL;DR Security #70 • The Cloud Security Reading List #74
* __Podcasts__
** 'Container Security in AWS at Scale' (Cloud Security Podcast)
* __Marché / Market__
** Cloud Security Considerations to Watch Out for During Mergers and Acquisitions
* __Acquisitions__
** //BackHub// par/by //Rewind//
* __Divers / Miscellaneous__
** 'Why multi-Cloud is all but vain' (Christophe Parisel)
** 'Where Is Cloud Native Security Going in the Long Run?' • 'How to Build an Effective Cloud Threat Intelligence Program in the AWS Cloud' (//Crowdstrike//)
!!3 - Agenda
<<tiddler AgendaFR+EN>>
!!4 - Lien direct / Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/L2E/|https://CloudSecurityAlliance.fr/go/L2E/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 14 février 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Février|!Sources|!Titres et Liens|
|>|>|>|!À lire / Must read |
|2021.02.08|Office 365 blog|![[AAD & M365 kill chain|https://o365blog.com/aadkillchain/]] (mise à jour) |
|>|>|>||
|>|>|!Menaces / Threats |
|2021.02.10|//Netskope//|[[Cloud Threats Memo: What You Need to Know About RDP Attacks On the Rise|https://www.netskope.com/blog/cloud-threats-memo-what-you-need-to-know-about-rdp-attacks-on-the-rise]]|
|>|>||
|>|>|!Bonnes Pratiques / Best Practices |
|2021.02.12|Hack Read|[[How cloud data distracts businesses from correct data security practices|https://www.hackread.com/cloud-data-distracts-businesses-data-security-practices/]]|
|2021.02.12|//CipherCloud//|[[SolarWinds Learnings – Best Practices for Securing Collaboration across Office 365 and Connected Cloud Apps|https://www.ciphercloud.com/solarwinds-learnings-best-practices-for-securing-collaboration-across-office-365-and-connected-cloud-apps/]]|
|2021.02.11|//Security Intelligence//|[[5 Ways to Overcome Cloud Security Challenges|https://securityintelligence.com/articles/5-ways-overcome-cloud-security-challenges/]]|
|>|>||
|>|>|!Rapports / Reports |
|2021.02.11|//Risk Sense//|[[Ransomware Report 2021|https://risksense.com/ransomware-report-2021/]]|
|2021.02.11|Dark Reading| → [[Ransomware Attackers Set Their Sights on SaaS|https://www.darkreading.com/attacks-breaches/ransomware-attackers-set-their-sights-on-saas/d/d-id/1340147]]|
|>|>||
|2021.02.02|//Netwrix//|[[2021 Cloud Data Security Report - Government|https://www.netwrix.com/download/documents/2021_Netwrix_CDSR_Government.pdf]] (pdf)|
|2021.02.09|Beta News| → [[One in four government organizations suffers accidental cloud leakage|https://www.trendmicro.com/en_us/research/21/b/threat-actors-now-target-docker-via-container-escape-features.html]]|
|>|>||
|>|>|!Cloud Services Providers |
|>|>|''AWS (Amazon)'' |
|2021.02.08|SANS|![[Cloud Security Monitoring on AWS|https://www.sans.org/reading-room/whitepapers/cloud/paper/40120]] ([[pdf|https://www.sans.org/reading-room/whitepapers/cloud/cloud-security-monitoring-aws-40120]]) |
|2021.02.11|Thomas maurer|[[How to check the available VM Sizes (SKUs) by Azure Region|https://www.thomasmaurer.ch/2021/02/how-to-check-the-available-vm-sizes-skus-by-azure-region/]]|
|2021.02.10|Last Week in AWS|[[What the Hell Is Amazon Web Services?|https://www.lastweekinaws.com/blog/what-the-hell-is-amazon-web-services/]]|
|2021.02.08|//One Cloud Please//|![[Case of the doppelgänger AWS account|https://onecloudplease.com/blog/case-of-the-doppleganger-aws-account]] |
|2021.02.08|The CyberWire|![[Amazon AWS security: resilience, zero trust, intrusion kill chain prevention, and risk assessment|https://thecyberwire.com/stories/f6235891635c408bbba2d3c427532f72/amazon-aws-security-resilience-zero-trust-intrusion-kill-chain-prevention-and-risk-assessment]] |
|2021.02.12|//Amazon AWS//|[[AWS WAF adds support for JSON parsing and inspection|https://aws.amazon.com/about-aws/whats-new/2021/02/aws-waf-support-json-body-inspection/]]|
|2021.02.08|//Amazon AWS//|[[Use new account assignment APIs for AWS SSO to automate multi-account access|https://aws.amazon.com/blogs/security/use-new-account-assignment-apis-for-aws-sso-to-automate-multi-account-access/]]|
|2021.02.09|//Amazon AWS//|[[New digital curriculum: Managing Amazon S3|https://aws.amazon.com/about-aws/whats-new/2021/02/new-digital-curriculum-managing-amazon-s3/]]|
|2021.02.12|//Amazon AWS//|[[Use tags to manage and secure access to additional types of IAM resources|https://aws.amazon.com/blogs/security/use-tags-to-manage-and-secure-access-to-additional-types-of-iam-resources/]]|
|2021.02.12|//Amazon AWS//|[[Introducing OIDC identity provider authentication for Amazon EKS|https://aws.amazon.com/blogs/containers/introducing-oidc-identity-provider-authentication-amazon-eks/]]|
|2021.02.08|//Fugue//|[[Locking Down the Security of AWS IAM|https://www.fugue.co/blog/locking-down-the-security-of-aws-iam]]|
|2021.02.08|//Tripwire//|[[Amazon Addresses Best Practice Secrets Management with AWS Secrets Manager|https://www.tripwire.com/state-of-security/security-data-protection/cloud/amazon-addresses-best-practice-secrets-management-aws-secrets-manager/]]|
|2021.02.11|//Secure Cloud Blog//|[[Azure API Management – Call Azure Functions with Managed Identity|https://securecloud.blog/2021/02/11/azure-api-management-call-azure-functions-with-managed-identity/]]|
|2021.02.11|//Streampipe//|[[Normalizing AWS IAM Policies for Automation|https://steampipe.io/blog/normalizing-aws-iam-policies-for-automated-analysis]]|
|>|>|''Azure (Microsoft)'' |
|2021.02.05|Center for Internet Security|[[Enhancing Security Through Collaboration on Azure Cloud|https://www.cisecurity.org/blog/enhancing-security-through-collaboration-on-azure-cloud/]]|
|2021.02.09|//Expel//|![[Behind the scenes: Building Azure integrations for ASC alerts|https://expel.io/blog/building-azure-integrations-asc-alerts/]] |
|2021.02.09|//Microsoft Azure//|[[Azure Defender for App Service introduces dangling DNS protection|https://azure.microsoft.com/blog/azure-defender-for-app-service-introduces-dangling-dns-protection/]]|
|2021.02.08|//Microsoft Azure//|[[Why threat protection is critical to your Zero Trust security strategy|https://www.microsoft.com/security/blog/2021/02/08/why-threat-protection-is-critical-to-your-zero-trust-security-strategy/]]|
|2021.02.10|//Microsoft Azure//|[[Back up Linux virtual machines running mission-critical workloads|https://azure.microsoft.com/blog/back-up-linux-virtual-machines-running-mission-critical-workloads/]]|
|2021.02.11|//Microsoft Azure//|[[Categorizing Microsoft alerts across data sources in Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/categorizing-microsoft-alerts-across-data-sources-in-azure/ba-p/1503367]]|
|~|~|[[CIS Microsoft Azure Foundations Benchmark v1.3.0|https://www.cisecurity.org/benchmark/azure]]|
|2021.02.05|//Microsoft//| → [[Mapping between Azure Security Benchmark & CIS Microsoft Azure Foundations Benchmark available now!|https://techcommunity.microsoft.com/t5/azure-security-center/mapping-between-azure-security-benchmark-amp-cis-microsoft-azure/ba-p/2114301]]|
|2021.02.10|Stanislas Quastana|[[Azure Defender for Storage - A la source d'Azure Security Center - partie 2|https://www.youtube.com/watch?v=ZwDlogyIMVk]] (vidéo)|
|2021.02.09|Sami Lamppu|[[Monitor Elevate Access Activity in Azure with Azure Sentinel|https://samilamppu.com/2021/02/09/monitor-elevate-access-activity-in-azure-with-azure-sentinel/]]|
|2021.02.08|//Managed Sentinel//|[[Azure Security Center Design|https://www.managedsentinel.com/2021/02/08/azure-security-center-design/]] ([[diagramme|https://managedsentinel.com/downloads/azure_security_center_design_v2.pdf]])|
|2021.02.09|Bleeping Computer|[[Office 365 will help admins find impersonation attack targets|https://www.bleepingcomputer.com/news/security/office-365-will-help-admins-find-impersonation-attack-targets/]]|
|2021.02.08|Bleeping Computer|[[Microsoft to alert Office 365 users of nation-state hacking activity|https://www.bleepingcomputer.com/news/security/microsoft-to-alert-office-365-users-of-nation-state-hacking-activity/]]|
|2021.02.08|Dark Reading|![[Hidden Dangers of Microsoft 365's Power Automate and eDiscovery Tools|https://www.darkreading.com/application-security/hidden-dangers-of-microsoft-365s-power-automate-and-ediscovery-tools-/a/d-id/1340014]] |
|>|>|''GCP (Google)'' |
|2021.02.08|//Google Cloud//|![[6 best practices for effective Cloud NAT monitoring|https://cloud.google.com/blog/products/networking/6-best-practices-for-running-cloud-nat/]] |
|2021.02.09|//Google Cloud//|[[Don't fear the authentication: Google Drive edition|https://cloud.google.com/blog/topics/developers-practitioners/dont-fear-authentication-google-drive-edition]]|
|2021.02.09|//Spanning//|[[Google Drive Trash: Deleting, Recovering and Everything in Between|https://spanning.com/blog/google-drive-trash-deleting-recovering-everything-between/]]|
|~|YouTube| → [[How To Empty Google Drive Trash|https://www.youtube.com/watch?v=yiuAgJSJ1CA]], [[Recover Deleted Files|https://www.youtube.com/watch?v=9NkckqZ1vD4]])|
|2021.02.11|//Caylent//|[[What Is Google Anthos?|https://caylent.com/what-is-google-anthos]]|
|2021.02.10|//Google Cloud//|[[What you can learn in our Q1 2021 Google Cloud Security Talks|https://cloud.google.com/blog/products/identity-security/google-cloud-security-talks-q1-2021]]|
|>|>|''Kubernetes'' |
|2021.02.08|Container Journal|[[Addressing Kubernetes Data Protection Challenges|https://containerjournal.com/topics/container-security/addressing-kubernetes-data-protection-challenges/]]|
|2021.02.09|//Sysdig//|[[Getting started with Kubernetes audit logs and Falco|https://sysdig.com/blog/kubernetes-audit-log-falco/]]|
|2021.02.10|//Sysdig//|[[Runtime security in Azure Kubernetes Service|https://sysdig.com/blog/runtime-security-in-azure-kubernetes-service/]]|
|2021.02.11|//Alien Vault//|![[The Kubernetes API Server: Exploring its security impact and how to lock it down|https://feeds.feedblitz.com/~/643985864/0/alienvault-blogs~The-Kubernetes-API-Server-Exploring-its-security-impact-and-how-to-lock-it-down]] |
|2021.02.11|DZone|[[RBAC Controls: The Key to Hardening a Kubernetes Cluster|https://dzone.com/articles/rbac-controls-the-key-to-hardening-a-kubernetes-cl]]|
|>|>|''Docker'' |
|2021.02.14|Justin Steven|[[Docker image history modification - why you can't trust 'docker history'|https://www.justinsteven.com/posts/2021/02/14/docker-image-history-modification/]]|
|2021.02.12|//Cyware//|[[Misconfigured Docker Containers Could Land You in Trouble|https://cyware.com/news/misconfigured-docker-containers-could-land-you-in-trouble-9d992bb7/]]|
|2021.02.12|The Daily Swig|[[Container security: Privilege escalation bug patched in Docker Engine|https://portswigger.net/daily-swig/container-security-privilege-escalation-bug-patched-in-docker-engine]]|
|>|>|''Containers'' |
|2021.02.12|//Crowdstrike//|[[Container Security with CrowdStrike|https://www.crowdstrike.com/blog/tech-center/container-security/]] ([[YouTube|https://www.youtube.com/watch?list=PLtojL19AteZv3oYq8_jD_0J5vNvxdGDDs]])|
|2021.02.09|//Trendmicro//|[[Threat Actors Now Target Docker via Container Escape Features|https://www.trendmicro.com/en_us/research/21/b/threat-actors-now-target-docker-via-container-escape-features.html]]|
|2021.02.11|Container Journal| → [[Trend Micro Details Attack Against Containers|https://containerjournal.com/features/trend-micro-details-attack-against-containers/]]|
|2021.02.11|//Crowdstrike//|[[So You Think Your Containers Are Secure? Four Steps to Ensure a Secure Container Deployment|https://www.crowdstrike.com/blog/four-steps-to-ensure-a-secure-containter-deployment/]]|
|>|>||
|>|>|!Veilles hebdomadaires 'Cloud et Sécurité' / Weekly 'Cloud and Security' Watch |
|2021.02.08|Hackmageddon|[[16-31 January 2021 Cyber Attacks Timeline|https://www.hackmageddon.com/2021/02/08/16-31-january-2021-cyber-attacks-timeline/]]|
|2021.02.14|Marco Lancini|[[The Cloud Security Reading List #74|https://cloudseclist.com/issues/issue-74/]]|
|2021.02.10|TL;DR Security|[[#70 - Scaling Threat Modeling, Dependency Confusion, Automating Open Source Vulnerability Triage|https://tldrsec.com/blog/tldr-sec-070/]]|
|>|>||
|>|>|!Podcasts |
|2021.02.14|Cloud Security Podcast|[[Container Security in AWS at Scale - Ben Tomhave|https://anchor.fm/cloudsecuritypodcast/episodes/Container-Security-in-AWS-at-Scale---Ben-Tomhave-eqctd6]]|
|2021.02.11|Cyber Security Hub|[[Secure Cloud-First Enablement - TF7 Ep.169|https://www.cshub.com/executive-decisions/articles/secure-cloud-first-enablement]]|
|2021.02.10|SilverLining IL|[[Episode 34: PayPal Cloud Journey|https://silverlining-il.castos.com/episodes/episode-34-paypal-cloud-journey]]|
|>|>||
|>|>|!Réglementation / Regulatory |
|2021.02.10|Hunton|[[CIPL Submits Response to European Commission's Proposal for a Regulation on European Data Governance|https://www.huntonprivacyblog.com/2021/02/10/cipl-submits-response-to-european-commissions-proposal-for-a-regulation-on-european-data-governance/]]|
|>|>||
|>|>|!Marché / Market |
|2021.02.09|//Security Intelligence//|[[Cloud Security Considerations to Watch Out for During Mergers and Acquisitions|https://securityintelligence.com/posts/cloud-security-considerations-during-mergers-and-acquisitions/]]|
|>|>||
|>|>|!Acquisitions |
|2021.02.11|//Rewind//|[[Rewind Acquires BackHub and Expands Cloud Backup Portfolio Reach|https://rewind.com/blog/rewind-acquires-backhub-and-expands-cloud-backup-portfolio-reach/]]|
|>|>||
|>|>|!Divers / Miscellaneous |
|2021.02.14|Christophe Parisel|![[Why multi-Cloud is all but vain|https://www.linkedin.com/pulse/why-multi-cloud-all-vain-christophe-parisel/]] (2/2)|
|2021.02.12|Le Monde Informatique|[[Partie 1 : SASE : enfin une approche globale de la sécurité|https://www.lemondeinformatique.fr/les-dossiers/lire-sase-enfin-une-approche-globale-de-la-securite-1182.html]]|
|2021.02.12|Dark Reading|[[You've Got Cloud Security All Wrong: Managing Identity in a Cloud World|https://www.darkreading.com/cloud/youve-got-cloud-security-all-wrong-managing-identity-in-a-cloud-world/a/d-id/1340077]]|
|2021.02.12|//StackRox//|[[DevOps vs. DevSecOps - Here’s How They Fit Together|https://www.stackrox.com/post/2021/02/devops-vs-devsecops-heres-how-they-fit-together/]]|
|2021.02.12|//Crowdstrike//|[[How Identity Analyzer Improves Cloud Security|https://www.crowdstrike.com/blog/tech-center/identity-analyzer/]]|
|2021.02.11|//Security Intelligence//|[[5 Ways To Overcome Cloud Security Challenges|https://securityintelligence.com/articles/5-ways-overcome-cloud-security-challenges/]]|
|2021.02.11|//Exabeam//|[[Understanding Cloud DLP: Key Features and Best Practices|https://www.exabeam.com/dlp/cloud-dlp/]]|
|2021.02.11|//Aqua Security//|[[Cloud-Native Apps Make Software Supply Chain Security More Important Than Ever|https://www.darkreading.com/cloud-native-apps-make-software-supply-chain-security-more-important-than-ever/a/d-id/1340048]]|
|2021.02.10|The New Stack|[[Where Is Cloud Native Security Going in the Long Run?|https://thenewstack.io/where-is-cloud-native-security-going-in-the-long-run/]]|
|2021.02.10|//Tuffin//|[[CISA Makes Cloud Security Recommendations. How Tufin can Help|https://www.tufin.com/blog/cisa-cloud-security-recommendations]]|
|2021.02.10|//Security Intelligence//|[[Hiring Cloud Experts, Despite the Cybersecurity Skills Gap|https://securityintelligence.com/articles/how-to-hire-cloud-experts-despite-the-cybersecurity-skills-gap/]]|
|2021.02.09|//Crowdstrike//|Webcast [[How to Build an Effective Cloud Threat Intelligence Program in the AWS Cloud|https://www.sans.org/webcasts/build-effective-cloud-threat-intelligence-program-aws-cloud-117495]]|
|2021.02.08|//Shhgit//|[[Keep it secret. Keep it ... safe?|https://www.shhgit.com/blog/keep-it-secret-keep-it-safe/]]|
|2021.02.08|//HashiCorp//|[[Wait Conditions in the Kubernetes Provider for HashiCorp Terraform|https://www.hashicorp.com/blog/wait-conditions-in-the-kubernetes-provider-for-hashicorp-terraform]]|
<<tiddler [[arOund0C]]>>
!Une initiative pour fluidifier le site Web de la CSA
[>img(500px,auto)[iCSA/K2CAS.jpg]]Vous trouvez vous aussi que la présentation du site Web de la CSA pourrait être améliorée ? C'est le moment de donner votre avis !
La CSA lance un appel aux bonnes volontés avec la mise à disposition d'un outil graphique sur le site 'Proven By Users' permettant de trier des cartes.
Un certain nombre de cartes avc des sujets vous serons proposées. Vous devrez alors les regrouper en catégories qui vous sont le plus logiques.
Remarque : Si vous voulez conserver votre résultat, prenez une copie d'écran car une fois validé, il n'est pas possible de revenir en arrière.
Par ailleurs, il est conseillé de cliquer sur le bouton +++^*[Save for Later] [img[iCSF/K2CA1.jpg]] === afin de récupérer +++^*[l'adresse (temporaire)] [img[iCSF/K2CA2.jpg]] === de votre proposition.
Lien sur le site 'Proven By Users' → https://provenbyusers.com/cs.php?c=Ad2121714
PS. Et si vous avez aussi des idées d'amélioration pour le site du ''Chapitre Français'' de la CSA, faites nous le aussi savoir : [img(200px,auto)[iCSF/Email-CSA_FR.png]]<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #102|2021.02.07 - Newsletter Hebdomadaire #102]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #102|2021.02.07 - Weekly Newsletter - #102]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.02.07 - Newsletter Hebdomadaire #102]]>> |<<tiddler [[2021.02.07 - Weekly Newsletter - #102]]>> |
|>|<<tiddler [[2021.02.07 - Veille Hebdomadaire - 07 février]]>>|
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 1er au 7 février 2021
!!1 - Informations CSA - 1er au 7 février 2021
* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Formation[img[iCSF/flag_fr.png]]: prochaine session CCSK en français en mars 2021+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
* Blog[img[iCSF/flag_fr.png]]: Diffusion publique du 'Panorama des référentiels Sécurité du Cloud' du CLUSIF+++^*[»] <<tiddler [[2021.02.03 - Publication CLUSIF : 'Sécurité du Cloud : Panorama des référentiels']]>>===
* Blog CSA : Agenda de la transition vers CCM v4+++^*[»] <<tiddler [[2021.02.04 - Blog : Agenda de la transition CCM v3 vers CCM v4]]>>=== et 'Evolution of Cloud Computing and the Updated Shared Responsibility'+++^*[»] <<tiddler [[2021.02.04 - Blog : 'Evolution of Cloud Computing and the Updated Shared Responsibility']]>>===
* Publication CSA : 'Blockchains in the Quantum Era'+++^*[»] <<tiddler [[2021.02.05 - Publication CSA 'Blockchains in the Quantum Era']]>>===
* Podcast CSA : 'CCM and STAR'+++^*[»] <<tiddler [[2021.02.01 - Podcast : 'A case study – CCM and STAR']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 50 liens|2021.02.07 - Veille Hebdomadaire - 07 février]])
* __Attaques, Fuites de données__
** Attaques : Hildegard: New TeamTNT Malware Targeting Kubernetes (//Palo Alto Networks//) • Increasing OAuth O365 Phishing
** Fuites de données : Leaky Buckets Cloud Misconfigurations (Hackmageddon) • Data Breaches and Cyber Attacks in January 2021
* __Réponse aux incidents, Chasse__
** Réponse aux incidents : Evolution of Cloud Forensics and Incident Response
** Chasse : 'Blob Hunter to scan Azure blob storage accounts'
* __Rapports, Publications__
** Rapports: 'State of API Security' //Salt Security// • '2021 Container Security Survey' (//NeuVector//)
** Publications : NIST SP 800-171 Rev. 2 and SP 800-172 on the Protection of Controlled Unclassified Information
* __Cloud Services Providers, Outils__
** Azure : Azure AD Attack and Defense Playbook (Sami Lamppu) • PCI 3DS certification • New Azure AD Connect Releases
** GCP : Limiting public IPs
** Kubernetes : DNS Lookups in K8s Workloads (//CodeBurst//)
** Outils : Cloudlist • OpenCSPM • KubeLinter • Running Prowler from AWS CloudShell
* __Veilles 'Cloud et Sécurité'__
** TL;DR Security #69 • The Cloud Security Reading List #73 • Azure Active Directory security, SaltStack vulnerabilities analysis (//XMCO//)
* __Marché, Acquisitions__
** Marché : Microsoft Security Products vs. Other Cloud Security Products (//Managed Sentinel//)
** Acquisitions : //Alcide// by //Rapid7//
* __Divers__
** 'Understanding Cloud Misconfigurations - With Pizza and Lego' (//TrendMicro//)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L27/|https://CloudSecurityAlliance.fr/go/L27/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - February 1st to 7th, 2021
!!1 - CSA News and Updates - February 1st to 7th, 2021
* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Training[img[iCSF/flag_fr.png]]: Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
* Blog[img[iCSF/flag_fr.png]]: Availability of the 'Overview of the cloud Security Frameworks' document from CLUSIF+++^*[»] <<tiddler [[2021.02.03 - Publication CLUSIF : 'Sécurité du Cloud : Panorama des référentiels']]>>===
* CSA Blog : CCM v4 FAQ - Transition Timeline+++^*[»] <<tiddler [[2021.02.04 - Blog : Agenda de la transition CCM v3 vers CCM v4]]>>=== et 'Evolution of Cloud Computing and the Updated Shared Responsibility'+++^*[»] <<tiddler [[2021.02.04 - Blog : 'Evolution of Cloud Computing and the Updated Shared Responsibility']]>>===
* CSA Publication: 'Blockchains in the Quantum Era'+++^*[»] <<tiddler [[2021.02.05 - Publication CSA 'Blockchains in the Quantum Era']]>>===
* CSA Podcast: 'CCM and STAR'+++^*[»] <<tiddler [[2021.02.01 - Podcast : 'A case study – CCM and STAR']]>>===
!!2 - Cloud and Security News Watch ([[over 50 links|2021.02.07 - Veille Hebdomadaire - 07 février]])
* __Attacks, Leaks__
** Attacks: Hildegard: New TeamTNT Malware Targeting Kubernetes (//Palo Alto Networks//) • Increasing OAuth O365 Phishing
** Leaks: Leaky Buckets Cloud Misconfigurations (Hackmageddon) • Data Breaches and Cyber Attacks in January 2021
* __Incident Response, Hunting__
** Incident Response: Evolution of Cloud Forensics and Incident Response
** Hunting: Blob Hunter to scan Azure blob storage accounts
* __Reports, Surveys, Studies, Publications__
** Reports: 'State of API Security' //Salt Security// • '2021 Container Security Survey' (//NeuVector//)
** Publications: NIST SP 800-171 Rev. 2 and SP 800-172 on the Protection of Controlled Unclassified Information
* __Cloud Services Providers, Tools__
** Azure: Azure AD Attack and Defense Playbook (Sami Lamppu) • PCI 3DS certification • New Azure AD Connect Releases
** GCP: Limiting public IPs
** Kubernetes: DNS Lookups in K8s Workloads (//CodeBurst//)
** Tools: Cloudlist • OpenCSPM • KubeLinter • Running Prowler from AWS CloudShell
* __'Cloud and Security' Watch__
** Newsletters: TL;DR Security #69 • The Cloud Security Reading List #73 • Azure Active Directory security, SaltStack vulnerabilities analysis (//XMCO//)
* __Market, Acquisitions__
** Market: Microsoft Security Products vs. Other Cloud Security Products (//Managed Sentinel//)
** Acquisitions: //Alcide// by //Rapid7//
* __Miscellaneous__
** Understanding Cloud Misconfigurations - With Pizza and Lego (//TrendMicro//)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L27/|https://CloudSecurityAlliance.fr/go/L27/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 1er au 7 février 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Février|!Sources|!Titres et Liens|
|>|>|!Attaques, Fuites de données / Attacks, Leaks |
|>|>|''Attaques / Attacks'' |
|2021.02.05|Bleeping Computer|[[Microsoft warns of increasing OAuth Office 365 phishing attacks|https://www.bleepingcomputer.com/news/security/microsoft-warns-of-increasing-oauth-office-365-phishing-attacks/]]|
|2021.02.03|//Palo Alto Networks//|![[Hildegard: New TeamTNT Malware Targeting Kubernetes|https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/]] |
|2021.02.04|Security Week|[[New 'Hildegard' Malware Targets Kubernetes Systems|https://www.securityweek.com/new-hildegard-malware-targets-kubernetes-systems]]|
|2021.02.04|//Threatpost//|[[Microsoft Office 365 Attacks Sparked from Google Firebase|https://threatpost.com/microsoft-office-365-attacks-google-firebase/163666/]]|
|>|>|''Fuites de données / Leaks'' |
|2021.02.01|Hackmageddon|![[Leaky Buckets: a List of Cloud Misconfigurations|https://www.hackmageddon.com/2021/02/01/leaky-buckets-a-list-of-cloud-misconfigurations/]] |
|2021.02.01|Bleeping Computer|[[European volleyball org's Azure bucket exposed reporter passports|https://www.bleepingcomputer.com/news/security/european-volleyball-orgs-azure-bucket-exposed-reporter-passports/]]|
|2021.02.01|IT Governance|![[List of data breaches and cyber attacks in January 2021 – 878 million records breached|https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-january-2021]] ([[vidéo|https://www.youtube.com/watch?v=Ry-unoAaZRY]])|
|>|>||
|>|>|!Menaces / Threats |
|2021.02.02|//Security Trails//|[[Cloud Security Threats and How to Mitigate Them|https://securitytrails.com/blog/cloud-security-threats]]|
|>|>||
|>|>|!Réponse aux Incidents, Chasse / Incident Response, Hunting |
|>|>|''Réponse / Response'' |
|2021.02.03|//Infocyte//|[[Responding to Microsoft 365 Attacks|https://www.infocyte.com/blog/2021/02/03/responding-to-microsoft-365-attacks/]]|
|2021.02.01|//Optiv//|![[The Evolution of Cloud Forensics and Incident Response|https://www.optiv.com/explore-optiv-insights/source-zero/evolution-cloud-forensics-and-incident-response]]|
|>|>|''Chasse / Hunting'' |
|2021.02.03|//CyberArk//|![[Hunting Azure Blobs Exposes Millions of Sensitive Files|https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files]] |
|~|~|[[Blob Hunter: A tool for scanning Azure blob storage accounts for publicly opened blobs|https://github.com/cyberark/blobhunter]]|
|2021.02.03|Help Net Security| → [[Open-source tool BlobHunter helps pinpoint public Azure blobs that might contain sensitive files|https://www.helpnetsecurity.com/2021/02/08/open-source-tool-blobhunter-public-azure-blobs/]]|
|>|>||
|>|>|!Rapports, Publications / Reports, Publications |
|>|>|''Rapports / Reports'' |
|2021.01.03|//Radware//|[[The 2020 App Threats Landscape in Review|https://blog.radware.com/security/applicationsecurity/2021/02/the-2020-app-threats-landscape-in-review/]]|
|2021.01.03|//Salt Security//|[[State of API Security|https://content.salt.security/state-of-api.html]]|
|2021.02.03|Dark Reading| → [[Concerns Over API Security Grow as Attacks Increase|https://www.darkreading.com/application-security/concerns-over-api-security-grow-as-attacks-increase/d/d-id/1340054]]|
|2021.02.03|Help Net Security| → [[API security concerns hindering new application rollouts|https://www.helpnetsecurity.com/2021/02/04/api-security-concerns-hindering-new-application-rollouts/]]|
|2021.02.03|//NeuVector//|[[2021 Container Security Survey|https://neuvector.com/slider-ebooks-guides/2021-container-security-survey/]]|
|2021.02.03|Help Net Security|[[Container security is a priority, but who’s responsibility is it?|https://www.helpnetsecurity.com/2021/02/03/container-security-responsibility/]]|
|>|>|''Publications'' |
|2021.02.03|NIST|![[NIST Offers Tools to Help Defend Against State-Sponsored Hackers|https://www.nist.gov/news-events/news/2021/02/nist-offers-tools-help-defend-against-state-sponsored-hackers]] |
|2021.02.03|NIST| → [[SP 800-171 Rev. 2: Protecting Controlled Unclassified Information in Nonfederal and Organizations|https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final]] ([[pdf|https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf]])|
|2021.02.03|NIST| → [[SP 800-172: Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171|https://csrc.nist.gov/publications/detail/sp/800-172/final]] ([[pdf|https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-172.pdf]])|
|>|>||
|>|>|!Cloud Services Providers, Outils / CSPs, Tools |
|>|>|''AWS (Amazon)'' |
|2021.02.02|//Amazon AWS//|[[AWS PrivateLink for Amazon S3 is Now Generally Available|https://aws.amazon.com/blogs/aws/aws-privatelink-for-amazon-s3-now-available/]]|
|2021.02.02|//Amazon AWS//|[[Amazon Macie announces a slew of new capabilities including support for cross-account sensitive data discovery, scanning by Amazon S3 object prefix, improved pre-scan cost estimation, and added location detail in findings|https://aws.amazon.com/about-aws/whats-new/2021/02/amazon-macie-announces-new-capabilities/]]|
|>|>|''Azure (Microsoft)'' |
|2021.02.03|Sami Lamppu|[[Community Project: Azure AD Attack and Defense Playbook – Part 2|https://samilamppu.com/2021/02/05/community-project-azure-ad-attack-and-defense-playbook-part-2/]] (2/2)|
|2021.02.04|Thomas Stringer|[[Renew Azure Key Vault Certificates from Let's Encrypt|https://trstringer.com/renew-key-vault-certificate/]]|
|2021.02.04|//Microsoft Azure//|[[Azure DDoS Protection—2020 year in review|https://azure.microsoft.com/en-gb/blog/azure-ddos-protection-2020-year-in-review/]]|
|2021.02.03|//Microsoft Azure//|[[Centralize your security response with Azure Sentinel & PagerDuty|https://techcommunity.microsoft.com/t5/azure-sentinel/centralize-your-security-response-with-azure-sentinel-amp/ba-p/2110228]]|
|2021.02.03|//Microsoft Azure//|[[Azure achieves its first PCI 3DS certification|https://azure.microsoft.com/en-us/updates/azure-achieves-its-first-pci-3ds-certification/]]|
|2021.02.03|//Microsoft Azure//|[[Strengthen your hybrid identity with these new Azure AD Connect releases|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/strengthen-your-hybrid-identity-with-these-new-azure-ad-connect/ba-p/1994721]]|
|2021.02.02|//Microsoft Azure//|![[Azure Sentinel All-In-One Accelerator|https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-all-in-one-accelerator/ba-p/1807933]]|
|2021.02.02|Container Journal|[[Containers on Azure: Tips and Tricks|https://containerjournal.com/topics/containers-on-azure-tips-and-tricks/]]|
|2021.02.01|//XM Cyber//|[[Office 365 – The Attacker Perspective|https://www.xmcyber.com/office-365-the-attacker-perspective/]]|
|>|>|''GCP (Google)'' |
|2021.02.04|//Goocle Cloud//|[[Centrally Managing Artifact Registry Container Image Vulnerabilities on Google Cloud: Part One|https://medium.com/google-cloud/centrally-managing-artifact-registry-container-image-vulnerabilities-on-google-cloud-part-one-d86fb4791601]] (1/2)|
|2021.02.02|//Goocle Cloud//|[[The cloud trust paradox: 3 scenarios where keeping encryption keys off the cloud may be necessary|https://cloud.google.com/blog/products/identity-security/3-scenarios-where-keeping-encryption-keys-off-the-cloud-may-be-necessary]]|
|2021.02.01|//Goocle Cloud//|[[Limiting public IPs on Google Cloud|https://cloud.google.com/blog/topics/developers-practitioners/limiting-public-ips-google-cloud]]|
|>|>|''Kubernetes'' |
|2021.02.07|//CodeBurst//|![[DNS Lookups in Kubernetes Workloads|https://codeburst.io/dns-lookups-in-kubernetes-workloads-9fcb567f4be5]] |
|2021.02.01|Container Journal|[[How to Implement Disaster Recovery for Kubernetes|https://containerjournal.com/topics/disaster-recovery-for-kubernetes/]]|
|2021.02.03|//Intezer//|[[Do You Really Need Kubernetes?|https://www.intezer.com/blog/container-security/do-you-really-need-kubernetes/]]|
|2021.02.01|//NeuVector//|[[4 questions you aren’t asking about Kubernetes security|https://blog.neuvector.com/article/4-questions-you-arent-asking-about-kubernetes-security]]|
|>|>|''Docker'' |
|2021.02.03|Madhu Akula|[[A Practical Guide to Writing Secure Dockerfiles|https://speakerdeck.com/madhuakula/a-practical-guide-to-writing-secure-dockerfiles-wearedevelopers-container-day-2021]] ([[présentation|https://files.speakerdeck.com/presentations/32b54684103e49208520072956e88563/A-practical-guide-to-writing-secure-Dockerfiles-Madhu-Akula-WeAre-Developers.pdf]])|
|>|>|''Outils / Tools'' |
|2021.02.05|Kitploit|[[Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers|https://www.kitploit.com/2021/02/cloudlist-tool-for-listing-assets-from.html]]|
|2021.02.03|Kitploit|[[OpenCSPM - Open Cloud Security Posture Management Engine|https://www.kitploit.com/2021/02/opencspm-open-cloud-security-posture.html]]|
|2021.02.03|nixCraft|[[Linode cloud firewall: Do you need it to protect the Linux server?|https://www.cyberciti.biz/reviews/linode-cloud-firewall-do-you-need-it-to-protect-the-linux-server/]]|
|2021.02.03|//StackRox//|[[What is KubeLinter?|https://www.stackrox.com/post/2021/02/what-is-kubelinter/]]|
|2021.01.02|Hakin9|[[How XDR Can Address Cloud Security Challenges by Gilad David Maayan|https://hakin9.org/how-xdr-can-address-cloud-security-challenges/]]|
|2021.01.02|Toni de la Fuente|[[Run Prowler from AWS CloudShell in seconds|https://blyx.com/2021/02/02/run-prowler-from-aws-cloudshell-in-seconds/]]|
|>|>||
|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts / Weekly 'Cloud and Security' Watch, Podcasts |
|>|>|''Veilles / Newsletters'' |
|2021.02.05|//XMCO//[img[iCSF/flag_fr.png]]|[[ActuSécu #55|https://www.xmco.fr/actu-secu/XMCO-ActuSecu-55-Azure-Phishing-SaltStack.pdf]] : Comprendre l'architecture et la sécurité d'Azure Active Directory, Analyse des vulnérabilités SaltStack (CVE-2020-11651 et CVE-2020-11652|
|2021.02.07|Marco Lancini|[[The Cloud Security Reading List #73|https://cloudseclist.com/issues/issue-73/]] |
|2021.02.03|TL;DR Security|[[#69 - Cloud Security Table Top Exercises, Finding RCE in ExpressJS, InSpec for GKE|https://tldrsec.com/blog/tldr-sec-069/]]|
|>|>|''Podcasts'' |
|2021.02.07|Cloud Security Podcast|[[Cloud Security in $25 Billion dollar Company - Siemens USA|https://anchor.fm/cloudsecuritypodcast/episodes/Cloud-Security-in-25-Billion-dollar-Company---Siemens-USA-eq2c0thttps://anchor.fm/cloudsecuritypodcast/episodes/Cloud-Security-in-25-Billion-dollar-Company---Siemens-USA-eq2c0t]] ([[notes|https://anchor.fm/dashboard/episode/eavn9r/metadata/www.cloudsecuritypodcast.tv]])|
|>|>||
|>|>|!Conformité / Compliance |
|2021.02.02|//Tripwire//|[[How the CIS Foundations Benchmarks Are Key to Your Cloud Security|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cis-foundations-benchmarks-key-cloud-security/]]|
|>|>||
|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|''Marché / Market'' |
|2021.02.02|//Managed Sentinel//|![[Microsoft Security Products vs. Other Cloud Security Products|https://www.managedsentinel.com/2021/02/02/microsoft-vs-other-cloud/]] ([[Iconographie|https://www.managedsentinel.com/wp-content/uploads/2021/02/microsoft_security_vs_other_cloud_security.png]])|
|>|>|''Acquisitions'' |
|2021.02.01|//Rapid7//|[[Rapid7 Acquires Leading Kubernetes Security Provider, Alcide|https://blog.rapid7.com/2021/02/01/rapid7-acquires-leading-kubernetes-security-provider-alcide/]]|
|2021.02.01|MSSP Alert| → [[Rapid7 Acquires Israeli Kubernetes Security Provider Alcide|https://www.msspalert.com/investments/rapid7-acquires-alcide/]]|
|2021.02.03|Container Journal| → [[Rapid7 Acquires Alcide in Bid to Unify Security|https://containerjournal.com/topics/container-security/rapid7-acquires-alcide-in-bid-to-unify-security/]]|
|>|>||
|>|>|!Divers / Miscellaneous |
|>|>|''APIs'' |
|2021.02.01|//Nuageo//[img[iCSF/flag_fr.png]]|![[API : Véritable moteur de la Transformation Numérique|https://www.nuageo.fr/2021/02/api-veritable-moteur-de-la-transformation-numerique/]] |
|2021.02.05|//Imperva//API Security Checks in the Post-Pandemic World|https://www.imperva.com/blog/api-security-checks-in-the-post-pandemic-world/]]|
|2021.02.02|//CloudVector//|[[Amazon Ring APIs suffer from Excessive Data Exposure|https://www.cloudvector.com/amazon-ring-apis-suffer-from-excessive-data-exposure/]]|
|>|>|''Divers / Miscellaneous'' |
|2021.02.03|//TrendMicro//|![[Understanding Cloud Misconfigurations - With Pizza and Lego|https://www.trendmicro.com/en_us/research/21/b/understanding-cloud-misconfigurations-with-pizza-and-lego.html]]|
|2021.02.05|//Security Intelligence//|[[Remote Work Trends: How Cloud Computing Security Changed|https://securityintelligence.com/articles/2020-remote-work-trends-cloud-computing-security-changed/]]|
|2021.02.03|//HashiCorp//|[[Gating Access to Kubernetes API & Workloads with HashiCorp Boundary|https://www.hashicorp.com/blog/gating-access-to-kubernetes-with-hashicorp-boundary]]|
|2021.02.01|//Crowdstrike//|[[How to Build an Effective Cloud Threat Intelligence Program in the AWS Cloud|https://www.sans.org/reading-room/whitepapers/analyst/membership/40115]]|
<<tiddler [[arOund0C]]>>
!//Blockchains in the Quantum Era//
<<<
[>img(200px,auto)[iCSA/L25PB.png]]//Digital Ledger Technologies (DLT) such as blockchain are being deployed as part of diverse applications that span multiple market segments. Application developers have successfully leveraged the blockchain characteristics of decentralization, immutability, cryptographic security and transparency to create the solution benefits of redundancy, non-repudiation and enhanced auditing/compliance. Blockchain infrastructures make very extensive use of digital signature algorithms, hashing algorithms and public-key cryptography. The rapid pace of progress that is being experienced with quantum computing technology has made the prospect of quantum computer cyber-attacks a very real possibility.
Initiatives are therefore underway to augment today’s DLT/blockchain infrastructures with cryptographic algorithms that are highly resistant to quantum computer attack. These post-quantum algorithms are based on computational problems that are known to be very difficult for quantum computers to solve by using either Shor’s algorithm or Grover’s algorithm. This paper provides an introduction to DLT/blockchain technology, some of its representative applications, and an overview of the leading post-quantum algorithm candidates that are actively being pursued.//
<<<
!!!Liens
* Annonce et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/blockchains-in-the-quantum-era/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/download/artifacts/blockchains-in-the-quantum-era/
* Article de Blog ⇒ https://cloudsecurityalliance.org/blog/2021/02/09/can-blockchains-survive-the-quantum-computer/
<<tiddler [[arOund0C]]>>
!//CCM v4 FAQ - Transition Timeline//
<<<
[>img(150px,auto)[iCSA/L1LBT.png]]//On January 21st CSA released +++^*[version 4 of the Cloud Controls Matrix (CCM)] https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/ ===. The new version ensures coverage of requirements deriving from new cloud technologies, new controls and enhanced interoperability and compatibility with other standards.
In this blog we will discuss the transition timeline for when organizations using the CCM in other CSA programs will need to start using version 4. We will also share the release timeline for the other CCM v4 components and answer questions around how the new version will affect:
* Mappings with standards
* Security Trust and Assurance Registry (STAR)
* Consensus Assessment Initiative Questionnaire (CAIQ)
* Certificate of Cloud Security Knowledge (CCSK)
!!CCM v4 Components Release Timeline [>img(600px,auto)[iCSA/L24B1.jpg]]
Q: When will the CCM v4 mappings to other leading standards be available for usage?
A: The first set of mappings with +++^*{CCM v3.0.1] https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v3-0-1/ ===, ISO27001/17/18 and AICPA TSP will be released in February 2021.
Other mappings will be released later within the timeframe from September to December. CSA will be working to create additional mapping to relevant standards, best practices, laws and regulations (e.g., NIST 800-53 Rev 5, ENISA Security Controls for Cloud Services, CIS Controls, PCI-DSS).
Q: When will the other columns indicating the relevance of each control for the architectural type and cloud service delivery model be released?
[img(750px,auto)[iCSA/L24B2.jpg]]
A: The control applicability matrix columns which help define the attribution of responsibilities between cloud service providers and customers will be released in early Q2 2021.
The organizational relevance columns, which help define the organizational relevance of each control based on work done by the CSA Enterprise Architecture working group is expected to be released in early Q2 2021.
Q: When will CAIQ v4 be released?
A: The fourth version of Consensus Assessment Initiative Questionnaire (CAIQ) will be released April 2021. This questionnaire accompanies the CCM and provides questions that vendors can answer to ascertain if they comply with the CCM.
Q: When will the implementation and auditing guidelines be released?
A: The CCM v4 Implementation guidelines will be released in April. The implementation guidelines are a new addition to the CCM, their goal is to explain how to use the CCM and to support the users in better understanding and implementing the CCM controls. The implementation of CCM controls in a specific technological environment (e.g. AWS, Azure, GCP, etc) are beyond the scope of the Implementation Guidelines and for that purpose we encourage the users to collaborate with their peers in the dedicated CCM User Group in Circle.
In June/July the Auditing Guidelines will be released. Similarly to the Implementation Guidelines, the Auditing Guidelines are a new additional component to the CCM. They will explain how to approach the auditing and assessment of CCM controls and provide support to the auditors and auditees alike on how to evaluate the correct adoption of CCM controls.
Q: When will CCM Lite be released?
A: In Fall (September-December) the CCM Lite will be released. The CCM Lite is a lightweight version of CCM which contains the foundational controls that any CSP regardless of their delivery model approach, size, complexity of the operations should implement, no matter what.
!!STAR Program Transition Timeline [>img(600px,auto)[iCSA/L24B3.jpg]]
* May 2021: CSA will start accepting both V4 and V3.0.1 for all STAR Levels.
* October 2021: STAR Level 2 will only accept V4 for all new submissions
* May 2022: STAR Level 1 will start accepting only V4 for all submissions.
* June 2023: STAR Level 2 will require all submissions to be V4.
Q: When will it be possible to use version 4 of the CAIQ and CCM for STAR Submissions? When will v3.0.1 no longer be accepted?
A: Until January 2022 we'll accept both V3.0.1 and V4. After January 2022, all the new submissions (i.e. those services that are joining the STAR Registry for the first time) shall be done using V4. The companies/services that were in the registry prior to January 2022, have a two year transition period (until January 2023) to switch to the new version.
Q: Will CCM v4 be used now for the STAR attestation or Certifications? Or is CCM v3.0.1 still accepted?
A: See the previous answer, while both versions are currently accepted, we strongly encourage organizations to adopt V4 as soon as possible.
Q: Will CCM v4 impact the CCSK?
A: For the time being the +++^*[CCSK curriculum] https://cloudsecurityalliance.org/education/ccsk/ === and exam will remain as is, and +++^*[CCM v4] https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/ === won't affect it in any way. This means when taking the exam, if you have a question related to the CCM (for example: the number of domains), it will still refer to CCM v3.0.1.//
<<<
!!Liens
* Blog ⇒ https://cloudsecurityalliance.org/blog/2021/02/04/ccm-v4-faq-transition-timeline/
* Téléchargement ''CCM v4'' (format XLSX) ⇒ https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/
!//The Evolution of Cloud Computing and the Updated Shared Responsibility//
Article publié le 4 février 2021 — Rédigé par Vishwas Manral, Founder and CEO chez +++^*[NanoSec] https://nanosec.io/ ===, CSA Silicon Valley Chapter.
<<<
//Cloud computing has changed over the last 10 years. This blog captures the reason why the original service models are no longer sufficient as a result of the changes in the cloud landscape with the growth of Containers, Functions, Low Code and No-code.
This blog also discusses the shared responsibility models for various different paradigms and examines where we are headed in the future.
!!Background of Service Models (SaaS, PaaS, and IaaS)
The National Institute of Standards and Technology's (NIST) provided a definition of cloud computing comprising of three service models, four deployment models, and five essential characteristics in 2011 (NIST Special Publication 800-145).
The document was intended to serve as a means for providing standards and guidelines, especially when comparing cloud services and deployment strategies, and to provide a baseline on the best uses of cloud computing.
The three service models were SaaS (Software-as-a-Service), PaaS (Platform-as-a-Service), and IaaS (Infrastructure-as-a-service). This was the past and the models need to evolve to encompass the new platforms.
!!Innovation and Software Development as a Key Change Driver
Bringing new and differentiated value to the marketplace is now a competitive necessity and enterprises that are best organized to deliver on innovation quicker in a repeatable manner are the market leaders. Enterprise deployment of cloud computing has matured and changed with the urgency to bring new value and software being the change driver.
This is true for the infrastructure layer, the service layer and the application layer, where we have seen a proliferation of containers, the rise of Kubernetes (K8s), the advent of edge computing, and the broad adoption of serverless architecture, all in service of developers to enable them to bring value to the marketplace faster.
''Trying to fit the new architectures into the 2011 SaaS-PaaS-IaaS framework, is like fitting a square peg in a round hole!''
!!New Service Models
At its core, a *cloud* shared responsibility model provides clear demarcation in duties between the cloud providers (Amazon Web Services, Microsoft Azure, Google Cloud Platform, or more generically the platform providers) and cloud consumers or the application owners (enterprises and startups alike).
The diagram below shows the differences in responsibility across the various service models, that we see now.
Some key points:
* Slowly more and ''more responsibility is being taken up by the platform providers'', reliving the application owners of non-application logic centric responsibilities.
* As one move to the right there is ''a reduction in operations cost and overhead as the platform provider takes up more responsibility''.
* As we reach platforms like NoCode/ SaaS the developer responsibilities themselves are reduced. Leading to ''the rise of a new level of developers, who are not hardcore coders''.
The new service models that have evolved since, besides the IaaS, PaaS and SaaS are defined below.
[img(75%,auto)[iCSA/L24B1.png]]
!!Managed K8s as a Service (K8s-aaS)
Managed Kubernetes is the most widely used Managed Service Control Plane as a service (CPaaS) provided by most cloud providers. In this case the Kubernetes control plane is managed by the platform provider with some control plane (aka K8s Master node) configuration optionally provided by the application owner. The lifecycle of the data plane and managing it, is done by the application owner.
This works best when the application has specific needs from the data plane, cost optimal scale-out is a bigger consideration than additional operational overhead or when the application needs to be a multi-cloud portable application.
Examples are Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE). AWS Elastic Compute Service (ECS) is an example of a non-Kubernetes managed control plane service.
!!Container-as-a-Service (CaaS)
In the case of CaaS, the application owner provides the application containers, and the platform provider manages both the control and the data plane. This means application users do not need to manage the servers (VMs), the scaling and patching of the Host OS or the bringing up and down of the servers, on top of all the functions provided by the CPaaS.
These services are also termed serverless because the application owner is relieved of a lot of the server management responsibilities. The services are best suited for cases where it’s not an event drive architecture and the application owner is less sensitive to scale out costs.
Examples of Containers-as-a-Service (CaaS) solutions are solutions like Amazon Web Services (AWS) Fargate (both ECS Fargate and EKS Fargate), Azure Container Instances (ACI), and Google CloudRun.
!!Function-as-a-Service (FaaS)
In the case of FaaS, the application owner provides business logic, along with layers in which to run the function. These functions are built, packaged and run by the service provider. The service control plane and data plane are fully taken care of by the service provider.
This service is best suited for event driven stateless applications.
Examples of this service are AWS Lambda, Azure Functions and Google Cloud Functions.
!!NoCode-as-a-Service (NCaaS)
In NCaaS the code logic is provided by application owner. The service provider generates code from the specification and configuration, then builds, packages and runs the software.
Another similar but slightly different version of this is Low-Code-as-a-Service (LCaaS).
As there is little coding involved, these platforms are best designed for even non-technical users to create applications. This will see tremendous growth in the coming years and cause a huge growth in software developers.
Examples of this service are Azure Power Apps, Google AppSheet and AWS Honeycode.
!!Serverless
Serverless platforms enable developers to develop and deploy faster, allowing an easy way to move to cloud native services without having to manage infrastructure - including container clusters or virtual machines.
Examples: In the above model CaaS/ FaaS and NCaaS platforms would be treated as Serverless.
!!Selecting a platform for your applications
The below diagram provides a summary of how an application owner can decide which cloud platform to use for their services.
[img(75%,auto)[iCSA/L24B2.png]]
!!Summary
In summary, the future landscape of applications is very diverse, highly hybrid and multi-cloud. Enterprise cloud computing platforms will include a vast variety of infrastructure, service layers and APIs including serverless and server apps, on-premises and cloud.
There isn’t going to be a “one-size fits all” model or a single rule of the thumb. In true cloud fashion, it’s an agile and elastic decision to support a scalable and secure environment that evolves as organizations change.
//[...]
<<<
!!Liens
* Blog ⇒ https://cloudsecurityalliance.org/blog/2021/02/04/the-evolution-of-cloud-computing-and-the-updated-shared-responsibility/
!//Sécurité du Cloud : Panorama des référentiels//
[>img(150px,auto)[iCSF/CLUSIF.png]]Le 16 juillet 2020, le CLUSIF a publié pour ses membres u ncomparatif des référentiels de sécurité du cloud.
Initialement réservé à ses membres, il vient d'être publié ce début Février 2021. La présentation qui en est faite sur le site du CLUSIF est la suiante :
!Extrait
<<<
//Le groupe de travail "Cloud & Sécurité" du CLUSIF, composé d’un panel hétérogène de professionnels de la sécurité des systèmes d’information a été créé dans le but d’approfondir le sujet de la sécurité dans le cloud, et plus spécifiquement dans un contexte de projet cloud. Dans le cadre de sa réflexion pour le choix du livrable final, le groupe de travail a entrepris en amont de recenser et de passer en revue les documents existants en langue française ou anglaise, publiés avant juin 2019, et pouvant être potentiellement utiles pour traiter le sujet de la sécurité dans le cadre d’un projet cloud.
L’objectif était à la fois de permettre à tous ceux intéressés par ce sujet de disposer d’un état des lieux précis de l’existant, mais également d’identifier de potentielles zones peu ou non encore couvertes qui pourraient faire l’objet d’un second livrable. Signalons que la quasi-totalité des documents identifiés comme pertinents par le groupe de travail a été publiée par des organismes étatiques ou par de grandes organisations.
Chaque lecteur avait pour mission, d’une part, de remplir une fiche de lecture dont le but était de permettre aux personnes intéressées par un document d’avoir un aperçu de ce qu’ils pouvaient en attendre et, d’autre part, d’attribuer une note de pertinence par rapport à l’objet du groupe de travail, en lien avec les domaines couverts par le document, parmi une liste préétablie : gouvernance, relations avec les tiers, management du risque, etc. Afin de donner un avis aussi objectif que possible, les documents jugés pertinents par le premier lecteur ont, dans la mesure du possible, été lus par un second lecteur qui, à son tour, a rédigé une fiche de lecture.
Les notes de pertinence ont été attribuées en utilisant la matrice suivante :
|[img[iCSF/Star_5.gif]]|Document incontournable|
|[img[iCSF/Star_4.gif]]|Document qui aborde des sujets/thèmes non expliqués dans les autres documents|
|[img[iCSF/Star_3.gif]]|Document de référence, utile et qui contient un ensemble de bonnes pratiques|
|[img[iCSF/Star_2.gif]]|Document dont le contenu est mieux traité dans d’autres documents existants|
|[img[iCSF/Star_1.gif]]|Document trop spécifique à une certaine population|
Deux documents sont sortis du lot et ont obtenu le statut d’incontournable avec une note de « 5 étoiles » :
* CSA Security Guidance for Critical Areas of Focus in Cloud Computing Sunflower v4.0 édité par la Cloud Security Alliance : référentiel très complet balayant tous les aspects du cloud à la fois sur le plan fonctionnel et technique ;
* ISO 27005 : 2018 – Gestion des risques liés à la sécurité de l’information, édité par l’ISO IEC et traitant de la gestion des risques, qui, bien que non spécifique au cloud constitue un point crucial dans ce contexte.
//[...]
<<<
!Tableau de synthèse des fiches de lecture
| [img(150px,auto)[iCSF/CLUSIF.png]]
''Sécurité du Cloud :
Panorama des référentiels'' |writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Pages|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Langue|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Publié par|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Note / Pertinence|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Gouvernance|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Architecture et conception|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Expertises en cybersécurité|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Modélisation et cartographie|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Intégration et déploiement|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Relation avec les tiers /
externalisation des services|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Management du risque
et classification|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Maintien en condition de
cybersécurité|writing-mode:vertical-rl;-ms-writing-mode:vertical-rl;!Etude de cas
|
|Security Guidance for Critical Areas of
Focus in Cloud Sunflower (v4)| 153|EN|Cloud Security
Alliance|[img[iCSF/Star_5.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|ISO 27005:2018 Technologies de l'information
Techniques de sécurité
Gestion des risques liés à la sécurité de
l'information| 57|FR|ISO IEC|[img[iCSF/Star_5.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|Matrix CAIQ - Consensus Assessments
Initiative Questionnaire v3.1||EN|Cloud Security
Alliance|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|Prestataires de services d’informatique en
nuage (SecNumCloud)
Référentiel d'exigences| 49|FR|ANSSI|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|Maîtriser les risques de l'infogérance /
Guide Externalisation| 56|FR|ANSSI|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|BITS Framework for managing technology
risk for service provider relationships| 130|EN|BITS|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|bgcolor:#0F0; X |
|ISO 27001:2013 Technologies de l'information
Techniques de sécurité
Systèmes de management de la sécurité de
l'information -- Exigences| 23|FR|ISO IEC|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|!|!|!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|ISO 27002:2013 Technologies de l'information
Techniques de sécurité
Code de bonne pratique pour le management de
la sécurité de l'information| 104|FR|ISO IEC|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|!|!|!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|Criteria Catalogue for Cloud Services - Trusted Cloud| 79|EN|BMWi|[img[iCSF/Star_4.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|Recommandations pour les entreprises qui envisagent
de souscrire à des services de Cloud computing| 21|FR|CNIL|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |!|bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|Cloud Computing Security Risk Assessment| 125|EN|ENISA|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|Cloud Computing Security Risk Assessment Update| 50|EN|ENISA|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|Recommandations relatives à l'administration
sécurisée des systèmes d'information| 68|FR|ANSSI|[img[iCSF/Star_3.gif]]|!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |
|ISO 27017:2015 Technologies de l'information
Techniques de sécurité
Code de pratique pour les contrôles de sécurité de
l'information fondés sur l'ISO 27002 pour les
services du nuage| 39|EN|ISO IEC|[img[iCSF/Star_3.gif]]|!|!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|
|ISO 27018:2019 Technologies de l'information
Techniques de sécurité
Code de bonnes pratiques pour la protection des
informations personnelles identifiables (PII)
dans l'informatique en nuage public agissant
comme processeur de PII| 23|EN|ISO IEC| [img[iCSF/Star_3.gif]]|!|!|!|!|!|bgcolor:#0F0; X |!|!|!|
|ISO 27701:2019 Technologies de l'information
Techniques de sécurité
Extension d'ISO/IEC 27001 et ISO/IEC 27002 au
management de la protection de la vie privée
Exigences et lignes directrices| 66|EN|ISO IEC|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|
|PCI-DSS - Payment Card Industry Data Security
Standard v3.2.1| 139|EN|PCI SSC|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|HDS - Hébergeur de Données de Santé| 20|FR|ASIP Santé|[img[iCSF/Star_3.gif]]|!|!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|
|NIST SP 800-144 - Guidelines on Security and
Privacy in Public Cloud Computing| 70|EN|NIST|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|
|BSI - C5 Compliance Control Catalogue| 70|EN|BSI|[img[iCSF/Star_3.gif]]|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|CCAG-TIC : Cahier des clauses administratives
générales applicables aux Techniques de
l’Information et de la Communication| 39|FR|Marche-public.fr|[img[iCSF/Star_2.gif]]|!|!|!|!|!|!|!|!|!|
|Trusted Cloud Data Protection Profile for Cloud
Services| 44|EN|BMWi|[img[iCSF/Star_2.gif]]|bgcolor:#0F0; X |!|bgcolor:#0F0; X |!|!|bgcolor:#0F0; X |bgcolor:#0F0; X |bgcolor:#0F0; X |!|
|Cloud Security Report 2018| 37|EN|Cybersecurity Insiders|[img[iCSF/Star_1.gif]]|!|!|!|!|!|!|!|!|!|
|| | | | | | | | | |
__Liens :__
* Annonce → https://clusif.fr/publications/securite-du-cloud-panorama-des-referentiels/
* Document → https://clusif.fr/wp-content/uploads/2021/02/20200701-Cloud-et-securite-Panorama-des-referentiels.pdf
!"//A case study – CCM and STAR – Integrating with third-party assessments and regulations to avoid duplication of effort and cost//"
[>img(150px,auto)[iCSA/CSAsecUpd.jpg]]Podcast de la série "[[CSA Security Update]]" publié le 1er février 2021 — Invité : Chris Dixon; Governance, Risk & Compliance Manager at TokenEx//
<<<
The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance, and Risk (STAR) registry. The STAR program promotes flexible, incremental, and multi-layered certifications that integrate with popular third-party assessments to avoid duplication of effort and cost. Security providers can fill out the extended question set that aligns with the CCM and send it to potential and current clients to demonstrate compliance to industry standards, frameworks, and regulations. It is recommended that providers submit the completed CAIQ to the STAR Registry so it is publicly available to all clients.
Join us as we interview Chris Dixon; Governance, Risk & Compliance Manager at TokenEx and listen as he takes us on their journey utilizing the CCM and STAR including
* What problems does it solve or how did it help mitigate risk?
* How has using the CCM helped Tokenex reach some of its security targets?
* What are the major benefits?
<<<
//__Liens :__
* Annonce → https://www.buzzsprout.com/303731/7610968-a-case-study-ccm-and-star-integrating-with-third-party-assessments-and-regulations-to-avoid-duplication-of-effort-and-cost
* Podcast → https://www.buzzsprout.com/303731/7610968-a-case-study-ccm-and-star-integrating-with-third-party-assessments-and-regulations-to-avoid-duplication-of-effort-and-cost.mp3
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202101>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202101>>
<<tiddler fAll2Tabs10 with: VeilleM","_202101>>
|!Date|!Sources|!Titres et Liens|!Keywords|
|2021.01.08|CISA|[[Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments |https://us-cert.cisa.gov/ncas/alerts/aa21-008a]]|Alert|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - janvier 2021]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202101>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - janvier 2021]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - janvier 2021]]>><<tiddler fAll2LiTabs13end with: 'Actu","202101'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202101'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - janvier 2021]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202101'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - janvier 2021]]>>
!//CCSK Success Stories: from a Cybersecurity Engineer//
[>img(150px,auto)[iCSA/K4QCCSK.png]]^^Article publié le 31 janvier 2021 sur le blog de la CSA
__Lien :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/31/ccsk-success-stories-from-a-cybersecurity-engineer/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Workload Security: Part 4 - Explaining the Security Features of GCP//
[>img(150px,auto)[iCSA/L1SBC.jpg]]^^Article publié le 28 janvier 2021 sur le blog de la CSA, et le 20 janvier sur celui de la société Intezer.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/28/cloud-workload-security-part-4-explaining-the-security-features-of-gcp/
* Blog Intezer → https://www.intezer.com/blog/cloud-security/cloud-workload-security-part-4-explaining-the-security-features-of-gcp/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Help CSA Develop a New SDP Training - Join the SDP Expert Group//
[>img(150px,auto)[iCSA/L1PBG.jpg]]^^Article publié le 25 janvier 2021 sur le blog de la CSA, et le 20 janvier sur celui de la société Ericom.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/25/google-report-highlights-malware-targeting-browser-vulnerabilities/
* Blog Ericom → https://blog.ericom.com/google-security-researchers-highlight-malware-targeting-browser-vulnerabilities/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Help CSA Develop a New SDP Training - Join the SDP Expert Group//
[>img(150px,auto)[iCSA/L1OBH.png]]^^Article publié le 24 janvier 2021 sur le blog de la CSA.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/24/help-csa-develop-a-new-sdp-training-join-the-sdp-expert-group/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//NACHA Updates: Supplementing Data Security Requirements//
[>img(150px,auto)[iCSA/L1JBN.jpg]]^^Article publié le 19 janvier 2021 sur le blog de la CSA
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/19/nacha-updates-supplementing-data-security-requirements/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//CCSK Success Stories: CSA Japan Chapter Executive Director//
[>img(150px,auto)[iCSA/K4QCCSK.png]]^^Article publié le 13 janvier 2021 sur le blog de la CSA
__Lien :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/13/ccsk-success-stories-csa-japan-chapter-executive-director/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//SolarWinds, GitHub Leaks and Securing the Software Supply Chain//
[>img(150px,auto)[iCSA/L1BBS.jpg]]^^Article publié le 11 janvier 2021 sur le blog de la CSA, et sur le site de Blubracket le 17 décembre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/11/solarwinds-github-leaks-and-securing-the-software-supply-chain/
* Site Blubracket ⇒ https://blubracket.com/solarwinds-github-leaks-and-securing-the-software-supply-chain/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Lessons Learned from GoDaddy's Email Phishing Simulation Debacle//
[>img(150px,auto)[iCSA/L18BL.jpg]]^^Article publié le 8 janvier 2021 sur le blog de la CSA, rédigé par Omer Taran, //Co-founder & CTO, CybeReady//
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/08/lessons-learned-from-godaddy-s-email-phishing-simulation-debacle/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Workload Security: Part 3 - Explaining Azure's Security Features//
[>img(150px,auto)[iCSA/L17BC.jpg]]^^Article publié le 7 janvier 2021 sur le blog de la CSA, et sur le site d'Intezer le 11 décembre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/07/cloud-workload-security-part-3-explaining-azure-s-security-features/
* Site Intezer ⇒ https://www.intezer.com/blog/cloud-workload-security-part-3-explaining-azures-security-features/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Tokenization vs. Encryption: Which is Better for Your Business?//
[>img(150px,auto)[iCSA/L16BT.jpg]][>img(150px,auto)[iCSA/L16B2.jpg]]^^Article publié le 6 janvier 2021 sur le blog de la CSA, et sur le site de TokenEx le 2 mars 2020...
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2021/01/06/tokenization-vs-encryption-which-is-better-for-your-business/
* Site TokenEx ⇒ https://www.tokenex.com/blog/tokenization-vs-encryption-which-one-is-best-for-your-business
^^[img(25%,1px)[iCSF/BluePixel.gif]]
f
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #101|2021.01.31 - Newsletter Hebdomadaire #101]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #101|2021.01.31 - Weekly Newsletter - #101]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.01.31 - Newsletter Hebdomadaire #101]]>> |<<tiddler [[2021.01.31 - Weekly Newsletter - #101]]>> |
|>|<<tiddler [[2021.01.31 - Veille Hebdomadaire - 31 janvier]]>>|
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 25 au 31 janvier 2021
!!1 - Informations CSA - 25 au 31 janvier 2021
* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Formation[img[iCSF/flag_fr.png]]: prochaine session CCSK en français en mars 2021+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
* Publications CSA : 'IoT Security Controls Framework v2'+++^*[»] <<tiddler [[2021.01.28 - Publications CSA 'IoT Security Controls Framework v2']]>>=== et 'Earning Trust in the 21st Century'+++^*[»] <<tiddler [[2021.01.26 - Publication CSA 'Earning Trust in the 21st Century']]>>===
* Blog 'Resources to Help Address Cybersecurity Challenges in Healthcare'+++^*[»] <<tiddler [[2021.01.29 - Blog : 'Resources to Help Address Cybersecurity Challenges in Healthcare']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 40 liens|2021.01.31 - Veille Hebdomadaire - 31 janvier]])
* __À lire__
** Guide sur les journaux d'accès à l'AWS API Gateway (Alex DeBrie)
* __Attaques__
** Utilisation des services pour le cyber-espionage • Attaques de la chaine d'approvisionnement après abus de services Azure (//SecureWorks//)
* __Vulnérabilités__
** Abus du SSO d'Azure AD avec le Primary Refresh Token (Dirk-jan Mollema)• Comment sortir de Docker dans Azure Functions (//Intezer//)
* __Bonnes pratiques__
** Partage de données sensibles avec les services Cloud (SANS)
* __Rapports__
** 'State of Public Cloud Security' (//Orca//)
* __Cloud Services Providers__
** Azure : 'What is Sign-In Risk-Based Conditional Access in Azure Active Directory?' (Matt Soseman) • 'Azure Key Vault Certificates with Let's Encrypt as the Issuer CA' (Thomas Stringer)
** GCP : Nouvelles règles de réponses DNS pour des APIs Google plus accessibles
** Docker : Bien configurer les ports des APIs Docker (//Intezer//)
** Containers : Cycle de vie d'un container sur Cloud Run (Wietse Venema)
* __Veilles hebdomadaires 'Cloud et Sécurité'__
** TL;DR Security #72 • The Cloud Security Reading List #68
* __Divers__
** Exercises: Cloud Security Table Top Exercises (Matt Fuller)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1V/|https://CloudSecurityAlliance.fr/go/L1V/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - January 25th to 31th, 2021
!!1 - CSA News and Updates - January 25th to 31th, 2021
* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Publications CSA : 'IoT Security Controls Framework v2'+++^*[»] <<tiddler [[2021.01.28 - Publications CSA 'IoT Security Controls Framework v2']]>>=== et 'Earning Trust in the 21st Century'+++^*[»] <<tiddler [[2021.01.26 - Publication CSA 'Earning Trust in the 21st Century']]>>===
* Blog 'Resources to Help Address Cybersecurity Challenges in Healthcare'+++^*[»] <<tiddler [[2021.01.29 - Blog : 'Resources to Help Address Cybersecurity Challenges in Healthcare']]>>===
!!2 - Cloud and Security News Watch ([[over 40 links|2021.01.31 - Veille Hebdomadaire - 31 janvier]])
* __Must Read__
** The Missing Guide to AWS API Gateway Access Logs (Alex DeBrie)
* __Attacks__
** How Cloud Services Are Exploited for Cyber-Espionage • Abusing Azure Application Credentials to Attack Supply Chains (//SecureWorks//)
* __Vulnerabilities__
** Abusing Azure AD SSO with the Primary Refresh Token (Dirk-jan Mollema)• How We Escaped Docker in Azure Functions (//Intezer//)
* __Best Practices__
** Sensitive Data Shared with Cloud Services (SANS)
* __Reports__
** State of Public Cloud Security (//Orca//)
* __Cloud Services Providers__
** Azure: 'What is Sign-In Risk-Based Conditional Access in Azure Active Directory?' (Matt Soseman) • 'Azure Key Vault Certificates with Let's Encrypt as the Issuer CA' (Thomas Stringer)
** GCP: New Cloud DNS response policies simplify access to Google APIs
** Docker: Fix your Misconfigured Docker API Ports (//Intezer//)
** Containers: Lifecycle of a container on Cloud Run (Wietse Venema)
* __Weekly 'Cloud and Security' Watch, Podcasts__
** Newsletters: TL;DR Security #72 • The Cloud Security Reading List #68
* __Miscellaneous__
** Exercises: Cloud Security Table Top Exercises (Matt Fuller)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1V/|https://CloudSecurityAlliance.fr/go/L1V/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 25 au 31 janvier 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2021.01.28|Alex DeBrie|[[The Missing Guide to AWS API Gateway Access Logs|https://www.alexdebrie.com/posts/api-gateway-access-logs/]]|
|>|>|>||
|>|>|>|!Alertes / Alerts |
|2021.01.27|//AWS//|[[Sudo Security Issue (CVE-2021-3156)|https://aws.amazon.com/security/security-bulletins/AWS-2021-001/]]|Alert Sudo|
|>|>|>|''Attaques / Attacks'' |
|2021.01.27|InfoSecurity Mag|[[How Cloud Services Are Exploited for Cyber-Espionage|https://www.infosecurity-magazine.com/blogs/cloud-services-expolited-cyber/]]|
|2021.01.27|//Lacework//|[[Groundhog Botnet Rapidly Infecting Cloud|https://www.lacework.com/groundhog-botnet-rapidly-infecting-cloud/]]|Botnet IOC|
|2021.01.27|//AT&T//|[[TeamTNT delivers malware with new detection evasion tool|https://cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool]]|TeamTNT Malware|
|2021.01.26|//SecureWorks//|[[Abusing Azure Application Credentials to Attack Supply Chains|https://www.secureworks.com/research/abusing-azure-application-credentials-to-attack-supply-chains]]|Azure Abuse|
|2021.01.25|//TrendMicro//|[[Fake Office 365 Used for Phishing Attacks on C-Suite Targets|https://www.trendmicro.com/en_us/research/21/a/fake-office-365-used-for-phishing-attacks-on-c-suite-targets.html]]|O365 Phishing|
|2021.01.25|//Proofpoint//|[[BEC Target Selection Using Google Forms|https://www.proofpoint.com/us/blog/threat-insight/bec-target-selection-using-google-forms]]|Google_Forms|
|>|>|>||
|>|>|>|!Vulnérabilités / Vulnerabilities |
|2021.01.27|Nick Frichette|[[Intercept SSM Agent Communications|https://frichetten.com/blog/ssm-agent-tomfoolery/]], [[PoC|https://github.com/Frichetten/ssm-agent-research]]|AWS SSM_Agent EC2 PoC|
|2021.01.27|//Intezer//|[[How We Escaped Docker in Azure Functions|https://www.intezer.com/blog/research/how-we-escaped-docker-in-azure-functions/]], PoC ([[vidéo|https://www.youtube.com/watch?v=YXIf3Xl1eZ8]])|Docker Azure|
|2021.02.01|Silicon Angle| → [[Vulnerability in Azure Functions allows an attacker to escape to the Docker host|https://siliconangle.com/2021/01/31/vulnerability-azure-functions-allows-attacker-escape-docker-host/]]|
|2021.01.28|Dirk-jan Mollema|[[Abusing Azure AD SSO with the Primary Refresh Token|https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/]]|AzureAD SSO Abuse|
|>|>|>||
|>|>|>|!Bonnes Pratiques / Best Practices |
|2021.01.29|SANS|[[Sensitive Data Shared with Cloud Services|https://isc.sans.edu/forums/diary/Sensitive+Data+Shared+with+Cloud+Services/27042/]]|Data_Sharing|
|2021.01.28|//Tenable//|[[Cloud Security: Improve Cyber Hygiene with Resource Tagging|https://www.tenable.com/blog/cloud-security-improve-cyber-hygiene-with-resource-tagging]]|Misc|
|>|>|>||
|>|>|>|!Rapports / Reports |
|2021.01.29|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS|https://blog.rapid7.com/2021/01/29/nicer-protocol-deep-dive-internet-exposure-of-http-and-https/]]|Report|
|2021.01.11|//Orca//|[[State of Public Cloud Security|https://orca.security/sp-2020-state-of-public-cloud-security-report/]] '[[pdf|https://orca.security/wp-content/uploads/Orca-Security-2020-State-of-Public-Cloud-Security-Report.pdf]])|Report|
|2021.01.28|Graham Cluley| → [[How do most cloud security breaches happen? Orca’s "State of Public Cloud Security" report reveals all|https://grahamcluley.com/feed-sponsor-orca-security-3/]]|Report|
|2021.01.27|//pepperData//|[[New Survey Reveals One Third of Businesses Are Exceeding Their Cloud Budgets By As Much As 40 Percent|https://www.pepperdata.com/pepperdata-new-survey-cloud-budgets]]|Survey|
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Tools |
|>|>|>|''AWS (Amazon)'' |
|2021.01.28|//Caylent//|[[AWS Serverless Kubernetes Infrastructure with Amazon EKS on AWS Fargate|https://caylent.com/aws-serverless-kubernetes-infrastructure-with-amazon-eks-on-aws-fargate]]|AWS_EKS|
|>|>|>|''Azure (Microsoft)'' |
|2021.01.29|Matt Soseman|[[What is Sign-In Risk-Based Conditional Access in Azure Active Directory?|https://mattsoseman.wordpress.com/2021/01/29/what-is-sign-in-risk-based-conditional-access-in-azure-active-directory/]] ([[vidéo|https://www.youtube.com/watch?v=2ul5J8nA21M]])|AzureAD|
|2021.01.28|Thomas Stringer|[[Azure Key Vault Certificates with Let's Encrypt as the Issuer CA|https://trstringer.com/azure-key-vault-lets-encrypt/]]|AWS Lets_Encrypt|
|2021.01.27|Dirk-jan Mollema|![[Fantastic Conditional Access Policies|https://www.youtube.com/watch?v=yOJ6yB9anZM]] (YouTube) |
|2021.01.25|//Microsoft Azure//|[[Build regionally resilient cloud services using the Azure Resource Manager|https://azure.microsoft.com/en-us/blog/build-regionally-resilient-cloud-services-using-the-azure-resource-manager/]]|Resilience|
|2021.01.25|Dark Reading|[[How to Better Secure Your Microsoft 365 Environment|https://www.darkreading.com/endpoint/how-to-better-secure-your-microsoft-365-environment/d/d-id/1339964]]|M365|
|>|>|>|''GCP (Google)'' |
|2021.01.27|//Google Cloud//|[[New Cloud DNS response policies simplify access to Google APIs|https://cloud.google.com/blog/products/networking/introducing-cloud-dns-response-policies]]|GCP DNS|
|2021.01.25|//Google Cloud//|[[Assess the security of Google Kubernetes Engine (GKE) with InSpec for GCP|https://opensource.googleblog.com/2021/01/assess-security-of-google-kubernetes-engine-with-inspec-for-gcp.html]]|GKE|
|>|>|>|''Oracle'' |
|2021.01.26|//Oracle Cloud//|[[Announcing Asymmetric Keys support in Oracle Cloud Infrastructure Vault|https://blogs.oracle.com/cloudsecurity/announcing-asymmetric-keys-support-in-oracle-cloud-infrastructure-vault]]|Keys|
|>|>|>|''Kubernetes'' |
|2021.01.28|Computer Weekly|[[Five key questions about Kubernetes backup answered|https://www.computerweekly.com/feature/Five-key-questions-about-Kubernetes-backup-answered]]|K8s Backup|
|>|>|>|''Docker'' |
|2021.01.28|//Intezer//|[[Fix your Misconfigured Docker API Ports|https://www.intezer.com/blog/container-security/fix-your-misconfigured-docker-api-ports/]]|Docker|
|2021.01.28|//Intezer//| → [[Fixing a Common Yeat Deadly Mistake: Misconfigured Docker API Ports|https://www.intezer.com/resource/fixing-a-common-yet-deadly-mistake-misconfigured-docker-api-ports/]]|Docker|
|2021.01.28|//Intezer//| → [[The Danger of Having an Exposed Docker API Port|https://www.youtube.com/watch?v=6wGDS17YQo0]] (vidéo)|Docker|
|>|>|>|''Containers'' |
|2021.01.26|Wietse Venema|![[Lifecycle of a container on Cloud Run|https://cloud.google.com/blog/topics/developers-practitioners/lifecycle-container-cloud-run]]|Cloud_Run|
|>|>|>|''Outils / Tools'' |
|2021.01.29|//K9 Security//|[[The AWS IAM Simulator|https://k9security.io/docs/test-s3-bucket-policy-using-iam-simulator/]]|Tools AWS IAM|
|>|>|>||
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité' / Weekly 'Cloud and Security' Watch |
|2021.01.31|Marco Lancini|[[The Cloud Security Reading List #72|https://cloudseclist.com/issues/issue-72/]] |Weekly_Newsletter|
|2021.01.27|TL;DR Security|[[#68 - Securing Lambda, Recon Tool Primer, Blind SSRF Chains|https://tldrsec.com/blog/tldr-sec-068/]] |Weekly_Newsletter|
|>|>|>||
|>|>|>|!Podcasts |
|2021.01.31|Cloud Security Podcast|[[Security Chaos Engineering Experiments for Beginners|https://anchor.fm/cloudsecuritypodcast/episodes/Security-Chaos-Engineering-Experiments-for-Beginners-epndlc]]|Podcast|
|>|>|>||
|>|>|>|!Conformité / Compliance |
|2021.01.27|Help Net Security|[[Streamlining Cloud Compliance Through Automation|https://www.helpnetsecurity.com/2021/01/27/cloud-compliance-automation/]]|Compliance|
|>|>|>||
|>|>|>|!Marché / Market |
|2021.01.29|L'Usine Digitale[img[iCSF/flag_fr.png]]|[[Cloud : 13 banques européennes s'allient pour établir des standards sur le stockage des données|https://www.usine-digitale.fr/article/cloud-13-banques-europeennes-s-allient-pour-etablir-des-standards-sur-le-stockage-des-donnees.N1055524]]|Cloud_Act GAIA-X|
|2021.01.26|//Cloud Passage//|[[Inside the Unified Cloud Security Enterprise Buyer’s Guide|https://www.cloudpassage.com/articles/unified-cloud-security-enterprise-buyers-guide/]]|Buyers_Guide|
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''Chiffrement / Encryption'' |
|2021.01.28|//Protonmail//|[[EU citizens’ rights are under threat from anti-encryption proposals|https://protonmail.com/blog/joint-statement-eu-encryption/]]|Encryption|
|>|>|>|''DNS'' |
|2021.01.28|//Akamai//|[[Distinguishing Among DNS Services Part 3: Investment and Innovation|https://blogs.akamai.com/2021/01/distinguishing-among-dns-services-part-3-investment-and-innovation.html]] (3/3)|!DNS|
|2021.01.28|//Varonis//|![[How Hackers Spoof DNS Requests With DNS Cache Poisoning|https://www.varonis.com/blog/dns-cache-poisoning/]] |!DNS Attacks|
|>|>|>|''Exercices / Exercises'' |
|2021.01.31|Matt Fuller|![[Cloud Security Table Top Exercises|https://levelup.gitconnected.com/cloud-security-table-top-exercises-629d353c268e?gi=bea61af6763c]] |Exercises|
|>|>|>|''Standards'' |
|2021.01.26|//Auth0//|[[What Is ISO 27018:2019? Everything Executives Need to Know|https://auth0.com/blog/what-is-iso-27018-2019-everything-executives-need-to-know/]]|ISO_27018|
|>|>|>|''Stockage / Storage'' |
|2021.01.26|//BlackBlaze//|![[Backblaze Hard Drive Stats for 2020|https://www.backblaze.com/blog/backblaze-hard-drive-stats-for-2020/]]|Storage|
|>|>|>|''Autres / Others'' |
|2021.01.29|DZone|[[4 Cloud Data Security Features to Reassure Nervous SMBs|https://dzone.com/articles/4-cloud-data-security-features-to-reassure-nervous]]|Misc|
|2021.01.28|TechTarget|[[5-step IaaS security checklist for cloud customers|https://searchcloudsecurity.techtarget.com/tip/5-step-IaaS-security-checklist-for-cloud-customers]]|IaaS|
|2021.01.25|//Checkpoint Software//|[[Maintaining Security in a Multi-Cloud Environment|https://blog.checkpoint.com/2021/01/25/maintaining-security-in-a-multi-cloud-environment/]]|Multi_Cloud|
|2021.01.22|//Lighthouse//|[[Cloud Security and Costs: How to Mitigate Risks Within the Cloud|https://blog.lighthouseglobal.com/cloud-security-and-costs]]|Misc|
<<tiddler [[arOund0C]]>>
!//Resources to Help Address Cybersecurity Challenges in Healthcare//
[>img(200px,auto)[iCSA/L1SBC.jpg]]Article publié le 29 janvier 2021 -- Rédigé par Vince Campitelli, Co-Chair du ''[[CSA Health Information Management Working Group|https://cloudsecurityalliance.org/research/working-groups/health-information-management/]]'' (HIM).//
<<<
According to a +++^*[2019 Thales Report] https://www.techrepublic.com/article/why-70-of-healthcare-orgs-have-suffered-data-breaches/ === 70% of healthcare organizations surveyed reported a data breach, with a third reporting a breach within the last year. All organizations surveyed reported collecting, storing, or sharing sensitive information with digital transformation technologies.
> "Between 2009 and 2019 there have been 3,054 healthcare data breaches involving more than 500 records. Those breaches have resulted in the loss, theft, exposure, or impermissible disclosure of 230,954,151 healthcare records. That equates to more than 69.78% of the population of the United States. In 2019, healthcare data breaches were reported at a rate of 1.4 per day."
> +++^*[HIPPA Report] https://www.hipaajournal.com/healthcare-data-breach-statistics/ ===.
2020 Update, according to an article published January 5, 2021 in __Health IT Security__, Cyberattacks against healthcare entities rose 45 percent since November, 2020. At this rate the sector is accounting for 79 percent of all reported data breaches, according to reports from Check Point and Fortified Health Security.
Check Point’s research provided a fresh analysis of the biggest threats currently facing the sector. Shortly after the federal agency alert on the imminent ransomware threat facing healthcare providers, researchers observed a 45 percent increase in attacks—more than double the amount seen in other industries.
The threats include botnets, remote code execution, and DDoS attacks, with ransomware attacks seeing the biggest increase. Check Point stressed that malware is the biggest threat facing healthcare providers.
!This new information confirms our thesis that the healthcare industry faces significant challenges, somewhat unique to other industries:
* ''Healthcare requires the collection of huge amounts of sensitive data, that pose significantly longer-term risks compared to other industries''. Moreover, the data is inherently more attractive to hackers than other types of data that can be accessed and exploited. As a result, there may be a cascade of negative impacts to successfully attacked organizations such as: significant fines/penalties or legal actions extracted by regulatory agencies such as HHS, FDA in the USA and GDPR in the European Union and the European Economic Area; in addition, there is always the loss of patient and community confidence as well as reputational damage to the organizations affected.
* ''From a risk perspective, the potential for future damages cannot be fully mitigated.'' For example, in financial services, credit cards can be canceled and bank accounts closed. In healthcare, private patient data can be re-sold, recycled and reused in an endless cycle of fraud and abuse! Even worse, the patients may never be aware of the fraud associated with their data! Without improved and more effective interventions, the outcomes are only too predictable and alarming.
* ''As more sensitive healthcare and related personal data moves to the cloud'', spurred by the growth of individual providers as well as new entrants into the market, ''the volume of targets will grow and the volume of data will grow exponentially''. The Cloud Security Alliance is committed to continuing research on all aspects of cloud computing including best practices and guidelines for effective security and compliance. The CSA Health Information Management (HIM) group is just one of the vehicles available for individuals to explore best practices for securing information in the cloud.
* ''Patients globally will continue to come to the US to seek the preeminent healthcare services only available in America''. This places a compliance burden emanating from the European Union - The General Data Protection Regulation, aka, GDPR. Such activity triggers two regulatory requirements. Under the US HIPAA requirements, the periodic risk assessments must document the existence of these cross-border data flows, and under the EU’s GDPR, the Data Protection Requirements necessary to achieve compliance. In addition, the UK exited the EU on January 1, 2021 under the Brexit accords. Hence, GDPR as it currently exists in the UK will be subject to change.
* ''Healthcare is also a study in managing supply chain risk''. Organizations should not naively assume that because they’re moving to the cloud, they don’t have to worry about security. They are always responsible for completing and documenting an enterprise risk assessment, including the risk associated with outsourcing to third-parties, especially where the nth? parties of third parties may subsequently be relied upon. In short, they are responsible for validating and vetting their Cloud Service Providers for meeting their regulatory requirements such as HIPAA and GDPR. Moreover, healthcare providers that rely upon Cloud Service Providers (CSPs) need to understand that regardless of individual CSP responsibilities, the healthcare provider is accountable for the negative outcomes resulting from the deficient or non-conforming practices, of the business associate(s) providing the service. Now, more than ever, the security axiom that a strong organization is only as “strong” as its weakest link is a mantra to be embedded in the spirit and practice of all of their due diligence practices.
* ''It has been our observation that organizations adopting cloud services come to realize that with the adoption of every new CSP, they have essentially extended their enterprise into another entity "somewhere in a cloud"''. One that they have limited control over and even less visibility into their operations, but remain fully accountable for the continuous operation, effective performance, appropriate security, privacy, and all relevant regulatory compliance requirements. While not impossible, success is not a given without insightful planning, continuous vigilance, and mastery of the technology services being delivered throughout the supply chain.
* ''Addressing the cybersecurity and cloud technology skills gap in healthcare''. One of the most prevalent challenges to the majority of healthcare organizations entering 2021 will be mastering the upskilling and new skilling requirements to meet the new requirements of digital transformation and cloud technology platforms.
If you are new to cloud computing and even newer to CSA and cloud security, we recommend starting by reviewing the table below of recommended reading materials as well as training and educational opportunities, including CSA certifications.
These documents can be an immense help in identifying the individuals in your organization who can upskill their capabilities and extend their capacity to fill in the knowledge gaps created by the multitude of cloud platforms being utilized and consumed by healthcare providers all over the world.
!Recommended Reading Materials
Below is a guide of reading materials that will help you understand the fundamentals of cloud computing and best practices in creating effective security, privacy and compliance programs.
|!Reading Materials|!Value to the Reader|
|[[CSA Security Guidance for Cloud Computing|https://cloudsecurityalliance.org/research/guidance/]]|This paper outlines how security changes in cloud computing and best practices all organizations should follow regardless of which vendor they are using|
|[[Guideline on Effectively Managing Security Service in the Cloud|https://cloudsecurityalliance.org/artifacts/guideline-on-effectively-managing-security-service-in-the-cloud/]]|This provides guidelines for cloud users to better select security qualified cloud service providers. These guidelines are based off of the controls outlined in the Cloud Controls Matrix (CCM)|
|[[Telehealth Data in the Cloud|https://cloudsecurityalliance.org/artifacts/telehealth-data-in-the-cloud/]]|Addresses the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud for telehealth solutions|
|[[Healthcare Big Data in the Cloud|https://cloudsecurityalliance.org/artifacts/healthcare-big-data-in-the-cloud/]]|Examines big data and some use cases for big data in healthcare, the impact of big data on healthcare, regulatory requirements for Protected Health Information (PHI) in the cloud, and securing PHI in the cloud|
|[[Managing the Risk for Medical Devices Connected to the Cloud|https://cloudsecurityalliance.org/artifacts/managing-the-risk-for-medical-devices-connected-to-the-cloud/]]|Presents the concept of managing medical devices based on their proximity to the patient and introduces practices to secure the use of cloud computing for medical devices|
|[[OWASP Secure Medical Devices Deployment Standard|https://cloudsecurityalliance.org/artifacts/owasp-secure-medical-devices-deployment-standard/]]|This guide is intended to serve as a comprehensive guide to the secure deployment of medical devices within a healthcare facility|
If you’re interested in staying up to date on research CSA creates for the healthcare industry, and/or participating in the creation of future publications you can visit the CSA Health Information Management Working Group. This group helps the entire healthcare industry by accelerating solutions to security challenges specific to healthcare. For example, one of our members was able to solve IoT categorization challenges through their participation in this working group|
!Cloud security training we recommend for the healthcare industry.
The whole premise of the training is to train and educate healthcare professionals in the cloud.
More important than earning a certificate, is having robust training for the community working with healthcare organizations. For cybersecurity professionals who are new to the cloud, the ''Certificate of Cloud Security Knowledge'' (CCSK) is a good place to start as it will give them a vendor-neutral understanding of cloud computing and security best practices. Once a baseline of knowledge is established, the ''Certificate of Cloud Auditing Knowledge'' (CCAK) in particular should be helpful for the core security people in healthcare.
!Join the Health Information Management Working Group
By joining this working group, you will be able to help influence how health information service providers deliver secure cloud solutions (services, transport, applications and storage) to their clients, and foster cloud awareness within all aspects of healthcare and related industries. You can +++^*[view the latest research] https://cloudsecurityalliance.org/research/working-groups/health-information-management/ === created by this group or +++^*[join as a volunteer here] https://cloudsecurityalliance.org/research/working-groups/health-information-management/ ===.
!References
* https://vexxhost.com/blog/cloud-computing-in-healthcare/
* Market Guide Published for cloud service providers to Healthcare Delivery Organizations, Analyst, Gregg Pessin, ID G00034798
* https://www.techrepublic.com/article/why-70-of-healthcare-orgs-have-suffered-data-breaches/
!Other industry statistics
* According to the Protenus healthcare breach report in 2020, over 41 million patient records have been breached and there has been a 48.6% jump in reported hacking incidents.
* Healthcare was listed in the top three costliest industries for a breach in 2020 according to IBM’s data breach report.
<<<
//__Lien__ → https://cloudsecurityalliance.org/blog/2021/01/29/resources-to-help-address-cybersecurity-challenges-in-healthcare/
<<tiddler [[arOund0C]]>>
!//IoT Security Controls Framework v2//
[>img(200px,auto)[iCSA/L1SPG.jpg]][>img(200px,auto)[iCSA/L1SPC.jpg]]Le groupe de travail IoT de la CSA a publié deux documents le 28 janvier.
<<<
//The ''IoT Security Controls Framework'' Version 2 is relevant for enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies. The ''Framework'' has utility across many IoT domains from systems processing only “low-value” data with limited impact potential, to highly sensitive systems that support critical services. The classification of a system is assigned by the system owner based on the value of the data being stored and processed and the potential impact of various types of physical security threats.
Updates for Version 2 include.
* Updated Controls - All Controls have been reviewed and updated for technical clarity
* New Domain Structure - Control domains have been reviewed and updated to better categorize each control.
* New Legal Domain - Introduces relevant legal controls
* New Security Testing Domain - Introduces Security testing of architectural allocations.
* Simplified Infrastructure Allocations - Device types have been consolidated to a single type in order to simplify the allocation of controls to architectural components.
The Guide to the ''IoT Security Controls Framework'' Version 2 provides instructions for using the companion CSA ''IoT Security Controls Framework'' v2. This guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a column by column description and explanation.//
<<<
!Liens
* Communiqué de presse "Cloud Security Alliance’s New Internet of Things (IoT) Security Controls Framework Allows for Easier Evaluation, Implementation of Security Controls within IoT Architectures"
** ⇒ https://cloudsecurityalliance.org/press-releases/2021/01/28/cloud-security-alliance-s-new-internet-of-things-iot-security-controls-framework-allows-for-easier-evaluation-implementation-of-security-controls-within-iot-architectures/
* Annonce et téléchargement du Cadre ⇒ https://cloudsecurityalliance.org/artifacts/csa-iot-security-controls-framework-v2/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/download/artifacts/csa-iot-security-controls-framework-v2/
* Annonce et téléchargement du Guide ⇒ https://cloudsecurityalliance.org/artifacts/guide-to-the-internet-of-things-iot-security-controls-framework-v2/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/download/artifacts/guide-to-the-internet-of-things-iot-security-controls-framework-v2/
<<tiddler [[arOund0C]]>>
!//Earning Trust in the 21st Century//
[>img(200px,auto)[iCSA/L1QPE.jpg]]Le Chapitre CSA de la région de Washington DC a publié un document sur le thème de la confiance numérique, et un blog associé intitué "Earning Trust in the 21st Century - Creating Trust Frameworks in a Zero Trust World"
<<<
//In today’s interconnected and technology reliant world, the expectation of trust and need to trust is growing. Today’s trust-based solutions may become non-viable in the future. As use of the cloud grows, we are experiencing a shift in resource allocation from on-premise to off-premise systems. As systems move to cloud-hosted environments, the loss of control over the access network becomes a concern. Today’s trust-based solutions typically start at the network level. If a user has access to a network, they are typically trusted to have access to some or all of the resources, data, and systems on that network.
But, when networks are unknown and untrusted, how is trust acquired? Zero Trust architectures seek to provide access control techniques that assume the network is not trustworthy. One of the approaches suggested by industry is the use of trust scores. Like a credit score, a cyber trust score could be used to assess the risk potential associated with allowing any given user access to systems and information. But how would a trust score be calculated? Current approaches smack of a violation of privacy where the right to gain access is issued only by agreeing to be monitored.
This paper addresses the technical, social, policy, and regulatory issues associated with creating trust frameworks in a Zero Trust world. Industry and government are called to solve issues in ways that continue to protect the right to a users’ privacy.//
<<<
!!!Liens
* Annonce et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/earning-trust-in-the-21st-century/
** Téléchargement direct ⇒ https://cloudsecurityalliance.org/download/artifacts/earning-trust-in-the-21st-century/
* Article de blog → https://cloudsecurityalliance.org/blog/2021/01/26/earning-trust-in-the-21st-century/
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #100|2021.01.24 - Newsletter Hebdomadaire #100]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #100|2021.01.24 - Weekly Newsletter - #100]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.01.24 - Newsletter Hebdomadaire #100]]>> |<<tiddler [[2021.01.24 - Weekly Newsletter - #100]]>> |
|>|<<tiddler [[2021.01.24 - Veille Hebdomadaire - 24 janvier]]>>|
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 18 au 24 janvier 2021
!!1 - Informations CSA - 18 au 24 janvier 2021
* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Formation[img[iCSF/flag_fr.png]]: prochaine session CCSK en français en mars 2021+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
* Publication de la CCM v4 (''Cloud Controls Matrix version 4'') +++*[»]> <<tiddler [[2021.01.21 - Annonce : Publication de la version 4 de la Cloud Controls Matrix (CCM v4)]]>>===
* Suite de l'appel à commentaires ENISA (schéma de certification)+++*[»]> <<tiddler [[2021.01.21 - Actu : Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud]]>>===
* Appel à commentaires sur le document 'Business Continuity Disaster Recovery as a Service' de la CSA+++*[»]> <<tiddler [[2021.01.18 - Actu : Appel à commentaires 'Business Continuity Disaster Recovery as a Service']]>>===
* Document ENISA 'Cloud Security For Healthcare Services'+++*[»]> <<tiddler [[2021.01.18 - Publication ENISA : 'Cloud Security For Healthcare Services']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 50 liens|2021.01.24 - Veille Hebdomadaire - 24 janvier]])
* __''À lire''__
** ''"Securing Cloud Services for Health" (ENISA)''
** ''Un des derniers décrets du Président Trump sur des restriction d'utilisation des plateformes Cloud contre les intérêts américains''
* __Menaces__
** "Cloud-Native Threats in 2021" (Hackmageddon) • "How Hybrid Cloud could be More Vulnerable to Threats" (Rick Blaisdell)
* __Rapports, Publications__
** Rapports : "Cloud Services Confidence Grows" (Barracuda)
** Publications : "Designing and deploying a data security strategy with Google Cloud" (Anton Chuvakin & //SideChain//)
* __Cloud Services Providers, Outils__
** AWS : Clusters EKS sur AWS • Accès à des ressources AWS via tunnel SSH et serveurs bastions
** Azure : Clusters dédiés pour Azure Sentinel • Azure AD: utilisation des certificats, Supervision
** GCP : Rôles IAM et astuces pour résoudre les problèmes • Gestion de GKE par l'exemple
** Kubernetes : Escalation de privilège K8s (//Bishop Fox//) • Comparaison EKS / GKE / AKS (//Stackrox//) • Bonnes pratiques sécurité RKE (//Stackrox//)
** Outils: "Threat Injector"? pour Azure Sentinel (Christophe Parisel) • "Aziverso", extension Microsoft Office pour Microsoft Azure (Nino Crudele)
* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts__
** Veilles: TL;DR Security #71 • The Cloud Security Reading List #67
** Podcasts: "Researching Cloud Vulnerabilities" (SilverLining) • "Defining Your Consultancy Niche Part 2 with Scott Piper" • "Red Team In Cloud" (Cloud Security Podcast)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1O/|https://CloudSecurityAlliance.fr/go/L1O/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - January 18th to 24th, 2021
!!1 - CSA News and Updates - January 18th to 24th, 2021
* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Training[img[iCSF/flag_fr.png]]: Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
* Publication of ''Cloud Controls Matrix version 4'' (CCM v4)+++*[»]> <<tiddler [[2021.01.21 - Annonce : Publication de la version 4 de la Cloud Controls Matrix (CCM v4)]]>>===
* Supporting documents for the ENISA Call on Certification of Cloud Services+++*[»]> <<tiddler [[2021.01.21 - Actu : Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud]]>>===
* Call for Comments on the 'Business Continuity Disaster Recovery as a Service' CSA draft+++*[»]> <<tiddler [[2021.01.18 - Actu : Appel à commentaires 'Business Continuity Disaster Recovery as a Service']]>>===
* ENISA document 'Cloud Security For Healthcare Services'+++*[»]> <<tiddler [[2021.01.18 - Publication ENISA : 'Cloud Security For Healthcare Services']]>>===
!!2 - Cloud and Security News Watch ([[over 50 links|2021.01.24 - Veille Hebdomadaire - 24 janvier]])
* __''Must read''__
** ''"Securing Cloud Services for Health" (ENISA)''
** ''Final Trump Executive Order on Restricting Foreign Malicious Cyber Activities of Cloud Companies''
* __Threats__
** "Cloud-Native Threats in 2021" (Hackmageddon) • "How Hybrid Cloud could be More Vulnerable to Threats" (Rick Blaisdell)
* __Reports, Publications__
** Reports: "Cloud Services Confidence Grows" (Barracuda)
** Publications: "Designing and deploying a data security strategy with Google Cloud" (Anton Chuvakin & //SideChain//)
* __Cloud Services Providers, Tools__
** AWS: Federated Amazon EKS Clusters on AWS • AWS Resources Access With SSH Tunnels and Bastion Hosts
** Azure: Dedicated clusters for Azure Sentinel • Azure AD: Auto Validate Exposed Credentials, Client Credentials With Certificate, Monitoring
** GCP: IAM Custom Role and Permissions Debugging Tricks • GCP Operations for GKE by Example
** Kubernetes: K8s Pod Privilege Escalation (//Bishop Fox//) • EKS vs GKE vs AKS (//Stackrox//) • RKE Security Best Practices (//Stackrox//)
** Tools: "Threat Injector"? for Azure Sentinel (Christophe Parisel) • "Aziverso", Microsoft Office add-in for Microsoft Azure (Nino Crudele)
* __Weekly 'Cloud and Security' Watch, Podcasts__
** Newsletters: TL;DR Security #71 • The Cloud Security Reading List #67
** Podcasts: "Researching Cloud Vulnerabilities" (SilverLining) • "Defining Your Consultancy Niche Part 2 with Scott Piper" • "Red Team In Cloud" (Cloud Security Podcast)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1O/|https://CloudSecurityAlliance.fr/go/L1O/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 18 au 24 janvier 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2021.01.18|ENISA|!Securing Cloud Services for Health [[Announcement|https://www.enisa.europa.eu/news/enisa-news/securing-cloud-services-for-health]], [[details|https://www.enisa.europa.eu/publications/cloud-security-for-healthcare-services]], [[publication|https://www.enisa.europa.eu/publications/cloud-security-for-healthcare-services/at_download/fullReport]] |ENISA Healthcare|
|>|>|>||
|>|>|>|!Menaces / Threats |
|2021.01.21|Hackmageddon|[[Cloud-Native Threats in 2021|https://www.hackmageddon.com/2021/01/21/cloud-native-threats-in-2021/]]|Threats|
|2021.01.21|Dark Reading|[[Cloud Jacking: The Bold New World of Enterprise Cybersecurity|https://www.darkreading.com/cloud/cloud-jacking-the-bold-new-world-of-enterprise-cybersecurity/a/d-id/1339896]]|Threats|
|2021.01.18|Rick Blaisdell|[[How Hybrid Cloud could be More Vulnerable to Threats|https://rickscloud.com/how-hybrid-cloud-could-be-more-vulnerable-to-threats/]]|Threats|
|>|>|>||
|>|>|>|!Rapports, Publications / Reports, Publications |
|>|>|>|''Rapports / Reports'' |
|2021.01.24|Barracuda Networks|[[Cloud networks: Shifting into hyperdrive|https://www.barracuda.com/sase-report]]|Report|
|2021.01.24|MSSP Alert| → [[Report: Cloud Services Confidence Grows Despite Security Concerns|https://www.msspalert.com/cybersecurity-research/report-cloud-services-confidence-grows-despite-security-concerns/]]|Report|
|>|>|>|''Publications'' |
|2021.01.22|Anton Chuvakin|![[From Google Cloud Blog: "New whitepaper: Designing and deploying a data security strategy with Google Cloud"|https://medium.com/anton-on-security/from-google-cloud-blog-new-whitepaper-designing-and-deploying-a-data-security-strategy-with-50de78f2380a]]|GCP|
|2021.01.22|//Google Cloud//| → [[New whitepaper: Designing and deploying a data security strategy with Google Cloud|https://cloud.google.com/blog/products/identity-security/start-a-data-security-program-in-a-cloud-native-way-on-google-cloud]]|GCP|
|2021.01.22|//SideChain//| → [[Don’t lift and shift your data protection strategy to the cloud|https://sidechainsecurity.com/data-protection-in-the-cloud/]]|GCP|
|2021.01.22|//SideChain//| → [[Designing and deploying a data security strategy with Google Cloud|https://services.google.com/fh/files/misc/designing_and_deploying_data_security_strategy.pdf]]|GCP|
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2021.01.22|//Amazon AWS//|[[Amazon GuardDuty enhances security incident investigation workflows through new integration with Amazon Detective|https://aws.amazon.com/about-aws/whats-new/2021/01/amazon-guardduty-enhances-security-incident-investigation-workflows-through-new-integration-with-amazon-detective/]]|AWS_GuardDuty|
|2021.01.20|//Amazon AWS//|[[Using Route 53 Private Hosted Zones for Cross-account Multi-region Architectures|https://aws.amazon.com/blogs/architecture/using-route-53-private-hosted-zones-for-cross-account-multi-region-architectures/]]|AWS Route_53|
|2021.01.20|//Amazon AWS//|[[AWS Certificate Manager Private Certificate Authority now supports additional certificate customization|https://aws.amazon.com/about-aws/whats-new/2021/01/aws-certificate-manager-private-certificate-authority-additional-certificate-customization/]]|AWS Certificates|
|2021.01.19|//Amazon AWS//|[[Introducing Federated Amazon EKS Clusters on AWS|https://aws.amazon.com/about-aws/whats-new/2021/01/introducing-federated-amazon-eks-clusters-aws/]]|AWS EKS|
|2021.01.19|//Amazon AWS//|[[Amazon ECS now supports VPC Endpoint policies|https://aws.amazon.com/about-aws/whats-new/2021/01/amazon-ecs-supports-vpc-endpoint-policies/]]|AWS VPC|
|2021.01.18|//Amazon AWS//|[[Baffle DPS on AWS simplifies tokenization and encryption of data stored in Amazon RDS|https://www.helpnetsecurity.com/2021/01/18/baffle-aws/]]|AWS|
|2021.01.18|//Upstart//|[[A Step-by-Step Approach to a Secure AWS Environment|https://www.rsaconference.com/industry-topics/blog/a-step-by-step-approach-to-a-secure-aws-environment]]|AWS|
|2021.01.18|DZone|[[How to Connect to Private AWS Resources With SSH Tunnels and Bastion Hosts|https://dzone.com/articles/how-to-connect-to-private-aws-resources-with-ssh-t]]|AWS SSH|
|>|>|>|''Azure (Microsoft)'' |
|2021.01.21|//Microsoft Azure//|[[What's new in Azure Security Center?|https://docs.microsoft.com/en-us/azure/security-center/release-notes#vulnerability-assessment-for-on-premise-and-multi-cloud-machines-is-generally-available]]|Azure|
|2021.01.19|//Microsoft Azure//|[[What’s new: Dedicated clusters for Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-dedicated-clusters-for-azure-sentinel/ba-p/2072539]]|Azure_Sentinel|
|2021.01.20|//Microsoft Azure//|[[Connect Azure Active Directory (Azure AD) data to Azure Sentinel|https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory]]|
|2021.01.19|//Digital Shadows//|[[Azure AD: Auto Validate Exposed Credentials|https://www.digitalshadows.com/blog-and-research/azure-ad-auto-validate-exposed-credentials/]]|AzureAD|
|2021.01.19|Sebastiaan van Putten|[[Get insight into your Azure RBAC role assignments|https://www.seb8iaan.com/get-insight-into-your-azure-rbac-role-assignments/]]|Azure RBAC|
|2021.01.19|SecureCloud Blog|[[GitHub Repo: Azure AD Client Credentials With Certificate|https://securecloud.blog/2021/01/19/github-repo-azure-ad-client-credentials-with-certificate/]]|AzureAD|
|2021.01.20|SecureCloud Blog|[[Project Log 0 : Monitor logins by accounts assigned Azure AD roles|https://securecloud.blog/2021/01/20/project-log-0-monitor-logins-by-accounts-assigned-azure-ad-roles/]]|AzureAD|
|>|>|>|''GCP (Google)'' |
|2021.01.22|//Google Cloud//|[[Take the first step toward SRE with Cloud Operations Sandbox|https://cloud.google.com/blog/products/operations/on-the-road-to-sre-with-cloud-operations-sandbox]]|GCP Reliability|
|2021.01.19|//Google Cloud//|[[Enforcing least privilege by bulk-applying IAM recommendations|https://cloud.google.com/blog/products/identity-security/using-iam-recommender-to-bulk-apply-least-privilege-principles]]|GCP IAM|
|2021.01.18|//Darkbit//|[[Google Cloud IAM Custom Role and Permissions Debugging Tricks |https://darkbit.io/blog/google-cloud-custom-iam-role-debugging-tricks]]|GCP|
|2021.01.17|//Codeburst//|[[Google Cloud Operations for GKE by Example|https://codeburst.io/google-cloud-operations-for-gke-by-example-a4a828e583f6]]|GCP GKE|
|>|>|>|''Oracle'' |
|2021.01.20|//Oracle Cloud//|[[Tools for Improving Cloud Security Posture Management While Maintaining Privacy|https://blogs.oracle.com/cloudsecurity/improving-cloud-security-posture-management-while-maintaining-privacy]]|CSPM|
|>|>|>|''Kubernetes'' |
|2021.01.19|//Bishop Fox//|[[Bad Pods: Kubernetes Pod Privilege Escalation|https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation]]|K8s|
|2021.01.19|//Darkbit//|[[Kubernetes Honey Token|https://darkbit.io/blog/k8s-honey-token]]|K8s|
|2021.01.18|//Stackrox//|![[EKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud|https://www.stackrox.com/post/2021/01/eks-vs-gke-vs-aks-jan2021/]] |K8s Comparison|
|2021.01.20|//Stackrox//|[[Part 1 - Rancher Kubernetes Engine (RKE) Security Best Practices for Cluster Setup|https://www.stackrox.com/post/2021/01/part-1-rancher-kubernetes-engine-rke-security-best-practices-for-cluster-setup/]] (1/4)|K8s|
|2021.01.21|//Stackrox//|[[Part 2 - Rancher Kubernetes Engine (RKE) Security Best Practices for Authentication, Authorization, and Cluster Access|https://www.stackrox.com/post/2021/01/part-2-rancher-kubernetes-engine-rke-security-best-practices-for-authentication-authorization-and-cluster-access/]] (2/4)|K8s|
|2021.01.22|//Stackrox//|[[Part 3 - Rancher Kubernetes Engine (RKE) Security Best Practice for Container and Runtime Security|https://www.stackrox.com/post/2021/01/part-3-rancher-kubernetes-engine-rke-security-best-practice-for-container-and-runtime-security/]] (3/4)|K8s|
|2021.01.25|//Stackrox//|[[Part 4 - Rancher Kubernetes Engine (RKE) Security Best Practice for Cluster Maintenance and Network Security|https://www.stackrox.com/post/2021/01/part-4-rancher-kubernetes-engine-rke-security-best-practice-for-cluster-maintenance-and-network-security/]]||
|2021.01.20|//Hashed Out//|[[3 Common Kubernetes Security Challenges & How to Address Them|https://www.thesslstore.com/blog/common-kubernetes-security-challenges-how-to-address-them/]]|K8s|
|>|>|>|''Workloads'' |
|2020.01.20|//Intezer//|[[Cloud Workload Security: Part 4 – Explaining the Security Features of GCP|https://www.intezer.com/blog/cloud-security/cloud-workload-security-part-4-explaining-the-security-features-of-gcp/]] (4/5)|GCP Workload|
|>|>|>|''Outils / Tools'' |
|2021.01.18|Christophe Parisel|![[Introducing "threat injector"? for Azure Sentinel|https://www.linkedin.com/pulse/introducing-threat-injector-azure-sentinel-christophe-parisel/]]|Tools Azure|
|2021.01.18|Nino Crudele|[[Aziverso - Microsoft Office add-in for Microsoft Azure - a brand new version released!|https://ninocrudele.com/aziverso-microsoft-office-add-in-for-microsoft-azure-a-brand-new-version-released]]|Pentesting Azure|
|2021.01.18|Nino Crudele| → [[Aziverso|https://aziverso.com/]]|~|
|2021.01.20|MSSP Alert|[[FireEye Unveils Microsoft 365 Security Tool for Global Organizations|https://www.msspalert.com/cybersecurity-services-and-products/fireeye-microsoft-365-security-tool/]]|Tools|
|>|>|>||
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts / Weekly 'Cloud and Security' Watch, Podcasts |
|>|>|>|''Veilles / Newsletters'' |
|2021.01.24|Marco Lancini|[[The Cloud Security Reading List #71|https://cloudseclist.com/issues/issue-71/]] |Weekly_Newsletter|
|2021.01.20|TL;DR Security|[[#67 - Infra as Code, Cloud Auto-remediation, C.R.E.A.M|https://tldrsec.com/blog/tldr-sec-067/]] |Weekly_Newsletter|
|>|>|>|''Podcasts'' |
|2021.01.24|Cloud Security Podcast|[[Cloud Security in Japan - Cloud Security Podcast the Tokyo edition|https://anchor.fm/cloudsecuritypodcast]]|Podcast|
|2021.01.24|Cloud Security Podcast|[[Red Team In Cloud - Brianna Malcolmson, Atlassian|https://anchor.fm/cloudsecuritypodcast/episodes/RED-TEAM-IN-CLOUD---Brianna-Malcolmson--Atlassian-epcshf]]|Podcast|
|2021.01.21|Screaming in the Cloud|[[Defining Your Consultancy Niche Part 2 with Scott Piper|https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/best-practices-for-aws-security-part-1-with-scott-piper/]] ([[mp3|https://dts.podtrac.com/redirect.mp3/media.transistor.fm/a148c694/c2dbd8b8.mp3]] (2/2)|Podcast|
|2021.01.18|SilverLining IL|[[Episode 33: Researching Cloud Vulnerabilities|https://silverlining-il.castos.com/episodes/episode-33-researching-cloud-vulnerabilities]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/silverlining-podcast-33.mp3]])|Podcast|
|>|>|>||
|>|>|>|!Juridique / Legal |
|2021.01.19|US White House|![[Executive Order on Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities|https://trumpwhitehouse.archives.gov/presidential-actions/executive-order-taking-additional-steps-address-national-emergency-respect-significant-malicious-cyber-enabled-activities/]]|US Legal|
|2021.01.19|//Duo Security//| → [[Trump Executive Order Focuses on Rules for Cloud Providers|https://duo.com/decipher/trump-executive-order-focuses-on-rules-for-cloud-providers]]|US Legal|
|2021.01.20|Bloomberg| → [[Trump Signs Order to Restrict Foreign Use of Cloud Companies|https://www.bloomberg.com/news/articles/2021-01-20/trump-signs-order-to-restrict-foreign-use-of-cloud-companies]] |US Legal|
|2021.01.21|JDSupra| → [[A Final Trump EO Would Regulate Cloud, Software and Remote Computing Services|https://www.jdsupra.com/legalnews/a-final-trump-eo-would-regulate-cloud-7706631/]]|US Legal|
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''DNS'' |
|2021.01.19|//Verisign//|[[Securing the DNS in a Post-Quantum World: New DNSSEC Algorithms on the Horizon|https://blog.verisign.com/security/securing-the-dns-in-a-post-quantum-world-new-dnssec-algorithms-on-the-horizon/]] (4/6)|!DNS|
|2021.01.21|//Verisign//|[[Securing the DNS in a Post-Quantum World: Hash-Based Signatures and Synthesized Zone Signing Keys|https://blog.verisign.com/security/securing-the-dns-in-a-post-quantum-world-hash-based-signatures-and-synthesized-zone-signing-keys/]] (5/6)|!DNS|
|>|>|>|''Autres / Others'' |
|2021.01.21|Le MagIT[img[iCSF/flag_fr.png]]|[[Six bonnes pratiques pour protéger ses applications SaaS|https://www.lemagit.fr/conseil/Six-bonnes-pratiques-pour-proteger-ses-applications-SaaS]]|SaaS|
|2021.01.27|//Wandera//|[[How to avoid the biggest mistakes with your SaaS security|https://www.wandera.com/how-to-avoid-the-biggest-mistakes-with-your-saas-security/]]|SaaS|
|2021.01.22|TechTarget|[[How to create a cloud security policy, step by step|https://searchcloudsecurity.techtarget.com/tip/How-to-create-a-cloud-security-policy-step-by-step]]|Security_Policy|
|2021.01.22|TechTarget|[[Private vs. public cloud security: Benefits and drawbacks|https://searchcloudsecurity.techtarget.com/tip/Private-vs-public-cloud-security-Benefits-and-drawbacks]]|Misc|
|2021.01.22|TechTarget|[[5 PaaS security best practices to safeguard the application layer|https://searchcloudsecurity.techtarget.com/tip/5-PaaS-security-best-practices-to-safeguard-the-application-layer]]|PaaS|
|2021.01.20|(ISC)2|[[Is Your Security Team Cloud Ready?|https://www.isc2.org/Articles/Is-Your-Security-Team-Cloud-Ready]]|Misc|
|2021.01.18|MDPI|![[Cyber Threat Intelligence Framework for Incident Response in an Energy Cloud Platform|https://www.mdpi.com/2079-9292/10/3/239]] |Incident_Response|
|>|>|>||
<<tiddler [[arOund0C]]>>
!Synthèse
[>img(300px,auto)[iCSA/L1LBT.png]]
La Cloud Security Alliance (CSA) a annoncé le 21 janvier la disponibilité de la nouvelle version de la Matrice de Contrôle du Cloud (''Cloud Controls Matrix''), l'une de ses publications phares : la ''CCM v4''.
Elle comprend des contrôles supplémentaires en matière de sécurité et de confidentialité dans le Cloud et couvre les exigences découlant des nouvelles technologies du Cloud, l'amélioration des contrôles, l'amélioration de l'interopérabilité et de la compatibilité avec d'autres normes, et l'élargissement des offres de support pour naviguer dans le modèle de responsabilité partagée du Cloud.
La ''CCM v4'' constitue une mise à jour importante par rapport à la version 3.0.1 en introduisant des changements dans la structure du cadre avec :
* un nouveau domaine dédié à la journalisation et à la surveillance (//LOG//, ou //Logging and Monitoring//)
* à des modifications dans les domaines existants, notamment :
** la gouvernance, les risques et la conformité (//GRC// ou //Governance, Risk and Compliance//)
** l'audit et l'assurance (//A&A// ou //Auditing and Assurance//)
** la gestion unifiée des points d'accès (//UEM// ou //Unified Endpoint Management//)
** la cryptographie, le cryptage et la gestion des clés (//CEK// ou //Cryptography, Encryption and Key management //).
Elle comporte donc maintenant :
* 17 domaines au lieu de 16 précédemment
* 197 contrôles contre 133 auparavant.
En termes de planning, les documents associés seront publiés au cours de l'année 2021 :
* En février 2021, les 64 nouveaux contrôles seront accompagnés de correspondances avec les normes ISO/IEC 27001-2013, ISO/IEC 27017-2015, ISO/IEC 27018-2019, AICPA TSC v2017 et CCM V3.0.1.
* 2ème trimestre 2021 :
** publication du document "CCM Implementation Guidelines" avec les directives de mise en œuvre de la CCM
** publication du document "Consensus Assessments Initiative Questionnaire" (CAIQ)" avec le cuestionnaire relatif aux contrôles de la CCM
** publication du document "Control Applicability Matrix" avec une aide à la définition de l'attribution des responsabilités entre les fournisseurs de services en nuage et les clients
** publication du document "Organizational Relevance" avec une aide pour définir la pertinence organisationnelle de chaque contrôle sur la base des travaux effectués par le groupe de travail sur l'architecture d'entreprise de la CSA
* 3ème trimestre 2021 :
** publication du document "CCM Auditing Guidelines" avec les directives pour soutenir l'audit et l'évaluation des contrôles des CCM
* 4ème trimestre 2021 : "CCM Lite" avec une version allégée de la CCM, comprenant un sous-ensemble des contrôles qui représentent les plus importants
Outre les initiatives ci-dessus, la CSA travaillera au cours de l'année 2021 à
* la création d'une cartographie supplémentaire des normes, des meilleures pratiques, des lois et des règlements pertinents (par exemple, NIST 800-53 Rev 5, contrôles de sécurité de l'ENISA pour les services Cloud, contrôles CIS, PCI-DSS)
* la traduction dans plusieur langues, dont le français. Aucune date n'est encore fixée.
La ''CCM v4'' est bien entendu une ressource gratuite et peut être téléchargée dès maintenant.
!!Liens
* Annonce ''Cloud Security Alliance's New Cloud Controls Matrix v4 Adds New Log and Monitoring Domain and More Than 60 New Cloud Security Controls Model''
:⇒ https://cloudsecurityalliance.org/press-releases/2021/01/21/cloud-security-alliance-s-new-cloud-controls-matrix-v4-adds-new-log-and-monitoring-domain-and-more-than-60-new-cloud-security-controls/
* Blog : ''The CSA Cloud Controls Matrix (CCM) V4: Raising the cloud security bar to the next level''
:→ https://cloudsecurityalliance.org/blog/2021/01/21/the-csa-cloud-controls-matrix-ccm-v4-raising-the-cloud-security-bar-to-the-next-level/
* Téléchargement ''CCM v4'' (format XLSX)
:⇒ https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/
!Complément sur l'appel à commentaires sur le 'European Cybersecurity Certification Scheme for Cloud Services'"
[>img(400px,auto)[iCSF/L1BWE.jpg]]Suite au webinaire organisé le 11 janvier, l'ENISA a mis à disposition les élements utilisés
L'objectif de ce webinaire était d'informer sur le projet de schéma européen de certification Cloud dont la consultation publique est ouverte jusqu'au 7 février 2021.
Eric Vétillard, expert principal en certification de l'ENISA a présenté les grands principes et a répondu aux questions posées.
La présentation a fait un point d'avancement, expliqué les choix et défini les concepts associés tels que :
* Les trois niveaux d'assurance
* La méthode d'évaluation
* Les sous-services
* L'organisation des contrôles de sécurité
* Les exigences de transparence (documentation disponible pour les clients).
En conclusion, le webinaire a passé en revue les prochaines étapes est évolutions telles que
* L'amélioration du projet actuel en tenant compte des commentaires
* Les expérimentations basées sur le projet pour tester des exigences spécifiques ou la méthode d'évaluation
* L'adaptation du schéma de certification pour en assurer la cohérence
L'article initial sur l'appel à commentaires publié le 23 décembre 2020 est disponible +++[ici]> <<tiddler [[2020.12.23 - Blog : Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud]]>> ===
!Liens
* une synthèse du webinaire
:→ https://www.enisa.europa.eu/news/synopsis-of-webinar-on-certification-of-cloud-services
* les slides présentées lors du webinaire
:→ https://www.enisa.europa.eu/events/eventfiles/enisa-cybersecurity-certification-of-cloud-services-presentation
* l'enregistrement audio et vidéo du webinaire
:→ https://www.youtube.com/watch?v=Yn29pui04-I
<<tiddler [[arOund0C]]>>
!"//Business Continuity Disaster Recovery as a Service//"
Publication du 18 janvier 2021. Date limite de soumission des commentaires : 16 février 2021
<<<
//The purpose of the Security as a Service Business Continuity Disaster Recovery Volume 2 paper is to discuss some of the architectures available, the services offered, and the considerations and best practices to ensure an organization can back up its data and IT infrastructure making it possible to regain access and functionality after a disaster.
This document has been written for system auditors, system engineers, system architects, system implementers, system administrators, project planners, project coordinators, cloud architects, cloud engineers, and cloud administrators of private/public/hybrid/community cloud consumers and anyone interested in the recovery of IT systems and services as provided by service providers and other 3rd Parties.//
<<<
__Lien__
* Annonce et téléchargement → https://cloudsecurityalliance.org/artifacts/secaas-bcdr-v2/
!Étude 'Cloud Security For Healthcare Services' de l'ENISA
[>img(200px,auto)[iCSF/K1IEC.png]]Cette étude propose des bonnes pratiques de sécurité dans le Cloud pour le secteur de la santé. Il identifie également les aspects de sécurité, dont ceux liés à la protection des données, à prendre en compte lors de l'achat de services dans le Cloud
L'identification des menaces et des risques pertinents pour les services en nuage dans le secteur des soins de santé et
les exigences en matière de sécurité et de protection des données sont également couvertes par le présent rapport.
Il présente aussi des cas d'usges, leur analyse des menaces et les mesures de sécurité associées.
!!!Table des matières
<<<
{{ss2col{1. Introduction
1.1 Context Of The Report
1.2 Objective
1.3 Scope
1.4 Target Audience
1.5 Methodology
1.6 Structure Of The Document
2. Healthcare In The Cloud
2.1 Policy Context
2.1.1 The Network And Information Security Directive (Nisd)
2.1.2 General Data Protection Regulation
2.1.3 Non Regulatory Guidelines
2.2 Cloud Computing Basics
2.2.1 Cloud Services
2.2.2 Cloud Deployment Models
2.2.3 Division Of Responsibilities
2.3 Types Of Cloud Services In Healthcare
3. Cybersecurity Considerations In Cloud For Healthcare
3.1 Cloud Security Challenges For Healthcare
3.2 Data Protection Challenges In The Cloud
3.3 Cybersecurity Threats
4. Use Cases
4.1 Use Case 1 - Electronic Health Record
4.2 Use Case 2 – Remote Care
4.3 Use Case 3 – Medical Devices
5. Cloud Security Measures
5.1 Cloud Security Measures And Good Practices
6. Conclusion
7. References
A Annex: General Practices
B Annex: Mapping Of Security Measures}}}
<<<
!Mesures de sécurité
Les 17 mesures proposées dans l'annexe B du document sont les suivantes :
|SM-01|Identify security and data protection requirements|
|SM-02|Conduct a risk assessment and data protection impact assessment |
|SM-03|Establish processes for security and data protection incident management |
|SM-04|Ensure business continuity and disaster recovery |
|SM-05|Termination and secure data deletion |
|SM-06|Auditing, logging and monitoring |
|SM-07|Implement vulnerability and patch management |
|SM-08|Manage assets and classify information |
|SM-09|Enable data encryption for data at rest and data in transit |
|SM-10|Ensure security of encryption keys |
|SM-11|Data portability and interoperability |
|SM-12|Client and endpoint protection |
|SM-13|Authentication and access control |
|SM-14|Information security awareness, education and training |
|SM-15|Network Security |
|SM-16|Review isolation between tenants |
|SM-17|Physical and environmental security |
!Liens
* Annonce ⇒ https://www.enisa.europa.eu/news/enisa-news/securing-cloud-services-for-health
* Téléchargement ⇒ https://www.enisa.europa.eu/publications/cloud-security-for-healthcare-services/at_download/fullReport
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #99|2021.01.17 - Newsletter Hebdomadaire #99]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #99|2021.01.17 - Weekly Newsletter - #99]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.01.17 - Newsletter Hebdomadaire #99]]>> |<<tiddler [[2021.01.17 - Weekly Newsletter - #99]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 11 au 17 janvier 2021
!!1 - Informations CSA - 11 au 17 janvier 2021
* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Formation[img[iCSF/flag_fr.png]]: prochaine session CCSK en français en mars 2021+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 100 liens|2021.01.17 - Veille Hebdomadaire - 17 janvier]])
* __''À lire''__
** ''AWS Security Maturity Roadmap 2021 (Scott Piper)''
** ''HITRUST collabore avec AWS et Microsoft Azure pour améliorer l'approche 'Shared Responsibility' ''
** ''Des attaquants tirent profit d'une mauvaise cyber hygiène pour compromettre la sécurité des environnements Cloud (CISA)''
** ''Rapport AR21-013A du CISA sur le contournement de l'authentification multi-facteur pour accéder aux ressources et services Cloud ''
** ''Hawk - un outil Powershell pour collecter des informations sur des intrusions O365 et des fuites potentielles (Paul Navarro)''
* __Attaques, Incidents__
** Attaques : Cloud Threat Hunting - Lateral Movement (//Checkpoint//) • Vols de comptes AWS et Docker via des scripts malveillants (//Trendmicro//) • 'Chimera', un groupe d'attaquants qui abuse des services Cloud (//Fox-IT// and //NCC Group//)
** Incidents : Piratage de certificats de Mimecast dans la chaîne de messagerie
* __Menaces__
** Blocage des détournement de sous-domaines Azure
* __Bonnes Pratiques__
** Fondamentaux de Microsoft Azure (//Tripwire//)
* __Rapports__
** 'Cloud Security Report 2021' (//Wandera//, //Netwrix//) • '2021 Container Security and Usage Report' (//Sysdig//) • Exposition Internet de DNS-over-TLS (//Rapid7//)
* __Cloud Services Providers, Outils__
** Azure : Les passerelles Azure Active Directory tournent sur .NET Core 3.1 • Délais de prise en compte sur Azure Sentinel
** OVH Cloud: Certification SecNumCloud de l'ANSSI
** Kubernetes : Niveaux de maturité • CKS Certification Study Guide (//Stackrox//)
** Outils: 'Hawk' pour la collecte d'information sur les intrusions O365 et les risques de fuites de donneés
* __Veilles hebdomadaires 'Cloud et Sécurité'__
** TL;DR Security #66 • The Cloud Security Reading List #70
* __Marché, Acquisitions__
** Marché : Attention aux conditions générales
** Acquisitions : //MistNet// par //LogRhythm//
* __Divers__
** DNS : la NSA recommende d'utiliser des résolveurs 'DNS' sélectionnés
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1H/|https://CloudSecurityAlliance.fr/go/L1H/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - January 11th to 17th, 2021
!!1 - CSA News and Updates - January 11th to 17th, 2021
* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Training[img[iCSF/flag_fr.png]]: Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
!!2 - Cloud and Security News Watch ([[over 100 links|2021.01.17 - Veille Hebdomadaire - 17 janvier]])
* __''Must read''__
** ''AWS Security Maturity Roadmap 2021 (Scott Piper)''
** ''HITRUST Collaborates with AWS and Microsoft Azure to Enhance the Shared Responsibility Approach''
** ''Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments (CISA)''
** ''CISA Report AR21-013A on Bypassing Multi-factor Authentication to Access Organisation's Cloud Services''
** ''Hawk - a Powershell tool to gather information related to O365 intrusions and potential Breaches (Paul Navarro)''
* __Attacks, Incidents__
** Attacks: Cloud Threat Hunting - Lateral Movement (//Checkpoint//) • Malicious Shell Script Steals AWS, Docker Credentials (//Trendmicro//) • 'Chimera' Threat Group Abusing Cloud Services (//Fox-IT// and //NCC Group//)
** Incidents: Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack
* __Threats__
** Stopping Azure Subdomain Takeovers
* __Best Practices__
** Microsoft Azure Fundamentals (//Tripwire//)
* __Reports__
** 'Cloud Security Report 2021' (//Wandera//, //Netwrix//) • '2021 Container Security and Usage Report' (//Sysdig//) • Internet Exposure of DNS-over-TLS (//Rapid7//)
* __Cloud Services Providers, Tools__
** Azure: Azure Active Directory’s gateway is on .NET Core 3.1 • Ingestion Delay in Azure Sentinel
** OVH Cloud: Certification to ANSSI's SecNumCloud Level
** Kubernetes: Maturity Levels • CKS Certification Study Guide (//Stackrox//)
** Tools: Hawk Gathers Information Related to O365 Intrusions and Potential Breaches
* __Weekly 'Cloud and Security' Watch__
** TL;DR Security #66 • The Cloud Security Reading List #70
* __Market, Acquisitions__
** Market: Beware of Terms of Service
** Acquisitions: //MistNet// by //LogRhythm//
* __Miscellaneous__
** DNS: NSA Recommendation to Use Only 'Designated' DNS Resolvers
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1H/|https://CloudSecurityAlliance.fr/go/L1H/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 11 au 17 janvier 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2021.01.12|Summit Route|![[AWS Security Maturity Roadmap 2021|https://summitroute.com/blog/2021/01/12/2021_aws_security_maturity_roadmap_2021/]] ([[pdf|https://summitroute.com/downloads/aws_security_maturity_roadmap-Summit_Route.pdf]])|AWS Roadmap|
|>|>|>||
|2021.01.07|HITRUST|![[The HITRUST Shared Responsibility Matrix: The Key to Secure Adoption of Cloud Technologies|https://hitrustalliance.net/hitrust-shared-responsibility-matrix-key-secure-adoption-cloud-technologies/]] |Shared_Responsibility|
|2021.01.07|HITRUST| → [[HITRUST Collaborates with AWS and Microsoft Azure to Enhance the Shared Responsibility Approach for Cloud Security|https://hitrustalliance.net/press_release/hitrust-collaborates-with-aws-and-microsoft-azure-to-enhance-the-shared-responsibility-approach-for-cloud-security/]]|Shared_Responsibility|
|2021.01.12|HITRUST| → HITRUST Shared Responsibility Matrix for [[AWS|https://go.hitrustalliance.net/SR-Custom-Matrix-AWS]] and [[Microsoft Azure|https://go.hitrustalliance.net/SR-Custom-Matrix-Microsoft-Azure]] (après inscription)|Shared_Responsibility|
|2021.01.12|Security Week| → [[New Resources Define Cloud Security and Privacy Responsibilities|https://www.securityweek.com/new-resources-define-cloud-security-and-privacy-responsibilities]]|Shared_Responsibility|
|2021.01.14|//Microsoft Azure//| → [[Azure and HITRUST publish shared responsibility matrix|https://azure.microsoft.com/en-us/blog/azure-and-hitrust-publish-shared-responsibility-matrix/]]|Shared_Responsibility|
|>|>|>||
|2021.01.13|CISA|![[Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments|https://us-cert.cisa.gov/ncas/current-activity/2021/01/13/attackers-exploit-poor-cyber-hygiene-compromise-cloud-security]]|Advisory Compromise|
|2021.01.13|CISA| → [[AR21-013A STIX IOCs|https://us-cert.cisa.gov/sites/default/files/publications/AR21-013A.stix.xml]]|!IOCs|
|2021.01.14|//Threatpost//| → [[Cloud Attacks Are Bypassing MFA, Feds Warn|https://threatpost.com/cloud-attacks-bypass-mfa-feds/163056/]]|Advisory Compromise|
|2021.01.14|//MalwareBytes Labs//| → [[Cybercriminals want your cloud services accounts, CISA warns|https://blog.malwarebytes.com/awareness/2021/01/cybercriminals-want-your-cloud-services-accounts/]]|Advisory Compromise|
|2021.01.14|//Security Week//| → [[CISA Warns Organizations About Attacks on Cloud Services|https://www.securityweek.com/cisa-warns-organizations-about-attacks-cloud-services]]|Advisory Compromise|
|>|>|>||
|2021.01.13|CISA|![[Analysis Report (AR21-013A)|https://us-cert.cisa.gov/ncas/analysis-reports/ar21-013a]]|Analysis|
|2021.01.04|Paul Navarro| → [[Hawk - a Powershell tool to gather information related to O365 intrusions and potential Breaches|https://github.com/T0pCyber/hawk]]|Tools|
|2021.01.12|Bleeping Computer| → [[CISA: Hackers bypassed MFA to access cloud service accounts|https://www.bleepingcomputer.com/news/security/cisa-hackers-bypassed-mfa-to-access-cloud-service-accounts/]]|Threats MFA|
|2021.01.14|//Tripwire//| → [[Cybercriminals are Bypassing Multi-factor Authentication to Access Organisation's Cloud Services|https://www.tripwire.com/state-of-security/featured/hackers-bypassing-mfa-to-access-organisations-cloud-services/]]|MFA|
|>|>|>||
|>|>|>|!Attaques, Incidents, Fuites de données / Attacks, Incidents, Data leaks |
|>|>|>|''Attaques / Attacks'' |
|2021.01.13|//Checkpoint Software//|![[Cloud Threat Hunting: Attack & Investigation Series - Lateral Movement – Under The Radar|https://blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/]] |Attacks|
|2021.01.08|//Trendmicro//|![[Malicious Shell Script Steals AWS, Docker Credentials|https://www.trendmicro.com/en_us/research/21/a/malicious-shell-script-steals-aws-docker-credentials.html]] |Attacks Docker|
|2021.01.12|//Fox-IT// & //NCC Group//|!Abusing cloud services to fly under the radar: [[1|https://blog.fox-it.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/]], [[2|https://research.nccgroup.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/]]|Attacks Azure GCP IOCs|
|2021.01.14|Dark Reading| → [['Chimera' Threat Group Abuses Microsoft & Google Cloud Services|https://www.darkreading.com/threat-intelligence/chimera-threat-group-abuses-microsoft-and-google-cloud-services/d/d-id/1339905]]|Threats Azure GCP|
|2021.01.15|//Duo Security//| → [[Attackers Eyeing Cloud Platforms|https://duo.com/decipher/attackers-eyeing-cloud-platforms]]|Threats Azure GCP|
|>|>|>|''Incidents'' |
|2021.01.12|//Mimecast//|![[Important Update from Mimecast|https://www.mimecast.com/blog/important-update-from-mimecast/]]|Certificate Compromise|
|2021.01.12|//Mimecast//| → [[Mimecast notification to SEC|https://www.sec.gov/Archives/edgar/data/1644675/000119312521006829/d47544dex991.htm]]|Certificate Compromise|
|2021.01.12|Bleeping Computer| → [[Mimecast discloses Microsoft 365 SSL certificate compromise|https://www.bleepingcomputer.com/news/security/mimecast-discloses-microsoft-365-ssl-certificate-compromise/]]|Certificate Compromise|
|2021.01.12|//Threatpost//| → [[Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack|https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/]]|Certificate Compromise|
|2021.01.12|Silicon Angle| → //[[Hackers compromise Mimecast certificate used to connect to Microsoft 365|https://siliconangle.com/2021/01/12/hackers-compromise-mimecast-certificate-used-connect-microsoft-365/]]//|Certificate Compromise|
|2021.01.12|Reuters| → [[Email security firm Mimecast says hackers hijacked its products to spy on customers|https://www.reuters.com/article/us-global-cyber-mimecast/email-security-firm-mimecast-says-hackers-hijacked-its-products-to-spy-on-customers-idUSKBN29H22K]]|Certificate Compromise|
|>|>|>||
|>|>|>|!Fuites de données / Data Leaks |
|2021.01.11|//Safety detectives//|[[Chinese start-up leaked 400GB of scraped data exposing 200+ million Facebook, Instagram and LinkedIn users|https://www.safetydetectives.com/blog/socialarks-leak-report/]]|Data_Leak Misconfiguration|
|2021.01.11|//Threatpost//| → [[Millions of Social Profiles Leaked by Chinese Data-Scrapers|https://threatpost.com/social-profiles-leaked-chinese-data-scrapers/162936/]]|Data_Leak Misconfiguration|
|>|>|>||
|>|>|>|!Menaces / Threats |
|2021.01.13|//Checkpoint Software//|[[Cloud Threat Hunting: Attack & Investigation Series - Lateral Movement – Under the Radar|https://blog.checkpoint.com/2021/01/13/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar/]]|Threats|
|2021.01.13|//Checkpoint Software//| → [[Lateral Movement Under the Radar – Attack & Investigation Series|https://www.youtube.com/watch?v=S3GiN5S1128]] (vidéo)|Threats|
|2021.01.12|//Build 5 Nines//|[[Stopping Azure subdomain takeovers|https://build5nines.com/stopping-azure-subdomain-takeovers/]]|Compromise Domain_Names|
|>|>|>||
|>|>|>|!Bonnes Pratiques / Best Practices |
|2021.01.13|//Tripwire//|[[8 Cloud Security Best Practice Fundamentals for Microsoft Azure|https://www.tripwire.com/state-of-security/security-data-protection/securing-azure-best-practice-fundamentals/]]|Best_Practices Azure|
|2021.01.12|Security and Cloud 24/7|[[The Future of Data Security Lies in the Cloud|https://security-24-7.com/the-future-of-data-security-lies-in-the-cloud/]]|Recommendations|
|2021.01.12|TechTarget|[[6 SaaS security best practices to protect applications|https://searchcloudsecurity.techtarget.com/tip/6-SaaS-security-best-practices-to-protect-applications]]|Best_Practices SaaS|
|2021.01.11|CSO Online|[[Top 7 Security Mistakes When Migrating To Cloud-Based Apps|https://www.csoonline.com/article/3602609/top-7-security-mistakes-when-migrating-to-cloud-based-apps.html]]|Bad_Practices|
|2021.01.14|Continuity Central|[[Five resilience, availability, and data protection principles for Kubernetes|https://www.continuitycentral.com/index.php/news/technology/5844-five-resilience-availability-and-data-protection-principles-for-kubernetes]]|K8s Best_Practices|
|2021.01.14|//Perimeter 81//|[[Why Cloud Configs Are IT’s Most Urgent Audit in 2021|https://www.perimeter81.com/blog/cloud/why-cloud-configs-are-its-most-urgent-audit-in-2021/]]|Audits|
|>|>|>||
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2021.01.14|//Wandera//|![[Cloud Security Report 2021|https://www.wandera.com/cloud-security-report-2021eapvoeasdasdasdcaz/wandera-cloud-security-report-2021/]]|Report|
|2021.01.18|Dark Reading| → [[Successful Malware Incidents Rise as Attackers Shift Tactics|https://www.darkreading.com/threat-intelligence/successful-malware-incidents-rise-as-attackers-shift-tactics/d/d-id/1339912]]|Report|
|2021.01.18|Help Net Security| → [[Malware incidents on remote devices increase|https://www.helpnetsecurity.com/2021/01/18/malware-incidents-remote-devices/]]|Report|
|>|>|>||
|2021.01.13|//Sysdig//|[[Sysdig 2021 container security and usage report: Shifting left is not enough|https://sysdig.com/blog/sysdig-2021-container-security-usage-report/]]|Report|
|2021.01.13|Container Journal| → [[Sysdig Report Surfaces Shifts in Container Adoption|https://containerjournal.com/topics/container-ecosystems/sysdig-report-surfaces-shifts-in-container-adoption/]]|Report|
|2021.01.14|Help Net Security| → [[Most containers are running as root, which increases runtime security risk|https://www.helpnetsecurity.com/2021/01/14/containers-runtime-security-risk/]]|Report|
|>|>|>||
|2021.01.15|//Rapid7//|![[NICER Protocol Deep Dive: Internet Exposure of DNS-over-TLS|https://blog.rapid7.com/2021/01/15/nicer-protocol-deep-dive-internet-exposure-of-dns-over-tls/]] |!Report DNS|
|>|>|>|''Sondages / Surveys'' |
|2021.01.12|//Netwrix//|[[Survey: More than half of organizations that store customer data in the cloud had security incidents in 2020|https://www.netwrix.com/more_than_half_of_organizations_that_store_customer_data_in_the_cloud_had_security_incidents_in_2020.html]]|Report|
|2021.01.12|//Netwrix//| → [[2021 Cloud Data Security Report|https://www.netwrix.com/download/collaterals/2021%20Netwrix%20Cloud%20Data%20Security%20Report.pdf]]|Report|
|2021.01.12|Beta News| → [[Security incidents hit more than half of businesses storing data in the cloud|https://betanews.com/2021/01/12/security-incidents-hit-businesses-in-the-cloud/]]|Report|
|2021.01.15|MSSP Alert| → [[Report: Companies Removing Sensitive Data From Cloud on Security Worries|https://www.msspalert.com/cybersecurity-research/netwrix-data-security-report-2021//]]|Report|
|2021.01.14|//Wiz//|[[82% of companies unknowingly give 3rd parties access to all their cloud data|https://wiz.io/blog/82-of-companies-unknowingly-give-3rd-parties-access-to-all-their-cloud-data/]]|Study|
|>|>|>||
|2021.01.12|//Barracuda Networks//|[[New research reveals IT professionals’ growing confidence in public cloud despite security concerns|https://www.barracuda.com/news/article/816]]|Report|
|2021.01.14|Dark Reading| → [[Businesses Struggle with Cloud Availability as Attackers Take Aim|https://www.darkreading.com/cloud/businesses-struggle-with-cloud-availability-as-attackers-take-aim/d/d-id/1339904]]|Report|
|>|>|>|''Études / Studies'' |
|2021.01.15|Le MagT[img[iCSF/flag_fr.png]]|[[Cloud hybride : comparez AWS Outposts, Azure Stack et Google Anthos|https://www.lemagit.fr/conseil/Cloud-hybride-comparez-AWS-Outposts-Azure-Stack-et-Google-Anthos]]|AWS Azure GCP|
|2021.01.12|//Recorded Future//|[[Bulletproof Hosting Services Essential for Criminal Underground Security and Anonymity|https://www.recordedfuture.com/bulletproof-hosting-services/]] ([[pdf|https://go.recordedfuture.com/hubfs/reports/cta-2021-0112.pdf]])|Report Bulletproof_Hosting|
|>|>|>|''Publications'' |
|2021.01.14|//Tenable//|[[TL;DR: The Tenable Research 2020 Threat Landscape Retrospective|https://www.tenable.com/blog/tldr-the-tenable-research-2020-threat-landscape-retrospective]] ([[report|https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective]])|Report|
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Tools |
|>|>|>|''AWS (Amazon)'' |
|2021.01.12|//Amazon AWS//|[[How to approach threat modeling|https://aws.amazon.com/blogs/security/how-to-approach-threat-modeling/]]|Threat_Modeling|
|2021.01.13|//Ermetic//|[[Auditing PassRole: A Problematic Privilege Escalation Permission|https://ermetic.com/whats-new/blog/auditing-passrole-a-problematic-privilege-escalation-permission/]]|AWS IAM Audit|
|>|>|>|''Azure (Microsoft)'' |
|2021.01.14|//Microsoft Azure//|![[Azure Active Directory’s gateway is on .NET Core 3.1!|https://devblogs.microsoft.com/dotnet/azure-active-directorys-gateway-service-is-on-net-core-3-1/]] |AzureAD Gateway|
|2021.01.13|//Microsoft Azure//|[[Access Reviews for guests in all Teams and Microsoft 365 Groups is now in public preview|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/access-reviews-for-guests-in-all-teams-and-microsoft-365-groups/ba-p/1994697]]|Controls M365 Teams|
|2021.01.12|//Microsoft Azure//|[[Handling ingestion delay in Azure Sentinel scheduled alert rules|https://techcommunity.microsoft.com/t5/azure-sentinel/handling-ingestion-delay-in-azure-sentinel-scheduled-alert-rules/ba-p/2052851]]|Azure_Sentinel|
|2021.01.11|Matt Soseman|[[Azure Sentinel: What is it?|https://mattsoseman.wordpress.com/2021/01/11/azure-sentinel-what-is-it/]] ([[vidéo|https://www.youtube.com/watch?v=Seax8wcSS7s]])|Azure_Sentinel|
|>|>|>|''GCP (Google)'' |
|2021.01.14|//Google Cloud//|[[4 best practices for ensuring privacy and security of your data in Cloud Storage|https://cloud.google.com/blog/products/storage-data-transfer/google-cloud-storage-best-practices-to-help-ensure-data-privacy-and-security]]|GCP Best_Practices|
|2021.01.14|//Darkbit//|[[A Deeper Look at GKE Basic Auth|https://darkbit.io/blog/gke-basic-auth]]|GCP GKE|
|2021.01.13|//Google Cloud//|[[2021 resolutions: Kick off the new year with free Google Cloud training|https://cloud.google.com/blog/topics/training-certifications/kick-off-2021-with-skill-badges-and-free-training]]|GCP Training|
|2021.01.14|//Darkbit//|[[Google Kubernetes Engine IAM Roles|https://darkbit.io/blog/kubernetes-engine-iam-roles]]|K8s GCP|
|>|>|>|''OVH Cloud'' |
|2021.01.12|//OVH Cloud//[img[iCSF/flag_fr.png]]|[[OVHcloud obtient le Visa de sécurité ANSSI pour sa qualification SecNumCloud|https://www.ovh.com/fr/news/presse/cpl1721.ovhcloud-obtient-visa-securite-anssi-sa-qualification-secnumcloud]]|OVH_Cloud Sovereignty|
|2021.01.12|Les Echos[img[iCSF/flag_fr.png]]|[[Souveraineté numérique : OVHcloud a convaincu l'Anssi pour l'une de ses offres|https://www.lesechos.fr/tech-medias/hightech/souverainete-numerique-ovhcloud-a-convaincu-lanssi-pour-lune-de-ses-offres-1280374]]|OVH_Cloud Sovereignty|
|2021.01.12|Silicon[img[iCSF/flag_fr.png]]|[[SecNumCloud : OVHcloud adoubé par l'ANSSI|https://www.silicon.fr/secnumcloud-ovhcloud-anssi-356429.html]]|OVH_Cloud Sovereignty|
|>|>|>|''Alibaba Cloud'' |
|2021.01.13|//Alibaba Cloud//|[[Redefining Security in 2021|https://www.alibabacloud.com/blog/redefining-security-in-2021_597152]]|Alibaba Protection|
|2021.01.12|//Alibaba Cloud//|[[Empower Online Businesses with Alibaba Cloud Anti-DDoS, WAF, CDN and Cloud Firewall|https://www.alibabacloud.com/blog/empower-online-businesses-with-alibaba-cloud-anti-ddos-waf-cdn-and-cloud-firewall_597138]]|Alibaba Protection|
|>|>|>|''Kubernetes'' |
|2021.01.16|Rory McCune //NCC Group//|[[Getting into a bind with Kubernetes|https://raesene.github.io/blog/2021/01/16/Getting-Into-A-Bind-with-Kubernetes/]]|K8s|
|2021.01.12|Cloud Native Computing Foundation|[[What's Your Kubernetes Maturity?|https://www.cncf.io/blog/2021/01/12/whats-your-kubernetes-maturity/]]|K8s Maturity|
|2021.01.12|DZone|[[Kubernetes Security Essentials|https://dzone.com/refcardz/kubernetes-security-1]]|Misc|
|2021.01.12|//Stackrox//|[[CKS Certification Study Guide: Supply Chain Security|https://www.stackrox.com/post/2021/01/cks-certification-study-guide-supply-chain-security/]]|Supply_Chain|
|2021.01.14|//Stackrox//|![[CKS Certification Study Guide: Monitoring, Logging, and Runtime Security|https://www.stackrox.com/post/2021/01/cks-certification-study-guide-monitoring-logging-and-runtime-security/]]|K8s|
|2021.01.14|//AT&T Security//|[[Security context: The starting point for how Kubernetes Pod security works|https://cybersecurity.att.com/blogs/security-essentials/security-context-the-starting-point-for-how-kubernetes-pod-security-works]]|K8s|
|2021.01.13|//Darkbit//|[[The Power of Kubernetes RBAC LIST|https://darkbit.io/blog/the-power-of-kubernetes-rbac-list]]|K8s RBAC|
|2021.01.12|Container Journal|[[How to Measure Your Kubernetes Maturity|https://containerjournal.com/topics/container-ecosystems/how-to-measure-your-kubernetes-maturity/]]|K8s Maturity|
|>|>|>|''Conteneurs / Containers'' |
|2021.01.13|//Aquasec//|[[Boosting Container Security with Rootless Containers|https://blog.aquasec.com/rootless-containers-boosting-container-security]]|Containers|
|>|>|>|''Outils / Tools'' |
|2021.01.12|//Palo Alto Networks//|[[Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs|https://unit42.paloaltonetworks.com/aws-ebs-direct-apis/]]|Tools AWS|
|2021.01.12|//Palo Alto Networks//| → [[EBS Direst Sec Tools|https://github.com/crypsisgroup/ebs-direct-sec-tools]]|Tools AWS|
|>|>|>||
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts / Weekly 'Cloud and Security' Watch, Podcasts |
|>|>|>|''Veilles / Newsletters'' |
|2021.01.17|Marco Lancini|[[The Cloud Security Reading List #70|https://cloudseclist.com/issues/issue-70/]] |Weekly_Newsletter|
|2021.01.13|TL;DR Security|[[#66 - Automating Infra as Code Creation, Container Security++ with User Namespaces, #RustLyfe|https://tldrsec.com/blog/tldr-sec-066/]] |Weekly_Newsletter|
|>|>|>|''Podcasts'' |
|2021.01.17|Cloud Security Podcast|[[Infrastructure As Code Security|https://anchor.fm/cloudsecuritypodcast/episodes/INFRASTRUCTURE-AS-CODE-SECURITY-ep2skn]] ([[mp3|]])|Podcast|
|2021.01.14|//Sophos//|[[S3 Ep15: Titan keys, Mimecast certs and Solarwinds|https://nakedsecurity.sophos.com/2021/01/14/s3-ep15-titan-keys-mimecast-certs-and-solarwinds-podcast/]]|Podcast|
|2021.01.14|Screaming in the Cloud|[[Best Practices for AWS Security – Part 1 with Scott Piper|https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/best-practices-for-aws-security-part-1-with-scott-piper/]] ([[mp3|https://dts.podtrac.com/redirect.mp3/media.transistor.fm/a148c694/c2dbd8b8.mp3]]) (1/2)|Podcast|
|>|>|>||
|>|>|>|!Conformité / Compliance |
|2021.01.15|ZDnet[img[iCSF/flag_fr.png]]|![[SecNumCloud : Tout comprendre en cinq points|https://www.zdnet.fr/actualites/secnumcloud-tout-comprendre-en-cinq-points-39916267.htm]] |SecNumCloud|
|>|>|>||
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2021.01.12|Solutions Review|[[Solutions Review Releases 2021 Vendor Map for Cloud Managed Service Providers|https://solutionsreview.com/cloud-platforms/solutions-review-releases-2021-vendor-map-for-cloud-managed-service-providers/]]|Market|
|2021.01.12|Solutions Review| → [[2021 Vendor Map for Cloud Managed Service Providers|https://solutionsreview.com/cloud-platforms/cloud-msp-vendor-map/]]|Market|
|2021.01.10|Cloud Pundit|![[Terms of Service: From anti-spam to content takedown|https://cloudpundit.com/2021/01/10/terms-of-service-from-anti-spam-to-content-takedown/]] |Contracts|
|>|>|>|''Acquisitions'' |
|2021.01.13|//LogRhythm//|[[LogRhythm Acquires Threat Detection Platform MistNet|https://www.businesswire.com/news/home/20210113005167/en/LogRhythm-Acquires-Threat-Detection-Platform-MistNet/]]|Acquisition|
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''APIs'' |
|2021.01.15|SecureCloud Blog|[[Azure API management – Enforce use of Certificate in Client Credentials Flow|https://securecloud.blog/2021/01/15/azure-api-management-enforce-use-of-certificate-in-client-credentials-flow/]]|Azure APIs|
|>|>|>|''DNS'' |
|2021.01.14|NSA|[[Obfuscated DNS Queries|https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/]]|!DNS|
|2021.01.14|NSA|![[NSA Recommends Using Only 'Designated' DNS Resolvers|https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2471956/nsa-recommends-how-enterprises-can-securely-adopt-encrypted-dns/]]|!DNS|
|2021.01.14|NSA| → [[Adopting Encrypted DNS in Enterprise Environments|https://media.defense.gov/2021/Jan/14/2002564889/-1/-1/0/CSI_ADOPTING_ENCRYPTED_DNS_U_OO_102904_21.PDF]] (pdf)|!DNS|
|2021.01.14|Dark Reading|[[NSA Recommends Using Only Designated DNS Resolvers|https://www.darkreading.com/cloud/nsa-recommends-using-only-designated-dns-resolvers/d/d-id/1339901]]|!DNS|
|2021.01.13|//Verisign//|[[Cryptographic Tools for Non-Existence in the Domain Name System: NSEC and NSEC3|https://blog.verisign.com/security/cryptographic-tools-for-non-existence-in-the-domain-name-system-nsec-and-nsec3/]] (2/6)|!DNS|
|2021.01.14|//Verisign//|[[Newer Cryptographic Advances for the Domain Name System: NSEC5 and Tokenized Queries|https://blog.verisign.com/security/newer-cryptographic-advances-for-the-domain-name-system-nsec5-and-tokenized-queries/]] (3/6)|!DNS|
|>|>|>|''CSPM'' |
|2021.01.11|//Darkbit//|[[Reimagining Cloud Security Posture Assessments|https://darkbit.io/blog/cloud-security-posture-assessments]]|CSPM|
|>|>|>|''SASE'' |
|2021.01.11|ZDnet[img[iCSF/flag_fr.png]]|[[Comment le modèle SASE améliore la sécurité du cloud et du télétravail|https://www.lemagit.fr/conseil/Comment-le-modele-SASE-ameliore-la-securite-du-Cloud-et-du-teletravail]]|SASE|
|>|>|>|''Zero Trust'' |
|2021.01.11|//Palo Alto Networks//|[[Best Practices for Cloud Infrastructure: Zero Trust Microsegmentation|https://blog.paloaltonetworks.com/2021/01/cloud-zero-trust-microsegmentation/]]|Zero_Trust|
|>|>|>|''Autres / Others'' |
|2021.01.11|CSO Online|[[Top 7 security mistakes when migrating to cloud-based apps|https://www.csoonline.com/article/3602609/top-7-security-mistakes-when-migrating-to-cloud-based-apps.html]]|Migration|
|2021.01.12|//Radware//|[[When It Comes To Cloud Security, Least Privilege Takes Precedent|https://blog.radware.com/security/cloudsecurity/2021/01/when-it-comes-to-cloud-security-least-privilege-takes-precedence/]]|Misc|
|2021.01.12|//Compare the Cloud//|[[How To Ensure Security With Cloud Hosting?|https://www.comparethecloud.net/articles/cloud/how-to-ensure-security-with-cloud-hosting/]]|Hosting|
|2021.01.13|Last Week in AWS|![[Parler's New Serverless Architecture|https://www.lastweekinaws.com/blog/parlers-new-serverless-architecture/]] |Misc|
|2021.01.13|//Uptycs//|[[Continuously monitor your cloud infrastructure to improve cloud security posture|https://www.uptycs.com/blog/continuously-monitor-your-cloud-infrastructure-to-improve-cloud-security-posture]]|CSPM|
|2021.01.13|Reseller News|[[5 challenges every multicloud strategy must address|https://www.reseller.co.nz/article/685588/5-challenges-every-multicloud-strategy-must-address/?]]|Multi_Cloud|
|2021.01.14|Help Net Security|[[43% Of Financial Services Orgs Plan To Increase Private Cloud Investments|https://www.helpnetsecurity.com/2021/01/14/financial-services-private-cloud-investments/]]|Misc|
|2021.01.15|//Security Intelligence//|[[Hybrid Cloud Adoption Brings Security on the Go|https://securityintelligence.com/articles/hybrid-cloud-adoption-brings-security-on-the-go/]]|Hybrid_Cloud|
|2021.01.15|//Security Intelligence//|[[Misconfigurations: A Hidden but Preventable Threat to Cloud Data|https://securityintelligence.com/articles/misconfigurations-hidden-threat-to-cloud-data/]]|Misconfigurations Threat|
|2021.01.12|Computer Weekly|[[Cloud DR from the Big Three: Who’s best at what?|https://www.computerweekly.com/feature/Cloud-DR-from-the-Big-3-Whos-best-at-what]]|DRP|
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #98|2021.01.10 - Newsletter Hebdomadaire #98]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #98|2021.01.10 - Weekly Newsletter - #98]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.01.10 - Newsletter Hebdomadaire #98]]>> |<<tiddler [[2021.01.10 - Weekly Newsletter - #98]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 4 au 10 janvier 2021
!!1 - Informations CSA - 4 au 10 janvier 2021
* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Formation: Nouvelles session sécurité après 'AWS re:Invent'+++^*[»] <<tiddler [[2021.01.07 - Formation : Nouvelles sessions sécurité 'AWS re:Invent']]>>===
* Formation[img[iCSF/flag_fr.png]]: prochaine session CCSK en français en mars 2021+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
* Newsletter CSA pour Janvier/Février 2021+++^*[»] <<tiddler [[2021.01.06 - Actu : Newsletter CSA pour Janvier/Février 2021]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 70 liens|2021.01.10 - Veille Hebdomadaire - 10 janvier]])
* __''À lire''__
** ''Alerte AA21-008A sur la détection d'activité après compromission dans les environnements Cloud de Microsoft (CISA)''
** ''Techniques d'attaques contre AWS (Scott Piper)''
** ''SolarStorm: Publication de nouvelles informations et d'IOCs''
* __Attaques, Incidents, Fuites de données, Pannes__
** Pannes : Slack le 4 janvier
* __Risques, Menaces, Vulnérabilités__
** Risques : Avantages et inconvénients du stockage AWS pour réduire le risque rançongiciel
** Menaces : Cloud, surface d'attaque, et composants critiques (//Zscaler//) • TeamTNT construit son Botnet sur des serveurs Cloud chinois (//Lacework//)
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Pour le CSPM (//XM Cyber//)
** Détection : Prise d'empreinte pour les fichiers et les documents dans Microsoft 365 et les applications Cloud (Matt Soseman)
* __Rapports, Sondages, Études, Publications__
** Rapports : Analyse NICER de l'exposition Internet du DNS (//Rapid7//) • 'Adversary Infrastructure Report 2020' (//Recorded Future//)
* __Cloud Services Providers, Outils__
** AWS : Journalisation sur tous les services AWS • Comment éviter les coûts de tranferts de données dans AWS
** Azure : Explication de la gestion des identités dans Azure (Sebastiaan van Putten) • Vision globale d'Azure Sentinel (Marteen Goet) •
** GCP : Nouvelle fonction "tail -f" pour l'analyse des journaux
** Oracle : Nouveau document CIS "Container Engine for Kubernetes Benchmark"
** Kubernetes : Vecteurs d'attaque par découverte
** Outils : S3 Viewer pour AWS • UhOh365 pour O365
* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts : 'Understanding Infrastructure as Code' (SilverLining) • 'Cloud Security Testing in AWS' (Cloud Security Podcast) • Panne Slack (//Thousand Eyes//)
** Veilles : TL;DR Security #65 • The Cloud Security Reading List #69 •
* __Juridique, Réglementation, Conformité__
** Juridique : Amazon perd le droit d'utliser la marue AWS en Chine
* __Marché, Acquisitions__
** Acquisitions : //StackRox// par //Red Hat / IBM// • //Secureworks// par //Atos// • //Volterra// par //F5 Networks//
* __Divers__
** Pen Tests: Why Red Team Testing Rules the Cloud (//Security Intelligence / IBM//)
** Autres : Rapide présentation de CNAPP, CIEM, CWPP, CASB et CSPM (//DivvyCloud//)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1A/|https://CloudSecurityAlliance.fr/go/L1A/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - January 4th to 10th, 2021
!!1 - CSA News and Updates - January 4th to 10th, 2021
* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Training: New security session in the wake of 'AWS re:Invent'+++^*[»] <<tiddler [[2021.01.07 - Formation : Nouvelles sessions sécurité 'AWS re:Invent']]>>===
* Training[img[iCSF/flag_fr.png]]: Online CCSK training in March+++^*[»] <<tiddler [[2021.01.29 - Formation : Prochain CCSK en français la semaine du 10 mars]]>>===
* CSA Newsletter for January/February 2021+++^*[»] <<tiddler [[2021.01.06 - Actu : Newsletter CSA pour Janvier/Février 2021]]>>===
!!2 - Cloud and Security News Watch ([[over 70 links|2021.01.10 - Veille Hebdomadaire - 10 janvier]])
* __''Must read''__
** ''Alert AA21-008A on Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments (CISA)''
** ''Lesser Known Techniques for Attacking AWS Environments (Scott Piper)''
** ''SolarStorm: Many valuable information and IOCs have been published''
* __Attacks, Incidents, Data Leaks, Outages__
** Outages: Slack Outage on January 4th
* __Risks, Threats, Vulnerabilities__
** Risks: Pros and Cons of AWS Storage as a Way to Defend Against Ransomware
** Threats: Critical Protection Points in Cloud Attack Surface (//Zscaler//) • TeamTNT Building Botnet from Chinese Cloud Servers (//Lacework//)
* __Best Practices, and Detection__
** Best Practices: Best Practices for CSPM (//XM Cyber//)
** Detection: File and Document Fingerprinting in Microsoft 365 and Cloud App Security (Matt Soseman)
* __Reports, Surveys, Studies, Publications__
** Reports: NICER Protocol Deep Dive on Internet Exposure of DNS (//Rapid7//) • 'Adversary Infrastructure Report 2020' (//Recorded Future//)
* __Cloud Services Providers, Tools__
** AWS: Enabling Logging on Every AWS Service • Avoiding AWS Data Transfer Costs
** Azure: Azure Managed Identity Explained (Sebastiaan van Putten) • Full Overview Azure Sentinel (Marteen Goet) •
** GCP: New "tail -f" Functionality for Log Analysis
** Oracle: New Container Engine for Kubernetes Benchmark (CIS)
** Kubernetes: Discovery Threat Vectors•
** Tools: S3 Viewer for AWS • UhOh365 for O365
* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Podcasts: 'Understanding Infrastructure as Code' (SilverLining) • 'Cloud Security Testing in AWS' (Cloud Security Podcast) • Slack Outage (//Thousand Eyes//)
** Newsletters: TL;DR Security #65 • The Cloud Security Reading List #69 •
* __Legal, Regulatory, Compliance__
** Legal: Amazon Banned From Using AWS Logo in China Trademark Ruling
* __Market, Acquisitions__
** Acquisitions: //StackRox// by //Red Hat / IBM// • //Secureworks// by //Atos// • //Volterra// by //F5 Networks//
* __Miscellaneous__
** Pen Tests: Why Red Team Testing Rules the Cloud (//Security Intelligence / IBM//)
** Others: A Quick Look Into CNAPP, CIEM, CWPP, CASB, CSPM (//DivvyCloud//)
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L1A/|https://CloudSecurityAlliance.fr/go/L1A/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 4 au 10 janvier 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2021.01.04|//Summit Route//|![[Lesser Known Techniques for Attacking AWS Environments|https://tldrsec.com/blog/lesser-known-aws-attacks/]] |AWS Attacks|
|2021.01.08|CISA|[[Alert (AA21-008A) Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments |https://us-cert.cisa.gov/ncas/alerts/aa21-008a]]|Alert|
|>|>|>||
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2021.01.08|ZDnet|[[A crypto-mining botnet is now stealing Docker and AWS credentials|https://www.zdnet.com/article/a-crypto-mining-botnet-is-now-stealing-docker-and-aws-credentials/]]|Crypto_Mining AWS Docker|
|>|>|>|''Pannes / Outages'' |
|2021.01.04|Slack|[[Customers may have trouble connecting to or using Slack|https://status.slack.com/2021-01-04]]|Outage Slack|
|2021.01.04|Bleeping Computer|[[Slack suffers its first massive outage of 2021|https://www.bleepingcomputer.com/news/technology/slack-suffers-its-first-massive-outage-of-2021/]]|Outage Slack|
|2021.01.04|Security Week|[[Slack Outage Causing Enterprise Security Hiccups|https://www.securityweek.com/slack-outage-causing-enterprise-security-hiccups]]|Outage Slack|
|>|>|>||
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2021.01.06|The Register|![[Storage on AWS: What's new, is it too complicated? Can it help defend against ransomware?|https://www.theregister.com/2021/01/06/storage_on_aws/]] |AWS Storage|
|>|>|>|''Menaces / Threats'' |
|2021.01.08|//Pentest Partners//|[[Azure AD. Attack of the Default Config|https://www.pentestpartners.com/security-blog/azure-ad-attack-of-the-default-config/]]|AzureAD Threat|
|2021.01.08|//Zscaler//|[[The Four Critical Protection Points in your Cloud Attack Surface|https://www.zscaler.com/blogs/product-insights/four-critical-protection-points-your-cloud-attack-surface]]|Attack_Surface|
|2021.01.06|//Imperva//|[[Software Supply Chain Attacks: From Formjacking to Third Party Code Changes|https://www.imperva.com/blog/software-supply-chain-attacks-from-formjacking-to-third-party-code-changes/]]|Supply_Chain_Attacks|
|2021.01.05|//Lacework//|[[TeamTNT Builds Botnet from Chinese Cloud Servers|https://www.lacework.com/teamtnt-builds-botnet-from-chinese-cloud-servers/]]|Threats China IOCs|
|>|>|>||
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2021.01.10|//XM Cyber//|[[Best Practices for Cloud Security Posture Management|https://www.xmcyber.com/best-practices-for-cloud-security-posture-management/]]|CSPM|
|2021.01.06|Computer Weekly|[[Five key points about cloud vs in-house disaster recovery|https://www.computerweekly.com/feature/Five-key-points-about-cloud-vs-in-house-disaster-recovery]]|DRP|
|>|>|>|''Détection / Detection'' |
|2021.01.07|Matt Soseman|[[Using Microsoft 365 Defender to Protect Against Solorigate|https://mattsoseman.wordpress.com/2021/01/07/using-microsoft-365-defender-to-protect-against-solorigate/]] ([[vidéo|https://www.youtube.com/watch?v=E_daVfh-SaQ]])|SolarStorm|
|2021.01.06|Matt Soseman|[[File Fingerprints in Microsoft Cloud App Security|https://mattsoseman.wordpress.com/2021/01/06/file-fingerprints-in-microsoft-cloud-app-security/]] ([[vidéo|https://www.youtube.com/watch?v=t2cBac1Zd8Y]])|Fingerprinting|
|2021.01.05|Matt Soseman|[[Document Fingerprint in M365 DLP in Exchange Online|https://mattsoseman.wordpress.com/2021/01/05/document-fingerprint-in-m365-dlp-in-exchange-online/]] ([[vidéo|https://www.youtube.com/watch?v=0eCKvdWxw0k]])|Fingerprinting|
|2021.01.04|Matt Soseman|[[What is Document Fingerprinting in Microsoft 365|https://mattsoseman.wordpress.com/2021/01/04/what-is-document-fingerprinting-in-microsoft-365/]] ([[vidéo|https://www.youtube.com/watch?v=Paal4I-vdF0]])|Fingerprinting|
|2021.01.03|Matt Soseman|[[Microsoft 365 Defender Incident Email Notifications|https://mattsoseman.wordpress.com/2021/01/03/microsoft-365-defender-incident-email-notifications/]] ([[vidéo|https://www.youtube.com/watch?v=usMvIkaKclE]])|Notification|
|2021.01.08|Dark Reading|[[Top 5 'Need To Know' Coding Defects For DevSecOps|https://www.darkreading.com/malware-developers-refresh-their-attahttps://www.darkreading.com/vulnerabilities---threats/top-5-need-to-know-coding-defects-for-devsecops-/a/d-id/1339778]]|DevSecOps|
|>|>|>||
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2021.01.07|//Recorded Future//|[[Adversary Infrastructure Report 2020: A Defender's View|https://www.recordedfuture.com/2020-adversary-infrastructure-report/]] ([[pdf|https://go.recordedfuture.com/hubfs/reports/cta-2021-0107.pdf]])|Report|
|2021.01.05|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of DNS|https://blog.rapid7.com/2021/01/05/nicer-protocol-deep-dive-internet-exposure-of-dns/]]|!Report DNS|
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2021.01.07|//Amazon AWS//|[[Use AWS Secrets Manager to simplify the management of private certificates|https://aws.amazon.com/blogs/security/use-aws-secrets-manager-to-simplify-the-management-of-private-certificates/]]|AWS Secrets_Management|
|2021.01.07|//Amazon AWS//|[[re:Invent – New security sessions launching soon|https://aws.amazon.com/blogs/security/reinvent-new-security-sessions-launching-soon/]]|AWS Conference|
|2021.01.06|Last Week in AWS|![[Terrible Ideas for Avoiding AWS Data Transfer Costs|https://www.lastweekinaws.com/blog/terrible-ideas-for-avoiding-aws-data-transfer-costs/]] |AWS Costs|
|2021.01.04|Matt Fuller|![[How to Enable Logging on Every AWS Service in Existence (Circa 2021)|https://matthewdf10.medium.com/how-to-enable-logging-on-every-aws-service-in-existence-circa-2021-5b9105b87c9]] |AWS Logging|
|>|>|>|''Azure (Microsoft)'' |
|2021.01.08|BetaNews|[[Businesses need to take Teams security seriously|https://betanews.com/2021/01/08/businesses-teams-security-seriously/]]|Security|
|2021.01.06|Sebastiaan van Putten|[[How Azure Managed Identity works explained. A special type of Enterprise Application|https://www.seb8iaan.com/how-azure-managed-identity-works-explained-another-enterprise-applications-chapter/]]|Azure IAM|
|2021.01.06|Redmond Channel|[[Microsoft Promises To Raise Azure AD Uptime to 99.99 Percent|https://rcpmag.com/articles/2021/01/05/azure-ad-uptime-to-four-nines.aspx]]|AzureAD|
|2021.01.05|Marteen Goet|[[Azure Sentinel.. complete overview|https://raw.githubusercontent.com/maartengoet/presentations/master/2021_01_experts_live_austria_azure_sentinel.pdf]] (pdf) |Azure_Sentinel|
|2021.01.04|Bleeping Computer|[[Microsoft Defender for Office 365 to allow testing without setup|https://www.bleepingcomputer.com/news/security/microsoft-defender-for-office-365-to-allow-testing-without-setup/]]|O365|
|>|>|>|''GCP (Google)'' |
|2021.01.06|//Google Cloud//|[[Find logs fast with new "tail -f" functionality in Cloud Logging|https://cloud.google.com/blog/products/management-tools/cloud-logging-gets-real-time-log-searching/]] ([[référence|https://cloud.google.com/sdk/gcloud/reference/alpha/logging/tail]])|Log_Analysis|
|>|>|>|''Oracle'' |
|2021.01.06|//Oracle Cloud//|[[Announcing the CIS Oracle Cloud Infrastructure Container Engine for Kubernetes Benchmark|https://blogs.oracle.com/cloud-infrastructure/announcing-the-cis-oracle-cloud-infrastructure-container-engine-for-kubernetes-benchmark]]|Oracle Kubernetes Benchmark|
|>|>|>|''Kubernetes'' |
|2021.01.06|//Alcide//|[[Kubernetes Threat Vectors - Part 7: Discovery|https://www.alcide.io/kubernetes-threat-vectors-part-7-discovery]] (7/11) |Kubernetes Threats|
|2021.01.06|//Stackrox//|[[CKS Certification Study Guide: Minimize Microservice Vulnerabilities|https://www.stackrox.com/post/2021/01/cks-certification-study-guide-minimize-microservice-vulnerabilities/]]|Microservices|
|>|>|>|''Docker'' |
|2021.01.09|Jatin Yadav|[[Harden Docker with CIS – (P6) Container Runtime Configuration – Part 1|https://blog.jtnydv.com/harden-docker-with-cis-p6-container-runtime-configuration-part-1/]]|Docker Hardening CIS|
|2021.01.16|Jatin Yadav|[[Harden Docker with CIS – (P6) Container Runtime Configuration – Part 2|https://blog.jtnydv.com/harden-docker-with-cis-p6-container-runtime-configuration-part-2/]]|Docker Hardening CIS|
|>|>|>|''Workloads'' |
|2021.01.10|//Zscaler//|[[Simplifying and Automating Cloud Workload Protection|https://www.zscaler.com/blogs/product-insights/simplifying-and-automating-cloud-workload-protection]]|Workloads|
|>|>|>|''Outils / Tools'' |
|2021.01.09|Sharon Brizinov|![[S3 Viewer|https://github.com/SharonBrizinov/s3viewer]]: Publicly Open Amazon AWS S3 Bucket Viewer |Tools AWS|
|2021.01.07|Kitploit|[[UhOh365 - A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)|https://www.kitploit.com/2021/01/uhoh365-script-that-can-see-if-email.html]] ([[Github|https://github.com/Raikia/UhOh365]])|Tools O365|
|2021.01.05|//Catchpoint//|[[Instant Test Integration with Slack|https://blog.catchpoint.com/2021/01/05/instant-test-integration-with-slack/]] ([[vidéo|https://www.youtube.com/watch?v=F16U_zMMsgs]])|Slack Notification|
|>|>|>||
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2021.01.05|SilverLining IL|[[Episode 32: Understanding Infrastructure as Code and How to Use it Effectively|https://silverlining-il.castos.com/episodes/episode-32-understanding-infrastructure-as-code-and-how-to-use-it-effectively]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/silverlining-podcast-????-???????.mp3]])|Podcast|
|2021.01.10|Cloud Security Podcast|[[Cloud Security Testing in AWS|https://anchor.fm/cloudsecuritypodcast/episodes/Cloud-Security-Testing-in-AWS-eop3tu]]|Podcast|
|2021.01.10|//Thousand Eyes//|[[Ep. 32: What Happened with Slack's Outage; Plus, Talking Cloud Resiliency with Forrest Brazeal of A Cloud Guru|https://blog.thousandeyes.com/internet-report-episode-32/]] ([[vidéo|https://www.youtube.com/watch?v=pRv-XqO1Ego]])|Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2021.01.10|Marco Lancini|[[The Cloud Security Reading List #69|https://cloudseclist.com/issues/issue-69/]] |Weekly_Newsletter|
|2021.01.06|TL;DR Security|[[#65 - Lesser Known AWS Attacks, Infra as Code Scanning, Template Injection Workshop|https://tldrsec.com/blog/tldr-sec-065/]] |Weekly_Newsletter|
|>|>|>||
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|''Juridique / Legal'' |
|2021.01.05|Wall Street Journal|[[Amazon Banned From Using AWS Logo in China Trademark Ruling|https://www.wsj.com/articles/amazon-banned-from-using-aws-logo-in-china-trademark-ruling-11609841232]]|China Trademark AWS|
|2021.01.06|The Register| → [[Amazon Web Services launches appeal after losing $12m AWS trademark war in China to local biz Actionsoft|https://www.theregister.com/2021/01/05/aws_chinese_trademark/]]|China Trademark AWS|
|>|>|>|''Réglementation / Regulatory'' |
|2021.01.07|JDSupra|[[Up, up and away! Moving eDiscovery to the Cloud|https://www.jdsupra.com/legalnews/up-up-and-away-moving-ediscovery-to-the-4625148/]]|eDiscovery|
|>|>|>||
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2021.01.07|MSSP Alert|[[Telos Targets Amazon AWS Cloud Vulnerability Management|https://www.msspalert.com/cybersecurity-services-and-products/telos-xacta-aws-cloud-vulnerability-mgmt/]]|Products|
|2021.01.05|//Netskope//|[[Where CASB and SWG Are Headed|https://www.netskope.com/blog/where-casb-and-swg-are-headed]]|CASB SWG|
|>|>|>|''Acquisitions'' |
|2021.01.07|//RedHat//|[[Red Hat to Acquire Kubernetes-Native Security Leader StackRox|https://www.redhat.com/en/about/press-releases/red-hat-acquire-kubernetes-native-security-leader-stackrox]]|Acquisition|
|2021.01.07|//RedHat//| → [[FAQ: Red Hat to acquire StackRox |https://www.redhat.com/en/blog/faq-red-hat-acquire-stackrox]]|Acquisition|
|2021.01.07|//StackRox//| → [[Red Hat to Acquire StackRox to Further Expand its Security Leadership|https://www.stackrox.com/post/2021/01/red-hat-to-acquire-stackrox/]]|Acquisition|
|2021.01.07|Security Week| → [[Red Hat Buys Container Security Firm StackRox|https://www.securityweek.com/red-hat-buys-container-security-firm-stackrox]]|Acquisition|
|2021.01.07|Help Net Security| → [[Red Hat to acquire StackRox, enabling users to build, deploy and run apps across the hybrid cloud|https://www.helpnetsecurity.com/2021/01/08/red-hat-stackrox/]]|Acquisition|
|2021.01.07|MSSP Alert|[[Atos Acquiring Secureworks from Dell Technologies?|https://www.msspalert.com/investments/atos-acquiring-secureworks-from-dell-technologies/]]|Acquisition|
|2021.01.07|Silicon Angle|[[F5 Networks to acquire edge-as-a-service startup Volterra for $500M|https://siliconangle.com/2021/01/07/f5-networks-acquire-edge-service-startup-volterra-500m/]]|Acquisition|
|2021.01.07|container Journal|[[F5 Networks to Acquire Volterra to Push Apps to the Edge|https://containerjournal.com/uncategorized/f5-networks-to-acquire-volterra-to-push-apps-to-the-edge/]]|Acquisition|
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''Tests d'intrusion / Pen Tests'' |
|>|>|>|''DNS / BGP / NTP'' |
|2021.01.07|//Security Intelligence//|[[Why Red Team Testing Rules the Cloud|https://securityintelligence.com/posts/red-teaming-cybersecurity-rules-the-cloud/]]|Red_Team|
|2021.01.10|//Tripwire//|[[It's Always DNS – But Not in the Way You May Think|https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/dns-but-not-way-you-may-think/]]|!DNS|
|2021.01.08|//Verisign//|[[The Domain Name System: A Cryptographer’s Perspective|https://blog.verisign.com/the-domain-name-system-a-cryptographers-perspective/]] (1/6)|!DNS|
|>|>|>|''SASE'' |
|2021.01.04|Security Week|[[Getting SASE, Without the Hyperbole|https://www.securityweek.com/getting-sase-without-hyperbole]]|SASE|
|>|>|>|''Zero Trust'' |
|2021.01.08|//Illumio//|[[Take Me to Your Domain Controller: Protections & Mitigations Using Zero Trust Tools|https://www.illumio.com/blog/domain-controller-3]] (3/3)|Zero_Trust|
|>|>|>|''Autres / Others'' |
|2021.01.10|Gerben Wierda|[[The many lies about reducing complexity part 2: Cloud|https://ea.rna.nl/2021/01/10/the-many-lies-about-reducing-complexity-part-2-cloud/]] (2/2)|Architecture|
|2021.01.07|//Threatstack//|[[Five Cloud Security Myths|https://www.threatstack.com/blog/five-cloud-security-myths]]|Myths|
|2021.01.07|//Lifars//|[[Shadow IT: The Risks, How it Gets Exploited, Its Mitigation Steps|https://lifars.com/2021/01/shadow-it/]]|Shadow_IT|
|2021.01.06|GBHackers on Security|![[Cloud Security vs. Network Security: What's the Difference?|https://gbhackers.com/cloud-security-vs-network/]]|Misc|
|2021.01.06|//DivvyCloud//|[[A Quick Look Into Cloud Security Posture Management (CSPM)|https://divvycloud.com/blog-cspm/]]|CSPM|
|2021.01.06|//DivvyCloud//|[[A Quick Look Into Cloud Access Security Brokers (CASB)|https://divvycloud.com/blog-casb/]]|CASB|
|2021.01.06|//DivvyCloud//|[[A Quick Look Into Cloud Workload Protection Platforms (CWPP)|https://divvycloud.com/blog-cwpp/]]|CWPP Workloads|
|2021.01.06|//DivvyCloud//|[[A Quick Look Into Cloud Infrastructure Entitlement Management (CIEM)|https://divvycloud.com/blog-ciem/]]|CIEM|
|2021.01.06|//DivvyCloud//|[[A Quick Look Into Cloud-Native Application Protection Platform (CNAPP)|https://divvycloud.com/blog-cnapp/]]|CNAPP|
<<tiddler [[arOund0C]]>>
Si vous avez raté les sessions de l'événement virtuel ''+++^*[AWS re:Invent 2020] https://reinvent.awsevents.com/ ==='' traitant des problématiques de sécurité, d'identité ou de conformité, elles sont disponibles sr le site Web ''+++^*[AWS re:Invent] https://virtual.awsevents.com/agenda?trk=direct ===''.
De nouvelles sessions traitant de ces sujets sont organisées du 12 au 15 janvier 2021.
L'agenda est le suivant :
|!SEC210|>|>|!"Protecting sensitive data with Amazon Macie and Amazon GuardDuty" par Himanshu Verma, AWS|
|Créneaux|Mardi 12 janvier de 20h00 à 20h30|Mercredi 13 janvier de 4h00 à 4h30|Mercredi 13 janvier de 12h00 à 12h30|
|Détails|>|>|//As organizations manage growing volumes of data, identifying and protecting your sensitive data can become increasingly complex, expensive, and time-consuming. In this session, learn how Amazon Macie and Amazon GuardDuty together provide protection for your data stored in Amazon S3. Amazon Macie automates the discovery of sensitive data at scale and lowers the cost of protecting your data. Amazon GuardDuty continuously monitors and profiles S3 data access events and configurations to detect suspicious activities. Come learn about these security services and how to best use them for protecting data in your environment.//|
|Média|>|>|Après inscription : [[vidéo et slides|https://virtual.awsevents.com/media/0_gg7up7sv]]|
|!SEC211|>|>|!"BBC: Driving security best practices in a decentralized organization" par Apurv Awasthi, AWS et Andrew Carlson, Sr. Software Engineer, BBC|
|Créneaux|Mardi 12 janvier de 22h15 à 22h45|Mercredi 13 janvier de 6h15 à 6h45|Mercredi 13 janvier de 14h15 à 14h45|
|Détails|>|>|//In this session, Andrew Carlson, engineer at BBC, talks about BBC's journey while adopting AWS Secrets Manager for lifecycle management of its arbitrary credentials such as database passwords, API keys, and third-party keys. He provides insight on BBC's secrets management best practices and how the company drives these at enterprise scale in a decentralized environment that has a highly visible scope of impact.//|
|!SEC321|>|>|!"Get ahead of the curve with DDoS Response Team escalations" par Fola Bolodeoku, AWS|
|Créneaux|Mardi 12 janvier de 00h30 à 01h00|Mardi 12 janvier de 20h30 à 21h00|Mercredi 13 janvier de 16h30 à 17h00|
|Détails|>|>|//This session identifies tools and tricks that you can use to prepare for application security escalations, with lessons learned provided by the AWS DDoS Response Team. You learn how AWS customers have used different AWS offerings to protect their applications, including network access control lists, security groups, and AWS WAF. You also learn how to avoid common misconfigurations and mishaps observed by the DDoS Response Team, and you discover simple yet effective actions that you can take to better protect your applications' availability and security controls.//|
|Média|>|>|Après inscription : [[vidéo et slides|https://virtual.awsevents.com/media/0_ct13nqf6]]|
|!SEC322|>|>|!"Network security for serverless workloads" par Alex Tomic, AWS|
|Créneaux|Jeudi 14 janvier de 22h30 à 23h00|Vendredi 15 janvier de 6h30 à 07h00|Vendredi 15 janvier de 14h30 à 15h00|
|Détails|>|>|//Are you building a serverless application using services like Amazon API Gateway, AWS Lambda, Amazon DynamoDB, Amazon Aurora, and Amazon SQS? Would you like to apply enterprise network security to these AWS services? This session covers how network security concepts like encryption, firewalls, and traffic monitoring can be applied to a well-architected AWS serverless architecture.//|
|Média|>|>|Après inscription : [[vidéo et slides|https://virtual.awsevents.com/media/0_w1mk6qki]]|
|!SEC323|>|>|!"Building your cloud incident response program" par Freddy Kasprzykowski, AWS|
|Créneaux|Mercredi 13 janvier de 18h00 à 18h30|Jeudi 14 janvier 02h00 à 02h30|Jeudi 14 janvier de 10h00 à 10h30|
|Détails|>|>|//You've configured your detection services and now you've received your first alert. This session provides patterns that help you understand what capabilities you need to build and run an effective incident response program in the cloud. It includes a review of some logs to see what they tell you and a discussion of tools to analyze those logs. You learn how to make sure that your team has the right access, how automation can help, and which incident response frameworks can guide you.//|
|Média|>|>|Après inscription : [[vidéo et slides|https://virtual.awsevents.com/media/0_q5oea4np]]|
|!SEC324|>|>|!"Beyond authentication: Guide to secure Amazon Cognito applications" par Mahmoud Matouk, AWS|
|Créneaux|Mercredi 13 janvier de 23h15 à 23h45|Jeudi 14 janvier de 07h15 à 07h45|Jeudi 14 janvier de 15h15 à 15h45|
|Détails|>|>|//Amazon Cognito is a flexible user directory that can meet the needs of a number of customer identity management use cases. Web and mobile applications can integrate with Amazon Cognito in minutes to offer user authentication and get standard tokens to be used in token-based authorization scenarios. This session covers best practices that you can implement in your application to secure and protect tokens. You also learn about new Amazon Cognito features that give you more options to improve the security and availability of your application//|
|!SEC325|>|>|!"Event-driven data security using Amazon Macie" par Neha Joshi, AWS|
|Créneaux|Jeudi 14 janvier de 17h00 à 17h30|Vendredi 15 janvier de 01h00 à 01h30|Vendredi 15 janvier de 19h00 à 19h30|
|Détails|>|>|//Amazon Macie sensitive data discovery jobs for Amazon S3 buckets help you discover sensitive data such as personally identifiable information (PII), financial information, account credentials, and workload-specific sensitive information. In this session, you learn about an automated approach to discover sensitive information whenever changes are made to the objects in your S3 buckets//|
|!SEC327|>|>|!"Instance containment techniques for effective incident response" par Jonathon Poling, AWS|
|Créneaux|Jeudi 14 janvier de 19h15 à 19h45|Vendredi 15 janvier de 03h15 à 03h45|Vendredi 15 janvier de 11h15 à 11h45|
|Détails|>|>|//In this session, learn about several instance containment and isolation techniques, ranging from simple and effective to more complex and powerful, that leverage native AWS networking services and account configuration techniques. If an incident happens, you may have questions like “How do we isolate the system while preserving all the valuable artifacts?” and “What options do we even have?”. These are valid questions, but there are more important ones to discuss amidst a (possible) incident. Join this session to learn highly effective instance containment techniques in a crawl-walk-run approach that also facilitates preservation and collection of valuable artifacts and intelligence//|
|Média|>|>|Après inscription : [[vidéo et slides|https://virtual.awsevents.com/media/0_ma5diduk]]|
|!SEC402|>|>|!"Trusted connects for government workloads" par Brad Dispensa, AWS|
|Créneaux|Mercredi 13 janvier de 20h15 à 20h45|Jeudi 14 janvier de 04h15 à 04h45|Jeudi 14 janvier de 12h15 à 12h45|
|Détails|>|>|//Cloud adoption across the public sector is making it easier to provide government workforces with seamless access to applications and data. With this move to the cloud, we also need updated security guidance to ensure public-sector data remain secure. For example, the TIC (Trusted Internet Connections) initiative has been a requirement for US federal agencies for some time. The recent TIC-3 moves from prescriptive guidance to an outcomes-based model. This session walks you through how to leverage AWS features to better protect public-sector data using TIC-3 and the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Also, learn how this might map into other geographies//|
Inscriptions ⇒ https://reinvent.awsevents.com/agenda/
Voici la newsletter publiée par le CSA pour les Chapitres Européens, nord et sud américains. pour les mois de Janvier et de Février 2021.
<<<
|ssTablN0|k
|>| [img(auto,125px)[iCSA/KL6N1.jpg]] |
|>|Dear Chapters, |
|>|Thank you for participating in CSA's global community. We hope you enjoy this newsletter, created exclusively for CSA Chapters. Feel free to share with your members.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Chapters Volunteer Awards|
|>||
|>|We would like to recognize the following Chapter Leaders for their outstanding volunteer service during 2020. Although many Chapter Leaders are deserving of being recognized for their volunteer service, the following Leaders went above and beyond for their Chapters and their local communities.|
|[img(150px,auto)[iCSA/KL6N2.jpg]]|!Matt Nelson, West Michigan Chapter|
|~|With the help from his Chapter,Matt spearheaded an almost year-long campaign to raise money for local charities in need and COVID front-line workers, raising over $50k.|
|~|He also hosted a two-day CloudCon virtual event in August that was sold out.|
|~|Finally, Matt helped promote and drive engagement to a Women in Tech organization, Bridges in Tech, which helps to provide mentoring and promote the hiring and education of women and minorities.|
|[img(150px,auto)[iCSA/KL6N3.jpg]]|!Victor Monga, LA/SoCal Chapter|
|~|With the help of his Chapter, Victor helped createa CCSK study group, which met once a week for 6 weeks, covering the 6 domains of the CCSK online training course. There were 42 participants who registered for this weekly study group, and they made recordings and slides of each meeting available on the CSA LA/SoCalChapter YouTube channel. In addition, 30 complimentary CCSK self-paced training course licenses were provided to individuals who lost employment due to COVID-19. Earning the CCSK certificate has helped members gain a thorough understanding of cloud security best practices and given them the ability to answer specific cloud security questions during job interviews. |
|~|Also, Victor has a been a regular contributor to the Chapter Leadership Meetings, providing insight and best practices on community organization and development, offering to mentor those Chapters that are just starting out or are less mature.|
|[img(150px,auto)[iCSA/KL6N4.jpg]]|!Olivier Caleff, French Chapter|
|~|Olivier has been instrumental in engaging the entire CSA EMEA community with the CSA CIRCLE platform. He has embraced the CIRCLE platform, created a newsletter, and posts discussion topics to various communities each week.|
|~|In addition to embracing and engaging with CIRCLE, Olivier continues to be the single guiding force in promoting CSA and cloud security best practices in France and Switzerland.|
|~|Olivier has been a contributor to CSA research by actively working to translate many of the CSA whitepapers into French, helping to increase their outreach and value in French speaking countries around the globe.|
|>|''Thank you to all of the Chapter Volunteer Award recipients for 2020. Outstanding service beyond expectation. THANK YOU!!!''|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Engagement|
|>||
|[img(150px,auto)[iCSA/KL6N5.jpg]]|!Circle|
|~|ALL Chapters should have an active Chapter community on the CSA CIRCLE platform. |
|~|https://cloudsecurityalliance.connectedcommunity.org/home
If you do not have a CIRCLE community for your Chapter, please reach out to [[Carolina Ozan|mailto:cozan@cloudsecurityalliance.org]] or [[Todd Edison|mailto:tedison@cloudsecurityalliance.org]] to help get that created.|
|[img(150px,auto)[iCSA/KL6N6.png]]|!Certificate of Cloud Auditing Knowledge (CCAK)|
|~|We announced a new partnership with ISACA to operate our previously announced Certificate of Cloud Auditing Knowledge (CCAK) as a joint venture. We expect to deliver the CCAK exam, training and body of knowledge by the end of Q1. The strategic significance is not merely the partnership between the world's IT audit and cloud security leaders. It is the shared vision we have to collaborate in order to reinvent, improve and harmonize audit assurance in the cloud. We hope to make a positive difference on the global, national and grassroots levels and truly make cloud computing as trustworthy as any part of the technology spectrum. |
|~|More Information → https://cloudsecurityalliance.org/education/ccak/ |
|[img(100px,auto)[iCSA/KL6N7.png]][img(100px,auto)[iCSA/KL6N8.png]][img(100px,auto)[iCSA/KL6N9.png]]|!Recently Published Research|
|~|CSA released the following research documents this past month. Like all of CSA's research, they are completely vendor-neutral and freely accessible on our website |
|~|• Research: '[[Cloud-Based, Intelligent Ecosystems|https://cloudsecurityalliance.org/artifacts/cloud-based-intelligent-ecosystems/]]'|
|~|• Research: '[[The 2020 State of Identity Security in the Cloud|https://cloudsecurityalliance.org/artifacts/the-2020-state-of-identity-security-in-the-cloud/]]'|
|~|• Research: '[[Key Management when using Cloud Services|https://cloudsecurityalliance.org/artifacts/key-management-when-using-cloud-services/]]'|
|~|• Research: '[[Software-Defined Perimeter Zero Trust Charter|https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-zero-trust-charter/]]'|
|~|!Other Research News|
|~|• Research: '[[Enterprise Architecture to CCM Shared Responsibility Model|https://cloudsecurityalliance.org/artifacts/enterprise-architecture-ccm-shared-responsibility-model/]]'|
|~|• Peer Review: '[[Critical Controls Implementation for Oracle E-Business Suite|https://cloudsecurityalliance.org/artifacts/critical-controls-implementation-for-oracle-e-business-suite/]]'|
|~|• Survey: '[[Cloud Security Concerns, Challenges, and Incidents|https://www.surveymonkey.com/r/CSA2021]]'|
|~|• Blog: '[[Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center|https://cloudsecurityalliance.org/blog/2020/12/16/migrating-to-the-cloud-compliance-issues-when-transitioning-from-a-traditional-data-center/]]'|
|~|If you have any questions around how to implement this research, you can ask our research analysts and working group members in our Circle Community [[here|https://circle.cloudsecurityalliance.org/communities/allcommunities?DisplayBy=3&OrderBy=0&CommunityTypeKey=314037a2-8690-4cd7-b3f6-596013ec15ca&FilterBy=]].|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Upcoming Events|
|>||
|[img(150px,auto)[iCSA/KL6NA.jpg]]|!CloudBytes Connect|
|~|February 2-4, 2021, Virtual|
|~|CSA is excited to launchCloudBytes Connect, a multi-day virtual event program that brings the collaboration of research and community to the forefront. Leveraging CSA's research initiatives to educate the industry on key issues and trends faced in cloud security, CloudBytes Connect will introduce participants, free of charge, to their peers and prominent leaders in the cloud and cybersecurity industry.|
|~|Over the course of three days, CSA will present a world-class program of speakers who will provide in-depth discussion and insight on specific topics each day. Keynote sessions will be presented from 9:00 am to 1:00 pm (PST) each morning.|
|~|Chapters will be given an opportunity to host a booth at CloudBytes connect to share information about their Chapters with attendees. If you would like to host a boot during the CloudBytes Connect event, please contact [[Todd Edison|mailto:tedison@cloudsecurityalliance.org]] |
|~|More Information → https://web.cvent.com/event/0383a9e5-ab2a-4a39-871c-5767658425a2/summary?RefId=main |
|>|See our full list of events [[here|https://cloudsecurityalliance.org/events]].|
|>|Let us know if you would like to post your chapter meeting, event, or webinaron the CSA Circle platform. This is an opportunity to increase your event audience, as there are currently over 4,000 Circle community users.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|Until next time...|
|>|Sincerely,|
|>|''Todd Edison -- Chapter Relations Manager, Cloud Security Alliance''|
<<<
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #97|2021.01.03 - Newsletter Hebdomadaire #97]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #97|2021.01.03 - Weekly Newsletter - #97]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2021.01.03 - Newsletter Hebdomadaire #97]]>> |<<tiddler [[2021.01.03 - Weekly Newsletter - #97]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 28 au 3 janvier 2021
!!1 - Informations CSA - 28 décembre au 3 janvier 2021
* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 30 liens|2021.01.03 - Veille Hebdomadaire - 03 janvier]])
* __''À lire''__
** ''Menaces Cloud-Native en 2020'' (Hackmageddon)
** ''Vulnerabilités DNS et Cloud : historique'' (//Palo Alto Networks//)
** ''Histoire de la connectivité réseau par Bob Reselman'' (fin)
** ''SolarStorm: Publication de nouvelles informations et d'IOCs''
* __Attaques, Incidents, Fuites de données, Pannes__
** Pannes : Wasabi impacté
* __Risques, Menaces, Vulnérabilités__
** Risques : sécurité du SaaS
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Améliorer la sécurité des buckets S3 • sécurisation des images de containers
* __Cloud Services Providers, Outils__
** Kubernetes: Vecteurs d'attaque et gestion des accès (//Alcide//)
** Outils: les différents types de shell dans le cloud • 'GKE Auditor' (Google Kubernetes Engine Misconfigurations)
* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts: "Devenir un architecte sécurité Cloud" (Cloud Security Podcast)
* __Divers__
** Chiffrement Homomorphique : l'approche d'Intel
** Formation : 16 formations en ligne sur Udemy
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L13/|https://CloudSecurityAlliance.fr/go/L13/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - January 28th to 3rd, 2021
!!1 - CSA News - December 28th to January 3rd, 2021
* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
!!2 - Cloud and Security News Watch ([[over 30 links|2021.01.03 - Veille Hebdomadaire - 03 janvier]])
* __''Must read''__
** ''Cloud-Native Threats in 2020'' (Hackmageddon)
** ''The History of DNS Vulnerabilities and the Cloud'' (//Palo Alto Networks//)
** ''Bob Reselman's final article on the history of network connectivity''
** ''SolarStorm: Many valuable information and IOCs have been published''
* __Attacks, Incidents, Data Leaks, Outages__
** Outages: Wasabi cloud storage service
* __Risks, Threats, Vulnerabilities__
** Risks: SaaS security
* __Best Practices, and Detection__
** Best Practices: Boosting Amazon S3 Bucket Security • Securing Container Images
* __Cloud Services Providers, Tools__
** Kubernetes: Threat Vectors: Credentials Access (//Alcide//)
** Tools: Cloud Shell alternatives • 'GKE Auditor' (Google Kubernetes Engine Misconfigurations)
* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Podcasts: 'Becoming a Cloud Security Architect' (Cloud Security Podcast)
* __Miscellaneous__
** Homomorphic Encryption: Intel approach
** Training: 16 Best Online Cloud Computing Courses and Training on Udemy
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/L13/|https://CloudSecurityAlliance.fr/go/L13/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 28 décembre 2020 au 3 janvier 2021
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2020.12.30|Hackmageddon|![[Cloud-Native Threats in 2020|https://www.hackmageddon.com/2020/12/30/cloud-native-threats-in-2020/]] |Threats Cloud_Native|
|>|>|>||
|2020.12.20|//Palo Alto Networks//|![[The History of DNS Vulnerabilities and the Cloud|https://unit42.paloaltonetworks.com/dns-vulnerabilities/]]|!DNS|
|>|>|>||
|2020.12.29|Bob Reselman|![[Distributed systems and ISPs push the data center forward|https://www.redhat.com/architect/history-distributed-systems-and-isps]] (4/4)|History|
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Pannes / Outages'' |
|2020.12.29|Bleeping Computer|[[Wasabi cloud storage service knocked offline for hosting malware|https://www.bleepingcomputer.com/news/security/wasabi-cloud-storage-service-knocked-offline-for-hosting-malware/]]|Outage|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.29|Dark Reading|[[Reducing the Risk of Third-Party SaaS Apps to Your Organization|https://www.darkreading.com/cloud/reducing-the-risk-of-third-party-saas-apps-to-your-organization/a/d-id/1339675]]|Risks SaaS|
|2020.12.28|Help Net Security|[[SaaS security in 2021|https://www.helpnetsecurity.com/2020/12/28/2021-saas-security/]]|SaaS|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.29|//Sysdig//|[[5 Best practices for ensuring secure container images|https://sysdig.com/blog/5-best-practices-for-ensuring-secure-container-images/]]|Containers|
|2021.01.01|CISO Mag|[[Explainers: How to Boost Amazon S3 Bucket Security|https://cisomag.eccouncil.org/how-to-protect-s3-buckets/]]|AWS_S3|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Études / Studies'' |
|2021.01.01|MSSP Alert|[[Zscaler Research: 63% of Orgs Forgo Cloud Multi-Factor Authentication|https://www.msspalert.com/cybersecurity-research/zscaler-research-63-of-orgs-forgo-cloud-multi-factor-authentication/]]|Research MFA|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2021.01.02|Brice Schneier|[[Amazon Has Trucks Filled with Hard Drives and an Armed Guard|https://www.schneier.com/blog/archives/2021/01/amazon-has-trucks-filled-with-hard-drives-and-an-armed-guard.html]]|AWS|
|2020.12.31|//K9 Security//|[[Analysis for 3 more AWS services, roadmap, and HeckinIAM|https://k9security.io/posts/2020/12/analysis-for-3-more-aws-services-roadmap-and-heckin-iam/]]|AWS Products|
|2020.12.30|//Amazon AWS//|[[Dropbox Migrates 34 PB of Data to an Amazon S3 Data Lake for Analytics|https://aws.amazon.com/solutions/case-studies/dropbox-s3/]]|AWS Migration|
|2020.12.30|//Thundra//|[[AWS Aurora vs RDS|https://blog.thundra.io/aws-aurora-vs-rds]]|AWS|
|>|>|>|''Azure (Microsoft)'' |
|2021.01.03|//Microsoft//|[[Azure Defender for IoT Raw-Data and ICS MITRE ATT&CK Matrix Mapping via Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/azure-defender-for-iot-raw-data-and-ics-mitre-att-amp-ck-matrix/ba-p/1988171]]|IoT MITRE_ATT&CK Azure_Sentinel|
|>|>|>|''Kubernetes'' |
|2020.12.31|//Alcide//|![[Kubernetes Threat Vectors: Part 6 - Credentials Access|https://www.alcide.io/kubernetes-threat-vectors-part-6-credentials-access]] (6/11) |Kubernetes Threats|
|2020.12.31|//Illumio//|[[What Is Kubernetes Security?|https://www.illumio.com/cybersecurity-101/kubernetes-security]]|K8s|
|>|>|>|''Docker'' |
|2021.01.02|Jatin Yadav|[[Harden Docker with CIS – (P5) Container Images and Build File Configuration|https://blog.jtnydv.com/harden-docker-with-cis-p5-container-images-and-build-file-configuration/]]|Docker Hardening CIS|
|>|>|>|''Containers'' |
|2020.12.31|//Illumio//|[[5 Steps You Can Take Today To Enhance Your Container Security|https://www.illumio.com/cybersecurity-101/container-security]]|Containers|
|>|>|>|''Serverless'' |
|2020.12.29|//Imperva//|[[The Advantages and Risks of Serverless Computing|https://www.imperva.com/blog/the-advantages-and-risks-of-serverless-computing/]]|Serverless|
|>|>|>|''Outils / Tools'' |
|2020.12.28|Security and Cloud 24/7|[[Cloud Shell alternatives|https://security-24-7.com/cloud-shell-alternatives/]]|Cloud_Shell|
|2021.01.01|Darknet|[[GKE Auditor – Detect Google Kubernetes Engine Misconfigurations|https://www.darknet.org.uk/2021/01/gke-auditor-detect-google-kubernetes-engine-misconfigurations/]]|Tools|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2021.01.03|Cloud Security Podcast|![[How To Become a Cloud Security Architect in 2021? - Sriya Potham|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-BECOME-A-CLOUD-SECURITY-ARCHITECT-in-2021-----Sriya-Potham-eog6ac]]|Podcast|
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.12.31|//Fairwinds//|[[Fairwinds 2021 Predictions: Kubernetes adoption, security breaches and policy enforcement|https://vmblog.com/archive/2020/12/31/fairwinds-2021-predictions-kubernetes-adoption-security-breaches-and-policy-enforcement.aspx]]|K8s Predictions|
|2020.12.31|//Centilytics//|[[Top Cloud Technologies To Watch Out For in 2021|https://blogs.centilytics.com/top-cloud-technologies-to-watch-out-for-in-2021/]]|Misc|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''SASE''|
|2020.12.30|//Checkpoint Software//|[[Scalable remote access with VMSS enhances Azure security, while working from home|https://blog.checkpoint.com/2020/12/30/scalable-remote-access-with-vmss-enhances-azure-security-while-working-from-home/]]|Azure|
|>|>|>|''Chiffrement'' / ''Encryption''|
|2020.12.28|Dark Reading|![[Homomorphic Encryption: The 'Golden Age' of Cryptography|https://www.darkreading.com/edge/theedge/homomorphic-encryption-the-golden-age-of-cryptography/b/d-id/1339748]] |Encryption|
|2021.01.01|CISO Mag|[[Explainers: How Intel's Homomorphic Encryption Can Process Ciphertext|https://cisomag.eccouncil.org/homomorphic-encryption-standard/]]|Homomorphic_Encryption|
|>|>|>|''DNS / BGP / NTP'' |
|2020.12.28|//Akamai//|![[Smart DNS for the New Network Edge: Emerging Requirements for DNS Encryption|https://blogs.akamai.com/2020/12/smart-dns-for-the-new-network-edge-emerging-requirements-for-dns-encryption.html]] |!DNS|
|>|>|>|''Autres / Others''|
|2021.01.03|Amulya Rattan Bhatia|[[IaaS vs. CaaS vs. PaaS vs. FaaS vs. SaaS — What's the difference?|https://amulya-bhatia.medium.com/iaas-vs-caas-vs-paas-vs-faas-vs-saas-whats-the-difference-ee84ecc2d519]]|Definitions|
|2021.01.01|//CloudCheckr//|[[How to Keep Up with Cloud Vendor Updates|https://cloudcheckr.com/cloud-management/how-to-keep-up-with-cloud-vendor-updates/]]|Misc|
|2020.12.29|//Imperva//|[[The Advantages and Risks of Serverless Computing|https://www.imperva.com/blog/the-advantages-and-risks-of-serverless-computing/]]|Risks Serverless|
|2020.12.28|//Barracuda//|[[Zero Trust Security begins and ends with identity|https://blog.barracuda.com/2020/12/28/zero-trust-security-begins-and-ends-with-identity/]]|Zero_Trust|
|2020.12.28|Solutions Review|[[The 16 Best Online Cloud Computing Courses and Training on Udemy|https://solutionsreview.com/cloud-platforms/the-16-best-online-cloud-computing-courses-and-training-on-udemy/]]|Training|
|2020.12.28|Bleeping Computer|[[GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic|https://www.bleepingcomputer.com/news/security/github-hosted-malware-calculates-cobalt-strike-payload-from-imgur-pic/]]|Malware|
|2020.12.29|TechRepublic|[[How companies can use automation to secure cloud data|https://www.techrepublic.com/article/how-companies-can-use-automation-to-secure-cloud-data/]]|Automation|
<<tiddler [[arOund0C]]>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202012>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202012>>
<<tiddler fAll2Tabs10 with: VeilleM","_202012>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - décembre 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202012>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - décembre 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - décembre 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202012'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202012'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - décembre 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202012'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - décembre 2020]]>>
!//Cloud Workload Security: Part 2 - Security Features of AWS//
[>img(150px,auto)[iCSA/KCSBC.jpg]]^^Article publié le 28 décembre 2020 sur le blog de la CSA, et sur le site de Intezer le 10 octobre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/28/cloud-workload-security-part-2-security-features-of-aws/
* Site Intezer ⇒ https://www.intezer.com/blog/cloud-workload-security-part-2-security-features-of-aws/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Workload Security: What You Need to Know - Part 1//
[>img(150px,auto)[iCSA/KCHBH.jpg]]^^Article publié le 21 décembre 2020 sur le blog de la CSA, et sur le site de Intezer le 10 octobre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/21/cloud-workload-security-what-you-need-to-know-part-1/
* Site Intezer ⇒ https://www.intezer.com/blog/cloud-workload-security-what-you-need-to-know-part-1/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//How Does PCI DSS Protect Cardholder Data?//
[>img(150px,auto)[iCSA/KCHBH.jpg]]^^Article publié le 17 décembre 2020 sur le blog de la CSA, et sur le site de TokenEx le 18 septembre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/17/how-does-pci-dss-protect-cardholder-data/
* Site TokenEx ⇒ https://www.tokenex.com/blog/how-does-pci-dss-protect-cardholder-data
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center//
[>img(150px,auto)[iCSA/KCGBM.jpg]]^^Article publié le 16 décembre 2020 sur le blog de la CSA, et sur le site de Intezer le 27 octobre
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/16/migrating-to-the-cloud-compliance-issues-when-transitioning-from-a-traditional-data-center/
* Site Intezer ⇒ https://www.intezer.com/blog/migrating-to-the-cloud-compliance-issues-when-transitioning-from-a-traditional-data-center/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Are Containers More Secure Than VMs?//
[>img(150px,auto)[iCSA/KCBBA.jpg]]^^Article publié le 11 décembre 2020 sur le blog de la CSA, et sur le site de Intezer
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/11/are-containers-more-secure-than-vms/
* Site Intezer ⇒ https://www.intezer.com/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Security Policies | Q&A with TokenEx Industry Experts//
[>img(150px,auto)[iCSA/KCABS.jpg]]^^Article publié le 10 décembre 2020 sur le blog de la CSA, et sur le site de TokenEx
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/10/security-policies-q-a-with-tokenex-industry-experts/
* Site TokenEx ⇒ https://www.tokenex.com/blog/security-policies-q-a-with-tokenex-experts
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Securely Implementing Salesforce as a IdP in a Multi-Org Architecture//
[>img(150px,auto)[iCSA/KC9BS.jpg]]^^Article publié le 9 décembre 2020 sur le blog de la CSA, et sur le site de AppOmni
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/09/securely-implementing-salesforce-as-a-idp-in-a-multi-org-architecture/
* Site AppOmni ⇒ https://appomni.com/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//4 Lessons For Small Ecommerce Stores Trying To Improve Security//
[>img(150px,auto)[iCSA/KC4B4.jpg]]^^Article publié le 4 décembre 2020 sur le blog de la CSA, et sur le site de Ecommerce Platforms
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/04/4-lessons-for-small-ecommerce-stores-trying-to-improve-security/
* Site Ecommerce Platforms ⇒ https://ecommerceplatforms.io/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Network Security 101 Part 3: Azure Service Endpoints vs. Private Endpoints//
[>img(150px,auto)[iCSA/KCABC.jpg]]^^Article publié le 1er décembre 2020 sur le blog de la CSA, et sur le site de Fugue
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/12/01/cloud-network-security-101-part-3-azure-service-endpoints-vs-private-endpoints/
* Site Fugue ⇒ https://fugue.co/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #96|2020.12.27 - Newsletter Hebdomadaire #96]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #96|2020.12.27 - Weekly Newsletter - #96]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.12.27 - Newsletter Hebdomadaire #96]]>> |<<tiddler [[2020.12.27 - Weekly Newsletter - #96]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 21 au 27 décembre 2020
!!1 - Informations CSA - 21 au 27 décembre 2020
* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Blog[img[iCSF/flag_fr.png]]: Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud+++^*[»] <<tiddler [[2020.12.23 - Blog : Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 60 liens|2020.12.27 - Veille Hebdomadaire - 27 décembre]])
* __''À lire''__
** ''Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud''
** ''Articles de Bob Reselman sur l'histoire de la connectivité réseau''
** ''SolarStorm: Publication de nouvelles informations et d'IOCs''
* __Attaques, Incidents, Fuites de données, Pannes__
** Fuites de données : Fuite de données sur le réseau social '21 Buttons'
** Pannes : Google s'explique sur l'origine de la panne de 47 minutes • Panne Apple iCloud
* __Risques, Menaces, Vulnérabilités__
** Menaces : Principales menaces sur Linux dans le Cloud en 2020 (//Intezer//) • Comment éviter le vol de sous-domaine dans Azure
** Vulnérabilités : Protection contre le CVE-2020-8554, une vulnérabilté de l'homme du milieu qui affecte Kubernetes (//Palo Alto Networks//)
* __Cloud Services Providers, Outils__
** AWS : Deploiement de certificats sur plusieurs comptes et régions
** Azure : comprendre les applications Enterprise par défaut dans AzureAD • Microsoft améliore la sécurité d'Azure AD, et de la gestion des identités • Requêtes d'audit dans les journaux Azure Monitor
** GCP : Présentation de GCP avec les bases de la sécurité
** Kubernetes : Kubernetes ne reconduit pas le support Docker, et pourquoi il ne faut pas s'en inquiéter.
** Docker : Du code malveillant dans des référentiels de paquets • Bonnes pratiques pour écrire un Dockerfile • Durcissement Docker
* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Conférences : Retour sur AWS re:Invent 2020
** Podcasts : les bases de la sécurité Cloud Native (SilverLining IL)
* Juridique, Réglementation, Conformité
** Juridique : La propriété intellectuelle à l'heure du Cloud
* __Marché, Acquisitions__
** Marché : qui peut concurrencer AWS sur les prix?
* __Divers__
** de l'importance d'une stratégie cloud • APIs: Pertes de données en 2020 • Documentation des APIs
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KCR/|https://CloudSecurityAlliance.fr/go/KCR/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - December 21th to 27th, 2020
!!1 - CSA News and Updates - December 21th to 27th, 2020
* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Blog[img[iCSF/flag_fr.png]]: ENISA Call for comments on a Draft Certification Scheme for Cloud Services+++^*[»] <<tiddler [[2020.12.23 - Blog : Appel à commentaires de l'ENISA sur un schéma européen de certification Cloud]]>>===
!!2 - Cloud and Security News Watch ([[over 60 links|2020.12.27 - Veille Hebdomadaire - 27 décembre]])
* __''Must read''__
** ''ENISA Call for Comments on the Draft Certification Scheme for Cloud Services''
** ''Bob Reselman's articles on the history of network connectivity''
** ''SolarStorm: Many valuable information and IOCs have been published''
* __Attacks, Incidents, Data Leaks, Outages__
** Leaks: Fashion Social Network '21 Buttons' Exposes User Data
** Outages: Google Explains the Root Cause of the 47 Minutes Global Outage • Apple iCloud outage
* __Risks, Threats, Vulnerabilities__
** Threats: Top Linux Cloud Threats of 2020 (//Intezer//) • How to Avoid Subdomain Takeover in Azure Environments
** Vulnerabilities: Protecting Against CVE-2020-8554, an Unfixed Kubernetes Man-in-the-Middle Vulnerability (//Palo Alto Networks//)
* __Cloud Services Providers, Tools__
** AWS: Deploying public ACM certificates across multiple AWS accounts and Regions
** Azure: Default AzureAD Enterprise Applications explained • Microsoft Ups Security of Azure AD, Identity • Audit queries in Azure Monitor Logs
** GCP: Google Cloud Platform Primer with Security Fundamentals
** Kubernetes: Kubernetes Deprecating Docker Support and Why We Shouldn't Worry That Much
** Docker: Malicious Code Found in Package Repositories • Best Practices for Writing a Dockerfile • Hardening
* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Conferences: Highlights from AWS re:Invent 2020
** Podcasts : Understanding Cloud Native Security Basics (SilverLining IL)
* Legal, Regulatory, Compliance
** Legal: A brief overview of intellectual property issues "in the cloud"
* __Market, Acquisitions__
** Market: Who Can compete with AWS on Price?
* __Miscellaneous__
** APIs: Importance of cloud strategy • API Data Breaches in 2020 • Documenting Your APIs
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KCR/|https://CloudSecurityAlliance.fr/go/KCR/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 21 au 27 décembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2020.12.22|ENISA|![[Cloud Certification Scheme: Building Trusted Cloud Services Across Europe|https://www.enisa.europa.eu/news/enisa-news/cloud-certification-scheme]]|Certification Europe|
|2020.12.24|Lexology| → [[The European Union Agency for Cybersecurity Publishes a Draft Certification Scheme for Cloud Services|https://www.lexology.com/library/detail.aspx?g=399fda52-283b-4e0c-986c-df66e14ab901]]|Certification Europe|
|>|>|>||
|2020.12.24|Bob Reselman|![[Servers move from the server closet to everywhere|https://www.redhat.com/architect/history-server-closet]] (3/4)|History|
|2020.12.23|Bob Reselman|![[The rise of connected PCs|https://www.redhat.com/architect/history-connected-pc]] (2/4)|History|
|2020.12.22|Bob Reselman|![[A brief history of network connectivity: Connected mainframes|https://www.redhat.com/architect/history-connected-mainframes]] (1/4)|History|
|>|>|>||
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks''|
|2020.12.23|//Ermetic//|![[Cloud infrastructure is not immune from the SolarWinds Orion breach|https://ermetic.com/whats-new/blog/cloud-infrastructure-is-not-immune-from-the-solarwinds-orion-breach/]] |SolarStorm|
|>|>|>|''Fuites de données / Leaks'' |
|2020.12.23|vpnMentor|[[Report: Online Fashion App Exposes Financial Records of Top European Influencers|https://www.vpnmentor.com/blog/report-21-buttons-breach/]]|DataLeak|
|2020.12.24|Silicon Angle|[[Fashion social network 21 Buttons exposes user data via unsecured cloud storage|https://siliconangle.com/2020/12/23/fashion-social-network-21-buttons-exposes-user-data-via-unsecured-cloud-storage/]]|Data_Leak|
|>|>|>|''Pannes / Outages'' |
|2020.12.26|Bleeping Computer|[[Apple iCloud outage prevents device activations, access to data|https://www.bleepingcomputer.com/news/apple/apple-icloud-outage-prevents-device-activations-access-to-data/]]|Outage Apple|
|2020.12.23|ZDnet|[[Google: Here's how our huge Gmail and YouTube outage was due to an errant 'zero'|https://www.zdnet.com/article/google-heres-how-our-huge-gmail-and-youtube-outage-was-due-to-an-errant-zero/]]|Outage GCP|
|2020.12.24|CISO Mag.|[[Google Explains the Root Cause of the 47 Minutes Global Outage of its Services|https://cisomag.eccouncil.org/google-explains-the-root-cause-of-the-47-minutes-global-outage-of-its-services/]]|Outage GCP|
|2020.12.24|Silicon Angle|[[Google blames last week's outage on Google User ID Service error|https://siliconangle.com/2020/12/23/google-blames-last-weeks-outage-google-user-id-service-error/]]|Outage GCP|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.22|BetaNews|[[Tighter integration, collaboration and 'cloudjacking' -- cloud predictions for 2021|https://betanews.com/2020/12/22/cloud-predictions-2021/]]|Predictions|
|2020.12.21|The Hacker News|[[Common Security Misconfigurations and Their Consequences|https://thehackernews.com/2020/12/common-security-misconfigurations-and.html]]|Misconfigurations|
|>|>|>|''Menaces / Threats'' |
|2020.12.21|//Intezer//|[[Top Linux Cloud Threats of 2020|https://www.intezer.com/blog/cloud-security/top-linux-cloud-threats-of-2020/]]|Threats Linux|
|2020.12.21|Security Boulevard|[[6 Significant Cloud Security Threats|https://securityboulevard.com/2020/12/6-significant-cloud-security-threats/]]|Threats|
|2020.12.23|CSO Online|[[How to avoid subdomain takeover in Azure environments|https://www.csoonline.com/article/3601007/how-to-avoid-subdomain-takeover-in-azure-environments.html#tk.rss_cloudsecurity]]|Azure Domain_Names|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.12.22|//Palo Alto Networks//|[[Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)|https://unit42.paloaltonetworks.com/cve-2020-8554/]]|CVE-2020-8554 Kubernetes|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.21|//Javelynn//|[[Using the NGINX Plus Key-Value Store to Secure Ephemeral SSL Keys from HashiCorp Vault|https://www.javelynn.com/cloud/using-the-nginx-plus-key-value-store-to-secure-ephemeral-ssl-keys-from-hashicorp-vault/]]|Vault|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.12.23|//Amazon AWS//|[[How to visualize multi-account Amazon Inspector findings with Amazon Elasticsearch Service|https://aws.amazon.com/blogs/security/how-to-visualize-multi-account-amazon-inspector-findings-with-amazon-elasticsearch-service/]]|AWS|
|2020.12.22|Blocks & Files|[[Cloud object storage vendors that compete with Amazon S3|https://blocksandfiles.com/2020/12/22/ten-amazon-s3-challengers-gigaom/]]|Storage AWS|
|2020.12.21|//Amazon AWS//|[[How to deploy public ACM certificates across multiple AWS accounts and Regions using AWS CloudFormation StackSets|https://aws.amazon.com/blogs/security/how-to-deploy-public-acm-certificates-across-multiple-aws-accounts-and-regions-using-aws-cloudformation-stacksets/]]|AWS|
|2020.12.22|//Thundra//|[[Microservices on AWS: An In-Depth Look|https://blog.thundra.io/microservices-on-aws-an-in-depth-look]]|AWS Microservices|
|2020.12.20|//Thundra//|[[Monitoring Microservices on AWS with Thundra: Part I|https://blog.thundra.io/monitoring-microservices-on-aws-with-thundra-part-1]] (1/3)|Products AWS Microservices|
|2020.12.26|//Thundra//|[[Monitoring Microservices on AWS with Thundra: Part II|https://blog.thundra.io/monitoring-microservices-on-aws-with-thundra-part-2]] (2/3)|Products AWS Microservices|
|>|>|>|''Azure (Microsoft)'' |
|2020.12.24|Sebastiaan van Putten|[[Default AzureAD Enterprise Applications explained, where do they come from?|https://www.seb8iaan.com/default-azuread-enterprise-applications-explained-where-do-they-come-from/]]|AzureAD|
|2020.12.23|Bleeping Computer|[[Microsoft 365 admins can now get security incident email alerts|https://www.bleepingcomputer.com/news/security/microsoft-365-admins-can-now-get-security-incident-email-alerts/]]|M365|
|2020.12.22|Dark Reading|[[Microsoft Ups Security of Azure AD, Identity|https://www.darkreading.com/threat-intelligence/microsoft-ups-security-of-azure-ad-identity-/d/d-id/1339793]]|AzureAD IAM|
|2020.12.23|Sami Lamppu|[[Audit queries in Azure Monitor Logs|https://samilamppu.com/2020/12/23/audit-queries-in-azure-monitor-logs/]]|Azure Logging|
|2020.12.22|Sami Lamppu|![[Azure and M365 Defender Security Solutions Data Flows|https://samilamppu.com/2020/12/22/azure-and-m365-defender-security-solutions-data-flows/]]|Azure M365|
|2020.12.23|Daniel Neumann|[[Azure Kubernetes Service – Azure RBAC for Kubernetes authorization|https://www.danielstechblog.io/azure-kubernetes-service-azure-rbac-for-kubernetes-authorization/]]||
|2020.12.22|Thomas Maurer|[[Learn how to deploy and manage Azure resources with ARM templates|https://www.thomasmaurer.ch/2020/12/learn-how-to-deploy-and-manage-azure-resources-with-arm-templates/]]|Azure|
|2020.12.22|//Microsoft//|[[Episode 389: SolarWinds Exposes Government Office 365 Data++|https://www.microsoftcloudshow.com/podcast/Episodes/389-solarwinds-exposes-government-office-365-data/]] ([[mp3|https://media.blubrry.com/microsoftcloudshow/content.blubrry.com/microsoftcloudshow/microsoftcloudshow_e389.mp3]])|Podcast SolarStorm|
|2020.12.24|Frank Simorjay|[[Why is privileged access important?|https://cloudntech.blogspot.com/2020/12/why-is-privileged-access-important.html]]|Privileged_Access|
|2020.12.24|//Cloudcheckr//|[[Azure Expert MSP Verification Audit Checklist|https://cloudcheckr.com/managed-service-provider/azure-expert-managed-services-provider-verification-audit-checklist/]]|Azure Audit|
|>|>|>|''GCP (Google)'' |
|2020.12.22|//Google Cloud//|[[Rethinking business resilience with Google Cloud|https://cloud.google.com/blog/topics/inside-google-cloud/rethinking-business-resilience-with-google-cloud/]]|GCP Resilience|
|2020.12.21|//Google Cloud//|[[Unlocking the mystery of stronger security key management|https://cloud.google.com/blog/products/identity-security/better-encrypt-your-security-keys-in-google-cloud/]]|GCP Key_Management|
|2020.12.21|//Tripwire//|[[A Google Cloud Platform Primer with Security Fundamentals|https://www.tripwire.com/state-of-security/security-data-protection/cloud/google-cloud-platform/]]|GCP|
|>|>|>|''Oracle'' |
|2020.12.23|//Oracle Cloud//|[[The Oracle Identity Cloud Service Christmas Gift|https://blogs.oracle.com/cloudsecurity/the-oracle-identity-cloud-service-christmas-gift]]|Oracle_Cloud IAM|
|2020.12.21|//Oracle Cloud//|[[From gatekeepers to guardrails - How the security team evolves in DevSecOps organizations|https://blogs.oracle.com/cloudsecurity/from-gatekeepers-to-guardrails-security-devsecops]]|DevSecOps|
|2020.12.21|//Cybereason//|[[Cybereason and Oracle Team Up for Security at Scale from the Endpoint to the Cloud|https://www.cybereason.com/blog/cybereason-and-oracle-team-up-for-security-at-scale-from-the-endpoint-to-the-cloud]]|Products Oracle_Cloud|
|>|>|>|''Kubernetes'' |
|2020.12.23|//Sysdig//|[[Detect CVE-2020-8554 using Falco|https://sysdig.com/blog/detect-cve-2020-8554-using-falco/]]|CVE-2020-8554 Kubernetes|
|2020.12.22|BetaNews|[[All about Kubernetes and why you need more|https://betanews.com/2020/12/22/kubernetes-explained/]]|K8s|
|2020.12.22|//Javelynn//|[[Kubernetes Is Deprecating Docker Support and Why We Shouldn't Worry That Much|https://www.javelynn.com/cloud/kubernetes-is-deprecating-docker-support-and-why-we-shouldnt-worry-that-much/]]|K8s Docker|
|>|>|>|''Docker'' |
|2020.12.26|Jatin Yadav|[[Harden Docker with CIS – (P4) Docker Daemon configuration files|https://blog.jtnydv.com/harden-docker-with-cis-p4-docker-daemon-configuration-files/]]|Docker Hardening CIS|
|2020.12.21|//Duo Security//|[[Malicious Code Found in Package Repositories|https://duo.com/decipher/malicious-code-found-in-package-repositories]]|Threats|
|2020.12.24|//Javelynn//|[[Best Practices for Writing a Dockerfile|https://www.javelynn.com/devops/best-practices-for-writing-a-dockerfile/]]|Docker|
|>|>|>|''Containeurs / Containers'' |
|2020.12.23|Netflix|[[Evolving Container Security With Linux User Namespaces|https://netflixtechblog.com/evolving-container-security-with-linux-user-namespaces-afbe3308c082]]|Linux|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Conférences / Conferences'' |
|2020.12.24|//CloudAcademy//|[[Cloud Academy's AWS re:Invent 2020 Recap & Highlights|https://cloudacademy.com/blog/cloud-academys-aws-reinvent-2020-recap-highlights/]]|Conference AWS|
|2020.12.23|VMblog|[[Takeaways from AWS re:Invent 2020|https://vmblog.com/archive/2020/12/23/takeaways-from-aws-re-invent-2020.aspx]]|Conference AWS|
|>|>|>|''Podcasts'' |
|2020.12.23|SilverLining IL|[[Episode 31: Understanding Cloud Native Security Basics|https://silverlining-il.castos.com/episodes/episode-31-understanding-cloud-native-security-basics]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/%D7%A4%D7%95%D7%93%D7%A7%D7%90%D7%A1%D7%98-%D7%91%D7%A0%D7%92-%D7%99-%D7%A4.mp3]])|Podcast|
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|''Juridique / Legal'' |
|2020.12.24|JD Supra Law|[[Cloud computing: A brief overview of intellectual property issues "in the cloud"|https://www.jdsupra.com/legalnews/cloud-computing-a-brief-overview-of-15131/]]|Intellectual_Property|
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.12.24|Le MagIT[>img[iCSF/flag_fr.png]]|[[2020 restera-t-il comme l'an 1 du cloud souverain pour l'Europe ?|https://www.lemagit.fr/actualites/252494106/2020-restera-t-il-comme-lan-1-du-cloud-souverain-pour-lEurope]]|Sovereignty|
|2020.12.22|Techcrunch|[[With a $50B run rate in reach, can anyone stop AWS?|https://techcrunch.com/2020/12/22/with-a-50b-run-rate-in-reach-can-anyone-stop-aws/]]|AWS |
|2020.12.21|Solutions Review|[[Solutions Review: 5 Cloud Managed Services Vendors to Watch in 2021|https://solutionsreview.com/cloud-platforms/solutions-review-5-cloud-managed-services-vendors-to-watch-in-2021/]]|Market|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''APIs'' |
|2020.12.23|//Cloud Vector//|[[API Data Breaches in 2020|https://www.cloudvector.com/api-data-breaches-in-2020/]]|APIs Data_Breaches|
|2020.12.22||[[7 Important Elements to Include When Documenting Your APIs|https://rickscloud.com/7-important-elements-to-include-when-documenting-your-apis/]]|APIs|
|>|>|>|''Autres / Others'' |
|2020.12.24|MSSP Alert|[[IBM Security Launches Next Generation Encryption Technology Services Package|https://www.msspalert.com/cybersecurity-services-and-products/encryption/ibm-security-homomorphic-launch/]]|Encryption Homomorphic|
|2020.12.22|Security & Cloud 24|![[Importance of cloud strategy|https://security-24-7.com/importance-of-cloud-strategy/]] |Strategy|
|2020.12.21|//Illumio//|[[How Federal Agencies Can Create a Zero Trust Pilot Project|https://www.illumio.com/blog/federal-zero-trust]]|Zero_Trust|
|2020.12.27|Bleeping Computer|[[Windows 10 Cloud PC: What is known about Microsoft's new service|https://www.bleepingcomputer.com/news/microsoft/windows-10-cloud-pc-what-is-known-about-microsofts-new-service/]]|CloudPC|
|2020.12.21|//Cloudflare//|[[Configure identity-based policies in Cloudflare Gateway|https://blog.cloudflare.com/configure-identity-based-policies-in-cloudflare-gateway/]]|IAM Filtering|
<<tiddler [[arOund0C]]>>
!Appel à commentaires sur le 'European Cybersecurity Certification Scheme for Cloud Services'"
[<img(150px,auto)[iCSF/EUsurvey.jpg]][>img(300px,auto)[iCSF/KCMAE.png]]L'ENISA a publié le 22 décembre un appel à commentaires.
Il est ouvert jusqu'au 7 février 2021 à 12h (CET).
Il donnera lieu à un webinaire le 11 janvier 2021 de 14h à 16h30.
Il est soutenu par un document de 245 pages dont la table des matière est ci-dessous
<<<
//Cette publication est une version préliminaire du programme candidat EUCS (European Cybersecurity Certification Scheme for Cloud Services), qui porte sur la certification de la cybersécurité des services en nuage.
Conformément à l'article 48.2 de la loi sur la cybersécurité1 (EUCSA), l'ENISA a mis en place un groupe de travail ad hoc (AHWG) pour travailler à la préparation du schéma candidat sur les services en nuage, dans le cadre de la certification européenne en matière de cybersécurité.
Il s'agit d'une version préliminaire qui servira de base à un examen externe. L'objectif de cet examen est de valider les principes et l'organisation générale du système proposé, et de recueillir des commentaires sur la formulation proposée des sections et des annexes.//
<<<
__Communiqué de presse__
<<<
//The scheme aims to further improve the Union's internal market conditions for cloud services by enhancing and streamlining the services' cybersecurity guarantees. The draft EUCS candidate scheme intends to harmonise the security of cloud services with EU regulations, international standards, industry best practices, as well as with existing certifications in EU Member States.
//[...]//
There are challenges to the certification of cloud services, such as a diverse set of market players, complex systems and a constantly evolving landscape of cloud services, as well as the existence of different schemes in Member States. The draft EUCS candidate scheme tackles these challenges by calling for cybersecurity best practices across three levels of assurance and by allowing for a transition from current national schemes in the EU. The draft EUCS candidate scheme is a horizontal and technological scheme that intends to provide cybersecurity assurance throughout the cloud supply chain, and form a sound basis for sectoral schemes.
More specifically, the draft EUCS candidate scheme:
* Is a voluntary scheme;
* The scheme's certificates will be applicable across the EU Member States;
* Is applicable for all kinds of cloud services - from infrastructure to applications;
* Boosts trust in cloud services by defining a reference set of security requirements;
* Covers three assurance levels: 'Basic', 'Substantial' and 'High';
* Proposes a new approach inspired by existing national schemes and international standards;
* Defines a transition path from national schemes in the EU;
* Grants a three-year certification that can be renewed;
* Includes transparency requirements such as the location of data processing and storage.
//[...]//
During the period of the public consultation, a review by the +++^*[European Cybersecurity Certification Group] https://ec.europa.eu/digital-single-market/en/european-cybersecurity-certification-group === (ECCG) and the +++^*[Stakeholder Cybersecurity Certification Group] https://ec.europa.eu/digital-single-market/en/stakeholder-cybersecurity-certification-group === (SCCG) will also be undertaken. Following the consultation, the EUCS candidate scheme will be updated and submitted to the ECCG for its opinion.
//
<<<
__Table des matières__[>img(150px,auto)[iCSF/KCMPE.png]]
{{ss2col{
<<<
//1. A Scheme for Cloud Services
2. Subject Matter and Scope
3. Purpose of The Scheme
4. Use of Standards
5. Assurance Levels
6. Self-Assessment
7. Specific Requirements Applicable To A Cab
8. Evaluation Methods and Criteria
9. Necessary Information for Certification
10. Marks and Labels
11. Compliance Monitoring
12. Certificate Management
13. Non-Compliance
14. New Vulnerabilities
15. Record Retention
16. Related Schemes
17. Certificate Format
18. Availability of Information
19. Certificate Validity
20. Disclosure Policy
21. Mutual Recognition
22. Peer Assessment
23. Supplementary Information
24. Additional Topics
25. Further Recommendations
26. References
Annex A: Security Objectives and Requirements for Cloud Services
Annex B: Meta-Approach for The Assessment of Cloud Services
Annex C: Assessment for Levels Substantial and High
Annex D: Assessment for Level Basic
Annex E: Competence Requirements for Cabs
Annex F: Scheme Document Content Requirements
Annex G: Certification Lifecycle and Continued Assurance
Annex H: Peer Assessment
Annex I: Terminology//
<<<
}}}
__Webinaire__
[>img(300px,auto)[iCSF/L1BWE.png]]Le 11 janvier 2021, l'Agence européenne pour la cybersécurité organisera un webinaire de présentation du projet de système candidat de l'EUCS. Eric Vétillard, expert principal en certification de l'ENISA, présentera le projet actuel et animera une session de questions-réponses avec les participants.
L'ordre du jour sera le suivant :
* 14h00 à 15h15 : Présentation du document de travail par Eric Vétillard, //Lead Certification Expert// à l'ENISA
* 15h15 à 15h30 : Pause
* 15h30 à 16h30 : Session de questions / Réponses
__Liens sur le site de l'ENISA :__
* Le [[communiqué de presse|https://www.enisa.europa.eu/news/enisa-news/cloud-certification-scheme]] ENISA
* L'[[annonce|https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme/]] de la consultation ENISA
* Le document '[[EUCS - Cloud Sevices Scheme|https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme/at_download/fullReport]]' de l'ENISA au format 'PDF'
* L'[[appel à commentaires|https://ec.europa.eu/eusurvey/runner/Public_Consultation_EUCS]] de l'ENISA en ligne
* Inscription au [[webinaire|https://www.enisa.europa.eu/events/webinar-certification-of-cloud-services-in-europe]] de l'ENISA du 11 janvier 2021
* Liste des participants au groupe de travail [[ad-hoc Working Group 02 - Cloud Services|https://www.enisa.europa.eu/topics/standards/adhoc_wg_calls/ahWG02/ahwg02_members]] de l'ENISA
En complément
* L'annonce ENISA '[[Cybersecurity Certification: EUCC Candidate Scheme|https://www.enisa.europa.eu/publications/cybersecurity-certification-eucc-candidate-scheme]]' du 2 juillet 2020
* Le document ENISA '[[Cybersecurity Certification: EUCC Candidate Scheme|https://www.enisa.europa.eu/publications/cybersecurity-certification-eucc-candidate-scheme/at_download/fullReport]]' au format 'pdf' du 2 juillet 2020
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #95|2020.12.20 - Newsletter Hebdomadaire #95]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #95|2020.12.20 - Weekly Newsletter - #95]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.12.20 - Newsletter Hebdomadaire #95]]>> |<<tiddler [[2020.12.20 - Weekly Newsletter - #95]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 14 au 20 décembre 2020
!!1 - Informations CSA - 14 au 20 décembre 2020
* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Blog : 'Using CSA STAR to Improve Cloud Governance and Compliance'
* Publications 'Enterprise Architecture' : 'Shared Responsibility Model' et 'CCM v3.0.1 Mapping'
* Blog : 'SolarWinds - How Cybersecurity Teams Should Respond'
* Blog : 'CCSK Success Stories: From the Managing Director of a Consulting Firm'
!!2 - Veille Web Cloud et Sécurité ([[plus de 80 liens|2020.12.20 - Veille Hebdomadaire - 20 décembre]])
* __''À lire''__
** Avis de la NSA "Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources" • Avis et blogs sur l'incident SolarWinds/SolarStorm • 'Risk Analysis of Kubernetes Clusters'
** ''SolarStorm: Publication de nouvelles informations et d'IOCs''
* __Attaques, Incidents, Fuites de données, Pannes__
** Attaques : Comptes Office 365 visés par de nouvelles attaques
** Pannes : Google Cloud doublement affecté le 15 décembre
* __Risques, Menaces, Vulnérabilités__
** Risques : Fournisseurs SaaS • Fausses idées sur le Cloud Native Computing
** Menaces : Détournement de sous-domaines
** Vulnérabilités : //Man-in-the-middle// CVE-2020-8554 pour Kubernetes • ContainerDrip
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Images durcies CIS pour éviter les erreurs de configuration • Journaux DNS dans le Cloud public • Gestion des secrets Kubernetes
* __Rapports, Sondages, Études, Publications__
** Publications : Commentaires NCSC-NL sur GAIA-X
* __Cloud Services Providers, Outils__
** AWS : CloudShell AWS • Certification CSA STAR Level 2 pour de nombreux services AWS • Nouveautés AWS CloudTrail
** Azure : Annonces AzureAD lors d'Ignite 2020 • Protection de Microsoft 365 contre des attaques internes • Supervision des habilitations dans les services Cloud Microsoft
** GCP : Exemples d'authentication
** Oracle : Protection des données et sécurité en environnement SaaS
** Kubernetes : Guide de préparation à la certification CKS • Vecteurs de menaces : techniques d'évasion
** Docker : Durcissement avec les outils du CIS
** Outils : Go365, un outil d'attaque des utilisateurs Office365
* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Veilles : TL;DR Security #64 • The Cloud Security Reading List #68
* __Divers__
** Chiffrement homomorphique • Résilience du Cloud • Sondage IaC pour identifier des problèmes de sécurité
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KCK/|https://CloudSecurityAlliance.fr/go/KCK/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - December 14th to 20th, 2020
!!1 - CSA News and Updates - December 14th to 20th, 2020
* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Blog: 'Using CSA STAR to Improve Cloud Governance and Compliance'
* Publications 'Enterprise Architecture': 'Shared Responsibility Model' and 'CCM v3.0.1 Mapping'
* Blog: 'SolarWinds - How Cybersecurity Teams Should Respond'
* Blog: 'CCSK Success Stories: From the Managing Director of a Consulting Firm'
!!2 - Cloud and Security News Watch ([[over 80 links|2020.12.20 - Veille Hebdomadaire - 20 décembre]])
* __''Must read''__
** NSA Advisory on "Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources" • Advisories and Blog Posts on the SolarWinds/SolarStorm incident • 'Risk Analysis of Kubernetes Clusters'
** ''SolarStorm: Many valuable information and IOCs have been published''
* __Attacks, Incidents, Data Leaks, Outages__
** Attacks: Office 365 Credentials Under Attack By Fax 'Alert' Emails
** Outages: Google Cloud affected by 2 outages on December 15th
* __Risks, Threats, Vulnerabilities__
** Risks: SaaS Providers • Misconceptions of Cloud Native Computing
** Threats: Subdomain Takeovers
** Vulnerabilities: CVE-2020-8554 Kubernetes MiTM Vulnerability • ContainerDrip
* __Best Practices, and Detection__
** Best Practices: Avoiding Cloud Misconfigurations with CIS Hardened Images • DNS Logs in Public Clouds • Kubernetes Secrets Management
* __Reports, Surveys, Studies, Publications__
** Publications: NCSC-NL Comments on GAIA-X
* __Cloud Services Providers, Tools__
** AWS: AWS CloudShell • Many AWS services achieve CSA STAR Level 2 certification • AWS CloudTrail Update
** Azure: Updates on AzureAD at Ignite 2020 • Protecting Microsoft 365 from on-premises attacks • Identity Security Monitoring in Microsoft Cloud Services
** GCP: Authentication by Example
** Oracle: Data Privacy and Security for SaaS Environments
** Kubernetes: CKS Certification Study Guides • Threat Vectors: Defense Evasion
** Docker: Hardening Docker with CIS
** Tools: Go365, an Office365 User Attack Tool
* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Newsletters: TL;DR Security #64 • The Cloud Security Reading List #68
* __Miscellaneous__
** Homomorphic Encryption • Cloud Resilience • Scanning IaC for Security Issues
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KCK/|https://CloudSecurityAlliance.fr/go/KCK/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 14 au 20 décembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2020.12.17|NSA|![[NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources|https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2451159/nsa-cybersecurity-advisory-malicious-actors-abuse-authentication-mechanisms-to/About-Us/EEO-Diversity/Employee-Resource-Groups/]] ([[infographie|https://media.defense.gov/2020/Dec/18/2002554364/-1/-1/0/201218-D-IM742-1001.JPG]]) |Advisory NSA|
|2020.12.17|NSA| → [[Detecting Abuse of Authentication Mechanisms|https://media.defense.gov/2020/Dec/17/2002554125/-1/-1/0/AUTHENTICATION_MECHANISMS_CSA_U_OO_198854_20.PDF]]|Advisory NSA|
|2020.12.18|Bleeping Computer| → [[NSA warns of hackers forging cloud authentication information|https://www.bleepingcomputer.com/news/security/nsa-warns-of-hackers-forging-cloud-authentication-information/]] ([[infographie|https://www.bleepstatic.com/images/news/u/1100723/2020%20Misc/NSA-auth_TTP.jpg]])|Advisory NSA|
|2020.12.18|Silicon Angle| → [[National Security Agency warns hackers are forging cloud authentication information|https://siliconangle.com/2020/12/21/national-security-agency-warns-hackers-forging-cloud-authentication-information/]]|Advisory NSA|
|>|>|>|!|
|2020.12.16|//Microsoft//|![[SolarWinds Post-Compromise Hunting with Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/solarwinds-post-compromise-hunting-with-azure-sentinel/ba-p/1995095]] |Solorigate Sunburst|
|>|>|>|!|
|2020.12.16|Clint Gibler & Mark Manning|![[Risk8s Business: Risk Analysis of Kubernetes Clusters|https://tldrsec.com/guides/kubernetes/]] |K8s Risk_Analysis|
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2020.12.17|//Mirosoft//|[[A moment of reckoning: the need for a strong and global cybersecurity response|https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/]]|CyberAttacks|
|2020.12.15|Security Week|[[SolarWinds Removes Customer List From Site as It Releases Second Hotfix|https://www.securityweek.com/solarwinds-removes-customer-list-site-it-releases-second-hotfix]]|Attack Sunburst|
|2020.12.14|//Threatpost//|[[Microsoft Office 365 Credentials Under Attack By Fax 'Alert' Emails|https://threatpost.com/microsoft-office-365-credentials-attack-fax/162232/]]|Attack O365|
|>|>|>|''Incidents'' |
|>|>|>|''Fuites de données / Leaks'' |
|2020.12.15|The Register|[[Unsecured Azure blob exposed 500,000+ highly confidential docs from UK firm's CRM customers|https://www.theregister.com/2020/12/18/probase_unsecured_azure_blob/]]|Data_Leak|
|>|>|>|''Pannes / Outages'' |
|2020.12.19|Bleeping Computer|![[Google explains the cause of the recent YouTube, Gmail outage|https://www.bleepingcomputer.com/news/google/google-explains-the-cause-of-the-recent-youtube-gmail-outage/]] |Outage GCP|
|2020.12.15|Bleeping Computer|[[Gmail hit by a second outage within a single day|https://www.bleepingcomputer.com/news/google/gmail-hit-by-a-second-outage-within-a-single-day/]]|Outage GCP|
|2020.12.14|Bleeping Computer|[[Google outage affecting YouTube, Gmail and more|https://www.bleepingcomputer.com/news/google/google-outage-affecting-youtube-gmail-and-more/]]|Outage GCP|
|2020.12.14|HuffPost[>img[iCSF/flag_fr.png]]| → [[Panne générale chez Google: voici les inconvénients d'une maison connectée|https://www.huffingtonpost.fr/entry/panne-generale-chez-google-voici-les-inconvenients-dune-maison-connectee_fr_5fd7744dc5b62f31c1fefe40]]|Outage GCP|
|2020.12.14|CRN| → [[Google Outage Shows Public Cloud Computing Is 'Not Invincible'|https://www.crn.com/news/cloud/google-outage-shows-public-cloud-computing-is-not-invincible-]]|Outage GCP|
|2020.12.14|The Register|[[Google Mail outage: Did you see that error message last night? Why the 'account does not exist' response is a worry|https://www.theregister.com/2020/12/16/google_mail_outage_responds_with/]]|Outage GCP|
|2020.12.15|ZDnet| → [[Google: Here's what caused our big global outage|https://www.zdnet.com/article/google-heres-what-caused-our-big-global-outage/]]|Outage GCP|
|2020.12.16|The Register|[[Google told BGP to forget its Euro-cloud – after first writing bad access control lists|https://go.theregister.com/feed/www.theregister.com/2020/12/16/google_europe_outage/]]|Outage GCP|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.15|//UpGuard//|[[What is Ransomware as a Service (RaaS)? The dangerous threat to world security|https://www.upguard.com/blog/what-is-ransomware-as-a-service]]|Ransomware|
|2020.12.15|//PivotPoint Security//|[[Security "Gotchas" in SaaS Production Applications|https://www.pivotpointsecurity.com/blog/security-gotchas-in-saas-production-applications/]]|SaaS|
|2020.12.14|Security Boulevard|[[Risks You Need to Consider When Using SaaS Providers|https://securityboulevard.com/2020/12/risks-you-need-to-consider-when-using-saas-providers/]]|SaaS|
|2020.12.14|Forbes|[[The Top Six Misconceptions of Cloud Native Computing|https://www.forbes.com/sites/forbestechcouncil/2020/12/14/the-top-six-misconceptions-of-cloud-native-computing/]]|Cloud_Native|
|>|>|>|''Menaces / Threats'' |
|2020.12.15|Patrik Hudak|[[Subdomain Takeover: Going for High Impact|https://0xpatrik.com/subdomain-takeover-impact/]]|!DNS Compromise|
|2020.12.14|Help Net security|[[Remote and cloud-based systems to be ruthlessly targeted next year|https://www.helpnetsecurity.com/2020/12/14/cloud-based-systems-targeted/]]|Report|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.12.18|Container Journal|[[Kubernetes MiTM Vulnerability Underscores Need for Virtual Patching|https://containerjournal.com/topics/container-security/kubernetes-mitm-vulnerability-underscores-need-for-virtual-patching/]]|CVE-2020-8554 Kubernetes|
|2020.12.15|//Praetorian//|[[Google Cloud Platform (GCP) Service Account-based Privilege Escalation paths|https://www.praetorian.com/blog/google-cloud-platform-gcp-service-account-based-privilege-escalation-paths]]|GCP|
|2020.12.15|DZone|[[ContainerDrip, Another Example of Why HTTP Basic Authentication Is Flawed|https://dzone.com/articles/containerdrip-another-example-of-why-http-basic-au]]|Vulnerability CVE-2020-15157|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.18|Center for Internet Security|[[Avoid Cloud Misconfigurations with CIS Hardened Images|https://www.cisecurity.org/blog/avoid-cloud-misconfigurations-with-cis-hardened-images/]]|Misconfigurations|
|2020.12.16|SANS|[[DNS Logs in Public Clouds|https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/]]|!DNS Logging|
|2020.12.15|GitHub|[[Keeping your GitHub Actions and workflows secure: Preventing pwn requests|https://securitylab.github.com/research/github-actions-preventing-pwn-requests]]|GitHub|
|2020.12.17|//Conjur//|[[Kubernetes Security: Best Practices for Kubernetes Secrets Management|https://www.conjur.org/blog/kubernetes-security-best-practices-for-kubernetes-secrets-management/]]|Kubenetes Secrets_Management|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Publications'' |
|2020.12.18|NCSC-NL|[[6 questions et réponses sur le rôle et l'importance de GAIA-X dans la fourniture de services en nuage|https://www.ncsc.nl/actueel/weblog/weblog/2020/gaia-x]] (en néerlandais)|GAIA-X|
|2020.12.15|NIST|![[NIST Releases Draft Guidance on Internet of Things Device Cybersecurity|https://www.nist.gov/news-events/news/2020/12/nist-releases-draft-guidance-internet-things-device-cybersecurity]] (drafts : [[SP 800-213|https://csrc.nist.gov/publications/detail/sp/800-213/draft]], [[IR 8259b|https://csrc.nist.gov/publications/detail/nistir/8259b/draft]], [[IR 8259c|https://csrc.nist.gov/publications/detail/nistir/8259c/draft]], [[IR 8259d|https://csrc.nist.gov/publications/detail/nistir/8259d/draft]]) |NIST IoT|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.12.15|//Amazon AWS//|[[AWS CloudShell - Command-Line Access to AWS Resources|https://aws.amazon.com/blogs/aws/aws-cloudshell-command-line-access-to-aws-resources/]]|AWS_Cloud_Shell|
|2020.12.17|The Register| → [[AWS catches up to Azure and GCP with CloudShell, adds deliberate injection of chaos|https://go.theregister.com/feed/www.theregister.com/2020/12/16/aws_gets_a_cloudshell_and/]]|AWS CloudShell|
|2020.12.15|//Amazon AWS//|![[138 AWS services achieve CSA STAR Level 2 certification|https://aws.amazon.com/blogs/security/138-aws-services-achieve-csa-star-level-2-certification/]] |AWS STAR|
|2020.12.15|//Amazon AWS//|[[Introducing AWS Systems Manager Change Manager|https://aws.amazon.com/blogs/aws/introducing-systems-manager-change-manager/]]|AWS|
|2020.12.17|//Amazon AWS//|[[AWS CloudTrail Update – Turn on in All Regions & Use Multiple Trails|https://aws.amazon.com/blogs/aws/aws-cloudtrail-update-turn-on-in-all-regions-use-multiple-trails/]]|AWS_CloudTrail|
|2020.12.17|//Cloud Academy//|![[Where Should You Be Focusing Your AWS Security Efforts?|https://cloudacademy.com/blog/where-should-you-be-focusing-your-aws-security-efforts/]] |AWS|
|2020.12.14|AJ Yawn|[[Initial Reaction to AWS Audit Manager|https://www.linkedin.com/pulse/initial-reaction-aws-audit-manager-aj-yawn/]]|AWS Audit_Manager|
|>|>|>|''Azure (Microsoft)'' |
|2020.12.20|Sebastiaan van Putten|[[The difference between AzureAD App Registrations and Enterprise Applications explained|https://www.seb8iaan.com/the-difference-between-azuread-app-registrations-and-enterprise-applications-explained/]]|AzureAD|
|2020.12.19|//Microsoft Azure//|[[What's new in Azure Active Directory at Microsoft Ignite 2020|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/what-s-new-in-azure-active-directory-at-microsoft-ignite-2020/ba-p/1257373]]|AzureAD|
|2020.12.19|//Microsoft Azure//|[[Protecting Microsoft 365 from on-premises attacks|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754]]|M365 Protection|
|2020.12.18|//Microsoft Azure//|[[99.99% uptime for Azure Active Directory|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/99-99-uptime-for-azure-active-directory/ba-p/1999628]]|AzureAD Reliability|
|2020.12.18|//Microsoft Azure//|![[Protecting Microsoft 365 from on-premises attacks|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754]] |M365 Protection|
|2020.12.16|//Microsoft Azure//|[[Microsoft Cloud App Security (MCAS) Activity Log in Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/microsoft-cloud-app-security-mcas-activity-log-in-azure-sentinel/ba-p/1849806]]|Azure_Sentinel|
|2020.12.16|Thomas Naunheim|[[Identity Security Monitoring in Microsoft Cloud Services|https://www.cloud-architekt.net/identity-security-monitoring/]]|Azure Monitoring IAM|
|2020.12.16|//Coalfire//|[[Blueprints scopes and assignments|https://www.coalfire.com/the-coalfire-blog/december-2020/blueprints-scopes-and-assignments]] (3/4)|Azure Policies|
|2020.12.14|//Coalfire//|[[Azure Policies|https://www.coalfire.com/the-coalfire-blog/december-2020/azure-policies]] (2/4)|Azure Policies|
|>|>|>|''GCP (Google)'' |
|2020.12.14|//CodeBurst//|[[Google Cloud Authentication by Example|https://codeburst.io/google-cloud-authentication-by-example-1481b02292e4]]|GCP Authentication|
|>|>|>|''Oracle'' |
|2020.12.17|//Oracle Cloud//|[[Data Privacy and Security: A Symbiotic Relationship for SaaS Environments|https://blogs.oracle.com/cloudsecurity/data-privacy-and-security-a-symbiotic-relationship-for-saas-environments]]|SaaS Privacy|
|2020.12.14|//Oracle Cloud//|[[Improve your governance in Oracle Cloud Infrastructure|https://blogs.oracle.com/cloudsecurity/improve-your-governance-in-oracle-cloud-infrastructure]]|Governance|
|>|>|>|''Alibaba Cloud'' |
|2020.12.18|//Praetorian//|[[Alibaba Cloud Cross Account Trust: The Confused Deputy Problem|https://www.praetorian.com/blog/alibaba-cloud-cross-account-trust-the-confused-deputy-problem]] (2/2)|Alibaba|
|>|>|>|''Kubernetes'' |
|2020.12.17|//Stackrox//|[[CKS Certification Study Guide: System Hardening in Kubernetes|https://www.stackrox.com/post/2020/12/cks-certification-study-guide-system-hardening/]]|Hardening|
|2020.12.17|//Stackrox//|[[CKS Certification Study Guide: Cluster Hardening|https://www.stackrox.com/post/2020/12/cks-certification-study-guide-cluster-hardening/]]|Hardening|
|2020.12.17|//Stackrox//|[['Screaming in the Cloud' - Eliminating Security Risks in Kubernetes|https://www.stackrox.com/post/2020/12/screaming-in-the-cloud-eliminating-security-risks-in-kubernetes/]]|K8s Risks|
|2020.12.17|//Alcide//|![[Kubernetes Threat Vectors - Part 5: Defense Evasion|https://blog.alcide.io/ubernetes-threat-vectors-part-5-defense-evasion]] (5/11) |Kubernetes Threats|
|2020.12.17|//Javelynn//|[[How to implement a custom Kubernetes validation admission controller?|https://www.javelynn.com/cloud/how-to-implement-a-custom-kubernetes-validation-admission-controller/]]|Kubenetes|
|>|>|>|''Docker'' |
|2020.12.19|Jatin Yadav|[[Harden Docker with CIS – (P3) Docker daemon configuration – Part 2|https://blog.jtnydv.com/harden-docker-with-cis-p3-docker-daemon-configuration-part-2/]]|Docker Hardening CIS|
|2020.12.14|Jatin Yadav|[[Harden Docker with CIS – (P3) Docker daemon configuration – Part 1|https://blog.jtnydv.com/harden-docker-with-cis-p3-docker-daemon-configuration-part-1/]]|Docker Hardening CIS|
|2020.12.15|//Logrhythm//|[[How to Mitigate Docker Container Security Risk|https://logrhythm.com/blog/how-to-mitigate-docker-security-risk/]]|Docker Risks|
|2020.12.19|Rory McCune //NCC Group//|[[Exploring Rootless Docker|https://raesene.github.io/blog/2020/12/19/rootless_docker/]]|Docker|
|>|>|>|''Outils / Tools'' |
|2020.12.18|//Optiv//|[[Go365 - An Office365 User Attack Tool|https://www.kitploit.com/2020/12/go365-office365-user-attack-tool.html]] ([[GitHub|https://github.com/optiv/Go365]])|
|2020.12.16|//Catchpoint//|[[How to set up an integration with Slack|https://blog.catchpoint.com/2020/12/16/how-to-set-up-an-integration-with-slack/]] ([[vidéo|https://www.youtube.com/watch?v=-FDgoTwszL8]])|Slack Notification|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2020.12.20|Cloud Security Podcast|![[Starting A Successful Cybersecurity Podcast In 2021|https://anchor.fm/cloudsecuritypodcast/episodes/STARTING-A-SUCCESSFUL-CYBERSECURITY-PODCAST-IN-2021-eo1dpd]]|Podcast|
|2020.12.20|//ThousandEyes//|[[Ep. 31: About Monday's Google Outage; Plus, Talking Holiday Internet Traffic Trends with Fastly|https://blog.thousandeyes.com/internet-report-episode-31/]]|Podcast|
|2020.12.17|Screaming in the Cloud|[[Eliminating Security Risks in Kubernetes with Chris Porter|https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/eliminating-security-risks-in-kubernetes-with-chris-porter/]] ([[mp3|https://dts.podtrac.com/redirect.mp3/media.transistor.fm/9a2a62b4/5db02333.mp3]])|Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2020.12.20|Marco Lancini|[[The Cloud Security Reading List #68|https://cloudseclist.com/issues/issue-68/]] |Weekly_Newsletter|
|2020.12.16|TL;DR Security|[[#64 - Kubernetes Guide, XSS for PDFs, SolarWinds FTL|https://tldrsec.com/blog/tldr-sec-064/]] |Weekly_Newsletter|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''Chiffrement'' / ''Encryption''|
|2020.12.17|//SecurityIntelligence//|[[Fully Homomorphic Encryption: Unlocking the Value of Sensitive Data While Preserving Privacy|https://securityintelligence.com/posts/fully-homomorphic-encryption-next-step-data-privacy/]]|Encryption|
|>|>|>|''Resilience'' |
|2020.12.14|//CompareTheCloud//|[[How cloud resilience has been challenged and why security strategy needs a rethink|https://www.comparethecloud.net/articles/security/migrating-business-applications-to-the-cloud-has-saved-2020-for-many-businesses/]]|Resilience|
|2020.12.14|MSSP Alert|[[Building Resilience in 2021|https://www.msspalert.com/cybersecurity-guests/building-resilience-in-2021/]]|Resilience|
|>|>|>|''SASE'' |
|2020.12.18|//Netskope//|[[Helpful Answers to Your SASE-est Questions|https://www.netskope.com/blog/helpful-answers-to-your-sase-est-questions]]|SASE|
|>|>|>|''Zero Trust'' |
|2020.12.17|//Illumio//|[[Take Me to Your Domain Controller: How Attackers Move Laterally Through Your Environment|https://www.illumio.com/blog/domain-controller-2]] (2/3)|Zero_Trust|
|>|>|>|''Autres / Others'' |
|2020.12.14|CSO Online|[[Building stronger multicloud security: 3 key elements|https://www.csoonline.com/article/3584735/building-stronger-multicloud-security-3-key-elements.html]]|Multi_Cloud|
|2020.12.20|Christophe Tafani-Dereeper|[[Shifting Cloud Security Left — Scanning Infrastructure as Code for Security Issues|https://blog.christophetd.fr/shifting-cloud-security-left-scanning-infrastructure-as-code-for-security-issues/]]|Scanning Terraform|
|2020.12.19|Bank Info Security|[[IAM in a Multi/Hybrid Cloud Environment - Can We Do it Better This Time?|https://www.bankinfosecurity.com/webinars/iam-in-multihybrid-cloud-environment-we-do-better-this-time-w-2852]]|IAM Multi_Cloud|
|2020.12.19|//Zscaler//|[[Seven Reasons Why Your Cloud Security is a Mess|https://www.zscaler.com/blogs/product-insights/seven-reasons-why-your-cloud-security-mess]]|Misc|
|2020.12.18|//Palantir//|[[Palantir and GAIA-X|https://medium.com/palantir/palantir-and-gaia-x-85ab9845144d]]|GAIA-X|
|2020.12.18|//Threatpost//|[[Cloud is King: 9 Software Security Trends to Watch in 2021|https://threatpost.com/cloud-king-software-security-trends-2021/162442/]]|Trends|
|2020.12.17|//PivotPoint Security//|[[Why "Tone at the Top" is So Critical for SaaS Security|https://www.pivotpointsecurity.com/blog/why-tone-at-the-top-is-so-critical-for-saas-security/]]|SaaS|
|2020.12.14|Help Net security|[[How to make DevSecOps stick with developers|https://www.helpnetsecurity.com/2020/12/14/how-devsecops-developers/]]|DevSecOps|
<<tiddler [[arOund0C]]>>
!"//Enterprise Architecture Shared Responsibility Model// et //Enterprise Architecture to CCM v3.0.1 Mapping//
[>img(200px,auto)[iCSA/CCM.png]]Publications du 18 décembre 2020.
<<<
//The Enterprise Architecture working group's Enterprise Reference Architecture (ERA) is both a methodology and a set of tools enabling security architects, enterprise architects and GRC professionals to leverage a common set of solutions that fulfill their common needs. The expectation is the ERA will assist in assessments where their internal IT and their cloud providers are in terms of security capabilities and roadmap planning to meet the security needs of their business. The ERA provides a security viewpoint on a typical Enterprise Architecture, thus taking a domain-based approach covering Business Operations, IT Operations, Security and Risk Management as well as the classic layered architecture of Presentation, Application, Information, and Infrastructure domains.
The mapping of CCM controls per the Shared Responsibility Model according to the following service levels - IaaS, PaaS, SaaS. It is intended to give the reader an overview of cloud responsibility with the specific control domain from the view of either the cloud service provider and/or the cloud consumer. 0 (zero) signifies no responsibility, whereas the placement of a 1 (one) signifies the given responsibility. From here, the reader can map that control domain back to the CCM control for further guidance and architecture.//
<<<
!!!Liens
* Annonce ''EA-CCM Shared Responsibility Model'' et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/enterprise-architecture-ccm-shared-responsibility-model/
* Document ''EA-CCM Shared Responsibility Model'' (XLSX) ⇒ https://cloudsecurityalliance.org/download/artifacts/enterprise-architecture-ccm-shared-responsibility-model/
* Annonce ''EA-CCM Mapping'' et téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/enterprise-architecture-ccm-v301-mapping/
* Document ''EA-CCM Mapping'' (XLSX) ⇒ https://cloudsecurityalliance.org/download/artifacts/enterprise-architecture-ccm-v301-mapping/
!"//CCSK Success Stories: From the Managing Director of a Consulting Firm//"
[>img(150px,auto)[iCSA/KCJBU.png]]Article de blog publié le 19 décembre 2020 -- rédigé par John DiMaria, //Assurance Investigatory Fellow//, Cloud Security Alliance
<<<
The more complex systems become, the less secure they are, even though security technologies improve. There are many reasons for this, but it can all be traced back to the problem of complexity. Why? Because we give a lot of attention to technology, and we have increased silos of a plethora of regulations and standards. Therefore, we become fragmented and too complexed.
In this blog, I'll be discussing ways to address this problem by leveraging frameworks and systems that map to multiple certifications and industry standards. In particular, I'll be discussing how the CSA STAR program fits in with other certification schemes and how you can leverage it to help reduce complexity.
> "The adversary works in the world of the stack, and that complexity is where they thrive".
> Ron Ross, Senior Scientist and Fellow at NIST
!!!Indicators of Complex Systems
Complexed systems create more security risk because they:
* Have more independent processes, interfaces and interactions.
* Have more interfaces and interactions and create more security risks.
* Are harder to monitor and have visibility into, which creates untested, and unaudited portions.
* Are harder to develop and implement securely.
* Are harder for employees and stakeholders to understand and be trained in.
Cloud service providers are forced to comply with a plethora of standards, frameworks and regulations. This causes complexity and compliance fatigue, along with increased risk and resource allocation issues. Many of the controls across these platforms are similar and cross over, but because they are individual requirements, many organizations manage them in silos. This causes confusion as interpretation issues become a huge debate.
!!!Business benefits of integrating your security systems
An integrated security system helps alleviate some of the challenges listed above by enabling organizations to align their processes and procedures into one complete framework that can help to deliver their objectives effectively and efficiently.
The system integrates all components of a governance, risk and compliance program into one coherent system linking boundaries between processes and creating seamless connections between its requirements and internal controls.
By using a single system for the ongoing management of risks and compliance, greater visibility into regulatory, legal, and information security obligations can be achieved., It also makes it easier to identify overlapping requirements which enables controls to be better designed and implemented. Ultimately this all results in better assurance being provided to the organization.
CSA best practices play an important guidance role in the creation of such a system and supports setting the objectives, monitoring the performance and ensuring metrics are aligning your operations to top management strategic thinking.
!!!Why integrated security systems?
* Improve consistency within the organization [>img(400px,auto)[iCSA/KCJB1.png]]
* Avoid duplication and gain cost savings
* Clarify allocation of responsibility
* Focus the organization onto business goals
* Absorb informal systems into formal systems
* Optimize staff training and development
!!!Using CSA STAR to integrate your security systems
[>img(auto,300px)[iCSA/KCJB2.png]][>img(auto,200px)[iCSA/KCJB3.png]]Since it maps to multiple standards and regulations, the CSA STAR Program can be leveraged as an organization's integrated security system.
The STAR Program is based on three pillars that allow this integration:
* Technical standard and best practices
* A Certification framework
* A public repository and database
Each of the STAR pillars offer organizations tools to establish and maintain an effective and efficient cloud security and privacy governance and compliance posture.
The STAR Program is facilitated by the Cloud Control Matrix (CCM). The CCM has 16 domains and 133 controls (Figure 2). These cover a range of areas from the application, data center, and mobile security through to security incident, supply chain and threat management. These domains are then backed by 133 individual controls within the CCM that are mapped to over 40 different frameworks and regulatory requirements.
[img(600px,auto)[iCSA/KCJB4.png]]
With the CCM mapping to multiple standards and regulations, it will support meeting the strategic direction of the organization by supporting and weaving all the main functions together as one fabric that covers the business. Not only increasing security but making the business more resilient as well.
!!!How STAR can facilitate an integrated security system in your organization
Below is an illustration of how common requirements of multiple systems standards/specifications can be integrated into one common system.
[img(600px,auto)[iCSA/KCJB5.png]]
By using the ISO approach shown above of addressing the High-Level Structure (HLS) you will be able to:
* Map the context of the organization; identifying all the inputs and outputs as well as interested parties (both internal and external).
* Fully understand the context of the organization and introduce planning activities that will address the risks and opportunities of the business that can interfere with the expected output of the business and build the mitigation strategy into the day-to-day planning and operational process.
* Ensure that sufficient and appropriate resources are available. Appropriateness is often determined through competency analysis.
* Harden operational functions by deploying the functions developed during the planning process.
* Evaluate performance and effectiveness at consistent planned intervals. Internal audits and management reviews are key methods of reviewing the performance of the security system and tools for its continual improvement.
* Use the results to continuously improve the organization and its processes.
By integrating multiple frameworks into one holistic one you can understand both the gaps into your internal control systems and the areas of overlap, and therefore avoid unmitigated risks, on the one hand, and duplication of efforts on the other. The latter is achieved by focusing only on covering the gaps in the process and controls addressing the areas of intersection between the CCM and any other security framework used in the internal control system.
[img(500px,auto)[iCSA/KCJB6.png]]
!!!Things to consider prior to kicking off your project plan
* Perform a gap analysis of your cloud security using the CSA CAIQ
* Set clear objectives for integration and expected ROI
* Determine the extent to which integration should occur (scope)
* Consider the cultural landscape within your company
* Analyze the need for training based off of the levels of competence necessary
** Evaluate your training needs to get started
** Re-evaluate based on the gaps you've identified
** This will help embed the knowledge
* Keep in mind legal and other regulatory requirements along with internal requirements
!!!What do you need to do next?
* Set up a project team to manage the implementation
* Communicate the project across the whole organization
* Create an implementation plan and monitor progress
* Take a fresh look at your total business
* Highlight the changes as opportunities for improvement
* Make changes to your documentation to reflect the new structure (as necessary)
* Implement the new requirements on leadership, risk and context of the organization
* Review the effectiveness of your current control set.
* Carry out an impact assessment
* Start measuring ROI
!!!Do things Differently through Visibility - Insight - Action
Experience teaches that the more successful businesses embed best practices holistically across the entire organization, not just in one specific area. Products and services today must meet a diverse spectrum of certification and compliance requirements.
Developing a consistent framework of repeatable processes and procedures allows the organization to comply, grow, and protect the operation.
Instituting a company-wide strategy breaks down long-established silos separating departments and divisions, and, for many organizations, can represent a significant change to corporate culture.
<<<
//__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/12/19/using-csa-star-to-improve-cloud-governance-and-compliance/
!"//CCSK Success Stories: From the Managing Director of a Consulting Firm//"
[>img(150px,auto)[iCSA/KCGBS.jpg]]Article de blog publié le 16 décembre 2020 -- rédigé par Paul Kurtz, //Co-founder and Executive Chairman//, TruSTAR Technology
<<<
!!SolarWinds perhaps represents the most severe hack of the digital age
The playbook of our adversaries continues to evolve, but defenders are losing, and the gap is widening. Discussion of imposing consequences on adversaries seems pointless so long as we keep falling farther behind. Similarly, finger-pointing will not work as this hack was not a single mistake like many we have seen in the past. In this case, it is clear the adversary used a suite of sophisticated techniques to cover their tracks, including a supply chain hack and using steganography to embed command lines.
FireEye has started what must become the norm: disclosing as much detail as possible as fast as possible about the attack techniques and indicators of compromise. Sharing indicators of compromise accelerates the discovery of other victimized systems. Today government agencies and companies are searching for indicators of compromise within their networks.
!!So, now what? How should organizations respond?
Cloud-Based, Intelligent EcosystemsNo doubt, the market will respond with new tools that could help identify similar future attacks. However, success will be temporary given adversaries continue to move faster than defenders. Rather than retool, we should focus on a more data-centric approach. Recently, the Cloud Security Alliance published a research paper on Cloud-based, Intelligent Ecosystems. The report calls for a paradigm shift to integrate and automate data from security tools and external threat feeds to establish a holistic picture of activity. By doing so, companies and government organizations can accelerate discovery, searching more quickly across all systems for indicators of compromise, like those released by FireEye shortly after they discovered the breach. Given different tools have different functions, it is likely indicators of compromise are spread across multiple systems. A data-centric approach rather than a tool-centric approach will help assemble pieces of the puzzle more quickly.
!!Organizations need to build a "cyber memory" of past events.
The paper also calls out the need for building "cyber memory" of past events; without memory, it is impossible to learn. We need to be able to recall event data from security systems seamlessly. Creating a virtual memory to absorb events will enable Machine Learning to identify patterns to more effectively and efficiently address malicious activity.
This approach is not a panacea and should not be read as preventing future attacks. However, it serves to close the gap and contain problems. The combination of information sharing -- like FireEye's, plus a data-centric approach to building a cyber memory of past event data from tools and external threat feeds will accelerate discovery.
<<<
//__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/12/16/solarwinds-how-cybersecurity-teams-should-respond/
!"//CCSK Success Stories: From the Managing Director of a Consulting Firm//"
[>img(150px,auto)[iCSA/K4QCCSK.png]]Article de blog publié le 14 décembre 2020
<<<
//This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Ferdinand Fong, Managing Director, Initial Alpha Pte. Ltd.
Q: In your current role as Managing Director, what does your job involve?
A: I run a program management consultancy business, and my most recent engagement involves working with a financial services payment processor as an operational management consultant executing the migration of CITI Hong Kong payment platform over to theirs. Due to this organization's insolvency filing and how the world is now changing, I am looking into expanding my portfolio into the area of cloud security.
Q: Can you share with us some complexities in managing cloud computing projects?
A: I can see as companies/enterprises are going from traditional physical infrastructure to more cloud- based infrastructure, there is a gap which CSA can help to fill. Some complexities I see are:
* Understanding the existing scope of the client and mapping it to a cloud based infrastructure
* The need to change the client's mindset as they will have to relinquish certain physical control over the infrastructure itself.
Q: In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
A: I think one of the key tips I would share is to get a good grasp on risk assessment. A thorough risk assessment that is in alignment with the client needs will ensure that an optimal business requirement document can be created, which will help with guiding the development of the project.
Q: What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
A: I find that as a whole the CCSK is a great starting point for anyone who wishes to venture into the area of cloud security. As someone who is new in this area, I would have to say that I did not have a preferred area as I found the entire training to be very invaluable.
Q: How does Cloud Controls Matrix (CCM) help communicate with customers?
A: The Cloud Controls Matrix (CCM) provides a very easy to understand method for customers in order to have a good handle on where they are in terms of security controls, compliance requirement and regulatory requirement. With the CCM any gaps in any of those areas can be easily identified and addressed.
Q: What's the value in a vendor-neutral certificate versus getting certified by a vendor? In what scenario are the different certificates important?
A: Vendor-neutral certificates are great as they open up greater opportunities to work in an unbiased manner with both the clients as well as managing a professional relationship with vendors and CSPs. This also means that my clients can trust my recommendations based on what their needs are and not driven by any biases.
Q: Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications?
A: Yes I would. As I see this as part of expanding my business, ensuring that my staff and colleagues have the same standard understanding and speak the same language when it comes to addressing cloud security related subjects.
Q: What is the best advice you would give to IT professionals in order for them to scale new heights in their careers?
A: Keep an ear to the ground, pay attention to the latest development and what is trending. The world of IT is constantly changing; it is imperative to stay abreast with the latest developments, innovations as well as the evolving security threats that are out there.//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/12/14/ccsk-success-stories-from-the-managing-director-of-a-consulting-firm/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #94|2020.12.13 - Newsletter Hebdomadaire #94]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #94|2020.12.13 - Weekly Newsletter - #94]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.12.13 - Newsletter Hebdomadaire #94]]>> |<<tiddler [[2020.12.13 - Weekly Newsletter - #94]]>> |
| La [[dernière Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' | The [[latest Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' is dated from ''<<tiddler [[LatestWeeklyEN]]>>'' |
|!• La newsletter #94 est en cours de rédaction
• Date de publication estimée : __à partir du 13 décembre 2020__ |
| [img(100px,auto)[iCSF/Work.gif]]
La Veille 'Web Cloud et Sécurité' en cours de rédaction est → [[ici|2020.12.13 - Veille Hebdomadaire - 13 décembre]] ← |
/%
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 07 au 13 décembre 2020
!!1 - Informations CSA - 07 au 13 décembre 2020
* Actu[img[iCSF/flag_fr.png]]: ''[[Point de situation sur l'incident Solarwinds/SolarStorm|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Publication : 'Cloud-Based, Intelligent Ecosystems'
!!2 - Veille Web Cloud et Sécurité ([[plus de 60 liens|2020.12.13 - Veille Hebdomadaire - 13 décembre]])
* __''À lire''__
** •
* __Attaques, Incidents, Fuites de données, Pannes__
** Attaques : •
** Incidents : •
** Fuites de données : •
** Pannes : •
* __Risques, Menaces, Vulnérabilités__
** Risques : •
** Menaces : •
** Vulnérabilités : •
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : •
** Détection : •
* __Rapports, Sondages, Études, Publications__
** Rapports : •
** Sondages : •
** Études : •
** Publications : •
* __Cloud Services Providers, Outils__
** AWS : •
** Azure : •
** GCP : •
** Oracle : •
** Kubernetes : •
** Docker : •
** Containers : •
** Workloads : •
** Outils: •
* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts : •
** Veilles : TL;DR Security #§TLDR§ • The Cloud Security Reading List #64
* __Marché, Acquisitions__
** Marché : •
** Acquisitions : •
* __Divers__
** •
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KCD/|https://CloudSecurityAlliance.fr/go/KCD/]] |
<<tiddler [[arOund0C]]>>
%/
|!• Newsletter #94 is currently being written
• Estimated release date: __after December 13th, 2020__ |
| [img(100px,auto)[iCSF/Work.gif]]
The draft version of the 'Cloud and Security' News Watch is → [[here|2020.12.13 - Veille Hebdomadaire - 13 décembre]] ← |
/%
!Weekly Cloud and Security Watch Newsletter - December 07th to 13th, 2020
!!1 - CSA News and Updates - December 07th to 13th, 2020
* News[img[iCSF/flag_fr.png]]: ''[[Status of the SolarWinds/SolarStorm incident|SolarStorm]]''+++^*[»] <<tiddler [[SolarStorm]]>>===
* Publication: 'Cloud-Based, Intelligent Ecosystems'
!!2 - Cloud and Security News Watch ([[over 60 links|2020.12.13 - Veille Hebdomadaire - 13 décembre]])
* __''Must read''__
** ''SolarStorm: Many valuable information and IOCs have been published''
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.08|Dark Reading|[[Attackers Know Microsoft 365 Better Than You Do|https://www.darkreading.com/cloud/attackers-know-microsoft-365-better-than-you-do/a/d-id/1339404]]|Risks O365|
|2020.12.10|//SecurityTrails//|[[5 AWS Misconfigurations That May Be Increasing Your Attack Surface|https://securitytrails.com/blog/aws-misconfigurations-increasing-attack-surface]]|AWS Misconfigurations|
|>|>|>|''Menaces / Threats'' |
|2020.12.13|//Tripwire//|[[Cloud Security: Messy Blobs and Leaky Buckets|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-security-messy-blobs-leaky-buckets/]]|Threats|
|2020.12.11|//Illumio//|[[How Zero Trust Allows Organisations to Address Each Step in the Cyber Kill Chain|https://www.illumio.com/blog/zero-trust-cyber-kill-chain]]Kill_Chain|
|2020.12.08|Karim El-Melhaoui|[[AWS Systems Manager Attack and defense strategies|https://blog.karims.cloud/2020/12/08/ssm-attack-and-defense-strategies.html]]|AWS Attack Defense|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.12.08|Bleeping Computer|[[All Kubernetes versions affected by unpatched MiTM vulnerability|https://www.bleepingcomputer.com/news/security/all-kubernetes-versions-affected-by-unpatched-mitm-vulnerability/]]|Vulnerability CVE-2020-8554|
|2020.12.09|//Stackrox//| ← [[CVE-2020-8554: Man in the Middle Vulnerability in Kubernetes - Top Recommendations|https://www.stackrox.com/post/2020/12/cve-2020-8554-man-in-the-middle-vulnerability-in-kubernetes-top-recommendations/]]|K8s CVE-2020-8554|
|2020.12.10|//Trimarc Security//|[[Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory|https://www.hub.trimarcsecurity.com/post/leveraging-the-kerberos-bronze-bit-attack-cve-2020-17049-scenarios-to-compromise-active-directory]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Overview|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Practical Exploitation|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Theory|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//Duo Security//|[[Microsoft Teams Flaw Allowed Easy Remote Code Execution|https://duo.com/decipher/microsoft-teams-flaw-allowed-easy-remote-code-execution]]|Vulnerability Teams|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.11|Sebastiaan van Putten|[[Enhance your resiliency against attacks with the new cloud-native threat protection capabilities of Azure Defender for DNS|https://www.seb8iaan.com/enhance-your-resiliency-against-attacks-with-the-new-cloud-native-threat-protection-capabilities-of-azure-defender-for-dns/]]|Azure DNS|
|2020.12.12|Anton Chuvakin|[[Cloud Migration Security Woes|https://medium.com/anton-on-security/cloud-migration-security-woes-14d7301b9e3b]]|Migration|
|2020.12.10|Dark Reading|[[Google Shares Cloud Security Tips|https://www.darkreading.com/cloud/google-shares-cloud-security-tips/d/d-id/1339670]]|Best_Practices GCP Webcast|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.12.08|//Zscaler//|[[The 2020 State of Cloud (In)Security|https://www.zscaler.com/blogs/security-research/2020-state-cloud-insecurity]]|Report|
|>|>|>|''Publications'' |
|2020.12.08|//DivvyCloud//|[[A Practical Guide to Gartner’s Cloud Security Archetypes|https://divvycloud.com/cnapp/]]|Architecture Gartner|
|2020.12.07|MSSP Alert|[[Predictions 2021: Explosion in Adoption of Cloud-native Security Solutions|https://www.msspalert.com/cybersecurity-guests/predictions-2021-explosion-in-adoption-of-cloud-native-security-solutions/]]|Report|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.12.09|Phil Rodrigues|![["Top Ten"? Security Updates from AWS re:Invent 2020|https://www.linkedin.com/pulse/top-ten-security-updates-from-aws-reinvent-2020-phil-rodrigues/]] |AWS Products|
|2020.12.08|//Amazon AWS//|[[How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced|https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/]]|AWS DNS DDOS|
|2020.12.08|//Javelynn//|[[Have you replaced IAM Users with AWS SSO yet?|https://www.javelynn.com/cloud/have-you-replaced-iam-users-with-aws-sso-yet/]]|AWS IAM SSO|
|2020.12.08|//Amazon AWS//|[[New - VPC Reachability Analyzer|https://aws.amazon.com/blogs/aws/new-vpc-insights-analyzes-reachability-and-visibility-in-vpcs/]]|AWS VPC|
|2020.12.08|//Amazon AWS//|[[Get started with fine-grained access control in Amazon Elasticsearch Service|https://aws.amazon.com/blogs/security/get-started-with-fine-grained-access-control-in-amazon-elasticsearch-service/]]|AWS Access_Controls|
|2020.12.08|//Amazon AWS//|[[AWS Audit Manager Simplifies Audit Preparation|https://aws.amazon.com/blogs/aws/aws-audit-manager-simplifies-audit-preparation/]]|AWS Audit_Manager|
|2020.12.07|//Amazon AWS//|[[Three common cloud encryption questions and their answers on AWS|https://aws.amazon.com/blogs/security/three-common-cloud-encryption-questions-and-their-answers-on-aws/]]|AWS Encyption|
|>|>|>|''Azure (Microsoft)'' |
|2020.12.09|//Mirosoft Azure//|[[Microsoft introduces steps to improve internet routing security|https://azure.microsoft.com/blog/microsoft-introduces-steps-to-improve-internet-routing-security/]]|Routing|
|2020.12.07|//Mirosoft Azure//|[[The broadest range of cloud innovation across US Government data classifications|https://azure.microsoft.com/en-us/blog/the-broadest-range-of-cloud-innovation-across-us-government-data-classifications/]]|Azure Government|
|2020.12.07|//Mirosoft Azure//|[[Microsoft launches Azure Government Top Secret cloud to handle classified data|https://www.zdnet.com/article/microsoft-launches-azure-government-top-secret-cloud-to-handle-classified-data/]]|Azure Government|
|2020.12.08|//Avanan//|[[Microsoft ATP: Millions of Emails Reveal ATP and EOP Offer Similar Protection|https://www.avanan.com/blog/microsoft-atp-millions-of-emails-reveal-atp-and-eop-offer-similar-protection]]|Azure_ATP Products|
|2020.12.07|SecureCloud Blog|[[Azure Sentinel & Log Analytics - Cross correlate between data on Azure Blob Storage and Log Analytics|https://securecloud.blog/2020/12/07/azure-sentinel-log-analytics-cross-correlate-between-data-on-azure-blob-storage-and-log-analytics/]]|Azure_Sentinel|
|>|>|>|''GCP (Google)'' |
|2020.12.13|Dawid Balut|![[Practical guide into GCP Security - entry/mid-level|https://dawidbalut.com/2020/12/12/practical-guide-into-gcp-security-entry-mid-level/]] ([[pdf|https://services.google.com/fh/files/misc/google-cloud-security-foundations-guide.pdf]]) |GCP|
|2020.12.11|//Google Cloud//|[[Run shell commands and orchestrate Compute Engine VMs with Cloud Workflows|https://medium.com/google-cloud/run-shell-commands-and-orchestrate-compute-engine-vms-with-cloud-workflows-e345e616a24]]|GCP Cloud_Workflows|
|2020.12.10|//Google Cloud//|[[What is zero trust identity security?|https://cloud.google.com/blog/topics/developers-practitioners/what-zero-trust-identity-security/]]|GCP Zero_Trust|
|2020.12.08|//Google Cloud//|[[How to Automate Governance Best Practices With Google Data Catalog and Terraform|https://medium.com/google-cloud/how-to-automatically-manage-your-iam-access-controls-with-google-data-catalog-and-terraform-5ea33adcbdd4]]|GCP IAM|
|>|>|>|''Oracle'' |
|2020.12.08|//Oracle Cloud//|[[Oracle Identity and Access Management: What's New, What's Next?|https://blogs.oracle.com/cloudsecurity/oracle-identity-and-access-management-new-and-next]]|IAM|
|>|>|>|''Kubernetes'' |
|2020.12.13|DZone|[[Securing a K3s Cluster|https://dzone.com/articles/securing-k3s-cluster]]|K8s Cluster|
|2020.12.10|//Conjur//|[[Securing Secrets in Kubernetes|https://www.conjur.org/blog/securing-secrets-in-kubernetes/]]|K8s Secrets_Management|
|2020.12.10|//Stackrox//|[[CKS Certification Study Guide: Cluster Setup in Kubernetes|https://www.stackrox.com/post/2020/12/cks-certification-study-guide-cluster-setup-in-kubernetes/]]|K8s CKS|
|2020.12.08|//Alcide//|[[New Kubernetes Vulnerability: CVE-2020-8554 Man in the Middle (MiTM) Attack Using Kubernetes Service Resources|https://blog.alcide.io/kubernetes-vulnerability-cve-2020-8554]]|CVE-2020-8554 Kubernetes|
|>|>|>|''Containers'' |
|2020.12.07|//Alcide//|[[Container Image Scanning for Kubernetes Deployments|https://blog.alcide.io/alcide-image-scanning]]|Image Scanning|
|>|>|>|''Workloads'' |
|2020.12.11|//Intezer//|[[Cloud Workload Security: Part 3 - Explaining Azure's Security Features|https://www.intezer.com/blog/cloud-workload-security-part-3-explaining-azures-security-features/]] (3/5)|Workloads|
|>|>|>|''Outils / Tools'' |
|2020.12.12|Marco Lancini|[[Semgrep for Cloud Security|https://www.marcolancini.it/2020/blog-semgrep-for-cloud-security/]]|Tools|
||[[r2c|http://r2c.dev/]]|[[Semgrep, a lightweight static analysis for many languages|https://github.com/returntocorp/semgrep]]|Tools|
||[[r2c|http://r2c.dev/]]|[[Semgrep rules registry|https://github.com/returntocorp/semgrep-rules]]|Tools|
||[[r2c|http://r2c.dev/]]|[[Semgrep documentations|https://github.com/returntocorp/semgrep-docs]]|Tools|
|2020.12.09|//Digital Guardian//|[[50 Cloud-Based Security Selection Tips|https://digitalguardian.com/blog/50-cloud-based-security-selection-tips]]|Tools|
|2020.12.09|Kitploit|[[RESTler - The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services|https://www.kitploit.com/2020/12/restler-first-stateful-rest-api-fuzzing.html]]|Tools|
|2020.12.11|The Daily Swig|[[O365 Squatting: Open source tool finds malicious cloud-hosted domains before they’re used in phishing campaigns|https://portswigger.net/daily-swig/o365-squatting-open-source-tool-finds-malicious-cloud-hosted-domains-before-theyre-used-in-phishing-campaigns]]|Tools O365|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2020.12.08|SilverLining IL|[[Episode 30: The challenges of CISO in a security company|https://silverlining-il.castos.com/episodes/episode-30-the-challenges-of-ciso-in-a-security-company]]|Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2020.12.13|Marco Lancini|[[The Cloud Security Reading List #67|https://cloudseclist.com/issues/issue-67/]] |Weekly_Newsletter|
|2020.12.09|TL;DR Security|[[#63 - OWASP, Fuzzing, and a New 'AWS Swiss Army Knife' Tool by Netflix|https://tldrsec.com/blog/tldr-sec-063/]] |Weekly_Newsletter|
* __Attacks, Incidents, Data Leaks, Outages__
** Attacks: New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign
** Incidents: Netgain Hit by Ransomware
** Outages: AWS impacted by Google Outage
* __Risks, Threats, Vulnerabilities__
** Risks: •
** Threats: •
** Vulnerabilities: •
* __Best Practices, and Detection__
** Best Practices: •
** Detection: •
* __Reports, Surveys, Studies, Publications__
** Reports: •
** Surveys: •
** Studies: •
** Publications: •
* __Cloud Services Providers, Tools__
** AWS: •
** Azure: •
** GCP: •
** Oracle: •
** Kubernetes: •
** Docker: •
** Containers: •
** Workloads: •
** Tools: •
* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Conferences: •
** Podcasts: •
** Newsletters: TL;DR Security #63 • The Cloud Security Reading List #67 •
* __Market, Acquisitions__
** Market: CLUSIF will use Shadline for Sharing and Communicating
** Acquisitions: •
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.12.11|//Shadline//[>img[iCSF/flag_fr.png]]|[[Le Clusif choisit Shadline pour faciliter les échanges de ses membres|https://www.shadline.com/le-clusif-choisit-shadline-pour-faciliter-les-echanges-de-ses-membres/]]|Tools Communications|
|2020.12.10|//IBM//|[[IBM Collaborates with AWS on Security for Hybrid Cloud|https://newsroom.ibm.com/2020-12-10-IBM-Collaborates-with-AWS-on-Security-for-Hybrid-Cloud]]|IBM AWS|
|>|>|>|''Acquisitions'' |
|2020.12.09|Help Net Security|[[Sysnet acquires Viking Cloud to enhance its cloud security platform and boost market expansion|https://www.helpnetsecurity.com/2020/12/09/sysnet-global-solutions-viking-cloud/]]|Acquisition|
* __Miscellaneous__
** IAM: Cloud Identity and Access Management: Understanding the Chain of Accessps|https://securityintelligence.com/posts/how-to-transform-from-devops-to-devsecops/]]|DecSecOps|
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KCD/|https://CloudSecurityAlliance.fr/go/KCD/]] |
<<tiddler [[arOund0C]]>>
%/
!!Veille Hebdomadaire - 7 au 13 décembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2020.12.09|//Cybereason//|[[New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign|https://www.cybereason.com/blog/new-malware-arsenal-abusing-cloud-platforms-in-middle-east-espionage-campaign]]|Attack|
|>|>|>|''Incidents'' |
|2020.12.10|Silicon Angle|[[Cloud hosting provider Netgain struck by ransomware attack|https://siliconangle.com/2020/12/09/cloud-hosting-provider-netgain-struck-ransomware-attack/]]|Ransomware|
|>|>|>|''Pannes / Outages'' |
|2020.12.08|Last Week in AWS|[[The Google Disease Afflicting AWS|https://www.lastweekinaws.com/blog/the-google-disease-afflicting-aws/]]|AWS|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.08|Dark Reading|[[Attackers Know Microsoft 365 Better Than You Do|https://www.darkreading.com/cloud/attackers-know-microsoft-365-better-than-you-do/a/d-id/1339404]]|Risks O365|
|2020.12.10|//SecurityTrails//|[[5 AWS Misconfigurations That May Be Increasing Your Attack Surface|https://securitytrails.com/blog/aws-misconfigurations-increasing-attack-surface]]|AWS Misconfigurations|
|>|>|>|''Menaces / Threats'' |
|2020.12.13|//Tripwire//|[[Cloud Security: Messy Blobs and Leaky Buckets|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-security-messy-blobs-leaky-buckets/]]|Threats|
|2020.12.11|//Illumio//|[[How Zero Trust Allows Organisations to Address Each Step in the Cyber Kill Chain|https://www.illumio.com/blog/zero-trust-cyber-kill-chain]]Kill_Chain|
|2020.12.08|Karim El-Melhaoui|[[AWS Systems Manager Attack and defense strategies|https://blog.karims.cloud/2020/12/08/ssm-attack-and-defense-strategies.html]]|AWS Attack Defense|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.12.08|Bleeping Computer|[[All Kubernetes versions affected by unpatched MiTM vulnerability|https://www.bleepingcomputer.com/news/security/all-kubernetes-versions-affected-by-unpatched-mitm-vulnerability/]]|Vulnerability CVE-2020-8554|
|2020.12.09|//Stackrox//| ← [[CVE-2020-8554: Man in the Middle Vulnerability in Kubernetes - Top Recommendations|https://www.stackrox.com/post/2020/12/cve-2020-8554-man-in-the-middle-vulnerability-in-kubernetes-top-recommendations/]]|K8s CVE-2020-8554|
|2020.12.10|//Trimarc Security//|[[Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory|https://www.hub.trimarcsecurity.com/post/leveraging-the-kerberos-bronze-bit-attack-cve-2020-17049-scenarios-to-compromise-active-directory]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Overview|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-overview/]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Practical Exploitation|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//NetSPI//| ← [[CVE-2020-17049: Kerberos Bronze Bit Attack – Theory|https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-theory/]]|CVE-2020-17049 Kerberos Active_Directory|
|2020.12.08|//Duo Security//|[[Microsoft Teams Flaw Allowed Easy Remote Code Execution|https://duo.com/decipher/microsoft-teams-flaw-allowed-easy-remote-code-execution]]|Vulnerability Teams|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.11|Sebastiaan van Putten|[[Enhance your resiliency against attacks with the new cloud-native threat protection capabilities of Azure Defender for DNS|https://www.seb8iaan.com/enhance-your-resiliency-against-attacks-with-the-new-cloud-native-threat-protection-capabilities-of-azure-defender-for-dns/]]|Azure DNS|
|2020.12.12|Anton Chuvakin|[[Cloud Migration Security Woes|https://medium.com/anton-on-security/cloud-migration-security-woes-14d7301b9e3b]]|Migration|
|2020.12.10|Dark Reading|[[Google Shares Cloud Security Tips|https://www.darkreading.com/cloud/google-shares-cloud-security-tips/d/d-id/1339670]]|Best_Practices GCP Webcast|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.12.08|//Zscaler//|[[The 2020 State of Cloud (In)Security|https://www.zscaler.com/blogs/security-research/2020-state-cloud-insecurity]]|Report|
|>|>|>|''Publications'' |
|2020.12.08|//DivvyCloud//|[[A Practical Guide to Gartner’s Cloud Security Archetypes|https://divvycloud.com/cnapp/]]|Architecture Gartner|
|2020.12.07|MSSP Alert|[[Predictions 2021: Explosion in Adoption of Cloud-native Security Solutions|https://www.msspalert.com/cybersecurity-guests/predictions-2021-explosion-in-adoption-of-cloud-native-security-solutions/]]|Report|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.12.09|Phil Rodrigues|![["Top Ten"? Security Updates from AWS re:Invent 2020|https://www.linkedin.com/pulse/top-ten-security-updates-from-aws-reinvent-2020-phil-rodrigues/]] |AWS Products|
|2020.12.08|//Amazon AWS//|[[How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced|https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/]]|AWS DNS DDOS|
|2020.12.08|//Javelynn//|[[Have you replaced IAM Users with AWS SSO yet?|https://www.javelynn.com/cloud/have-you-replaced-iam-users-with-aws-sso-yet/]]|AWS IAM SSO|
|2020.12.08|//Amazon AWS//|[[New - VPC Reachability Analyzer|https://aws.amazon.com/blogs/aws/new-vpc-insights-analyzes-reachability-and-visibility-in-vpcs/]]|AWS VPC|
|2020.12.08|//Amazon AWS//|[[Get started with fine-grained access control in Amazon Elasticsearch Service|https://aws.amazon.com/blogs/security/get-started-with-fine-grained-access-control-in-amazon-elasticsearch-service/]]|AWS Access_Controls|
|2020.12.08|//Amazon AWS//|[[AWS Audit Manager Simplifies Audit Preparation|https://aws.amazon.com/blogs/aws/aws-audit-manager-simplifies-audit-preparation/]]|AWS Audit_Manager|
|2020.12.07|//Amazon AWS//|[[Three common cloud encryption questions and their answers on AWS|https://aws.amazon.com/blogs/security/three-common-cloud-encryption-questions-and-their-answers-on-aws/]]|AWS Encyption|
|>|>|>|''Azure (Microsoft)'' |
|2020.12.09|//Mirosoft Azure//|[[Microsoft introduces steps to improve internet routing security|https://azure.microsoft.com/blog/microsoft-introduces-steps-to-improve-internet-routing-security/]]|Routing|
|2020.12.07|//Mirosoft Azure//|[[The broadest range of cloud innovation across US Government data classifications|https://azure.microsoft.com/en-us/blog/the-broadest-range-of-cloud-innovation-across-us-government-data-classifications/]]|Azure Government|
|2020.12.07|//Mirosoft Azure//|[[Microsoft launches Azure Government Top Secret cloud to handle classified data|https://www.zdnet.com/article/microsoft-launches-azure-government-top-secret-cloud-to-handle-classified-data/]]|Azure Government|
|2020.12.08|//Avanan//|[[Microsoft ATP: Millions of Emails Reveal ATP and EOP Offer Similar Protection|https://www.avanan.com/blog/microsoft-atp-millions-of-emails-reveal-atp-and-eop-offer-similar-protection]]|Azure_ATP Products|
|2020.12.07|SecureCloud Blog|[[Azure Sentinel & Log Analytics - Cross correlate between data on Azure Blob Storage and Log Analytics|https://securecloud.blog/2020/12/07/azure-sentinel-log-analytics-cross-correlate-between-data-on-azure-blob-storage-and-log-analytics/]]|Azure_Sentinel|
|>|>|>|''GCP (Google)'' |
|2020.12.13|Dawid Balut|![[Practical guide into GCP Security - entry/mid-level|https://dawidbalut.com/2020/12/12/practical-guide-into-gcp-security-entry-mid-level/]] ([[pdf|https://services.google.com/fh/files/misc/google-cloud-security-foundations-guide.pdf]]) |GCP|
|2020.12.11|//Google Cloud//|[[Run shell commands and orchestrate Compute Engine VMs with Cloud Workflows|https://medium.com/google-cloud/run-shell-commands-and-orchestrate-compute-engine-vms-with-cloud-workflows-e345e616a24]]|GCP Cloud_Workflows|
|2020.12.10|//Google Cloud//|[[What is zero trust identity security?|https://cloud.google.com/blog/topics/developers-practitioners/what-zero-trust-identity-security/]]|GCP Zero_Trust|
|2020.12.08|//Google Cloud//|[[How to Automate Governance Best Practices With Google Data Catalog and Terraform|https://medium.com/google-cloud/how-to-automatically-manage-your-iam-access-controls-with-google-data-catalog-and-terraform-5ea33adcbdd4]]|GCP IAM|
|>|>|>|''Oracle'' |
|2020.12.08|//Oracle Cloud//|[[Oracle Identity and Access Management: What's New, What's Next?|https://blogs.oracle.com/cloudsecurity/oracle-identity-and-access-management-new-and-next]]|IAM|
|>|>|>|''Kubernetes'' |
|2020.12.13|DZone|[[Securing a K3s Cluster|https://dzone.com/articles/securing-k3s-cluster]]|K8s Cluster|
|2020.12.10|//Conjur//|[[Securing Secrets in Kubernetes|https://www.conjur.org/blog/securing-secrets-in-kubernetes/]]|K8s Secrets_Management|
|2020.12.10|//Stackrox//|[[CKS Certification Study Guide: Cluster Setup in Kubernetes|https://www.stackrox.com/post/2020/12/cks-certification-study-guide-cluster-setup-in-kubernetes/]]|K8s CKS|
|2020.12.08|//Alcide//|[[New Kubernetes Vulnerability: CVE-2020-8554 Man in the Middle (MiTM) Attack Using Kubernetes Service Resources|https://blog.alcide.io/kubernetes-vulnerability-cve-2020-8554]]|CVE-2020-8554 Kubernetes|
|2020.12.07|//IT Next//|[[CKS Exam Series #1 Create Cluster & Security Best Practices|https://itnext.io/cks-exam-series-1-create-cluster-security-best-practices-50e35aaa67ae]]|CKS|
|>|>|>|''Containers'' |
|2020.12.07|//Alcide//|[[Container Image Scanning for Kubernetes Deployments|https://blog.alcide.io/alcide-image-scanning]]|Image Scanning|
|>|>|>|''Docker'' |
|2020.12.08|//SecureFlag//|[[Securing the Docker Ecosystem: Part 3: Strategies to Secure the Container Runtime|https://blog.secureflag.com/2020/12/08/securing-the-docker-ecosystem-part-3-the-container-runtime.html]] (3/3)|
|>|>|>|''Workloads'' |
|2020.12.11|//Intezer//|[[Cloud Workload Security: Part 3 - Explaining Azure's Security Features|https://www.intezer.com/blog/cloud-workload-security-part-3-explaining-azures-security-features/]] (3/5)|Workloads|
|>|>|>|''Outils / Tools'' |
|2020.12.12|Marco Lancini|[[Semgrep for Cloud Security|https://www.marcolancini.it/2020/blog-semgrep-for-cloud-security/]]|Tools|
||[[r2c|http://r2c.dev/]]|[[Semgrep, a lightweight static analysis for many languages|https://github.com/returntocorp/semgrep]]|Tools|
||[[r2c|http://r2c.dev/]]|[[Semgrep rules registry|https://github.com/returntocorp/semgrep-rules]]|Tools|
||[[r2c|http://r2c.dev/]]|[[Semgrep documentations|https://github.com/returntocorp/semgrep-docs]]|Tools|
|2020.12.09|//Digital Guardian//|[[50 Cloud-Based Security Selection Tips|https://digitalguardian.com/blog/50-cloud-based-security-selection-tips]]|Tools|
|2020.12.09|Kitploit|[[RESTler - The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services|https://www.kitploit.com/2020/12/restler-first-stateful-rest-api-fuzzing.html]]|Tools|
|2020.12.11|The Daily Swig|[[O365 Squatting: Open source tool finds malicious cloud-hosted domains before they’re used in phishing campaigns|https://portswigger.net/daily-swig/o365-squatting-open-source-tool-finds-malicious-cloud-hosted-domains-before-theyre-used-in-phishing-campaigns]]|Tools O365|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2020.12.08|SilverLining IL|[[Episode 30: The challenges of CISO in a security company|https://silverlining-il.castos.com/episodes/episode-30-the-challenges-of-ciso-in-a-security-company]]|Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2020.12.13|Marco Lancini|[[The Cloud Security Reading List #67|https://cloudseclist.com/issues/issue-67/]] |Weekly_Newsletter|
|2020.12.09|TL;DR Security|[[#63 - OWASP, Fuzzing, and a New 'AWS Swiss Army Knife' Tool by Netflix|https://tldrsec.com/blog/tldr-sec-063/]] |Weekly_Newsletter|
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.12.11|//Shadline//[>img[iCSF/flag_fr.png]]|[[Le Clusif choisit Shadline pour faciliter les échanges de ses membres|https://www.shadline.com/le-clusif-choisit-shadline-pour-faciliter-les-echanges-de-ses-membres/]]|Tools Communications|
|2020.12.10|//IBM//|[[IBM Collaborates with AWS on Security for Hybrid Cloud|https://newsroom.ibm.com/2020-12-10-IBM-Collaborates-with-AWS-on-Security-for-Hybrid-Cloud]]|IBM AWS|
|>|>|>|''Acquisitions'' |
|2020.12.09|Help Net Security|[[Sysnet acquires Viking Cloud to enhance its cloud security platform and boost market expansion|https://www.helpnetsecurity.com/2020/12/09/sysnet-global-solutions-viking-cloud/]]|Acquisition|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''CSPM'' |
|2020.12.11|//CipherCloud//|[[The Cloud, The Breach, and the increased role of CSPM|https://www.ciphercloud.com/the-cloud-the-breach-and-the-increased-role-of-cspm/]]|CSPM|
|>|>|>|''DNS'' |
|2020.12.07|//Akamai//|[[Distinguishing Among DNS Services Part 2: The Economics|https://blogs.akamai.com/2020/12/distinguishing-among-dns-services-part-2-the-economics.html]] {2/3}|!DNS|
|>|>|>|''IAM'' |
|2020.12.10|Dark Reading|[[Cloud Identity and Access Management: Understanding the Chain of Access|https://www.darkreading.com/cloud/cloud-identity-and-access-management-understanding-the-chain-of-access/a/d-id/1339463]]|IAM|
|>|>|>|''Protection des données / Data Privacy'' |
|2020.12.09|Acteurs Publics[>img[iCSF/flag_fr.png]]|[[Malgré la controverse, le Health Data Hub met ses premiers projets sur les rails|https://www.acteurspublics.fr/articles/malgre-la-controverse-le-health-data-hub-met-ses-premiers-projets-sur-les-rails]]|France Health_DataHub|
|>|>|>|''SASE'' |
|2020.12.13|//The Last Watchdog//|[[Guest Essay: Here's how Secure Access Service Edge — 'SASE' — can help, post Covid-19|https://www.lastwatchdog.com/guest-essay-heres-how-secure-access-service-edge-sase-can-help-post-covid-19/]]|SASE|
|2020.12.11|//Forcepoint//|[[Using SASE with Zero Trust to Simplify Access to Private Apps in AWS|https://www.forcepoint.com/blog/insights/simplify-access-aws-private-apps]]|SASE Zero_Trust|
|>|>|>|''SIEM'' |
|2020.12.09|Computer Weekly|[[How cloud-based SIEM tools benefit SOC teams|https://searchcloudsecurity.techtarget.com/tip/How-cloud-based-SIEM-tools-benefit-SOC-teams]]|SIEM|
|2020.12.07|MSSP Alert|[[Sumo Logic Cloud SIEM Demand Remains Strong|https://www.msspalert.com/cybersecurity-services-and-products/siem/sumo-logic-cloud-demand/]]|SIEM|
|>|>|>|''Zero Trust'' |
|2020.12.09|//Illumio//|[[Take Me to Your Domain Controller: How Attackers Discover and Understand Your Environment|https://www.illumio.com/blog/domain-controller-1]] (1/3)|Zero_Trust|
|>|>|>|''Autres / Others'' |
|2020.12.13|//Ermetic//|[[The Wild Ride of 2020 and its Impact on Cloud Security|https://securityboulevard.com/2020/12/the-wild-ride-of-2020-and-its-impact-on-cloud-security/]]|Trends|
|2020.12.11|//PivotPoint Security//|[[Where SaaS Firms Stumble on Cybersecurity|https://www.pivotpointsecurity.com/blog/where-saas-firms-stumble-on-cybersecurity/]]|SaaS|
|2020.12.09|//Radware//|[[Protecting Applications Across Multiple Clouds|https://blog.radware.com/security/applicationsecurity/2020/12/protecting-applications-across-multiple-clouds/]]|Multi_Cloud|
|2020.12.07|MSSP Alert|[[The 3 Trends Defining Ransomware in 2021|https://www.msspalert.com/cybersecurity-guests/the-3-trends-defining-ransomware-in-2021/]]|Trends Ransomware|
|2020.12.07|//Security Intelligence//|[[How to Transform From DevOps to DevSecOps|https://securityintelligence.com/posts/how-to-transform-from-devops-to-devsecops/]]|DecSecOps|
<<tiddler [[arOund0C]]>>
!"//Cloud-Based, Intelligent Ecosystems//"
[>img(200px,auto)[iCSA/KCAPC.png]]Publication du 10 décembre 2020 //
!!!Synthèse
<<<
//Release Date: 12/10/2020
Today's enterprise security world revolves around endless tools and ingestion of data points that often become confusing and unrealistic to decipher. It is difficult to gain a grasp how they impact business or the critical potential they hold in order to respond timely. The Cloud-Based, Intelligent Ecosystems paper aims towards executives in businesses whose focus is within securing their environment. The five sections presented within this paper address key areas in understanding the meaning of intelligence, the concept of how threat gathering works, securing a cloud-based, intelligent ecosystem, security business analytics, and lastly, areas of further research.
To understand your specific threat intelligence model, one must first understand the tools currently within use, whether it be endpoint protection or other security sensors on the network. Companies must normalize and automate their internal tools to transform and extract actionable intelligence, while using external sources to reduce detection and response times. This is not a call for more tools, but rather how to use what you currently have at an optimal level. With the growing use of AI and Machine Learning, these technologies can expand the reach of tools and assist in the precision and accuracy of false positive data sets.
Threat intelligence can be expanded over time when addressing IoT devices throughout enterprise, and how "sense, understand, act" can enhance and understand complexities within enterprise ecosystems. By also understanding other emerging technologies, such as blockchain, we can assume that the size of data will continue to move upwards. The important aspect here is capturing how to align threat intelligence to emerging technology so you do not get left behind.//
<<<
!!!Communiqué de presse
<<<
!!!!Cloud Security Alliance Releases Cloud-Based, Intelligent Ecosystems - Redefining Intelligence & Driving to Autonomous Security Operations
//Document calls out five unique security challenges that can lead to adversaries' success
SEATTLE - Dec. 10, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released Cloud-Based, Intelligent Ecosystems - Redefining Intelligence & Driving to Autonomous Security Operations. The paper looks to address the disconnect within cybersecurity wherein increasing numbers of security solutions are only serving to make enterprises more vulnerable. In the document, the authors encourage security executives to break the endless cycle of iterative tool adoption, and, instead, move to data-centric security operations that drive integration and automation while simultaneously leveraging cloud-based fusion.
"We are in a cyber arms race that has precipitated a security tool-race with adversaries' evolving attacks forcing us to spend more to try to defend ourselves. Our default response is to adopt new tools to try to keep up, but we are losing this race as adversaries continue to outpace defenders," said Jim Reavis, co-founder and CEO, Cloud Security Alliance. "We are increasing operations and personnel costs but somehow decreasing security and efficiency. Our complex and costly operations are, in fact, increasing the probability of adversaries' success."
CSA took a step back to examine the problem holistically and identified a critical gap: the absence of a capability to easily leverage and fuse output from security tools and threat intelligence deployed. Over the course of the examination, at least five unique cybersecurity challenges surfaced:
* Security technology and adversaries are changing fast. Keeping pace with new and emerging problems has made it difficult to examine the situation as a whole and the underlying issues that develop into more pronounced threats.
* The vendor community has focused on a "single pane of glass" that visually represents event data. This good idea is limited by the fact that the wealth and diversity of event data are hard to represent, along with the pace of malicious activity. Moreover, buyers are reluctant to commit to a single pane, given the significant investment in training on major security products.
* The absence of a readily implementable exchange protocol and data-labeling ontology has slowed progress.
* Normalization and transformation of disparate data sets from security tools and intel sources have represented the "valley of death" for integration and automation until recently.
* A shift from a singular focus on software and products to secure systems to focusing on the data generated by security systems.
The paper unpacks "intelligence" and addresses the challenges of integrating data from internal security tools and external threat feeds and leverages lessons learned from the autonomous vehicle industry's "sense, understand, and act" methodology. The authors go on to propose secure, intelligent ecosystems to enrich data workflow and apply machine learning and address security business analytics and the importance of measuring business outcomes for boards of directors, chief information security officers, and security operators. Finally, the document proposes areas for further exploration and investigation.
"We, as security defenders need to act, but our success will be temporary until we break the cycle and place a new cornerstone for cyber defense — cloud-based, data-centric defense. It's time business leadership takes the initiative to break the cycle and defend their companies through data-centric, integration, and automation of their tools and overall architecture," said Paul Kurtz, Board of Directors, Cloud Security Alliance.//
<<<
!!!Liens
* Communiqué de presse ⇒ https://cloudsecurityalliance.org/press-releases/2020/12/10/cloud-security-alliance-releases-cloud-based-intelligent-ecosystems-redefining-intelligence-driving-to-autonomous-security-operations/
* Téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/cloud-based-intelligent-ecosystems/
* Document (PDF) ⇒ https://cloudsecurityalliance.org/download/artifacts/cloud-based-intelligent-ecosystems/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #93|2020.12.06 - Newsletter Hebdomadaire #93]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #93|2020.12.06 - Weekly Newsletter - #93]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.12.06 - Newsletter Hebdomadaire #93]]>> |<<tiddler [[2020.12.06 - Weekly Newsletter - #93]]>> |
| La [[dernière Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' | The [[latest Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' is dated from ''<<tiddler [[LatestWeeklyEN]]>>'' |
|!• La newsletter #93 est en cours de rédaction
• Date de publication estimée : __à partir du 06 décembre 2020__ |
| [img(100px,auto)[iCSF/Work.gif]]
La Veille 'Web Cloud et Sécurité' en cours de rédaction est → [[ici|2020.12.06 - Veille Hebdomadaire - 06 décembre]] ← |
/% |!⇒ [[CloudSecurityAlliance.fr/go/KC6/|https://CloudSecurityAlliance.fr/go/KC6/]] |
<<tiddler [[arOund06]]>>%/
|!• Newsletter #93 is currently being written
• Estimated release date: __after December 06th, 2020__ |
| [img(100px,auto)[iCSF/Work.gif]]
The draft version of the 'Cloud and Security' News Watch is → [[here|2020.12.06 - Veille Hebdomadaire - 06 décembre]] ← |
/%|!⇒ [[CloudSecurityAlliance.fr/go/KC§D§/|https://CloudSecurityAlliance.fr/go/KC§D§/]] |
<<tiddler [[arOund06]]>>%/
!!Veille Hebdomadaire - 30 novembre au 6 décembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|>|>|>|''Incidents'' |
|>|>|>|''Fuites de données / Leaks'' |
|>|>|>|''Pannes / Outages'' |
|2020.11.30|CRN AU|[[AWS apologises for cloud outage from Amazon Kinesis|http://www.crn.com.au/news/aws-apologises-for-cloud-outage-from-amazon-kinesis-558398]]|Ourtage AWS|
|2020.11.30|The Register|[[AWS reveals it broke itself by exceeding OS thread limits, sysadmins weren't familiar with some workarounds|https://www.theregister.com/2020/11/30/aws_outage_explanation/]]|Outage AWS|
|2020.11.30|//Cloud Management Insider//|[[AWS Outage Resolved, All Operations Return to Normal|https://www.cloudmanagementinsider.com/aws-outage-resolved-all-operations-return-to-normal/]]|Outage AWS|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.12.04|//MalwareBytes Labs//|[[File-sharing and cloud storage sites: How safe are they?|https://blog.malwarebytes.com/how-tos-2/2020/12/file-sharing-and-cloud-storage-sites-how-safe-are-they/]]|File_Sharing Storage|
|2020.12.03|Dark Reading|![[Cloud Security Threats for 2021|https://www.darkreading.com/cloud/cloud-security-threats-for-2021/a/d-id/1339454]] |Risks Prospective|
|2020.12.02|Cybersecurity Insiders|[[4 Protocols That Eliminate the Security Risks of Cloud Migration|https://www.cybersecurity-insiders.com/4-protocols-that-eliminate-the-security-risks-of-cloud-migration/]]|Risks|
|>|>|>|''Menaces / Threats'' |
|2020.11.30|ZDnet|[[Docker malware is now common, so devs need to take Docker security seriously|https://www.zdnet.com/article/docker-malware-is-now-common-so-devs-need-to-take-docker-security-seriously/]]|Docker Malware|
|2020.12.02|//HashiCorp//|[[Shifting Threat Modeling Left: Automated Threat Modeling Using Terraform|https://www.hashicorp.com/resources/shifting-threat-modeling-left-automated-threat-modeling-using-terraform]]|Threat_Modeling|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.12.03|The New Stack|[[New containerd Security Hole Needs to Be Patched ASAP|https://thenewstack.io/new-containerd-security-hole-needs-to-be-patched-asap/]]|Containerd Flaw|
|2020.11.30|//NCC Group//|[[Technical Advisory Containerd: Containerd Shim API Exposed to Host Network Containers CVE-2020-15257|https://research.nccgroup.com/2020/11/30/technical-advisory-containerd-containerd-shim-api-exposed-to-host-network-containers-cve-2020-15257/]]|CVE-2020-15257|
|2020.12.03|Dark Reading| → [[Common Container Manager Is Vulnerable to Dangerous Exploit|https://www.darkreading.com/cloud/common-container-manager-is-vulnerable-to-dangerous-exploit/d/d-id/1339607]]|CVE-2020-15257|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.12.04|Marteen Goet|![[8 Easy Steps to Improve Your Security Posture in Azure|https://github.com/maartengoet/presentations/blob/master/2020_12_vacd_8_easy_steps_to_improve_your_security_posture_in_azure.pdf]] (pdf) |Best_Practices AWS|
|2020.12.04|//CyberArk Conjur//|[[Security Automation: Best Practices for Secrets Management in a Configuration-as-Code Environment|https://www.conjur.org/blog/security-automation-best-practices-for-secrets-management-in-a-configuration-as-code-environment/]]|Secrets_Management|
|2020.12.01|Container Journal|[[Kubernetes Best Practices in Production|https://containerjournal.com/topics/container-management/kubernetes-best-practices-in-production/]]|K8s|
|2020.12.03|DZone|[[AWS Cloud Monitoring: Best Practices and Top-Notch Tools|https://dzone.com/articles/aws-cloud-monitoring-best-practices-and-top-notch]]|AWS Best_Practices|
|>|>|>|''Protection'' |
|>|>|>|''Détection / Detection'' |
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.12.01|//Prevasio//|[[Operation "Red Kangaroo": Industry's First Dynamic Analysis of 4M Public Docker Container Images|https://blog.prevasio.com/2020/12/operation-red-kangaroo-industrys-first.html]] ([[Rapport|https://prevasio.com/static/Red_Kangaroo.pdf]])|Report|
|2020.12.01|Dark Reading| → [[Malicious or Vulnerable Docker Images Widespread, Firm Says|https://www.darkreading.com/threat-intelligence/malicious-or-vulnerable-docker-images-widespread-firm-says/d/d-id/1339576]]|Report|
|2020.12.02|Dark Reading| → [[Analysis of 4 Million Docker Images Shows Half Have Critical Vulnerabilities|https://www.securityweek.com/analysis-4-million-docker-images-shows-half-have-critical-vulnerabilities]]|Report|
|2020.12.02|Security Week| → [[Analysis of 4 Million Docker Images Shows Half Have Critical Vulnerabilities|http://https://www.securityweek.com/analysis-4-million-docker-images-shows-half-have-critical-vulnerabilities]]|Report|
|2020.12.03|Container Journal| → [[Report: Docker Hub Container Vulnerabilities High|https://containerjournal.com/topics/container-security/report-docker-hub-container-vulnerabilities-high/]]|Report|
|>|>|>|''Sondages / Surveys'' |
|2020.11.30|Lexology|[[Global: 2020 Digital Transformation & Cloud Survey|https://www.lexology.com/library/detail.aspx?g=ed3660fe-fd39-447d-82f2-b8f649657b9c]]|Survey|
|>|>|>|''Études / Studies'' |
|>|>|>|''Publications'' |
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.12.02|Silicon[>img[iCSF/flag_fr.png]]|[[AWS re:Invent 2020 : les annonces à retenir|https://www.silicon.fr/aws-reinvent-2020-les-annonces-a-retenir-352627.html]]|AWS Conference|
|2020.12.03|Help Net Security|[[AWS releases four storage innovations to add storage performance, resiliency, and value to customers|https://www.helpnetsecurity.com/2020/12/03/aws-four-storage-innovations/]]|AWS Conference|
|2020.12.04|//Amazon AWS//|[[Enforce your AWS Network Firewall protections at scale with AWS Firewall Manager|https://aws.amazon.com/blogs/security/enforce-your-aws-network-firewall-protections-at-scale-with-aws-firewall-manager/]]|AWS_Firewall|
|2020.12.03|//Amazon AWS//|[[New – SaaS Lens in AWS Well-Architected Tool|https://aws.amazon.com/blogs/aws/new-saas-lens-in-aws-well-architected-tool/]]|AWS SaaS|
|2020.12.02|//Amazon AWS//|[[New - Amazon S3 Replication Adds Support for Multiple Destination Buckets|https://aws.amazon.com/blogs/aws/new-amazon-s3-replication-adds-support-for-multiple-destination-buckets/]]|AWS|
|2020.12.02|//Amazon AWS//|[[Techniques for writing least privilege IAM policies|https://aws.amazon.com/blogs/security/techniques-for-writing-least-privilege-iam-policies/]]|AWS IAM|
|2020.12.02|//Amazon AWS//|[[Amazon S3 Update – Strong Read-After-Write Consistency|https://aws.amazon.com/blogs/aws/amazon-s3-update-strong-read-after-write-consistency/]]|Integrity|
|2020.12.01|Security Week|[[Webinar Today: Advanced Tips for Securing Large AWS Environments|https://www.securityweek.com/webinar-today-advanced-tips-securing-large-aws-environments]]|Webcast AWS|
|2020.12.03|//Security Intelligence//|[[5 Ways to Accelerate Security Confidence for AWS Cloud|https://securityintelligence.com/posts/accelerate-security-confidence-aws-cloud/]]|AWS Confidence|
|2020.12.03|//Forcepoint//|[[Talking Cloud Security with Amazon Web Services|https://www.forcepoint.com/blog/insights/talking-cloud-security-with-aws]]|AWS|
|2020.12.03|//Cloudonaut//|[[How to configure SAML for AWS SSO?|https://cloudonaut.io/how-to-configure-saml-for-aws-sso/]]|AWS_SSO|
|2020.12.01|//Expel//|[[Evilginx-ing into the cloud: How we detected a red team attack in AWS|https://expel.io/blog/evilginx-into-cloud-detected-red-team-attack-in-aws/]]|Detection|
|>|>|>|''Azure (Microsoft)'' |
|2020.12.04|Daniel Neumann|[[Azure Reservations and the RBAC dilemma|https://www.danielstechblog.io/azure-reservations-and-the-rbac-dilemma/]]|Azure RBAC|
|2020.12.01|//Microoft Azure//|[[Azure AD Application Proxy now natively supports apps that use header-based authentication|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-application-proxy-now-natively-supports-apps-that-use/ba-p/1751707]]|AzureAD|
|2020.11.30|Secure Cloud Blog|[[DynDNS endpoint on Azure Functions|https://securecloud.blog/2020/11/30/dyndns-endpoint-on-azure-functions/]]|Azure DNS|
|>|>|>|''GCP (Google)'' |
|2020.12.06|//Codeburst.io//|[[Google Kubernetes Engine Logging by Example|https://codeburst.io/google-kubernetes-engine-logging-by-example-df6946dcba6b]]|GKE Logging|
|2020.11.30|//Google Cloud//|[[Using Cloud Workflows to load Cloud Storage files into BigQuery|https://medium.com/google-cloud/using-cloud-workflows-to-load-cloud-storage-files-into-bigquery-54228d166a7d]]|GCP Cloud_Workflows|
|>|>|>|''Oracle'' |
|2020.12.03|//Oracle//|[[Security-First principles for Identity and Access Management|https://blogs.oracle.com/cloudsecurity/security-first-principles-for-identity-and-access-management]]|IAM|
|>|>|>|''Kubernetes'' |
|2020.12.06|CyberSecurity Indiders|[[How to secure a Kubernetes cluster|https://www.cybersecurity-insiders.com/how-to-secure-a-kubernetes-cluster-2/]]|K8s|
|2020.12.04|//DivvyCloud//|[[A Holistic Approach to Kubernetes Security and Compliance|https://divvycloud.com/a-holistic-approach-to-kubernetes-security-and-compliance/]]|K8s|
|2020.12.03|//Alcide//|![[Kubernetes Threat Vectors: Part 4 - Privilege Escalation|https://www.alcide.io/kubernetes-threat-vectors-part-4-privilege-escalation]] (4/11) |Kubernetes Threats|
|2020.12.03|//Snyk//|[[Kernel privilege escalation: how Kubernetes container isolation impacts privilege escalation attacks|https://snyk.io/blog/kernel-privilege-escalation/]]|K8s|
|2020.12.02|//AlienVault//|[[How to secure a Kubernetes cluster|https://feeds.feedblitz.com/~/639499898/0/alienvault-blogs~How-to-secure-a-Kubernetes-cluster]]|K8s Cluster|
|2020.11.30|Thomas Stringer|[[Find Which apiVersion to Use for Kubernetes Resources|https://trstringer.com/kubernetes-apiversion/]]|K8s APIs|
|>|>|>|''Docker'' |
|2020.12.06|Jatin Yadav|[[Harden Docker with CIS – (P2) Host configurations|https://blog.jtnydv.com/harden-docker-with-cis-p2-host-configurations/]]|Docker Hardening CIS|
|2020.11.29|Jatin Yadav|[[Harden Docker with CIS – (P1) Environment setup|https://blog.jtnydv.com/harden-docker-with-cis-p1-environment-setup/]]|Docker Hardening CIS|
|2020.11.30|ZDnet|[[Docker malware is now common, so devs need to take Docker security seriously|https://www.zdnet.com/article/docker-malware-is-now-common-so-devs-need-to-take-docker-security-seriously/]]|Docker Malware|
|2020.11.30|//SecureFlag//|[[Securing the Docker Ecosystem: Part 2: Strategies to Secure the Container Build|https://blog.secureflag.com/2020/11/30/securing-the-docker-ecosystem-part-2-the-container-build.html]] (2/3)|
|>|>|>|''Containers'' |
|>|>|>|''Workloads'' |
|>|>|>|''Outils / Tools'' |
|2020.11.30|Joosua Santasalo|[[azdyndns: Dyndns for a dime|https://github.com/jsa2/azdyndns]]|Tools Azure DNS|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Conférences / Conferences'' |
|2020.11.30|//Amazon AWS//|[[re:Invent 2020 - Your guide to AWS Identity and Data Protection sessions|https://aws.amazon.com/blogs/security/reinvent-2020-your-guide-to-aws-identity-and-data-protection-sessions/]]|Conference AWS|
|>|>|>|''Podcasts'' |
|>|>|>|''Veilles / Newsletters'' |
|2020.12.06|Marco Lancini|[[The Cloud Security Reading List #66|https://cloudseclist.com/issues/issue-66/]] |Weekly_Newsletter|
|2020.12.03|TL;DR Security|[[#62 - Leaking IAM Users and Roles, AI|https://tldrsec.com/blog/tldr-sec-062/]] |Weekly_Newsletter|
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|''Juridique / Legal'' |
|>|>|>|''Réglementation / Regulatory'' |
|>|>|>|''Conformité / Compliance'' |
|>|>|>||
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.11.30|CISO Mag.|[[Cloud Security Spending to Grow 250.3% in 2021: Gartner|https://cisomag.eccouncil.org/cloud-security-spending-2021/]]|Market|
|>|>|>|''Acquisitions'' |
|2020.12.04|CyberSecurity Insiders|[[Google acquires Actifio for Cloud Security|https://www.cybersecurity-insiders.com/google-acquires-actifio-for-cloud-security/]]|Acquisition|
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''DNS'' |
|2020.11.30|//Akamai//|[[Distinguishing Among DNS Services Part 1: The Platform|https://blogs.akamai.com/2020/11/distinguishing-among-dns-services-part-1-the-platform.html]] {1/3}|!DNS|
|>|>|>|''SASE'' |
|2020.12.04|Help Net Security|[[How to take SASE from a buzzword to a plan|https://www.helpnetsecurity.com/2020/12/04/sase-plan/]]|SASE|
|>|>|>|''Autres / Others'' |
|2020.12.06|CyberSecurity Indiders|[[How to Secure Your Apps with SaaS Security Posture Management (SSPM)|https://www.cybersecurity-insiders.com/how-to-secure-your-apps-with-saas-security-posture-management-sspm/]]|SaaS|
|2020.12.06|CyberSecurity Indiders|[[Cost-Effective Cloud Security for the Modern Enterprise: Part 3|https://www.cybersecurity-insiders.com/cost-effective-cloud-security-for-the-modern-enterprise-part-3/]]|Misc|
|2020.12.06|ZDnet[>img[iCSF/flag_fr.png]]|[[Microsoft lance un cloud sécurisé pour traiter les données du gouvernement américain|https://www.zdnet.fr/actualites/microsoft-lance-un-cloud-securise-pour-traiter-les-donnees-du-gouvernement-americain-39914467.htm]]|Azure Government|
|2020.12.04|DNS Mde Easy|[[How Cloud Outages Can Be Prevented|https://social.dnsmadeeasy.com/blog/how-cloud-outages-can-be-prevented/]]|Outages Prevention|
|2020.12.04|Dark Reading|[[Microsoft Cloud Security Exec Talks New Tech, WFH, Gamification|https://www.darkreading.com/cloud/microsoft-cloud-security-exec-talks-new-tech-wfh-gamification/d/d-id/1339621]]|Misc|
|2020.12.01|Christophe Parisel|![[Reengineering Multi-Cloud (part 1)|https://www.linkedin.com/pulse/reengineering-multi-cloud-part-1-christophe-parisel/]] (1/2)|
|>|>|>|''Autres / Others'' |
|2020.12.04|Help Net Security|[[The need for zero trust security a certainty for an uncertain 2021|https://www.helpnetsecurity.com/2020/12/29/need-for-zero-trust-security/]]|Zero_Trust|
|2020.12.04|//MalwareBytes Labs//|[[File-sharing and cloud storage sites: How safe are they?|https://blog.malwarebytes.com/how-tos-2/2020/12/file-sharing-and-cloud-storage-sites-how-safe-are-they/]]|Storage|
|2020.12.03|TechBeacon|[[Cloud security and analytics: 4 lessons for data security teams|https://techbeacon.com/security/cloud-security-analytics-4-lessons-data-security-teams]]|Misc|
|2020.12.03|Help Net Security|[[The challenges of keeping a strong cloud security posture|https://www.helpnetsecurity.com/2020/12/03/keeping-a-strong-cloud-security-posture/]]|CSPM|
|2020.12.03|Help Net Security|[[How to reduce the risk of third-party SaaS apps|https://www.helpnetsecurity.com/2020/12/03/reduce-risk-third-party-saas-apps/]]|Risks SaaS|
|2020.12.03|Help Net Security|[[Cloud-native benefits stifled by critical security and networking issues|https://www.helpnetsecurity.com/2020/12/03/cloud-native-apps/]]|Cloud_Native|
|2020.12.03|Dark Reading|[[Cloud Security Threats for 2021|https://www.darkreading.com/cloud/cloud-security-threats-for-2021/a/d-id/1339454]]|Threats|
|2020.12.03|//Sysdig//|[[Your team is running containers, but are they secure?|https://sysdig.com/blog/your-team-is-running-containers-but-are-they-secure/]]|Containers|
|2020.12.03|//Radware//|[[What Does a Unified Security Strategy in the Public Cloud Look Like?|https://blog.radware.com/uncategorized/2020/12/what-does-a-unified-security-strategy-in-the-public-cloud-look-like/]]|Strategy|
|2020.12.03|//Oracle Cloud//|[[Security-First principles for Identity and Access Management|https://blogs.oracle.com/cloudsecurity/security-first-principles-for-identity-and-access-management]]|IAM|
|2020.12.03|//Morphisec//|[[Busting Cloud Security Myths|https://blog.morphisec.com/busting-cloud-security-myths]]|Myths|
|2020.12.03|//Caylent//|[[Testing Your Code on Terraform: Terratest|https://caylent.com/testing-your-code-on-terraform-terratest]]|Testing|
|2020.12.02|The Daily Swig|[[Crypto-mining malware fiends exploit insecure Docker installations with botnet|https://portswigger.net/daily-swig/crypto-mining-malware-fiends-exploit-insecure-docker-installations-with-botnet]]|Docker Crypto_Mining|
|2020.12.02|Cybersecurity Insiders|[[4 Protocols That Eliminate the Security Risks of Cloud Migration|https://www.cybersecurity-insiders.com/4-protocols-that-eliminate-the-security-risks-of-cloud-migration/]]|Risks|
|2020.12.02|CloudTweaks|[[Episode 8: Managing Cloud Strategy During the Chaos of 2020, Plus an Outlook for 2021|https://cloudtweaks.com/2020/12/tech-strategy-during-chaos-2020/]] '[[mp3|https://podcasts.captivate.fm/media/21f22f83-6c8e-4538-a9ee-4525016712f6/cloudtweaks-episode-8-virtana.mp3]])|Podcast|
|2020.12.02|/Thousand Eyes|[[Ep. 30: Major AWS Outage Highlights Dependencies Within Cloud Providers|https://blog.thousandeyes.com/internet-report-episode-30/]] ([[Webcast|https://www.youtube.com/watch?v=iRSgOtRX_Ko]])|Podcast|
|2020.12.02|//Threatpost//|[[Microsoft Revamps 'Invasive' M365 Feature After Privacy Backlash|https://threatpost.com/microsoft-m365-privacy-backlash/161760/]]|M365 Privacy|
|2020.12.02|//Stackrox//|[[OpenShift image security and cluster maintenance best practices|https://www.stackrox.com/post/2020/12/openshift-image-security-and-cluster-maintenance-best-practices/]]|Image Best_Practices|
|2020.12.01|The Register|[['We've heard the feedback...' Microsoft 365 axes per-user productivity monitoring after privacy backlash|https://www.theregister.com/2020/12/01/productivity_score/]]|M365 Privacy|
|2020.12.01|Matt Soseman[[Security Config Assessments of AWS, GCP, Azure using MCAS!|https://mattsoseman.wordpress.com/2020/12/01/security-config-assessments-of-awsgcpazure-using-mcas/]]|Configuration|
|2020.12.01|CISO Mag.|[[We'll see more attacks that target cloud misconfiguration issues|https://cisomag.eccouncil.org/cloud-misconfiguration-issues/]]|Misconfiguration|
|2020.12.01|//Threatpost//|[[Misconfigured Docker Servers Under Attack by Xanthe Malware|https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/]]|Docker Malware|
|2020.12.01|//Security Scorecard//|[[Tips for Vetting the Security of Cloud Service Providers|https://securityscorecard.com/blog/tips-vetting-security-cloud-service-providers]]|CSP|
|2020.12.01|//Google Cloud//|[[Monitor and secure your containers with new Container Threat Detection|https://cloud.google.com/blog/products/identity-security/container-threat-detection-is-ga/]]|Detection|
|2020.12.01|Kitploit|[[Terrascan - Detect Compliance And Security Violations Across Infrastructure As Code|https://www.kitploit.com/2020/12/terrascan-detect-compliance-and.html]]|Tools|
|2020.12.01|//BridgeCrew//|[[Building an IaC security and governance program step-by-step|https://bridgecrew.io/blog/building-iac-security-governance-program/]]|IaC|
|2020.11.30|//Digital Ocean//|[[How To Protect Sensitive Data in Terraform|https://www.digitalocean.com/community/tutorials/how-to-protect-sensitive-data-in-terraform]]|Protection|
|2020.11.30|CIO Dive|[[Businesses can avoid cloud provider downtime with redundancy — but at what cost?|https://www.ciodive.com/news/aws-outage-cloud-recovery-interoperability/589844/]]|Redndancy|
|2020.11.30|//AvePoint//|[[Top Microsoft 365 Tenant to Tenant Migration Considerations|https://www.avepoint.com/blog/migrate/microsoft-365-tenant-migration-considerations/]]|M365|
|2020.11.30|//Tenable//|[[Cloud Security: 3 Things InfoSec Leaders Need to Know About the Shared Responsibility Model|https://www.tenable.com/blog/cloud-security-3-things-infosec-leaders-need-to-know-about-the-shared-responsibility-model]]|Responsibility|
|2020.11.30|Silicon Angle|[[IBM Cloud gets quantum-resistant cryptography|https://siliconangle.com/2020/11/30/ibm-cloud-gets-quantum-resistant-cryptography/]]|Cryptography|
<<tiddler [[arOund0C]]>>
!"//CCSK Success Stories: From the Head Cybersecurity Architecture//"
[>img(150px,auto)[iCSA/K4QCCSK.png]]Article de blog publié le 3 décembre 2020
<<<
//This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Lee Han Ther, Head, Cybersecurity Architecture & Strategy at Maxis.
Q: You currently work at Maxis as Head of Cybersecurity Architecture & Strategy. Can you tell us about what your job involves?
A: In my current capacity, I am responsible to drive security architecture, technology innovation and strategy. I help our teams design, deploy and operate solutions across our information technology , cloud and telecommunication network with appropriate security controls to meet business goals along with customer and regulatory requirements.
Q: Can you share with us some complexities in managing cloud computing projects?
A: Well it depends on the cloud service model. IaaS, PaaS, and SaaS have different levelslevel of complexities. Some complexities however are generic across all three, i.e. data residency, regulatory requirement and aligning service provider responsibilities with business needs.
Q: In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
I would say the important financial aspect is to look at a cloud project's overall Total Cost of Ownership (TCO). In justifying cloud project spending, we need to forecast the total growth / decline of the project components over time due the date scalability and utility like billing, unlike traditional infrastructure.
Q: What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
As part of a self-development plan for the year, I have already included in my goals to obtain a relevant cyber security certification. Why the Certificate of Cloud Security Knowledge (CCSK)? Well, that is the most relevant vendor neutral cloud security certification around. It has helped me build the right foundation and framework, looking at cloud security and controls in a holistic manner.
Q: How does CCM help communicate with customers?
The Cloud Control Matrix (CCM) clearly sets forth a comprehensive control framework based on various domains, service delivery models and architectural reference. Backed with references against various industry standards and best practice. It helps customers think about all the relevant controls and thereafter zoom into the specific technology for implementation.
Q: What's the value in a vendor-neutral certificate versus getting certified by a vendor like AWS? In what scenario are the different certificates important?
Both certifications have their respective unique value. Whilst a vendor-neutral cert is product/service or technology agnostic, it is important to lay out a clear cloud security framework, model and key concepts which can be applicable regardless of cloud service providers. On the other hand, a specific certificate issued by a specific CSP will assist in architecting, deploying or operating that specific cloud technology.
Q: Would you encourage your staff and/or colleagues to obtain the CCSK or other CSA qualifications? Why?
Yes, I would highly recommend it. CSA is a recognized body for cloud security. They have been continuously revising their knowledge base and research to meet the technology and market demands. Being CCSK certified demonstrates the professional has a broad grasp of relevant cloud technology and security models.
Q: What is the best advice you could give to IT professionals in order for them to scale new heights in their careers?
Continuously develop yourself and be relevant. As a security professional, to scale to new heights, we not only need to keep abreast with the latest technology, we also need to be aware of security trends, incidents, regulatory requirements, and the changing business landscape.//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/12/03/ccsk-success-stories-from-the-head-cybersecurity-architecture/
Voici la newsletter publiée par le CSA pour les Chapitres Européens, nord et sud américains. pour le mois de Décembre 2020.
<<<
|ssTablN0|k
|>| [img(auto,125px)[iCSA/KC1N1.png]] |
|>|Dear Chapters, |
|>|Thank you for participating in CSA's global community. We hope you enjoy this newsletter, created exclusively for our chapters.Feel free to share with your members.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|[img(150px,auto)[iCSA/KC1N2.jpg]]|!Circle|
|~|ALL Chapters should have an active Chapter community on the Circle platform by January 1st, 2021.|
|~|https://cloudsecurityalliance.connectedcommunity.org/home
If you do not have a CIRCLE community for your Chapter, please reach out to [[Carolina Ozan|mailto:cozan@cloudsecurityalliance.org]] or [[Todd Edison|tedison@cloudsecurityalliance.org]] to help get that created.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
| |!Chapter Profile|
|~|Please make sure that you have completed the Chapter Profile questionnaire and returned that to CSA global. Chapter Profiles were due November 15th. If you have not yet completed your Chapter Profile, please complete and submit as soon as possible.|
|~|!Annual Summary|
|~|Please make sure that you have completed the Annual Summary and returned that to CSA global.|
|~|Annual Summaries are due by December 15th. If you have not yet completed your Annual Summary, please complete and submit as soon as possible.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Research Releases|
| |• '[[The 2020 State of Identity Security in the Cloud|https://cloudsecurityalliance.org/artifacts/the-2020-state-of-identity-security-in-the-cloud/]]'|
|~|• '[[Key Management when using Cloud Services|https://cloudsecurityalliance.org/artifacts/key-management-when-using-cloud-services/]]'|
|~|• '[[Mitigating Hybrid Clouds Risks|https://cloudsecurityalliance.org/artifacts/mitigating-hybrid-clouds-risks/]]'|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Latest Cloudbytes Webinars|
| |• '[[International Data Transfer: What does the ruling of the European Court of Justice on the Privacy Shield mean in practice?|https://www.brighttalk.com/webcast/10415/442488]]|
|~|• '[[Public Cloud Database Security: Using Others' Mistakes to Stop Attacks|https://www.brighttalk.com/webcast/10415/443314]]|
|~|• '[[The Rise and Importance of Digital Identity|https://www.brighttalk.com/webcast/10415/446620]]|
|~|• '[[A Practical Guide to Securing Container, Docker Host, and Kubernetes Environment|https://www.brighttalk.com/webcast/10415/446354]]|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Other Research News|
| |• Peer Review: '[[Critical Controls Implementation for Oracle E-Business Suite|https://cloudsecurityalliance.org/artifacts/critical-controls-implementation-for-oracle-e-business-suite/]]'|
|~|• Peer Review: '[[Software-Defined Perimeter Zero Trust Charter|https://cloudsecurityalliance.org/artifacts/critical-controls-implementation-for-oracle-e-business-suite/]]'|
|~|• Blog: '[[Cloud Network Security 101: Azure Virtual Network Service Endpoints|https://cloudsecurityalliance.org/blog/2020/11/12/cloud-network-security-101-azure-virtual-network-service-endpoints/]]'|
|~|• Blog: '[[The Way You Protect Your Customers' Data Is Fundamentally Changing|https://cloudsecurityalliance.org/blog/2020/11/10/the-way-you-protect-your-customers-data-is-fundamentally-changing/]]'|
|~|• Blog: '[[What is cloud security? How is it different from traditional on-premises network security|https://cloudsecurityalliance.org/blog/2020/11/09/what-is-cloud-security-how-is-it-different-from-traditional-on-premises-network-security/]]'|
|~|If you have any questions around how to implement this research, you can ask our research analysts and working group members in our Circle Community [[here|https://circle.cloudsecurityalliance.org/communities/allcommunities?DisplayBy=3&OrderBy=0&CommunityTypeKey=314037a2-8690-4cd7-b3f6-596013ec15ca&FilterBy=]].|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Chapters Spotlight|
|[img(150px,auto)[iCSA/KC1N3.jpg]]|!CSA Washington DC Metro Chapter|
|~|Thank you to the CSA Washington DC Metro Chapter for their blog contribution titledSeven Steps to defining the art of the possible in DevOps. What in the world does DevOps mean?This article works to explain a proper definition of DevOps and includes project examples. Way to go, Washington DC Metro Chapter.|
|[img(150px,auto)[iCSA/KC1N4.png]]|!CSA Israel Chapter|
|~|The CSA Israel Chapter hosted the 10th Annual International Cybersecurity Conference titled Cyber Week. The event featured over 87 different speakers on various cybersecurity topics, including Mapping the Cyber Landscape - Diplomacy, Accountability and Capacity Building in Cyberspace, Analogue Humans in A Digital World, and Threat Modeling Healthcare. It also featured a CCSK Foundation Training workshop. Congratulations CSA Israel Chapter on a successful event.|
|~|More Information|
| |!Congratulations on gaining Legal Status|
|~|The following Chapters have recently gained legal status in their respective countries. Congratulations on successfully becoming legal entities.|
|~|• Central America, Ecuador, Minnesota|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Upcoming Events|
|[img(150px,auto)[iCSA/KC1N5.jpg]]|!CSA & RSA FBI Virtual Minnesota Briefing - The state of the current cybersecurity landscape|
|~|December 3, 2020, Virtual|
|~|Discuss lessons learned through our unique perspectives of fighting cyber criminals. Hear the FBI's best Practices to enable an organization to successfully protect itself in an ever-more-dangerous environment. Review the FBI's case studies, threat actors, and how it partners with the private industries. Take a closer look at a hypothetical corporate data breach highlighting the compromise, the call to law enforcement, the investigative process and the desired result.|
|~|More Information|
|[img(150px,auto)[iCSA/KC1N6.jpg]]|!FBI Briefing:Current Threats and How to Mitigate|
|~|December 9, 2020, Virtual|
|~|Join the CSA Hartford, CT Chapterfor a 30 minute presentation followed by a 15 minute Q&A session with FBI Special Agent Dodd.|
|~|Special Agent Dodd has been with the FBI for 17 years. He has worked in New York City and New Haven and specializes in counterintelligence and cyber criminal matters. He is Certified: Forensic Analyst, Incident Handler, Forensic Examiner, Reverse Engineering Malware, Network Forensic Analyst.|
|~|More Information|
|[img(150px,auto)[iCSA/KC1N7.jpg]]|!Who's in your cloud? - CSA & ISSA Minnesota Chapter Meeting|
|~|December 15, 2020, Virtual|
|~|When it comes to cloud operations, monitoring security and visibility are critical especially with the increase in staff working remotely. Join us on December 15th to learn about 'Cloud State Monitoring,' why it is important, and who needs to be aware of it.|
|~|- Why Cloud is special?|
|~|- Explanation of cloud APIs: Management / Control Plane vs Data Plane|
|~|- What is Cloud State Monitoring?|
|~|- Why is Cloud State Monitoring important?|
|~|- Who needs awareness about Cloud State Monitoring and Use Cases?|
|~|More Information|
|[img(150px,auto)[iCSA/KC1N8.jpg]]|!Dealing with an Adolescent Cloud|
|~|December 15, 2020, Virtual|
|~|Would you like to learn how to secure the cloud? This webcast will go in depth on AWS's 7 secure design principles and walk you through a variety of open source tools that your organization can deploy to secure a cloud environment. For each principle we will demonstrate a Fundamental and Advanced approaches to transform any organization.|
|~|More Information |
|[img(150px,auto)[iCSA/KC1N8.jpg]]|!CloudBytes Connect|
|~|February 2-4, 2021, Virtual|
|~|CSA is excited to launchCloudBytes Connect, a multi-day virtual event program that brings the collaboration of research and community to the forefront. Leveraging CSA's research initiatives to educate the industry on key issues and trends faced in cloud security, CloudBytes Connect will introduce participants, free of charge, to their peers and prominent leaders in the cloud and cybersecurity industry.|
|~|Over the course of three days, CSA will present a world-class program of speakers who will provide in-depth discussion and insight on specific topics each day. Keynote sessions will be presented from 9:00 am =E2=80=93 1:00 pm (PST) each morning.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|Until next time...|
|>|Sincerely,|
|>|''Todd Edison -- Chapter Relations Manager, Cloud Security Alliance''|
<<<
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202011>>
<<tiddler fAll2Tabs10 with: VeilleM","_202011>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Novembre 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202011>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Novembre 2020]]>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler fAll2LiTabs10 with: NewsL","202011>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Novembre 2020]]>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Novembre 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Novembre 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202011'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Novembre 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202011'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Actu - Novembre 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Blog","202011'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Novembre 2020]]>>
!Publications - Novembre 2020
<<tiddler fAll2LiTabs13end with: 'Publ","202011'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
!Publications - Octobre 2020
Publications de<<tiddler fAll2LiTabs13end with: 'Publ","202010'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Novembre 2020]]>>
!//Letting The Right One In: A Preamble to Device Trust//
[>img(150px,auto)[iCSA/KBQBL.jpg]]^^Article publié le 26 novembre 2020 sur le blog de la CSA, et le 31 août 2020 sur celui de Duo Security.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/26/letting-the-right-one-in-a-preamble-to-device-trust/
* Site Duo Security ⇒ https://duo.com/blog/letting-the-right-one-in-a-preamble-to-device-trust
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Network Security 101: Azure Private Link & Private Endpoints//
[>img(150px,auto)[iCSA/KBOBC.jpg]]^^Article publié le 24 novembre 2020 sur le blog de la CSA, et le 25 septembre 2020 sur le site de Fugue.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/24/cloud-network-security-101-azure-private-link-private-endpoints/
* Site Fugue ⇒ https://www.fugue.co/blog/cloud-network-security-101-azure-private-link-private-endpoints
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//3 Reasons Why You Need to Include a VRM Platform in 2021//
[>img(150px,auto)[iCSA/KBNB3.jpg]]^^Article publié le 23 novembre 2020 sur le blog de la CSA, et le 10 novembre 2020 sur le site de Whistic.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/23/3-reasons-why-you-need-to-include-a-vrm-platform-in-2021/
* Site Whistic ⇒ https://www.whistic.com/resources/three-reasons-why-you-need-to-include-a-vrm-platform
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//The Multi-Factor Factor (or How to Manage Authentication Risk)//
[>img(150px,auto)[iCSA/KBIBT.jpg]]^^Article publié le 18 novembre 2020 sur le blog de la CSA, et le 15 octobre 2020 sur celui de Duo Security.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/18/the-multi-factor-factor-or-how-to-manage-authentication-risk/
* Site Duo Security ⇒ https://duo.com/blog/the-multi-factor-factor-or-how-to-manage-authentication-risk
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//What is Cloud-Based Tokenization?//
[>img(150px,auto)[iCSA/KBHBW.jpg]]^^Article publié le 17 novembre 2020 sur le blog de la CSA, et le 9 octobre 2019 (//sic//) sur le site de TokenEx.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/17/what-is-cloud-based-tokenization/
* Site TokenEx ⇒ https://www.tokenex.com/blog/what-is-cloud-security
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Network Security 101: Azure Virtual Network Service Endpoints//
[>img(150px,auto)[iCSA/KBCBC.jpg]]^^Article publié le 12 novembre 2020 sur le blog de la CSA, et le 8 octobre 2020 sur le site de Fugue.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/12/cloud-network-security-101-azure-virtual-network-service-endpoints/
* Site Fugue ⇒ https://www.fugue.co/blog/cloud-network-security-101-azure-service-endpoints-vs.-private-endpoints
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//The Way You Protect Your Customers' Data Is Fundamentally Changing//
[>img(150px,auto)[iCSA/KBABT.png]]^^Article publié le 10 novembre 2020 sur le blog de la CSA, et le 27 octobre 2020 sur le site de Whistic.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/10/the-way-you-protect-your-customers-data-is-fundamentally-changing/
* Site Whistic ⇒ https://www.whistic.com/resources/the-way-you-protect-your-customers-data-is-changing
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//SaaS Security Series: Salesforce Guest User Log Analysis//
[>img(150px,auto)[iCSA/KB5BS.jpg]]^^Article publié le 5 novembre 2020 sur le blog de la CSA, et le 4 novembre 2020 sur le site de AppOmni.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/05/saas-security-series-salesforce-guest-user-log-analysis/
* Site AppOmni ⇒ https://appomni.com/blog-security-series-salesforce-guest-user-log-analysis/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//The 10 Best Practices in Cloud Data Security//
[>img(150px,auto)[iCSA/KB3BT.jpg]]^^Article publié le 3 novembre 2020 sur le blog de la CSA, et sur le site de TokenEx le 24 juillet 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/03/the-10-best-practices-in-cloud-data-security/
* Site TokenEx ⇒ https://www.tokenex.com/blog/10-best-practices-in-cloud-data-security
^^[img(25%,1px)[iCSF/BluePixel.gif]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #92|2020.11.29 - Newsletter Hebdomadaire #92]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #92|2020.11.29 - Weekly Newsletter - #92]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.11.29 - Newsletter Hebdomadaire #92]]>> |<<tiddler [[2020.11.29 - Weekly Newsletter - #92]]>> |
| La [[dernière Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' | The [[latest Newsletter|Dernière Newsletter]] ''#<<tiddler [[LatestWeeklyNum]]>>'' is dated from ''<<tiddler [[LatestWeeklyEN]]>>'' |
|!• La newsletter #92 est en cours de rédaction
• Date de publication estimée : __à partir du 29 novembre 2020__ |
| [img(100px,auto)[iCSF/Work.gif]]
La Veille 'Web Cloud et Sécurité' en cours de rédaction est → [[ici|2020.11.29 - Veille Hebdomadaire - 29 novembre]] ← |
/%|!⇒ [[CloudSecurityAlliance.fr/go/KBT/|https://CloudSecurityAlliance.fr/go/KBT/]] |
<<tiddler [[arOund0C]]>>%/
|!• Newsletter #92 is currently being written
• Estimated release date: __after November 29th, 2020__ |
| [img(100px,auto)[iCSF/Work.gif]]
The draft version of the 'Cloud and Security' News Watch is → [[here|2020.11.29 - Veille Hebdomadaire - 29 novembre]] ← |
/%|!⇒ [[CloudSecurityAlliance.fr/go/KBT/|https://CloudSecurityAlliance.fr/go/KBT/]] |
<<tiddler [[arOund0C]]>>%/
!!Veille Hebdomadaire - 23 au 29 novembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|>|>|>||
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2020.11.27|Bleeping Computer|[[Office 365 phishing abuses Oracle and Amazon cloud services|https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-oracle-and-amazon-cloud-services/]]|O365 Phishing|
|>|>|>|''Incidents'' |
|>|>|>|''Fuites de données / Leaks'' |
|>|>|>|''Pannes / Outages'' |
|2020.11.25|//Catchpoint//|[[AWS Outage Ahead of Black Friday|https://blog.catchpoint.com/2020/11/25/aws-outage-ahead-of-black-friday/]]|Outage AWS|
|2020.11.25|Silicon Angle|[[Update: AWS fixes cloud outage that caused service disruptions across the web|https://siliconangle.com/2020/11/25/aws-cloud-outage-causing-service-disruptions-across-web/]]|Outage AWS|
|2020.11.25|The Register|[[AWS admits to 'severely impaired' services in US-EAST-1, can't even post updates to Service Health Dashboard|https://www.theregister.com/2020/11/25/aws_down/]]|Outage AWS|
|2020.11.25|GeekWire|[[Amazon Web Services outage affects Adobe, Roku, Twilio, Flickr, others|https://www.geekwire.com/2020/amazon-web-services-outage-affects-adobe-roku-twilio-flickr-others/]]|Outage AWS|
|2020.11.26|ZDnet| → [[AWS Outage Impacts Thousands of Online Services|https://www.zdnet.com/article/aws-outage-impacts-thousands-of-online-services/]]|Outage AWS|
|2020.11.26|ZDnet[>img[iCSF/flag_fr.png]]| → [[AWS : Une panne majeure met à terre une partie d'internet|https://www.zdnet.fr/actualites/aws-une-panne-majeure-met-a-terre-une-partie-d-internet-39913731.htm]]|Outage AWS|
|2020.11.26|DataCenter Mag[>img[iCSF/flag_fr.png]]| → [[AWS victime d'une panne sévère|https://datacenter-magazine.fr/aws-victime-dune-panne-severe/]]|Outage AWS|
|2020.11.26|CRN.au| → [[Amazon's cloud service sees widespread outage|http://www.crn.com.au/news/amazons-cloud-service-sees-widespread-outage-558288]]|Outage AWS|
|2020.11.26|//Cloud Management Insider//| → [[Amazon Web Services Experiences Outage, Major Customers Impacted|https://www.cloudmanagementinsider.com/amazon-web-services-experiences-outage-major-customers-impacted/]]|Outage AWS|
|2020.11.26|//DNS Made Easy//| → [[AWS Suffers Prolonged Outage Ahead of Thanksgiving Holiday|https://social.dnsmadeeasy.com/blog/aws-suffers-prolonged-outage-ahead-of-thanksgiving-holiday/]]|Outage AWS|
|>|>|>||
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|!2020.11.25|//Tripwire//|[[Emerging Public Cloud Security Challenges in 2020 and Beyond|https://www.tripwire.com/state-of-security/security-data-protection/cloud/emerging-public-cloud-security-challenges/]]|Risks Challenges|
|>|>|>|''Menaces / Threats'' |
|2020.11.27|//Mitiga//|[[Step 1: Phish Mitiga. Step 2: Get Your Phishing-as-a-Platform Dissected by Mitiga|https://medium.com/mitiga-io/step-1-phish-mitiga-step-2-get-your-phishing-as-a-platform-dissected-by-mitiga-80a7333f76ee]]|Phishing|
|2020.12.01|MSSP Alert| → [[Microsoft Office 365 Phishing Leverages Oracle, AWS Cloud Services|https://www.msspalert.com/cybersecurity-breaches-and-attacks/phishing/microsoft-office-365-phishing-leverages-oracle-aws-cloud-services/]]|Phishing|
|2020.11.25|//Avanan//|[[Microsoft Teams: Proof of Concept Malware Attack Found In Wild|https://www.avanan.com/blog/proof-of-concept-teams-malware-attack-found-in-wild]]|.|
|2020.11.25|Dark Reading|[[Do You Know Who's Lurking in Your Cloud Environment?|https://www.darkreading.com/cloud/do-you-know-whos-lurking-in-your-cloud-environment/d/d-id/1339544]]|.|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|>|>|>||
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.11.28|//Prevasio//|[[Intro to Kubernetes Security Best Practices|https://blog.prevasio.com/2020/11/intro-to-kubernetes-security-best.html]]|K8s|
|>|>|>|''Protection'' |
|>|>|>|''Détection / Detection'' |
|>|>|>||
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.11.25|Container Journal|[[Analyst Report: Kubernetes K8s Data Protection|https://containerjournal.com/podcast/analyst-report-kubernetes-k8s-data-protection/]]|Report Kubernetes|
|>|>|>|''Sondages / Surveys'' |
|>|>|>|''Études / Studies'' |
|2020.11.24|Matt Soseman|[[TCO/ROI of Microsoft Cloud App Security (Forrester Study)|https://mattsoseman.wordpress.com/2020/11/24/tco-roi-of-microsoft-cloud-app-security-forrester-study/]]|Study|
|>|>|>|''Publications'' |
|2020.11.17|//Gartner//|[[Magic Quadrant for Access Management|https://www.gartner.com/reprints/?id=1-24F36V24&ct=201021&st=sb]]|AzureAD Gartner|
|>|>|>||
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.11.24|//Amazon AWS//|[[Amazon EventBridge adds Server-Side Encryption (SSE) and increases default quotas|https://aws.amazon.com/about-aws/whats-new/2020/11/amazon-eventbridge-adds-server-side-encryption-sse-and-increases-default-quotas/]]|AWS|
|2020.11.25|//Amazon AWS//|[[New - Attribute-Based Access Control with AWS Single Sign-On|https://aws.amazon.com/blogs/aws/new-attributes-based-access-control-with-aws-single-sign-on/]]|AWS SSO|
|2020.11.24|//Amazon AWS//|[[New - Multi-Factor Authentication with WebAuthn for AWS SSO|https://aws.amazon.com/blogs/aws/multi-factor-authentication-with-webauthn-for-aws-sso/]]|AWS SSO|
|2020.11.23|//Amazon AWS//|[[Zero Trust architectures: An AWS perspective|https://aws.amazon.com/blogs/security/zero-trust-architectures-an-aws-perspective/]]|AWS Zero_Trust|
|2020.11.23|//Amazon AWS//|[[AWS Security Hub integrates with AWS Organizations for simplified security posture management|https://aws.amazon.com/about-aws/whats-new/2020/11/aws-security-hub-integrates-with-aws-organizations-for-simplified-security-posture-management/]]|AWS_Security_Hub CSPM|
|2020.11.23|//Amazon AWS//|[[Code Signing, a Trust and Integrity Control for AWS Lambda|https://aws.amazon.com/blogs/aws/new-code-signing-a-trust-and-integrity-control-for-aws-lambda/]]|AWS|
|2020.11.20|//Amazon AWS//|[[Automatically update security groups for Amazon CloudFront IP ranges using AWS Lambda|https://aws.amazon.com/blogs/security/automatically-update-security-groups-for-amazon-cloudfront-ip-ranges-using-aws-lambda/]]|AWS|
|2020.11.19|//Amazon AWS//|[[Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources|https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/]]|AWS|
|2020.11.19|//Amazon AWS//|[[How to deploy the AWS Solution for Security Hub Automated Response and Remediation|https://aws.amazon.com/blogs/security/how-to-deploy-the-aws-solution-for-security-hub-automated-response-and-remediation/]]|AWS_Security_Hub Automation|
|2020.11.28|//Cloudonaut//|[[Unusual AWS Architectures|https://cloudonaut.io/unusual-aws-architectures/]]|AWS Architecture|
|2020.11.24|DZone|[[Exposed AWS Secret Access Key To GitHub Can Be a Costly Affair - A Personal Experience|http://feeds.dzone.com/link/16357/14107235/exposed-aws-secret-key-can-be-costly-affair]]||
|2020.11.23|DZone|[[AWS Well-Architected Framework in Serverless Part I: Security|https://dzone.com/articles/aws-well-architected-framework-in-serverless-part]]|AWS Serverless|
|>|>|>|''Azure (Microsoft)'' |
|2020.11.26|Thomas Maurer|[[How to Monitor an Azure virtual machine with Azure Monitor|https://www.thomasmaurer.ch/2020/11/how-to-monitor-an-azure-virtual-machine-with-azure-monitor/]]|Azure|
|2020.11.27|//AvePoint//|[[How to Secure and Recover Office 365 Data (Case Study)|https://www.avepoint.com/blog/backup/office-365-data-security-recovery/]]|O365 DRP|
|2020.11.25|Secure Cloud Blog|[[Defence in depth: Securing Azure App Service with Azure Front Door WAF, NodeJS runtime Security enhancements tested with OWASP ZAP|https://securecloud.blog/2020/11/25/defence-in-depth-securing-azure-app-service-with-azure-front-door-waf-nodejs-runtime-security-enhancements-tested-with-owasp-zap/]]|.|
|2020.11.24|Sami Lamppu|[[Microsoft 365 Defender vs Azure Sentinel - Which One To Use?|https://samilamppu.com/2020/11/24/microsoft-365-defender-vs-azure-sentinel-which-one-to-use/]]|M365_Defender Azue_Sentinel|
|2020.11.24|//Microsoft Azure//|[[Microsoft Azure Active Directory again a "Leader" in Gartner Magic Quadrant for Access Management|https://www.microsoft.com/security/blog/2020/11/24/microsoft-azure-active-directory-again-a-leader-in-gartner-magic-quadrant-for-access-management/]]|AzureAD Gartner|
|2020.11.24|//Black Hills//|[[Azure Security Basics: Log Analytics, Security Center, and Sentinel|https://www.blackhillsinfosec.com/azure-security-basics-log-analytics-security-center-and-sentinel/]]|Azure_Sentinel|
|>|>|>|''GCP (Google)'' |
|2020.11.24|Summit Route|![[Setting up personal G Suite backups on AWS|https://summitroute.com/blog/2020/11/24/setting_up_personal_gsuite_backups_on_aws/]] |Backup|
|2020.11.24|Summit Route| → outil [[backup_runner|https://github.com/SummitRoute/backup_runner]]|Tools|
|2020.11.24|//Google Cloud//|[[Serverless load balancing with Terraform: The hard way|https://cloud.google.com/blog/topics/developers-practitioners/serverless-load-balancing-terraform-hard-way]]|GCP|
|>|>|>|''Oracle'' |
|>|>|>|''Kubernetes'' |
|2020.11.28|//Prevasio//|[[Intro to Kubernetes Security Best Practices|https://blog.prevasio.com/2020/11/intro-to-kubernetes-security-best.html]]|Best_Practices|
|2020.11.26|//Caylent//|[[Understanding Kubernetes Operators|https://caylent.com/understanding-kubernetes-operators]]|K8s|
|2020.11.25|Container Journal|[[Analyst Report: Kubernetes K8s Data Protection|https://containerjournal.com/podcast/analyst-report-kubernetes-k8s-data-protection/]]|Report Kubernetes|
|>|>|>|''Docker'' |
|2020.11.26|ShellHacks|[[Docker: Remove All Images & Containers|https://www.shellhacks.com/docker-remove-all-images-containers/]]|Docker|
|2020.11.24|Security Week|[[Canonical Publishes Secure Container Application Images on Docker Hub|https://www.securityweek.com/canonical-publishes-secure-container-application-images-docker-hub]]|.|
|>|>|>|''Containers'' |
|2020.11.26|DZone|[[Getting Started With Container Registries|https://dzone.com/refcardz/getting-started-with-container-registries]]|Registries|
|2020.11.25|Container Journal|[[4 Security Risks Plaguing Container Development|https://containerjournal.com/topics/container-security/4-security-risks-plaguing-container-development/]]|Containers|
|2020.11.23|Container Journal|[[Containers Creating Major DevSecOps Challenge|https://containerjournal.com/topics/container-security/containers-creating-major-devsecops-challenge/]]|Containers|
|2020.11.23|//Exoscale//|[[Container-Optimized Instances|https://www.exoscale.com/syslog/container-optimized-instances/]]|Containers|
|2020.11.23|Rootless Containers|[[Rootless Containers|https://rootlesscontaine.rs/]]|Docker|
|>|>|>|''Workloads'' |
|>|>|>|''Outils / Tools'' |
|2020.11.28|KitPloit|[[Tracee - Container And System Event Tracing Using eBPF|https://www.kitploit.com/2020/11/tracee-container-and-system-event.html]]|Tools Containers|
|>|>|>||
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Conférences / Conferences'' |
|2020.11.25|//Divvy Cloud//|[[The Future of Cloud-Native Security is Here!|https://divvycloud.com/future-of-cloud-native-security/]]|Conference|
|>|>|>|''Podcasts'' |
|2020.11.29|Cloud Security Podcast|[[Risk Management in Cloud Security - Monica Verma|https://anchor.fm/cloudsecuritypodcast/episodes/RISK-MANAGEMENT-IN-CLOUD-SECURITY---MONICA-VERMA-en3pqe]]|Podcast|
|2020.11.25|SilverLining Podcast|![[Episode 29: Cloud Identity Governance - understanding challenges|https://silverlining-il.castos.com/episodes/episode-29-cloud-identity-governance-understanding-challenges]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/???????-????.mp3]]) |Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2020.11.29|Marco Lancini|[[The Cloud Security Reading List #65|https://cloudseclist.com/issues/issue-65/]] |Weekly_Newsletter|
|>|>|>||
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|''Juridique / Legal'' |
|>|>|>|''Réglementation / Regulatory'' |
|>|>|>|''Conformité / Compliance'' |
|2020.12.23|The Register|[[European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices|https://www.theregister.com/2020/11/23/european_recommendations_on_schrems_ii/]]|Privacy Europe|
|>|>|>||
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.11.26|Alain Bensoussan|[[Cloud souverain : un partenariat inédit entre Google et OVH|https://www.alain-bensoussan.com/avocats/marche-du-cloud-un-partenariat-inedit-entre-google-et-ovh/2020/11/26/]]|France Sovereignty|
|2020.11.27|Help Net Security|[[Worldwide cloud security market to reach $20.9 billion by 2027|https://www.helpnetsecurity.com/2020/11/26/worldwide-cloud-security-market-2027/]]|Market|
|2020.11.25|SC Magazine|[[Cloud security mapping startup Lightspin comes out of stealth|https://www.scmagazine.com/home/security-news/cloud-security/cloud-security-mapping-startup-lightspeed-comes-out-of-stealth-with-4m-in-seed-funding/]]|Misc|
|2020.11.25|//Cloud Management Insider//|[[CIA Goes Full Multi-Cloud as Google, AWS, Microsoft, Oracle, IBM Bag Multi-Billion Cloud Contract|https://www.cloudmanagementinsider.com/cia-goes-full-multi-cloud-as-google-aws-microsoft-oracle-ibm-bag-multi-billion-cloud-contract/]]|Government US|
|>|>|>|''Acquisitions'' |
|>|>|>||
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''APIs'' |
|2020.11.29|CISO Mag.|[[API targets are growing fast, therefore the need for API security|https://cisomag.eccouncil.org/api-targets-are-growing-fast-therefore-the-need-for-api-security/]]|APIs|
|>|>|>|!|
|2020.11.28|Security and Cloud 24/7|[[Confidential Computing and the Public Cloud|https://security-24-7.com/confidential-computing-and-the-public-cloud/]]|Confidential_Computing|
|2020.11.26|//Heimdal Security//|[[Cloud IAM and Cloud PAM Challenges Explained|https://heimdalsecurity.com/blog/cloud-iam-and-cloud-pam-challenges/]]|IAM|
|2020.11.28|Computer Weekly|[[IP surveillance: The storage it needs, on-premise and in the cloud|https://www.computerweekly.com/feature/IP-surveillance-The-storage-it-needs-on-premise-and-in-the-cloud]]|Storage|
|2020.11.25|Cloudberry Engineering|![[Foundations of a Multi-Cloud Security Strategy|https://cloudberry.engineering/article/multi-cloud-security-strategy-foundations/]] |Multi_Cloud|
|2020.11.25|Cyberwar Zone|[[How to get a €50 Dutch IaaS account for free|https://cyberwarzone.com/how-to-get-a-e50-dutch-iaas-account-for-free/]] ([[lien|https://www.nldatastore.nl/]])|Misc|
|2020.11.25|Dark Reading|[[Prevention Is Better Than the Cure When Securing Cloud-Native Deployments|https://www.darkreading.com/cloud/prevention-is-better-than-the-cure-when-securing-cloud-native-deployments-/a/d-id/1339361]]|.|
|2020.11.24|MSSP Alert|[[Sumo Logic Research: Multi-Cloud Security Findings|https://www.msspalert.com/cybersecurity-research/sumo-logic-study-multi-cloud-apps/]]|.|
|2020.11.24|Le MagIT[>img[iCSF/flag_fr.png]]|[[Cloud souverain : prêt à décoller, GAIA-X attire tous les regards|https://www.lemagit.fr/actualites/252492588/Cloud-souverain-pret-a-decoller-GAIA-X-attire-tous-les-regards]]|GAIA-X|
|2020.11.24|//Anchore//|[[The Open Sourcing of DevSecOps|https://anchore.com/blog/the-open-sourcing-of-devsecops/]]|DevSecOps|
|2020.11.24|Hold My Beer|[[Integrating Vault secrets into Jupyter notebooks for incident response and threat hunting|https://holdmybeersecurity.com/2020/11/24/integrating-vault-secrets-into-jupyter-notebooks-for-incident-response-and-threat-hunting/]]|Vault Defend|
|2020.11.23|//WeScale//[>img[iCSF/flag_fr.png]]|[[Le CloudRadar Cloud Native (deuxième partie) est disponible|https://blog.wescale.fr/2020/11/23/le-cloudradar-cloud-native-deuxieme-partie-est-disponible/]]|
|>|>|>|!|
|>|>|>||
|>|>|>|!|
|2020.11.26|Portail de l'IE[>img[iCSF/flag_fr.png]]|[[GAIA-X, un projet de cloud de moins en moins européen|https://portail-ie.fr/short/2510/gaia-x-un-projet-de-cloud-de-moins-en-moins-europeen]]|GAIA-X|
|2020.11.26|Le MagIT[>img[iCSF/flag_fr.png]]|[[https://www.lemagit.fr/actualites/252492797/Les-espaces-de-donnees-au-cur-de-GAIA-X]]|GAIA-X|
|2020.11.26|Journal du Net[>img[iCSF/flag_fr.png]]|[[5 conseils pour sécuriser ses données critiques dans un cloud public|https://www.journaldunet.com/web-tech/cloud/1495413-5-conseils-pour-securiser-ses-donnees-critiques-dans-un-cloud-public/]]|Misc|
|2020.11.26|45 Secondes[>img[iCSF/flag_fr.png]]|[[Un crash partiel des serveurs d'Amazon a empêché même les aspirateurs de fonctionner|https://45secondes.fr/un-crash-partiel-des-serveurs-damazon-a-empeche-meme-les-aspirateurs-de-fonctionner/]]|Outage AWS|
|2020.11.25|SilverLining IL|[[Episode 29: Cloud Identity Governance - understanding challenges|https://silverlining-il.castos.com/episodes/episode-29-cloud-identity-governance-understanding-challenges]]|Podcast|
|2020.11.23|//Illumio//|[[What to Do in a Cyber Incident: Technical Response|https://www.illumio.com/blog/cyber-incident-technical-response]]|Incident_Response|
<<tiddler [[arOund0C]]>>
!"//CSA Survey Finds Organizations are Shifting their Use of IAM Capabilities - The 2020 State of Identity Security in the Cloud//"
Article de blog publié le 25 novembre 2020
<<<
{{ss2col{[>img(200px,auto)[iCSA/KBPBC.png]]//The use of cloud services have continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises' digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better understand how cloud services are being used during this transition and how organizations are securing their operations over the next 12 months.
Below is a summary of the key findings found in this report.
!!!Key Finding 1 - Multi-cloud is being used by many organizations.
81% of respondents reported that their organizations are utilizing a multi-cloud strategy. However, further follow up demonstrated that companies rely heavily on one of public cloud providers over the others. The other providers tend to be used for more specialized workloads. There also isn't one cloud provider that is favored across the industry. The market share among the top providers has become more evenly spread. The use of public cloud platforms has allowed organizations to adapt to the remote workforce. The majority are using a multicloud approach increasing the complexity of security and visibility issues for many organizations. Organizations developing in these platforms are increasingly turning to agile techniques and technologies incorporating DevOps methodologies.
!!!Key Finding 2 - [>img(200px,auto)[iCSA/KBPB2.png]]Diversity of production workload types is expected to increase.
Respondents expect more diversity of production workload types. In addition to increased production with traditional virtual machines (59%), workloads using cloud-based services such as containers platforms (82%), serverless/ functions-as a-service (71%), and other cloud provider services (75%) are also expected.
The use of these technologies allow for increased portability, agility, and the embedding of security in code or "shifting security left." This shift of security within the DevOps production cycle ensures quality testing and that security is built in earlier in the development process. The growing remote workforce and utilization of cloud services and development technologies has created a complex environment requiring additional security tools or strategies for identity security
!!!Key Finding 3 - [>img(200px,auto)[iCSA/KBPB3.png]]Organizations are shifting their use of IAM capabilities over the next year.
On-premises or in the cloud, IAM methods such as MFA, federated identity, JIT, and advanced user privilege and access capabilities allow for more granular control and reduce security risks. Many of the organizations surveyed predict a rise in the use of these IAM techniques and will utilize a mix of cloud service provider capabilities as well as third-party vendors to meet those needs.
!!!Key Finding 4 Privilege and permission management rated as a top IAM security challenge for organizations for both humans and machines.
[<img(200px,auto)[iCSA/KBPB4.png]]Privilege and permission management was rated as high or extremely high priority for human identity (94%) and machines (77%).//}}}
<<<
!!!Liens
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/25/csa-survey-finds-organizations-are-shifting-their-use-of-iam-capabilities-the-2020-state-of-identity-security-in-the-cloud/
* Téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/the-2020-state-of-identity-security-in-the-cloud/
* Document (PDF) ⇒ https://cloudsecurityalliance.org/download/artifacts/the-2020-state-of-identity-security-in-the-cloud/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #91|2020.11.22 - Newsletter Hebdomadaire #91]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #91|2020.11.22 - Weekly Newsletter - #91]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.11.22 - Newsletter Hebdomadaire #91]]>> |<<tiddler [[2020.11.22 - Weekly Newsletter - #91]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 16 au 22 novembre 2020
!!1 - Informations CSA - 16 au 22 novembre 2020
* Actu : CSA 'CloudBytes Connect: From the SOC to the Boardroom' in February 2021+++*[»]> <<tiddler [[2020.11.19 - Actu : Conférence CSA 'CloudBytes Connect: From the SOC to the Boardroom' en février 2021]]>>===
* Blog : 'Rent to Pwn the Blockchain - 51% Attacks Made Easy'+++*[»]> <<tiddler [[2020.11.20 - Blog : 'Rent to Pwn the Blockchain - 51% Attacks Made Easy']]>>===
* Blog : 'CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects'+++*[»]> <<tiddler [[2020.11.19 - Blog : 'CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects']]>>===
* Blog : 'Circle - The Most Vital Cybersecurity Community'+++*[»]> <<tiddler [[2020.11.16 - Blog : 'Circle - The Most Vital Cybersecurity Community']]>>===
* Publication : 'The 2020 State of Identity Security in the Cloud'+++*[»]> <<tiddler [[2020.11.19 - Publication : 'The 2020 State of Identity Security in the Cloud']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 90 liens|2020.11.22 - Veille Hebdomadaire - 22 novembre]])
* __''À lire''__
** RETEX sur des incidents sécurité AWS
** Mind Map pour des investigations AWS (//Expel//)
* __Attaques, Incidents, Fuites de données, Pannes__
** Attaques : Campagnes de phishing O365
* __Risques, Menaces, Vulnérabilités__
** Vulnérabilités : Fuite d'information liées à des API en environnement AWS APIs (//Palo Alto Networks//) • APIs non sécurisées (//Optiv//)
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Azure AD Attack and Defense Playbook (Thomas Naunheim) • OpenShift Runtime Security (//StakRox//) • AKS Security Workbook (//Micosoft Azure//)
* __Rapports, Sondages, Études, Publications__
** Rapports : : '2020 Ransomware Resiliency Report' (//Veritas//) • '2020 Cloud Migration Trends Report' (//amdocs//) • 'Cloud-driven Identities' (//Divvy Cloud//) • '2020 Cloud Security Report' (//Bitglass//) • '2020 Global State of the Channel Ransomware' (//Datto//)
** Sondages : CNCF
** Études : 'Cybercriminal Cloud of Logs' (//Trend Micro//)
** Publications : Livre Blanc 'Cloud Native Security' (CNCF)
* __Cloud Services Providers, Outils__
** AWS : lancement de 'AWS Network Firewall' • AWS IAM
** Azure : Comptes à privilèges dans M365 • 'Global Network Reliability'
** GCP : Sécurisation de la Supply Chain • Guide pour développeurs GKE
** Containers : 'Privileged Container Escape'
** Workloads : Fonctionnalités sécurité sur AWS (//Intezer//) • Protection de workload (//Carbon Black//)
** Outils: BloodHound 4.0 • IAMFinder (//Palo Alto Networks//) • Sécurité Zero Trust Network pour Kubernetes (//Sysdig//)
* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts : 'Digital Risk Protection' • 'Government's Cloud Anxiety'
** Veilles : TL;DR Security #61 • The Cloud Security Reading List #64
* __Marché, Acquisitions__
* __Divers__
** GAIA-X • contrats Cloud en France • Glossaire
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KBM/|https://CloudSecurityAlliance.fr/go/KBM/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - November 16th to 22nd, 2020
!!1 - CSA News and Updates - November 16th to 22nd, 2020
* News: CSA 'CloudBytes Connect: From the SOC to the Boardroom' in February 2021+++*[»]> <<tiddler [[2020.11.19 - Actu : Conférence CSA 'CloudBytes Connect: From the SOC to the Boardroom' en février 2021]]>>===
* Blog: 'Rent to Pwn the Blockchain - 51% Attacks Made Easy'+++*[»]> <<tiddler [[2020.11.20 - Blog : 'Rent to Pwn the Blockchain - 51% Attacks Made Easy']]>>===
* Blog: 'CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects'+++*[»]> <<tiddler [[2020.11.19 - Blog : 'CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects']]>>===
* Blog: 'Circle - The Most Vital Cybersecurity Community'+++*[»]> <<tiddler [[2020.11.16 - Blog : 'Circle - The Most Vital Cybersecurity Community']]>>===
* Publication: 'The 2020 State of Identity Security in the Cloud'+++*[»]> <<tiddler [[2020.11.19 - Publication : 'The 2020 State of Identity Security in the Cloud']]>>===
!!2 - Cloud and Security News Watch ([[over 90 links|2020.11.22 - Veille Hebdomadaire - 22 novembre]])
* __''Must read''__
** Learning from AWS (Customer) Security Incidents
** Mind Map for AWS Investigations (//Expel//)
* __Attacks, Incidents, Data Leaks, Outages__
** Attacks: O365 Phishing Campaign
* __Risks, Threats, Vulnerabilities__
** Vulnerabilities: Information Leakage in AWS Resource-Based Policy APIs (//Palo Alto Networks//) • Insecure APIs (//Optiv//)
* __Best Practices, and Detection__
** Best Practices: Azure AD Attack and Defense Playbook (Thomas Naunheim) • OpenShift Runtime Security (//StakRox//) • AKS Security Workbook (//Micosoft Azure//)
* __Reports, Surveys, Studies, Publications__
** Reports: '2020 Ransomware Resiliency Report' (//Veritas//) • '2020 Cloud Migration Trends Report' (//amdocs//) • 'Cloud-driven Identities' (//Divvy Cloud//) • '2020 Cloud Security Report' (//Bitglass//) • '2020 Global State of the Channel Ransomware' (//Datto//)
** Surveys: CNCF Survey
** Studies: 'Cybercriminal Cloud of Logs' (//Trend Micro//)
** Publications: 'Cloud Native Security' White Paper (CNCF)
* __Cloud Services Providers, Tools__
** AWS: Launch of 'AWS Network Firewall' • AWS IAM
** Azure: Priority Accounts in M365 • Global Network Reliability
** GCP: Securing the Container Supply Chain • Developer's Guide to GKE
** Containers: Privileged Container Escape
** Workloads: Security Features of AWS (//Intezer//) • Workload Protection (//Carbon Black//)
** Tools: BloodHound 4.0 • IAMFinder (//Palo Alto Networks//) • Zero Trust Network Security for Kubernetes (//Sysdig//)
* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Podcasts: 'Digital Risk Protection' • 'Government's Cloud Anxiety'
** Newsletters: TL;DR Security #61 • The Cloud Security Reading List #64
* __Market, Acquisitions__
* __Miscellaneous__
** GAIA-X • Cloud Computing Contracts in France • Glossary
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KBM/|https://CloudSecurityAlliance.fr/go/KBM/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 16 au 22 novembre 2020
+++^*[Table des Matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2020.11.17|//Expel//|![[Introducing a mind map for AWS investigations|https://expel.io/blog/mind-map-for-aws-investigations/]] |AWS Investigations|
|2020.11.17|//Expel//| → [[MITRE ATT&CK in Amazon Web Services (AWS): A defender's cheat sheet|https://info.expel.io/expel-mitre-attack-in-AWS-toolkit.html]] (téléchargement)|AWS Investigations|
|2020.11.17|//Expel//| → [[AWS mind map for investigations and incidents|https://info.expel.io/expel-mitre-attack-in-AWS-toolkit.html]] (téléchargement)|AWS Investigations|
|2020.11.17|//Expel//| → [[AWS mind map for investigations and incidents|https://mobile.twitter.com/jhencinski/status/1283810412950106112]] (annonce)|AWS Investigations|
|2020.11.14|Rami MCarthy|![[Learning from AWS (Customer) Security Incidents|https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents]] |AWS Incidents|
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2020.11.17|Bleeping Computer|[[Office 365 phishing campaign detects sandboxes to evade detection|https://www.bleepingcomputer.com/news/security/office-365-phishing-campaign-detects-sandboxes-to-evade-detection/]]|O365 Phishing Evasion|
|2020.11.17|GBHackers on Security|[[New TroubleGrabber Malware Steals Credentials and System Information|https://gbhackers.com/troublegrabber-malware-attack/]]|Tools Attack|
|>|>|>|''Fuites de données / Leaks'' |
|2020.11.20|InfoSecurity Mag|[[Faith App Pray.com Exposes Millions Through Cloud Misconfig|https://www.infosecurity-magazine.com/news/faith-app-praycom-exposes-millions/]]|Data_Leak AWS_S3|
|2020.11.22|Silicon Angle| → [[Pray.com exposes millions of user records on unsecured cloud storage|https://siliconangle.com/2020/11/22/pray-com-exposes-millions-user-records-unsecured-cloud-storage/]]|Data_Leak AWS_S3|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.11.18|Infosecurity Mag.|[[The Value of a Compromised Cloud Account|https://www.infosecurity-magazine.com/blogs/value-compromised-cloud-account/]]|Accounts Economics|
|>|>|>|''Menaces / Threats'' |
|2020.07.17|//CipherCloud//|[[CipherCloud Chronicles #7: Spot Your Insider Threats|https://www.ciphercloud.com/ciphercloud-chronicles-7-spot-your-insider-threats/]]|Insider_Threats|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.11.17|//Palo Alto Networks//|![[Information Leakage in AWS Resource-Based Policy APIs|https://unit42.paloaltonetworks.com/aws-resource-based-policy-apis/]] |AWS IAM APIs leakage|
|2020.11.17|Silicon Angle| → [[Amazon Web Services APIs can allegedly be exploited to steal user data |https://siliconangle.com/2020/11/17/amazon-web-services-apis-can-allegedly-exploited-steal-user-data/]]|AWS IAM APIs leakage|
|2020.11.17|Dark Reading| → [[Nearly Two Dozen AWS APIs Are Vulnerable to Abuse|https://www.darkreading.com/cloud/nearly-two-dozen-aws-apis-are-vulnerable-to-abuse/d/d-id/1339471]]|AWS IAM APIs leakage|
|2020.11.18|Security Week| ← [[Researchers Find Tens of AWS APIs Leaking Sensitive Data|https://www.securityweek.com/researchers-find-tens-aws-apis-leaking-sensitive-data]]|AWS IAM APIs leakage|
|2020.11.16|//Optiv//|[[Insecure API Cloud Computing: The Causes and Solutions|https://www.optiv.com/explore-optiv-insights/blog/insecure-api-cloud-computing-causes-and-solutions]]`|APIs|
|2020.11.13|CompariTech|[[Security vulnerabilities found affecting more than 80,000 Western Digital My Cloud NAS devices. Update now!|https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/]]|Flaw|
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|2020.11.19|Thomas Naunheim|![[Community Project: Azure AD Attack and Defense Playbook|https://www.cloud-architekt.net/aad-playbook-project/]] |AzureAD|
|2020.11.20|Sami Lamppu|[[Community Project: Azure AD Attack and Defense Playbook|https://samilamppu.com/2020/11/20/community-project-azure-ad-attack-and-defense-playbook/]] (1/2)|AzureAD|
|2020.11.16|//StakRox//|[[OpenShift Runtime Security Best Practices|https://www.stackrox.com/post/2020/11/openshift-runtime-security-best-practices/]] (3/5)|Openshift Best_Practices|
|2020.11.09|//Microsoft Azure//|[[New Azure Kubernetes Service (AKS) Security Workbook|https://techcommunity.microsoft.com/t5/azure-sentinel/new-azure-kubernetes-service-aks-security-workbook/ba-p/1867134]]|Azure_AKS|
|2020.11.19|ATT&CK CON|[[Building Detections For Cloud With Kql and ATT&CK|https://www.youtube.com/watch?v=dEORNlCS7xc]] (vidéo)|ATT&CK Conference|
|2020.11.19|ATT&CK CON|[[ATT&CKing The Cloud: Hopping Between The Matrice|https://www.youtube.com/watch?v=f1E6bquRxlA]] (vidéo)|ATT&CK Conference|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.11.18|//amdocs//|[[2020 Cloud Migration Trends Report|https://www.amdocs.com/cloud-migration-trends-2021]]|Report|
|2020.11.18|Solutions Review| → [[Amdocs: Security Is the Top Challenge for Cloud Adoption|https://solutionsreview.com/cloud-platforms/amdocs-security-is-the-top-challenge-for-cloud-adoption/]]|Report|
|2020.11.18|//Divvy Cloud//|[[ESG's Report on Cloud-driven Identities|https://divvycloud.com/esg-report/]]|Report|
|2020.11.17|//Veritas//|![[The Resiliency Gap Widens: Failure to Keep Pace with Complexity in Multi-Cloud Environments Leaves Businesses at Risk of Ransomware, Finds Veritas Survey|https://www.veritas.com/news-releases/2020-11-17-the-resiliency-gap-widens-failure-to-keep-pace-with-complexity-in-multi-cloud-environments-leaves-businesses-at-risk-of-ransomware-finds-veritas-survey]]|Report|
|2020.11.17|//Veritas//| ← Etude [[2020 Ransomware Resiliency Report|https://www.veritas.com/defy/ransomware]]|Report|
|2020.11.18|Dark Reading| → [[As Businesses Move to Multicloud Approach, Ransomware Follows|https://www.darkreading.com/cloud/as-businesses-move-to-multicloud-approach-ransomware-follows/d/d-id/1339475]]|Report|
|2020.11.18|Help Net Security| → [[Multi-cloud environments leaving businesses at risk|https://www.helpnetsecurity.com/2020/11/18/multi-cloud-environments-risk/]]|Report|
|2020.11.18|//Bitglass//|![[Bitglass' 2020 Cloud Security Report|https://www.bitglass.com/blog/bitglass-2020-cloud-security-report]]|Report|
|2020.11.18|BetaNews| ← [[Less than a third of organizations use cloud data leakage protection|https://betanews.com/2020/11/18/organizations-cloud-data-leakage-protection/]]|Report|
|2020.11.18|TechRepublic| ← [[How to improve the security of your public cloud|https://www.techrepublic.com/article/how-to-improve-the-security-of-your-public-cloud/]]|Report|
|2020.11.18|//Datto//|![[2020 Global State of the Channel Ransomware Report|https://www.datto.com/resources/dattos-2020-global-state-of-the-channel-ransomware-report]] |Report|
|2020.11.20|CyberSecurity Insiders| ← [[Ransomware attacks on one in four SaaS providers|https://www.cybersecurity-insiders.com/ransomware-attacks-on-one-in-four-saas-providers/]] |Report|
|>|>|>|''Sondages / Surveys'' |
|2020.11.18|//Bitglass//|![[Bitglass' 2020 Cloud Security Report|https://www.bitglass.com/blog/bitglass-2020-cloud-security-report]]|Report|
|2020.11.18|BetaNews| ← [[Less than a third of organizations use cloud data leakage protection|https://betanews.com/2020/11/18/organizations-cloud-data-leakage-protection/]]|Report|
|2020.11.18|TechRepublic| ← [[How to improve the security of your public cloud|https://www.techrepublic.com/article/how-to-improve-the-security-of-your-public-cloud/]]|Report|
|2020.11.17|Cloud Native Computing Foundation|![[Cloud Native Survey 2020: Containers in production jump 300% from our first survey|https://www.cncf.io/blog/2020/11/17/cloud-native-survey-2020-containers-in-production-jump-300-from-our-first-survey/]] |Survey CNCF|
|2020.11.17|Cloud Native Computing Foundation|[[CNCF Survey 2020|https://www.cncf.io/wp-content/uploads/2020/11/CNCF_Survey_Report_2020.pdf]] (pdf)|Survey CNCF|
|2020.11.16|Container Journal| ← [[CNCF Survey Finds Increased Dependency on Containers, Kubernetes|https://containerjournal.com/topics/container-ecosystems/cncf-survey-finds-increased-dependency-on-containers-kubernetes/]]|Survey CNCF|
|>|>|>|''Études / Studies'' |
|2020.11.16|//Trend Micro//|![[Cybercriminal Cloud of Logs|https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cybercriminal-cloud-of-logs-the-emerging-underground-business-of-selling-access-to-stolen-data]] |Report|
|2020.11.19|CyberSecurity Insiders| → [[Cloud operations are the latest target for ransomware groups|https://www.cybersecurity-insiders.com/cloud-operations-are-the-latest-target-for-ransomware-groups/]]|Report|
|>|>|>|''Publications'' |
|2020.11.17|Cloud Native Computing Foundation|![[Cloud Native Announcing the Cloud Native Security White Paper|https://www.cncf.io/blog/2020/11/18/announcing-the-cloud-native-security-white-paper/]] |Guidelines|
|2020.11.17|Cloud Native Computing Foundation| ← [[New Cloud Native Security Whitepaper|https://github.com/cncf/sig-security/blob/master/security-whitepaper/CNCF_cloud-native-security-whitepaper-Nov2020.pdf]]|Guidelines|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.11.22|Bug Bounty Writeup|[[Amazon Web Services IAM Basics, The only guide you need!|https://medium.com/bugbountywriteup/amazon-web-services-iam-basics-the-only-guide-you-need-ad2697b6a38e]]|AWS IAM|
|2020.11.20|Pawel Rzepa|[[AWS access keys leak in GitHub repository and some improvements in Amazon reaction|https://rzepsky.medium.com/aws-access-keys-leak-in-github-repository-and-some-improvements-in-amazon-reaction-cc2e20e89003]]|AWS GitHub Leak|
|2020.11.20|Pawel Rzepa|[[It seems that AWS recently add those new improvements to the process of handling leaks like…|https://medium.com/@rzepsky/it-seems-that-aws-recently-add-those-new-improvements-to-the-process-of-handling-leaks-like-18a24bc609f5]]|AWS Leak|
|2020.11.20|//Amazon AWS//|[[Fairness in multi-tenant systems|https://aws.amazon.com/builders-library/fairness-in-multi-tenant-systems/]]|AWS Multi_Tenant|
|2020.11.20|//Amazon AWS//|[[How to deploy the AWS Solution for Security Hub Automated Response and Remediation|https://aws.amazon.com/blogs/security/how-to-deploy-the-aws-solution-for-security-hub-automated-response-and-remediation/]]|AWS_SecurityHub|
|2020.11.20|//Amazon AWS//|[[Automatically update security groups for Amazon CloudFront IP ranges using AWS Lambda|https://aws.amazon.com/blogs/security/automatically-update-security-groups-for-amazon-cloudfront-ip-ranges-using-aws-lambda/]]|AWS|
|2020.11.18|//Amazon AWS//|[[Announcement: Availability of AWS Recommendations for the management of AWS root account credentials|https://aws.amazon.com/blogs/security/announcement-availability-of-aws-recommendations-for-management-of-aws-root-account-credentials/]]|AWS Best_Practices|
|2020.11.17|//Amazon AWS//|![[AWS Network Firewall - New Managed Firewall Service in VPC|https://aws.amazon.com/blogs/aws/aws-network-firewall-new-managed-firewall-service-in-vpc/]] |AWS Firewall|
|2020.11.17|//Amazon AWS//| → [[AWS Network Firewall|https://aws.amazon.com/fr/network-firewall/]]|AWS Firewall|
|2020.11.18|//Amazon AWS//| → [[AWS Firewall Manager now supports centralized management of AWS Network Firewall|https://aws.amazon.com/about-aws/whats-new/2020/11/aws-firewall-manager-supports-centralized-management-aws-network-firewall/]]|AWS Firewall|
|2020.11.18|MSSP Alert| → [[AWS Launches Network Firewall Managed Security Service|https://www.msspalert.com/cybersecurity-services-and-products/network/aws-network-firewall-managed-security-service/]]|AWS Firewall|
|2020.11.18|Security Week| → [[AWS Network Firewall Now Generally Available|https://www.securityweek.com/aws-network-firewall-now-generally-available]]|AWS Firewall|
|2020.11.18|Silicon Angle| → [[AWS launches AWS Network Firewall to block cloud threats|https://siliconangle.com/2020/11/18/aws-launches-aws-network-firewall-block-cloud-threats/]]|AWS Firewall|
|2020.11.18|//Check Point Software//| → [[Enhancing Cloud Security Posture for AWS Network Firewall|https://blog.checkpoint.com/2020/11/17/enhancing-cloud-security-posture-for-aws-network-firewall/]]|AWS Firewall|
|2020.11.18|Help Net Security| → [[AWS Network Firewall: Network protection across all AWS workloads|https://www.helpnetsecurity.com/2020/11/18/aws-network-firewall-protection/]]|AWS Firewall|
|2020.11.18|The Register| → [[AWS includes open-source Suricata for stateful inspection with Network Firewall service|https://go.theregister.com/feed/www.theregister.com/2020/11/19/aws_adopts_open_source_suricata/]]|AWS Firewall|
|2020.11.20|SANS| → [[AWS Network Firewall: More Than Just Layer 4|https://www.sans.org/blog/aws-network-firewall-more-than-just-layer-4/]]|AWS Firewall|
|2020.11.17|//Amazon AWS//|[[Centrally manage AWS WAF (API v2) and AWS Managed Rules at scale with Firewall Manager|https://aws.amazon.com/blogs/security/centrally-manage-aws-waf-api-v2-and-aws-managed-rules-at-scale-with-firewall-manager/]]|AW WAF Firewall|
|2020.11.16|DZone|[[Pros and Cons of CloudWatch for Error Monitoring|https://dzone.com/articles/pros-and-cons-of-cloudwatch-for-error-monitoring]]|AWS_CloudWatch|
|2020.11.16|//Alcide//|[[Supercharging Kubernetes Threat Detection with Alcide and AWS Security Hub|https://blog.alcide.io/alcide-aws-security-hub]]|AWS_Security_Hub|
|2020.11.19|//Amazon AWS//|[[Simplifying cross-account access with Amazon EventBridge resource policies|https://aws.amazon.com/blogs/compute/simplifying-cross-account-access-with-amazon-eventbridge-resource-policies/]]|AWS Account_Access|
|2020.11.16|//Amazon AWS//|[[Announcing protection groups for AWS Shield Advanced|https://aws.amazon.com/about-aws/whats-new/2020/11/announcing-protection-groups-aws-shield-advanced/]]|AWS_Shield|
|2020.11.16|//Amazon AWS//|[[Investigate VPC flow with Amazon Detective|https://aws.amazon.com/blogs/security/investigate-vpc-flow-with-amazon-detective/]]|AWS|
|2020.11.10|//Amazon AWS//|[[New - Deep Dive with Security: AWS Identity and Access Management (IAM)|https://aws.amazon.com/about-aws/whats-new/2020/11/new-deep-dive-with-security-aws-identity-and-access-management-iam/]]|AWS IAM|
|>|>|>|''Azure (Microsoft)'' |
|2020.11.19|Thomas Naunheim|![[Community Project: Azure AD Attack and Defense Playbook|https://www.cloud-architekt.net/aad-playbook-project/]] |AzureAD|
|2020.11.21|//Microsoft Azure//|[[Baseline architecture for an Azure Kubernetes Service (AKS) cluster|https://docs.microsoft.com/en-gb/azure/architecture/reference-architectures/containers/aks/secure-baseline-aks]]|AKS|
|2020.11.18|//Microsoft Azure//|[[Using Priority Accounts in Microsoft 365|https://techcommunity.microsoft.com/t5/microsoft-365-blog/using-priority-accounts-in-microsoft-365/ba-p/1873314]]|M365 IAM|
|2020.11.19|Security Week| ← [[Microsoft Boosts Security of 365 Priority Accounts|https://www.securityweek.com/microsoft-boosts-security-365-priority-accounts]]|M365 IAM|
|2020.11.18|//Microsoft Azure//|[[Modernize secure access for your on-premises resources with Zero Trust|https://www.microsoft.com/security/blog/2020/11/19/modernize-secure-access-for-your-on-premises-resources-with-zero-trust/]]|Zero_Trust|
|2020.11.17|Thomas Maurer|[[Manage updates and patches for your Azure VMs|https://www.thomasmaurer.ch/2020/11/manage-updates-and-patches-for-your-azure-vms/]] ([[vidéo|https://youtu.be/OkNVCWXseRA]])|Azure Patch_Management|
|2020.11.17|Daniel Neumann|[[Troubleshooting Azure Kubernetes Service tunnel component issues|https://www.danielstechblog.io/troubleshooting-azure-kubernetes-service-tunnel-component-issues/]]|AWS Kubernetes|
|2020.11.16|//Microsoft Azure//|[[Advancing global network reliability through intelligent software - part 2 of 2|https://azure.microsoft.com/en-us/blog/advancing-global-network-reliability-through-intelligent-software-part-2-of-2/]] (2/2)|Azure Reliability|
|2020.11.16|//Microsoft Azure//|[[General availability: VPN over ExpressRoute private peering|https://azure.microsoft.com/en-us/updates/general-availability-vpn-over-expressroute-private-peering/]]|Azure Peering|
|2020.11.09|//Microsoft Azure//|[[Deploying and Managing Azure Sentinel - Ninja style|https://techcommunity.microsoft.com/t5/azure-sentinel/deploying-and-managing-azure-sentinel-ninja-style/ba-p/1858073]]|Azure_Sentinel|
|2020.11.09|//Microsoft Azure//|[[New Azure Kubernetes Service (AKS) Security Workbook|https://techcommunity.microsoft.com/t5/azure-sentinel/new-azure-kubernetes-service-aks-security-workbook/ba-p/1867134]]|Azure_AKS|
|>|>|>|''GCP (Google)'' |
|2020.11.18|//Google Cloud//|[[Introducing Voucher, a service to help secure the container supply chain|https://cloud.google.com/blog/products/devops-sre/introducing-voucher-service-help-secure-container-supply-chain]]|GCP Cotainer Supply_Chain|
|2020.11.17|//Google Cloud//|[[A developer's guide to Google Kubernetes Engine, or GKE|https://cloud.google.com/blog/products/containers-kubernetes/tips-and-tricks-for-developers-learning-to-work-with-gke]]|GCP GKE|
|2020.11.17|//ScleSec//|[[Announcing Project Lockdown - GCP Automated Remediation Suite|https://scalesec.com/news/announcing-project-lockdown/]] ([[GitHub|https://github.com/ScaleSec/project_lockdown]])|Tools GCP|
|>|>|>|''Kubernetes'' |
|2020.11.19|//Accurics//|[[Kubernetes Security Starts With Policy as Code|https://www.accurics.com/blog/security/kubernetes-security-starts-with-policy-as-code/]]|K8s|
|2020.11.18|Kubernetes|[[Blog: Cloud native security for your clusters|https://kubernetes.io/blog/2020/11/18/cloud-native-security-for-your-clusters/]]|K8s|
|2020.11.18|//Check Point Software//|[[Achieving K8 Security @ The Speed & Scale of DevOps|https://blog.checkpoint.com/2020/11/18/achieving-k8-security-the-speed-scale-of-devops/]]|K8s DevSecOps|
|2020.11.22|//CodeBurst//|[[Kubernetes Watches by Example|https://codeburst.io/kubernetes-watches-by-example-bc1edfb2f83]]|K8s|
|2020.11.17|//Sysdig//|[[Kubernetes-native network security with Sysdig|https://sysdig.com/blog/kubernetes-native-network-security/]]|K8s|
|2020.11.17|Help Net Security| → [[Sysdig launches zero trust network security for Kubernetes to cut miscrosegmentation time|https://www.helpnetsecurity.com/2020/11/18/sysdig-zero-trust-network-security-for-kubernetes/]]|K8s|
|2020.11.16|//CyberArk Conjur//|[[Cloud Native IAM EKS Secrets Management for Kubernetes|https://www.conjur.org/blog/cloud-native-iam-eks-secrets-management-for-kubernetes/]]|K8s|
|2020.11.15|antitree|[[Pod Security Policies Are Being Deprecated in Kubernetes|https://www.antitree.com/2020/11/pod-security-policies-are-being-deprecated-in-kubernetes/]]|K8s|
|2020.11.13|CapitalOne|[[How to Maintain Compliance - At the Speed of Kubernetes|https://www.capitalone.com/tech/open-source/compliance-at-the-speed-of-kubernetes/]]|Compliance Kubernetes|
|2020.11.13|//Cloudflare//|[[Automated Origin CA for Kubernetes|https://blog.cloudflare.com/automated-origin-ca-for-kubernetes/]]|K8s|
|>|>|>|''Containers'' |
|2020.11.19|Alex Chapman|[[Privileged Container Escape - Control Groups release_agent|https://ajxchapman.github.io/containers/2020/11/19/privileged-container-escape.html]]|Containers|
|>|>|>|''Docker'' |
|2020.11.19|//SecureFlag//|[[Securing the Docker Ecosystem: Part 1: Strategies to Secure the Docker Daemon|https://blog.secureflag.com/2020/11/19/securing-the-docker-ecosystem-part-1-the-docker-daemon.html]] (1/3)|
|>|>|>|''Workloads'' |
|2020.11.18|//Intezer//|![[Cloud Workload Security: Part 2 - Security Features of AWS|https://www.intezer.com/blog/cloud-workload-security-part-2-security-features-of-aws/]] (2/5)|Workloads AWS|
|2020.11.18|//Carbon Black//|[[Defining Cloud Workload Protection|https://www.carbonblack.com/blog/defining-cloud-workload-protection/]]|Workloads Protection|
|>|>|>|''Outils / Tools'' |
|2020.11.20|Help Net Security|[[Open Raven Cloud-Native Data Protection Platform: Automating security and privacy operations|https://www.helpnetsecurity.com/2020/11/20/open-raven-cloud-native-data-protection-platform/]]|Tools|
|2020.11.20|//SpecterOps//|![[Introducing BloodHound 4.0: The Azure Update|https://posts.specterops.io/introducing-bloodhound-4-0-the-azure-update-9b2b26c5e350]]|AzureAD Tools Audit|
|2020.11.19|//Palo Alto Networks//|[[IAMFinder: Open Source Tool to Identify Information Leaked from AWS IAM Reconnaissance|https://unit42.paloaltonetworks.com/iamfinder/]]|Tools AWS IAM|
|2020.11.19|//Palo Alto Networks//| ← [[IAMFinder|https://github.com/prisma-cloud/IAMFinder]]|Tools AWS IAM|
|2020.11.16|Security Report|[[4 free DevSecOps tools for staying on top of vulnerabilities|https://securityreport.com/4-free-devsecops-tools-for-staying-on-top-of-vulnerabilities/]]|DevSecOps|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2020.11.22|Cloud Security Podcast|[[What Is Digital Risk Protection & Why Is It Important? - Sam Small, Zerofox|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-IS-DIGITAL-RISK-PROTECTION--WHY-IS-IT-IMPORTANT----Sam-Small--Zerofox-emquu5]]|Podcast|
|2020.11.17|NextGov|[[Critical Update: The Government's Cloud Anxiety|https://www.nextgov.com/podcasts/2020/11/critical-update-governments-cloud-anxiety/170099/]]|Podcast Risks|
|>|>|>|''Veilles / Newsletters'' |
|2020.11.22|Marco Lancini|[[The Cloud Security Reading List #64|https://cloudseclist.com/issues/issue-64/]] |Weekly_Newsletter|
|2020.11.19|TL;DR Security|[[#61 - Effective Security OKRs, Scaling Threat Modeling, Webscan|https://tldrsec.com/blog/tldr-sec-061/]] |Weekly_Newsletter|
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|2020.11.21|Silicon Angle|[[Now that's multicloud: CIA awards multibillion-dollar contract to AWS, Microsoft, Google, Oracle and IBM|https://siliconangle.com/2020/11/20/now-thats-multicloud-cia-awards-multibillion-dollar-contract-aws-microsoft-google-oracle-ibm/]]|Government US|
|2020.11.18|Lexology|[[What is GAIA-X and What Do I Need To Know?|https://www.lexology.com/library/detail.aspx?g=6ba79c15-bd17-4377-a007-43a317244a7b]]|Gaia-X|
|2020.11.18|//Exoscale//|[[GAIA-X cloud initiative from Europe for Europe|https://www.exoscale.com/syslog/gaia-x/]]|GAIA-X|
|>|>|>|!Divers / Miscellaneous |
|2020.11.20|//Cipher Cloud//|[[2020 Vision: Adapting Security for Office 365 Collaboration|https://www.ciphercloud.com/2020-vision-adapting-security-for-office-365-collaboration/]]|O365|
|2020.11.20|//Capsule8//|[[Put Us In Coach - Cloud Security is a Team Sport|https://capsule8.com/blog/put-us-in-coach-cloud-security-is-a-team-sport/]]|Misc|
|2020.11.20|451 Research|[[Cloud Security is a Team Sport|https://clients.451research.com/reports/100726]]|Report|
|2020.11.19|CloudTweaks|[[Infrastructure-as-a-Service Security Responsibilities|https://cloudtweaks.com/2020/11/infrastructure-as-a-service-security/]]|Responsibilities|
|2020.11.19|InfoSec Write-Ups|[[Baseline Security Check II - Cloud Security Strategy|https://medium.com/bugbountywriteup/baseline-security-check-ii-a9da4f7634ae]]|Strategy|
|2020.11.18|CyberSecurity Insiders|[[How to Plan for Data Recovery|https://www.cybersecurity-insiders.com/how-to-plan-for-data-recovery/]]|Data_Recovery|
|2020.11.18|//Netskope//|[[SASE and the Forces Shaping Digital Transformation Part 3: Government and Industry Regulations, and Global Social and Economic Forces|https://www.netskope.com/blog/sase-and-the-forces-shaping-digital-transformation-part-3-government-and-industry-regulations-and-global-social-and-economic-forces]] (3/3)|SASE|
|2020.11.17|Lexology|[[At a glance: cloud computing contracts in France|https://www.lexology.com/library/detail.aspx?g=20052396-e6fe-4ba2-89f5-e1e0e3646072]]|Contracts|
|2020.11.17|//ThreatStack//|[[Establishing a 2021 Cloud Security Strategy|https://www.threatstack.com/blog/establishing-a-2021-cloud-security-strategy]]|Strategy|
|2020.11.17|//PivotPoint Security//|[[CSA's New IoT Security Controls Framework - How it Came About and Why it's so Effective|https://www.pivotpointsecurity.com/blog/csas-new-iot-security-controls-framework-how-it-came-about-and-why-its-so-effective/]]|CSA|
|2020.11.16|Help Net Security|[[How a move to the cloud can improve disaster recovery plans|https://www.helpnetsecurity.com/2020/11/16/improve-disaster-recovery-plans/]]|DRP|
|2020.11.16|//CloudCheckr//|[[Multi-Cloud Computing Glossary for AWS, Microsoft Azure, and Google Cloud|https://cloudcheckr.com/video/multi-cloud-computing-glossary-for-aws-microsoft-azure-and-google-cloud/]]|Glossary|
|2020.11.16|//HashiCorp//|[[A Vault Policy Masterclass|https://www.hashicorp.com/resources/a-vault-policy-masterclass]]|Vault Explain|
<<tiddler [[arOund0C]]>>
!"//Rent to Pwn the Blockchain - 51% Attacks Made Easy//"
Article publié le 20 novembre 2020 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA//
<<<
|This article is not legal or investment advice. This article covers some aspects of 51% attacks (and 34% attacks and some other variations) in DeFi, and some potential solutions to prevent these attacks from succeeding. So where I say "51% Attack" I mean "all attacks where you get enough capacity/votes/whatever to hijack the consensus mechanism."|
[>img(175px,auto)[iCSA/KBKBR.png]]''Let's get the ugly truth out of the way first: 51% attacks against real world Blockchains and DLTs, especially in the crypto currency space, are not a hypothetical or a "someday maybe" attack, they are a here and now attack''. For example in August of 2020 we had the headline "Ethereum Classic Hit by Third 51% Attack in a Month"+++^*[»] https://www.coindesk.com/ethereum-classic-blockchain-subject-to-yet-another-51-attack === with total losses in the millions and at least one exchange made public comments about delisting Ethereum Classic.
!!!Let's split the 51% attack into two main problems.
* The first one is the 51% attack against a Blockchain/DLT that doesn't have sufficient network mining capacity and diversity to be resistant.
* The second is the 51% attack against a real Blockchain/DLT with lots of network mining capacity spread across a diverse group of miners, such as Bitcoin or Ethereum.
!!!Gaining 51% (or more) of a Blockahin or DLT can be easy if you're willing to target a smaller network.
[>img(600px,auto)[iCSA/KBKB1.png]]Much like lions and cheetahs will cut an injured gazelle out of the herd, attackers can pick and choose their targets. Below are some graphs (courtesy of https://coinmetrics.io/charts/), that in classical fashion is both hard to read, and has incomplete data, but please bear with me (hashrate-lastyear.png)
If you zoom in you'll note some things:
* This is a graph of hashrates for various crypto currencies over the last 12 months (as of Sept 2020) for a variety of crypto currencies.
* The scale is logarithmic, in other words the difference between the highest (XMR at the top) and the lowest hashrates (e.g. ETC, ZEC) is massive, on the order of millions to hundred of millions.
* The hash rates are pretty consistent, but you'll notice that XMR (Monero) has a big bump in 2019 due to the implementation of an ASIC resistant work function, something they do semi regularly to keep the protocol decentralized (more on this later).
* There are clearly some big healthy networks, and some smaller, sickly networks, which we know to be true thanks to publicly confirmed 51% attacks on them such as Ethereum Classic (ETC), if you check the market value they generally correlate to the hash rate (more hashing means more valuable).
!!!Given this, one obvious strategy for attackers is to attack weaker crypto currencies.
For example in April of 2020 the Bitcoin Cash (BCH) experienced a hash rate drop of 80% (because the mining reward was reduced), which means a 51% attack is now significantly easier. The long and short of it is for approximately $10,000 (USD), you could rent enough hashing power to conduct an attack. Whether or not the attacker could then conduct an attack that gains them more than $10,000 (USD) and actually launder the cash is another question.
!!A second strategy inline with attacking weak networks is to conduct an attack that helps weaken the network.
If an attacker can knock a major mining pool(s) offline for example, that would reduce network capacity, consequently making the attack more likely to succeed. This can be done through network routing attacks for example such as BGP hijacking of network routes, or DNS related attacks (in theory movie style plots such as killing power to a mining facility is possible, but highly unlikely). The good news here is that most crypto currencies have market forces that encourage miners to have reasonably reliable systems with low latency access to the crypto network in order to be more successful at mining blocks and earning rewards. As such these market forces generally encourage robust networks that are not easily attacked and knocked offline.
!!Some statistics on 51% Attacks
The following explanation is grossly simplified but generally applies to most blockchains using a Proof-of-Work (PoW) consensus system (most current crypto currencies fall into this category). The way most crypto currency blockchains work is simple: data is sent to a mempool, this data is pulled by miners who create blocks, add a nonce and then hash the block to get a specific result so it is a valid block, and repeat as needed until they get the result they need, or someone else mines a valid block and broadcasts it to prove that they won. Even if a valid block has been mined it is possible for someone to broadcast a longer set of blocks and "win," most networks take the longest chain of blocks as being the valid ones (of course many exceptions exist here, but this is broadly true).
The problem with generating this longer chain of blocks is simple: it requires a LOT of computing power to create a list of blocks longer than the current "real" set. In other words the attacker has to be able to mine blocks much faster than the network to stand a chance. The bad news (for attackers) is that there are generally no shortcuts. Most chains use strong hashing algorithms and select for outputs that require brute force mining, even with the ability to select what goes into blocks miners are stuck generating random nonces, trying them out and repeating until they find one that works. Rainbow tables and other kinds of pre-compute attacks do not generally work unless the crypto currency hashing system uses a weak hash.
Also generating a longer chain isn't enough, simply having the longer chain and hijacking consensus won't necessarily result in your attack succeeding. You still need to conduct a double spending or related attack, and move the crypto currency somewhere else, otherwise the attacker runs the risk of the network agreeing to hard fork the blockchain and essentially just ignore the attack, which has happened (the Ethereum DAO attack for example). So in general we're talking several dozen blocks at a minimum in order to convince external parties that things are ok and the transfer of crypto assets was finalized correctly.
!!!Conclusion
There's some simple facts about 51% attacks that people need to keep in mind: they are not theoretically possible, they are provably real and have happened. This is complicated by the fact however that the most successful crypto currency blockchains have a huge amount of hashing power and would be impossible to attack, right? Well the challenge is that mining is a profitable activity, and massive mining begets efficiency which makes it more efficient and more likely to generate returns. In fact we have already seen this happen several times, for example Nicehash rents out hash power and has grown enough that by simply renting hashing power from Nicehash attackers were able to 51% attack BTG (Bitcoin Gold), spending approximately $1,200 on rental fees in order to double spend approximately $72,000, a 5900% rate of return (minus the effort and expertise needed, but still, a significant rate of return). Will attackers go after the big game like Bitcoin and Ethereum? No. Will they hunt down and double spend on the smaller networks? Yes, they have, and they will continue to do so.
Link+++^*[»] https://news.bitcoin.com/bitcoin-gold-whale-allegedly-controls-half-the-btg-supply/ ===
<<<
//__Liens :__
* Article sur le site de la CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/20/rent-to-pwn-the-blockchain-51-attacks-made-easy/
!"//The 2020 State of Identity Security in the Cloud//"
[>img(200px,auto)[iCSA/KBJPT.png]]Publication du 19 novembre 2020 //
<<<
The use of cloud services have continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises digital transformations are on an accelerated track to enable employees to work from home. CSA surveyed these organizations to better understand how cloud services are being used during this transition and how organizations are securing their operations over the next 12 months.
Goals of the study:
* Determine the use and challenges of public cloud workloads today and 1 year from now
* Understand cloud IAM challenges specifically human and machine identity challenges
* Establish the anticipated methods of addressing cloud IAM challenges
* Identify the teams and roles responsible for cloud IAM
<<<
//
!!!Liens
* Téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/the-2020-state-of-identity-security-in-the-cloud/
* Document (PDF) ⇒ https://cloudsecurityalliance.org/download/artifacts/the-2020-state-of-identity-security-in-the-cloud/
!"//Cloud Security Alliance Opens Registration for CloudBytes Connect: From the SOC to the Boardroom//"
[>img(600px,auto)[iCSA/L22CC.png]]Communiqué de presse publié le 19 novembre 2020.
//CSA is excited to launch CloudBytes Connect, a multi-day virtual event program that brings the collaboration of research and community to the forefront. Leveraging CSA's research initiatives to educate the industry on key issues and trends faced in cloud security, CloudBytes Connect will introduce participants, free of charge, to their peers and prominent leaders in the cloud and cybersecurity industry.
Over the course of three days, CSA will present a world-class program of speakers who will provide in-depth discussion and insight on specific topics each day. Keynote sessions will be presented from 9:00 am - 1:00 pm (PST) each morning.//
<<<
//Attendees can earn up to seven CPE credits while learning about C-Level cloud priorities, current threats, and state-of-the-art best practices
SEATTLE - Nov. 19, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that registration has opened for its upcoming CloudBytes Connect virtual symposium, ''From the SOC to the Boardroom''+++^*[»] https://web.cvent.com/event/0383a9e5-ab2a-4a39-871c-5767658425a2/summary?RefId=CSA-PR ===, taking place Feb. 2-4, 2021. This next symposium will address the most critical cloud priorities for CISOs, their CxO peers, and the Board of Directors. The event will also explore security threats, innovations, best practices, and the global cyber governance approaches needed to traverse and thrive in the new frontiers of cloud security with the industry's top security experts. Attendees of this free event will have the chance to earn up to seven CPE credits.
As organizations around the globe continue adapting to the changing economic impacts of COVID-19, security will remain a top priority for CISOs in 2021. CSA is honored to have Ann Johnson, Corporate Vice President of Security, Compliance, and Identity Business Development at Microsoft, as a featured keynote speaker. Johnson will provide her perspective on critical cloud issues facing C-Level executives.
"COVID-19 has exposed many organizations that failed to keep pace with modern technologies supporting digital transformation goals, which at its foundation is a secure, virtualized strategy based upon cloud. As companies play catch up, we are observing several challenges, ranging from degraded data security postures to fast-moving threats to defining appropriate executive engagement. To support this acceleration into a secure cloud-based enterprise, we have carefully curated a roster of leading experts to provide guidance across this broad set of challenges," said Jim Reavis, co-founder and CEO, Cloud Security Alliance.
"With 42 percent of organizations saying their workforce will continue to be remote even a year from now, future proofing your security posture leveraging the intelligent cloud will mean the difference between success and struggle," said Ann Johnson, Corporate Vice President, Security, Compliance, and Identity Business Development, Microsoft. "I'm excited to share the insights Microsoft has helped drive that lead to the success of a more secure cloud ecosystem at this virtual symposium."
Speakers will be available on Circle for follow-up discussions in the Inner Circle community group immediately after the session. Circle is a global community of CSA members and partners that facilitates the sharing of resources and discussion.
The full agenda will be released in the coming weeks.//
<<<
__Lien :__
* Communiqué de presse ⇒ https://cloudsecurityalliance.org/press-releases/2020/11/19/cloud-security-alliance-opens-registration-for-cloudbytes-connect-from-the-soc-to-the-boardroom/
* Inscription → https://web.cvent.com/event/0383a9e5-ab2a-4a39-871c-5767658425a2/summary?RefId=CSA-PR
!"//CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects//"
[>img(150px,auto)[iCSA/K4QCCSK.png]]Article de blog publié le 19 novembre 2020
<<<
//This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Tay Keng, Solution Architect at PTC System Pte Ltd.
Q: You currently work at PTC System Pte Ltd, as a solution architect. Can you tell us a little bit about what your job involves?
A: My main job is to develop proposals for multi-vendor solutions in response to tender requirements. I am also responsible for presales activities concerning security products and do presentations for clients one-on-one at security conferences and security themed exhibitions.
Q: Can you share with us some complexities in managing cloud computing projects?
A: So far, I have been involved in cloud computing projects involving private on-premise cloud deployments using hyper-converged infrastructure from Cisco, Dell and VMware. The most complex portion of such projects is defining what goes into the self-service portal and implementing it into a dummy-proof user interface to provision their workloads.
Q: In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
A: My recommendations are:
* Be absolutely clear about the Shared Responsibility of security when moving workloads to the cloud. The customer is still ultimately responsible for the security of their workloads - but it is different than when they were on-prem.
* Pay-as-you-go (PAYG) sounds great at its face value, but it can come back and bite you in the form of "bill shock" at the end of the month because of:
** Forgetting to shutdown idle VMs when not in use
** Oversizing VMs instead of right-sizing it using the right tools (like Turbonomic)
** Forgetting to count the costs of egress traffic volume in estimating cloud costs
** Not realizing that when you have a lot of workloads that do not change very much, you can save a lot more by using Reserved Instances instead of PAYG.
* Configure cloud resources like storage buckets like S3 using the least privilege principle.
* Must deploy MFA for the cloud management console access since it is the key to the "crown jewels" of your cloud resources.
Q: What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
A: I was already studying for CISSP when I was offered CCSK training. So I jumped at the opportunity. Moreover, my company was supportive and offered to pay for the exam fee. The Data Security & Encryption module was the most relevant in my work because just at that same time, I was working on a tender that had extensive requirements for data security.
Q: What is the best advice you would give to IT professionals in order for them to scale new heights in their careers?
A: We must all realize that whatever certificate one obtains is just relevant for a fixed period of time since you know the technology is always evolving and changing. We should never stop learning, or we will become obsolete very fast.//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/19/ccsk-success-stories-common-pitfalls-in-managing-outsourced-cloud-projects/
!"//Circle - The Most Vital Cybersecurity Community//"
[>img(300px,auto)[iCSA/Orbert.png]]Article de blog publié le 16 novembre 2020 • Rédigé par Jaclyn Parton, Marketing Coordinator, CSA
<<<
//At CSA, building community is at the core of our mission. Since our beginning in 2009, CSA has been providing a forum through which diverse parties, such as CISOs, students, professors, and all of the cybersecurity professionals in between, from all over the world can work together to create and maintain a trusted cloud ecosystem. Circle came into being as a natural extension of that goal. Circle is CSA's online community forum platform where you can connect with peers and industry leaders. An online corner focused on security, free from the noise of other social platforms and free for anyone to use, anywhere around the world.
The platform has been a vision of CSA CEO Jim Reavis for quite some time. He says, "Cybersecurity is on the verge or a new epoch. Pervasive technology in new forms is coming at us in waves. 5G, AI, Quantum and the possibility of virtually every physical item having some sort of microprocessor will be challenging cybersecurity. Cloud, of course, is foundational to all of these innovations. The success of this new epoch of cybersecurity is going to be dependent upon the people who choose to be in this industry. This is why I am long on Circle. Cybersecurity professionals need to master new knowledge domains faster than ever and they need to share experiences more broadly than ever. At CSA we have established Circle to be the community platform for cybersecurity. We have a lot of work to do to make this platform equal to our aspirations and we are committed to continuing to invest in Circle, to make it easier to use, more relevant to your job, and to surface key insights as you need them. Your engagement is creating a cybersecurity network effect, which will be the catalyst to your success and ours. Let's make Circle the largest, most vital cybersecurity community in the world."
The need for an open cybersecurity community is more pertinent than ever since the surprising end of Peerlyst in late August. Since Circle's inception (early March 2019) we have seen continued growth in members and some amazing contributions to the discussion platform. From discussions around new research initiatives and pressing security issues, to light-hearted introductions, the Inner Circle community has become the place for all platform members to connect about anything on their minds. Sometimes the most unlikely posts see the most discussion. And if a community does not exist yet for a topic that you think should, you can create it by emailing CSA with your request.
!!What makes Circle unique from other online communities?
Circle is a user-owned space set up for collaboration, creativity and connection. As a vendor-neutral nonprofit organization, we believe that we have the power to bring folks together for the common good of the security community and we welcome you to join us in this mission.
Our research working groups use Circle as their virtual hub for collaborating on the documents you see published on our website. Any cybersecurity professional can be a part of the research on topics like Artificial intelligence, Top Threats to Cloud Computing, DevSecOps, Blockchain/DLT Framework, Internet of Things and so many more. Check out the full list here.
You can also use the platform to connect with a local CSA Chapter or if you are a CSA Corporate member you can be a part of CSA's corporate member communities. We even have a community around Design in Security, where people can discuss the intricacies and challenges of designing content for the cyber security industry. Look for your next job or share your company's available positions in the Job Board or continue your professional development by connecting with our training communities. The possibilities are really endless. And if you see an opportunity to enhance Circle, please reach out. We want this space to flourish and your ideas can make it better!
!!Meet Orbert, Your Guide to Circle
[>img(700px,auto)[iCSA/OrbertWelcome.jpg]]As you navigate through Circle you'll notice Orbert helping you through the platform. Orbert is our Alien friend and guide to all things Circle. The idea to create Orbert came from me, the behind-the-scenes Circle facilitator, and was brought to life by CSA Designer, AnnMarie Ulsky. Our hope is that Orbert will be able to help all security professionals navigate through the platform and provide support when it's needed.
|ssTablN0|k
|!Here's the origin story for how Orbert found the way to Circle!+++^*[»] https://www.youtube.com/watch?v=7K38AK8RAd8 ===|!<<tiddler [[RollKBG]]>>|
|There was a security breach on Obert's home planet, Crystal Ball Nebula (NGC 1514). Something sinister was stealing everyone's information. Orbert fought off the data-stealing monster but ended up being the lone survivor. After this attack, it became Orbert's mission to protect other planets from similar attacks. Orbert has traveled the galaxy helping planets in similar despair and during which, realized that the best way to defend against the attack of one's personal information is to form a community and work together to keep the world safe from cyber threats. From this idea Circle came into existence. Orbert guides users through the platform connecting people and facilitating conversation around any cybersecurity topic under the stars.|~|
We hope you'll connect with Orbert on Circle and tell us what you think of the Alien friend.
!!Join Circle now!
Now is your chance to join a global community that facilitates resources and security discussion within a diverse group of CSA partners. You can join in CSA's research initiatives, connect with a local chapter, ask authorized trainers about educational opportunities, stay up to date with your CSA member benefits, and build your thought leadership and reputation with innovative discussion posts. See you in there!
Need help creating an account? Read the Circle Getting Started Guide.+++^*[»] https://cloudsecurityalliance.org/artifacts/circle-getting-started-guide/ ===
Still not finding what you are looking for? Check out the Circle FAQ page+++^*[»] https://circle.cloudsecurityalliance.org/faqs/faq ===//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/16/circle-the-most-vital-cybersecurity-community/
<<QOTD RolledRollKBG 3000 noclick norandom>>
[img(300px,auto)[iCSA/Orbert9.png]]
----
[img(300px,auto)[iCSA/Orbert1.png]]
----
[img(300px,auto)[iCSA/Orbert2.png]]
----
[img(300px,auto)[iCSA/Orbert3.png]]
----
[img(300px,auto)[iCSA/Orbert4.png]]
----
[img(300px,auto)[iCSA/Orbert5.png]]
----
[img(300px,auto)[iCSA/Orbert6.png]]
----
[img(300px,auto)[iCSA/Orbert7.png]]
----
[img(300px,auto)[iCSA/Orbert8.png]]
----
[img(300px,auto)[iCSA/Orbert9.png]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #90|2020.11.15 - Newsletter Hebdomadaire #90]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #90|2020.11.15 - Weekly Newsletter - #90]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.11.15 - Newsletter Hebdomadaire #90]]>> |<<tiddler [[2020.11.15 - Weekly Newsletter - #90]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> === is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 9 au 15 novembre 2020
!!1 - Informations CSA 9 au 15 novembre 2020
* Actu : Conférence FIRST 2020 du 16 au 18 novembre 2020+++*[»]> <<tiddler [[2020.11.11 - Actu : Conférence FIRST 2020 du 16 au 18 novembre 2020]]>>===
* Publication : 'Key Management when using Cloud Services'+++*[»]> <<tiddler [[2020.11.09 - Publication : 'Key Management when using Cloud Services']]>>===
* Blog : 'Seven Steps to defining the art of the possible in DevOps'+++*[»]> <<tiddler [[2020.11.13 - Blog : 'Seven Steps to defining the art of the possible in DevOps']]>>===
* Blog : 'California Privacy Rights Act: What Are the Consequences for Cloud Users?'+++*[»]> <<tiddler [[2020.11.13 - Blog : 'California Privacy Rights Act: What Are the Consequences for Cloud Users?']]>>===
* Blog : 'What is cloud security? How is it different from traditional on-premises network security?'+++*[»]> <<tiddler [[2020.11.09 - Blog : 'What is cloud security? How is it different from traditional on-premises network security?']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 110 liens|2020.11.15 - Veille Hebdomadaire - 15 novembre]])
* __''À lire''__
** Panorama des services de chiffrement des fournisseurs+++^*[»]
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[À la découverte des services de chiffrement des fournisseurs cloud|https://www.lemagit.fr/essentialguide/A-la-decouverte-des-services-de-chiffrement-des-fournisseurs-cloud]] |Encryption|
===
** Modèle de maturité Kubernetes (//Fairwinds//)+++^*[»]
|2020.11.10|//Fairwinds//|![[Kubernetes Maturity Model|https://www.fairwinds.com/kubernetes-maturity-model]] |K8s Maturity|
|2020.11.10|//Fairwinds//| → [[Fairwinds Introduces Industry-First End-to-End Kubernetes Maturity Model|https://vmblog.com/archive/2020/11/10/fairwinds-introduces-industry-first-end-to-end-kubernetes-maturity-model.aspx]]|K8s Maturity|
===
** Principe de collecte de données cloud à distance (Forensics Focus)+++^*[»]
|2020.11.10|Forensics Focus|![[Best Strategies For Remote Collections Of Computer, Mobile And Cloud Data|https://www.forensicfocus.com/webinars/best-strategies-for-remote-collections-of-computer-mobile-and-cloud-data/]] ([[vidéo|https://www.youtube.com/watch?v=I0rCGRQTWZg]]) |Forensics|
===
* __Attaques, Incidents, Fuites de données, Pannes__
** Attaques : Fausses notifications de correctifs Teams+++^*[»]
|2020.11.09|Bleeping Computer|[[Fake Microsoft Teams updates lead to Cobalt Strike deployment|https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/]]|Teams Attacks|
===
** Fuites de données : Buckets AWS S3 encoreà l'origine d'une fuite massive de données+++^*[»]
|2020.11.09|//Threatpost//|[[Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak|https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/]]|Data_Leak|
|2020.11.06|Web Site Planet| ← ''[[Report: Hotel Reservation Platform Leaves Millions of People Exposed in Massive Data Breach|https://www.websiteplanet.com/blog/prestige-soft-breach-report/]]''|Data_Leak|
|2020.11.10|Graham Cluley| → [[Millions of hotel guests worldwide have their private details exposed|https://grahamcluley.com/hotel-software-data-breach/]]|Data_Leak|
|2020.11.10|Dark Reading| → [[Hotels.com & Expedia Provider Exposes Millions of Guests' Data|https://www.darkreading.com/cloud/hotelscom-and-expedia-provider-exposes-millions-of-guests-data/d/d-id/1339407]]|Data_Leak|
|2020.11.10|Computer Weekly| → [[Leaky AWS S3 bucket once again at centre of data breach|https://www.computerweekly.com/news/252491842/Leaky-AWS-S3-bucket-once-again-at-centre-of-data-breach]]|Data_Leak|
===
** Pannes : OneDrive affecté+++^*[»]
|2020.11.11|Computer Weekly|[[Microsoft consumer cloud outage blights Outlook.com and OneDrive users|https://www.computerweekly.com/news/252491909/Microsoft-consumer-cloud-outage-blights-Outlookcom-and-OneDrive-users]]|Outage|
===
* __Risques, Menaces, Vulnérabilités__
** Risques : Identification des risques cachés (World Economic Forum)+++^*[»]
|2020.11.12|World Economic Forum|![[5 questions your business must answer to understand the hidden risks in the cloud|https://www.weforum.org/agenda/2020/11/business-risks-cloud-computing/]] |Risks|
===
** Menaces : prévention contre l'exposition de données avec AWS (SANS) • Cloud-jacking • Muhstik, botnet IoT qui vise les serveurs Cloud+++^*[»]
|2020.11.12|SANS ISC Handler|![[Preventing Exposed Azure Blob Storage|https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/]]|Azure Prevention|
|2020.11.12|SANS ISC Handler|![[Exposed Blob Storage in Azure|https://isc.sans.edu/forums/diary/Exposed+Blob+Storage+in+Azure/26784/]]|Azure Prevention|
|>|>|>|!|
|2020.11.10|//Webroot//|[[Getting to Know Cloudjacking and Cloud Mining Could Save Your Business|https://www.webroot.com/blog/2020/11/10/getting-to-know-cloudjacking-and-cloud-mining-could-save-your-business/]]|Attacks|
|2020.11.10|//TechGenix//|[[Cloud-jacking: An evolving and dangerous cybersecurity threat|http://techgenix.com/cloud-jacking/]]|Threats|
|>|>|>|!|
|2020.11.10|//Lacework//|[[Meet Muhstik - IoT Botnet Infecting Cloud Servers|https://www.lacework.com/meet-muhstik-iot-botnet-infecting-cloud-servers/]]|Botnet Attacks|
|2020.11.11|Bleeping Computer| → [[Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal|https://www.bleepingcomputer.com/news/security/chinese-linked-muhstik-botnet-targets-oracle-weblogic-drupal/]]|Botnet Attacks|
===
** Vulnérabilités : VoltPillager contre les enclaves Intel SGX+++^*[»]
|2020.11.11|Zitai Chen|[[VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface|https://zt-chen.github.io/voltpillager/]] ([[pdf|https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf]])|SGX Attacks|
|2020.11.14|The Register| → [[Stick a fork in SGX, it's done: Intel's cloud-server security defeated by $30 chip and electrical shenanigans|https://www.theregister.com/2020/11/14/intel_sgx_protection_broken/]]|SGX Attacks|
|2020.11.16|Security Week| → [[VoltPillager: New Hardware-Based Voltage Manipulation Attack Against Intel SGX|https://www.securityweek.com/voltpillager-new-hardware-based-voltage-manipulation-attack-against-intel-sgx]]|SGX Attacks|
===
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Sécurité du Cloud (//IBM//)+++^*[»]
|2020.11.12|//Security Intelligence//|[[Implement Cloud Security Best Practices With This Guide|https://securityintelligence.com/articles/implement-cloud-security-best-practices/]]|Best_Practices|
===
* __Rapports, Sondages, Études, Publications__
** Rapports : 'Kubernetes (K8s) Data Protection Report' (//Zettaset//) • '2020 Duo Trusted Access Report' (//Duo Security//) • mise à jour 2020 pour 'Cloud-Native: The IaaS Adoption and Risk Report' (//MacAfee//)+++^*[»]
|2020.11.12|//Zettaset//|[[New Research Confirms Enterprise Organizations Have Embraced Containers and Kubernetes but are Struggling to Properly Secure Data Stored in Cloud-Native Environments|https://vmblog.com/archive/2020/11/12/new-research-confirms-enterprise-organizations-have-embraced-containers-and-kubernetes-but-are-struggling-to-properly-secure-data-stored-in-cloud-native-environments.aspx]]|Report Kubernetes|
|2020.11.12|BetaNews| → [[Enterprises accelerate cloud transformation but struggle with security|https://betanews.com/2020/11/12/enterprises-cloud-transformation-struggle-security/]]|Report Kubernetes|
|2020.11.13|Help Net Security| → [[Enterprises embrace Kubernetes, but lack security tools to mitigate risk|https://www.helpnetsecurity.com/2020/11/13/enterprises-embrace-kubernetes-lack-security-tools/]]|Report Kubernetes|
|2020.11.10|//Duo Security//|[[2020 Duo Trusted Access Report|https://duo.com/resources/ebooks/the-2020-duo-trusted-access-report]]|Report|
|2020.11.10|Dark Reading| → [[Cloud Usage, Biometrics Surge As Remote Work Grows Permanent|https://www.darkreading.com/threat-intelligence/cloud-usage-biometrics-surge-as-remote-work-grows-permanent/d/d-id/1339413]]|Report|
|2020.11.10|Dark Reading|[[You're One Misconfiguration Away from a Cloud-Based Data Breach|https://www.darkreading.com/cloud/youre-one-misconfiguration-away-from-a-cloud-based-data-breach/a/d-id/1337464]]|Risks|
|2020.11|//MacAfee//| ← [[Cloud-Native: The Infrastructure-as-a-Service (IaaS) Adoption and Risk Report|https://cloudsecurity.mcafee.com/cloud/en-us/forms/white-papers/wp-cloud-adoption-risk-report-iaas.html]]|Report|
===
* __Cloud Services Providers, Outils__
** AWS: AWS Nitro Enclaves • Lightsail Containers • Securing Amazon WorkSpaces • Integrating CloudEndure Disaster Recovery+++^*[»]
|2020.11.13|//Amazon AWS//|[[What is AWS Nitro Enclaves?|https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html]]|AWS Nitro Enclaves|
|2020.11.13|//Amazon AWS//|[[Lightsail Containers: An Easy Way to Run your Containers in the Cloud|https://aws.amazon.com/blogs/aws/lightsail-containers-an-easy-way-to-run-your-containers-in-the-cloud/]]|Containers|
|2020.11.11|//Amazon AWS//|[[How to secure your Amazon WorkSpaces for external users|https://aws.amazon.com/blogs/security/how-to-secure-your-amazon-workspaces-for-external-users/]]|AWS|
|2020.11.10|//Amazon AWS//|[[Integrating CloudEndure Disaster Recovery into your security incident response plan|https://aws.amazon.com/blogs/security/integrating-cloudendure-disaster-recovery-into-your-security-incident-response-plan/]]|AWS DRP|
===
** Azure: Long Term Retention of Azure Sentinel Logs • New DNS Features in Azure Firewall+++^*[»]
|2020.11.13|//Microsoft Azure//|[[Using Azure Data Explorer for long term retention of Azure Sentinel logs|https://techcommunity.microsoft.com/t5/azure-sentinel/using-azure-data-explorer-for-long-term-retention-of-azure/ba-p/1883947]]|Azure_Sentinel Logging|
|2020.11.09|//Microsoft Azure//|[[New enhanced DNS features in Azure Firewall - now generally available|https://azure.microsoft.com/blog/new-enhanced-dns-features-in-azure-firewall-now-generally-available/]]|Azure DNS|
===
** GCP: Ensuring High Availability • Anthos Developer Sandbox • Connecting to Google CE VMs+++^*[»]
|2020.11.13|//Google Cloud//|[[It's not DNS: Ensuring high availability in a hybrid cloud environment|https://cloud.google.com/blog/products/networking/create-a-highly-available-hybrid-cloud-dns-configuration]]|GCP DNS|
|2020.11.13|//Google Cloud//|[[Introducing the Anthos Developer Sandbox - free with a Google account|https://cloud.google.com/blog/topics/anthos/introducing-the-anthos-developer-sandbox/]]|GCP Anthos|
|2020.11.10|//Google Cloud//|[[Connecting Securely to Google Compute Engine VMs without a Public IP or VPN|https://medium.com/google-cloud/connecting-securely-to-google-compute-engine-vms-without-a-public-ip-or-vpn-720e53d1978e]]|GCP VMs|
===
** OVH Cloud: Co-building Cloud Services with Google Cloud+++^*[»]
|2020.11.09|Le Mag IT[>img[iCSF/flag_fr.png]]|[[OVHcloud en route pour devenir l'alternative européenne à AWS|https://www.lemagit.fr/actualites/252491753/OVHcloud-en-route-pour-devenir-lalternative-europeenne-a-AWS]]|OVHcloud GCP Europe|
|2020.11.09|Silicon[>img[iCSF/flag_fr.png]]|[[OVHcloud : un levier souverain pour Google Cloud en Europe|https://www.silicon.fr/ovhcloud-levier-souverain-google-cloud-europe-351107.html]]|OVHcloud GCP Europe|
|2020.11.10|Computer Weekly| → [[Google and OVHcloud to bring co-built cloud services to European enterprises|https://www.computerweekly.com/news/252491823/Google-and-OVHcloud-to-bring-co-built-cloud-services-to-European-enterprises]]|OVHcloud GCP Europe|
|2020.11.11|The Register| → [[Cutting the ties: European hosting provider OVHCloud to offer Google Anthos, no Google account needed|https://www.theregister.com/2020/11/11/european_hosting_provider_ovhcloud_will/]]|OVHcloud GCP Europe|
===
** Kubernetes : Vecteurs d'attaque : 3ème partie sur la Persistence (//Alcide//) • Codes d'erreurs • Modèle de maturité (//Fairwinds//)+++^*[»]
|2020.11.12|//Alcide//|![[Kubernetes Threat Vectors: Part 3 - Persistence|https://www.alcide.io/kubernetes-threat-vectors-part-3-persistence]] (3/11) |Kubernetes Threats|
|2020.11.11|//Build5Nines//|[[Fix Kubernetes Dashboard Strange 401 Unauthorized, 503 Service Unavailable Errors|https://build5nines.com/fix-kubernetes-dashboard-strange-401-unauthorized-503-service-unavailable-errors/]]|K8s|
|2020.11.10|//Fairwinds//|![[Kubernetes Maturity Model|https://www.fairwinds.com/kubernetes-maturity-model]] |K8s Maturity|
|2020.11.10|//Fairwinds//| → [[Fairwinds Introduces Industry-First End-to-End Kubernetes Maturity Model|https://vmblog.com/archive/2020/11/10/fairwinds-introduces-industry-first-end-to-end-kubernetes-maturity-model.aspx]]|K8s Maturity|
===
** Outils : Leonidas (Simulation d'attaques) • OpenCSPM (CSPM)+++^*[»]
|2020.11.12|KitPloit|[[Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases|https://www.kitploit.com/2020/11/leonidas-automated-attack-simulation-in.html]]|Tools Simulation|
|2020.11.12|//Darkbit//|[[Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform|https://darkbit.io/blog/announcing-opencspm]]|CSPM|
===
* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts : 'Open Source AWS Security' (Cloud Security Podcast) • 'Cloud Attack Vectors' (SilverLining)+++^*[»]
|2020.11.15|Cloud Security Podcast|[[Open Source AWS Security - Matthew Fuller, co-Founder CloudSploit, Aqua|https://anchor.fm/cloudsecuritypodcast/episodes/OPEN-SOURCE-AWS-SECURITY---MATTHEW-FULLER--co-Founder-CloudSploit--Aqua-emgb3q]]|Podcast|
|2020.11.11|SilverLining Podcast|![[Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC|https://silverlining-il.castos.com/episodes/episode-28-analyzing-cloud-attack-vectors-saas-marketplaces-and-office-365-bec]] ([[mp3|https://episodes.castos.com/5e4aaf232467c1-76191533/silverlining-podcast-%D7%A2%D7%95%D7%A4%D7%A8-%D7%9E%D7%90%D7%95%D7%A8.mp3]]) |Podcast|
===
** Veilles : TL;DR Security #60 • The Cloud Security Reading List #63+++^*[»]
|2020.11.15|Marco Lancini|[[The Cloud Security Reading List #63|https://cloudseclist.com/issues/issue-63/]] |Weekly_Newsletter|
|2020.11.11|TL;DR Security|[[#60 - Cartography + IAM, Security Scorecard, Self-service Security|https://tldrsec.com/blog/tldr-sec-060/]] |Weekly_Newsletter|
===
* __Marché, Acquisitions__
** Marché : Services de chiffrement+++^*[»]
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[À la découverte des services de chiffrement des fournisseurs cloud|https://www.lemagit.fr/essentialguide/A-la-decouverte-des-services-de-chiffrement-des-fournisseurs-cloud]] |Encryption|
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[Les services de chiffrement des fournisseurs cloud français|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-des-fournisseurs-cloud-francais]] |Encryption France|
|2020.11.10|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'IBM : Key Protect, Cloud HSM 7.0 et Hyper Crypto Services|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dIBM-Key-Protect-Cloud-HSM-70-et-Hyper-Crypto-Services]]|Encryption IBM_Cloud|
|2020.11.09|//Le Mag IT//[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de Microsoft : Azure Key Vault|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-Microsoft-Azure-Key-Vault]]|Encryption Azure|
===
** Acquisitions : //CloudAlly// par //Zix// • //IDMSense// par //Ernst & Young//+++^*[»]
|2020.11.10|//BusinessWire//|[[Zix Acquires Leading Cloud-Based Backup and Recovery Provider CloudAlly|https://www.businesswire.com/news/home/20201109005607/en/Zix-Acquires-Leading-Cloud-Based-Backup-and-Recovery-Provider-CloudAlly]]|Acquisition|
|2020.11.10|MSSP Alert| → [[Zix Acquires CloudAlly for $30M; Converges Email Security and Cloud Backup|https://www.msspalert.com/investments/zix-acquires-cloudally-for-30m-converges-email-security-and-cloud-backup/]]|Acquisition|
|2020.11.06|EY Canada|[[EY Canada welcomes IDMSense to the firm to enhance Digital Identity solutions for clients|https://www.ey.com/en_ca/news/2020/11/ey-canada-welcomes-idmsense-to-the-firm-to-enhance-digital-identity-solutions-for-clients]]|Acquisition|
|2020.11.09|MSSP Alert| → [[Ernst & Young Acquires Cloud Identity Management Company IDMSense|https://www.msspalert.com/investments/ernst-young-buys-idmsense/]]|Acquisition|
===
* __Divers__
** Référentiel pour optimiser les Plans de Reprise+++^*[»]
|2020.11.09|Homeland Security Newswire|[[Cloud-Based Framework Improves Efficiency in Disaster-Area Management|http://www.homelandsecuritynewswire.com/dr20201109-cloudbased-framework-improves-efficiency-in-disasterarea-management]]|Misc|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KBF/|https://CloudSecurityAlliance.fr/go/KBF/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - November 9th to 15th, 2020
!!1 - CSA News and Updates - November 9th to 15th, 2020
* News: FIRST 2020 Conference, November 16th/18th+++*[»]> <<tiddler [[2020.11.11 - Actu : Conférence FIRST 2020 du 16 au 18 novembre 2020]]>>===
* Publication: 'Key Management when using Cloud Services'+++*[»]> <<tiddler [[2020.11.09 - Publication : 'Key Management when using Cloud Services']]>>===
* Blog: 'Seven Steps to defining the art of the possible in DevOps'+++*[»]> <<tiddler [[2020.11.13 - Blog : 'Seven Steps to defining the art of the possible in DevOps']]>>===
* Blog: 'California Privacy Rights Act: What Are the Consequences for Cloud Users?'+++*[»]> <<tiddler [[2020.11.13 - Blog : 'California Privacy Rights Act: What Are the Consequences for Cloud Users?']]>>===
* Blog: 'What is cloud security? How is it different from traditional on-premises network security?'+++*[»]> <<tiddler [[2020.11.09 - Blog : 'What is cloud security? How is it different from traditional on-premises network security?']]>>===
!!2 - Cloud and Security News Watch ([[over 110 links|2020.11.15 - Veille Hebdomadaire - 15 novembre]])
* __''Must read''__
** State of CSP's Encryption Services+++^*[»]
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[À la découverte des services de chiffrement des fournisseurs cloud|https://www.lemagit.fr/essentialguide/A-la-decouverte-des-services-de-chiffrement-des-fournisseurs-cloud]] |Encryption|
===
** Kubernetes Maturity Model (//Fairwinds//)+++^*[»]
|2020.11.10|//Fairwinds//|![[Kubernetes Maturity Model|https://www.fairwinds.com/kubernetes-maturity-model]] |K8s Maturity|
|2020.11.10|//Fairwinds//| → [[Fairwinds Introduces Industry-First End-to-End Kubernetes Maturity Model|https://vmblog.com/archive/2020/11/10/fairwinds-introduces-industry-first-end-to-end-kubernetes-maturity-model.aspx]]|K8s Maturity|
===
** Strategies For Remote Collections of Cloud Data(//Fairwinds//)+++^*[»]
|2020.11.10|Forensics Focus|![[Best Strategies For Remote Collections Of Computer, Mobile And Cloud Data|https://www.forensicfocus.com/webinars/best-strategies-for-remote-collections-of-computer-mobile-and-cloud-data/]] ([[vidéo|https://www.youtube.com/watch?v=I0rCGRQTWZg]]) |Forensics|
===
* __Attacks, Incidents, Data Leaks, Outages__
** Attacks: Fake Microsoft Teams updates+++^*[»]
|2020.11.09|Bleeping Computer|[[Fake Microsoft Teams updates lead to Cobalt Strike deployment|https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/]]|Teams Attacks|
===
** Leaks: Leaky AWS S3 Bucket Leads to Massive Data Leak+++^*[»]
|2020.11.09|//Threatpost//|[[Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak|https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/]]|Data_Leak|
|2020.11.06|Web Site Planet| ← ''[[Report: Hotel Reservation Platform Leaves Millions of People Exposed in Massive Data Breach|https://www.websiteplanet.com/blog/prestige-soft-breach-report/]]''|Data_Leak|
|2020.11.10|Graham Cluley| → [[Millions of hotel guests worldwide have their private details exposed|https://grahamcluley.com/hotel-software-data-breach/]]|Data_Leak|
|2020.11.10|Dark Reading| → [[Hotels.com & Expedia Provider Exposes Millions of Guests' Data|https://www.darkreading.com/cloud/hotelscom-and-expedia-provider-exposes-millions-of-guests-data/d/d-id/1339407]]|Data_Leak|
|2020.11.10|Computer Weekly| → [[Leaky AWS S3 bucket once again at centre of data breach|https://www.computerweekly.com/news/252491842/Leaky-AWS-S3-bucket-once-again-at-centre-of-data-breach]]|Data_Leak|
===
** Outages: Microsoft Outage Affects OneDrive Users+++^*[»]
|2020.11.11|Computer Weekly|[[Microsoft consumer cloud outage blights Outlook.com and OneDrive users|https://www.computerweekly.com/news/252491909/Microsoft-consumer-cloud-outage-blights-Outlookcom-and-OneDrive-users]]|Outage|
===
* __Risks, Threats, Vulnerabilities__
** Risks : Identification of Hidden Risks (World Economic Forum)+++^*[»]
|2020.11.12|World Economic Forum|![[5 questions your business must answer to understand the hidden risks in the cloud|https://www.weforum.org/agenda/2020/11/business-risks-cloud-computing/]] |Risks|
===
** Threats: Preventing Exposed Azure Blob Storage (SANS) • Cloud-jacking • Muhstik, an IoT Botnet Infecting Cloud Servers+++^*[»]
|2020.11.12|SANS ISC Handler|![[Preventing Exposed Azure Blob Storage|https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/]]|Azure Prevention|
|2020.11.12|SANS ISC Handler|![[Exposed Blob Storage in Azure|https://isc.sans.edu/forums/diary/Exposed+Blob+Storage+in+Azure/26784/]]|Azure Prevention|
|>|>|>|!|
|2020.11.10|//Webroot//|[[Getting to Know Cloudjacking and Cloud Mining Could Save Your Business|https://www.webroot.com/blog/2020/11/10/getting-to-know-cloudjacking-and-cloud-mining-could-save-your-business/]]|Attacks|
|2020.11.10|//TechGenix//|[[Cloud-jacking: An evolving and dangerous cybersecurity threat|http://techgenix.com/cloud-jacking/]]|Threats|
|>|>|>|!|
|2020.11.10|//Lacework//|[[Meet Muhstik - IoT Botnet Infecting Cloud Servers|https://www.lacework.com/meet-muhstik-iot-botnet-infecting-cloud-servers/]]|Botnet Attacks|
|2020.11.11|Bleeping Computer| → [[Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal|https://www.bleepingcomputer.com/news/security/chinese-linked-muhstik-botnet-targets-oracle-weblogic-drupal/]]|Botnet Attacks|
===
** Vulnerabilities: VoltPillager against Intel SGX Enclaves+++^*[»]
|2020.11.11|Zitai Chen|[[VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface|https://zt-chen.github.io/voltpillager/]] ([[pdf|https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf]])|SGX Attacks|
|2020.11.14|The Register| → [[Stick a fork in SGX, it's done: Intel's cloud-server security defeated by $30 chip and electrical shenanigans|https://www.theregister.com/2020/11/14/intel_sgx_protection_broken/]]|SGX Attacks|
|2020.11.16|Security Week| → [[VoltPillager: New Hardware-Based Voltage Manipulation Attack Against Intel SGX|https://www.securityweek.com/voltpillager-new-hardware-based-voltage-manipulation-attack-against-intel-sgx]]|SGX Attacks|
===
* __Best Practices, and Detection__
** Best Practices: Security Implementation (//IBM//)+++^*[»]
|2020.11.12|//Security Intelligence//|[[Implement Cloud Security Best Practices With This Guide|https://securityintelligence.com/articles/implement-cloud-security-best-practices/]]|Best_Practices|
===
* __Reports, Surveys, Studies, Publications__
** Reports: 'Kubernetes (K8s) Data Protection Report' (//Zettaset//) • '2020 Duo Trusted Access Report' (//Duo Security//) • 2020 update for 'Cloud-Native: The IaaS Adoption and Risk Report' (//MacAfee//)+++^*[»]
|2020.11.12|//Zettaset//|[[New Research Confirms Enterprise Organizations Have Embraced Containers and Kubernetes but are Struggling to Properly Secure Data Stored in Cloud-Native Environments|https://vmblog.com/archive/2020/11/12/new-research-confirms-enterprise-organizations-have-embraced-containers-and-kubernetes-but-are-struggling-to-properly-secure-data-stored-in-cloud-native-environments.aspx]]|Report Kubernetes|
|2020.11.12|BetaNews| → [[Enterprises accelerate cloud transformation but struggle with security|https://betanews.com/2020/11/12/enterprises-cloud-transformation-struggle-security/]]|Report Kubernetes|
|2020.11.13|Help Net Security| → [[Enterprises embrace Kubernetes, but lack security tools to mitigate risk|https://www.helpnetsecurity.com/2020/11/13/enterprises-embrace-kubernetes-lack-security-tools/]]|Report Kubernetes|
|2020.11.10|//Duo Security//|[[2020 Duo Trusted Access Report|https://duo.com/resources/ebooks/the-2020-duo-trusted-access-report]]|Report|
|2020.11.10|Dark Reading| → [[Cloud Usage, Biometrics Surge As Remote Work Grows Permanent|https://www.darkreading.com/threat-intelligence/cloud-usage-biometrics-surge-as-remote-work-grows-permanent/d/d-id/1339413]]|Report|
|2020.11.10|Dark Reading|[[You're One Misconfiguration Away from a Cloud-Based Data Breach|https://www.darkreading.com/cloud/youre-one-misconfiguration-away-from-a-cloud-based-data-breach/a/d-id/1337464]]|Risks|
|2020.11|//MacAfee//| ← [[Cloud-Native: The Infrastructure-as-a-Service (IaaS) Adoption and Risk Report|https://cloudsecurity.mcafee.com/cloud/en-us/forms/white-papers/wp-cloud-adoption-risk-report-iaas.html]]|Report|
===
* __Cloud Services Providers, Tools__
** AWS: AWS Nitro Enclaves • Lightsail Containers • Securing Amazon WorkSpaces • Integrating CloudEndure Disaster Recovery+++^*[»]
|2020.11.13|//Amazon AWS//|[[What is AWS Nitro Enclaves?|https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html]]|AWS Nitro Enclaves|
|2020.11.13|//Amazon AWS//|[[Lightsail Containers: An Easy Way to Run your Containers in the Cloud|https://aws.amazon.com/blogs/aws/lightsail-containers-an-easy-way-to-run-your-containers-in-the-cloud/]]|Containers|
|2020.11.11|//Amazon AWS//|[[How to secure your Amazon WorkSpaces for external users|https://aws.amazon.com/blogs/security/how-to-secure-your-amazon-workspaces-for-external-users/]]|AWS|
|2020.11.10|//Amazon AWS//|[[Integrating CloudEndure Disaster Recovery into your security incident response plan|https://aws.amazon.com/blogs/security/integrating-cloudendure-disaster-recovery-into-your-security-incident-response-plan/]]|AWS DRP|
===
** Azure: Long Term Retention of Azure Sentinel Logs • New DNS Features in Azure Firewall+++^*[»]
|2020.11.13|//Microsoft Azure//|[[Using Azure Data Explorer for long term retention of Azure Sentinel logs|https://techcommunity.microsoft.com/t5/azure-sentinel/using-azure-data-explorer-for-long-term-retention-of-azure/ba-p/1883947]]|Azure_Sentinel Logging|
|2020.11.09|//Microsoft Azure//|[[New enhanced DNS features in Azure Firewall - now generally available|https://azure.microsoft.com/blog/new-enhanced-dns-features-in-azure-firewall-now-generally-available/]]|Azure DNS|
===
** GCP: Ensuring High Availability • Anthos Developer Sandbox • Connecting to Google CE VMs+++^*[»]
|2020.11.13|//Google Cloud//|[[It's not DNS: Ensuring high availability in a hybrid cloud environment|https://cloud.google.com/blog/products/networking/create-a-highly-available-hybrid-cloud-dns-configuration]]|GCP DNS|
|2020.11.13|//Google Cloud//|[[Introducing the Anthos Developer Sandbox - free with a Google account|https://cloud.google.com/blog/topics/anthos/introducing-the-anthos-developer-sandbox/]]|GCP Anthos|
|2020.11.10|//Google Cloud//|[[Connecting Securely to Google Compute Engine VMs without a Public IP or VPN|https://medium.com/google-cloud/connecting-securely-to-google-compute-engine-vms-without-a-public-ip-or-vpn-720e53d1978e]]|GCP VMs|
===
** OVH Cloud: Co-building Cloud Services with Google Cloud+++^*[»]
|2020.11.09|Le Mag IT[>img[iCSF/flag_fr.png]]|[[OVHcloud en route pour devenir l'alternative européenne à AWS|https://www.lemagit.fr/actualites/252491753/OVHcloud-en-route-pour-devenir-lalternative-europeenne-a-AWS]]|OVHcloud GCP Europe|
|2020.11.09|Silicon[>img[iCSF/flag_fr.png]]|[[OVHcloud : un levier souverain pour Google Cloud en Europe|https://www.silicon.fr/ovhcloud-levier-souverain-google-cloud-europe-351107.html]]|OVHcloud GCP Europe|
|2020.11.10|Computer Weekly| → [[Google and OVHcloud to bring co-built cloud services to European enterprises|https://www.computerweekly.com/news/252491823/Google-and-OVHcloud-to-bring-co-built-cloud-services-to-European-enterprises]]|OVHcloud GCP Europe|
|2020.11.11|The Register| → [[Cutting the ties: European hosting provider OVHCloud to offer Google Anthos, no Google account needed|https://www.theregister.com/2020/11/11/european_hosting_provider_ovhcloud_will/]]|OVHcloud GCP Europe|
===
** Kubernetes: Threat Vectors: Part 3 - Persistence (//Alcide//) • Error Codes • Maturity Model (//Fairwinds//)+++^*[»]
|2020.11.12|//Alcide//|![[Kubernetes Threat Vectors: Part 3 - Persistence|https://www.alcide.io/kubernetes-threat-vectors-part-3-persistence]] (3/11) |Kubernetes Threats|
|2020.11.11|//Build5Nines//|[[Fix Kubernetes Dashboard Strange 401 Unauthorized, 503 Service Unavailable Errors|https://build5nines.com/fix-kubernetes-dashboard-strange-401-unauthorized-503-service-unavailable-errors/]]|K8s|
|2020.11.10|//Fairwinds//|![[Kubernetes Maturity Model|https://www.fairwinds.com/kubernetes-maturity-model]] |K8s Maturity|
|2020.11.10|//Fairwinds//| → [[Fairwinds Introduces Industry-First End-to-End Kubernetes Maturity Model|https://vmblog.com/archive/2020/11/10/fairwinds-introduces-industry-first-end-to-end-kubernetes-maturity-model.aspx]]|K8s Maturity|
===
** Tools: Leonidas (Attack Simulation) • OpenCSPM (CSPM)+++^*[»]
|2020.11.12|KitPloit|[[Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases|https://www.kitploit.com/2020/11/leonidas-automated-attack-simulation-in.html]]|Tools Simulation|
|2020.11.12|//Darkbit//|[[Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform|https://darkbit.io/blog/announcing-opencspm]]|CSPM|
===
* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Podcasts: 'Open Source AWS Security' (Cloud Security Podcast) • 'Cloud Attack Vectors' (SilverLining)+++^*[»]
|2020.11.15|Cloud Security Podcast|[[Open Source AWS Security - Matthew Fuller, co-Founder CloudSploit, Aqua|https://anchor.fm/cloudsecuritypodcast/episodes/OPEN-SOURCE-AWS-SECURITY---MATTHEW-FULLER--co-Founder-CloudSploit--Aqua-emgb3q]]|Podcast|
|2020.11.11|SilverLining Podcast|![[Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC|https://silverlining-il.castos.com/episodes/episode-28-analyzing-cloud-attack-vectors-saas-marketplaces-and-office-365-bec]] ([[mp3|https://episodes.castos.com/5e4aaf232467c1-76191533/silverlining-podcast-%D7%A2%D7%95%D7%A4%D7%A8-%D7%9E%D7%90%D7%95%D7%A8.mp3]]) |Podcast|
===
** Newsletters: TL;DR Security #60 • The Cloud Security Reading List #63+++^*[»]
|2020.11.15|Marco Lancini|[[The Cloud Security Reading List #63|https://cloudseclist.com/issues/issue-63/]] |Weekly_Newsletter|
|2020.11.11|TL;DR Security|[[#60 - Cartography + IAM, Security Scorecard, Self-service Security|https://tldrsec.com/blog/tldr-sec-060/]] |Weekly_Newsletter|
===
* __Market, Acquisitions__
** Market: Encryption Services+++^*[»]
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[À la découverte des services de chiffrement des fournisseurs cloud|https://www.lemagit.fr/essentialguide/A-la-decouverte-des-services-de-chiffrement-des-fournisseurs-cloud]] |Encryption|
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[Les services de chiffrement des fournisseurs cloud français|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-des-fournisseurs-cloud-francais]] |Encryption France|
|2020.11.10|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'IBM : Key Protect, Cloud HSM 7.0 et Hyper Crypto Services|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dIBM-Key-Protect-Cloud-HSM-70-et-Hyper-Crypto-Services]]|Encryption IBM_Cloud|
|2020.11.09|//Le Mag IT//[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de Microsoft : Azure Key Vault|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-Microsoft-Azure-Key-Vault]]|Encryption Azure|
===
** Acquisitions: //CloudAlly// by //Zix// • //IDMSense// by //Ernst & Young//+++^*[»]
|2020.11.10|//BusinessWire//|[[Zix Acquires Leading Cloud-Based Backup and Recovery Provider CloudAlly|https://www.businesswire.com/news/home/20201109005607/en/Zix-Acquires-Leading-Cloud-Based-Backup-and-Recovery-Provider-CloudAlly]]|Acquisition|
|2020.11.10|MSSP Alert| → [[Zix Acquires CloudAlly for $30M; Converges Email Security and Cloud Backup|https://www.msspalert.com/investments/zix-acquires-cloudally-for-30m-converges-email-security-and-cloud-backup/]]|Acquisition|
|2020.11.06|EY Canada|[[EY Canada welcomes IDMSense to the firm to enhance Digital Identity solutions for clients|https://www.ey.com/en_ca/news/2020/11/ey-canada-welcomes-idmsense-to-the-firm-to-enhance-digital-identity-solutions-for-clients]]|Acquisition|
|2020.11.09|MSSP Alert| → [[Ernst & Young Acquires Cloud Identity Management Company IDMSense|https://www.msspalert.com/investments/ernst-young-buys-idmsense/]]|Acquisition|
===
* __Miscellaneous__
** Framework Improving Efficiency in Disaster-Area Management+++^*[»]
|2020.11.09|Homeland Security Newswire|[[Cloud-Based Framework Improves Efficiency in Disaster-Area Management|http://www.homelandsecuritynewswire.com/dr20201109-cloudbased-framework-improves-efficiency-in-disasterarea-management]]|Misc|
===
** Forensics: Best Strategies For Remote Collections+++^*[»]
|2020.11.10|Forensics Focus|![[Best Strategies For Remote Collections Of Computer, Mobile And Cloud Data|https://www.forensicfocus.com/webinars/best-strategies-for-remote-collections-of-computer-mobile-and-cloud-data/]] ([[vidéo|https://www.youtube.com/watch?v=I0rCGRQTWZg]]) |Forensics|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KBF/|https://CloudSecurityAlliance.fr/go/KBF/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 9 au 15 novembre 2020
+++^*[Table des matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|>|>|>|''Incidents'' |
|>|>|>|''Fuites de données / Leaks'' |
|>|>|>|''Pannes / Outages'' |
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|>|>|>|''Menaces / Threats'' |
|2020.11.10|Dark Reading|[[You're One Misconfiguration Away from a Cloud-Based Data Breach|https://www.darkreading.com/cloud/youre-one-misconfiguration-away-from-a-cloud-based-data-breach/a/d-id/1337464]]|Risks|
|2020.11|//MacAfee//| ← [[Cloud-Native: The Infrastructure-as-a-Service (IaaS) Adoption and Risk Report|https://cloudsecurity.mcafee.com/cloud/en-us/forms/white-papers/wp-cloud-adoption-risk-report-iaas.html]]|Report|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|>|>|>|''Protection'' |
|>|>|>|''Protection'' |
|>|>|>|''Détection / Detection'' |
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|>|>|>|''Sondages / Surveys'' |
|>|>|>|''Études / Studies'' |
|>|>|>|''Publications'' |
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.11.10|//Amazon AWS//|[[Integrating CloudEndure Disaster Recovery into your security incident response plan|https://aws.amazon.com/blogs/security/integrating-cloudendure-disaster-recovery-into-your-security-incident-response-plan/]]|AWS DRP|
|2020.11.10|//Amazon AWS//|[[Introducing AWS Gateway Load Balancer - Easy Deployment, Scalability, and High Availability for Partner Appliances|https://aws.amazon.com/blogs/aws/introducing-aws-gateway-load-balancer-easy-deployment-scalability-and-high-availability-for-partner-appliances/]]|AWS Gateway|
|2020.11.11|//Amazon AWS//|[[How to secure your Amazon WorkSpaces for external users|https://aws.amazon.com/blogs/security/how-to-secure-your-amazon-workspaces-for-external-users/]]|AWS|
|2020.11.12|//Amazon AWS//|[[Combining encryption and signing with AWS KMS asymmetric keys|https://aws.amazon.com/blogs/security/combining-encryption-and-signing-with-aws-asymmetric-keys/]]|AWS KMS|
|2020.11.13|//Amazon AWS//|[[What is AWS Nitro Enclaves?|https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html]]|AWS Nitro Enclaves|
|2020.11.13|//Amazon AWS//|[[AWS Lambda now makes it easier to send logs to custom destinations|https://aws.amazon.com/about-aws/whats-new/2020/11/aws-lambda-send-logs-custom-destinations/]]|AWS_Lambda Logging|
|2020.11.13|//Amazon AWS//|[[Lightsail Containers: An Easy Way to Run your Containers in the Cloud|https://aws.amazon.com/blogs/aws/lightsail-containers-an-easy-way-to-run-your-containers-in-the-cloud/]]|Containers|
|2020.11.13|//Aon//|[[See ya in S3!|https://www.aon.com/cyber-solutions/aon_cyber_labs/cyber-labs-blog-see-ya-in-s3/?_lrsc=5ae780d0-f52e-4c16-9ccd-8b98dc2419fe]]|
|>|>|>|''Azure (Microsoft)'' |
|2020.11.12|Christophe Parisel|![[A new detection model for Azure Sentinel|https://www.linkedin.com/pulse/improve-detection-scale-azure-sentinel-christophe-parisel/]] (2/3) |Azure_Sentinel|
|2020.11.12|SANS Handlers Diary|![[Preventing Exposed Azure Blob Storage|https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/]] |
|2020.11.13|//Microsoft Azure//|[[Using Azure Data Explorer for long term retention of Azure Sentinel logs|https://techcommunity.microsoft.com/t5/azure-sentinel/using-azure-data-explorer-for-long-term-retention-of-azure/ba-p/1883947]]|Azure_Sentinel Logging|
|2020.11.11|//Microsoft Azure//|[[AWS to Azure services comparison|https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services]]|Comparison Azure AWS|
|2020.11.09|//Microsoft Azure//|[[New enhanced DNS features in Azure Firewall - now generally available|https://azure.microsoft.com/blog/new-enhanced-dns-features-in-azure-firewall-now-generally-available/]]|Azure DNS|
|2020.11.09|//Microsoft Azure//|[[Advancing global network reliability through intelligent software - part 1 of 2|https://azure.microsoft.com/blog/advancing-global-network-reliability-through-intelligent-software-part-1-of-2/]] (1/2)|Azure Reliability|
|>|>|>|''GCP (Google)'' |
|2020.11.13|//Google Cloud//|[[It's not DNS: Ensuring high availability in a hybrid cloud environment|https://cloud.google.com/blog/products/networking/create-a-highly-available-hybrid-cloud-dns-configuration]]|GCP DNS|
|2020.11.13|//Google Cloud//|[[Introducing the Anthos Developer Sandbox - free with a Google account|https://cloud.google.com/blog/topics/anthos/introducing-the-anthos-developer-sandbox/]]|GCP Anthos|
|2020.11.10|//Google Cloud//|[[Connecting Securely to Google Compute Engine VMs without a Public IP or VPN|https://medium.com/google-cloud/connecting-securely-to-google-compute-engine-vms-without-a-public-ip-or-vpn-720e53d1978e]]|GCP VMs|
|>|>|>|''Oracle'' |
|2020.11.12|//Oracle Cloud//|[[Oracle Cloud Infrastructure Should Be on Your Short List of Cloud Service Providers|https://blogs.oracle.com/cloudsecurity/oracle-cloud-infrastructure-should-be-on-your-short-list-of-cloud-service-providers]]|Products|
|>|>|>|''Kubernetes'' |
|>|>|>|''Docker'' |
|>|>|>|''Containers'' |
|>|>|>|''Workloads'' |
|>|>|>|''Outils / Tools'' |
|2020.11.15|DZone|[[Magic, a DIY Cloud System|https://dzone.com/articles/diy-cloud-systems]] ([[vidéo|https://www.youtube.com/watch?v=ATbirl4ZRYA]])|RaspberryPi|
|2020.11.15|Port Swigger|![[O365 Squatting: Open source tool finds malicious cloud-hosted domains before they're used in phishing campaigns|https://portswigger.net/daily-swig/o365-squatting-open-source-tool-finds-malicious-cloud-hosted-domains-before-theyre-used-in-phishing-campaigns]] |Tools|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Conférences / Conferences'' |
|>|>|>|''Podcasts'' |
|2020.11.15|Cloud Security Podcast|[[Open Source AWS Security - Matthew Fuller, co-Founder CloudSploit, Aqua|https://anchor.fm/cloudsecuritypodcast/episodes/OPEN-SOURCE-AWS-SECURITY---MATTHEW-FULLER--co-Founder-CloudSploit--Aqua-emgb3q]]|Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2020.11.15|Marco Lancini|[[The Cloud Security Reading List #63|https://cloudseclist.com/issues/issue-63/]] |Weekly_Newsletter|
|>|>|>|!Juridique, Réglementation, Conformité / Legal, Regulatory, Compliance |
|>|>|>|''Juridique / Legal'' |
|>|>|>|''Réglementation / Regulatory'' |
|>|>|>|''Conformité / Compliance'' |
|2020.11.12|//Hogan Lovells//|[[EDPB issues comprehensive Schrems II guidance, including supplemental measures for data transfers|https://www.engage.hoganlovells.com/knowledgeservices/news/edpb-issues-comprehensive-schrems-ii-guidance-including-recommended-supplemental-measures-to-protect-international-data-transfers/]]|Privacy Europe|
|2020.11.11|EDPB|![[European Data Protection Board - 41st Plenary session: EDPB adopts recommendations on supplementary measures following Schrems II|https://edpb.europa.eu/news/news/2020/european-data-protection-board-41st-plenary-session-edpb-adopts-recommendations_en]] |Privacy Europe|
|2020.07.16|//Hogan Lovells//|[[Schrems II: Privacy Shield invalidated and Standard Contractual Clauses under scrutiny|https://www.engage.hoganlovells.com/knowledgeservices/news/schrems-ii-privacy-shield-invalidated-and-standard-contractual-clauses-under-scrutiny]]|Privacy Europe|
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|>|>|>|''Acquisitions'' |
|2020.12.11|TechIncidents|[[Salesforce To Acquire Slack In $27.7 Billion Deal|https://techincidents.com/salesforce-acquire-slack/]]|Acquisition|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''APIs'' |
|>|>|>|''DNS / BGP / NTP'' |
|2020.11.13|//Cloudflare//|[[SAD DNS Explained|https://blog.cloudflare.com/sad-dns-explained/]]|!DNS|
|>|>|>|''Privacy Shield'' |
|>|>|>|''SASE'' |
|>|>|>|''Autres / Others'' |
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.11.13|
|2020.11.13|Secure Cloud Blog|[[Securing Azure Lighthouse with Azure Policy and Azure Privileged Identity Management for MSP's and customers|https://securecloud.blog/2020/11/13/securing-azure-lighthouse-with-azure-policy-and-azure-privileged-identity-management-for-msps-and-customers/]]|
|2020.11.13|DZone|[[Monitoring Your Kubernetes Cluster the Right Way|https://dzone.com/articles/monitoring-your-kubernetes-cluster-the-right-way]]|K8s|
|2020.11.13|//Help Net Security//|[[Uptycs enhances detection and investigation for on-premises and cloud workloads|https://www.helpnetsecurity.com/2020/11/13/uptycs-enhances-detection-and-investigation/]]|Products Forensics|
|2020.11.13|//Cloudcheckr//|[[How to Build Your Secure Cloud Architecture|https://cloudcheckr.com/cloud-security/build-secure-public-cloud-architecture/]]|Architecture|
|2020.11.13|//Avanan//|[[Why 1+1=0: Turn Mimecast Off to Improve Your Microsoft 365 Security|https://www.avanan.com/blog/why-110-turn-mimecast-off-to-improve-your-microsoft-365-security]]|M365 Architecture|
|2020.11.13|//Netskope//|[[Here Comes TroubleGrabber: Stealing Credentials Through Discord|https://www.netskope.com/blog/here-comes-troublegrabber-stealing-credentials-through-discord]]|Tools Attack|
|2020.11.13|//Tufin//|[[How to Avoid Paying Ransom Due to Your Cloud Security Vendor|https://www.tufin.com/blog/avoid-paying-ransom-cloud-security-vendor]]|Misc|
|>|>|>|!2020.11.12|
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[À la découverte des services de chiffrement des fournisseurs cloud|https://www.lemagit.fr/essentialguide/A-la-decouverte-des-services-de-chiffrement-des-fournisseurs-cloud]] |Encryption|
|2020.11.12|Le Mag IT[>img[iCSF/flag_fr.png]]|![[Les services de chiffrement des fournisseurs cloud français|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-des-fournisseurs-cloud-francais]] |Encryption France|
|2020.11.12|SANS ISC Handler|![[Preventing Exposed Azure Blob Storage|https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/]]|Azure Prevention|
|2020.11.12|SANS ISC Handler|![[Exposed Blob Storage in Azure|https://isc.sans.edu/forums/diary/Exposed+Blob+Storage+in+Azure/26784/]]|Azure Prevention|
|2020.11.12|World Economic Forum|![[5 questions your business must answer to understand the hidden risks in the cloud|https://www.weforum.org/agenda/2020/11/business-risks-cloud-computing/]] |Risks|
|2020.11.12|Sandrino Di Mattia|[[Deploying changes to your Auth0 accounts with GitHub Actions|https://sandrino.dev/blog/github-actions-deploy-auth0]]|Authentication|
|2020.11.12|Thomas Maurer|[[Connect a Hybrid Server to Azure using Azure Arc|https://www.thomasmaurer.ch/2020/11/connect-a-hybrid-server-to-azure-using-azure-arc/]]|Azure_Arc|
|2020.11.12|JD Supra Law|[[Minimizing Risk with Amazon Web Services|https://www.jdsupra.com/legalnews/minimizing-risk-with-amazon-web-services-78005/]]|AWS Risks|
|2020.11.12|The Register|[[Kids' gaming website Animal Jam breached after miscreants spot private AWS key on pwned Slack channel|https://www.theregister.com/2020/11/12/animal_jam_breached/]]|Data_Leak AWS|
|2020.11.12|KitPloit|[[Leonidas - Automated Attack Simulation In The Cloud, Complete With Detection Use Cases|https://www.kitploit.com/2020/11/leonidas-automated-attack-simulation-in.html]]|Tools Simulation|
|2020.11.12|//RhinoSecurity Labs//|[[CloudGoat ECS_EFS_Attack Walkthrough - Introduction to Simulated AWS Attacks|https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/]]|AWS|
|2020.11.12|//Alcide//|![[Kubernetes Threat Vectors: Part 3 - Persistence|https://www.alcide.io/kubernetes-threat-vectors-part-3-persistence]] (3/11) |Kubernetes Threats|
|2020.11.12|//Zettaset//|[[New Research Confirms Enterprise Organizations Have Embraced Containers and Kubernetes but are Struggling to Properly Secure Data Stored in Cloud-Native Environments|https://vmblog.com/archive/2020/11/12/new-research-confirms-enterprise-organizations-have-embraced-containers-and-kubernetes-but-are-struggling-to-properly-secure-data-stored-in-cloud-native-environments.aspx]]|Report Kubernetes|
|2020.11.12|BetaNews| → [[Enterprises accelerate cloud transformation but struggle with security|https://betanews.com/2020/11/12/enterprises-cloud-transformation-struggle-security/]]|Report Kubernetes|
|2020.11.13|Help Net Security| → [[Enterprises embrace Kubernetes, but lack security tools to mitigate risk|https://www.helpnetsecurity.com/2020/11/13/enterprises-embrace-kubernetes-lack-security-tools/]]|Report Kubernetes|
|2020.11.12|//Security Intelligence//|[[Implement Cloud Security Best Practices With This Guide|https://securityintelligence.com/articles/implement-cloud-security-best-practices/]]|Best_Practices|
|2020.11.12|//Security Intelligence//|[[Data Security: Building for Today's Hybrid Cloud World|https://securityintelligence.com/posts/modern-data-security-architecture-building-hybrid-cloud/]]|Hybrid_Cloud|
|2020.11.12|//Netskope//|[[SASE and the Forces Shaping Digital Transformation Part 2: Organizational Culture & Adversaries and Threats|https://www.netskope.com/blog/sase-and-the-forces-shaping-digital-transformation-part-2-organizational-culture-adversaries-and-threats]] (2/3)|SASE|
|2020.11.12|//Qualys//|[[Securing Cloud and Container Workloads: A View From the Trenches|https://blog.qualys.com/product-tech/2020/11/12/securing-cloud-and-container-workloads-a-view-from-the-trenches]]|Containers|
|2020.11.12|//StackRox//|[[What is CNCF's CKS Exam and What is Covered?|https://www.stackrox.com/post/2020/11/what-is-cncf-certified-kubernetes-security-specialist-cks-exam-and-what-is-covered/]]|Certification Kubernetes|
|2020.11.12|//Fugue//|[[Sonatype and Fugue Partner to Shift Cloud Security Left and Ensure Continuous Policy Compliance|https://www.fugue.co/press/releases/sonatype-and-fugue-partner-to-shift-cloud-security-left-and-ensure-continuous-policy-compliance]]|Products|
|2020.11.12|//Fugue//| → [[Our Partnership with Sonatype: Securing the Modern Cloud Attack Surface|https://www.fugue.co/blog/fugue-and-sonatype]]|Products|
|2020.11.12|//Sonatype//| → [[Open Source and Cloud Security Together at Last|https://blog.sonatype.com/sonatype-and-fugue]]|Products|
|2020.11.12|//Darkbit//|[[Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform|https://darkbit.io/blog/announcing-opencspm]]|CSPM|
|>|>|>|!2020.11.11|
|2020.11.11|TL;DR Security|[[#60 - Cartography + IAM, Security Scorecard, Self-service Security|https://tldrsec.com/blog/tldr-sec-060/]] |Weekly_Newsletter|
|2020.11.11|SilverLining Podcast|![[Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC|https://silverlining-il.castos.com/episodes/episode-28-analyzing-cloud-attack-vectors-saas-marketplaces-and-office-365-bec]] ([[mp3|https://episodes.castos.com/5e4aaf232467c1-76191533/silverlining-podcast-%D7%A2%D7%95%D7%A4%D7%A8-%D7%9E%D7%90%D7%95%D7%A8.mp3]]) |Podcast|
|2020.11.11|Computer Weekly|[[Microsoft consumer cloud outage blights Outlook.com and OneDrive users|https://www.computerweekly.com/news/252491909/Microsoft-consumer-cloud-outage-blights-Outlookcom-and-OneDrive-users]]|Outage|
|2020.11.11|Computer Weekly|[[How do VPN vs. cloud services compare for remote work?|https://searchnetworking.techtarget.com/answer/How-do-VPN-vs-cloud-services-compare-for-remote-work]]|WFH VPN|
|2020.11.11|Hack a Day|[[Linux Fu: Send in the (Cloud) Clones|https://hackaday.com/2020/11/10/linux-fu-send-in-the-cloud-clones/]]|Misc|
|2020.11.11|Zitai Chen|[[VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface|https://zt-chen.github.io/voltpillager/]] ([[pdf|https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf]])|SGX Attacks|
|2020.11.14|The Register| → [[Stick a fork in SGX, it's done: Intel's cloud-server security defeated by $30 chip and electrical shenanigans|https://www.theregister.com/2020/11/14/intel_sgx_protection_broken/]]|SGX Attacks|
|2020.11.16|Security Week| → [[VoltPillager: New Hardware-Based Voltage Manipulation Attack Against Intel SGX|https://www.securityweek.com/voltpillager-new-hardware-based-voltage-manipulation-attack-against-intel-sgx]]|SGX Attacks|
|2020.11.11|Last Week in AWS|[[Why AWS Announces Regions in Advance|https://www.lastweekinaws.com/blog/why-aws-announces-regions-in-advance/]]|AWS Regions|
|2020.11.11|//pCloud//|[[Europeans don't trust US tech giants with their data|https://betanews.com/2020/11/11/europeans-dont-trust-us-tech-giants/]]|Survey|
|2020.11.12|CISO Mag| → [[Why Europeans Don't Trust U.S. Organizations with their Data|https://cisomag.eccouncil.org/why-europeans-dont-trust-u-s-organizations-with-their-data/]]|Survey|
|2020.11.11|Cloud Native Computing Foundation|[[The top Kubernetes APIs for cloud-native observability, part 1: the Kubernetes metrics, service, & container APIs|https://www.cncf.io/blog/2020/11/11/the-top-kubernetes-apis-for-cloud-native-observability-part-1-the-kubernetes-metrics-service-container-apis/]] (1/7)|K8s|
|2020.11.11|//Cloudonaut//|[[Comparing API Gateways on AWS|https://cloudonaut.io/comparing-api-gateways-on-aws/]]|APIs AWS|
|2020.11.11|//Build5Nines//|[[Fix Kubernetes Dashboard Strange 401 Unauthorized, 503 Service Unavailable Errors|https://build5nines.com/fix-kubernetes-dashboard-strange-401-unauthorized-503-service-unavailable-errors/]]|K8s|
|2020.11.11|//Rapid7//|[[2021 Detection and Response Planning, Part 4: Planning for Success with a Cloud SIEM|https://blog.rapid7.com/2020/11/11/2021-detection-and-response-planning-part-4-planning-for-success-with-a-cloud-siem/]]|SIEM|
|>|>|>|!2020.11.10|
|2020.11.10|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'IBM : Key Protect, Cloud HSM 7.0 et Hyper Crypto Services|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dIBM-Key-Protect-Cloud-HSM-70-et-Hyper-Crypto-Services]]|Encryption IBM_Cloud|
|2020.11.10|Brian Christner|[[How to use Docker Security Scan Locally|https://brianchristner.io/how-to-use-docker-scan/]]|Docker Scan|
|2020.11.10|Forensics Focus|![[Best Strategies For Remote Collections Of Computer, Mobile And Cloud Data|https://www.forensicfocus.com/webinars/best-strategies-for-remote-collections-of-computer-mobile-and-cloud-data/]] ([[vidéo|https://www.youtube.com/watch?v=I0rCGRQTWZg]]) |Forensics|
|2020.11.10|DevOps|[[Achieve Cloud Resilience Through Systematic (and Chaotic) Testing|https://devops.com/achieve-cloud-resilience-through-systematic-and-chaotic-testing/]]|Testing Resilience|
|2020.11.10|Container Journal|[[Using Machine Learning and Kubernetes Logs to Automate Security Threat Detection|https://containerjournal.com/topics/container-security/using-machine-learning-and-kubernetes-logs-to-automate-security-threat-detection/]]|K8s Detection|
|2020.11.10|CSO Online|[[Developing a multicloud security strategy|https://www.csoonline.com/article/3587799/developing-a-multicloud-security-strategy.html]]|Multicloud|
|2020.11.10|CSO Online|[[Cloud Security Topics: Using Network Threat Protection to Decrease Vulnerability|https://www.csoonline.com/article/3591583/cloud-security-topics-using-network-threat-protection-to-decrease-vulnerability.html]]|Network Protection|
|2020.11.10|GBHackers On Security|[[A Hacker's Perspective: How Easy it is to Steal Data Through Consumer Cloud Services|https://gbhackers.com/a-hackers-perspective-how-easy-it-is-to-steal-data-through-consumer-cloud-services/]]|Threats|
|2020.11.10|//Fairwinds//|![[Kubernetes Maturity Model|https://www.fairwinds.com/kubernetes-maturity-model]] |K8s Maturity|
|2020.11.10|//Fairwinds//| → [[Fairwinds Introduces Industry-First End-to-End Kubernetes Maturity Model|https://vmblog.com/archive/2020/11/10/fairwinds-introduces-industry-first-end-to-end-kubernetes-maturity-model.aspx]]|K8s Maturity|
|2020.11.10|//Duo Security//|[[2020 Duo Trusted Access Report|https://duo.com/resources/ebooks/the-2020-duo-trusted-access-report]]|Report|
|2020.11.10|Dark Reading| → [[Cloud Usage, Biometrics Surge As Remote Work Grows Permanent|https://www.darkreading.com/threat-intelligence/cloud-usage-biometrics-surge-as-remote-work-grows-permanent/d/d-id/1339413]]|Report|
|2020.11.10|//StakRox//|[[OpenShift Networking and Cluster Access Best Practices|https://www.stackrox.com/post/2020/11/openshift-networking-and-cluster-access-best-practices/]] (2/5)|Openshift Best_Practices|
|2020.11.10|//Webroot//|[[Getting to Know Cloudjacking and Cloud Mining Could Save Your Business|https://www.webroot.com/blog/2020/11/10/getting-to-know-cloudjacking-and-cloud-mining-could-save-your-business/]]|Attacks|
|2020.11.10|//TechGenix//|[[Cloud-jacking: An evolving and dangerous cybersecurity threat|http://techgenix.com/cloud-jacking/]]|Threats|
|2020.11.10|//Crowdstrike//|[[Blind Spots in the Cloud|https://www.crowdstrike.com/blog/beware-blind-spots-in-the-cloud/]]|Visibility AWS GCP|
|2020.11.10|//Lacework//|[[Meet Muhstik - IoT Botnet Infecting Cloud Servers|https://www.lacework.com/meet-muhstik-iot-botnet-infecting-cloud-servers/]]|Botnet Attacks|
|2020.11.11|Bleeping Computer| → [[Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal|https://www.bleepingcomputer.com/news/security/chinese-linked-muhstik-botnet-targets-oracle-weblogic-drupal/]]|Botnet Attacks|
|2020.11.10|//OpenText//|[[OpenText brings Digital Investigation to the Cloud with Microsoft Azure|https://vmblog.com/archive/2020/11/10/opentext-brings-digital-investigation-to-the-cloud-with-microsoft-azure.aspx]]|Azure Forensics|
|2020.11.10|//Divvy Cloud//|[[Amazon Web Services Identity and Access Management, by the Numbers|https://divvycloud.com/how-divvycloud-by-rapid-7-keeps-customer-clouds-out-of-the-news/]]|AWS IAM|
|2020.11.10|//Help Net security//|[[Remove excessive cloud permissions with CyberArk Cloud Entitlements Manager|https://www.helpnetsecurity.com/2020/11/10/cyberark-cloud-entitlements-manager/]]|Products CyberArk|
|2020.11.10|//BusinessWire//|[[Zix Acquires Leading Cloud-Based Backup and Recovery Provider CloudAlly|https://www.businesswire.com/news/home/20201109005607/en/Zix-Acquires-Leading-Cloud-Based-Backup-and-Recovery-Provider-CloudAlly]]|Acquisition|
|2020.11.10|MSSP Alert| → [[Zix Acquires CloudAlly for $30M; Converges Email Security and Cloud Backup|https://www.msspalert.com/investments/zix-acquires-cloudally-for-30m-converges-email-security-and-cloud-backup/]]|Acquisition|
|2020.11.10|//Anchore//|[[Enforcing the DoD Container Image and Deployment Guide with Anchore Federal|https://anchore.com/blog/enforcing-the-dod-container-image-and-deployment-guide-with-anchore-federal/]]|DevSecOps Containers|
|2020.11.10|//Weave Works//|[[Part 2 - Distributed Systems, Disaster Recovery and GitOps|https://www.weave.works/blog/part-2-distributed-systems-disaster-recovery-and-gitops]] (2/2)|DRP GitOps|
|>|>|>|!2020.11.09|
|2020.11.09|Bleeping Computer|[[Fake Microsoft Teams updates lead to Cobalt Strike deployment|https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/]]|Teams Attacks|
|2020.11.09|DC Velocity|[[8 Valuable Tips for Securing your Data on the Cloud in 2020|https://www.dcvelocity.com/articles/47909-8-valuable-tips-for-securing-your-data-on-the-cloud-in-2020]]|Tips|
|2020.11.09|Le Mag IT[>img[iCSF/flag_fr.png]]|[[OVHcloud en route pour devenir l'alternative européenne à AWS|https://www.lemagit.fr/actualites/252491753/OVHcloud-en-route-pour-devenir-lalternative-europeenne-a-AWS]]|OVHcloud GCP Europe|
|2020.11.09|Silicon[>img[iCSF/flag_fr.png]]|[[OVHcloud : un levier souverain pour Google Cloud en Europe|https://www.silicon.fr/ovhcloud-levier-souverain-google-cloud-europe-351107.html]]|OVHcloud GCP Europe|
|2020.11.10|Computer Weekly| → [[Google and OVHcloud to bring co-built cloud services to European enterprises|https://www.computerweekly.com/news/252491823/Google-and-OVHcloud-to-bring-co-built-cloud-services-to-European-enterprises]]|OVHcloud GCP Europe|
|2020.11.11|The Register| → [[Cutting the ties: European hosting provider OVHCloud to offer Google Anthos, no Google account needed|https://www.theregister.com/2020/11/11/european_hosting_provider_ovhcloud_will/]]|OVHcloud GCP Europe|
|2020.11.09|Sami Lamppu|[[Send Azure AD Identity Protection Events To 3rd Party SIEM|https://samilamppu.com/2020/11/09/send-azure-ad-identity-protection-events-to-3rd-party-siem/]]|AzureAD SIEM|
|2020.11.09|Security and Cloud 24/7|[[Why not just have DevOps without the Sec?|https://security-24-7.com/why-not-just-have-devops-without-the-sec/]]|DevSecOps|
|2020.11.09|OWASP|[[Update Docker_Security_Cheat_Sheet.md|https://github.com/OWASP/CheatSheetSeries/pull/505]]|Docker|
|2020.11.09|Homeland Security Newswire|[[Cloud-Based Framework Improves Efficiency in Disaster-Area Management|http://www.homelandsecuritynewswire.com/dr20201109-cloudbased-framework-improves-efficiency-in-disasterarea-management]]|Misc|
|2020.11.09|//Le Mag IT//[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de Microsoft : Azure Key Vault|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-Microsoft-Azure-Key-Vault]]|Encryption Azure|
|2020.11.09|//Alcide//|[[Kubernetes Security Is Not Container Security|https://blog.alcide.io/kubernetes-security-is-not-container-security]]|K8s|
|2020.11.09|//Threatpost//|[[Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak|https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/]]|Data_Leak|
|2020.11.06|Web Site Planet| ← ''[[Report: Hotel Reservation Platform Leaves Millions of People Exposed in Massive Data Breach|https://www.websiteplanet.com/blog/prestige-soft-breach-report/]]''|Data_Leak|
|2020.11.09|InfoSecurity Mag| → [[Hotel Booking Firm Leaks Data on Millions of Guests|https://www.infosecurity-magazine.com/news/hotel-booking-firm-leaks-data/]]|Data_Leak|
|2020.11.10|Graham Cluley| → [[Millions of hotel guests worldwide have their private details exposed|https://grahamcluley.com/hotel-software-data-breach/]]|Data_Leak|
|2020.11.10|Secure Thoughts| → [[Hosting Provider Exposed 63M Records incl. WP & Magento|https://securethoughts.com/hosting-provider-exposed-63-million-customer-records/]]|Data_Leak|
|2020.11.10|Dark Reading| → [[Hotels.com & Expedia Provider Exposes Millions of Guests' Data|https://www.darkreading.com/cloud/hotelscom-and-expedia-provider-exposes-millions-of-guests-data/d/d-id/1339407]]|Data_Leak|
|2020.11.10|Silicon Angle| → [[10M+ hotel reservations found exposed on misconfigured cloud storage|https://siliconangle.com/2020/11/09/10m-hotel-reservations-found-exposed-misconfigured-cloud-storage/]]|Data_Leak|
|2020.11.10|Computer Weekly| → [[Leaky AWS S3 bucket once again at centre of data breach|https://www.computerweekly.com/news/252491842/Leaky-AWS-S3-bucket-once-again-at-centre-of-data-breach]]|Data_Leak|
|2020.11.11|Bit Defender| → [[Hotel Reservation Platform Leaks 7 Years' Worth of Customer Records, Exposes Millions to Fraud and Extortion|https://hotforsecurity.bitdefender.com/blog/hotel-reservation-platform-leaks-7-years-worth-of-customer-records-exposes-millions-to-fraud-and-extortion-24511.html]]|Data_Leak|
|2020.11.09|//XM Cyber//|[[Top 4 Hybrid Cloud Security Challenges|https://www.xmcyber.com/top-4-hybrid-cloud-security-challenges/]]|Hybrid_Cloud|
|>|>|>|!|
|2020.11.06|EY Canada|[[EY Canada welcomes IDMSense to the firm to enhance Digital Identity solutions for clients|https://www.ey.com/en_ca/news/2020/11/ey-canada-welcomes-idmsense-to-the-firm-to-enhance-digital-identity-solutions-for-clients]]|Acquisition|
|2020.11.09|MSSP Alert| → [[Ernst & Young Acquires Cloud Identity Management Company IDMSense|https://www.msspalert.com/investments/ernst-young-buys-idmsense/]]|Acquisition|
|2020.11.13|//Cloudcheckr//|[[How to Build Your Secure Cloud Architecture|https://cloudcheckr.com/cloud-security/build-secure-public-cloud-architecture/]]|Architecture|
|2020.11.12|JD Supra Law|[[Minimizing Risk with Amazon Web Services|https://www.jdsupra.com/legalnews/minimizing-risk-with-amazon-web-services-78005/]]|AWS Risks|
|2020.11.12|//RhinoSecurity Labs//|[[CloudGoat ECS_EFS_Attack Walkthrough - Introduction to Simulated AWS Attacks|https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-ecs_efs_attack/]]|AWS|
|2020.11.12|//Security Intelligence//|[[Data Security: Building for Today's Hybrid Cloud World|https://securityintelligence.com/posts/modern-data-security-architecture-building-hybrid-cloud/]]|Hybrid_Cloud|
|2020.11.11|//pCloud//|[[Europeans don't trust US tech giants with their data|https://betanews.com/2020/11/11/europeans-dont-trust-us-tech-giants/]]|Survey|
|2020.11.12|CISO Mag| → [[Why Europeans Don't Trust U.S. Organizations with their Data|https://cisomag.eccouncil.org/why-europeans-dont-trust-u-s-organizations-with-their-data/]]|Survey|
|2020.11.11|//Cloudonaut//|[[Comparing API Gateways on AWS|https://cloudonaut.io/comparing-api-gateways-on-aws/]]|APIs AWS|
|2020.11.11|//Rapid7//|[[2021 Detection and Response Planning, Part 4: Planning for Success with a Cloud SIEM|https://blog.rapid7.com/2020/11/11/2021-detection-and-response-planning-part-4-planning-for-success-with-a-cloud-siem/]]|SIEM|
|2020.11.10|DevOps|[[Achieve Cloud Resilience Through Systematic (and Chaotic) Testing|https://devops.com/achieve-cloud-resilience-through-systematic-and-chaotic-testing/]]|Testing Resilience|
|2020.11.10|CSO Online|[[Cloud Security Topics: Using Network Threat Protection to Decrease Vulnerability|https://www.csoonline.com/article/3591583/cloud-security-topics-using-network-threat-protection-to-decrease-vulnerability.html]]|Network Protection|
|2020.11.10|GBHackers On Security|[[A Hacker's Perspective: How Easy it is to Steal Data Through Consumer Cloud Services|https://gbhackers.com/a-hackers-perspective-how-easy-it-is-to-steal-data-through-consumer-cloud-services/]]|Threats|
|2020.11.10|//StakRox//|[[OpenShift Networking and Cluster Access Best Practices|https://www.stackrox.com/post/2020/11/openshift-networking-and-cluster-access-best-practices/]] (2/5)|Openshift Best_Practices|
|2020.11.10|//OpenText//|[[OpenText brings Digital Investigation to the Cloud with Microsoft Azure|https://vmblog.com/archive/2020/11/10/opentext-brings-digital-investigation-to-the-cloud-with-microsoft-azure.aspx]]|Azure Forensics|
|2020.11.10|//Divvy Cloud//|[[Amazon Web Services Identity and Access Management, by the Numbers|https://divvycloud.com/how-divvycloud-by-rapid-7-keeps-customer-clouds-out-of-the-news/]]|AWS IAM|
|2020.11.10|//Help Net security//|[[Remove excessive cloud permissions with CyberArk Cloud Entitlements Manager|https://www.helpnetsecurity.com/2020/11/10/cyberark-cloud-entitlements-manager/]]|Products CyberArk|
|2020.11.09|Sami Lamppu|[[Send Azure AD Identity Protection Events To 3rd Party SIEM|https://samilamppu.com/2020/11/09/send-azure-ad-identity-protection-events-to-3rd-party-siem/]]|AzureAD SIEM|
|2020.11.09|//XM Cyber//|[[Top 4 Hybrid Cloud Security Challenges|https://www.xmcyber.com/top-4-hybrid-cloud-security-challenges/]]|Hybrid_Cloud|
<<tiddler [[arOund0C]]>>
/%
Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data|https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/recommendations-012020-measures-supplement-transfer_en
Start Date: 11 November 2020 End Date: 21 December 2020 Public consultation reference: R01/2020 Status: Open for feedback
https://edpb.europa.eu/sites/edpb/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf
https://edpb.europa.eu/sites/edpb/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf
|2020.11.11|//Microsoft Azure//|[[AWS to Azure services comparison|https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services]]|Azure AWS|
|2020.11.10|//Webroot//|[[Getting to Know Cloudjacking and Cloud Mining Could Save Your Business|https://www.webroot.com/blog/2020/11/10/getting-to-know-cloudjacking-and-cloud-mining-could-save-your-business/]]|Cloud_Jacking Cloud_Mining|
|2020.10.11|//CodeBurst//|[[VPC Networking: GCP v.s. AWS|https://codeburst.io/vpc-networking-gcp-v-s-aws-77a80bc7cfe2]]|VPC GCP AWS|
|2020.09.26|//CodeBurst//|[[Microservices Starter Kit|https://codeburst.io/microservices-starter-kit-17fcc7c53899]] ([[code|https://github.com/larkintuckerllc/starter-kit]])|Microservices|
|2020.09.11|//CodeBurst//|[[Kubernetes Dynamic Admission Control by Example|https://codeburst.io/kubernetes-dynamic-admission-control-by-example-d8cc2912027c]] ([[code|https://github.com/larkintuckerllc/hello-dynamic-admission-control]])|Kubernetes Access_Control|
|2020.09.01|//CodeBurst//|[[Automating Kubernetes Best Practices|https://codeburst.io/automating-kubernetes-best-practices-7a8276ff7b08]]|K8s Best_Practices|
|2020.08.26|//CodeBurst//|[[The AWS Client VPN Federated Authentication Missing Example|https://codeburst.io/the-aws-client-vpn-federated-authentication-missing-example-655e0a1ff7f4]]|AWS VPN Authentication|
|2020.08.21|//CodeBurst//|[[Missing the Point in Securing OAuth 2.0|https://codeburst.io/missing-the-point-in-securing-oauth-2-0-83968708b467]]|OAuth|
|2020.08.20|//CodeBurst//|[[OpenID Connect Client by Example|https://codeburst.io/openid-connect-client-by-example-76caf6dae55e]]|OpenID|
|2020.08.13|//CodeBurst//|[[Amazon CloudWatch Metrics By Example|https://codeburst.io/amazon-cloudwatch-metrics-by-example-249826b1404d]]|AWS CloudWatch|
|2020.08.09|//CodeBurst//|[[AWS: Delegating Access Control with Confidence|https://codeburst.io/aws-delegating-access-control-with-confidence-10b8dd83fd83]]|AWS Access_Control|
|2020.07.12|//CodeBurst//|[[AWS EKS Authentication with OpenID Connect by Example|https://codeburst.io/aws-eks-authentication-with-openid-connect-by-example-70b1989e689b]]|AWS EKS|
|2020.07.09|Portail de l'IE[>img[iCSF/flag_fr.png]]|![[GAIA-X, le cloud franco-allemand qui veut poser les bases de la souveraineté numérique européenne|https://portail-ie.fr/analysis/2420/gaia-x-le-cloud-franco-allemand-qui-veut-poser-les-bases-de-la-souverainete-numerique-europeenne]] |GAIA-X|
|2020.06.23|//CodeBurst//|[[AWS Attribute Based Access Control (ABAC) By Example|https://codeburst.io/aws-attribute-based-access-control-abac-by-example-4dffabed40a4]]|AWS ABAC|
|2020.06.04|Economie.Gouv.Fr[>img[iCSF/flag_fr.png]]|![[Concrétisation du projet "GAIA-X", une infrastructure européenne de données|https://www.economie.gouv.fr/concretisation-projet-gaia-x-infrastructure-europeenne-donnees]] ([[Comuniqué|https://minefi.hosting.augure.com/Augure_Minefi/r/ContenuEnLigne/Download?id=455CDCF3-24F8-42BB-B9C7-8837AED20249&filename=2186%20CP%20conjoint%20franco-allemand%20-%20infrastructure%20de%20donn%C3%A9es%20GAIA%20X.pdf]])|GAIA-X|
|2020.02.21|Blocks & Files|[[Commvault looms large on hybrid cloud data protection radar screen|https://blocksandfiles.com/2020/02/21/gigaom-puts-hybrid-cloud-data-protection-on-the-radar/]]|Hybrid_Cloud|
|2019.03.21|Kubernetes|[[A Guide to Kubernetes Admission Controllers|https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/]]|K8s Access_Control|
|2019.02.19|Gouvernement.Fr|[[Franco-German Manifesto|https://www.gouvernement.fr/en/a-franco-german-manifesto-for-a-european-industrial-policy-fit-for-the-21st-century]]|GAIA-X|
|2018.06.22|Portail de l'IE[>img[iCSF/flag_fr.png]]|[[Cloud Act, l'offensive américaine pour contrer le RGPD|https://portail-ie.fr/analysis/1902/cloud-act-loffensive-americaine-pour-contrer-le-rgpd]]|CLOUD_Act GDPR|
|2017.12.18|//Tripwire//|[[Preventing Yet Another AWS S3 Storage Breach|https://www.tripwire.com/state-of-security/featured/preventing-yet-another-aws-s3-storage-breach-with-tripwire/]]|AWS Storage Prevention|
Although CSA-FR has relied on what it regards as reliable sources while compiling the content herein, CSA-FR cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by CSA-FR in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.
%/
!"//Seven Steps to defining the art of the possible in DevOps//"
[>img(150px,auto)[iCSA/KBEBS.png]]Article de blog publié le 14 novembre 2020 • Rédigé par Craig Thomas, Chapitre Washington DC de la CSA et VP of Engineering chez C2 Labs
<<<
//We all love buzzwords, and one over the last couple/few years has been DevOps. What in the world does it mean? I have talked to people that think it means Agile/SCRUM methodology, while others think it is just Docker containers. To some people it is just scripts to manage their network infrastructure and Linux servers, and to others it is a Continuous Integration/Continuous Deployment (CI/CD) pipeline using git repositories. Wikipedia says+++^*[»] https://en.wikipedia.org/wiki/DevOps ===:
|"DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. DevOps is complementary with Agile software development; several DevOps aspects came from Agile methodology." |
So which one is right?? As we work internally and with clients, I believe the best definition for me is a set of practices, techniques, and tools that make automation a reality. So, that may be Ansible/Chef/Puppet checking and setting configuration servers on infrastructure, Linux, and Windows servers. It is also the software development process. At the end of the day, it is looking at what is possible and putting it into action using the appropriate tools.
So, now we have the age old "tools discussion." It is a holy war. But I would say don't start there. Instead do this:
# Whiteboard out exactly what you want to do.
# Ask why. A LOT. Use the Five Whys+++^*[»] https://en.wikipedia.org/wiki/Five_whys === method to get to the root cause of existing problems with your businesses processes
# Take an inventory of your current tools, especially ones that already have agents installed or proper permissions
# Get and use a source code repository
# Start simple and modular, allowing for code/technique reuse
# RUTHLESSLY ELIMINATE all manual steps wherever possible
# Refactor and look for efficiencies.
# Rinse and repeat
So, what are some examples? To get you thinking, below are a couple of DevOps projects that we have successfully completed:
''EXAMPLE 1 - CI/CD Pipeline for Software Deployment''
This one is pretty "standard," but saves a ton of time and leverages several stages/additional pipelines throughout the process. Reach out and we can go into more details, but here are the high level pieces:
# Developer submits a PR (GitHub) or Merge Request (GitLab) to the "dev" branch of an Angular/.NET web application.
# Run .NET unit tests and report these results back to the GitHub PR
# Run Angular unit tests and report these results back to the GitHub PR
# Build a Docker Container
# Push it to Docker Hub or another container repository tagged with the commit hash
# Run an npm audit against the installed npm packages and report these results back to the GitHub PR
# Run container vulnerability scanning against the built container and report these results back to the GitHub PR
# Analyze the static code and publish the results to Sonarqube tool (i.e. for Quality or Section 508 issues)
The person approving the PR then has relevant data/results to view in addition to just looking at code. If he/she approves the PR, then the following happens:
# Download the latest Secrets and ConfigMap (environment variables) and deploy them to Kubernetes
# Update the image of the running pod in the DEV namespace of Kubernetes with the newly built image/commit hash
# Run Cucumber tests against DEV for basic smoke tests and other test cases
# Publish the Cucumber report to the pipeline
Now the app is up and running in DEV with nothing being done manually outside of the normal PR approval process. Developers and decision makers see more data to make more informed decisions. This approach lowers costs by eliminating manual labor, improves software quality, and ensure security vulnerabilities do not escape to production. This pipeline then continues all the way through to Production and releases for customers.
''EXAMPLE 2 - Extending This Pipeline''
So, how can we take this even further? Our software can run in a Docker container, but it also can be deployed using a standalone virtual appliance. We leverage the above pipelines to assist with this as well:
# A release tag is created in GitHub
# The release pushes the production container to Docker Hub for customers to deploy/update
# This process also creates a release in our Appliance pipeline
# This pipeline gets the release version as an input variable
# It updates the necessary files in its git repository
# It spins up a custom Linux box to do the build running in Azure/AWS/wherever
# It builds the appliance, creating an ISO
# It automatically uploads this ISO to an Azure Blob which is referenced from a URL or website
# It shuts down the Linux box to save compute costs within Azure/AWS
All this occurs once again from a single action of an authorized individual: creating a release in GitHub. Everything is 100% automated with the only thing required is a simple governance process to approve the release.
I hope this gave you a couple ideas of how DevOps can benefit you. The purpose of DevOps is putting automation into action. Ruthlessly eliminate every manual step possible. //
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/14/seven-steps-to-defining-the-art-of-the-possible-in-devops/
!"//California Privacy Rights Act: What Are the Consequences for Cloud Users?//"
[>img(150px,auto)[iCSA/KBDBC.jpg]]Article de blog publié le 13 novembre 2020 • Rédigé par Francoise Gilbert, DataMinding, Inc.
<<<
//California voters approved Proposition 24 on November 3, 2020, paving the way to the California Privacy Rights Act (CPRA), which, on January 1, 2023, will replace California's current data protection law, the California Consumer Privacy Act (CCPA). CPRA slightly reshapes CCPA, creating additional rights for consumers and additional obligations and restrictions for businesses related to the use of consumer's personal information, including limits to data collection and retention, among other.
''Most of CPRA will become operative on January 1, 2023''. The law will apply to personal information collected after January 1, 2022. There will be a 6-month delay between the effective date of the act and its enforcement, with enforcement actions commencing on July 1, 2023. In the meantime, CCPA will remain in full force and effect.
''Like CCPA, CPRA has significant implications for the cloud ecosystem, and it affects both providers and users of cloud services''. Users of cloud services will want to ensure that the cloud service they receive is built to enable their business to comply with its CCPA/CPRA obligations. Cloud service providers will want to anticipate the needs of their customers so that they can develop the appropriate tools and procedures, and warrant that the service they provide contains the features necessary for their customers to meet their CPRA obligations.
''Among other things CPRA:''
* Revises some of the definitions currently existing in CCPA; especially the definition of "business" and "sale", and defines new terms, such as "sensitive personal information" and "sharing";
* Increases security requirements with the addition of audits and assessments for businesses whose processing present a significant risk to consumers' privacy and security;
* Creates additional limitations and contractual requirements for service providers and contractors;
* Introduces several new concepts that are similar to those found in most modern data protection laws, worldwide; such as data minimization or retention limitation;
* Expands consumer rights with respect to their personal information; such as right to correction, or right to object to the use of automated decision making and profiling;
* Introduces the notion of "sharing" personal information; clarifying the difference between selling and sharing;
* Sets forth stringent limitations to cross-context behavioral targeting;
* Increases penalties for violations related to the personal information of children under 16;
* Creates a new agency responsible for enforcing the CPRA; and
* Extends the CCPA exemptions for B2B and Employee data
For a more detailed analysis of the CPRA see our post here+++^*[»] https://www.dataminding.com/meet-the-upcoming-california-privacy-rights-act-cpra/ === //
[...] Lire la suite sur le blog de la CSA.
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/13/california-privacy-rights-act-what-are-the-consequences-for-cloud-users/
[>img(300px,auto)[iCSF/KBGCF.png]]La 32ème conférence anuelle du FIRST (Forum of Incident Response and Security Teams) devait initialement se dérouler du 22 au 26 juin 2020 à Montréal.
Elle s'est transformée en une conférence en ligne les après-midis du lundi 16 au mercredi 18 novembre 2020.
Cette conférence est LA référence en matière de gestion d'incidents depuis les années 90 : elle couvre aussi des aspects tels que la Threat Intelligence, la détection et la prévention des attaques, la cyber-résilience, les aspects d'organisation et de maturité.
[>img(300px,auto)[iCSF/FIRST.png]]Seules 4 sessions traitent des aspects Cloud et Sécurité :
* ''Cyberespionage: Targeted Attacks Abusing Third-Party Cloud Services''
** Pré-enregistré et déjà disponible
** Intervenants : Daniel Lunghi (Trend Micro), Jaromir Horejsi (Trend Micro)
* ''Product Security: Education and Prevention through Root Cause Analysis in Secure Software Development Lifecycle''
** le 17 novembre de 14h à 14h30
** Intervenants : Stuart Short (SAP), Shipra Aggarwal (SAP)
* ''The Intelligent Process Lifecycle of Active Cyber Defenders''
** le 17 novembre de 14h35 à 15h05
** Intervenants : Desiree Sacher (Finanz Informatik), Eireann Leverett (Airbus)
* ''The Phish Pandemonium: The Value of Machine Learning to Extract Insights from Phishing URLs''
** le 18 novembre de 15h10 à 15h40
** Intervenants : Joy Nathalie Avelino (Trend Micro), Karla Agregado (Trend Micro)
__Liens :__
* Site de la conférence → https://www.first.org/conference/2020/
* Incriptions → https://www.first.org/conference/2020/registration
* Programme → https://www.first.org/conference/2020/sessions
* Sessions pré-enregistrées → https://www.first.org/conference/2020/on-demand
<<tiddler [[arOund0C]]>>
!"//Key Management when using Cloud Services//"
[>img(150px,auto)[iCSA/KB9PK.jpg]]Publication du 9 novembre 2020 //
<<<
!!Cloud Security Alliance Releases Key Management in Cloud Services: Understanding Encryption's Desired Outcomes and Limitations
__Document illustrates use of four key management patterns with cloud services, provides usage recommendations for managing data privacy, security expectations__
SEATTLE - Nov. 9, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released 'Key Management in Cloud Services: Understanding Encryption's Desired Outcomes and Limitations'+++^*[»] https://cloudsecurityalliance.org/artifacts/key-management-when-using-cloud-services ===, which examines both the uses and misconceptions of key management systems (KMS), which are used to manage cryptographic keys and their metadata. This guidance provides recommendations for using KMS in conjunction with cloud services to aid in meeting security and compliance requirements. It also makes suggestions for cloud service providers that provide key management functionality to customers.
"KMS is a means to an end, not an end in itself. While the capabilities it enables are tools that must serve business needs, it's imperative that we also recognize that KMS and encryption cannot address all business requirements," said Paul Rich, co-chair of the Cloud Key Management working group and one of the paper's lead authors. "Misconceptions about the capabilities of encryption persist, and regulatory requirements for key management and encryption are commonly unclear, undefined, or poorly understood. It's critical, therefore, that we not only understand the desired business outcomes of using encryption to protect data, but its limitations, as well."
Increasingly, organizations are realizing the many advantages that come from the cloud, including technological agility, elastic scale, speed to market, and lowered capital expenditures. Despite the benefits, cloud services also present challenges, particularly in terms of data privacy and security. The reason for this is that while encryption, as a technology, is used for secrecy/privacy in the transmission and storage of data, it's not the only technology used for this purpose - there are many cases where the use of encryption can be pointless, costly, and provide a false sense of security. Once encryption is established as a required or recommended piece of a technology architecture, it's crucial to understand the dynamics of encryption key generation, distribution, handling, and destruction.
Written by CSA's Cloud Key Management working group, the document examines the four primary cloud key management patterns that have emerged over the past decade, providing a snapshot of their attributes and challenges, as well as usage recommendations for:
* Cloud Native Key Management System. Here, KMS is built and owned by the same provider that delivers the cloud service the customer consumes, and all components of the KMS are in the cloud.
* External Key Origination. This pattern builds upon the Cloud Native model above, allowing for key generation ceremonies that originate with an external KMS.
* Cloud Service Using External Key Management System. The use of a cloud service where the KMS is hosted entirely external to the cloud service, either wholly on the customer's premises, wholly hosted by a third party chosen by the customer, or a combination of the two
* Multi-Cloud Key Management Systems. This pattern illustrates the ability to blend approaches for KMS implementations and cloud services.
"Understanding the organization's obligations and goals for data privacy and security should be the precursor to any technological solution or implementation, and that includes the use of encryption. A great deal of human energy and time has been wasted implementing encryption, where the outcome failed to deliver the expected data privacy or security. Establishing clear business and data privacy and security expectations can prevent some unpleasant outcomes," said Mike Schrock, Senior Director Global Business Development - Cloud Strategy for the Thales Group, lead author and co-chair of the Cloud Key Management working group.
//[...]//
<<<
!!!Introduction
> //The purpose of this document is to provide guidance for using Key Management Systems (KMS) with cloud services, whether the key management system is native to a cloud platform, external, self-operated, or yet another cloud service. Recommendations will be given to aid in determining which forms of key management systems are appropriate for different use cases.//
!!!Liens
* Annonce ⇒ https://cloudsecurityalliance.org/press-releases/2020/11/09/cloud-security-alliance-releases-key-management-in-cloud-services-understanding-encryption-s-desired-outcomes-and-limitations/
* Téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/key-management-when-using-cloud-services
* Document (PDF) ⇒ https://cloudsecurityalliance.org/download/artifacts/key-management-when-using-cloud-services/
!"//What is cloud security? How is it different from traditional on-premises network security?//"
[>img(150px,auto)[iCSA/KB9BW.jpg]]Article de blog publié le 9 novembre 2020 • Rédigé par Ryan Bergsma, Training Director, CSA
<<<
//Cloud is also becoming the back end for all forms of computing, including the ubiquitous Internet of Things+++^*[»] https://cloudsecurityalliance.org/artifacts/future-proofing-the-connected-world/ === and is the foundation for the information security industry. New ways of organizing compute, such as containerization+++^*[»] https://cloudsecurityalliance.org/artifacts/best-practices-for-implementing-a-secure-application-container-architecture/ === and DevOps+++^*[»] https://cloudsecurityalliance.org/artifacts/six-pillars-of-devsecops/ === are inseparable from cloud and accelerating the digital revolution.
So what is cloud security? How is security for cloud computing different from on-premise security? In this blog I'll attempt to answer those two questions.
(To learn more about best practices for securing a cloud environment read the CSA Security Guidance for Cloud Computing.)
!!What makes cloud computing unique from other forms of computing?
[>img(400px,auto)[iCSA/KB9B1.png]]There are many different ways of viewing cloud computing: It's a technology, a collection of technologies, an operational model, and a business model, just to name a few. Essentially cloud computing is a new operational model that combines the benefits of abstraction (virtualization) and automation (orchestration) for new ways of delivering and consuming technology. Cloud separates application and information resources from the underlying infrastructure and the mechanisms used to deliver them. Cloud describes the use of collection of services, applications, information and infrastructure comprised of pools of compute, network, information, and storage resources. Cloud provides an on-demand model of allocation and consumption.
Essential characteristics of Cloud Computing, service models and deployment models are all depicted in the following graph.
!!What are the differences between on-premise and cloud security?
There are security benefits to using cloud since cloud providers have significant economic incentives to protect customers. However, these benefits only appear if you understand and adopt cloud-native models and adjust your architectures and controls to align with the features and capabilities of cloud platforms. In fact, taking an existing application or asset and simply moving it to a cloud provider without any changes will often reduce agility, resiliency, and even security, all while increasing costs.
!!Cloud is primarily developer-driven.
Compared to on-premise security, cloud is primarily developer-driven. Every provider is fundamentally different at the lowest possible levels and old patterns are now new antipatterns. Often you will have things that look the same in the cloud but they are most definitely not the same. (For example: is a cloud route table the same as the one on your routers? The answer is no.)
!!The key difference between cloud and traditional computing is the metastructure.
At a high level, both cloud and traditional computing adhere to the following logical model that helps identify different layers based on functionality: infrastructure, metastructure, infostructure and applistructure. However cloud metastructure includes the management plane components, which are network-enabled and remotely accessible.
In the cloud, you tend to double up on each layer. Infrastructure, for example, includes both the infrastructure used to create the cloud as well as the virtual infrastructure used and managed by the cloud user. In private cloud, the same organization might need to manage both; in public cloud the provider manages the physical infrastructure while the consumer manages their portion of the virtual infrastructure. As we discuss further in the CSA Security Guidance v4+++^*[»] https://cloudsecurityalliance.org/research/guidance/ === this has profound implications on who is responsible for, and manages, security. These layers tend to map to different teams, disciplines, and technologies commonly found in IT organizations.
Cloud differs extensively from traditional computing within each layer of the meta structure. While the most obvious and immediate security management differences are in metastructure, cloud differs extensively from traditional computing within each layer. The scale of the differences will depend not only on the cloud platform, but on how exactly the cloud user utilizes the platform.
!!Cloud security scope and responsibilities change
[>img(400px,auto)[iCSA/KB9B2.png]]It might sound simplistic, but cloud security and compliance includes everything a security team is responsible for today, just in the cloud. All the traditional security domains remain, but the nature of risks, roles and responsibilities, and implementation of controls change, often dramatically. Though the overall scope of security and compliance doesn't change, the pieces any given cloud actor is responsible for most certainly do.
Think of it this way: Cloud computing is a shared technology model where different organizations are frequently responsible for implementing and managing different parts of the stack. As a result, security responsibilities are also distributed across the stack, and thus across the organizations involved. This is commonly referred to as the shared responsibility model. Think of it as a responsibility matrix that depends on the particular cloud provider and feature/product, the service model, and the deployment model.
Below is a graphical representation showing how responsibilities change depending on the cloud model (public, private or hybrid).
!!Common security pain points in cloud computing.
[>img(400px,auto)[iCSA/KB9B3.png]]The following 13 domains which comprise the CSA Security Guidance highlight areas of concern for cloud computing and are tuned to address both the strategic and tactical security "pain points" within a cloud environment, and can be applied to any combination of cloud service and deployment model.
The domains are divided into two broad categories: governance and operations. The governance domains are broad and address strategic and policy issues within a cloud computing environment, while the operational domains focus on more tactical security concerns and implementation within the architecture. You can read these best practices for free by downloading the CSA Security Guidance for Cloud Computing.
!!Learn more about cloud security by downloading the CSA Security Guidance for Cloud Computing.
[<img(100px,auto)[iCSA/KB9B4.png]]If you want to learn about cloud security we recommend that you start by reading the CSA Security Guidance for Cloud Computing which is freely available on our website. We also have a Certificate of Cloud Security Knowledge (CCSK) that provides a baseline level of knowledge for security and non-security professionals alike to understand how cloud changes security and best practices for staying secure in the cloud.//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/09/what-is-cloud-security-how-is-it-different-from-traditional-on-premises-network-security/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #89|2020.11.08 - Newsletter Hebdomadaire #89]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #89|2020.11.08 - Weekly Newsletter - #89]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.11.08 - Newsletter Hebdomadaire #89]]>> |<<tiddler [[2020.11.08 - Weekly Newsletter - #89]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> === is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 2 au 8 novembre 2020
!!1 - Informations CSA - 2 au 8 novembre 2020
* Blog : 'CCSK Success Stories: Cloud Security Education and the Digital Transformation'+++*[»]> <<tiddler [[2020.11.04 - Blog : 'CCSK Success Stories: Cloud Security Education and the Digital Transformation']]>>===
* Blog : 'Why lions shouldn't invest in DeFi Smart Contracts'+++*[»]> <<tiddler [[2020.11.02 - Blog : 'Why lions shouldn't invest in DeFi Smart Contracts']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 60 liens|2020.11.08 - Veille Hebdomadaire - 8 novembre]])
* __''À lire''__
** ABAC sur AWS (Scott Piper)+++^*[»]
|2020.11.02|Summit Route|![[The state of ABAC on AWS|https://summitroute.com/blog/2020/11/02/state_of_abac_on_aws/]] |AWS RBAC|
===
** 'Container Image Creation and Deployment Guide' (DISA/DoD)+++^*[»]
|2020.11.03|DISA|![[Container Image Creation and Deployment Guide - Version 2, Release 0.6|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/DevSecOps_Enterprise_Container_Image_Creation_and_Deployment_Guide_2.6-Public-Release.pdf]] (pdf)|DevSecOps Containers|
===
** New document repository (//Cloudonaut//)+++^*[»]
|2020.11.02|//Cloudonaut//|[[Introducing cloudonaut plus|https://cloudonaut.io/introducing-cloudonaut-plus/]]|Portal|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : Nouvelles techniques de phihsing O365 (//WMC Global//) • Abus avec les notifications Google Drive+++^*[»]
|2020.11.04|//WMC Global//|[[Office 365 Phishing Uses Image Inversion to Bypass Detection|https://www.wmcglobal.com/blog/office-365-phishing-uses-image-inversion-to-bypass-detection]]|O265 Phihsing|
|2020.11.03|GBHackers on Security|[[Attackers Using Google Drive Notifications to Trick the Users in Clicking Malicious Links|https://gbhackers.com/google-drive-notifications-abused/]]|Phishing Google_Drive|
===
** Vulnérabilités : Kubenetes (//CyberArk//)+++^*[»]
|2020.11.05|Container Journal|[[CyberArk Discloses Kubernetes Security Issues|https://containerjournal.com/topics/container-security/cyberark-discloses-kubernetes-security-issues/]]|K8s Flaw|
===
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Comptes de service Google Cloud (//Cloudberry Engineering//) • Images de containers • Openshift (//StakRox//) • AWS+++^*[»]
|2020.11.08|//Cloudberry Engineering//|[[Google Cloud Service Accounts Security Best Practices|https://cloudberry.engineering/article/google-cloud-service-accounts-security-best-practices/]]|GCP Best_Practices|
|2020.11.04|Container Journal|[[5 Best Practices for Ensuring Secure Container Images|https://containerjournal.com/topics/container-security/5-best-practices-for-ensuring-secure-container-images/]]|Container Images|
|2020.11.03|//StakRox//|[[OpenShift security best practices part 1 of 5: cluster design|https://www.stackrox.com/post/2020/11/openshift-security-best-practices-part-1-of-5-cluster-design/]] (1/5)|Openshift Best_Practices|
|2020.11.02|The Register|[[How to keep on top of AWS best security practices|https://go.theregister.com/feed/www.theregister.com/2020/11/02/aws_best_security_practices/]]|AWS Best_Practices|
===
* __Rapports, Sondages, Études, Publications__
* __Cloud Services Providers, Outils__
** AWS: Azure Sentinel (Christophe Parisel) • Services de chiffrement • Registre pour les images Docker • Politiques IAM (//Tenchi Security// et //Amazon AWS//)+++^*[»]
|2020.11.04|Christophe Parisel|![[Azure Sentinel part 1: why detection needs steroids|https://www.linkedin.com/pulse/azure-sentinel-part-1-why-detection-needs-steroids-christophe-parisel/]] (1/3) |Azure_Sentinel|
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'AWS : KMS et CloudHSM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dAWS-KMS-et-CloudHSM]]|Encryption AWS|
|2020.11.04|//Silicon Angle//|[[Amazon Web Services will build its own public registry for Docker container images|https://siliconangle.com/2020/11/03/amazon-web-services-will-build-public-registry-docker-container-images]]|AWS Docker Registry|
|2020.11.03|//Tenchi Security//|[[AWS Managed IAM Policies|https://www.tenchisecurity.com/blog/aws-managed-iam-policies]]|AWS IAM|
|2020.11.02|//Amazon AWS//|[[Aligning IAM policies to user personas for AWS Security Hub|https://aws.amazon.com/blogs/security/aligning-iam-policies-to-user-personas-for-aws-security-hub/]]|AWS_Security_Hub|
===
** Azure: Backups • Journalisation+++^*[»]
|2020.11.03|Daniel Neumann|[[Automate taking backups from Azure disks attached to Azure Kubernetes Service|https://www.danielstechblog.io/automate-taking-backups-from-azure-disks-attached-to-azure-kubernetes-service/]]|Azure Hubernetes Backups|
|2020.11.02|Thomas Stringer|[[Logging to Azure from an AKS Cluster|https://trstringer.com/native-azure-logging-aks/]]|Azure_AKS Logging|
===
** GCP: Services de chiffrement • Le paradoxe de la Confiance • Registre pour les containers • CDN+++^*[»]
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de GCP : Cloud KMS, Cloud HSM et Cloud EKM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-GCP-Cloud-KMS-Cloud-HSM-et-Cloud-EKM]]|Encryption GCP|
|2020.11.06|//Google Cloud//|[[The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less|https://cloud.google.com/blog/products/identity-security/trust-a-cloud-provider-that-enables-you-to-trust-them-less/]]|Trust|
|2020.11.05|//Google Cloud//|[[Hack your own custom domains for Container Registry|https://cloud.google.com/blog/topics/developers-practitioners/hack-your-own-custom-domains-container-registry/]]|GCP Containers Registry|
|2020.11.02|//Google Cloud//|[[Cache me if you can with latest Cloud CDN features|https://cloud.google.com/blog/products/networking/cloud-cdn-gets-improved-useability-features/]]|CDN|
===
** Oracle : Exemples de SSO+++^*[»]
|2020.11.03|//Oracle Cloud//|[[3 Patterns for Delivering Single Sign-On|https://blogs.oracle.com/cloudsecurity/3-patterns-for-delivering-single-sign-on]]|Oracle_Cloud SSO|
===
** Kubernetes : Visualiaation de Traffic • Automatisation de Workflow avec AWS EKS, GCP GKE, Azure AKS+++^*[»]
|2020.11.02|//Alcide//|[[Top Four Ways to Visualize Traffic Between Microservices in Kubernetes|https://blog.alcide.io/top-four-ways-to-visualize-traffic-between-microservices-in-kubernetes]]|K8s Microservices|
|2020.11.02|Cloud Native Computing Foundation|[[How To Run Kubernetes Workflow Automation with AWS EKS, GCP GKE, Azure AKS|https://www.cncf.io/blog/2020/11/02/how-to-run-kubernetes-workflow-automation-with-aws-eks-gcp-gke-azure-aks/]]|AWS_EKS Azure AKS GCP_GKE|
===
** Containers : Security intégrée+++^*[»]
|2020.11.04|//Qualys//|[[Built-in Runtime Security for Containers|https://blog.qualys.com/product-tech/2020/11/03/built-in-runtime-security-for-containers]]|Containers|
===
* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Podcasts : CI/CD•+++^*[»]
|2020.11.08||[[What The Heck Is CI/CD - Continuous Integration / Delivery / Deployment - Melissa Benua|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-THE-HECK-IS-CICD--Continuous-Integration--Delivery--Deployment---Melissa-Benua-em62rt]]|Podcast|
===
** Veilles : TL;DR Security 59 • The Cloud Security Reading List 62+++^*[»]
|2020.11.08|Marco Lancini|[[The Cloud Security Reading List #62|https://cloudseclist.com/issues/issue-62/]] |Weekly_Newsletter|
|2020.11.04|TL;DR Security|[[#59 - NAT Slipstreaming, Widespread Injection in GitHub Actions, Greppable Secrets|https://tldrsec.com/blog/tldr-sec-059/]] ]]|Weekly_Newsletter|
===
* __Marché, Acquisitions__
* __Divers__
** Projets européens • GAIA-X+++^*[»]
|2020.11.02|BSSI[>img[iCSF/flag_fr.png]]|[[Cloud Européen en Europe pour l'Europe : GAIA-X ou l'espoir d'un cloud souverain ?|https://blog.bssi.fr/gaia-x-cloud-souverain/]]|GAIA-X|
|2020.11.04|Lexology|[[EU Member States Declare Support for a Next Generation European Cloud Service|https://www.lexology.com/library/detail.aspx?g=023a5c7f-5b87-4a9a-971a-4581bdd754ec]]|Europe|
===
** SASE+++^*[»]
|2020.11.02|Reseaux & Télécoms[>img[iCSF/flag_fr.png]]|[[Qui propose du SASE et avec quoi ?|https://www.reseaux-telecoms.net/actualites/lire-qui-propose-du-sase-et-avec-quoi-28086.html]]|SASE|
|2020.11.05|The Hacker News|[[If You Don't Have A SASE Cloud Service, You Don't Have SASE At All|https://thehackernews.com/2020/11/if-you-dont-have-sase-cloud-service-you.html]]|SASE|
|2020.11.02|CyberSec Hub|[[A How To Guide To Secure Access Service Edge (SASE)|https://www.cshub.com/executive-decisions/articles/a-how-to-guide-to-secure-access-service-edge-sase]]|SASE|
===
** Traitement du langage naturel+++^*[»]
|2020.11.04|//Netskope//|[[Say What? Natural Language Processing Improves Cloud Security|https://www.netskope.com/blog/say-what-natural-language-processing-improves-cloud-security]]|Misc|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KB8/|https://CloudSecurityAlliance.fr/go/KB8/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - November 2nd to 8th, 2020
!!1 - CSA News and Updates - November 2nd to 8th, 2020
* Blog : 'CCSK Success Stories: Cloud Security Education and the Digital Transformation'+++*[»]> <<tiddler [[2020.11.04 - Blog : 'CCSK Success Stories: Cloud Security Education and the Digital Transformation']]>>===
* Blog : 'Why lions shouldn't invest in DeFi Smart Contracts'+++*[»]> <<tiddler [[2020.11.02 - Blog : 'Why lions shouldn't invest in DeFi Smart Contracts']]>>===
!!2 - Cloud and Security News Watch ([[over 60 links|2020.11.08 - Veille Hebdomadaire - 8 novembre]])
* __''Must read''__
** State of ABAC on AWS (Scott Piper)+++^*[»]
|2020.11.02|Summit Route|![[The state of ABAC on AWS|https://summitroute.com/blog/2020/11/02/state_of_abac_on_aws/]] |AWS RBAC|
===
** 'Container Image Creation and Deployment Guide' (DISA/DoD)+++^*[»]
|2020.11.03|DISA|![[Container Image Creation and Deployment Guide - Version 2, Release 0.6|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/DevSecOps_Enterprise_Container_Image_Creation_and_Deployment_Guide_2.6-Public-Release.pdf]] (pdf)|DevSecOps Containers|
===
** New document repository (//Cloudonaut//)+++^*[»]
|2020.11.02|//Cloudonaut//|[[Introducing cloudonaut plus|https://cloudonaut.io/introducing-cloudonaut-plus/]]|Portal|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: New O365 phishing technique (//WMC Global//) • Malicious usage of Google Drive Notifications+++^*[»]
|2020.11.04|//WMC Global//|[[Office 365 Phishing Uses Image Inversion to Bypass Detection|https://www.wmcglobal.com/blog/office-365-phishing-uses-image-inversion-to-bypass-detection]]|O265 Phihsing|
|2020.11.03|GBHackers on Security|[[Attackers Using Google Drive Notifications to Trick the Users in Clicking Malicious Links|https://gbhackers.com/google-drive-notifications-abused/]]|Phishing Google_Drive|
===
** Vulnerabilities: Kubenetes (//CyberArk//)+++^*[»]
|2020.11.05|Container Journal|[[CyberArk Discloses Kubernetes Security Issues|https://containerjournal.com/topics/container-security/cyberark-discloses-kubernetes-security-issues/]]|K8s Flaw|
===
* __Best Practices, and Detection__
** Best Practices: Google Cloud Service Accounts (//Cloudberry Engineering//) • Container Images • Openshift (//StakRox//) • AWS+++^*[»]
|2020.11.08|//Cloudberry Engineering//|[[Google Cloud Service Accounts Security Best Practices|https://cloudberry.engineering/article/google-cloud-service-accounts-security-best-practices/]]|GCP Best_Practices|
|2020.11.04|Container Journal|[[5 Best Practices for Ensuring Secure Container Images|https://containerjournal.com/topics/container-security/5-best-practices-for-ensuring-secure-container-images/]]|Container Images|
|2020.11.03|//StakRox//|[[OpenShift security best practices part 1 of 5: cluster design|https://www.stackrox.com/post/2020/11/openshift-security-best-practices-part-1-of-5-cluster-design/]] (1/5)|Openshift Best_Practices|
|2020.11.02|The Register|[[How to keep on top of AWS best security practices|https://go.theregister.com/feed/www.theregister.com/2020/11/02/aws_best_security_practices/]]|AWS Best_Practices|
===
* __Reports, Surveys, Studies, Publications__
* __Cloud Services Providers, Tools__
** AWS: Azure Sentinel (Christophe Parisel) • Encryption Services • Public Registry for Docker Container Images • IAM Policies (//Tenchi Security// et //Amazon AWS//)+++^*[»]
|2020.11.04|Christophe Parisel|![[Azure Sentinel part 1: why detection needs steroids|https://www.linkedin.com/pulse/azure-sentinel-part-1-why-detection-needs-steroids-christophe-parisel/]] (1/3) |Azure_Sentinel|
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'AWS : KMS et CloudHSM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dAWS-KMS-et-CloudHSM]]|Encryption AWS|
|2020.11.04|//Silicon Angle//|[[Amazon Web Services will build its own public registry for Docker container images|https://siliconangle.com/2020/11/03/amazon-web-services-will-build-public-registry-docker-container-images]]|AWS Docker Registry|
|2020.11.03|//Tenchi Security//|[[AWS Managed IAM Policies|https://www.tenchisecurity.com/blog/aws-managed-iam-policies]]|AWS IAM|
|2020.11.02|//Amazon AWS//|[[Aligning IAM policies to user personas for AWS Security Hub|https://aws.amazon.com/blogs/security/aligning-iam-policies-to-user-personas-for-aws-security-hub/]]|AWS_Security_Hub|
===
** Azure: Backups • Logging+++^*[»]
|2020.11.03|Daniel Neumann|[[Automate taking backups from Azure disks attached to Azure Kubernetes Service|https://www.danielstechblog.io/automate-taking-backups-from-azure-disks-attached-to-azure-kubernetes-service/]]|Azure Hubernetes Backups|
|2020.11.02|Thomas Stringer|[[Logging to Azure from an AKS Cluster|https://trstringer.com/native-azure-logging-aks/]]|Azure_AKS Logging|
===
** GCP: Encryption Services • Trust Paradox • Container Registry • CDN+++^*[»]
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de GCP : Cloud KMS, Cloud HSM et Cloud EKM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-GCP-Cloud-KMS-Cloud-HSM-et-Cloud-EKM]]|Encryption GCP|
|2020.11.06|//Google Cloud//|[[The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less|https://cloud.google.com/blog/products/identity-security/trust-a-cloud-provider-that-enables-you-to-trust-them-less/]]|Trust|
|2020.11.05|//Google Cloud//|[[Hack your own custom domains for Container Registry|https://cloud.google.com/blog/topics/developers-practitioners/hack-your-own-custom-domains-container-registry/]]|GCP Containers Registry|
|2020.11.02|//Google Cloud//|[[Cache me if you can with latest Cloud CDN features|https://cloud.google.com/blog/products/networking/cloud-cdn-gets-improved-useability-features/]]|CDN|
===
** Oracle : Patterns for Delivering SSO+++^*[»]
|2020.11.03|//Oracle Cloud//|[[3 Patterns for Delivering Single Sign-On|https://blogs.oracle.com/cloudsecurity/3-patterns-for-delivering-single-sign-on]]|Oracle_Cloud SSO|
===
** Kubernetes: Traffic Visualization • Workflow Automation with AWS EKS, GCP GKE, Azure AKS+++^*[»]
|2020.11.02|//Alcide//|[[Top Four Ways to Visualize Traffic Between Microservices in Kubernetes|https://blog.alcide.io/top-four-ways-to-visualize-traffic-between-microservices-in-kubernetes]]|K8s Microservices|
|2020.11.02|Cloud Native Computing Foundation|[[How To Run Kubernetes Workflow Automation with AWS EKS, GCP GKE, Azure AKS|https://www.cncf.io/blog/2020/11/02/how-to-run-kubernetes-workflow-automation-with-aws-eks-gcp-gke-azure-aks/]]|AWS_EKS Azure AKS GCP_GKE|
===
** Containers: Built-in Runtime Security+++^*[»]
|2020.11.04|//Qualys//|[[Built-in Runtime Security for Containers|https://blog.qualys.com/product-tech/2020/11/03/built-in-runtime-security-for-containers]]|Containers|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcasts: Cloud Security Podcast+++^*[»]
|2020.11.08|Cloud Security Podcast|[[What The Heck Is CI/CD - Continuous Integration / Delivery / Deployment - Melissa Benua|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-THE-HECK-IS-CICD--Continuous-Integration--Delivery--Deployment---Melissa-Benua-em62rt]]|Podcast|
===
** Newsletters: TL;DR Security 59 • The Cloud Security Reading List 62+++^*[»]
|2020.11.08|Marco Lancini|[[The Cloud Security Reading List #62|https://cloudseclist.com/issues/issue-62/]] |Weekly_Newsletter|
|2020.11.04|TL;DR Security|[[#59 - NAT Slipstreaming, Widespread Injection in GitHub Actions, Greppable Secrets|https://tldrsec.com/blog/tldr-sec-059/]] ]]|Weekly_Newsletter|
===
* __Market, Acquisitions__
* __Miscellaneous__
** European projects • GAIA-X+++^*[»]
|2020.11.02|BSSI[>img[iCSF/flag_fr.png]]|[[Cloud Européen en Europe pour l'Europe : GAIA-X ou l'espoir d'un cloud souverain ?|https://blog.bssi.fr/gaia-x-cloud-souverain/]]|GAIA-X|
|2020.11.04|Lexology|[[EU Member States Declare Support for a Next Generation European Cloud Service|https://www.lexology.com/library/detail.aspx?g=023a5c7f-5b87-4a9a-971a-4581bdd754ec]]|Europe|
===
** SASE+++^*[»]
|2020.11.02|Reseaux & Télécoms[>img[iCSF/flag_fr.png]]|[[Qui propose du SASE et avec quoi ?|https://www.reseaux-telecoms.net/actualites/lire-qui-propose-du-sase-et-avec-quoi-28086.html]]|SASE|
|2020.11.05|The Hacker News|[[If You Don't Have A SASE Cloud Service, You Don't Have SASE At All|https://thehackernews.com/2020/11/if-you-dont-have-sase-cloud-service-you.html]]|SASE|
|2020.11.02|CyberSec Hub|[[A How To Guide To Secure Access Service Edge (SASE)|https://www.cshub.com/executive-decisions/articles/a-how-to-guide-to-secure-access-service-edge-sase]]|SASE|
===
** Natural Language Processing+++^*[»]
|2020.11.04|//Netskope//|[[Say What? Natural Language Processing Improves Cloud Security|https://www.netskope.com/blog/say-what-natural-language-processing-improves-cloud-security]]|Misc|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KB8/|https://CloudSecurityAlliance.fr/go/KB8/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 2 au 8 novembre 2020
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.11.08|
|2020.11.08|Marco Lancini|[[The Cloud Security Reading List #62|https://cloudseclist.com/issues/issue-62/]] |Weekly_Newsletter|
|2020.11.08|Cloud Security Podcast|[[What The Heck Is CI/CD - Continuous Integration / Delivery / Deployment - Melissa Benua|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-THE-HECK-IS-CICD--Continuous-Integration--Delivery--Deployment---Melissa-Benua-em62rt]]|Podcast|
|2020.11.08|//Cloudberry Engineering//|[[Google Cloud Service Accounts Security Best Practices|https://cloudberry.engineering/article/google-cloud-service-accounts-security-best-practices/]]|GCP Best_Practices|
|>|>|>|!2020.11.07|
|2020.11.07|//ReBlaze//|[[Announcing Curiefense: An Open-Source Security Platform|https://www.reblaze.com/blog/announcing-curiefense-an-open-source-security-platform/]] ([[site|https://www.reblaze.com/blog/announcing-curiefense-an-open-source-security-platform/]])|Tools Firewall|
|>|>|>|!2020.11.06|
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement de GCP : Cloud KMS, Cloud HSM et Cloud EKM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-de-GCP-Cloud-KMS-Cloud-HSM-et-Cloud-EKM]]|Encryption GCP|
|2020.11.06|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Les services de chiffrement d'AWS : KMS et CloudHSM|https://www.lemagit.fr/conseil/Les-services-de-chiffrement-dAWS-KMS-et-CloudHSM]]|Encryption AWS|
|2020.11.06|Security Weekly|[[Abusing JWT (JSON Web Tokens) - Sven Morgenroth - PSW #673|https://www.youtube.com/watch?v=wt3UixCiPfo]]|
|2020.11.06|//Google Cloud//|[[The Cloud trust paradox: To trust cloud computing more, you need the ability to trust it less|https://cloud.google.com/blog/products/identity-security/trust-a-cloud-provider-that-enables-you-to-trust-them-less/]]|Trust|
|>|>|>|!2020.11.05|
|2020.11.05|Center for Internet Security|[[Advancing Cloud Security with CIS on AWS|https://www.cisecurity.org/blog/advancing-cloud-security-with-cis-on-aws/]]|AWS|
|2020.11.05|CSO Magazine|[[5 best practices for negotiating SaaS contracts for risk and security|https://www.csoonline.com/article/3587783/5-best-practices-for-negotiating-saas-contracts-for-risk-and-security.html]]|Best_Practices Contracts SaaS|
|2020.11.05|The Hacker News|[[If You Don't Have A SASE Cloud Service, You Don't Have SASE At All|https://thehackernews.com/2020/11/if-you-dont-have-sase-cloud-service-you.html]]|SASE|
|2020.11.05|Kinnaird McQuade|[[Nuking all Azure Resource Groups under all Azure subscriptions|https://kmcquade.com/2020/11/nuking-all-azure-resource-groups-under-all-azure-subscriptions/]]|Azure|
|2020.11.05|Lyft Engineering|[[IAM whatever you say IAM|https://eng.lyft.com/iam-whatever-you-say-iam-febce59d1e3b]]|AWS IAM|
|2020.11.05|//CyberArk//|![[Attacking Kubernetes Clusters Through Your Network Plumbing: Part 1|https://www.cyberark.com/resources/threat-research-blog/attacking-kubernetes-clusters-through-your-network-plumbing-part-1]] (1/2) |Kubernetes Flaw|
|2020.11.05|Container Journal|[[CyberArk Discloses Kubernetes Security Issues|https://containerjournal.com/topics/container-security/cyberark-discloses-kubernetes-security-issues/]]|K8s Flaw|
|2020.11.05|//AlienVault//|[[What is a Cloud Access Security Broker? CASB explained|https://cybersecurity.att.com/blogs/security-essentials/cloud-access-security-broker-explained]]|CASB|
|2020.11.05|//Cloud Passage//|[[Prevent a Pfizer-like PII Data Breach in Google Cloud|https://www.cloudpassage.com/articles/pii-data-breach-protection-for-google-cloud/]]|GCP Data_Breach|
|2020.11.05|//Cipher Cloud//|[[Advancing Cloud DLP Through Smarter Policies|https://www.ciphercloud.com/advancing-cloud-dlp-through-smarter-policies/]]|DLP|
|2020.11.05|//Netskope//|[[SASE and the Forces Shaping Digital Transformation Part 1: Businesses Strategy and Information Technology Ops|https://www.netskope.com/blog/sase-and-the-forces-shaping-digital-transformation-part-1-businesses-strategy-and-information-technology-ops]] (1/3)|SASE|
|2020.11.05|//Google Cloud//|[[Hack your own custom domains for Container Registry|https://cloud.google.com/blog/topics/developers-practitioners/hack-your-own-custom-domains-container-registry/]]|GCP Containers Registry|
|>|>|>|!2020.11.04|
|2020.11.04|TL;DR Security|[[#59 - NAT Slipstreaming, Widespread Injection in GitHub Actions, Greppable Secrets|https://tldrsec.com/blog/tldr-sec-059/]] ]]|Weekly_Newsletter|
|2020.11.04|Christophe Parisel|![[Azure Sentinel part 1: why detection needs steroids|https://www.linkedin.com/pulse/azure-sentinel-part-1-why-detection-needs-steroids-christophe-parisel/]] (1/3) |Azure_Sentinel|
|2020.11.04|Container Journal|[[5 Best Practices for Ensuring Secure Container Images|https://containerjournal.com/topics/container-security/5-best-practices-for-ensuring-secure-container-images/]]|Container Images|
|2020.11.04|Lexology|[[EU Member States Declare Support for a Next Generation European Cloud Service|https://www.lexology.com/library/detail.aspx?g=023a5c7f-5b87-4a9a-971a-4581bdd754ec]]|Europe|
|2020.11.04|Security Week|[[Securing Data-in-Use With Confidential Computing|https://www.securityweek.com/securing-data-use-confidential-computing]]|Confidential_Computing|
|2020.11.04|//WMC Global//|[[Office 365 Phishing Uses Image Inversion to Bypass Detection|https://www.wmcglobal.com/blog/office-365-phishing-uses-image-inversion-to-bypass-detection]]|O265 Phihsing|
|2020.11.04|ZD Net|[[AWS preps its own library of public Docker container images|https://www.zdnet.com/article/aws-preps-its-own-library-of-public-docker-container-images/]]|AWS Docker Images|
|2020.11.04|GovLoop|[[Leveraging Zero Trust Against Cyberattacks|https://www.govloop.com/leveraging-zero-trust-against-cyberattacks/]]|Zero_Trust|
|2020.11.04|Cloud Security Alliance|[[Cloud-Based, Intelligent Ecosystems|https://cloudsecurityalliance.org/artifacts/cloud-based-intelligent-ecosystems/]]|CSA Publication|
|2020.11.04|Dark Reading| → [[CSA Moves to Redefine Cloud-Based Intelligence|https://www.darkreading.com/threat-intelligence/csa-moves-to-redefine-cloud-based-intelligence/a/d-id/1339345]]|CSA|
|2020.11.04|//Heimdal Security//|[[SaaS Security: How to Protect Your Enterprise in the Cloud|https://heimdalsecurity.com/blog/saas-security/]]|SaaS|
|2020.11.04|//AlienVault//|[[In Zero we trust|https://cybersecurity.att.com/blogs/security-essentials/in-zero-we-trust]]|Zero_Trust|
|2020.11.04|//Qualys//|[[Built-in Runtime Security for Containers|https://blog.qualys.com/product-tech/2020/11/03/built-in-runtime-security-for-containers]]|Containers|
|2020.11.04|//AppFleet//|[[Best Practices and Considerations for Multi-Tenant SaaS Application Using AWS EKS|https://appfleet.com/blog/best-practices-and-considerations-for-multi-tenant-saas-application-using-kubernetes-and-aws-ecs/]]|AWS_EKS|
|2020.11.04|//Tripwire//|[[Building a Security Alliance with Your Cloud Partners|https://www.tripwire.com/state-of-security/security-data-protection/cloud/build-a-security-alliance-with-cloud-partners/]]|Misc|
|2020.11.04|//Recorded Future//|[[Ransomware-as-a-Service Becomes Increasingly Accessible via Social Media and Open Sources|https://www.recordedfuture.com/ransomware-as-a-service/]] ([[pdf|https://go.recordedfuture.com/hubfs/reports/cta-2020-1104.pdf]])|Ransomware|
|2020.11.04|//Silicon Angle//|[[Amazon Web Services will build its own public registry for Docker container images|https://siliconangle.com/2020/11/03/amazon-web-services-will-build-public-registry-docker-container-images]]|AWS Docker Registry|
|2020.11.04|//Netskope//|[[Say What? Natural Language Processing Improves Cloud Security|https://www.netskope.com/blog/say-what-natural-language-processing-improves-cloud-security]]|Misc|
|2020.11.04|//HashiCorp//|[[Understanding the Boundary Identity and Access Management Model|https://www.hashicorp.com/blog/understanding-the-boundary-identity-and-access-management-model]]|Boundary Explain|
|>|>|>|!2020.11.03|
|2020.11.03|DISA|![[Container Image Creation and Deployment Guide - Version 2, Release 0.6|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/DevSecOps_Enterprise_Container_Image_Creation_and_Deployment_Guide_2.6-Public-Release.pdf]] (pdf)|DevSecOps Containers|
|2020.11.10|//Anchore//| → [[Enforcing the DoD Container Image and Deployment Guide with Anchore Federal|https://anchore.com/blog/enforcing-the-dod-container-image-and-deployment-guide-with-anchore-federal/]]|DevSecOps Containers|
|2020.11.03|Secure Cloud Blog|[[Quick spin: Azure Managed Identity on non-Azure VM's with Azure ARC and Node.JS Runtime|https://securecloud.blog/2020/11/03/quick-spin-azure-managed-identity-on-non-azure-vms-with-azure-arc-and-node-js-runtime/]]|Azure_ARC|
|2020.11.03|GBHackers on Security|[[Attackers Using Google Drive Notifications to Trick the Users in Clicking Malicious Links|https://gbhackers.com/google-drive-notifications-abused/]]|Phishing Google_Drive|
|2020.11.03|Security Week|[[Securing Data-in-Use With Confidential Computing|https://www.securityweek.com/securing-data-use-confidential-computing]]|Confidential_Computing|
|2020.11.03|Daniel Neumann|[[Automate taking backups from Azure disks attached to Azure Kubernetes Service|https://www.danielstechblog.io/automate-taking-backups-from-azure-disks-attached-to-azure-kubernetes-service/]]|Azure Hubernetes Backups|
|2020.11.03|Container Journal|[[Kata Container Security is Good, but There's an Achilles Heel|https://containerjournal.com/topics/container-security/kata-container-security-is-good-but-theres-an-achilles-heel/]]|Containers|
|2020.11.03|//StakRox//|[[OpenShift security best practices part 1 of 5: cluster design|https://www.stackrox.com/post/2020/11/openshift-security-best-practices-part-1-of-5-cluster-design/]] (1/5)|Openshift Best_Practices|
|2020.11.03|//Tenchi Security//|[[AWS Managed IAM Policies|https://www.tenchisecurity.com/blog/aws-managed-iam-policies]]|AWS IAM|
|2020.11.03|//Sysig//|[[How to monitor coreDNS|https://sysdig.com/blog/how-to-monitor-coredns/]]|K8s DNS|
|2020.11.03|//Oracle Cloud//|[[3 Patterns for Delivering Single Sign-On|https://blogs.oracle.com/cloudsecurity/3-patterns-for-delivering-single-sign-on]]|Oracle_Cloud SSO|
|>|>|>|!2020.11.02|
|2020.11.02|Reseaux & Télécoms[>img[iCSF/flag_fr.png]]|[[Qui propose du SASE et avec quoi ?|https://www.reseaux-telecoms.net/actualites/lire-qui-propose-du-sase-et-avec-quoi-28086.html]]|SASE|
|2020.11.02|Summit Route|![[The state of ABAC on AWS|https://summitroute.com/blog/2020/11/02/state_of_abac_on_aws/]] |AWS RBAC|
|2020.11.02|Thomas Stringer|[[Logging to Azure from an AKS Cluster|https://trstringer.com/native-azure-logging-aks/]]|Azure_AKS Logging|
|2020.11.02|Build5Nines|[[Terraform: Create an AKS Cluster|https://build5nines.com/terraform-create-an-aks-cluster/]]|Azure AKS Terraform|
|2020.11.02|The Register|[[How to keep on top of AWS best security practices|https://go.theregister.com/feed/www.theregister.com/2020/11/02/aws_best_security_practices/]]|AWS Best_Practices|
|2020.11.02|Cloud Native Computing Foundation|[[How To Run Kubernetes Workflow Automation with AWS EKS, GCP GKE, Azure AKS|https://www.cncf.io/blog/2020/11/02/how-to-run-kubernetes-workflow-automation-with-aws-eks-gcp-gke-azure-aks/]]|AWS_EKS Azure AKS GCP_GKE|
|2020.11.02|DZone|[[Setting the Reliability Standard|https://dzone.com/articles/setting-the-reliability-standard]]|Reliability|
|2020.11.02|CyberSec Hub|[[A How To Guide To Secure Access Service Edge (SASE)|https://www.cshub.com/executive-decisions/articles/a-how-to-guide-to-secure-access-service-edge-sase]]|SASE|
|2020.11.02|BSSI[>img[iCSF/flag_fr.png]]|[[Cloud Européen en Europe pour l'Europe : GAIA-X ou l'espoir d'un cloud souverain ?|https://blog.bssi.fr/gaia-x-cloud-souverain/]]|GAIA-X|
|2020.11.02|Dark Reading|[[Microsoft & Others Catalog Threats to Machine Learning Systems|https://www.darkreading.com/vulnerabilities---threats/advanced-threats/microsoft-and-others-catalog-threats-to-machine-learning-systems/d/d-id/1339354]]|Misc|
|2020.11.02|//Cloudonaut//|[[Introducing cloudonaut plus|https://cloudonaut.io/introducing-cloudonaut-plus/]]|Portal|
|2020.11.02|//Alcide//|[[Top Four Ways to Visualize Traffic Between Microservices in Kubernetes|https://blog.alcide.io/top-four-ways-to-visualize-traffic-between-microservices-in-kubernetes]]|K8s Microservices|
|2020.11.02|//Aqua Security//|[[Automating Kubernetes Security Reporting with Starboard Operator|https://blog.aquasec.com/automate-kubernetes-security-reporting-starboard-operator]]|K8s|
|2020.11.02|//Amazon AWS//|[[Aligning IAM policies to user personas for AWS Security Hub|https://aws.amazon.com/blogs/security/aligning-iam-policies-to-user-personas-for-aws-security-hub/]]|AWS_Security_Hub|
|2020.11.02|//Google Cloud//|[[Cache me if you can with latest Cloud CDN features|https://cloud.google.com/blog/products/networking/cloud-cdn-gets-improved-useability-features/]]|CDN|
<<tiddler [[arOund0C]]>>
!"//CCSK Success Stories: From a Security Consultant//"
[>img(150px,auto)[iCSA/K4QCCSK.png]]Article de blog publié le 4 novembre 2020
<<<
//This is part of a blog series interviewing cybersecurity professionals who have earned their Certificate of Cloud Security Knowledge (CCSK). In these blogs we invite individuals to share some of the challenges they face in managing security for cloud computing and how they were able to leverage knowledge from the CCSK in their current roles. In this blog we'll be interviewing Murugesh Rao, the Project Manager for Cloud & Data Center Transformation at UMW.
Q: __In your current role at UMW, as Project Manager for Cloud & Data Center Transformation, what does your job involves?__
A: My primary role is to design and strategize a path for UMW to kick start the UMW digital cloud journey. This is a broad description however that needs to be broken down into near future deliverables. The job is to design a cloud-first strategy and align all the work that is planned and in progress in IT and business. It also entails building awareness for some of the new security considerations, and upskilling and cross-skilling current workforce to manage the future cloud estate.
Q: __Can you share with us some complexities in managing cloud computing projects?__
A: One of the biggest challenges is creating a baseline for apps and systems that are on-prem and comparing them as we migrate to the cloud. The baseline may include resource requirements and the true cost of ownership. Given some of the baseline parameters are not monitored within the on-prem implementation, it will result in doing a bit more work and time to create those baselines before creating a positive business case.
The other challenges are skill-sets. Since cloud computing is fast evolving, keeping up with the pace of change for new cloud adopters can be a challenge. An example is the difference between on-prem security and cloud security. On-prem is primarily focused on the outer parameters while the cloud focuses security on every layer of the virtual network and interfaces.
Q: __In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?__
A: Understand the connectivity cost, the egress traffic will be a new cost to the setup, hence understanding the amount of traffic flow is important and so is looking out for hidden traffic costs.
Resource planning is important as well, you might want to configure alerts if there is a cost overrun within your subscription. Begin with a very active cloud cost management approach and start implementing the budget alerts to ensure you don't get a surprise bill.
Do not over-solution at the start as cloud is the building blocks of services. Hence craft the project in phases; you also will be able to manage a lower start-up cost
Q: __What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?__
A: Being a cloud enthusiast, I was keen to get a broader understanding of cloud security in general without the need to understand a specific cloud products or services. It was also important to design and architect a cloud strategy and solution; hence I had to have an in-depth understanding of the security eco-system of a cloud architecture.
There are many sections I could highlight but the one that stood out for me was the Simple Cloud Security Process Model. It was a model that I could easily incorporate in the cloud design process to identify and implement security controls for a more secure and safe cloud landscape.
Q: __How does CCM help communicate with customers?__
A: The Cloud Control Matrix (CCM), provides a level of confidence to the customer as each of the control-id maps to the industry security standards. In addition, the ability to use the matrix to ensure the cloud design conforms to the controls (which is well documented in the CCM). The customers could also use this as a checklist for internal audit assessments.
Q: __What's the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenario are the different certificates important?__
A: Conceptually, a vendor-neutral certification provides a framework, in this case cloud security as opposed to focusing on the product features. This is important when an organization is evaluating which public or private cloud to adopt based on the business and organization security requirements. When an organization has narrowed down to a few cloud providers, a vendor-specific certificate would be useful.
Q: __Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications? Why?__
A: Yes, I have and will continue to do so. CCSK has broadened my view of cloud security and helped me move beyond a cloud provider feature focus on security. The CCSK equips you with the knowledge to question and continuously improve the security landscape and the potential to work with your cloud providers to continuously improve. In addition, you also can evaluate the cloud providers' security offerings given your vendor-neutral knowledge.
Q: __What is the best advice you would give to IT professionals in order for them to scale new heights in their careers?__
A: I truly believe in life-long learning and this quote sums it up nicely
"The capacity to learn is a gift; the ability to learn is a skill; the willingness to learn is a choice"//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/11/04/ccsk-success-stories-cloud-security-education-and-the-digital-transformation/
!"//Why lions shouldn't invest in DeFi Smart Contracts//"
Article publié le 2 novembre 2020 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA//
<<<
|This article is not legal or investment advice, it covers some aspects of front running in DeFi, and potential security solutions.
This article also assumes you have a relatively deep understanding of the following Blockchain/DLT related terms: 100% matches: Block, Blockchain, Consensus, Exchange, Ledger, Mempool, Miner, Mining, Oracle,Token, Transaction|
!!!Blockchain attacks are very hot right now for one simple reason: it's where the money is.
[>img(175px,auto)[iCSA/KB2BW.jpg]]__Why did the lion lose at poker? Because he was playing against a cheetah.__
!!!Front running in Blockchain/DLT
Front running is defined as someone (usually a stock broker) selling or buying stock before executing a client's transaction. The idea being that the client's transaction will move the market, or is offering a price that provides an arbitrage opportunity. Front running typically involves elements of insider trading; the front runner often takes advantage of non public information to gain an advantage. The other common aspect is that the person doing the front running has a fiduciary duty to the person being taken advantage of.
Front running in Blockchain/DLT (Distributed Ledger Technology) and crypto currencies / DeFi (Decentralized Finance) is even more complicated than traditional financial markets because of the added complexity of smart contracts, smart assets, and the manner in which transactions are executed and finalized can vary significantly and take an extended time period. Also the two most popular blockchains (Bitcoin and Ethereum) do not have a central controlling authority, they are truly decentralized.
Please note that I'm not even going to talk about flaws in smart contracts (technical or architectural), the exchanges, the platforms running smart contracts and so on (that's a later article). We're going to assume a system that is "secure", and the attacker is simply taking advantage of speed and public knowledge. Also for the rest of this article I'm going to focus on Ethereum for one simple reason: it's the biggest, most widely used smart contract platform.
!!!Example of how front running works in DeFi
First let's define how front running typically works in DeFi (I'm going to use DeFi as the catch all term), basically Alice (the victim) wants to take an action (sell something, buy it, whatever) and Eve (the attacker) learns about the action Alice is taking, Eve then does something to gain an advantage. Some of the more common scenarios currently are:
# Eve learns about a transaction Alice is going to take, and does something before Alice's transaction can run or possibly before it completes. Eve still needs Alice's transaction to execute (sometimes referred to as "insertion" front running), for example Eve spots Alice offering a bid on something at above market price, Eve buys the item at current market price and then offers it at Alice's bid price to make some money
# Eve learns about a transaction Alice is going to take, and does something before Alice's transaction can run or possibly before it completes. Eve doesn't care if Alice's transaction then executes or not (sometimes referred to as "displacement" front running), for example Eve spots Alice trying to buy a domain name and Eve buys it first.
# Eve learns about a transaction Alice is going to take, and does something before Alice's transaction can run or possibly before it completes. Eve then needs Alice's transaction to be delayed or not execute at all (sometimes referred to as "suppression" front running), a good generic example of this is not available
This list is not complete, but you get the general idea of how it works. Please also note that in the above scenarios the "and does something before Alice's transaction can run or possibly before it completes" can range from simple to complicated.
Many transactions are relatively simple and can execute within a single block, for example buying an item. But some transactions are more complicated and can take longer to execute, for example a transaction that involves taking a loan, using the borrowed value to purchase something else and then sell it and pay back the original loan back (see "Flash Loan Attacks" for more information). This can introduce latency and provide more time for an attackers transaction to take place.
!!!The first thing to look into is, how do attackers gain information about transactions before they run?
In most DeFi systems this is trivial: they look at the public MemPool of transactions that have not yet been completed or mined. So the most obvious thing that comes to mind is that transactions need to run fairly.
Unfortunately in most DeFi systems transactions do not run fairly. Many DeFi chains require transactions to have an attached fee such as Ethereum transaction fees, and many also require additional fees attached to the smart contract to ensure that smart contracts don't take up too much compute resources, such as Ethereum gas.
An attacker that can spot a transaction in advance can simply create a malicious transaction with a much higher transaction fee attached to it, which miners will prefer (because the miner will earn more money). There is very little a victim can do to avoid this, other than by paying higher transaction fees to make attacks more expensive (in other words this is not a sustainable solution).
So if transactions can't run fairly we could secure them by obfuscating the code and intent of the transaction. But this is far from perfect for one simple reason: the transaction still needs to be executed, an attacker can simply run the transaction (in a sandbox) and see what the effects of it are, even with multiple and difficult to reach code paths most smart contracts are relatively simple and their real purpose can often be determined quickly. A great example of this is the posting "Ethereum is a Dark Forest" which I strongly recommend everyone reads.
!!!So we can't make transactions run fairly, and we can't obfuscate them safely if they are mined by public miners, what if we use our own mining pool?
The reality is in most Blockchains and DLTs outside of Bitcoin and Ethereum the network doesn't have a huge amount of capacity, if your transaction is not time sensitive you can also mine a block with a high degree of success, with 1% of the network work rate you'd have a 39.5% chance of mining at least one block successfully, and that jumps to just over 50% after 69 blocks. It should be noted that you can rent compute power for most blockchains, and this has been done in order to execute 51% attacks against some of the smaller blockchain networks. We'll cover this specific topic more in our "Rent to Pwn the Blockchain" article (it has graphs/charts and all sorts of exciting numbers).
So if you need to do transactions that are not time sensitive you can do that with 1-2% of the network capacity, and if you need to execute quickly you could in theory rent capacity for short amounts of time to improve your chances. Another solution to this would be "dark Mempools" where the Mempool is not public but is limited to "trusted" miners. It should be noted that research in this area could be done, monitoring the public Mempools and then flagging any transactions in blocks that were not in the public Mempool. This topic will also be covered more in the "Kansas city shuffle" article covering how dark pools and other forms of information secrecy could work in the DeFi world.
!!!Key takeaways:
* Complexity in systems that have value to be captured or extracted will be abused. In other words bank robbers go where the money is.
* Systems that do not have clear regulatory or jurisdictional coverage mean victims will have little if any recourse. Who are you going to call? The Internet police?
* Private addresses / wallets are nearly impossible to track down until they move the assets to known wallets, or move them to a Fiat currency on/off ramp, and even this can be complicated if they move between different assets and blockchains.
!!!Follow this weekly blog series to keep learning about front running.
So this article covered the more "traditional" forms of front running in the DeFi space, in the next article I'm going to cover the information asymmetry and latency scenarios especially as they apply to scenarios with multiple exchanges and distributed exchanges. For example Eve (the attacker) learns some other information that shows an imbalance in the system, which represents an arbitrage opportunity. Perhaps one exchange has an order selling a token at a significantly lower price than another exchange with a buy order at a much higher price, or perhaps a pricing Oracle has spit out a bad quote, or someone has made a typo in an order. Eve then constructs a transaction that takes advantage of this, technically speaking there may not be a victim per se in this situation and it may not actually be front running, but instead simply be a sharp trading strategy. We'll cover what wallet software and exchanges can do to protect users in our "Fear and loathing in Las Vegas" article.
!!!Related reading:
* SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain+++^*[»] https://users.encs.concordia.ca/~clark/papers/2019_wtsc_front.pdf ===
* Ethereum is a Dark Forest+++^*[»] https://medium.com/@danrobinson/ethereum-is-a-dark-forest-ecc5f0505dff ===
* Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges+++^*[»] https://arxiv.org/pdf/1904.05234.pdf ===
<<<
//__Liens :__
* Article sur le site de la CSA ⇒ https://cloudsecurityalliance.org/blog/2020/11/02/why-lions-shouldn-t-invest-in-defi-smart-contracts/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #88|2020.11.01 - Newsletter Hebdomadaire #88]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #88|2020.11.01 - Weekly Newsletter - #88]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.11.01 - Newsletter Hebdomadaire #88]]>> |<<tiddler [[2020.11.01 - Weekly Newsletter - #88]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> === is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 26 octobre au 1er novembre 2020
!!1 - Informations CSA - 26 octobre au 1er novembre 2020
* ''Répondez au sondage CSA sur l'adoption du Cloud'' en 2020+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* Actu : ''Participez au Congrès EMEA du 3 au 5 novembre 2020''+++*[»]> <<tiddler [[2020.10.27 - Actu : Participez au Congrès EMEA du 3 au 5 novembre 2020]]>>===
* Actu : Conférence Google Cloud 'Security Talks 2020'+++*[»]> <<tiddler [[2020.10.29 - Actu : Conférence Google Cloud 'Security Talks 2020']]>>===
* Blog : 'Cloud Security: The Necessity of Threat Hunting'+++*[»]> <<tiddler [[2020.10.28 - Blog : 'Cloud Security: The Necessity of Threat Hunting']]>>===
* Blog : 'Blockchain attacks, vulnerabilities and weaknesses'+++*[»]> <<tiddler [[2020.10.26 - Blog : 'Blockchain attacks, vulnerabilities and weaknesses']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 80 liens|2020.11.01 - Veille Hebdomadaire - 1er novembre]])
* __''À lire''__
** Réflexions sur la 'Kubernetes Threat Matrix' de Microsoft (Alcide)+++^*[»]
|2020.10.26|//Alcide//|![[Microsoft's Kubernetes Threat Matrix: Here's What's Missing|https://www.darkreading.com/threat-intelligence/microsofts-kubernetes-threat-matrix-heres-whats-missing/a/d-id/1339106]] |K8s MITRE_AT&CK|
|2020.04.02|//Microsoft//| ← [[Attack matrix for Kubernetes|https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/]]|ATT&CK Kubernetes|
===
** Durcissement de Containers (DISA/DoD)+++^*[»]
|2020.11.01|DISA/DoD|![[DevSecOps Enterprise Container Hardening Guide v1.1|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/Final_DevSecOps_Enterprise_Container_Hardening_Guide_1.1.pdf]] (pdf) |DevSecOps Hardening|
===
** Analyse des attaques de type 'Supply-Chain'+++^*[»]
|2020.10.26|//TrendMicro//|![[Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back Ends|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/supply-chain-attacks-cloud-computing]] ([[pdf|https://documents.trendmicro.com/assets/white_papers/supply-chain-attacks-in-the-age-of-cloud-computing.pdf]]) |Report Supply_Chain|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : Arnaque via Google Drive+++^*[»]
|2020.11.01|WIRED|[[Beware a New Google Drive Scam Landing in Inboxes|https://www.wired.com/story/beware-a-new-google-drive-scam-landing-in-inboxes/]]|Phishing Google_Drive|
===
** Fuites de données : Nitro+++^*[»]
|2020.10.26|Bleeping Computer|[[[Massive Nitro data breach impacts Microsoft, Google, Apple, more|https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/]]|Data_Breach|
|2020.10.30|//Divvy Cloud//| → [[Nitro Data Breach Could Spell Trouble for Google, Apple, Microsoft and Others|https://divvycloud.com/nitro-data-breach/]]|Data_Breach|
===
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Contrer les attaques DDoS+++^*[»]
|2020.10.26|//Cloud Management Insider//|[[Security Best Practices for Google Cloud Users To Tackle DDoS Attacks|https://www.cloudmanagementinsider.com/how-to-prevent-ddos-attacks-on-gcp-deployments/]]|GCP DDoS|
===
** Détection: les attaques de type 'Password Spraying'+++^*[»]
|2020.10.26|//Microsoft Azure//|![[Advancing Password Spray Attack Detection|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/advancing-password-spray-attack-detection/ba-p/1276936]] |AzureAD Password_Spray|
|2020.10.27|Security Week| → [[Microsoft Introduces New Password Spray Detection for Azure|https://www.securityweek.com/microsoft-introduces-new-password-spray-detection-azure]]|AzureAD Password_Spray|
|2020.10.27|CISO Mag| → [[Microsoft's Shield Against Password Spray Attacks Just Went a Notch Higher|https://cisomag.eccouncil.org/password-spray-attack-detection/]]|AzureAD Password_Spray|
===
* __Rapports, Sondages, Études, Publications__
** Études : Analyse du 'Hype Cycle For Cloud Security' du Gartner+++^*[»]
|2020.10.26|Forbes|[[[What's New In Gartner's Hype Cycle For Cloud Security, 2020|https://www.forbes.com/sites/louiscolumbus/2020/10/25/whats-new-in-gartners-hype-cycle-for-cloud-security-2020/#50e06c037bd9]]|Gartner|
===
* __Cloud Services Providers, Outils__
** AWS : Enclaves Nitro • IPv6+++^*[»]
|2020.10.28|//Cloudonaut//|![[Getting started with IPv6 on AWS|https://cloudonaut.io/getting-started-with-ipv6-on-aws/]] |AWS IPv6|
|2020.10.28|//Amazon AWS//|[[AWS Nitro Enclaves - Isolated EC2 Environments to Process Confidential Data|https://aws.amazon.com/blogs/aws/aws-nitro-enclaves-isolated-ec2-environments-to-process-confidential-data/]]|AWS_Nitro|
|2020.10.30|Help Net Security| → [[AWS Nitro Enclaves: Create isolated environments to protect highly sensitive workloads|https://www.helpnetsecurity.com/2020/10/30/aws-nitro-enclaves/]]|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - It's a Big Deal|https://www.sentiatechblog.com/acm-for-nitro-enclaves-its-a-big-deal]] (1/2)|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - How Secure Are They?|https://www.sentiatechblog.com/acm-for-nitro-enclaves-how-secure-are-they]] (2/2)|AWS_Nitro|
===
** Azure : Microsoft Defender ATP • Corrélation Azure AD et Office 365 Correlation dans Azure Sentinel • Contrôle de conformité+++^*[»]
|2020.10.28|//Microsoft//|[[Enable access to Microsoft Defender ATP service URLs in the proxy server|https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server]]|Microsoft_Defender ATP|
|2020.10.28|//Microsoft//| → [[URLs|https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx]]|Microsoft_Defender ATP|
|2020.10.28|Bleeping Computer| → [[Microsoft shares list of URLs required by Microsoft Defender ATP|https://www.bleepingcomputer.com/news/security/microsoft-shares-list-of-urls-required-by-microsoft-defender-atp/]]|Microsoft_Defender ATP|
|2020.10.27|SecureCloudBlog|![[Correlating Azure AD logs to Office 365 workload operations With Azure Sentinel|https://securecloud.blog/2020/10/27/correlating-azure-ad-logs-to-office-365-workload-operations-with-azure-sentinel/]] |Logging AzureAD O365 Azure_Sentinel|
|2020.10.27|//Coalfire//|[[Using Azure Blueprints to Control Azure Compliance|https://www.coalfire.com/the-coalfire-blog/october-2020/using-azure-blueprints-to-control-azure-compliance]] (1/4)|Azure Compliance|
===
** GCP : 'Google Cloud Security Talks' du 4ème trimestre+++^*[»]
|2020.10.27|//Google GCP//|[[What you can learn in our Q4 2020 Google Cloud Security Talks|https://cloud.google.com/blog/products/identity-security/google-cloud-security-talks-q4-2020-the-latest-in-cloud-security]]|GCP Conference|
===
** Oracle : Gestion des Identités+++^*[»]
|2020.10.29|//Oracle Cloud//|[[How to do Identity Management, whilst not doing Identity Management|https://blogs.oracle.com/cloudsecurity/how-to-do-identity-management%2C-whilst-not-doing-identity-management]]|ID_Management|
===
** Kubernetes : Configuration et options de sécurité • Sécurité opértionnelle • Vecteurs de menaces : Exécution+++^*[»]
|2020.10.29|Container Journal|[[Policy Engines: Ensuring Configuration Security in Kubernetes|https://containerjournal.com/topics/container-security/policy-engines-ensuring-configuration-security-in-kubernetes/]]|K8s|
|2020.10.29|Cybersecurity Insider|[[PSPs vs. OPA Gatekeeper: Breaking down your Kubernetes Pod security options|https://www.cybersecurity-insiders.com/psps-vs-opa-gatekeeper-breaking-down-your-kubernetes-pod-security-options/]]|K8s|
|2020.10.29|//Alcide//|![[Kubernetes Threat Vectors: Part 2 - Execution|https://www.alcide.io/kubernetes-threat-vectors-part-2-execution]] (2/11) |Kubernetes Threats|
|2020.10.28|//NeuVector//|[[13 Must-Ask Questions about Kubernetes Security in Production|https://neuvector.com/article/13-must-ask-questions-about-kubernetes-security-in-production/]]|K8s|
===
** Containers : Sauvegardes et restoration+++^*[»]
|2020.10.26|Container Journal|[[Data Backup and Recovery Emerges as Container Issue|https://containerjournal.com/topics/container-security/data-backup-and-recovery-emerges-as-container-issue/]]|Containers Images|
===
** Workloads : Nouvelle approche pur la protection+++^*[»]
|2020.10.27|//Red Canary//|[[A new approach to Cloud Workload Protection|https://redcanary.com/blog/cloud-workload-protection/]]|Workloads|
===
** Outils : KubeLinter (//StackRox//)+++^*[»]
|2020.10.28|//StackRox//|[[Introducing KubeLinter - an open source linter for Kubernetes|https://www.stackrox.com/post/2020/10/introducing-kubelinter-an-open-source-linter-for-kubernetes/]]|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[KubeLinter: An open source linter for Kubernetes, from StackRox|https://www.youtube.com/watch?v=KWX0sWojV_0]] (vidéo)|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[kube-linter|https://github.com/stackrox/kube-linter]]|Tools Kubernetes|
|2020.10.28|Security Week| → [[StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations|https://www.securityweek.com/stackrox-releases-open-source-tool-finding-kubernetes-misconfigurations]]|Tools Kubernetes|
===
* __Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences__
** Conférence : 'AWS re:Invent 2020'+++^*[»]
|2020.10.29|//Cloud Management Insider//|[[Everything You Need To Know About AWS re:Invent 2020|https://www.cloudmanagementinsider.com/everything-you-need-to-know-about-aws-reinvent-2020/]]|AWS Conference|
===
** Podcasts : RGPD et Azure (Cloud Security Podcast)+++^*[»]
|2020.10.31|Cloud Security Podcast|[[How To Prepare For GDPR In Azure Cloud Environment - Naomi Buckwalter|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-PREPARE-FOR-GDPR-IN-AZURE-CLOUD-ENVIRONMENT--Naomi-Buckwalter-els0rc]] ([[audio|https://anchor.fm/s/10fb9928/podcast/play/21938476/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2020-11-01%2F8bac2c11c7e77df519b3048b75d93872.m4a]])|Podcast|
===
** Veilles : TL;DR Security #58 • The Cloud Security Reading List #61+++^*[»]
|2020.10.31|Marco Lancini|[[The Cloud Security Reading List #61|https://cloudseclist.com/issues/issue-61/]] |Weekly_Newsletter|
|2020.10.28|TL;DR Security|[[#58 - New Job ??, Burp Multiplayer, Chaos Engineering Book|https://tldrsec.com/blog/tldr-sec-058/]] |Weekly_Newsletter|
===
* __Marché, Acquisitions__
** Marché : Certification d'une deuxième région Outscale+++^*[»]
|2020.10.27|L'Usine Digitale[>img[iCSF/flag_fr.png]]|[[3DS Outscale ouvre une deuxième région cloud certifiée par l'Anssi|https://www.usine-digitale.fr/article/3ds-outscale-ouvre-une-deuxieme-region-cloud-certifiee-par-l-anssi.N1021159]]|France|
===
* __Divers__
** Critères de choix pour une plateforme Cloud Open-Source+++^*[»]
|2020.10.27|Rick Blaisdell|[[Choosing an Open-Source Cloud Platform|https://rickscloud.com/open-source-cloud-platform/]]|Open_Source|
===
** Backup dans le Cloud+++^*[»]
|2020.10.30|BetaNews|[[Could your business benefit from a cloud backup solution?|https://betanews.com/2020/10/30/cloud-backup-solution/]]|Backup|
|2020.10.30|Help Net Security|[[What's next for cloud backup?|https://www.helpnetsecurity.com/2020/10/30/cloud-backup-data/]]|Backup|
===
** IoT et le Cloud+++^*[»]
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 1|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-1.html]] (1/2)|IoT|
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 2|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-2.html]] (2/2)|IoT|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KB1/|https://CloudSecurityAlliance.fr/go/KB1/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - October 26th to November 1st, 2020
!!1 - CSA News and Updates - October 26th to November 1st, 2020
* ''Fill in the new CSA survey on Cloud Adoption in 2020''+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* News: ''Attend the EMEA Congress, November 3rd to 5th, 2020''+++*[»]> <<tiddler [[2020.10.27 - Actu : Participez au Congrès EMEA du 3 au 5 novembre 2020]]>>===
* News: Google Cloud 'Security Talks 2020' online conference+++*[»]> <<tiddler [[2020.10.29 - Actu : Conférence Google Cloud 'Security Talks 2020']]>>===
* Blog: 'Cloud Security: The Necessity of Threat Hunting'+++*[»]> <<tiddler [[2020.10.28 - Blog : 'Cloud Security: The Necessity of Threat Hunting']]>>===
* Blog: 'Blockchain attacks, vulnerabilities and weaknesses'+++*[»]> <<tiddler [[2020.10.26 - Blog : 'Blockchain attacks, vulnerabilities and weaknesses']]>>===
!!2 - Cloud and Security News Watch ([[over 80 links|2020.11.01 - Veille Hebdomadaire - 1er novembre]])
* __''Must read''__
** Comments on Microsoft's Kubernetes Threat Matrix+++^*[»]
|2020.10.26|//Alcide//|![[Microsoft's Kubernetes Threat Matrix: Here's What's Missing|https://www.darkreading.com/threat-intelligence/microsofts-kubernetes-threat-matrix-heres-whats-missing/a/d-id/1339106]] |K8s MITRE_AT&CK|
|2020.04.02|//Microsoft//| ← [[Attack matrix for Kubernetes|https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/]]|ATT&CK Kubernetes|
===
** Container Hardening Guide (DISA/DoD)+++^*[»]
|2020.11.01|DISA/DoD|![[DevSecOps Enterprise Container Hardening Guide v1.1|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/Final_DevSecOps_Enterprise_Container_Hardening_Guide_1.1.pdf]] (pdf) |DevSecOps Hardening|
===
** Supply Chain Attacks in the Age of Cloud Computing+++^*[»]
|2020.10.26|//TrendMicro//|![[Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back Ends|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/supply-chain-attacks-cloud-computing]] ([[pdf|https://documents.trendmicro.com/assets/white_papers/supply-chain-attacks-in-the-age-of-cloud-computing.pdf]]) |Report Supply_Chain|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: New Google Drive Scam+++^*[»]
|2020.11.01|WIRED|[[Beware a New Google Drive Scam Landing in Inboxes|https://www.wired.com/story/beware-a-new-google-drive-scam-landing-in-inboxes/]]|Phishing Google_Drive|
===
** Leaks: Massive Nitro Data Breach+++^*[»]
|2020.10.26|Bleeping Computer|[[[Massive Nitro data breach impacts Microsoft, Google, Apple, more|https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/]]|Data_Breach|
|2020.10.30|//Divvy Cloud//| → [[Nitro Data Breach Could Spell Trouble for Google, Apple, Microsoft and Others|https://divvycloud.com/nitro-data-breach/]]|Data_Breach|
===
* __Best Practices, and Detection__
** Best Practices: Tackling DDoS Attacks+++^*[»]
|2020.10.26|//Cloud Management Insider//|[[Security Best Practices for Google Cloud Users To Tackle DDoS Attacks|https://www.cloudmanagementinsider.com/how-to-prevent-ddos-attacks-on-gcp-deployments/]]|GCP DDoS|
===
** Detection: Password Spray Attack Detection+++^*[»]
|2020.10.26|//Microsoft Azure//|![[Advancing Password Spray Attack Detection|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/advancing-password-spray-attack-detection/ba-p/1276936]] |AzureAD Password_Spray|
|2020.10.27|Security Week| → [[Microsoft Introduces New Password Spray Detection for Azure|https://www.securityweek.com/microsoft-introduces-new-password-spray-detection-azure]]|AzureAD Password_Spray|
|2020.10.27|CISO Mag| → [[Microsoft's Shield Against Password Spray Attacks Just Went a Notch Higher|https://cisomag.eccouncil.org/password-spray-attack-detection/]]|AzureAD Password_Spray|
===
* __Reports, Surveys, Studies, Publications__
** Studies: Analysis of Gartner's Hype Cycle For Cloud Security+++^*[»]
|2020.10.26|Forbes|[[[What's New In Gartner's Hype Cycle For Cloud Security, 2020|https://www.forbes.com/sites/louiscolumbus/2020/10/25/whats-new-in-gartners-hype-cycle-for-cloud-security-2020/#50e06c037bd9]]|Gartner|
===
* __Cloud Services Providers, Tools__
** AWS: Nitro Enclaves • IPv6+++^*[»]
|2020.10.28|//Cloudonaut//|![[Getting started with IPv6 on AWS|https://cloudonaut.io/getting-started-with-ipv6-on-aws/]] |AWS IPv6|
|2020.10.28|//Amazon AWS//|[[AWS Nitro Enclaves - Isolated EC2 Environments to Process Confidential Data|https://aws.amazon.com/blogs/aws/aws-nitro-enclaves-isolated-ec2-environments-to-process-confidential-data/]]|AWS_Nitro|
|2020.10.30|Help Net Security| → [[AWS Nitro Enclaves: Create isolated environments to protect highly sensitive workloads|https://www.helpnetsecurity.com/2020/10/30/aws-nitro-enclaves/]]|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - It's a Big Deal|https://www.sentiatechblog.com/acm-for-nitro-enclaves-its-a-big-deal]] (1/2)|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - How Secure Are They?|https://www.sentiatechblog.com/acm-for-nitro-enclaves-how-secure-are-they]] (2/2)|AWS_Nitro|
===
** Azure: Microsoft Defender ATP service • Azure AD and Office 365 Correlation with Azure Sentinel • Azure Blueprints to Control Azure Compliance+++^*[»]
|2020.10.28|//Microsoft//|[[Enable access to Microsoft Defender ATP service URLs in the proxy server|https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server]]|Microsoft_Defender ATP|
|2020.10.28|//Microsoft//| → [[URLs|https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx]]|Microsoft_Defender ATP|
|2020.10.28|Bleeping Computer| → [[Microsoft shares list of URLs required by Microsoft Defender ATP|https://www.bleepingcomputer.com/news/security/microsoft-shares-list-of-urls-required-by-microsoft-defender-atp/]]|Microsoft_Defender ATP|
|2020.10.27|SecureCloudBlog|![[Correlating Azure AD logs to Office 365 workload operations With Azure Sentinel|https://securecloud.blog/2020/10/27/correlating-azure-ad-logs-to-office-365-workload-operations-with-azure-sentinel/]] |Logging AzureAD O365 Azure_Sentinel|
|2020.10.27|//Coalfire//|[[Using Azure Blueprints to Control Azure Compliance|https://www.coalfire.com/the-coalfire-blog/october-2020/using-azure-blueprints-to-control-azure-compliance]] (1/4)|Azure Compliance|
===
** GCP: Q4 2020 Google Cloud Security Talks+++^*[»]
|2020.10.27|//Google GCP//|[[What you can learn in our Q4 2020 Google Cloud Security Talks|https://cloud.google.com/blog/products/identity-security/google-cloud-security-talks-q4-2020-the-latest-in-cloud-security]]|GCP Conference|
===
** Oracle: Identity Management+++^*[»]
|2020.10.29|//Oracle Cloud//|[[How to do Identity Management, whilst not doing Identity Management|https://blogs.oracle.com/cloudsecurity/how-to-do-identity-management%2C-whilst-not-doing-identity-management]]|ID_Management|
===
** Kubernetes: Security Configuration and Options • Security in production • Threat Vectors: Execution+++^*[»]
|2020.10.29|Container Journal|[[Policy Engines: Ensuring Configuration Security in Kubernetes|https://containerjournal.com/topics/container-security/policy-engines-ensuring-configuration-security-in-kubernetes/]]|K8s|
|2020.10.29|Cybersecurity Insider|[[PSPs vs. OPA Gatekeeper: Breaking down your Kubernetes Pod security options|https://www.cybersecurity-insiders.com/psps-vs-opa-gatekeeper-breaking-down-your-kubernetes-pod-security-options/]]|K8s|
|2020.10.29|//Alcide//|![[Kubernetes Threat Vectors: Part 2 - Execution|https://www.alcide.io/kubernetes-threat-vectors-part-2-execution]] (2/11) |Kubernetes Threats|
|2020.10.28|//NeuVector//|[[13 Must-Ask Questions about Kubernetes Security in Production|https://neuvector.com/article/13-must-ask-questions-about-kubernetes-security-in-production/]]|K8s|
===
** Containers: Data Backup and Recovery+++^*[»]
|2020.10.26|Container Journal|[[Data Backup and Recovery Emerges as Container Issue|https://containerjournal.com/topics/container-security/data-backup-and-recovery-emerges-as-container-issue/]]|Containers Images|
===
** Workloads: New Approach to Protection+++^*[»]
|2020.10.27|//Red Canary//|[[A new approach to Cloud Workload Protection|https://redcanary.com/blog/cloud-workload-protection/]]|Workloads|
===
** Tools: KubeLinter (//StackRox//)+++^*[»]
|2020.10.28|//StackRox//|[[Introducing KubeLinter - an open source linter for Kubernetes|https://www.stackrox.com/post/2020/10/introducing-kubelinter-an-open-source-linter-for-kubernetes/]]|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[KubeLinter: An open source linter for Kubernetes, from StackRox|https://www.youtube.com/watch?v=KWX0sWojV_0]] (vidéo)|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[kube-linter|https://github.com/stackrox/kube-linter]]|Tools Kubernetes|
|2020.10.28|Security Week| → [[StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations|https://www.securityweek.com/stackrox-releases-open-source-tool-finding-kubernetes-misconfigurations]]|Tools Kubernetes|
===
* __Weekly 'Cloud and Security' Watch, Podcasts, Conferences__
** Conference: Preparing for 'AWS re:Invent 2020'+++^*[»]
|2020.10.29|//Cloud Management Insider//|[[Everything You Need To Know About AWS re:Invent 2020|https://www.cloudmanagementinsider.com/everything-you-need-to-know-about-aws-reinvent-2020/]]|AWS Conference|
===
** Podcasts : RGPD et Azure (Cloud Security Podcast)+++^*[»]
|2020.10.31|Cloud Security Podcast|[[How To Prepare For GDPR In Azure Cloud Environment - Naomi Buckwalter|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-PREPARE-FOR-GDPR-IN-AZURE-CLOUD-ENVIRONMENT--Naomi-Buckwalter-els0rc]] ([[audio|https://anchor.fm/s/10fb9928/podcast/play/21938476/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2020-11-01%2F8bac2c11c7e77df519b3048b75d93872.m4a]])|Podcast|
===
** Newsletters: TL;DR Security #58 • The Cloud Security Reading List #61+++^*[»]
|2020.10.31|Marco Lancini|[[The Cloud Security Reading List #61|https://cloudseclist.com/issues/issue-61/]] |Weekly_Newsletter|
|2020.10.28|TL;DR Security|[[#58 - New Job ??, Burp Multiplayer, Chaos Engineering Book|https://tldrsec.com/blog/tldr-sec-058/]] |Weekly_Newsletter|
===
* __Market, Acquisitions__
** Market: Second Outscale Region+++^*[»]
|2020.10.27|L'Usine Digitale[>img[iCSF/flag_fr.png]]|[[3DS Outscale ouvre une deuxième région cloud certifiée par l'Anssi|https://www.usine-digitale.fr/article/3ds-outscale-ouvre-une-deuxieme-region-cloud-certifiee-par-l-anssi.N1021159]]|France|
===
* __Miscellaneous__
** Choosing an Open-Source Cloud Platform+++^*[»]
|2020.10.27|Rick Blaisdell|[[Choosing an Open-Source Cloud Platform|https://rickscloud.com/open-source-cloud-platform/]]|Open_Source|
===
** Cloud Backup+++^*[»]
|2020.10.30|BetaNews|[[Could your business benefit from a cloud backup solution?|https://betanews.com/2020/10/30/cloud-backup-solution/]]|Backup|
|2020.10.30|Help Net Security|[[What's next for cloud backup?|https://www.helpnetsecurity.com/2020/10/30/cloud-backup-data/]]|Backup|
===
** Scaling IoT+++^*[»]
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 1|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-1.html]] (1/2)|IoT|
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 2|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-2.html]] (2/2)|IoT|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KB1/|https://CloudSecurityAlliance.fr/go/KB1/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 26 octobre au 1er novembre 2020
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.11.01|
|2020.11.01|Marco Lancini|[[The Cloud Security Reading List #61|https://cloudseclist.com/issues/issue-61/]] |Weekly_Newsletter|
|2020.11.01|Cloud Security Podcast|[[How To Prepare For GDPR In Azure Cloud Environment - Naomi Buckwalter|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-PREPARE-FOR-GDPR-IN-AZURE-CLOUD-ENVIRONMENT--Naomi-Buckwalter-els0rc]] ([[audio|https://anchor.fm/s/10fb9928/podcast/play/21938476/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2020-11-01%2F8bac2c11c7e77df519b3048b75d93872.m4a]])|Podcast|
|2020.11.01|DISA/DoD|![[DevSecOps Enterprise Container Hardening Guide v1.1|https://dl.dod.cyber.mil/wp-content/uploads/devsecops/pdf/Final_DevSecOps_Enterprise_Container_Hardening_Guide_1.1.pdf]] (pdf) |DevSecOps Hardening|
|2020.11.01|Security and Cloud 24/7|[[Tips for Selecting a Public Cloud Provider|https://security-24-7.com/tips-for-selecting-a-public-cloud-provider/]]|Misc|
|2020.11.01|WIRED|[[Beware a New Google Drive Scam Landing in Inboxes|https://www.wired.com/story/beware-a-new-google-drive-scam-landing-in-inboxes/]]|Phishing Google_Drive|
|2020.11.01|Matt Soseman|[[The NEW Attack Simulator in M365 w/ End User Training|https://www.youtube.com/watch?v=jW3vgn15aYU]]|M365 Simulation|
|2020.11.01|//Cloudberry Engineering//|[[A Practical Introduction to Container Security|https://cloudberry.engineering/article/practical-introduction-container-security/]]|Containers|
|>|>|>|!|
|>|>|>||
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.10.31|
|2020.10.31|SANS|[[How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK Matrix|https://www.youtube.com/watch?v=wtB73OHAubQ]] (vidéo)|AWS ATT&CK|
|>|>|>|!2020.10.30|
|2020.10.30|DataCenter Mag[>img[iCSF/flag_fr.png]]|[[Scaleway lance Private Networks, le premier service Virtual Private Cloud|https://datacenter-magazine.fr/scaleway-lance-private-networks-le-premier-service-virtual-private-cloud/]]|Scaleway VPC|
|2020.10.30|SANS|[[How to Create a Scalable and Automated Edge Strategy in the AWS Cloud|https://www.sans.org/reading-room/whitepapers/analyst/create-scalable-automated-edge-strategy-aws-cloud-39924]]|AWS|
|2020.10.30|BetaNews|[[Why cloud security is more important than ever|https://betanews.com/2020/10/30/cloud-security-more-important-than-ever/]]|Misc|
|2020.10.30|BetaNews|[[Could your business benefit from a cloud backup solution?|https://betanews.com/2020/10/30/cloud-backup-solution/]]|Backup|
|2020.10.30|Help Net Security|[[What's next for cloud backup?|https://www.helpnetsecurity.com/2020/10/30/cloud-backup-data/]]|Backup|
|2020.10.30|Container Journal|[[What Will It Take to Shift Kubernetes Security Left? appeared|https://containerjournal.com/topics/container-security/what-will-it-take-to-shift-kubernetes-security-left/]]|K8s|
|2020.10.30|Open Container Initiative|![[Consuming Public Content|https://opencontainers.org/posts/blog/2020-10-30-consuming-public-content/]] |Containers Image Registry|
|2020.10.30|//Rewind//|[[Cybersecurity and Cloud Computing: Risks and Benefits|https://rewind.com/blog/cybersecurity-and-cloud-computing-risks-and-benefits/]]|Risks|
|2020.10.30|//StackRox//|[[StackRox + AWS + Kubernetes - A look inside our Security Hub integration|https://www.stackrox.com/post/2020/10/stackrox-aws-kubernetes-a-look-inside-our-security-hub-integration/]]|Products StackRox|
|2020.10.30|//Google GCP//|[[Understanding Data Encryption in Google Cloud|https://medium.com/google-cloud/understanding-data-encryption-in-google-cloud-c36d9095fb38]]|Comics Encryption|
|>|>|>|!2020.10.29|
|2020.10.29|CSO Online|[[14 controls for securing SAP systems in the cloud|https://www.csoonline.com/article/3586626/14-controls-for-securing-sap-systems-in-the-cloud.html]]|SAP Controls|
|2020.10.29|Container Journal|[[Policy Engines: Ensuring Configuration Security in Kubernetes|https://containerjournal.com/topics/container-security/policy-engines-ensuring-configuration-security-in-kubernetes/]]|K8s|
|2020.10.29|The Register|[[A cloud server with no network, no persistent storage, and no user access - what is AWS thinking?|https://go.theregister.com/feed/www.theregister.com/2020/10/29/aws_enclaves/]]|AWS|
|2020.10.29|Cybersecurity Insider|[[PSPs vs. OPA Gatekeeper: Breaking down your Kubernetes Pod security options|https://www.cybersecurity-insiders.com/psps-vs-opa-gatekeeper-breaking-down-your-kubernetes-pod-security-options/]]|K8s|
|2020.10.29|//Alcide//|![[Kubernetes Threat Vectors: Part 2 - Execution|https://www.alcide.io/kubernetes-threat-vectors-part-2-execution]] (2/11) |Kubernetes Threats|
|2020.10.29|//Cloud Management Insider//|[[Everything You Need To Know About AWS re:Invent 2020|https://www.cloudmanagementinsider.com/everything-you-need-to-know-about-aws-reinvent-2020/]]|AWS Conference|
|2020.10.29|//Oracle Cloud//|[[How to do Identity Management, whilst not doing Identity Management|https://blogs.oracle.com/cloudsecurity/how-to-do-identity-management%2C-whilst-not-doing-identity-management]]|ID_Management|
|>|>|>|!2020.10.28|
|2020.10.28|TL;DR Security|[[#58 - New Job ??, Burp Multiplayer, Chaos Engineering Book|https://tldrsec.com/blog/tldr-sec-058/]] |Weekly_Newsletter|
|2020.10.28|DZone|[[How to Reduce Docker Image Size|https://dzone.com/articles/how-to-reduce-docker-image-size]]|Docker|
|2020.10.28|Help Net Security|[[AttackIQ integrates Security Optimization Platform with Microsoft Azure Sentinel cloud-native SIEM platform|https://www.helpnetsecurity.com/2020/10/28/attackiq-microsoft-azure-sentinel/]]|Products SIEM|
|2020.10.28|//Cloudonaut//|![[Getting started with IPv6 on AWS|https://cloudonaut.io/getting-started-with-ipv6-on-aws/]] |AWS IPv6|
|2020.10.28|//StackRox//|[[Introducing KubeLinter - an open source linter for Kubernetes|https://www.stackrox.com/post/2020/10/introducing-kubelinter-an-open-source-linter-for-kubernetes/]]|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[KubeLinter: An open source linter for Kubernetes, from StackRox|https://www.youtube.com/watch?v=KWX0sWojV_0]] (vidéo)|Tools Kubernetes|
|2020.10.28|//StackRox//| → [[kube-linter|https://github.com/stackrox/kube-linter]]|Tools Kubernetes|
|2020.10.28|Security Week| → [[StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations|https://www.securityweek.com/stackrox-releases-open-source-tool-finding-kubernetes-misconfigurations]]|Tools Kubernetes|
|2020.10.28|Container Journal| → [[StackRox Tool Prevents Kubernetes Misconfigurations|https://containerjournal.com/topics/container-management/stackrox-tool-prevents-kubernetes-misconfigurations/]]|Tools Kubernetes|
|2020.10.28|Container Journal| → [[StackRox Releases KubeLinter, an Open Source Tool to Identify Kubernetes Misconfigurations|https://containerjournal.com/news/news-releases/stackrox-releases-kubelinter-an-open-source-tool-to-identify-kubernetes-misconfigurations/]]|Tools Kubernetes|
|2020.10.28|//Tripwire//|[[4 Considerations for a Secure Cloud Environment|https://www.tripwire.com/state-of-security/featured/4-considerations-secure-cloud-environment/]]|Misc|
|2020.10.28|//CloudCheckr//|[[How to Supercharge Your Security-First Cloud Strategy in 3 Steps|https://cloudcheckr.com/cloud-security/how-to-supercharge-your-security-first-cloud-strategy-in-3-steps/]]|Misc|
|2020.10.28|//AvePoint//|[[How to Identify Sensitive Information Types in Office 365|https://www.avepoint.com/blog/protect/office-365-sensitive-data/]]|O365|
|2020.10.28|//HashiCorp//|[[Deploying Terraform Enterprise in Air Gapped Environments|https://www.hashicorp.com/blog/deploying-terraform-enterprise-in-airgapped-environments]]|Segregation|
|2020.10.28|//NeuVector//|[[13 Must-Ask Questions about Kubernetes Security in Production|https://neuvector.com/article/13-must-ask-questions-about-kubernetes-security-in-production/]]|K8s|
|2020.10.28|//Menlo Security//|[[Update on DoD's Cloud-Based Internet Isolation|https://www.menlosecurity.com/blog/update-on-dods-cloud-based-internet-isolation]]|Isolation|
|2020.10.28|//Amazon AWS//|[[AWS Nitro Enclaves - Isolated EC2 Environments to Process Confidential Data|https://aws.amazon.com/blogs/aws/aws-nitro-enclaves-isolated-ec2-environments-to-process-confidential-data/]]|AWS_Nitro|
|2020.10.30|Help Net Security| → [[AWS Nitro Enclaves: Create isolated environments to protect highly sensitive workloads|https://www.helpnetsecurity.com/2020/10/30/aws-nitro-enclaves/]]|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - It's a Big Deal|https://www.sentiatechblog.com/acm-for-nitro-enclaves-its-a-big-deal]] (1/2)|AWS_Nitro|
|2020.10.30|//Sentia//| → [[ACM for Nitro Enclaves - How Secure Are They?|https://www.sentiatechblog.com/acm-for-nitro-enclaves-how-secure-are-they]] (2/2)|AWS_Nitro|
|2020.10.28|//Trimarc Security//|[[Securing Microsoft Azure AD Connect|https://www.hub.trimarcsecurity.com/post/securing-microsoft-azure-ad-connect]]|AzureAD|
|2020.10.28|//Amazon AWS//|[[Announcing SSL/TLS certificates for Amazon EC2 instances with AWS Certificate Manager (ACM) for Nitro Enclaves|https://aws.amazon.com/about-aws/whats-new/2020/10/announcing-aws-certificate-manager-for-nitro-enclaves/]]|AWS_Nitro|
|2020.10.28|//Microsoft//|[[Back to the future: What the Jericho Forum taught us about modern security|https://www.microsoft.com/security/blog/2020/10/28/back-to-the-future-what-the-jericho-forum-taught-us-about-modern-security/]]|Governance|
|2020.10.28|//Microsoft//|[[Enable access to Microsoft Defender ATP service URLs in the proxy server|https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server]]|Microsoft_Defender ATP|
|2020.10.28|//Microsoft//| → [[URLs|https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx]]|Microsoft_Defender ATP|
|2020.10.28|Bleeping Computer| → [[Microsoft shares list of URLs required by Microsoft Defender ATP|https://www.bleepingcomputer.com/news/security/microsoft-shares-list-of-urls-required-by-microsoft-defender-atp/]]|Microsoft_Defender ATP|
|2020.10.28|//Google GCP//|[[Cloud Storage object lifecycle management gets new controls|https://cloud.google.com/blog/products/storage-data-transfer/cloud-storage-gets-new-olm-rules/]]|GCP Storage|
|>|>|>|!2020.10.27|
|2020.10.27|L'Usine Digitale[>img[iCSF/flag_fr.png]]|[[3DS Outscale ouvre une deuxième région cloud certifiée par l'Anssi|https://www.usine-digitale.fr/article/3ds-outscale-ouvre-une-deuxieme-region-cloud-certifiee-par-l-anssi.N1021159]]|France|
|2020.10.27|SecureCloudBlog|![[Correlating Azure AD logs to Office 365 workload operations With Azure Sentinel|https://securecloud.blog/2020/10/27/correlating-azure-ad-logs-to-office-365-workload-operations-with-azure-sentinel/]] |Logging AzureAD O365 Azure_Sentinel|
|2020.10.27|Rick Blaisdell|[[Choosing an Open-Source Cloud Platform|https://rickscloud.com/open-source-cloud-platform/]]|Open_Source|
|2020.10.27|GitHub|[[Code Scanning a GitHub Repository using GitHub Advanced Security within an Azure DevOps Pipeline|https://github.blog/2020-10-27-code-scanning-a-github-repository-using-github-advanced-security-within-an-azure-devops-pipeline/]]|Code_Scanning GitHub|
|2020.10.27|Container Journal|[[Aqua Security Announces the Industry's Most Advanced Kubernetes Security Solution|https://containerjournal.com/news/news-releases/aqua-security-announces-the-industrys-most-advanced-kubernetes-security-solution/]]|Products Kubernetes|
|2020.10.27|Container Journal| → [[Aqua Security Simplifies Kubernetes Security|https://containerjournal.com/topics/container-security/aqua-security-simplifies-kubernetes-security/]]|Products Kubernetes|
|2020.10.28|Help Net Security| → [[Aqua Security unveils Kubernetes-native security capabilities|https://www.helpnetsecurity.com/2020/10/28/aqua-security-kubernetes-native-security-capabilities/]]|Products Kubernetes|
|2020.10.27|Marc-Henry Geay|[[AWS Cloudtrail samples|https://dev-website.lab-terraform.mhg.ovh/aws-cloudtrail-samples.html]]|AWS_Cloudtrail|
|2020.10.27|//Red Canary//|[[A new approach to Cloud Workload Protection|https://redcanary.com/blog/cloud-workload-protection/https://redcanary.com/blog/cloud-workload-protection/]]|Workloads|
|2020.10.27|//Sysdig//|[[Understanding and mitigating CVE-2020-8566: Ceph cluster admin credentials leaks in kube-controller-manager log|https://sysdig.com/blog/falco-cve-2020-8566-ceph/]]|Vulnerability CVE-2020-8566|
|2020.10.27|//Sysdig//|[[SOC 2 compliance for containers and Kubernetes security|https://sysdig.com/blog/soc-2-compliance/]]|Compliance Containers Kubernetes|
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 1|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-1.html]] (1/2)|IoT|
|2020.10.27|//Akamai//|[[Akamai Edge Cloud: Scaling IoT, Part 2|https://blogs.akamai.com/2020/10/akamai-edge-cloud-scaling-iot-part-2.html]] (2/2)|IoT|
|2020.10.27|//Coalfire//|[[Using Azure Blueprints to Control Azure Compliance|https://www.coalfire.com/the-coalfire-blog/october-2020/using-azure-blueprints-to-control-azure-compliance]] (1/4)|Azure Compliance|
|2020.10.27|//Anchore//|[[DevSecOps and the Next Generation of Digital Transformation|https://anchore.com/blog/devsecops-and-the-next-generation-of-digital-transformation/]]|DevSecOps|
|2020.10.27|//Intezer//|[[Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center|https://www.intezer.com/blog/migrating-to-the-cloud-compliance-issues-when-transitioning-from-a-traditional-data-center/]]|Compliance|
|2020.10.27|//Google GCP//|[[What you can learn in our Q4 2020 Google Cloud Security Talks|https://cloud.google.com/blog/products/identity-security/google-cloud-security-talks-q4-2020-the-latest-in-cloud-security]]|GCP Conference|
|2020.10.27|//Google GCP//|[[Preparing Google Cloud deployments for Docker Hub pull request limits|https://cloud.google.com/blog/products/containers-kubernetes/mitigating-the-impact-of-new-docker-hub-pull-request-limits/]]|GCP Docker|
|>|>|>|!2020.10.26|
|2020.10.26|Forbes|[[[What's New In Gartner's Hype Cycle For Cloud Security, 2020|https://www.forbes.com/sites/louiscolumbus/2020/10/25/whats-new-in-gartners-hype-cycle-for-cloud-security-2020/#50e06c037bd9]]|Gartner|
|2020.10.26|Security Forum|[[[Cybersecurity, Cloud Skills: Key to Companies' Digital Transformation|https://www.securityforum.org/news/cybersecurity-cloud-skills-key-to-companies-digital-transformation/]]|Skill|
|2020.10.26|Bleeping Computer|[[[Massive Nitro data breach impacts Microsoft, Google, Apple, more|https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/]]|Data_Breach|
|2020.10.30|//Divvy Cloud//| → [[Nitro Data Breach Could Spell Trouble for Google, Apple, Microsoft and Others|https://divvycloud.com/nitro-data-breach/]]|Data_Breach|
|2020.10.26|Container Journal|[[Data Backup and Recovery Emerges as Container Issue|https://containerjournal.com/topics/container-security/data-backup-and-recovery-emerges-as-container-issue/]]|Containers Images|
|2020.10.26|Jason Ostrom|[[Building Azure Cyber Ranges for Learning and Fun|https://levelup.gitconnected.com/building-azure-cyber-ranges-for-learning-and-fun-9df1debb2eae]]|Exercise|
|2020.10.26|Ahmed Khamessi|[[Azure Policy and OPA Gatekeeper underlay for AKS|https://ahmedkhamessi.com/2020-10-26-Azure-Policy-AKS/]]|Azure AKS|
|2020.10.26|Computer Weekly|[[Oracle expands UK datacentre footprint with new private and public sector-focused cloud regions|https://www.computerweekly.com/news/252490998/Oracle-expands-UK-datacentre-footprint-with-new-private-and-public-sector-focused-regions]]|Oracle|
|2020.10.26|Marc-Henry Geay|![[Overview of AWS Logs|https://dev-website.lab-terraform.mhg.ovh/overview-of-aws-logs.html]] |AWS Logging|
|2020.10.26|//TrendMicro//|![[Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back Ends|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/supply-chain-attacks-cloud-computing]] ([[pdf|https://documents.trendmicro.com/assets/white_papers/supply-chain-attacks-in-the-age-of-cloud-computing.pdf]]) |Report Supply_Chain|
|2020.10.26|//Cloud Management Insider//|[[Security Best Practices for Google Cloud Users To Tackle DDoS Attacks|https://www.cloudmanagementinsider.com/how-to-prevent-ddos-attacks-on-gcp-deployments/]]|GCP DDoS|
|2020.10.26|//Alcide//|![[Microsoft's Kubernetes Threat Matrix: Here's What's Missing|https://www.darkreading.com/threat-intelligence/microsofts-kubernetes-threat-matrix-heres-whats-missing/a/d-id/1339106]] |K8s MITRE_AT&CK|
|2020.10.26|//iland//|[[Why do you need a global footprint for your cloud?|https://blog.iland.com/cloud/why-do-you-need-a-global-footprint-for-your-cloud/]]|Misc|
|2020.10.26|//Amazon AWS//|[[AWS Shield now provides global and per-account event summaries to all AWS customers|https://aws.amazon.com/about-aws/whats-new/2020/10/aws-shield-provides-global-and-per-account-event-summaries-to-all-aws-customers/]]|AWS_Shield|
|2020.04.02|//Microsoft//|[[Attack matrix for Kubernetes|https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/]]|ATT&CK Kubernetes|
|2020.10.26|//Microsoft Azure//|![[Advancing Password Spray Attack Detection|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/advancing-password-spray-attack-detection/ba-p/1276936]] |AzureAD Password_Spray|
|2020.10.27|Security Week| → [[Microsoft Introduces New Password Spray Detection for Azure|https://www.securityweek.com/microsoft-introduces-new-password-spray-detection-azure]]|AzureAD Password_Spray|
|2020.10.27|CISO Mag| → [[Microsoft's Shield Against Password Spray Attacks Just Went a Notch Higher|https://cisomag.eccouncil.org/password-spray-attack-detection/]]|AzureAD Password_Spray|
|2020.10.26|//Oracle Cloud//|[[Comparing the Top 20 Security Controls from CIS to DevSecOps|https://blogs.oracle.com/cloudsecurity/comparing-the-top-20-security-controls-from-cis-to-devsecops]]|DevSecOps Controls|
|2020.10.26|//Threatpost//|[[Containerd Bug Exposes Cloud Account Credentials|https://threatpost.com/containerd-bug-cloud-account-credentials/160546/]]|Vulnerability CVE-2020-15157|
<<tiddler [[arOund0C]]>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202010>>
<<tiddler fAll2Tabs10 with: VeilleM","_202010>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Octobre 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202010>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Octobre 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Octobre 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202010'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202010'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Octobre 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202010'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Octobre 2020]]>>
!//Five Actions to Mitigate the Financial Damage of Ransomware//
[>img(150px,auto)[iCSA/KAUBF.jpg]]^^Article publié le 30 octobre 2020 sur le blog de la CSA, et le 27 mai 2020 sur le site de Asiga.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/30/five-actions-to-mitigate-the-financial-damage-of-ransomware/
* Site TokenEx ⇒ https://www.asigra.com/press-releases/asigra-presents-five-preventative-and-responsive-best-practices-mitigate-ransomware
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//6 Data Governance Best Practices in 2020//
[>img(150px,auto)[iCSA/KARB6.jpg]]^^Article publié le 20 octobre 2020 sur le blog de la CSA, et le 28 octobre 2019 (sic) sur le site de TokenEx.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/27/6-data-governance-best-practices-in-2020/
* Site TokenEx ⇒ https://www.tokenex.com/blog/6-data-governance-best-practices-in-2020
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Vendor Management Software Evaluation: How to Get Executive Buy-In//
[>img(150px,auto)[iCSA/KANBV.jpg]]^^Article publié le 23 octobre 2020 sur le blog de la CSA, et le 14 octobre sur le site de Whistic.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/23/vendor-management-software-evaluation-how-to-get-executive-buy-in/
* Site Whistic ⇒ https://www.whistic.com/resources/how-to-get-executive-buy-in
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Mobile Application Security Testing (MAST) - Charter//
<<<
//Mobile Applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. Cloud computing has allowed for the instantaneous utilization of applications which imparts tremendous agility to the enterprise.//
<<<
__Lien __
* Annonce → https://cloudsecurityalliance.org/artifacts/mobile-application-security-testing-mast-charter/
* Téléchargement (PDF) → https://cloudsecurityalliance.org/download/artifacts/mobile-application-security-testing-mast-charter/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Data Privacy vs. Data Security: What is the Core Difference?//
[>img(150px,auto)[iCSA/KAKBD.jpg]]^^Article publié le 20 octobre 2020 sur le blog de la CSA, et le 7 juillet 2020 sur le site de TokenEx.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/20/data-privacy-vs-data-security-what-is-the-core-difference/
* Site TokenEx ⇒ https://www.tokenex.com/blog/data-privacy-vs-security
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//How secure are your SaaS applications?//
[>img(150px,auto)[iCSA/KAJBH.jpg]]^^Article publié le 19 octobre 2020 sur le blog de la CSA, et sur le site d'AppOmni.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/19/how-secure-are-your-saas-applications/
* Site AppOmni ⇒ https://appomni.com/blog-how-secure-are-your-saas-applications/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Security Alliance Announces Recipients of 2020 Ron Knode Service Awards//
[>img(150px,auto)[iCSF/cloud-security-alliance.png]]^^Communiqué de presse de la CSA publié le 7 octobre 2020.
__Liens :__
* Communiqué de presse de la CSA ⇒ https://cloudsecurityalliance.org/press-releases/2020/10/07/cloud-security-alliance-announces-recipients-of-2020-ron-knode-service-awards/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Complementing Your CSPM with Runtime Cloud Workload Protection//
[>img(150px,auto)[iCSA/KA7BC.jpg]]^^Article publié le 7 octobre 2020 sur le blog de la CSA, et sur le site d'Intezer le 10 septembre 2020 et déjà mentionnné dans la veille pour son intérêt.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/07/complementing-your-cspm-with-runtime-cloud-workload-protection/
* Site Intezer ⇒ https://www.intezer.com/blog/cloud-security/complementing-your-cspm-with-runtime-cloud-workload-protection/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Improving Data Security for SaaS Apps - 5 Key Questions every CISO needs to ask//
[>img(150px,auto)[iCSA/KA6BI.jpg]]^^Article publié le 6 octobre 2020 sur le blog de la CSA, et sur le site de CipherCloud le 4 mai 2019 (sic).
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/05/aws-security-best-practices-cloud-security-report-2020-for-infosec/ /% ''[[CloudSecurityAlliance.fr/go/§sGO-CSA§/|https://CloudSecurityAlliance.fr/go/§GO-CSA§/]]'' %/
* Site CipherCloud ⇒ https://www.ciphercloud.com/maintaining-data-security-during-cloud-adoption-5-questions-cios-need-to-ask/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//AWS Security Best Practices: Cloud Security Report 2020 for InfoSec//
[>img(auto,113px)[iCSF/KA5B2.jpg]][>img(150px,auto)[iCSA/KA5BA.jpg]]^^Article publié le 5 octobre 2020 sur le blog de la CSA, et sur le site de Cloud Passage le 15 septembre 2020.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/05/aws-security-best-practices-cloud-security-report-2020-for-infosec/ /% ''[[CloudSecurityAlliance.fr/go/§sGO-CSA§/|https://CloudSecurityAlliance.fr/go/§GO-CSA§/]]'' %/
* Site Cloud Passage ⇒ https://www.cloudpassage.com/articles/aws-security-best-practices-aws-cloud-security-report-2020/ /% ''[[CloudSecurityAlliance.fr/go/§sGO-SITE§/|https://CloudSecurityAlliance.fr/go/§sGO-SITE§/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//No Free Rides With Your OAuth Tokens//
[>img(150px,auto)[iCSA/KA3BN.jpg]]^^Article publié le 3 octobre 2020 sur le blog de la CSA.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/03/no-free-rides-with-your-oauth-tokens/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(300px,auto)[iCSF/KAIWG.png]]La conférence ''Google Cloud 'Security Talks 2020''' se déroulera le 18 novembre 2020 en ligne de 18h à 22h (heure française)
|>|!Agenda|
|18h00 à 18h20|!Google Cloud - Latest Security Updates|
|~|Intervenants : Robert Sadowski, Sunil Potti|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=latest-updates]]|
|18h20 à 19h00|!Office of the CISO presents: Moving to cloud - A chance to finally transform your security|
|~|Intervenants : Dave Hannigan, Jeanette Manfra, Anton Chuvakin|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=transform-security]]|
|19h00 à 19h30|!An introduction to security in Google Workspace|
|~|Intervenants : Karthik Lakshminarayanan, Kelly Waldher|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=intro-security-google-workspace]]|
|19h30 à 20h00|!The Future of Network Security is in the Cloud|
|~|Intervenants : Peter Blum, Shailesh Shukla|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=future-network-security]]|
|20h00 à 20:30|!The Gamechanger - Confidential GKE Nodes in GCP|
|~|Intervenants : Sam Lugani, Ibrahim Damlaj|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=the-gamechanger]]|
|20:30 à 21:00|!Improve your security posture with the Security Command Center|
|~|Intervenants : Kathryn Shih, Timothy Peacock|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=improve-security-posture]]|
|21h00 à 21:30|!The Better Fit: Key Management vs. Secret Management|
|~|Intervenants : Anton Chuvakin, Seth Vargo|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=the-better-fit]]|
|21h:30 à 22:00|!Google Cloud Security Showcase|
|~|Intervenant : Sam Lugani|
|~|Lien → [[inscription|https://cloudonair.withgoogle.com/events/security-talks-november-2020?talk=security-showcase]]|
__Liens :__
* Présentation et inscriptions → https://cloudonair.withgoogle.com/events/security-talks-november-2020
<<tiddler [[arOund0C]]>>
!"//Cloud Security: The Necessity of Threat Hunting//"
Article publié le 28 octobre 2020 — Rédigé par le Chapitre du Minnesota+++^*[»] https://www.csamn.com/ === //
<<<
!!!What is threat hunting?
[<img(200px,auto)[iCSA/KASBC.jpg]]Threat hunting is the proactive search for real and potential threats that may be hidden in a network's environment. These threats are tricky and malicious and are designed to pass through endpoint defenses undetected. If unfound, these attacks can compromise critical data, even gaining access across your entire environment. While traditional security programs are important, threat hunting goes above and beyond by identifying and ultimately helping to remediate vicious attacks.
!!!Why It Needs to Matter to YOU
This is where YOU come in. The best front-line, security defense starts with the individual. As a security professional, you must know the best practices of the industry and be aware of existence and tendencies of these (and other) types of attacks. At Cloud Security Alliance (CSA), we aim to raise awareness of best practices to help ensure a secure cloud computing environment.
Each year there are an increasing amount of cloud security roles within organizations. No matter what your security focus is, having an understanding of how a threat actor thinks, how they operate, vulnerabilities they exploit along with an overview of the tools they use for attacks will allow you to be a more effective security professional. Having a better understanding from a threat actor point of view, whether deep or high-level, will assist you and your career in the following ways:
* Enable you to better explain security decisions to your peers, work colleagues and leaders.
* Promote better and more informed decision-making practices.
* Open the door to new opportunities and career paths.
* Share experiences by mentoring our next generation of security professionals.
!!!What YOU Can Do
First, it is crucial that you know what "normal" looks like on your network. This is where you need to create a baseline, so comparison is easier. Anything not considered normal should immediately raise a red flag. Additionally, try to remain unbiased and do not let any preconceived notions affect your judgement of what normal looks like. Anything unordinary should be flagged for investigation or potential remediation.
Knowing what normal looks like on your network is a great baseline to begin threat hunting, however, it is just the beginning. Knowledge is power, as they say, and a security professional can never be overly informed. That is why CSA has partnered with RSA. With this partnership, RSA will begin to offer ongoing virtual threat hunting workshops. These workshops will cut through all the nonsense and give you real-world, practical, hands-on knowledge of why threat hunting is a critical part of any security program and give you the tools you need to stop the most malicious attacks.
To sign-up for the Hands On Threat Hunting Workshop please follow the instructions on the following page+++^*[»] https://www.csamn.com/rsa-event ===
<<<
//__Liens :__
* Article sur le site de la CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/28/cloud-security-the-necessity-of-threat-hunting/
!!//Congrès CSA EMEA 2020//
[>img(230px,auto)[iCSA/KB3CE.jpg]]Le Congrès EMEA ne pouvant pas se dérouler à Berlin, comme initialement prévu. il se déroulera en ligne.
Les dates et heures sont les suivantes :
* les ''3, 4 et 5 novembre 2020''
* 5 présentations par jour entre 9h00 et 13h00
Pour suivre ces présentations, la plateforme BrightTalk est de nouveau utilisée. Elle permet de les revoir quelques jours après la diffusion initiale.
L'agenda complet et les liens d'inscription sont ci-dessous.
|>|>|!Mardi 3 novembre 2020 |
|>|>|//Attendees will learn to improve their organization's cloud governance and risk and compliance posture, in addition to promoting transparency and continuous compliance with...//|
| 9:00|!CSA's Perspective on Cloud Risk Management|[img(200px,auto)[iCSA/KB3W1.png]]|
|~|Inscription → [[brighttalk/csas-perspective-on-cloud-risk-management|https://www.brighttalk.com/webinar/csas-perspective-on-cloud-risk-management/]]|~|
| 10:00|!The Correlation Between Security Ratings and Breach Likelihood|[img(200px,auto)[iCSA/KB3W2.png]]|
|~|Inscription → [[brighttalk/442730|https://www.brighttalk.com/webinar/the-correlation-between-security-ratings-and-breach-likelihood/]]|~|
| 10:45|!GAIA-X: Current Status and Outlook - What to Expect and How to Engage|[img(200px,auto)[iCSA/KB3W3.png]]|
|~|Inscription → [[brighttalk/442733|https://www.brighttalk.com/webinar/cloud-security-post-covid-19-where-to-go-next/]]|~|
| 11:30|!Cloud Security post Covid-19, Where to Go Next|[img(200px,auto)[iCSA/KB3W4.png]]|
|~|Inscription → [[brighttalk/442739|https://www.brighttalk.com/webinar/using-opa-for-continuous-compliance-with-cloud-infrastructure-policy-as-code/]]|~|
| 12:15|!Using OPA for Continuous Compliance with Cloud Infrastructure Policy-as-Code|[img(200px,auto)[iCSA/KB3W5.png]]|
|~|Inscription → [[brighttalk/442742|https://www.brighttalk.com/webinar/using-opa-for-continuous-compliance-with-cloud-infrastructure-policy-as-code/]]|~|
|>|>|!|
|>|>||
|>|>|!Mercredi 4 novembre 2020 |
|>|>|//Modernization of one's approach to the cloud is the day's focus. Attendees will learn how to improve their architecture, implement automations, and prepare for emerging technologies with...//|
| 9:00|!Get Quantum Safe|[img(200px,auto)[iCSA/KB4W1.png]]|
|~|Inscription → [[brighttalk/442756|https://www.brighttalk.com/webinar/get-quantum-safe/]]|~|
| 9:45|!Shared Responsibility: Someone Else's Problem|[img(200px,auto)[iCSA/KB4W2.png]]|
|~|Inscription → [[brighttalk/442761|https://www.brighttalk.com/webinar/shared-responsibility-someone-elses-problem/]]|~|
| 10:30|!STAR Future Roadmap|[img(200px,auto)[iCSA/KB4W3.png]]|
|~|Inscription → [[brighttalk/star-future-roadmap|https://www.brighttalk.com/webinar/star-future-roadmap/]]|~|
| 11:15|!Unveiling the Wonder of Automated Vulnerability Management in the Cloud|[img(200px,auto)[iCSA/KB4W4.png]]|
|~|Inscription → [[brighttalk/442765|https://www.brighttalk.com/webinar/unveiling-the-wonder-of-automated-vulnerability-management-in-the-cloud/]]|~|
| 12:00|!A Referenced Architecture to Modernize Your Approach to Cloud|[img(200px,auto)[iCSA/KB4W5.png]]|
|~|Inscription → [[brighttalk/442767|https://www.brighttalk.com/webinar/a-referenced-architecture-to-modernize-your-approach-to-cloud/]]|~|
| 12:45|!What You Need to Know About Credential Stuffing Attacks|[img(200px,auto)[iCSA/KB4W6.png]]|
|~|Inscription → [[brighttalk/449138|https://www.brighttalk.com/webinar/what-you-need-to-know-about-credential-stuffing-attacks/]]|~|
|>|>|!|
|>|>||
|>|>|!jeudi 5 novembre 2020 |
|>|>|//Participants will discover how to navigate the cloud for third-party risk, Zero Trust and Fog computing, and preview the first cloud auditing credential on the final day...//|
| 9:00|!Cloud Control Matrix V4|[img(200px,auto)[iCSA/KB5W1.png]]|
|~|Inscription → [[brighttalk/442772|https://www.brighttalk.com/webinar/cloud-control-matrix-v4/]]|~|
| 10:00|!A How-To Guide: Navigating the Top 7 Trends in Third-Party Risk Management|[img(200px,auto)[iCSA/KB5W2.png]]|
|~|Inscription → [[brighttalk/a-how-to-guide-navigating-the-top-7-trends-in-third-party-risk-management|https://www.brighttalk.com/webinar/a-how-to-guide-navigating-the-top-7-trends-in-third-party-risk-management/]]|~|
| 10:45|!The Impact of Fog Computing and Edge Computing on Cloud Security|[img(200px,auto)[iCSA/KB5W3.png]]|
|~|Inscription → [[brighttalk/442778|https://www.brighttalk.com/webinar/the-impact-of-fog-computing-and-edge-computing-on-cloud-security/]]|~|
| 11:30|!Zero Trust: The Key to your IAM Success|[img(200px,auto)[iCSA/KB5W4.png]]|
|~|Inscription → [[brighttalk/zero-trust-the-key-to-your-iam-success|https://www.brighttalk.com/webinar/zero-trust-the-key-to-your-iam-success/]]|~|
| 12:15|!CCAK: The industry's first global cloud auditing credential|[img(200px,auto)[iCSA/KB5W1.png]]|
|~|Inscription → [[brighttalk/442780|https://www.brighttalk.com/webinar/ccak-the-industrys-first-global-cloud-auditing-credential/]]|~|
__Liens :__
* Annonce CSA → https://cloudsecurityalliance.org/press-releases/2020/09/29/registration-open-for-cloud-security-alliance-emea-congress-2020/
* Inscription sur le site de BrightTalk → https://www.brighttalk.com/summit/4835-cloud-security-alliance-emea-congress-2020/
!"//Blockchain attacks, vulnerabilities and weaknesses//"
Article publié le 26 octobre 2020 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA//
<<<
!!!Blockchain attacks are very hot right now for one simple reason: it's where the money is.
[>img(175px,auto)[iCSA/KAQB1.png]][<img(200px,auto)[iCSA/KAQBB.png]]If you attack and compromise a database you need to take that data and then sell it to monetize your attack. If you compromise a web server you need to install some malware to harvest credit card details, and then monetize that data by selling it. But if you steal crypto currency? That's literally money in the attackers wallet now.
The good news: law enforcement is getting better at tracing these transactions and following the money, the bad news: the blockchain industry is not very mature when it comes to identifying vulnerabilities and weaknesses.
Attacks rely on a vulnerability being present so that they can exploit it. These vulnerabilities are implemented in software (web services, smart contracts, the underlying blockchain system, etc.) and can be any number of weaknesses such as logic bugs, reentrancy issues, integer overflows and so on.
!!!There is no comprehensive list of Blockchain weaknesses
And there is no comprehensive public list of weaknesses. There are a number of projects trying to do this, the US Government Department of Homeland Security actually sponsors one such effort, the Common Weakness Enumeration database (https://cwe.mitre.org/) database and there is a Solidity focuses Smart Contract Weakness Classification and Test Cases available from the SWC Registry (https://swcregistry.io/).
!!!Why is a public list of such weaknesses important?
[>img(500px,auto)[iCSA/KAQB2.png]]Simple. How do you find and fix weaknesses in software if you don't have a name to call them, let alone the ability to properly describe the weakness and possible mitigations or solutions to them? Also like most things in life given the choice between using a public database or building your own data set most security scanning tools use the CWE database as their baselines for security flaws that they try to detect and offer guidance on remediating.
This means that Blockchain and smart contract security scanning tools will (probably) detect common and known issues like integer overflows and memory leaks. But they may not detect Blockchain and smart contract specific vulnerabilities as well since there is no good, comprehensive, public database to use as a source.
!!!CSA's has documented over 200 Blockchain weaknesses
The CloudSecurityAlliance is of course working on this issue, we currently have a rough list of almost 200 weaknesses that apply to Blockchain and smart contracts, and about half of which are not in any other public database of weaknesses. You can view the full list of Blockchain weaknesses here+++^*[»] https://docs.google.com/spreadsheets/d/1HIM3BH8Cgth27ED4ruy9fXOpbOUAPAGY7merlZiE6_U/edit#gid=1028635246 === You can view the full list of Blockchain weaknesses here+++^*[»] https://docs.google.com/spreadsheets/d/1HIM3BH8Cgth27ED4ruy9fXOpbOUAPAGY7merlZiE6_U/edit#gid=1028635246 ===
The goal is to make this list of weaknesses more detailed and comprehensive, and encourage other public databases (such as CWE or SWC Registry) to include then so that ultimately automated tools will include support for them, making it easier for developers and end users to find, understand and fix vulnerabilities because attackers find and exploit them. If you are interested in joining this project please reach out to us, specifically the Attack Vectors/terms glossary sub Working Group, for more information please see https://csaurl.org/DLT-Security-Framework_sub_groups
!!Preview of Blockchain Weaknesses
|!Name of weakness |!Description |
|API Exposure |If an API is improperly exposed an attacker can attack it |
|Block Mining Race Attack |A variation on the Finney attack |
|Block Mining Timejack Attack |By isolating a node the time signal can be manipulated getting the victim out of synchronization |
|Block Reordering Attack |Certain cryptographic operations (such as using CBC or ECB incorrectly) allow blocks to be re-ordered and the results will still decrypt properly |
|Blockchain Network Lacks Hash Capacity |The Blockchain/DLT network lacks hashing capacity, an attacker can rent sufficient hashing power to execute a 51% Attack |
|Blockchain Peer flooding Attack |By creating a large number of fake peers in a network (peer to peer or otherwise) an attacker can cause real nodes to slow down or become non responsive as they attempt to connect to the newly announced peers. |
|Blockchain Peer flooding Attack Slowloris variant |By creating a large number of slow peers (real systems that respond very slowly to network requests) in a network an attacker can cause real nodes to slow down or become non responsive as they attempt to connect to the newly announced peers. Unlike fake peers that do not exist these slowloris peers are real but communicate slowly enough to hold sockets and resources open for minutes or hours. |
|Blockchain reorganization attack |Also referred to as an alternative history attack |
|Consensus 34% Attack |34% Attack against BFT network, a specific instance of Consensus Majority Attack |
|Consensus 51% Attack |51% Attack against DLT network, a specific instance of Consensus Majority Attack |
|Consensus Attack |Attacks against the consensus protocol and system in use can take many forms and are not limited to gaining control of the consensus mechanism but can also be used to slow down consensus for example |
|Consensus Delay Attack |Consensus Delay Attacks can allow malicious miners to gain time in order to execute other attacks |
You can view the full list of Blockchain weaknesses here+++^*[»] https://docs.google.com/spreadsheets/d/1HIM3BH8Cgth27ED4ruy9fXOpbOUAPAGY7merlZiE6_U/edit#gid=1028635246 ===
[...]
<<<
//__Liens :__
* Article sur le site de la CSA ⇒ https://cloudsecurityalliance.org/blog/2020/10/26/blockchain-attacks-vulnerabilities-and-weaknesses/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #87|2020.10.25 - Newsletter Hebdomadaire #87]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #87|2020.10.25 - Weekly Newsletter - #87]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.10.25 - Newsletter Hebdomadaire #87]]>> |<<tiddler [[2020.10.25 - Weekly Newsletter - #87]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> === is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 19 au 25 octobre 2020
!!1 - Informations CSA - 19 au 25 octobre 2020
* ''Répondez au sondage CSA sur l'adoption du Cloud'' en 2020+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* Publication : 'Mitigating Hybrid Clouds Risks'+++^*[»] <<tiddler [[2020.10.22 - Publication : 'Mitigating Hybrid Clouds Risks']]>>===
* Publication : 'Cloud Controls Matrix v3.0.1 ISO Reverse Mapping'+++^*[»] <<tiddler [[2020.10.22 - Publication : 'Cloud Controls Matrix v3.0.1 ISO Reverse Mapping']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 60 liens|2020.10.25 - Veille Hebdomadaire - 25 octobre]])
* __''À lire''__
** Nouveau site de référence ''CloudSecDocs.com'' de ''Marco Lancini''+++^*[»]
|2020.10.19|Marco Lancini|![[Introducing CloudSecDocs.com|https://www.marcolancini.it/2020/blog-cloudsecdocs/]] |Repository|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : Phishing Teams (//Threatpost//) • détournement de Slack pour cibler O365 (//Avanan//) • Office 365 OAuth (//KnowBe4//)+++^*[»]
|2020.10.22|//Threatpost//|[[Microsoft Teams Phishing Attack Targets Office 365 Users|https://threatpost.com/microsoft-teams-phishing-office-365/160458/]]|Phihsing Teams O365|
|2020.10.20|//Avanan//|[[Hackers Utilize Slack to Bypass Microsoft ATP SafeLinks and Steal Office 365 Credentials|https://www.avanan.com/blog/cut-some-slack-attackers-use-slack-redirect-to-get-credentials]]|Attacks O365 Slack|
|2020.10.20|//KnowBe4//|[[Another Office 365 OAuth Attack Targets Coinbase Users to Gain Compromised Email Access|https://blog.knowbe4.com/another-office-365-oauth-attack-targets-coinbase-users-to-gain-compromised-email-access]]|Attacks O365|
===
** Fuites de données : Données patients sur un stockage Cloud+++^*[»]
|2020.10.21|Bit Defender|[[Leaky Pharma Giant Database Exposes Personal Information of US Prescription-Drug Users|https://hotforsecurity.bitdefender.com/blog/leaky-pharma-giant-database-exposes-personal-information-of-us-prescription-drug-users-24386.html]]|Data_Leak|
|2020.10.21|Silicon Angle| ← [[Pharma giant Pfizer exposes patient data on unsecured cloud storage|https://siliconangle.com/2020/10/20/pharma-giant-pfizer-exposes-patient-data-unsecured-cloud-storage/]]|Data_Leak|
===
** Menaces : Collecte d'authentifiants Azure+++^*[»]
|2020.10.22|//NetSPI//|[[A Beginners Guide to Gathering Azure Passwords|https://blog.netspi.com/a-beginners-guide-to-gathering-azure-passwords/]]|Azure Passwords|
===
* __Rapports, Sondages, Études, Publications__
** Rapports : Télétravail et SaaS (//AppOmni//) • 'Cloud Identity & Access Management' (//Divvy Cloud//)+++^*[»]
|2020.10.19|//AppOmni//|[[How secure are your SaaS applications?|https://appomni.com/blog-how-secure-are-your-saas-applications/]]|Report AppOmni|
|2020.10.20|TechTSP| → [[Cloud services under great risk of security issues amid Covid-19|https://www.techtsp.com/2020/10/securing-cloud-services-survey.html]]|Report AppOmni|
|2020.10.21|VMblog| → [[Survey: Remote Work Brings Added Security Concerns with Management and Security of Cloud SaaS Applications|https://vmblog.com/archive/2020/10/20/survey-remote-work-brings-added-security-concerns-with-management-and-security-of-cloud-saas-applications.aspx]]|Report AppOmni|
|2020.10.21|CIO & Leader| → [[Cloud services security a key challenge in remote work era: Survey|https://www.cioandleader.com/article/2020/10/21/cloud-services-security-key-challenge-remote-work-era-survey]]|Report AppOmni|
|2020.10.21|//Divvy Cloud//|[[ESG's Trends in Cloud Identity & Access Management|https://divvycloud.com/esg-cloud-iam-report/]] ([[pdf|https://divvycloud.com/wp-content/uploads/2020/10/ESG-eBook-DivvyCloud-Cloud-driven-Identities-October-2020.pdf]])|Report|
===
** Sondages : Exploitation des services Cloud par les cyber-attaquants (//Kaspersky//)+++^*[»]
|2020.10.20|//Kaspersky//|[[Kaspersky finds social networks, messengers and external cloud services are most often exploited by cyber-fraudsters|https://usa.kaspersky.com/about/press-releases/2020_kaspersky-research-finds-social-networks-messengers-and-external-cloud-services-are-most-often-exploited-by-cyber-fraudsters]]|Survey|
===
** Études : 'SaaS Security & Management Survey' (//AppOmni//) • Microsoft Office 365 IT Security Policy Usages (//CoreView//)+++^*[»]
|2020.10.22|//AppOmni//|[[SaaS Security & Management Survey|https://appomni.com/saas-security-management-survey/]]|Survey|
|2020.10.22|Solutins Review| ← [[AppOmni: Two-Thirds of Companies Have Less Time to Secure SaaS Apps|https://solutionsreview.com/cloud-platforms/appomni-two-thirds-of-companies-have-less-time-to-secure-saas-apps/]]|Survey|
|>|>|>|!|
|2020.10.22|//CoreView//|[[Microsoft Office 365 IT Security Policies Need Work, Research Finds|https://www.coreview.com/blog/office-365-it-security-policies-need-work/]] ([[document|https://www.coreview.com/resources/whitepaper/microsoft-365-app-security-governance-shadow-it-report]])|Survey|
|2020.10.26|Help Net Security| → [[78% of Microsoft 365 admins don't activate MFA|https://www.helpnetsecurity.com/2020/10/27/activate-microsoft-365-mfa/]]|Survey|
===
* __Cloud Services Providers, Outils__
** AWS : Réponse aux incidents pour des instances EC2 • Utilisation d'AWS PrivateLink • Les 100 millions d'adresses IP d'Amazon+++^*[»]
|2020.10.20|//Amazon AWS//|![[How to automate incident response in the AWS Cloud for EC2 instances|https://aws.amazon.com/blogs/security/how-to-automate-incident-response-in-aws-cloud-for-ec2-instances/]] |AWS Incident_Response|
|2020.10.20|//Amazon AWS//|[[New - Use AWS PrivateLink to Access AWS Lambda Over Private AWS Network|https://aws.amazon.com/blogs/aws/new-use-aws-privatelink-to-access-aws-lambda-over-private-aws-network/]]|AWS|
|2020.10.20|Andree Toonk|![[AWS and their Billions in IPv4 addresses|https://toonk.io/aws-and-their-billions-in-ipv4-addresses/index.html]] |AWS IP_Address|
===
** Azure : Playbooks & Watchlists avec Sentinel+++^*[»]
|2020.10.19|//Microsoft Azure//|[[Playbooks & Watchlists Part 1: Inform the subscription owner|https://techcommunity.microsoft.com/t5/azure-sentinel/playbooks-amp-watchlists-part-1-inform-the-subscription-owner/ba-p/1768917]] (1/2)|Azure_Sentinel|
|2020.10.19|//Microsoft Azure//|[[Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list |Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list ]] (1/2)|Azure_Sentinel|
===
** GCP : Liste de ressources • Arrêts propres d'instances • Autorité de certification+++^*[»]
|2020.10.22|//Google Cloud//|[[A giant list of Google Cloud resources|https://cloud.google.com/blog/topics/developers-practitioners/giant-list-google-cloud-resources/]]|GCP Resources|
|2020.10.20|//Google Cloud//|[[Graceful shutdowns on Cloud Run: Deep dive|https://cloud.google.com/blog/topics/developers-practitioners/graceful-shutdowns-cloud-run-deep-dive/]]|GCP Containers|
|2020.10.19|//Google Cloud//|[[Strengthen zero trust access with the Google Cloud CA service|https://cloud.google.com/blog/products/identity-security/now-available-in-beta-google-cloud-certificate-authority-service/]]|Certificate_Authority|
===
** Kubernetes : Gestion des journaux • Détection • Vecteurs de menaces+++^*[»]
|2020.10.22|DZone|[[7 Best Log Management Tools for Kubernetes|https://dzone.com/articles/7-best-log-management-tools-for-kubernetes-2020]]|K8s Logging|
|2020.10.22|//Alcide//|[[Alcide Brings Kubernetes Threat Detection and Policy Monitoring for Cloud-Native Applications to AWS Security Hub|https://containerjournal.com/news/news-releases/alcide-brings-kubernetes-threat-detection-and-policy-monitoring-for-cloud-native-applications-to-aws-security-hub/]]|AWS Threats|
|2020.10.21|//Alcide//|![[Kubernetes Threat Vectors: Part 1 - Initial Access|https://www.alcide.io/kubernetes-threat-vectors-part-1-initial-access]] (1/11) |Kubernetes Threats|
===
** Containers : Comparaison des niveaux de sécurité avec les VMs (//Intezer//) • Gestion des images (//Anchore// et //Ant Group//)+++^*[»]
|2020.10.22|//Intezer//|[[Are Containers More Secure Than VMs?|https://www.intezer.com/blog/cloud-security/are-containers-more-secure-than-vms/]]|Containers VMs|
|2020.10.20|//Anchore//|[[Image Blacklists are not a Silver Bullet|https://anchore.com/blog/image-blacklists-are-not-a-silver-bullet/]]|Containers Images|
|2020.10.20|//Ant Group//|[[Introducing Nydus - Dragonfly Container Image Service|https://www.cncf.io/blog/2020/10/20/introducing-nydus-dragonfly-container-image-service/]]|Containers Image|
===
** Microservices : Sécurisation d'une architecture+++^*[»]
|2020.10.21|//Security Intelligence//|[[How to Secure Microservices Architecture|https://securityintelligence.com/posts/how-to-secure-microservices-architecture/]]|Microservices|
===
* __Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'__
** Veilles : TL;DR Security #57 • The Cloud Security Reading List #60+++^*[»]
|2020.10.25|Marco Lancini|[[The Cloud Security Reading List #60|https://cloudseclist.com/issues/issue-60/]] |Weekly_Newsletter|
|2020.10.21|TL;DR Security|[[#57 - Bug Bounty Lessons Learned, Content Value Hierarchy, CloudSecDocs|https://tldrsec.com/blog/tldr-sec-057/]] |Weekly_Newsletter|
===
* __Divers__
** 'SaaS Hunting' (//Obsidian Security//) • Threat Hunting dans le Cloud et Threat Intelligence (//Checkpoint Software//)+++^*[»]
|2020.10.24|//Obsidian Security//|SANS Threat Hunting & Incident Response Summit: [[SaaS Hunting|https://www.youtube.com/watch?v=boW-yAArbTo]] (vidéo)|Conference SaaS Threat_Hunting|
|2020.10.21|//Checkpoint Software//|[[Cloud-sourcing: Using Global Threat Intelligence to Instantly Protect Your Cloud Assets|https://blog.checkpoint.com/2020/10/21/cloud-sourcing-using-global-threat-intelligence-to-instantly-protect-your-cloud-assets/]]|Threat_Intelligence|
|2020.10.19|//Checkpoint Software//|[[Cloud Threat Hunting: Attack & Investigation Series - Privilege Escalation via Lambda|https://blog.checkpoint.com/2020/10/19/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-lambda/]]|Threat_Hunting|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KAP/|https://CloudSecurityAlliance.fr/go/KAP/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - October 19th to 25th, 2020
!!1 - CSA News and Updates - October 19th to 25th, 2020
* ''Fill in the new CSA survey on Cloud Adoption in 2020''+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* Publication: 'Mitigating Hybrid Clouds Risks'+++^*[»] <<tiddler [[2020.10.22 - Publication : 'Mitigating Hybrid Clouds Risks']]>>===
* Publication: 'Cloud Controls Matrix v3.0.1 ISO Reverse Mapping'+++^*[»] <<tiddler [[2020.10.22 - Publication : 'Cloud Controls Matrix v3.0.1 ISO Reverse Mapping']]>>===
!!2 - Cloud and Security News Watch ([[over 60 links|2020.10.25 - Veille Hebdomadaire - 25 octobre]])
* __''Must read''__
** New ''CloudSecDocs.com'' repository site by ''Marco Lancini''+++^*[»]
|2020.10.19|Marco Lancini|![[Introducing CloudSecDocs.com|https://www.marcolancini.it/2020/blog-cloudsecdocs/]] |Repository|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: Teams' Phishing (//Threatpost//) • Slack Abuse to Target O365 (//Avanan//) • Office 365 OAuth (//KnowBe4//)+++^*[»]
|2020.10.22|//Threatpost//|[[Microsoft Teams Phishing Attack Targets Office 365 Users|https://threatpost.com/microsoft-teams-phishing-office-365/160458/]]|Phihsing Teams O365|
|2020.10.20|//Avanan//|[[Hackers Utilize Slack to Bypass Microsoft ATP SafeLinks and Steal Office 365 Credentials|https://www.avanan.com/blog/cut-some-slack-attackers-use-slack-redirect-to-get-credentials]]|Attacks O365 Slack|
|2020.10.20|//KnowBe4//|[[Another Office 365 OAuth Attack Targets Coinbase Users to Gain Compromised Email Access|https://blog.knowbe4.com/another-office-365-oauth-attack-targets-coinbase-users-to-gain-compromised-email-access]]|Attacks O365|
===
** Leaks: Patient Data on Unsecured Cloud Storage+++^*[»]
|2020.10.21|Bit Defender|[[Leaky Pharma Giant Database Exposes Personal Information of US Prescription-Drug Users|https://hotforsecurity.bitdefender.com/blog/leaky-pharma-giant-database-exposes-personal-information-of-us-prescription-drug-users-24386.html]]|Data_Leak|
|2020.10.21|Silicon Angle| ← [[Pharma giant Pfizer exposes patient data on unsecured cloud storage|https://siliconangle.com/2020/10/20/pharma-giant-pfizer-exposes-patient-data-unsecured-cloud-storage/]]|Data_Leak|
===
** Threats: Gathering Azure Passwords+++^*[»]
|2020.10.22|//NetSPI//|[[A Beginners Guide to Gathering Azure Passwords|https://blog.netspi.com/a-beginners-guide-to-gathering-azure-passwords/]]|Azure Passwords|
===
* __Reports, Surveys, Studies, Publications__
** Reports: Remote Work and SaaS (//AppOmni//) • 'Cloud Identity & Access Management' (//Divvy Cloud//)+++^*[»]
|2020.10.19|//AppOmni//|[[How secure are your SaaS applications?|https://appomni.com/blog-how-secure-are-your-saas-applications/]]|Report AppOmni|
|2020.10.20|TechTSP| → [[Cloud services under great risk of security issues amid Covid-19|https://www.techtsp.com/2020/10/securing-cloud-services-survey.html]]|Report AppOmni|
|2020.10.21|VMblog| → [[Survey: Remote Work Brings Added Security Concerns with Management and Security of Cloud SaaS Applications|https://vmblog.com/archive/2020/10/20/survey-remote-work-brings-added-security-concerns-with-management-and-security-of-cloud-saas-applications.aspx]]|Report AppOmni|
|2020.10.21|CIO & Leader| → [[Cloud services security a key challenge in remote work era: Survey|https://www.cioandleader.com/article/2020/10/21/cloud-services-security-key-challenge-remote-work-era-survey]]|Report AppOmni|
|2020.10.21|//Divvy Cloud//|[[ESG's Trends in Cloud Identity & Access Management|https://divvycloud.com/esg-cloud-iam-report/]] ([[pdf|https://divvycloud.com/wp-content/uploads/2020/10/ESG-eBook-DivvyCloud-Cloud-driven-Identities-October-2020.pdf]])|Report|
===
** Surveys: Exploitation des services Cloud par les cyber-attaquants (//Kaspersky//)+++^*[»]
|2020.10.20|//Kaspersky//|[[Kaspersky finds social networks, messengers and external cloud services are most often exploited by cyber-fraudsters|https://usa.kaspersky.com/about/press-releases/2020_kaspersky-research-finds-social-networks-messengers-and-external-cloud-services-are-most-often-exploited-by-cyber-fraudsters]]|Survey|
===
** Studies: 'SaaS Security & Management Survey' (//AppOmni//) • Microsoft Office 365 IT Security Policy Usages (//CoreView//)+++^*[»]
|2020.10.22|//AppOmni//|[[SaaS Security & Management Survey|https://appomni.com/saas-security-management-survey/]]|Survey|
|2020.10.22|Solutins Review| ← [[AppOmni: Two-Thirds of Companies Have Less Time to Secure SaaS Apps|https://solutionsreview.com/cloud-platforms/appomni-two-thirds-of-companies-have-less-time-to-secure-saas-apps/]]|Survey|
|>|>|>|!|
|2020.10.22|//CoreView//|[[Microsoft Office 365 IT Security Policies Need Work, Research Finds|https://www.coreview.com/blog/office-365-it-security-policies-need-work/]] ([[document|https://www.coreview.com/resources/whitepaper/microsoft-365-app-security-governance-shadow-it-report]])|Survey|
|2020.10.26|Help Net Security| → [[78% of Microsoft 365 admins don't activate MFA|https://www.helpnetsecurity.com/2020/10/27/activate-microsoft-365-mfa/]]|Survey|
===
* __Cloud Services Providers, Tools__
** AWS: Incident Response Automation • AWS PrivateLink Malicious Usage • Over 100 millions IP Addresses for Amazon+++^*[»]
|2020.10.20|//Amazon AWS//|![[How to automate incident response in the AWS Cloud for EC2 instances|https://aws.amazon.com/blogs/security/how-to-automate-incident-response-in-aws-cloud-for-ec2-instances/]] |AWS Incident_Response|
|2020.10.20|//Amazon AWS//|[[New - Use AWS PrivateLink to Access AWS Lambda Over Private AWS Network|https://aws.amazon.com/blogs/aws/new-use-aws-privatelink-to-access-aws-lambda-over-private-aws-network/]]|AWS|
|2020.10.20|Andree Toonk|![[AWS and their Billions in IPv4 addresses|https://toonk.io/aws-and-their-billions-in-ipv4-addresses/index.html]] |AWS IP_Address|
===
** Azure: Playbooks & Watchlists with Sentinel+++^*[»]
|2020.10.19|//Microsoft Azure//|[[Playbooks & Watchlists Part 1: Inform the subscription owner|https://techcommunity.microsoft.com/t5/azure-sentinel/playbooks-amp-watchlists-part-1-inform-the-subscription-owner/ba-p/1768917]] (1/2)|Azure_Sentinel|
|2020.10.19|//Microsoft Azure//|[[Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list |Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list ]] (1/2)|Azure_Sentinel|
===
** GCP: Huge List of Resources Liste de ressources • Graceful Shutdowns on Cloud Run • Certification Authority+++^*[»]
|2020.10.22|//Google Cloud//|[[A giant list of Google Cloud resources|https://cloud.google.com/blog/topics/developers-practitioners/giant-list-google-cloud-resources/]]|GCP Resources|
|2020.10.20|//Google Cloud//|[[Graceful shutdowns on Cloud Run: Deep dive|https://cloud.google.com/blog/topics/developers-practitioners/graceful-shutdowns-cloud-run-deep-dive/]]|GCP Containers|
|2020.10.19|//Google Cloud//|[[Strengthen zero trust access with the Google Cloud CA service|https://cloud.google.com/blog/products/identity-security/now-available-in-beta-google-cloud-certificate-authority-service/]]|Certificate_Authority|
===
** Kubernetes: Log Management Tools • Threat Detection • Threat Vectors+++^*[»]
|2020.10.22|DZone|[[7 Best Log Management Tools for Kubernetes|https://dzone.com/articles/7-best-log-management-tools-for-kubernetes-2020]]|K8s Logging|
|2020.10.22|//Alcide//|[[Alcide Brings Kubernetes Threat Detection and Policy Monitoring for Cloud-Native Applications to AWS Security Hub|https://containerjournal.com/news/news-releases/alcide-brings-kubernetes-threat-detection-and-policy-monitoring-for-cloud-native-applications-to-aws-security-hub/]]|AWS Threats|
|2020.10.21|//Alcide//|![[Kubernetes Threat Vectors: Part 1 - Initial Access|https://www.alcide.io/kubernetes-threat-vectors-part-1-initial-access]] (1/11) |Kubernetes Threats|
===
** Containers: Security Level Comparison with VMs (//Intezer//) • Image Management (//Anchore// and //Ant Group//)+++^*[»]
|2020.10.22|//Intezer//|[[Are Containers More Secure Than VMs?|https://www.intezer.com/blog/cloud-security/are-containers-more-secure-than-vms/]]|Containers VMs|
|2020.10.20|//Anchore//|[[Image Blacklists are not a Silver Bullet|https://anchore.com/blog/image-blacklists-are-not-a-silver-bullet/]]|Containers Images|
|2020.10.20|//Ant Group//|[[Introducing Nydus - Dragonfly Container Image Service|https://www.cncf.io/blog/2020/10/20/introducing-nydus-dragonfly-container-image-service/]]|Containers Image|
===
** Microservices: Securing Microservices Architecture+++^*[»]
|2020.10.21|//Security Intelligence//|[[How to Secure Microservices Architecture|https://securityintelligence.com/posts/how-to-secure-microservices-architecture/]]|Microservices|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Newsletters: TL;DR Security #57 • The Cloud Security Reading List #60+++^*[»]
|2020.10.25|Marco Lancini|[[The Cloud Security Reading List #60|https://cloudseclist.com/issues/issue-60/]] |Weekly_Newsletter|
|2020.10.21|TL;DR Security|[[#57 - Bug Bounty Lessons Learned, Content Value Hierarchy, CloudSecDocs|https://tldrsec.com/blog/tldr-sec-057/]] |Weekly_Newsletter|
===
* __Miscellaneous__
** 'SaaS Hunting' (//Obsidian Security//) • Threat Hunting in the Cloud, Threat Intelligence (//Checkpoint Software//)+++^*[»]
|2020.10.24|//Obsidian Security//|SANS Threat Hunting & Incident Response Summit: [[SaaS Hunting|https://www.youtube.com/watch?v=boW-yAArbTo]] (vidéo)|Conference SaaS Threat_Hunting|
|2020.10.21|//Checkpoint Software//|[[Cloud-sourcing: Using Global Threat Intelligence to Instantly Protect Your Cloud Assets|https://blog.checkpoint.com/2020/10/21/cloud-sourcing-using-global-threat-intelligence-to-instantly-protect-your-cloud-assets/]]|Threat_Intelligence|
|2020.10.19|//Checkpoint Software//|[[Cloud Threat Hunting: Attack & Investigation Series - Privilege Escalation via Lambda|https://blog.checkpoint.com/2020/10/19/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-lambda/]]|Threat_Hunting|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KAP/|https://CloudSecurityAlliance.fr/go/KAP/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 19 au 25 octobre 2020
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2020.10.25|Marco Lancini|[[The Cloud Security Reading List #60|https://cloudseclist.com/issues/issue-60/]] |Weekly_Newsletter|
|2020.10.25|Forbes|[[[What's New In Gartner's Hype Cycle For Cloud Security, 2020|https://www.forbes.com/sites/louiscolumbus/2020/10/25/whats-new-in-gartners-hype-cycle-for-cloud-security-2020/#50e06c037bd9]]|Gartner|
|>|>|>|!2020.10.24|
|2020.10.24|//Obsidian Security//|SANS Threat Hunting & Incident Response Summit: [[SaaS Hunting|https://www.youtube.com/watch?v=boW-yAArbTo]] (vidéo)|Conference SaaS Threat_Hunting|
|>|>|>|!2020.10.23|
|2020.10.23|//Amazon AWS//|[[Introducing the AWS Load Balancer Controller|https://aws.amazon.com/about-aws/whats-new/2020/10/introducing-aws-load-balancer-controller/]]|AWS Load_Balancing|
|2020.10.23|//AppOmni//|[[SaaS Security & Management Survey|https://appomni.com/saas-security-management-survey/]]|Survey|
|2020.10.22|Solutions Review| ← [[AppOmni: Two-Thirds of Companies Have Less Time to Secure SaaS Apps|https://solutionsreview.com/cloud-platforms/appomni-two-thirds-of-companies-have-less-time-to-secure-saas-apps/]]|Survey|
|2020.10.23|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of Remote Desktop (RDP)|https://blog.rapid7.com/2020/10/23/nicer-protocol-deep-dive-internet-exposure-of-remote-desktop-rdp/]]|Report RDP|
|2020.10.23|//Red Canary//|[[It's time for better cloud workload security|https://redcanary.com/blog/cloud-workload-protection-now/]]|Workloads|
|2020.10.23|//K9 Security//|[[Mission Impossible: DevSecOps|https://k9security.io/posts/2020/10/mission-impossible-devsecops/]]|DevSecOps|
|>|>|>|!2020.10.22|
|2020.10.22|DZone|[[7 Best Log Management Tools for Kubernetes|https://dzone.com/articles/7-best-log-management-tools-for-kubernetes-2020]]|K8s Logging|
|2020.10.22|Kubernetes|[[Restrict a Container's Syscalls with Seccomp|https://kubernetes.io/docs/tutorials/clusters/seccomp/]]|K8s|
|2020.10.22|//Intezer//|[[Are Containers More Secure Than VMs?|https://www.intezer.com/blog/cloud-security/are-containers-more-secure-than-vms/]]|Containers VMs|
|2020.10.22|//Threatpost//|[[Microsoft Teams Phishing Attack Targets Office 365 Users|https://threatpost.com/microsoft-teams-phishing-office-365/160458/]]|Phihsing Teams O365|
|2020.10.22|//NetSPI//|[[A Beginners Guide to Gathering Azure Passwords|https://blog.netspi.com/a-beginners-guide-to-gathering-azure-passwords/]]|Azure Passwords|
|2020.10.22|//Alcide//|[[Alcide Brings Kubernetes Threat Detection and Policy Monitoring for Cloud-Native Applications to AWS Security Hub|https://containerjournal.com/news/news-releases/alcide-brings-kubernetes-threat-detection-and-policy-monitoring-for-cloud-native-applications-to-aws-security-hub/]]|AWS Threats|
|2020.10.22|//CoreView//|[[Microsoft Office 365 IT Security Policies Need Work, Research Finds|https://www.coreview.com/blog/office-365-it-security-policies-need-work/]] ([[document|https://www.coreview.com/resources/whitepaper/microsoft-365-app-security-governance-shadow-it-report]])|Survey|
|2020.10.26|Help Net Security| → [[78% of Microsoft 365 admins don't activate MFA|https://www.helpnetsecurity.com/2020/10/27/activate-microsoft-365-mfa/]]|Survey|
|2020.10.22|//Zscaler//|[[Identity-Based Microsegmentation is Foundational to Cloud Security: Don't Get Spoofed|https://www.zscaler.com/blogs/corporate/identity-based-microsegmentation-foundational-cloud-security-dont-get-spoofed]]|Identity|
|2020.10.22|//Amazon AWS//|[[How to enhance Amazon CloudFront origin security with AWS WAF and AWS Secrets Manager|https://aws.amazon.com/blogs/security/how-to-enhance-amazon-cloudfront-origin-security-with-aws-waf-and-aws-secrets-manager/]]|AWS WAF Secrets_Management|
|2020.10.22|//Google Cloud//|[[A giant list of Google Cloud resources|https://cloud.google.com/blog/topics/developers-practitioners/giant-list-google-cloud-resources/]]|GCP Resources|
|2020.10.22|//ZDnet//|[[Snyk to automatically check Docker Official Images for security problems|https://www.zdnet.com/article/snyk-to-automatically-check-docker-official-images-for-security-problems/]]|Products Docker Images|
|2020.10.22|//Morphisec//|[[Here's What's Driving the Rise In Cloud Workload Cyber Threats|https://blog.morphisec.com/what-is-driving-the-rise-in-cloud-workload-cyber-threats]]|Threats Workloads|
|>|>|>|!2020.10.21|
|2020.10.21|TL;DR Security|[[#57 - Bug Bounty Lessons Learned, Content Value Hierarchy, CloudSecDocs|https://tldrsec.com/blog/tldr-sec-057/]] |Weekly_Newsletter|
|2020.10.21|Anton Chuvakin|[[From Google Cloud Blog: "Improving security, compliance, and governance with cloud-based DLP data discovery"|https://medium.com/anton-on-security/from-google-cloud-blog-improving-security-compliance-and-governance-with-cloud-based-dlp-data-30b20107d4c1]]|DLP|
|2020.10.21|Dark Reading|[[Splunk helps security teams modernize and unify their security operations in the cloud|https://www.helpnetsecurity.com/2020/10/21/splunk-new-product-innovations/]]|Products|
|2020.10.21|//Alcide//|![[Kubernetes Threat Vectors: Part 1 - Initial Access|https://www.alcide.io/kubernetes-threat-vectors-part-1-initial-access]] (1/11) |Kubernetes Threats|
|2020.10.21|Bit Defender|[[Leaky Pharma Giant Database Exposes Personal Information of US Prescription-Drug Users|https://hotforsecurity.bitdefender.com/blog/leaky-pharma-giant-database-exposes-personal-information-of-us-prescription-drug-users-24386.html]]|Data_Leak|
|2020.10.21|Silicon Angle| ← [[Pharma giant Pfizer exposes patient data on unsecured cloud storage|https://siliconangle.com/2020/10/20/pharma-giant-pfizer-exposes-patient-data-unsecured-cloud-storage/]]|Data_Leak|
|2020.10.21|//Alien Vault//|[[Cloud firewall explained: what is firewall as a service?|https://cybersecurity.att.com/blogs/security-essentials/cloud-firewall-explained-what-is-firewall-as-a-service]]|Firewall|
|2020.10.21|nixCraft|[[How to delete container with lxc (LXD) command on Linux|https://www.cyberciti.biz/faq/delete-container-with-lxc-lxd-command-on-linux/]]|LXD CLI|
|2020.10.21|//Checkpoint Software//|[[Cloud-sourcing: Using Global Threat Intelligence to Instantly Protect Your Cloud Assets|https://blog.checkpoint.com/2020/10/21/cloud-sourcing-using-global-threat-intelligence-to-instantly-protect-your-cloud-assets/]]|Threat_Intelligence|
|2020.10.21|//Divvy Cloud//|[[ESG's Trends in Cloud Identity & Access Management|https://divvycloud.com/esg-cloud-iam-report/]] ([[pdf|https://divvycloud.com/wp-content/uploads/2020/10/ESG-eBook-DivvyCloud-Cloud-driven-Identities-October-2020.pdf]])|Report|
|2020.10.21|//Security Intelligence//|[[How to Secure Microservices Architecture|https://securityintelligence.com/posts/how-to-secure-microservices-architecture/]]|Microservices|
|2020.10.21|//Tenchi Security//|[[Detecting abuse in the AWS control plane in an actionable way using Det{R}ails|https://www.tenchisecurity.com/blog/detecting-abuse-in-the-aws-control-plane-in-an-actionable-way-using-det-r-ails]]|AWS|
|2020.10.21|//Fly//|[[BPF, XDP, Packet Filters and UDP|https://fly.io/blog/bpf-xdp-packet-filters-and-udp/]]|Docker Filtering|
|>|>|>|!2020.10.20|
|2020.10.20|ENISA|![[ENISA Threat Landscape 2020 - Cryptojacking|https://www.enisa.europa.eu/publications/enisa-threat-landscape-2020-cryptojacking]] ([[report|https://www.enisa.europa.eu/publications/enisa-threat-landscape-2020-cryptojacking/at_download/fullReport]])|Report Cryptojacking|
|2020.10.20|Andree Toonk|![[AWS and their Billions in IPv4 addresses|https://toonk.io/aws-and-their-billions-in-ipv4-addresses/index.html]] |AWS IP_Address|
|2020.10.20|Thomas Maurer|[[How to create Azure Hybrid Cloud Architectures|https://www.thomasmaurer.ch/2020/10/how-to-create-azure-hybrid-cloud-architectures/]]|Hybrid_Cloud|
|2020.10.20|BetaNews|[[Switch to remote work brings SaaS security challenges|https://betanews.com/2020/10/20/remote-work-saas-security/]]|SaaS WFH|
|2020.10.20|//Anchore//|[[Image Blacklists are not a Silver Bullet|https://anchore.com/blog/image-blacklists-are-not-a-silver-bullet/]]|Containers Images|
|2020.10.20|//Ant Group//|[[Introducing Nydus - Dragonfly Container Image Service|https://www.cncf.io/blog/2020/10/20/introducing-nydus-dragonfly-container-image-service/]]|Containers Image|
|2020.10.20|//Kaspersky//|[[Kaspersky finds social networks, messengers and external cloud services are most often exploited by cyber-fraudsters|https://usa.kaspersky.com/about/press-releases/2020_kaspersky-research-finds-social-networks-messengers-and-external-cloud-services-are-most-often-exploited-by-cyber-fraudsters]]|Survey|
|2020.10.20|//Avanan//|[[Hackers Utilize Slack to Bypass Microsoft ATP SafeLinks and Steal Office 365 Credentials|https://www.avanan.com/blog/cut-some-slack-attackers-use-slack-redirect-to-get-credentials]]|Attacks O365 Slack|
|2020.10.20|//KnowBe4//|[[Another Office 365 OAuth Attack Targets Coinbase Users to Gain Compromised Email Access|https://blog.knowbe4.com/another-office-365-oauth-attack-targets-coinbase-users-to-gain-compromised-email-access]]|Attacks O365|
|2020.10.20|//Sysdig//|[[NIST 800-53 compliance for containers and Kubernetes|https://sysdig.com/blog/nist-800-53-compliance/]]|Compliance NIST|
|2020.10.20|//Avenan//|[[Ask Brian Krebs Anything: Upcoming Event About Cloud Email Security|https://www.avanan.com/blog/ask-brian-krebs-anything]]|Email|
|2020.10.20|//Amazon AWS//|![[How to automate incident response in the AWS Cloud for EC2 instances|https://aws.amazon.com/blogs/security/how-to-automate-incident-response-in-aws-cloud-for-ec2-instances/]] |AWS Incident_Response|
|2020.10.20|//Amazon AWS//|[[New - Use AWS PrivateLink to Access AWS Lambda Over Private AWS Network|https://aws.amazon.com/blogs/aws/new-use-aws-privatelink-to-access-aws-lambda-over-private-aws-network/]]|AWS|
|2020.10.20|//Google Cloud//|[[Graceful shutdowns on Cloud Run: Deep dive|https://cloud.google.com/blog/topics/developers-practitioners/graceful-shutdowns-cloud-run-deep-dive/]]|GCP Containers|
|>|>|>|!2020.10.19|
|2020.10.19|Marco Lancini|![[Introducing CloudSecDocs.com|https://www.marcolancini.it/2020/blog-cloudsecdocs/]] |Repository|
|2020.10.19|Container Journal|[[Overcoming Kubernetes Infrastructure Challenges|https://containerjournal.com/topics/container-management/overcoming-kubernetes-infrastructure-challenges/]]|K8s Challenges|
|2020.10.19|Hunton Privacy Blog|[[French Highest Court Rejects Temporary Suspension of France's Health Data Hub; Calls for Additional Guarantees Following Schrems II|https://www.huntonprivacyblog.com/2020/10/19/french-highest-court-rejects-temporary-suspension-of-frances-health-data-hub-calls-for-additional-guarantees-following-schrems-ii/]]|Health_Data_Hub France|
|2020.10.19|//Checkpoint Software//|[[Cloud Threat Hunting: Attack & Investigation Series - Privilege Escalation via Lambda|https://blog.checkpoint.com/2020/10/19/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-lambda/]]|Threat_Hunting|
|2020.10.19|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of IMAP and POP|https://blog.rapid7.com/2020/10/19/nicer-protocol-deep-dive-internet-exposure-of-imap-and-pop/]]|Report IMAP POP|
|2020.10.19|//AppOmni//|[[How secure are your SaaS applications?|https://appomni.com/blog-how-secure-are-your-saas-applications/]]|Report AppOmni|
|2020.10.20|TechTSP| → [[Cloud services under great risk of security issues amid Covid-19|https://www.techtsp.com/2020/10/securing-cloud-services-survey.html]]|Report AppOmni|
|2020.10.21|VMblog| → [[Survey: Remote Work Brings Added Security Concerns with Management and Security of Cloud SaaS Applications|https://vmblog.com/archive/2020/10/20/survey-remote-work-brings-added-security-concerns-with-management-and-security-of-cloud-saas-applications.aspx]]|Report AppOmni|
|2020.10.21|CIO & Leader| → [[Cloud services security a key challenge in remote work era: Survey|https://www.cioandleader.com/article/2020/10/21/cloud-services-security-key-challenge-remote-work-era-survey]]|Report AppOmni|
|2020.10.19|//Microsoft Azure//|[[Playbooks & Watchlists Part 1: Inform the subscription owner|https://techcommunity.microsoft.com/t5/azure-sentinel/playbooks-amp-watchlists-part-1-inform-the-subscription-owner/ba-p/1768917]] (1/2)|Azure_Sentinel|
|2020.10.19|//Microsoft Azure//|[[Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list |Playbooks & Watchlists Part 2: Automate incident response for Deny-list/Allow-list ]] (1/2)|Azure_Sentinel|
|2020.10.19|//Google Cloud//|[[Strengthen zero trust access with the Google Cloud CA service|https://cloud.google.com/blog/products/identity-security/now-available-in-beta-google-cloud-certificate-authority-service/]]|Certificate_Authority|
<<tiddler [[arOund0C]]>>
!"//Mitigating Hybrid Clouds Risks//"
[>img(150px,auto)[iCSA/KANPM.jpg]]Publication du 22 octobre 2020
!!!Article de blog CSA
Article rédigé par :
* ZOU Feng, Co-Chair, Hybrid Cloud Security Working Group & Director of Cloud Security Planning and Compliance, Huawei
* Narudom Roongsiriwong, Co-Chair, Hybrid Cloud Security Working Group & SVP and Head of IT Security, Kiatnakin Bank
* Geng Tao, Senior Engineer of Cloud Security Planning and Compliance, Huawei
<<<
//Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its 'Hybrid Clouds and Its Associated Risks' white paper.
However, after this review of risks, threats, and vulnerabilities, it's critical to identify adequate mitigation controls. This document covers countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices.
Existing private cloud security, public cloud security, and cross-cloud security environments should determine hybrid cloud security measures. When an organization starts its digital transformation with cloud platforms, most cloud environments begin with hybrid models that provide a smooth transition process with minimum disruption.
This paper elaborates mitigation measures for the following areas:
* __Mitigation Measures for Risks__
** Mitigate Distributed Denial-of-Service Attacks (DDoS)
** Mitigate Data Leakage
** Improve Perimeter Protection
** Compliance
** Aligned Service-Level Agreements (SLAs)
** Alignment of Cloud Skill Sets
** Comprehensiveness of Security Risk Assessment
* __Mitigation Measures for Threats__
** Mitigate Malicious Insider
* __Mitigation Measures for Vulnerabilities__
** Encryption
** Seamless Operational Processes
** Network Connection Assurance
** Centralized Identity and Access Lifecycle Management
** Integrated Security Management
Systematic design requires a complete end-to-end security solution. In addition to existing cloud security risks, users and cloud service providers must consider connection and collaboration, management tools and processes, and recognize the importance of governance, risk and compliance management (GRC), vendor management, legal, operations, and architecture security. Finally, the selection of a suitable hybrid cloud solution is an urgent problem for users from a security and compliance perspective.//[...]
<<<
!!!Introduction
<<<
//Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its Hybrid Clouds and Its Associated Risks white paper.
However, after this review of risks, threats, and vulnerabilities, it's critical to identify adequate mitigation controls. This document will cover countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices.//
<<<
!!!Table des matières
<<<
//1. Introduction
2. Mitigation Measures for Risks, Threats, and Vulnerabilities
2.1 Mitigation Measures for Risks
2.1.1 Mitigate Distributed Denial-of-Service Attacks (DDoS)
2.1.2 Mitigate Data Leakage
2.1.3 Improve Perimeter Protection
2.1.4 Compliance
2.1.5 Aligned Service-Level Agreements (SLAs)
2.1.6 Alignment of Cloud Skill Sets
2.1.7 Overall Considerations for Security Control Maturity
2.1.8 Comprehensiveness of Security Risk Assessment
2.2 Mitigation Measures for Threats
2.2.1 Mitigate Malicious Insider
2.3 Mitigation Measures for Vulnerabilities
2.3.1 Encryption
2.3.2 Seamless Operational Processes
2.3.3 Network Connection Assurance
2.3.4 Centralized Identity and Access Lifecycle Management
2.3.5 Integrated Security Management
3. Conclusion//
<<<
!!!Liens
* Annonce ⇒ https://cloudsecurityalliance.org/artifacts/mitigating-hybrid-clouds-risks/
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/10/22/mitigation-measures-for-risks-threats-and-vulnerabilities-in-hybrid-cloud-environment/
* Téléchargement (PDF) ⇒ https://cloudsecurityalliance.org/download/artifacts/mitigating-hybrid-clouds-risks/
!"//Cloud Controls Matrix v3.0.1 ISO Reverse Mapping//"
Publication du 22 octobre 2020
!!!Introduction
<<<
//This latest expansion to the CCM incorporates the ISO/IEC 27017:2015:2015 and ISO/IEC 27018:20147:2015 and ISO/IEC 27002:2013 controls, introduces a new approach to the development of the CCM, and an updated approach to incorporate new industry control standards.//
<<<
!!!Liens
* Annonce ⇒ https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v3-0-1-iso-reverse-mapping/
* Téléchargement (XLSX) ⇒ https://cloudsecurityalliance.org/download/artifacts/cloud-controls-matrix-v3-0-1-iso-reverse-mapping/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #86|2020.10.18 - Newsletter Hebdomadaire #86]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #86|2020.10.18 - Weekly Newsletter - #86]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.10.18 - Newsletter Hebdomadaire #86]]>> |<<tiddler [[2020.10.18 - Weekly Newsletter - #86]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 12 au 18 octobre 2020
!!1 - Informations CSA - 12 au 18 octobre 2020
* ''Répondez au sondage CSA sur l'adoption du Cloud'' en 2020+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* Publication : 'Cloud OS Security Specification v2.0'+++^*[»] <<tiddler [[2020.10.14 - Publication : 'Cloud OS Security Specification v2.0']]>>===
* Podcast : 'The Business Value of STAR Attestation'+++^*[»] <<tiddler [[2020.10.16 - Podcast : 'The Business Value of STAR Attestation']]>>===
* Blog : 'What is the Cloud Controls Matrix (CCM)?'+++^*[»] <<tiddler [[2020.10.16 - Blog : 'What is the Cloud Controls Matrix (CCM)?']]>>===
* Blog : 'CCSK Success Stories: From a Security Consultant'+++^*[»] <<tiddler [[2020.10.12 - Blog : 'CCSK Success Stories: From a Security Consultant']]>>===
* Blog : 'How to Address the Security Risks of Cloud OS'+++^*[»] <<tiddler [[2020.10.15 - Blog : 'How to Address the Security Risks of Cloud OS']]>>===
* Conférence : 'AWS Cloud Security Week 2020'+++^*[»] <<tiddler [[2020.10.13 - Actu : Conférence 'AWS Cloud Security Week 2020']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 80 liens|2020.10.18 - Veille Hebdomadaire - 18 octobre]])
* __''À lire''__
** ''Décision contentieuse du Conseil d'Etat sur le 'Health Data Hub'''+++^*[»]
|2020.10.14|Conseil d'Etat[>img[iCSF/flag_fr.png]]|[[Health Data Hub et protection de données personnelles : des précautions doivent être prises dans l'attente d'une solution pérenne|https://www.conseil-etat.fr/actualites/actualites/health-data-hub-et-protection-de-donnees-personnelles-des-precautions-doivent-etre-prises-dans-l-attente-d-une-solution-perenne]] ([[pdf|https://www.conseil-etat.fr/content/download/157044/document/444937%20-%20CNLL%20et%20autres.pdf]]|Health_Data_Hub France|
|2020.10.19|Hunton Privacy Blog|[[French Highest Court Rejects Temporary Suspension of France's Health Data Hub; Calls for Additional Guarantees Following Schrems II|https://www.huntonprivacyblog.com/2020/10/19/french-highest-court-rejects-temporary-suspension-of-frances-health-data-hub-calls-for-additional-guarantees-following-schrems-ii/]]|Health_Data_Hub France|
===
** ''MESA: Modern Enterprise Security Architecture'' (//Sumo Logic//)+++^*[»]
|2020.10.15|MSSP Alert|![[A New Framework for Modern Security|https://www.msspalert.com/cybersecurity-guests/a-new-framework-for-modern-security/]]|Framework|
|2020.10.06|//Sumo Logic//| ← [[A New Framework for Modern Security|https://www.sumologic.com/blog/modern-enterprise-security-architecture/]]|Framework|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : Ciblage des utilisateurs O365 (//Cyjax// et //GreatHorn//) • Volumétrie DDoS (//Google Cloud//)+++^*[»]
|2020.10.16|//Cyjax//|[[Office 365 credential-harvesting campaign leveraging Basecamp|https://www.cyjax.com/2020/10/16/office-365-credential-harvesting-campaign-leveraging-basecamp/]]|O365 Attack|
|2020.10.18|Bleeping Computer| → [[Hackers now abuse BaseCamp for free malware hosting|https://www.bleepingcomputer.com/news/security/hackers-now-abuse-basecamp-for-free-malware-hosting/]]|Abuse Basecamp|
|2020.10.16|//GreatHorn//|[[Massive Cyberattack Propagating via Redirector Domains and Subsidiary Domains|https://www.greathorn.com/blog-breaking-news-massive-cyberattack-propagating-via-redirector-domains-and-subsidiary-domains/]]|Phishing Domain_Names|
|2020.10.16|Dark Reading| → [[Massive New Phishing Campaigns Target Microsoft, Google Cloud Users|https://www.darkreading.com/attacks-breaches/massive-new-phishing-campaigns-target-microsoft-google-cloud-users/d/d-id/1339204]]|Phishing Domain_Names|
|2020.10.15|//Google Cloud//|[[Exponential growth in DDoS attack volumes|https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacks]]|DDoS|
===
** Fuites de données : Buckets S3 mal protégés+++^*[»]
|2020.10.13|Healhcare Info Security|[[Unsecured AWS Database Left Patient Data Exposed|https://www.healthcareinfosecurity.com/unsecured-aws-database-left-patient-data-exposed-a-15163]]|DataLeak AWS_S3|
===
** Vulnérabilités : démo pour les APIs AWS+++^*[»]
|2020.10.17|Nick Frichette|[[Enumerate AWS API Permissions Without Logging to CloudTrail|https://frichetten.com/blog/aws-api-enum-vuln/]]|AWS APIs Flaw|
|2020.10.17|Nick Frichette| → [[Proof of Concept: aws_stealth_perm_enum|https://github.com/Frichetten/aws_stealth_perm_enum]]|AWS APIs Flaw|
===
** Pannes : quelques cas pour Azure+++^*[»]
|2020.10.13|Build5Nines|[[Latest Cloud News: Azure Outages, Azure Bicep Modules and more! (October 13, 2020 - Build5Nines Weekly)|https://build5nines.com/latest-cloud-news-azure-outages-azure-bicep-modules-and-more-october-13-2020-build5nines-weekly/]]|Outages|
===
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : en cas de compromission de comptes sur M365 • Azure Security Benchmark v2+++^*[»]
|2020.10.15|//Avanan//|[[Microsoft 365: What to Do When Your Account is Compromised|https://www.avanan.com/blog/what-to-do-when-compromised]]|M365 products|
|2020.10.14|CSO Online|[[Azure Security Benchmark v2: What you need to know|https://www.csoonline.com/article/3584930/azure-security-benchmark-v2-what-you-need-to-know.html]]|Azure Benchmark|
===
* __Rapports, Sondages, Études, Publications__
** Rapports : '2020 Spotlight Report on Microsoft Office 365' (//Vectra//) • '2020 State of Virtual Appliance Security Report' (//Orca Security//) • 'The State of the Public Cloud in the Enterprise' (//Contino//)+++^*[»]
|2020.10.13|//Vectra//|[[O365 Security Threats - O365 Lateral Movement & More|https://www.vectra.ai/blogpost/spotlight-report-office365]] ([[synthèse PDF|https://content.vectra.ai/rs/748-MCE-447/images/IndustryReport_O365Spotlight-Summary.pdf]])|Report M365 Attacks|
|2020.10.13|//Vectra//| → [[2020 Spotlight Report on Microsoft Office 365|https://www.vectra.ai/download/spotlight-report-office365]] (après inscription)|Report M365 Attacks|
|2020.10.13|BetaNews| → [[Attackers use Office 365 tools to steal data|https://betanews.com/2020/10/13/attackers-use-office-365-tools/]]|Report M365 Attacks|
|2020.10.15|Dark Reading| → [[Microsoft Office 365 Accounts a Big Target for Attackers|https://www.darkreading.com/vulnerabilities---threats/microsoft-office-365-accounts-a-big-target-for-attackers/d/d-id/1339186]]|Report M365 Attacks|
|2020.10.13|//Orca Security//|[[The Orca Security 2020 State of Virtual Appliance Security Report|https://info.orca.security/2020-virtual-appliance-security-report]]|Report|
|2020.10.13|BetaNews| → [[Only eight percent of virtual appliances are free of vulnerabilities|https://betanews.com/2020/10/13/virtual-appliances-vulnerabilities/]]|Report|
|2020.10.13|Security Week| → [[Study Finds 400,000 Vulnerabilities Across 2,200 Virtual Appliances|https://www.securityweek.com/study-finds-400000-vulnerabilities-across-2200-virtual-appliances]]|Report|
|2020.10.12|//Contino//|[[The State of the Public Cloud in the Enterprise: Contino Research Report 2020|https://www.contino.io/resources/public-cloud-research-report-2020]]|Report|
|2020.10.12|BetaNews| → [[Only 13 percent of businesses use public cloud across the organization|https://betanews.com/2020/10/12/public-cloud-across-organization/]]|Report|
===
** Sondages : '2020 Global CIO Report' (//Dynatrace//)+++^*[»]
|2020.10.14|//Dynatrace//|[[CIOs feel squeezed between the need to accelerate digital transformation and the increasing challenges of cloud complexity|https://www.dynatrace.com/news/press-release/global-cio-report-observability-automation-and-ai/]] ([[rapport|https://www.dynatrace.com/cio-report-automatic-and-intelligent-observability/]])|Report|
|2020.10.19|Help Net Security| → [[Cloud environment complexity has surpassed human ability to manage|https://www.helpnetsecurity.com/2020/10/19/cloud-environment-complexity-has-surpassed-human-ability-to-manage/]]|Report|
===
* __Cloud Services Providers, Outils__
** AWS : IAM Access Analyzer • AWS Firewall Manager+++^*[»]
|2020.10.12|//Amazon AWS//|[[How to automatically archive expected IAM Access Analyzer findings|https://aws.amazon.com/blogs/security/how-to-automatically-archive-expected-iam-access-analyzer-findings/]]|AWS IAM|
|2020.10.15|//Amazon AWS//|[[Automate AWS Firewall Manager onboarding using AWS Centralized WAF and VPC Security Group Management solution|https://aws.amazon.com/blogs/security/automate-aws-firewall-manager-onboarding-using-aws-centralized-waf-and-vpc-security-group-management-solution/]]|AWS Firewall|
|2020.10.15|//Amazon AWS//|[[Use AWS Firewall Manager to deploy protection at scale in AWS Organizations|https://aws.amazon.com/blogs/security/use-aws-firewall-manager-to-deploy-protection-at-scale-in-aws-organizations/]]|AWS Firewall|
===
** Azure : Conformité • Accès conditionnels • VMs Azure+++^*[»]
|2020.10.15|//Microsoft Azure//|[[Customizing the set of standards in your regulatory compliance dashboard|https://docs.microsoft.com/en-us/azure/security-center/update-regulatory-compliance-packages]]|Azure Compliance|
|2020.10.13|//Microsoft Azure//|[[Conditional Access APIs are generally available!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-apis-are-generally-available/ba-p/1751702]]|APIs|
|2020.10.13|Thomas Maurer|[[Automanage for Azure virtual machines|https://www.thomasmaurer.ch/2020/10/automanage-for-azure-virtual-machines/]]|Azure VMs|
===
** GCP : IAM • adresses IP sortantes+++^*[»]
|2020.10.15|//Google Cloud//|[[Applying IAM Recommendations at Scale|https://github.com/GoogleCloudPlatform/professional-services/tree/master/tools/iam-recommender-at-scale]]|GCP IAM|
|2020.10.16|//Google Cloud//| → [[Enforce least privilege with recommendations|https://cloud.google.com/iam/docs/recommender-overview]]|GCP IAM|
|2020.10.14|//Google Cloud//|[[Static outbound IP address|https://cloud.google.com/run/docs/configuring/static-outbound-ip]]|IP_Address|
===
** Kubernetes : Sécurisation de clusters • Erreurs de configurations+++^*[»]
|>|>|>|!|
|2020.10.16|//Snyk//|[[Hack my mis-configured Kubernetes - privileged pods|https://www.cncf.io/blog/2020/10/16/hack-my-mis-configured-kubernetes-privileged-pods/]]|K8s|
|2020.10.15|//StackRox//|[[6 Kubernetes Security Use Cases You Must Prioritize|https://www.stackrox.com/post/2020/10/6-kubernetes-security-use-cases-you-must-prioritize/]]|K8s|
|2020.10.13|//Sysdig//|[[K3s + Sysdig: Deploying and securing your cluster… in less than 8 minutes!|https://sysdig.com/blog/k3s-sysdig-falco/]]|K8s Cluster|
|2020.10.12|Container Journal|![[How to Secure Your Kubernetes Cluster|https://containerjournal.com/topics/container-security/how-to-secure-your-kubernetes-cluster/]] |K8s|
===
** Containers : Sécurisation+++^*[»]
|2020.10.15|//Anchore//|[[Our Top 5 Strategies for Container Security|https://anchore.com/blog/our-top-5-strategies-for-container-security/]]|Containers|
|2020.10.12|Container Journal|[[5 Container Security Challenges and Their Remedies|https://containerjournal.com/topics/container-security/how-to-secure-your-kubernetes-cluster/]]|Containers|
===
** Workloads : Sécurisation+++^*[»]
|2020.10.14|//Intezer//|![[Cloud Workload Security: What You Need to Know - Part 1|https://www.intezer.com/blog/cloud-workload-security-what-you-need-to-know-part-1/]] (1/5)|Workloads|
===
** Outils: O365Enum+++^*[»]
|2020.10.12|Kitploit|[[O365Enum - Enumerate Valid Usernames From Office 365 Using ActiveSync, Autodiscover V1, Or Office.Com Login Page |https://www.kitploit.com/2020/10/o365enum-enumerate-valid-usernames-from.html]]|Tools O365|
===
* __Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'__
** Podcasts : 'Cloud Security' • 'SilverLining' • '//Thousand Eyes//' • Isolation par le Cloud (projet du DoD)+++^*[»]
|2020.10.18|Cloud Security Podcast|[[Continuous Monitoring For Controls & Vulnerabilities - Daniel Miessler|https://anchor.fm/cloudsecuritypodcast/episodes/CONTINUOUS-MONITORING-FOR-CONTROLS--VULNERABILITIES---DANIEL-MIESSLER-el7es6]]|Podcast|
|2020.10.14|SilverLining Podcast|![[Episode 27: Protecting Your Cloud Data With Legal Controls|https://silverlining-il.castos.com/episodes/episode-27-protecting-your-cloud-data-with-legal-controls]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/EP-27.mp3]]) |
|2020.10.12|Federal News Network|![[Cloud Based Internet Isolation|https://federalnewsnetwork.com/federal-tech-talk/2020/10/cloud-based-internet-isolation/]] ([[mp3|http://www.podcastone.com/downloadsecurity?url=aHR0cHM6Ly9wZHN0LmZtL2UvY2h0YmwuY29tL3RyYWNrL0UyRzg5NS9hdy5ub3hzb2x1dGlvbnMuY29tL2xhdW5jaHBvZC9hZHN3aXp6LzE3MDYvMTAxM2ZlZGVyYWx0ZWNodGFsa19wb2RjYXN0X3RieDFfNmE5ODg3ZDMubXAzP2F3Q29sbGVjdGlvbklkPTE3MDYmYXdFcGlzb2RlSWQ9MTUwMGMwZDctNGY0Zi00MmQ3LTgwZDktZmVhNjZhOTg4N2QzKip8MTYwMzUxMjY2MDg5MioqfA==.mp3]]) |Podcast|
|2020.10.15|Federal News Network| ← [[Cloud based internet isolation initiatives to give DoD new kind of cyber protections|https://federalnewsnetwork.com/ask-the-cio/2020/10/cloud-based-internet-isolation-initiatives-to-give-dod-new-kind-of-cyber-protections/]]|Isolation|
|2020.10.12|//Thousand Eyes//|[[Ep. 26: The Case of An Overloaded Database and What Happens When a Bug Bites|https://blog.thousandeyes.com/internet-report-episode-26/]]|Podcast|
===
** Veilles : TL;DR Security #56 • The Cloud Security Reading List #59+++^*[»]
|2020.10.18|Marco Lancini|[[The Cloud Security Reading List #59|https://cloudseclist.com/issues/issue-59/]] |Weekly_Newsletter|
|2020.10.14|TL;DR Security|[[#56 - State of Exploit Development, Hacking Apple, flaws.cloud dataset|https://tldrsec.com/blog/tldr-sec-056/]] |Weekly_Newsletter|
===
* __Marché, Acquisitions__
** Acquisition : //Managed Sentinel// par //BlueVoyant//+++^*[»]
|2020.10.13|//BlueVoyant//|[[BlueVoyant Acquires Managed Sentinel To Create End-to-End Services Portfolio For Microsoft Security Technologies|https://www.bluevoyant.com/bluevoyant-managed-sentinel-press-release-oct-2020]]|Acquisition|
===
* __Divers__
** Health Data Hub • Cloud industriel européen • SASE et TLS (//Netskope//)+++^*[»]
|2020.10.15|Hogan Lovells|[[In wake of the Schrems II, CNIL challenges use of Microsoft cloud storage to host public health data lakes (the Health Data Hub case - Part 1)|https://www.lexology.com/library/detail.aspx?g=cf3827ff-b54e-42e1-bb70-7b6d9399c290]]|France Health_Data_Hub|
|>|>|>|!|
|2020.10.15|POLITICO.eu|[[EU shoots for €10B 'industrial cloud' to rival US|https://www.politico.eu/article/eu-pledges-e10-billion-to-power-up-industrial-cloud-sector/]]|Europe|
|>|>|>|!|
|2020.10.13|//Netskope//|[[SASE and TLS 1.3, Part 2: Naming Names|https://www.netskope.com/blog/sase-and-tls-1-3-part-2-naming-names]] (2/2)|SASE TLS|
|2020.09.23|//Netskope//| ← [[SASE and TLS 1.3, Part 1: What does it mean to "support" TLS 1.3?|https://www.netskope.com/blog/sase-and-tls-1-3-part-1-what-does-it-mean-to-support-tls-1-3]] (1/2)|SASE TLS|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KAI/|https://CloudSecurityAlliance.fr/go/KAI/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - October 12th to 18th, 2020
!!1 - CSA News and Updates - October 12th to 18th, 2020
* ''Fill in the new CSA survey on Cloud Adoption in 2020''+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* Publication: 'Cloud OS Security Specification v2.0'+++^*[»] <<tiddler [[2020.10.14 - Publication : 'Cloud OS Security Specification v2.0']]>>===
* Podcast: 'The Business Value of STAR Attestation'+++^*[»] <<tiddler [[2020.10.16 - Podcast : 'The Business Value of STAR Attestation']]>>===
* Blog: 'What is the Cloud Controls Matrix (CCM)?'+++^*[»] <<tiddler [[2020.10.16 - Blog : 'What is the Cloud Controls Matrix (CCM)?']]>>===
* Blog: 'CCSK Success Stories: From a Security Consultant'+++^*[»] <<tiddler [[2020.10.12 - Blog : 'CCSK Success Stories: From a Security Consultant']]>>===
* Blog: 'How to Address the Security Risks of Cloud OS'+++^*[»] <<tiddler [[2020.10.15 - Blog : 'How to Address the Security Risks of Cloud OS']]>>===
* Conférence: 'AWS Cloud Security Week 2020'+++^*[»] <<tiddler [[2020.10.13 - Actu : Conférence 'AWS Cloud Security Week 2020']]>>===
!!2 - Cloud and Security News Watch ([[over 80 links|2020.10.18 - Veille Hebdomadaire - 18 octobre]])
* __''Must read''__
** ''French Highest Court States over the 'Health Data Hub' Case''+++^*[»]
|2020.10.14|Conseil d'Etat[>img[iCSF/flag_fr.png]]|[[Health Data Hub et protection de données personnelles : des précautions doivent être prises dans l'attente d'une solution pérenne|https://www.conseil-etat.fr/actualites/actualites/health-data-hub-et-protection-de-donnees-personnelles-des-precautions-doivent-etre-prises-dans-l-attente-d-une-solution-perenne]] ([[pdf|https://www.conseil-etat.fr/content/download/157044/document/444937%20-%20CNLL%20et%20autres.pdf]]|Health_Data_Hub France|
|2020.10.19|Hunton Privacy Blog|[[French Highest Court Rejects Temporary Suspension of France's Health Data Hub; Calls for Additional Guarantees Following Schrems II|https://www.huntonprivacyblog.com/2020/10/19/french-highest-court-rejects-temporary-suspension-of-frances-health-data-hub-calls-for-additional-guarantees-following-schrems-ii/]]|Health_Data_Hub France|
===
** ''MESA: Modern Enterprise Security Architecture'' (//Sumo Logic//)+++^*[»]
|2020.10.15|MSSP Alert|![[A New Framework for Modern Security|https://www.msspalert.com/cybersecurity-guests/a-new-framework-for-modern-security/]]|Framework|
|2020.10.06|//Sumo Logic//| ← [[A New Framework for Modern Security|https://www.sumologic.com/blog/modern-enterprise-security-architecture/]]|Framework|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: Office 365 credential-harvesting campaign (//Cyjax// and //GreatHorn//) • Grosth of DDoS volumes (//Google Cloud//)+++^*[»]
|2020.10.16|//Cyjax//|[[Office 365 credential-harvesting campaign leveraging Basecamp|https://www.cyjax.com/2020/10/16/office-365-credential-harvesting-campaign-leveraging-basecamp/]]|O365 Attack|
|2020.10.18|Bleeping Computer| → [[Hackers now abuse BaseCamp for free malware hosting|https://www.bleepingcomputer.com/news/security/hackers-now-abuse-basecamp-for-free-malware-hosting/]]|Abuse Basecamp|
|2020.10.16|//GreatHorn//|[[Massive Cyberattack Propagating via Redirector Domains and Subsidiary Domains|https://www.greathorn.com/blog-breaking-news-massive-cyberattack-propagating-via-redirector-domains-and-subsidiary-domains/]]|Phishing Domain_Names|
|2020.10.16|Dark Reading| → [[Massive New Phishing Campaigns Target Microsoft, Google Cloud Users|https://www.darkreading.com/attacks-breaches/massive-new-phishing-campaigns-target-microsoft-google-cloud-users/d/d-id/1339204]]|Phishing Domain_Names|
|2020.10.15|//Google Cloud//|[[Exponential growth in DDoS attack volumes|https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacks]]|DDoS|
===
** Leaks: Unsecured AWS S3 Buckets+++^*[»]
|2020.10.13|Healhcare Info Security|[[Unsecured AWS Database Left Patient Data Exposed|https://www.healthcareinfosecurity.com/unsecured-aws-database-left-patient-data-exposed-a-15163]]|DataLeak AWS_S3|
===
** Vulnerabilities: Issues with APIs AWS+++^*[»]
|2020.10.17|Nick Frichette|[[Enumerate AWS API Permissions Without Logging to CloudTrail|https://frichetten.com/blog/aws-api-enum-vuln/]]|AWS APIs Flaw|
|2020.10.17|Nick Frichette| → [[Proof of Concept: aws_stealth_perm_enum|https://github.com/Frichetten/aws_stealth_perm_enum]]|AWS APIs Flaw|
===
** Outages: Azure latest ones+++^*[»]
|2020.10.13|Build5Nines|[[Latest Cloud News: Azure Outages, Azure Bicep Modules and more! (October 13, 2020 - Build5Nines Weekly)|https://build5nines.com/latest-cloud-news-azure-outages-azure-bicep-modules-and-more-october-13-2020-build5nines-weekly/]]|Outages|
===
* __Best Practices, and Detection__
** Best Practices: In case of M365 account compromise • Azure Security Benchmark v2+++^*[»]
|2020.10.15|//Avanan//|[[Microsoft 365: What to Do When Your Account is Compromised|https://www.avanan.com/blog/what-to-do-when-compromised]]|M365 products|
|2020.10.14|CSO Online|[[Azure Security Benchmark v2: What you need to know|https://www.csoonline.com/article/3584930/azure-security-benchmark-v2-what-you-need-to-know.html]]|Azure Benchmark|
===
* __Reports, Surveys, Studies, Publications__
** Reports: '2020 Spotlight Report on Microsoft Office 365' (//Vectra//) • '2020 State of Virtual Appliance Security Report' (//Orca Security//) • 'The State of the Public Cloud in the Enterprise' (//Contino//)+++^*[»]
|2020.10.13|//Vectra//|[[O365 Security Threats - O365 Lateral Movement & More|https://www.vectra.ai/blogpost/spotlight-report-office365]] ([[synthèse PDF|https://content.vectra.ai/rs/748-MCE-447/images/IndustryReport_O365Spotlight-Summary.pdf]])|Report M365 Attacks|
|2020.10.13|//Vectra//| → [[2020 Spotlight Report on Microsoft Office 365|https://www.vectra.ai/download/spotlight-report-office365]] (après inscription)|Report M365 Attacks|
|2020.10.13|BetaNews| → [[Attackers use Office 365 tools to steal data|https://betanews.com/2020/10/13/attackers-use-office-365-tools/]]|Report M365 Attacks|
|2020.10.15|Dark Reading| → [[Microsoft Office 365 Accounts a Big Target for Attackers|https://www.darkreading.com/vulnerabilities---threats/microsoft-office-365-accounts-a-big-target-for-attackers/d/d-id/1339186]]|Report M365 Attacks|
|2020.10.13|//Orca Security//|[[The Orca Security 2020 State of Virtual Appliance Security Report|https://info.orca.security/2020-virtual-appliance-security-report]]|Report|
|2020.10.13|BetaNews| → [[Only eight percent of virtual appliances are free of vulnerabilities|https://betanews.com/2020/10/13/virtual-appliances-vulnerabilities/]]|Report|
|2020.10.13|Security Week| → [[Study Finds 400,000 Vulnerabilities Across 2,200 Virtual Appliances|https://www.securityweek.com/study-finds-400000-vulnerabilities-across-2200-virtual-appliances]]|Report|
|2020.10.12|//Contino//|[[The State of the Public Cloud in the Enterprise: Contino Research Report 2020|https://www.contino.io/resources/public-cloud-research-report-2020]]|Report|
|2020.10.12|BetaNews| → [[Only 13 percent of businesses use public cloud across the organization|https://betanews.com/2020/10/12/public-cloud-across-organization/]]|Report|
===
** Surveys: '2020 Global CIO Report' (//Dynatrace//)+++^*[»]
|2020.10.14|//Dynatrace//|[[CIOs feel squeezed between the need to accelerate digital transformation and the increasing challenges of cloud complexity|https://www.dynatrace.com/news/press-release/global-cio-report-observability-automation-and-ai/]] ([[rapport|https://www.dynatrace.com/cio-report-automatic-and-intelligent-observability/]])|Report|
|2020.10.19|Help Net Security| → [[Cloud environment complexity has surpassed human ability to manage|https://www.helpnetsecurity.com/2020/10/19/cloud-environment-complexity-has-surpassed-human-ability-to-manage/]]|Report|
===
* __Cloud Services Providers, Tools__
** AWS: IAM Access Analyzer • AWS Firewall Manager+++^*[»]
|2020.10.12|//Amazon AWS//|[[How to automatically archive expected IAM Access Analyzer findings|https://aws.amazon.com/blogs/security/how-to-automatically-archive-expected-iam-access-analyzer-findings/]]|AWS IAM|
|2020.10.15|//Amazon AWS//|[[Automate AWS Firewall Manager onboarding using AWS Centralized WAF and VPC Security Group Management solution|https://aws.amazon.com/blogs/security/automate-aws-firewall-manager-onboarding-using-aws-centralized-waf-and-vpc-security-group-management-solution/]]|AWS Firewall|
|2020.10.15|//Amazon AWS//|[[Use AWS Firewall Manager to deploy protection at scale in AWS Organizations|https://aws.amazon.com/blogs/security/use-aws-firewall-manager-to-deploy-protection-at-scale-in-aws-organizations/]]|AWS Firewall|
===
** Azure: Compliance • Conditional Access • Azure VMs+++^*[»]
|2020.10.15|//Microsoft Azure//|[[Customizing the set of standards in your regulatory compliance dashboard|https://docs.microsoft.com/en-us/azure/security-center/update-regulatory-compliance-packages]]|Azure Compliance|
|2020.10.13|//Microsoft Azure//|[[Conditional Access APIs are generally available!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-apis-are-generally-available/ba-p/1751702]]|APIs|
|2020.10.13|Thomas Maurer|[[Automanage for Azure virtual machines|https://www.thomasmaurer.ch/2020/10/automanage-for-azure-virtual-machines/]]|Azure VMs|
===
** GCP: IAM • Static outbound IP address+++^*[»]
|2020.10.15|//Google Cloud//|[[Applying IAM Recommendations at Scale|https://github.com/GoogleCloudPlatform/professional-services/tree/master/tools/iam-recommender-at-scale]]|GCP IAM|
|2020.10.16|//Google Cloud//| → [[Enforce least privilege with recommendations|https://cloud.google.com/iam/docs/recommender-overview]]|GCP IAM|
|2020.10.14|//Google Cloud//|[[Static outbound IP address|https://cloud.google.com/run/docs/configuring/static-outbound-ip]]|IP_Address|
===
** Kubernetes: Securing Kubernetes Clusters • Misconfigurations+++^*[»]
|>|>|>|!|
|2020.10.16|//Snyk//|[[Hack my mis-configured Kubernetes - privileged pods|https://www.cncf.io/blog/2020/10/16/hack-my-mis-configured-kubernetes-privileged-pods/]]|K8s|
|2020.10.15|//StackRox//|[[6 Kubernetes Security Use Cases You Must Prioritize|https://www.stackrox.com/post/2020/10/6-kubernetes-security-use-cases-you-must-prioritize/]]|K8s|
|2020.10.13|//Sysdig//|[[K3s + Sysdig: Deploying and securing your cluster… in less than 8 minutes!|https://sysdig.com/blog/k3s-sysdig-falco/]]|K8s Cluster|
|2020.10.12|Container Journal|![[How to Secure Your Kubernetes Cluster|https://containerjournal.com/topics/container-security/how-to-secure-your-kubernetes-cluster/]] |K8s|
===
** Containers: Security Enforcement+++^*[»]
|2020.10.15|//Anchore//|[[Our Top 5 Strategies for Container Security|https://anchore.com/blog/our-top-5-strategies-for-container-security/]]|Containers|
|2020.10.12|Container Journal|[[5 Container Security Challenges and Their Remedies|https://containerjournal.com/topics/container-security/how-to-secure-your-kubernetes-cluster/]]|Containers|
===
** Workloads: Security Enforcement+++^*[»]
|2020.10.14|//Intezer//|![[Cloud Workload Security: What You Need to Know - Part 1|https://www.intezer.com/blog/cloud-workload-security-what-you-need-to-know-part-1/]] (1/5)|Workloads|
===
** Outils: O365Enum+++^*[»]
|2020.10.12|Kitploit|[[O365Enum - Enumerate Valid Usernames From Office 365 Using ActiveSync, Autodiscover V1, Or Office.Com Login Page |https://www.kitploit.com/2020/10/o365enum-enumerate-valid-usernames-from.html]]|Tools O365|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcasts: 'Cloud Security' • 'SilverLining' • '//Thousand Eyes//' • Isolation par le Cloud (projet du DoD)+++^*[»]
|2020.10.18|Cloud Security Podcast|[[Continuous Monitoring For Controls & Vulnerabilities - Daniel Miessler|https://anchor.fm/cloudsecuritypodcast/episodes/CONTINUOUS-MONITORING-FOR-CONTROLS--VULNERABILITIES---DANIEL-MIESSLER-el7es6]]|Podcast|
|2020.10.14|SilverLining Podcast|![[Episode 27: Protecting Your Cloud Data With Legal Controls|https://silverlining-il.castos.com/episodes/episode-27-protecting-your-cloud-data-with-legal-controls]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/EP-27.mp3]]) |
|2020.10.12|Federal News Network|![[Cloud Based Internet Isolation|https://federalnewsnetwork.com/federal-tech-talk/2020/10/cloud-based-internet-isolation/]] ([[mp3|http://www.podcastone.com/downloadsecurity?url=aHR0cHM6Ly9wZHN0LmZtL2UvY2h0YmwuY29tL3RyYWNrL0UyRzg5NS9hdy5ub3hzb2x1dGlvbnMuY29tL2xhdW5jaHBvZC9hZHN3aXp6LzE3MDYvMTAxM2ZlZGVyYWx0ZWNodGFsa19wb2RjYXN0X3RieDFfNmE5ODg3ZDMubXAzP2F3Q29sbGVjdGlvbklkPTE3MDYmYXdFcGlzb2RlSWQ9MTUwMGMwZDctNGY0Zi00MmQ3LTgwZDktZmVhNjZhOTg4N2QzKip8MTYwMzUxMjY2MDg5MioqfA==.mp3]]) |Podcast|
|2020.10.15|Federal News Network| ← [[Cloud based internet isolation initiatives to give DoD new kind of cyber protections|https://federalnewsnetwork.com/ask-the-cio/2020/10/cloud-based-internet-isolation-initiatives-to-give-dod-new-kind-of-cyber-protections/]]|Isolation|
|2020.10.12|//Thousand Eyes//|[[Ep. 26: The Case of An Overloaded Database and What Happens When a Bug Bites|https://blog.thousandeyes.com/internet-report-episode-26/]]|Podcast|
===
** Newsletters: TL;DR Security #56 • The Cloud Security Reading List #59+++^*[»]
|2020.10.18|Marco Lancini|[[The Cloud Security Reading List #59|https://cloudseclist.com/issues/issue-59/]] |Weekly_Newsletter|
|2020.10.14|TL;DR Security|[[#56 - State of Exploit Development, Hacking Apple, flaws.cloud dataset|https://tldrsec.com/blog/tldr-sec-056/]] |Weekly_Newsletter|
===
* __Market, Acquisitions__
** Acquisition: //Managed Sentinel// by //BlueVoyant//+++^*[»]
|2020.10.13|//BlueVoyant//|[[BlueVoyant Acquires Managed Sentinel To Create End-to-End Services Portfolio For Microsoft Security Technologies|https://www.bluevoyant.com/bluevoyant-managed-sentinel-press-release-oct-2020]]|Acquisition|
===
* __Miscellaneous__
** Health Data Hub • European 'industrial cloud' • SASE and TLS (//Netskope//)+++^*[»]
|2020.10.15|Hogan Lovells|[[In wake of the Schrems II, CNIL challenges use of Microsoft cloud storage to host public health data lakes (the Health Data Hub case - Part 1)|https://www.lexology.com/library/detail.aspx?g=cf3827ff-b54e-42e1-bb70-7b6d9399c290]]|France Health_Data_Hub|
|>|>|>|!|
|2020.10.15|POLITICO.eu|[[EU shoots for €10B 'industrial cloud' to rival US|https://www.politico.eu/article/eu-pledges-e10-billion-to-power-up-industrial-cloud-sector/]]|Europe|
|>|>|>|!|
|2020.10.13|//Netskope//|[[SASE and TLS 1.3, Part 2: Naming Names|https://www.netskope.com/blog/sase-and-tls-1-3-part-2-naming-names]] (2/2)|SASE TLS|
|2020.09.23|//Netskope//| ← [[SASE and TLS 1.3, Part 1: What does it mean to "support" TLS 1.3?|https://www.netskope.com/blog/sase-and-tls-1-3-part-1-what-does-it-mean-to-support-tls-1-3]] (1/2)|SASE TLS|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KAI/|https://CloudSecurityAlliance.fr/go/KAI/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 12 au 18 octobre 2020
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.10.18|
|2020.10.18|Marco Lancini|[[The Cloud Security Reading List #59|https://cloudseclist.com/issues/issue-59/]] |Weekly_Newsletter|
|2020.10.18|Cloud Security Podcast|[[Continuous Monitoring For Controls & Vulnerabilities - Daniel Miessler|https://anchor.fm/cloudsecuritypodcast/episodes/CONTINUOUS-MONITORING-FOR-CONTROLS--VULNERABILITIES---DANIEL-MIESSLER-el7es6]]|Podcast|
|2020.10.18|Daniel Neumann|[[Azure Policy for Azure Kubernetes Service|https://www.danielstechblog.io/azure-policy-for-azure-kubernetes-service/]]|Aure AKS|
|2020.10.18|VentureBeat|[[Why IBM believes Confidential Computing is the future of cloud security|https://venturebeat.com/2020/10/16/why-ibm-believes-confidential-computing-is-the-future-of-cloud-security/]]|Confidential_Computing|
|>|>|>|!2020.10.17|
|2020.10.17|Nick Frichette|[[Enumerate AWS API Permissions Without Logging to CloudTrail|https://frichetten.com/blog/aws-api-enum-vuln/]]|AWS APIs Flaw|
|2020.10.17|Nick Frichette| → [[Proof of Concept: aws_stealth_perm_enum|https://github.com/Frichetten/aws_stealth_perm_enum]]|AWS APIs Flaw|
|2020.10.17|//Optiv//|[[Defending Against Container Threats With Palo Alto Prisma Cloud|https://www.optiv.com/explore-optiv-insights/source-zero/defending-against-container-threats-with-palo-alto-prisma-cloud]]|Products|
|>|>|>|!2020.10.16|
|2020.10.16|DevOps.com|[[Runtime Security and Incident Response with Loris Degioanni|https://devops.com/runtime-security-and-incident-response-with-loris-degioanni/]]|
|2020.10.16|Bleeping Computer|[[Microsoft releases Azure Defender for IoT in public preview|https://www.bleepingcomputer.com/news/security/microsoft-releases-azure-defender-for-iot-in-public-preview/]]|Azure IoT|
|2020.10.16|Bleeping Computer|[[Office 365 adds protection against downgrade and MITM attacks|https://www.bleepingcomputer.com/news/security/office-365-adds-protection-against-downgrade-and-mitm-attacks/]]|O365 Protection|
|2020.10.16|//Alien Vault//|[[Stories from the SOC - Cloud and On-site Protection|https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-cloud-and-on-site-protection]]|SOC|
|2020.10.16|//Snyk//|[[Hack my mis-configured Kubernetes - privileged pods|https://www.cncf.io/blog/2020/10/16/hack-my-mis-configured-kubernetes-privileged-pods/]]|K8s|
|2020.10.16|//Cyjax//|[[Office 365 credential-harvesting campaign leveraging Basecamp|https://www.cyjax.com/2020/10/16/office-365-credential-harvesting-campaign-leveraging-basecamp/]]|O365 Attack|
|2020.10.18|Bleeping Computer| → [[Hackers now abuse BaseCamp for free malware hosting|https://www.bleepingcomputer.com/news/security/hackers-now-abuse-basecamp-for-free-malware-hosting/]]|Abuse Basecamp|
|2020.10.16|//GreatHorn//|[[Massive Cyberattack Propagating via Redirector Domains and Subsidiary Domains|https://www.greathorn.com/blog-breaking-news-massive-cyberattack-propagating-via-redirector-domains-and-subsidiary-domains/]]|Phishing Domain_Names|
|2020.10.16|Dark Reading| → [[Massive New Phishing Campaigns Target Microsoft, Google Cloud Users|https://www.darkreading.com/attacks-breaches/massive-new-phishing-campaigns-target-microsoft-google-cloud-users/d/d-id/1339204]]|Phishing Domain_Names|
|>|>|>|!2020.10.15|
|2020.10.15|Build 5 Nine|[[Python Scripting in the Azure Cloud Shell|https://build5nines.com/python-scripting-in-the-azure-cloud-shell/]]|Azure CLI|
|2020.10.15|Hogan Lovells|[[In wake of the Schrems II, CNIL challenges use of Microsoft cloud storage to host public health data lakes (the Health Data Hub case - Part 1)|https://www.lexology.com/library/detail.aspx?g=cf3827ff-b54e-42e1-bb70-7b6d9399c290]]|France Health_Data_Hub|
|2020.10.15|POLITICO.eu|[[EU shoots for €10B 'industrial cloud' to rival US|https://www.politico.eu/article/eu-pledges-e10-billion-to-power-up-industrial-cloud-sector/]]|Europe|
|2020.10.15|Container Journal|[[Why Backup Won't Work for Stateful Containers|https://containerjournal.com/topics/container-ecosystems/why-backup-wont-work-for-stateful-containers/]]|Containers Backup|
|2020.10.15|Computer Weekly|[[Cloud data protection keeps the Crick's medical research Covid-secure|https://www.computerweekly.com/news/252490590/Cloud-data-protection-keeps-the-Cricks-medical-research-Covid-secure]]|Protection|
|2020.10.15|//StackRox//|[[6 Kubernetes Security Use Cases You Must Prioritize|https://www.stackrox.com/post/2020/10/6-kubernetes-security-use-cases-you-must-prioritize/]]|K8s|
|2020.10.15|//Virsec//|[[Leave No Apps Behind: Extend Protection from Legacy to Cloud to Containers|https://virsec.com/leave-no-apps-behind-extend-protection-from-legacy-to-cloud-to-containers/]]|Containers|
|2020.10.15|//ThreatStack//|[[Overcoming the Cloud Security Skills Shortage by Encoding Expertise|https://www.threatstack.com/blog/overcoming-the-cloud-security-skills-shortage-by-encoding-expertise]]|Expertise Skills|
|2020.10.15|//SentinelOne//|[[Cloud Security - Understanding the Difference Between IaaS and PaaS|https://www.sentinelone.com/blog/cloud-security-understanding-the-difference-between-iaas-and-paas/]]|IaaS PaaS|
|2020.10.15|//Alcide//|[[Cloud Native Security for Kubernetes In Practice|https://blog.alcide.io/cloud-native-security-for-kubernetes-in-practice]]|K8s|
|2020.10.15|//Anchore//|[[Our Top 5 Strategies for Container Security|https://anchore.com/blog/our-top-5-strategies-for-container-security/]]|Containers|
|2020.10.15|//Avanan//|[[Microsoft 365: What to Do When Your Account is Compromised|https://www.avanan.com/blog/what-to-do-when-compromised]]|M365 products|
|2020.10.15|//AvePoint//|[[3 Major Questions to Ask Before Enabling External Sharing in Office 365|https://www.avepoint.com/blog/office-365/office-365-external-sharing-questions/]]|O365|
|2020.10.15|//Caylent//|[[Managing Secrets in Terraform|https://caylent.com/managing-secrets-in-terraform]]|Terraform Secrets|
|2020.10.15|//Javelynn//|[[Kubernetes - Replication, and Self-Healing|https://dzone.com/articles/kubernetes-1]]|K8s|
|2020.10.15|//Darkbit//|[[CVE-2020-15157 "ContainerDrip" Write-up|https://darkbit.io/blog/cve-2020-15157-containerdrip]]|Vulnerability CVE-2020-15157|
|2020.10.15|//Amazon AWS//|[[Automate AWS Firewall Manager onboarding using AWS Centralized WAF and VPC Security Group Management solution|https://aws.amazon.com/blogs/security/automate-aws-firewall-manager-onboarding-using-aws-centralized-waf-and-vpc-security-group-management-solution/]]|AWS Firewall|
|2020.10.15|//Amazon AWS//|[[Use AWS Firewall Manager to deploy protection at scale in AWS Organizations|https://aws.amazon.com/blogs/security/use-aws-firewall-manager-to-deploy-protection-at-scale-in-aws-organizations/]]|AWS Firewall|
|2020.10.15|//Google Cloud//|[[Exponential growth in DDoS attack volumes|https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacks]]|DDoS|
|2020.10.15|//Google Cloud//|[[Applying IAM Recommendations at Scale|https://github.com/GoogleCloudPlatform/professional-services/tree/master/tools/iam-recommender-at-scale]]|GCP IAM|
|2020.10.16|//Google Cloud//| → [[Enforce least privilege with recommendations|https://cloud.google.com/iam/docs/recommender-overview]]|GCP IAM|
|2020.10.15|//Microsoft Azure//|[[Customizing the set of standards in your regulatory compliance dashboard|https://docs.microsoft.com/en-us/azure/security-center/update-regulatory-compliance-packages]]|Azure Compliance|
|>|>|>|!2020.10.14|
|2020.10.14|Conseil d'Etat[>img[iCSF/flag_fr.png]]|[[Health Data Hub et protection de données personnelles : des précautions doivent être prises dans l'attente d'une solution pérenne|https://www.conseil-etat.fr/actualites/actualites/health-data-hub-et-protection-de-donnees-personnelles-des-precautions-doivent-etre-prises-dans-l-attente-d-une-solution-perenne]] ([[pdf|https://www.conseil-etat.fr/content/download/157044/document/444937%20-%20CNLL%20et%20autres.pdf]]|Health_Data_Hub France|
|2020.10.14|TL;DR Security|[[#56 - State of Exploit Development, Hacking Apple, flaws.cloud dataset|https://tldrsec.com/blog/tldr-sec-056/]] |Weekly_Newsletter|
|2020.10.14|SilverLining Podcast|![[Episode 27: Protecting Your Cloud Data With Legal Controls|https://silverlining-il.castos.com/episodes/episode-27-protecting-your-cloud-data-with-legal-controls]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/EP-27.mp3]]) |
|2020.10.14|CSO Online|[[Azure Security Benchmark v2: What you need to know|https://www.csoonline.com/article/3584930/azure-security-benchmark-v2-what-you-need-to-know.html]]|Azure Benchmark|
|2020.10.22|Reseaux & Télécoms[>img[iCSF/flag_fr.png]]| → [[Tout savoir sur Azure Security Benchmark v2|https://www.reseaux-telecoms.net/actualites/lire-tout-savoir-sur-azure-security-benchmark-v2-28081.html]]|Azure Benchmark|
|2020.10.14|DZone|[[Free Resources: Kubernetes & Containers|https://dzone.com/articles/free-kubernetes-resources]] (après inscription)|Kubernetes Containers Cheatsheet|
|2020.10.14|TechRadar NZ|[[Addressing cybersecurity skill gap in cloud technologies|https://www.techradar.com/nz/news/addressing-cybersecurity-skill-gap-in-cloud-technologies]]|Expertise Skills|
|2020.10.14|//Intezer//|![[Cloud Workload Security: What You Need to Know - Part 1|https://www.intezer.com/blog/cloud-workload-security-what-you-need-to-know-part-1/]] (1/5)|Workloads|
|2020.10.14|//Dynatrace//|[[CIOs feel squeezed between the need to accelerate digital transformation and the increasing challenges of cloud complexity|https://www.dynatrace.com/news/press-release/global-cio-report-observability-automation-and-ai/]] ([[rapport|https://www.dynatrace.com/cio-report-automatic-and-intelligent-observability/]])|Report|
|2020.10.19|Help Net Security| → [[Cloud environment complexity has surpassed human ability to manage|https://www.helpnetsecurity.com/2020/10/19/cloud-environment-complexity-has-surpassed-human-ability-to-manage/]]|Report|
|2020.10.14|//Security Intelligence//|[[Modernizing Your Security Operations Center for the Cloud|https://securityintelligence.com/posts/modernizing-your-security-operations-center-for-the-cloud/]]|SOC|
|2020.10.14|//Akamai//|[[Akamai Enhances its Cloud Secure Web Gateway with DLP, Application Control and DNS over TLS (DoT)|https://blogs.akamai.com/2020/10/akamai-enhances-its-cloud-secure-web-gateway-with-dlp-application-control-and-dns-over-tls-dot.html]]|Products|
|2020.10.14|//Imperva//|[[Never Leave Your Cloud Database Publicly Accessible|https://www.imperva.com/blog/never-leave-your-cloud-database-publicly-accessible/]]|Protection Database|
|2020.10.14|//Darktrace//|[[How Industrial Control Systems can be secure in the cloud|https://www.darktrace.com/en/blog/how-industrial-control-systems-can-be-secure-in-the-cloud/]]|ICS|
|2020.10.14|//Google Cloud//|[[Static outbound IP address|https://cloud.google.com/run/docs/configuring/static-outbound-ip]]|IP_Address|
|>|>|>|!2020.10.13|
|2020.10.13|Thomas Maurer|[[Automanage for Azure virtual machines|https://www.thomasmaurer.ch/2020/10/automanage-for-azure-virtual-machines/]]|Azure VMs|
|2020.10.13|Build5Nines|[[Latest Cloud News: Azure Outages, Azure Bicep Modules and more! (October 13, 2020 - Build5Nines Weekly)|https://build5nines.com/latest-cloud-news-azure-outages-azure-bicep-modules-and-more-october-13-2020-build5nines-weekly/]]|Outages|
|2020.10.13|The Register|[[Does the cloud provide all the infrastructure you want yet never enough time to secure it? Let's help fix that|https://www.theregister.com/2020/10/13/aws_cloud_security_week/]]|AWS Conference|
|2020.10.13|The Register|[[IBM Cloud catches up to AWS and Azure - at least for refunds after major availability FAILs|https://www.theregister.com/2020/10/13/new_ibm_cloud_service_description/]]|IBM_Cloud|
|2020.10.15|MSSP Alert|![[A New Framework for Modern Security|https://www.msspalert.com/cybersecurity-guests/a-new-framework-for-modern-security/]]|Framework|
|2020.10.06|//Sumo Logic//| ← [[A New Framework for Modern Security|https://www.sumologic.com/blog/modern-enterprise-security-architecture/]]|Framework|
|2020.10.13|Healhcare Info Security|[[Unsecured AWS Database Left Patient Data Exposed|https://www.healthcareinfosecurity.com/unsecured-aws-database-left-patient-data-exposed-a-15163]]|DataLeak AWS_S3|
|2020.10.13|//BlueVoyant//|[[BlueVoyant Acquires Managed Sentinel To Create End-to-End Services Portfolio For Microsoft Security Technologies|https://www.bluevoyant.com/bluevoyant-managed-sentinel-press-release-oct-2020]]|Acquisition|
|2020.10.13|//Vectra//|[[O365 Security Threats - O365 Lateral Movement & More|https://www.vectra.ai/blogpost/spotlight-report-office365]] ([[synthèse PDF|https://content.vectra.ai/rs/748-MCE-447/images/IndustryReport_O365Spotlight-Summary.pdf]])|Report M365 Attacks|
|2020.10.13|//Vectra//| → [[2020 Spotlight Report on Microsoft Office 365|https://www.vectra.ai/download/spotlight-report-office365]] (après inscription)|Report M365 Attacks|
|2020.10.13|BetaNews| → [[Attackers use Office 365 tools to steal data|https://betanews.com/2020/10/13/attackers-use-office-365-tools/]]|Report M365 Attacks|
|2020.10.15|Dark Reading| → [[Microsoft Office 365 Accounts a Big Target for Attackers|https://www.darkreading.com/vulnerabilities---threats/microsoft-office-365-accounts-a-big-target-for-attackers/d/d-id/1339186]]|Report M365 Attacks|
|2020.10.13|//Orca Security//|[[The Orca Security 2020 State of Virtual Appliance Security Report|https://info.orca.security/2020-virtual-appliance-security-report]]|Report|
|2020.10.13|BetaNews| → [[Only eight percent of virtual appliances are free of vulnerabilities|https://betanews.com/2020/10/13/virtual-appliances-vulnerabilities/]]|Report|
|2020.10.13|Security Week| → [[Study Finds 400,000 Vulnerabilities Across 2,200 Virtual Appliances|https://www.securityweek.com/study-finds-400000-vulnerabilities-across-2200-virtual-appliances]]|Report|
|2020.10.13|//Checkpoint Software//|[[Secure Your Containers Like Your Apps Depend On It|https://blog.checkpoint.com/2020/10/13/secure-your-containers-like-your-apps-depend-on-it/]]|Containers|
|2020.10.13|//Cisco//|[[How to address cybersecurity challenges in the cloud era with SASE|https://umbrella.cisco.com/blog/how-to-address-cybersecurity-challenges-with-sase|https://umbrella.cisco.com/blog/how-to-address-cybersecurity-challenges-with-sase]]|SASE|
|2020.10.13|//Cloudflare//|[[Zero Trust For Everyone|https://blog.cloudflare.com/teams-plans/]]|Zero_Trust|
|2020.10.13|//Netskope//|[[SASE and TLS 1.3, Part 2: Naming Names|https://www.netskope.com/blog/sase-and-tls-1-3-part-2-naming-names]] (2/2)|SASE TLS|
|2020.09.23|//Netskope//| ← [[SASE and TLS 1.3, Part 1: What does it mean to "support" TLS 1.3?|https://www.netskope.com/blog/sase-and-tls-1-3-part-1-what-does-it-mean-to-support-tls-1-3]] (1/2)|SASE TLS|
|2020.10.13|//Sysdig//|[[K3s + Sysdig: Deploying and securing your cluster… in less than 8 minutes!|https://sysdig.com/blog/k3s-sysdig-falco/]]|K8s Cluster|
|2020.10.13|//Commvault//|[[The cloud just got closer: Managed cloud storage for your ransomware recovery strategy|https://vmblog.com/archive/2020/10/13/the-cloud-just-got-closer-managed-cloud-storage-for-your-ransomware-recovery-strategy.aspx]]|Webinaire|
|2020.10.13|//Menlo Security//|[[Shifting Security to the Cloud|https://www.menlosecurity.com/blog/shifting-security-to-the-cloud]] ([[webinaire|https://info.menlosecurity.com/Leadership-Conversations-Shifting-Security-to-the-Cloud-Webinar.html]])|Misc|
|2020.10.13|//Microsoft Azure//|[[Conditional Access APIs are generally available!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-apis-are-generally-available/ba-p/1751702]]|APIs|
|2020.10.13|//Weave Works//|[[Part 1 - Distributed Systems, Disaster Recovery and GitOps|https://www.weave.works/blog/part-1-distributed-systems-disaster-recovery-and-gitops]] (1.2)|DRP GitOps|
|2020.10.13|//Office 365 Blog//|[[Introducing a new phishing technique for compromising Office 365 accounts|https://o365blog.com/post/phishing/]]|O365 Phishing|
|>|>|>|!2020.10.12|
|2020.10.12|Le Journal de l'Economie[>img[iCSF/flag_fr.png]]|[[La Cnil ne veut pas de Microsoft pour héberger les données de santé des Français|https://www.journaldeleconomie.fr/La-Cnil-ne-veut-pas-de-Microsoft-pour-heberger-les-donnees-de-sante-des-Francais_a9261.html]]|Health_Data_Hub France|
|2020.10.12|Federal News Network|![[Cloud Based Internet Isolation|https://federalnewsnetwork.com/federal-tech-talk/2020/10/cloud-based-internet-isolation/]] ([[mp3|http://www.podcastone.com/downloadsecurity?url=aHR0cHM6Ly9wZHN0LmZtL2UvY2h0YmwuY29tL3RyYWNrL0UyRzg5NS9hdy5ub3hzb2x1dGlvbnMuY29tL2xhdW5jaHBvZC9hZHN3aXp6LzE3MDYvMTAxM2ZlZGVyYWx0ZWNodGFsa19wb2RjYXN0X3RieDFfNmE5ODg3ZDMubXAzP2F3Q29sbGVjdGlvbklkPTE3MDYmYXdFcGlzb2RlSWQ9MTUwMGMwZDctNGY0Zi00MmQ3LTgwZDktZmVhNjZhOTg4N2QzKip8MTYwMzUxMjY2MDg5MioqfA==.mp3]]) |Podcast|
|2020.10.15|Federal News Network| ← [[Cloud based internet isolation initiatives to give DoD new kind of cyber protections|https://federalnewsnetwork.com/ask-the-cio/2020/10/cloud-based-internet-isolation-initiatives-to-give-dod-new-kind-of-cyber-protections/]]|Isolation|
|2020.10.12|Container Journal|![[How to Secure Your Kubernetes Cluster|https://containerjournal.com/topics/container-security/how-to-secure-your-kubernetes-cluster/]] |K8s|
|2020.10.12|Security Week|[[Cloudflare Launches New Zero Trust Networking, Security Platform|https://www.securityweek.com/cloudflare-launches-new-zero-trust-networking-security-platform]]|Zero_Trust|
|2020.10.12|Kitploit|[[O365Enum - Enumerate Valid Usernames From Office 365 Using ActiveSync, Autodiscover V1, Or Office.Com Login Page |https://www.kitploit.com/2020/10/o365enum-enumerate-valid-usernames-from.html]]|Tools O365|
|2020.10.12|Container Journal|[[5 Container Security Challenges and Their Remedies|https://containerjournal.com/topics/container-security/how-to-secure-your-kubernetes-cluster/]]|Containers|
|2020.10.12|//Contino//|[[The State of the Public Cloud in the Enterprise: Contino Research Report 2020|https://www.contino.io/resources/public-cloud-research-report-2020]]|Report|
|2020.10.12|BetaNews| → [[Only 13 percent of businesses use public cloud across the organization|https://betanews.com/2020/10/12/public-cloud-across-organization/]]|Report|
|2020.10.12|//Thousand Eyes//|[[Ep. 26: The Case of An Overloaded Database and What Happens When a Bug Bites|https://blog.thousandeyes.com/internet-report-episode-26/]]|Podcast|
|2020.10.12|//Cloud Management Insider//|[[5 Container Security Challenges and Their Remedies|https://www.cloudmanagementinsider.com/5-container-security-challenges-and-their-remedies/]]|Containers|
|2020.10.12|//Amazon AWS//|[[How to automatically archive expected IAM Access Analyzer findings|https://aws.amazon.com/blogs/security/how-to-automatically-archive-expected-iam-access-analyzer-findings/]]|AWS IAM|
|2020.10.12|//Microsoft Azure//|[[Using Jupyter Notebook to analyze and visualize Azure Sentinel Analytics and Hunting Queries|https://techcommunity.microsoft.com/t5/azure-sentinel/using-jupyter-notebook-to-analyze-and-visualize-azure-sentinel/ba-p/1770400]]|Azure_Sentinel|
|2020.10.12|//Google Cloud//|[[Service accounts in Google Groups and with Groups API now generally available|https://workspaceupdates.googleblog.com/2020/09/service-accounts-in-google-groups-and.html]]|GCP IAM|
<<tiddler [[arOund0C]]>>
!"//The Business Value of STAR Attestation//"
[>img(150px,auto)[iCSA/CSAsecUpd.jpg]]Podcast de la série "[[CSA Security Update]]" publié le 16 octobre 2020 — Invité : Ashwin Chaudhary, Director and CEO of Accedere group
<<<
//As organizations look to cloud services to process more sensitive and critical data, security, and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. Based on the CSA's Cloud Controls Matrix (CCM), STAR is the only meta-framework of cloud-specific security controls, mapped to leading standards, that enables third party audit review to give security teams the support and trust they require to enable this move to the cloud.
Listen as we interview Ashwin Chaudhary Director and CEO of Accedere group and discuss STAR Attestation, the advantages of SOC2 plus CCM, and the business value it brings to organizations.//
<<<
__Liens :__
* Annonce → https://www.buzzsprout.com/303731/5924110-the-business-value-of-star-attestation
* Podcast → https://www.buzzsprout.com/303731/5924110-the-business-value-of-star-attestation.mp3
!"//What is the Cloud Controls Matrix (CCM)?//"
[>img(150px,auto)[iCSA/KAGBW.png]]Article de blog publié le 16 octobre 2020 — Rédigé par Eleftherios Skoutaris, Program Manager for CCM Working Group, Cloud Security Alliance//
<<<
!!What is the Cloud Controls Matrix?
The CSA Cloud Controls Matrix (CCM)+++^*[»] https://cloudsecurityalliance.org/research/cloud-controls-matrix/ === is a cybersecurity control framework for cloud computing. It is a spreadsheet that lists 16 domains covering all key aspects of cloud technology. Each domain is broken up into 133 control objectives. It can be used as a tool to systematically assess cloud implementation, by providing guidance on which security controls should be implemented by which actor within the cloud supply chain.The controls framework is aligned to the Security Guidance v4 and is currently considered a de-facto standard for cloud security assurance and compliance. The translated versions of CCM v3 are available here.
!!Map to Standards, Regulations and Controls Frameworks
The controls in the CCM are mapped against industry-accepted security standards, regulations, and control frameworks including but not limited to:
* ISO 27001/27002/27017/27018
* NIST SP 800-53
* AICPA TSC
* ENISA Information Assurance Framework
* German BSI C5
* PCI DSS
* ISACA COBIT
* NERC CIP
!!How does it work?
The Cloud Controls Matrix is a spreadsheet that lists common frameworks and regulations organizations would need to comply with. Each control maps onto multiple industry-accepted security standards, regulations, and frameworks; which means that fulfilling the CCM controls also fulfills it for the accompanying standards and regulations it maps onto. It reduces the need to use multiple frameworks and simplifies cloud security by letting you see all of the common cloud standards in one place. For each control the user can see all of the different requirements it fulfills. For instance if you are compliant with a specific control, then that fulfills a requirement for three different regulations and frameworks.
Each control in the CCM indicates who should fulfill the control (the CSP or cloud customer) and it indicates which cloud model type (IaaS, PaaS, SaaS) or cloud environment (public, hybrid, private) the control applies to. The CCM clarifies the roles and responsibilities between a cloud service provider and cloud customer by delineating which control guidance is relevant to each party.
!!For Cloud Customers
__Use the CCM to assess cloud vendors or in place of an RFP__
The Consensus Assessments Initiative Questionnaire (CAIQ) is a companion to the CCM that provides a set of "yes or no" questions a cloud consumer or auditor may wish to ask a cloud provider. Based on the security controls in the CCM, the questions can be used to document which security controls exist in a provider's IaaS, PaaS, and SaaS offerings. Organizations often use the CAIQ to get additional protection by building a request for proposal (RFP) with the information from CAIQ. Organizations can then verify the validity of a vendor's answers during the RFP interview. Over 500 organizations currently use the CAIQ to submit self-assessments on the STAR registry.
!!For Cloud Solution Providers (CSPs)
__Use the CCM to submit to CSA's public registry.__
The CCM is used as the standard to assess the security posture of organizations on the Security, Trust, Assurance and Risk (STAR) registry. The STAR program promotes flexible, incremental and multi-layered certifications that integrate with popular third-party assessments to avoid duplication of effort and cost. Security providers can fill out the extended question set that aligns with the CCM and send it to potential and current clients to demonstrate compliance to industry standards, frameworks and regulations. It is recommended that providers submit the completed CAIQ to the STAR Registry so it is publically available to all clients.
!!Security Domains Covered by the CCM
CSA is currently working on release the fourth iteration of the Cloud Controls Matrix. The CCM v.4 constitutes a significant upgrade to the previous version (v3.0.1) by introducing changes in structure of the framework with a new domain dedicated to Log and Monitoring (LOG), and modifications in the existing ones (GRC, A&A, UEM, CEK). This update will also deliver a significant increase of requirements as result of developing additional controls and updating existing ones.
Additional features of the CCM v.4 update are:
* Ensured coverage of requirements deriving from new cloud technologies
* New controls and security responsibility matrix
* Improved auditability of the controls, and enhanced interoperability and compatibility with other standards.
The domains covered in the current version of the Cloud Controls Matrix (CCM) are depicted [on the right]: [>img(600px,auto)[iCSA/KAGB2.png]]
Whereas below are the domains that will be covered in the new Cloud Controls Matrix (CCM) v4:
* Application & Interface Security
* Audit and Assurance
* Business Continuity Mgmt & Op Resilience
* Change Control & Configuration Management
* Data Security and Privacy - DSP (old DSI)
* Datacenter Security
* Cryptography, Encryption and Key Management
* Governance, Risk Management and Compliance
* Human Resources Security
* Identity & Access Management
* Infrastructure & Access Management
* Infrastructure & Virtualization
* Interoperability & Portability
* Universal EndPoint Management
* Security Incident Management, E-Discovery & Cloud Forensics
* Supply Chain Management, Transparency & Accountability
* Threat & Vulnerability Management
* Logging and Monitoring
!!What if there is a regulation or industry framework not covered in the current version of CCM?
In the case where there is a region-specific regulation or new framework that organizations need to map to, CSA will release a CCM mapping. You can find a list of all available mappings to the Cloud Controls Matrix (CCM) here.
Most Recent CCM Mappings:
* Gap Analysis Report - Mapping of the Association of Banks in Singapore Cloud Computing Implementation Guide 2.0 to Cloud Security Alliance Cloud Controls Matrix v3.0.1+++^*[»] https://cloudsecurityalliance.org/artifacts/ccm-addendum-abs-ccig/ ===
* Enterprise Architecture to CCM Shared Responsibility Model+++^*[»] https://cloudsecurityalliance.org/artifacts/enterprise-architecture-ccm-shared-responsibility-model/ ===
* CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications+++^*[»] https://cloudsecurityalliance.org/artifacts/ccm-v301-addendum-cloud-os-security-specifications/ ===
* Mapping of 'The Guidelines' Security Recommendations to CCM+++^*[»] https://cloudsecurityalliance.org/artifacts/ccm-v301-addendum-guideline-on-effectively-managing-security-services-in-the-cloud/ ===
* CCM v3.0.1 Addendum - FedRAMP Moderate+++^*[»] https://cloudsecurityalliance.org/artifacts/ccm-mapping-to-fedramp/ ===
* CSA CCM v3.0.1 Addendum - NIST 800-53 Rev 4 Moderate+++^*[»] https://cloudsecurityalliance.org/artifacts/csa-ccm-v3-0-1-addendum-nist-800-53-rev-4-moderate/ ===
* CSA CCM v3.0.1 Addendum - AICPA TSC 2017+++^*[»] https://cloudsecurityalliance.org/artifacts/ccm-v3-0-1-080319/ ===
!!Can I get certified against the CCM? How do I become CCM certified?
Organizations looking to get certified against the CCM can obtain an Attestation or Certification through the CSA STAR Registry. We often get the same questions about the Cloud Controls Matrix. You can view the full FAQ here.
!!Help CSA develop the Cloud Controls Matrix (CCM) v4!
The objective of this update is to continue to lead the security industry and market as the cloud provider and user-centric control framework of choice for all. Share your knowledge by providing feedback and contributing to the open peer review for CCM v.4.
<<<
//__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/10/16/what-is-the-cloud-controls-matrix-ccm/
!"//How to Address the Security Risks of Cloud OS//"
[>img(150px,auto)[iCSA/KAFBH.png]]Article de blog publié le 15 octobre 2020 — Rédigé par Xiaoyu Ge, co-chair of the Cloud Component Specifications Working Group
<<<
//From a user perspective, the cloud is a service. However, for cloud service providers, integrators, and channel partners who construct or build the cloud, it is a system that may comprise many separate components. The most basic cloud component is the cloud OS - a feature with functionality that closely resembles the relationship between Linux and a computer. Through the utilization of virtualization technology, cloud OS virtualizes hardware resources of physical servers and storage area network devices and supports software-defined networking. To help address the security challenges with cloud OS, CSA released version 2 of the Cloud OS Security Specification+++^*[»] https://cloudsecurityalliance.org/artifacts/cloud-os-security-specification-v2 === guidance document today.
!!What capabilities does Cloud OS provide and what are the security risks?
Along with virtualization, cloud OS also provides management and configuration capabilities on virtualized hardware resources. Furthermore, it affords many other capabilities and functions like disaster recovery, firewalls, load balancers, access control, and backup control to enhance the performance and security of cloud computing systems as well as the user experience of administrators and users. While cloud OS affords convenient, fast access to cloud computing resources, various security challenges may accompany this access that can affect cloud computing systems' regular operation and threaten the confidentiality, integrity, and availability of user data. As a result, it is vital to specify the security requirements of cloud OS technically.
!!What security guidance is currently available to address these risks?
Currently, most of the standards related to cloud computing security focus on information security management systems (ISMS), and corresponding certifications only concentrate on cloud services rather than specific cloud components. There is a lack of internationally recognized technical security specifications and certifications for cloud components such as the cloud operating system (OS). This latest research paper from CSA helps fill that gap by defining cloud OS' security specifications, specifically their technical requirements. We believe the guidance provided in this paper will be useful to help regulate security requirements for the cloud OS to prevent security threats and improve the security capabilities of cloud OS products.
!!Who should read this report?
We recommend that cloud service providers, integrators, and channel partners who participate in either constructing or building the cloud read this paper. In particular this paper will be helpful for cloud engineers, developers and info security practitioners using these services.
!!Changes in the new version.
CSA's Cloud Component Specifications Working Group first published the Cloud OS Security Specification v1 in July 2019. Some of the key changes and revisions in this version are:
The document structure was adjusted to be more in-line with logical architecture. Corresponding content in version 1 was also moved, combined or removed according to the structural adjustment.
New requirements were added in response to cloud security technology developments, including:
* Micro-segmentation
* Hardware-based encryption
* Virtual machine (VM) high availability
* Backup and recovery capability
* Key management service
* And a cloud bastion host.
Several requirements were improved and revised to be more precise and instructive, such as protocol related to processing/saving sensitive information, identity management, and log functions.
!!References
While the CSA research paper "Security Guidance for Critical Areas of Focus in Cloud Computing"+++^*[»] https://cloudsecurityalliance.org/research/guidance/ === is one of the key baseline references in specifying this document, it differs from the other in that it takes the additional step to focus on a specific component in cloud computing - cloud OS. The document builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000, NIST SP 500-299, and NIST SP 800-144 in the context of cloud computing security. Security property and functionality presented by cloud service providers such as AWS, Google Cloud, Huawei and Microsoft Azure are also referenced in this document.//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/10/15/how-to-address-the-security-risks-of-cloud-os/
* Document ⇒ https://cloudsecurityalliance.org/artifacts/cloud-os-security-specification-v2
!"//Cloud OS Security Specification v2.0//"
[>img(150px,auto)[iCSA/KAFBH.png]]//
<<<
Currently, most of the standards related to cloud computing security focus on information security management systems (ISMS), and corresponding certifications only concentrate on cloud services rather than specific cloud components. There is a lack of internationally recognized technical security specifications and certifications for cloud components such as the cloud operating system (OS). CSA believes the guidance provided in this paper will be useful to help regulate security requirements for the cloud OS to prevent security threats and improve security capabilities of cloud OS products.
CSA's Cloud Component Specifications Working Group first published the Cloud OS Security Specification v1 in July 2019. Some of the key changes and updates made in this revised version are:
* Adjusted document structure to be more in line with logical architecture. Corresponding contents in version 1 are also moved / combined / removed according to the structure adjustment.
* New requirements added in view of cloud security technology developments, including micro segmentation, hardware-based encryption, VM High availability, backup & recovery capability, key management service, cloud bastion host.
* Several requirements are improved and revised to be more precise and instructive, such as the processing / saving of sensitive information, identity management and log functions.
<<<
//__Liens :__
* Annonce ⇒ https://cloudsecurityalliance.org/artifacts/cloud-os-security-specification-v2/
* Téléchargement ⇒ https://cloudsecurityalliance.org/download/artifacts/cloud-os-security-specification-v2/
[>img(300px,auto)[iCSF/KAQCA.jpg]]La conférence ''AWS Cloud Security Week 2020'' se déroulera du 26 au 29 octobre 2020 en ligne.
Une session d'une heure sur chacun des 4 jours :
* Lundi 26 octobre 2020, de 11h00 à 12h00 : ''//Cloud Security and Compliance Basics//'' (Level 100)
* Mardi 27 octobre 2020, de 11h00 à 12h00 : ''//Cloud Security Myths and Opportunities//'' (Level 200)
* Mercredi 28 octobre 2020, de 11h00 à 12h00 : ''//Top Ten AWS Security Tips//'' (Level 200)
* Jeudi 29 octobre 2020, de 11h00 à 12h00 : ''//A Modern Approach to Patch Management and Automation//'' (Level 200)
__Liens :__
* Incriptions → https://pages.awscloud.com/emea-field-oe-aws-cloud-security-week-emea-2020-reg-event.html
<<tiddler [[arOund0C]]>>
!"//CCSK Success Stories: From a Security Consultant//"
[>img(150px,auto)[iCSA/K4QCCSK.png]]Article de blog publié le 12 octobre 2020 — Rédigé par Ricci Ieong, Principal Consultant, eWalker Consulting • Ekta Mishra, Membership Director & Country Manager (India), CSA APAC
<<<
//Q: In your current role at eWalker Consulting (HK) Ltd as a Consultant, you undertake consulting for clients. Can you tell us about what your job involves?
A: As the principal consultant, I lead the security review, assessment, consultancy services in my company.
Q: Can you share with us some complexities in managing cloud computing projects?
A: As a pioneer in the cloud computing security area since 2012, we have to explore and derive the direction and scheme of cloud computing security for different customers. In fact, as cloud computing is a deployment model which evolves rapidly, we have to catch up with the latest technology in cloud computing deployment.
Q: In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
A: IT professionals have to be aware of the roles and responsibilities in the particular cloud model implemented in the client environment.
Q: What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work and why?
A: As a pioneer, we need to have both cloud security and industry practical knowledge. CCSK is definitely the very first certificate in cloud computing knowledge. So I took the CCSK v3 and then v4 certificate. Especially since I'm involved in conducting CCSK training, we need to learn and practice the latest knowledge in cloud computing security practical knowledge.
Q: How does the Cloud Control Matrix (CCM) help communicate with customers?
A: The Cloud Controls Matrix (CCM) is one of the most useful tools that we use to explain cloud computing controls to customers. It provides fundamental security principles that guide cloud service vendors towards the most secure practices. For cloud customers, it helps in assessing the overall security postures of cloud providers.
Q: What's the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by AWS? In what scenario are the different certificates important?
A: It is better to learn from CCSK and CCSP first as those would give the audience general common security knowledge. With the baseline of cloud computing security knowledge, candidates can better understand cloud vendor-specific security knowledge. As cloud computing security is always vendor-specific, if a candidate wishes to become a cloud security expert, then he/she should have both general and specific cloud security knowledge.
Q: Would you encourage your staff and/or colleagues to obtain the CCSK or other CSA qualifications? Why?
A: As mentioned above, general, broad, vendor-neutral cloud security knowledge is important for candidates to know what is important in the area of cloud security. It will help them learn and establish a baseline of security best practices when dealing with a broad array of responsibilities, from cloud governance to configuring technical security controls.
Q: What is the best advice you would give to IT professionals in order for them to scale new heights in their careers?
A: Cloud computing is already the current direction of IT system deployment. So cloud security is critical knowledge that IT professionals should aim to achieve. I would recommend cloud security professionals obtain the CCSK certification to increase their employment opportunities by filling the skills-gap.//
<<<
__Lien :__
* Blog ⇒ https://cloudsecurityalliance.org/blog/2020/10/12/ccsk-success-stories-from-a-security-consultant/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #85|2020.10.11 - Newsletter Hebdomadaire #85]]__@@ {{arOund{FRA}}}[>img(100px,auto)[iCSA/logoCSAFR.png]] |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #85|2020.10.11 - Weekly Newsletter - #85]]__@@ {{arOund{ENG}}}[>img(100px,auto)[iCSA/logoCSAFR.png]] |
|<<tiddler [[2020.10.11 - Newsletter Hebdomadaire #85]]>> |<<tiddler [[2020.10.11 - Weekly Newsletter - #85]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 5 au 11 octobre 2020
!!1 - Informations CSA - 5 au 11 octobre 2020
* ''Répondez au sondage CSA sur l'adoption du Cloud'' en 2020+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* Actu : Conférence ''Europe Cloud Summit'' avec focus sur la sécurité le 22 octobre+++^*[»] <<tiddler [[2020.10.11 - Actu : Conférence 'Europe Cloud Summit']]>>===
* Actu : Conférence 'CSA APAC Virtual Summit' du 20 au 22 octobre+++^*[»] <<tiddler [[2020.10.11 - Actu : Conférence 'CSA APAC Virtual Summit']]>>===
* Actu : Série de Webinaires 'Azure Network Security'+++^*[»] <<tiddler [[2020.10.10 - Actu : Série de Webinaires 'Azure Network Security']]>>===
* Actu : Nombreux Appels à commentaires en cours+++^*[»] <<tiddler [[2020.10.10 - Actu : Appels à commentaires en cours]]>>===
* Blog : Guide d'implémentation du CSA pour gérer un ERP dans le Cloud+++^*[»] <<tiddler [[2020.10.09 - Blog : Guide d'implémentation du CSA pour gérer un ERP dans le Cloud]]>>===
* Blog : Bonnes pratiques sécurité pour le High Performance Computing+++^*[»] <<tiddler [[2020.10.08 - Blog : sondage sur les bonnes pratiques sécurité pour le High Performance Computing]]>>===
* Publication : 'Survey Report - Security Practices in HPC & HPC Cloud'+++^*[»] <<tiddler [[2020.10.08 - Publication : 'Survey Report - Security Practices in HPC & HPC Cloud']]>>===
* Publication : seconde partie du 'Critical Controls Implementation for SAP'+++^*[»] <<tiddler [[2020.10.05 - Publication : 'Critical Controls Implementation for SAP (Parts 1 and 2)']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 80 liens|2020.10.11 - Veille Hebdomadaire - 11 octobre]])
* __''À lire''__
** ''Extension Cloudtrail pour la plate-forme flaws.cloud'' par Scott Piper+++^*[»]
|2020.10.09|Summit Route|![[Public dataset of Cloudtrail logs from flaws.cloud|https://summitroute.com/blog/2020/10/09/public_dataset_of_cloudtrail_logs_from_flaws_cloud/]] |Incident_Analsis Exercise|
===
** ''Mapping CIS Controls to Cloud'' par Chris Farris+++^*[»]
|2020.10.05|Chris Farris|![[Mapping CIS Controls to Cloud|https://www.chrisfarris.com/post/cis-controls/]] |Controls|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Vulnérabilités : Découverte de vulnérabilités Azure (//Intezer//)+++^*[»]
|2020.10.08|//Intezer//|![[Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure|https://www.intezer.com/blog/cloud-security/kud-i-enter-your-server-new-vulnerabilities-in-microsoft-azure/]]|Azure Flaws|
|2020.10.08|//Intezer//| → [[Microsoft Azure App Services Vulnerabilities - PoC|https://www.youtube.com/watch?v=UDqqr3amzu0]] (vidéo)|Azure Flaws|
|2020.10.08|//Threatpost//| → [[Microsoft Azure Flaws Open Admin Servers to Takeover|https://threatpost.com/microsoft-azure-flaws-servers-takeover/159965/]]|Azure Flaws|
===
** Pannes : Plusieurs pannes pour l'environnement Azure et M365+++^*[»]
|2020.10.08|ZDnet|[[Microsoft cloud outages continue as Office and Outlook customers report problems|https://www.zdnet.com/article/microsoft-cloud-services-outages-continue-into-week-two/]]|Outages Azure M365|
|2020.10.07|Build5Nines|[[Azure Outages with Azure Front Door and Internal Azure WAN (October 6 - 7, 2020)|https://build5nines.com/azure-outages-with-azure-front-door-and-internal-azure-wan-october-6-7-2020/]]|Azure Outage|
|2020.10.07|The Register|[[Yes, it's down again: Microsoft's Office 365 takes yet another mid-week tumble, Azure also unwell|https://www.theregister.com/2020/10/07/office_365_outage/]]|O365 Outage|
|2020.10.07|Build5Nines|[[Azure DevOps Outages: October 7, 2020|https://build5nines.com/azure-devops-outages-october-7-2020/]]|Azure Outage|
|2020.10.06|Build5Nines|[[Azure DevOps is Down; Outage is MS not Your CI/CD Builds (October 6, 2020)|https://build5nines.com/azure-devops-down-outage-microsoft-not-your-cicd-builds-october-6-2020/]]|Outage M365|
|2020.10.07|Bleeping Computer|[[Microsoft 365 outage takes down Outlook and Microsoft Teams again|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-outlook-and-microsoft-teams-again/]]|Outage M365|
===
* __Rapports, Sondages, Études, Publications__
** Rapports : '2020 Security Operations Annual Report' (//Arctic Wolf//) • '2020 State of SaaSOps' (//BetterCloud//) (//Arctic Wolf//) • 'Cloud Threat Report, 2H 2020' (//Palo Alto Networks / Unit 42//)+++^*[»]
|2020.10.11|//Arctic Wolf//|[[2020 Security Operations Annual Report|https://arcticwolf.com/resources/analyst-reports/security-operations-annual-report]]|Report|
|2020.10.11|MSSP Alert| → [[Account Takeover Attack Research: Arctic Wolf Findings|https://www.msspalert.com/cybersecurity-research/account-takeover-attacks-arctic-wolf-findings/]]|Report|
|>|>|>|!|
|2020.10.07|//BetterCloud//|[[2020 State of SaaSOps|https://stateofsaasops.bettercloud.com/]]|Report|
|2020.10.07|DevOps.com| → [[BetterCloud Report Reveals Operational Complexity and Risk Concerns as Organizations Reach Tipping Point in SaaS Adoption|https://devops.com/bettercloud-report-reveals-operational-complexity-and-risk-concerns-as-organizations-reach-tipping-point-in-saas-adoption/]]|Report|
|>|>|>|!|
|2020.10.06|//Palo Alto Networks//|![[Highlights from the Unit 42 Cloud Threat Report, 2H 2020|https://unit42.paloaltonetworks.com/highlight-cloud-threat-report-iam/]] ([[téléchargement|https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research]]) |Report|
|2020.10.07|//Palo Alto Networks//| → [[Unit 42 Cloud Threat Report: CSP Findings on Logging, Encryption and Exposed Services|https://unit42.paloaltonetworks.com/cloud-threat-report-csp-findings-iam/]]|Report|
|2020.10.08|//Palo Alto Networks//| → [[Unit 42 Cloud Threat Report: Misconfigured IAM Roles Lead to Thousands of Compromised Cloud Workloads|https://unit42.paloaltonetworks.com/iam-roles-compromised-workloads/]]|Report|
===
** Publications : 'Sécurisation IaaS et PaaS' (//Gartner//)+++^*[»]
|2020.10.10|//FireEye//|[[Gartner: 5 Things You Must Absolutely Get Right for Secure IaaS and PaaS|http://www.fireeye.com/blog/products-and-services/2020/10/gartner-five-things-you-must-absolutely-get-right-for-secure-iaas-and-paas.html]]|Gartner IaaS PaaS|
|2020.05.07|//Gartner//| ← G00461794: [[5 Things You Must Absolutely Get Right for Secure IaaS and PaaS|https://content.fireeye.com/cloud/rpt-gartner-5-things-you-must-absolutely-get-right]]|Gartner IaaS PaaS|
===
* __Cloud Services Providers, Outils__
** AWS : Annonces sur AWS Lamda, le chiffrement et les bases de données, l'automatisation dans AWS Firewall Manager+++^*[»]
|>|>|>|!|
|2020.10.08|//Amazon AWS//|[[Introducing AWS Lambda Extensions - In preview|https://aws.amazon.com/fr/blogs/compute/introducing-aws-lambda-extensions-in-preview/]]|AWS_Lambda|
|2020.10.08|//Amazon AWS//|[[Building Extensions for AWS Lambda - In preview|https://aws.amazon.com/fr/blogs/compute/building-extensions-for-aws-lambda-in-preview/]]|AWS_Lambda|
|2020.10.08|//Amazon AWS//|[[Architecting for database encryption on AWS|https://aws.amazon.com/blogs/security/architecting-for-database-encryption-on-aws/]]|AWS Encryption|
|2020.10.06|//Amazon AWS//|[[AWS Firewall Manager helps automate security group management: 3 scenarios|https://aws.amazon.com/blogs/security/aws-firewall-manager-helps-automate-security-group-management-3-scenarios/]]|AWS Firewalle|
===
** Azure : Changement progressif d'Authorité de certification TLS • Protection des identiés sur AzureAD • Accès conditionnels sur AzureAD et O365• Ressources de formations sécurité et conformité M365+++^*[»]
|2020.10.09|Build5Nines|![[Azure TLS certificate changes|https://build5nines.com/azure-tls-certificate-changes/]] |Azure Certificate|
|2020.10.09|Sami Lamppu|![[Azure AD Identity Protection Deep Diver - Part 2|https://samilamppu.com/2020/10/09/azure-ad-identity-protection-deep-diver-part-2/]] (2/2) |AzureAD|
|2020.04.03|Sami Lamppu| ← [[Azure AD Identity Protection Integration with Cloud App Security |https://samilamppu.com/2020/04/03/benefit-of-azure-ad-identity-protection-integration-with-cloud-app-security/]] (1/2) |AzureAD IAM|
|2020.10.09|//Microsoft Azure//|[[Continuous Access Evaluation in Azure AD is now in public preview!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/continuous-access-evaluation-in-azure-ad-is-now-in-public/ba-p/1751704]]|AzureAD Assessment|
|2020.10.10|Matt Soseman|![[Guide to Training Resources for Microsoft 365 Security/ Compliance (+Azure Sentinel and Azure Security Center)|https://mattsoseman.wordpress.com/2020/10/10/guide-to-training-resources-for-microsoft-365-security-compliance-azure-sentinel-and-azure-security-center/]] |M365 Azure Treaining|
|2020.10.08|//Microsoft Azure//|[[Conditional Access Office 365 Suite now in GA!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-office-365-suite-now-in-ga/ba-p/1751703]]|O365 Conditional_Access|
===
** Kubernetes : aide mémoire • Journalisation+++^*[»]
|2020.10.08|DZone|Aide mémoire [[Advanced Kubernetes|https://dzone.com/refcardz/advanced-kubernetes]] (après inscription)|Kubernetes Cheatsheet|
|2020.10.05|Cloud Native Computing Foundation|[[A Practical Guide to Kubernetes Logging|https://www.cncf.io/blog/2020/10/05/a-practical-guide-to-kubernetes-logging/]]|K8s Logging|
|2020.09.03|//Logz//| ← [[A Practical Guide to Kubernetes Logging|https://logz.io/blog/a-practical-guide-to-kubernetes-logging/]]|K8s Logging|
===
** Docker : Installation sur un Raspberry Pi+++^*[»]
|2020.10.09|Shell Hacks|[[Raspberry Pi: Docker - Install Docker on Raspberry Pi|https://www.shellhacks.com/raspberry-pi-docker-install-docker-on-raspberry-pi/]]|Docker RaspberryPi|
===
** Containers : Techniques d'évasion+++^*[»]
|2020.10.08|//Capsule8//|[[An Introduction to Container Escapes|https://capsule8.com/blog/an-introduction-to-container-escapes/]]|Containers|
===
** Outils: IAMCTL pour AWS+++^*[»]
|2020.10.06|//Amazon AWS//|[[New IAMCTL tool compares multiple IAM roles and policies|https://aws.amazon.com/blogs/security/new-iamctl-tool-compares-multiple-iam-roles-and-policies/]]|AWS IAM Tools|
===
* __Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'__
** Podcasts : Sécurité AWS dans un secteur très régulé+++^*[»]
|2020.10.11|Cloud Security Podcast|[[AWS Security in a Large Regulated Enterprise! - Houston Hopkins, Capital One|https://anchor.fm/cloudsecuritypodcast/episodes/AWS-SECURITY-IN-A-LARGE-REGULATED-ENTERPRISE----HOUSTON-HOPKINS--CAPITAL-ONE-ekstdu]]|Podcast|
===
** Veilles : TL;DR Security #55 • The Cloud Security Reading List #58+++^*[»]
|2020.10.11|Marco Lancini|[[The Cloud Security Reading List #58|https://cloudseclist.com/issues/issue-58/]] |Weekly_Newsletter|
|2020.10.07|TL;DR Security|[[#55 - Detection as Code, Vault Authentication Bugs, Fingerprinting Exploit Developers|https://tldrsec.com/blog/tldr-sec-055/]] |Weekly_Newsletter|
===
* __Marché, Acquisitions__
** Marché : la Cnil récuse le choix de Microsoft Azure pour le Health Data Hub+++^*[»]
|2020.10.08|FrenchWeb[>img[iCSF/flag_fr.png]]|[[Données de santé: Cédric O veut rapatrier le Health Data Hub hébergé par Microsoft|https://www.frenchweb.fr/donnees-de-sante-cedric-o-veut-rapatrier-le-health-data-hub-heberge-par-microsoft/406519]]|France Health_Data_Hub|
|2020.10.09|Silicon[>img[iCSF/flag_fr.png]]| → [[Health Data Hub : la Cnil récuse le choix de Microsoft Azure|https://www.silicon.fr/health-data-hub-la-cnil-recuse-le-choix-de-microsoft-azure-348943.html]]|France Health_Data_Hub|
|2020.10.08|ITPro[>img[iCSF/flag_fr.png]]|[[Cloud : comment choisir sa région d'hébergement ?|https://www.itpro.fr/cloud-comment-choisir-sa-region-dhebergement/]]|Hosting|
===
** Acquisitions : Kasten par Veeam+++^*[»]
|2020.10.05|//Veeam//|[[Veeam Acquires Kasten to Accelerate Protection of Kubernetes-Native Workloads On-Premises and Across Multi-Cloud Environments|https://www.veeam.com/news/veeam-acquires-kasten-to-accelerate-protection-of-kubernetes-native-workloads-on-premises-and-across-multi-cloud-environments.html]]|Acquisition|
|2020.10.05|Container Journal| → [[Veeam Acquires Kasten to Protect Kubernetes Data|https://containerjournal.com/topics/container-security/veeam-acquires-kasten-to-protect-kubernetes-data/]]|Acquisition|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KAB/|https://CloudSecurityAlliance.fr/go/KAB/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - October 5th to 11th, 2020
!!1 - CSA News and Updates - October 5th to 11th, 2020
* ''Fill in the new CSA survey on Cloud Adoption in 2020''+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* News: ''Europe Cloud Summit'' conference, focus on Security on October 22nd+++^*[»] <<tiddler [[2020.10.11 - Actu : Conférence 'Europe Cloud Summit']]>>===
* News: 'CSA APAC Virtual Summit' from October 20th to 22nd+++^*[»] <<tiddler [[2020.10.11 - Actu : Conférence 'CSA APAC Virtual Summit']]>>===
* News: 'Azure Network Security' webinars over the coming weeks+++^*[»] <<tiddler [[2020.10.10 - Actu : Série de Webinaires 'Azure Network Security']]>>===
* News: Many call for comments/review for CSA documents+++^*[»] <<tiddler [[2020.10.10 - Actu : Appels à commentaires en cours]]>>===
* Blog: CSA's Implementation Guide for SAP to securely operate ERP applications in the cloud+++^*[»] <<tiddler [[2020.10.09 - Blog : Guide d'implémentation du CSA pour gérer un ERP dans le Cloud]]>>===
* Blog: 2020 Survey Report on Security Practices in HPC & HPC Cloud+++^*[»] <<tiddler [[2020.10.08 - Blog : sondage sur les bonnes pratiques sécurité pour le High Performance Computing]]>>===
* Publication: 'Survey Report - Security Practices in HPC & HPC Cloud'+++^*[»] <<tiddler [[2020.10.08 - Publication : 'Survey Report - Security Practices in HPC & HPC Cloud']]>>===
* Publication: 'Critical Controls Implementation for SAP' (final)+++^*[»] <<tiddler [[2020.10.05 - Publication : 'Critical Controls Implementation for SAP (Parts 1 and 2)']]>>===
!!2 - Cloud and Security News Watch ([[over 80 links|2020.10.11 - Veille Hebdomadaire - 11 octobre]])
* __''Must read''__
** ''Cloudtrail logs from flaws.cloud'' by Scott Piper+++^*[»]
|2020.10.09|Summit Route|![[Public dataset of Cloudtrail logs from flaws.cloud|https://summitroute.com/blog/2020/10/09/public_dataset_of_cloudtrail_logs_from_flaws_cloud/]] |Incident_Analsis Exercise|
===
** ''Mapping CIS Controls to Cloud'' by Chris Farris+++^*[»]
|2020.10.05|Chris Farris|![[Mapping CIS Controls to Cloud|https://www.chrisfarris.com/post/cis-controls/]] |Controls|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Vulnerabilities: New Vulnerabilities in Microsoft Azure (//Intezer//)+++^*[»]
|2020.10.08|//Intezer//|![[Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure|https://www.intezer.com/blog/cloud-security/kud-i-enter-your-server-new-vulnerabilities-in-microsoft-azure/]]|Azure Flaws|
|2020.10.08|//Intezer//| → [[Microsoft Azure App Services Vulnerabilities - PoC|https://www.youtube.com/watch?v=UDqqr3amzu0]] (vidéo)|Azure Flaws|
|2020.10.08|//Threatpost//| → [[Microsoft Azure Flaws Open Admin Servers to Takeover|https://threatpost.com/microsoft-azure-flaws-servers-takeover/159965/]]|Azure Flaws|
===
** Outages: multiple cases for Azure and M365•+++^*[»]
|2020.10.08|ZDnet|[[Microsoft cloud outages continue as Office and Outlook customers report problems|https://www.zdnet.com/article/microsoft-cloud-services-outages-continue-into-week-two/]]|Outages Azure M365|
|2020.10.07|Build5Nines|[[Azure Outages with Azure Front Door and Internal Azure WAN (October 6 - 7, 2020)|https://build5nines.com/azure-outages-with-azure-front-door-and-internal-azure-wan-october-6-7-2020/]]|Azure Outage|
|2020.10.07|The Register|[[Yes, it's down again: Microsoft's Office 365 takes yet another mid-week tumble, Azure also unwell|https://www.theregister.com/2020/10/07/office_365_outage/]]|O365 Outage|
|2020.10.07|Build5Nines|[[Azure DevOps Outages: October 7, 2020|https://build5nines.com/azure-devops-outages-october-7-2020/]]|Azure Outage|
|2020.10.06|Build5Nines|[[Azure DevOps is Down; Outage is MS not Your CI/CD Builds (October 6, 2020)|https://build5nines.com/azure-devops-down-outage-microsoft-not-your-cicd-builds-october-6-2020/]]|Outage M365|
|2020.10.07|Bleeping Computer|[[Microsoft 365 outage takes down Outlook and Microsoft Teams again|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-outlook-and-microsoft-teams-again/]]|Outage M365|
===
* __Reports, Surveys, Studies, Publications__
** Reports: '2020 Security Operations Annual Report' (//Arctic Wolf//) • '2020 State of SaaSOps' (//BetterCloud//) (//Arctic Wolf//) • 'Cloud Threat Report, 2H 2020' (//Palo Alto Networks / Unit 42//)+++^*[»]
|2020.10.11|//Arctic Wolf//|[[2020 Security Operations Annual Report|https://arcticwolf.com/resources/analyst-reports/security-operations-annual-report]]|Report|
|2020.10.11|MSSP Alert| → [[Account Takeover Attack Research: Arctic Wolf Findings|https://www.msspalert.com/cybersecurity-research/account-takeover-attacks-arctic-wolf-findings/]]|Report|
|>|>|>|!|
|2020.10.07|//BetterCloud//|[[2020 State of SaaSOps|https://stateofsaasops.bettercloud.com/]]|Report|
|2020.10.07|DevOps.com| → [[BetterCloud Report Reveals Operational Complexity and Risk Concerns as Organizations Reach Tipping Point in SaaS Adoption|https://devops.com/bettercloud-report-reveals-operational-complexity-and-risk-concerns-as-organizations-reach-tipping-point-in-saas-adoption/]]|Report|
|>|>|>|!|
|2020.10.06|//Palo Alto Networks//|![[Highlights from the Unit 42 Cloud Threat Report, 2H 2020|https://unit42.paloaltonetworks.com/highlight-cloud-threat-report-iam/]] ([[téléchargement|https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research]]) |Report|
|2020.10.07|//Palo Alto Networks//| → [[Unit 42 Cloud Threat Report: CSP Findings on Logging, Encryption and Exposed Services|https://unit42.paloaltonetworks.com/cloud-threat-report-csp-findings-iam/]]|Report|
|2020.10.08|//Palo Alto Networks//| → [[Unit 42 Cloud Threat Report: Misconfigured IAM Roles Lead to Thousands of Compromised Cloud Workloads|https://unit42.paloaltonetworks.com/iam-roles-compromised-workloads/]]|Report|
===
** Publications: 'Getting Right for Secure IaaS and PaaS' (//Gartner//)+++^*[»]
|2020.10.10|//FireEye//|[[Gartner: 5 Things You Must Absolutely Get Right for Secure IaaS and PaaS|http://www.fireeye.com/blog/products-and-services/2020/10/gartner-five-things-you-must-absolutely-get-right-for-secure-iaas-and-paas.html]]|Gartner IaaS PaaS|
|2020.05.07|//Gartner//| ← G00461794: [[5 Things You Must Absolutely Get Right for Secure IaaS and PaaS|https://content.fireeye.com/cloud/rpt-gartner-5-things-you-must-absolutely-get-right]]|Gartner IaaS PaaS|
===
* __Cloud Services Providers, Tools__
** AWS: Announcements on AWS Lamda, database encryption, automation for AWS Firewall Manager+++^*[»]
|>|>|>|!|
|2020.10.08|//Amazon AWS//|[[Introducing AWS Lambda Extensions - In preview|https://aws.amazon.com/fr/blogs/compute/introducing-aws-lambda-extensions-in-preview/]]|AWS_Lambda|
|2020.10.08|//Amazon AWS//|[[Building Extensions for AWS Lambda - In preview|https://aws.amazon.com/fr/blogs/compute/building-extensions-for-aws-lambda-in-preview/]]|AWS_Lambda|
|2020.10.08|//Amazon AWS//|[[Architecting for database encryption on AWS|https://aws.amazon.com/blogs/security/architecting-for-database-encryption-on-aws/]]|AWS Encryption|
|2020.10.06|//Amazon AWS//|[[AWS Firewall Manager helps automate security group management: 3 scenarios|https://aws.amazon.com/blogs/security/aws-firewall-manager-helps-automate-security-group-management-3-scenarios/]]|AWS Firewalle|
===
** Azure: Azure TLS certificate changes ongoing• Azure AD Identity Protection • Conditional Access in AzureAD and in Office 365 • Training Resources for Microsoft 365 Security+++^*[»]
|2020.10.09|Build5Nines|![[Azure TLS certificate changes|https://build5nines.com/azure-tls-certificate-changes/]] |Azure Certificate|
|2020.10.09|Sami Lamppu|![[Azure AD Identity Protection Deep Diver - Part 2|https://samilamppu.com/2020/10/09/azure-ad-identity-protection-deep-diver-part-2/]] (2/2) |AzureAD|
|2020.04.03|Sami Lamppu| ← [[Azure AD Identity Protection Integration with Cloud App Security |https://samilamppu.com/2020/04/03/benefit-of-azure-ad-identity-protection-integration-with-cloud-app-security/]] (1/2) |AzureAD IAM|
|2020.10.09|//Microsoft Azure//|[[Continuous Access Evaluation in Azure AD is now in public preview!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/continuous-access-evaluation-in-azure-ad-is-now-in-public/ba-p/1751704]]|AzureAD Assessment|
|2020.10.10|Matt Soseman|![[Guide to Training Resources for Microsoft 365 Security/ Compliance (+Azure Sentinel and Azure Security Center)|https://mattsoseman.wordpress.com/2020/10/10/guide-to-training-resources-for-microsoft-365-security-compliance-azure-sentinel-and-azure-security-center/]] |M365 Azure Treaining|
|2020.10.08|//Microsoft Azure//|[[Conditional Access Office 365 Suite now in GA!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-office-365-suite-now-in-ga/ba-p/1751703]]|O365 Conditional_Access|
===
** Kubernetes: cheatsheet • Logging+++^*[»]
|2020.10.08|DZone|Aide mémoire [[Advanced Kubernetes|https://dzone.com/refcardz/advanced-kubernetes]] (après inscription)|Kubernetes Cheatsheet|
|2020.10.05|Cloud Native Computing Foundation|[[A Practical Guide to Kubernetes Logging|https://www.cncf.io/blog/2020/10/05/a-practical-guide-to-kubernetes-logging/]]|K8s Logging|
|2020.09.03|//Logz//| ← [[A Practical Guide to Kubernetes Logging|https://logz.io/blog/a-practical-guide-to-kubernetes-logging/]]|K8s Logging|
===
** Docker: Installation on a Raspberry Pi+++^*[»]
|2020.10.09|Shell Hacks|[[Raspberry Pi: Docker - Install Docker on Raspberry Pi|https://www.shellhacks.com/raspberry-pi-docker-install-docker-on-raspberry-pi/]]|Docker RaspberryPi|
===
** Containers: Introduction to Container Escapes+++^*[»]
|2020.10.08|//Capsule8//|[[An Introduction to Container Escapes|https://capsule8.com/blog/an-introduction-to-container-escapes/]]|Containers|
===
** Tools: IAMCTL for AWS+++^*[»]
|2020.10.06|//Amazon AWS//|[[New IAMCTL tool compares multiple IAM roles and policies|https://aws.amazon.com/blogs/security/new-iamctl-tool-compares-multiple-iam-roles-and-policies/]]|AWS IAM Tools|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcasts: AWS Security in a Large Regulated Enterprise+++^*[»]
|2020.10.11|Cloud Security Podcast|[[AWS Security in a Large Regulated Enterprise! - Houston Hopkins, Capital One|https://anchor.fm/cloudsecuritypodcast/episodes/AWS-SECURITY-IN-A-LARGE-REGULATED-ENTERPRISE----HOUSTON-HOPKINS--CAPITAL-ONE-ekstdu]]|Podcast|
===
** Newsletters: TL;DR Security #55 • The Cloud Security Reading List #58+++^*[»]
|2020.10.11|Marco Lancini|[[The Cloud Security Reading List #58|https://cloudseclist.com/issues/issue-58/]] |Weekly_Newsletter|
|2020.10.07|TL;DR Security|[[#55 - Detection as Code, Vault Authentication Bugs, Fingerprinting Exploit Developers|https://tldrsec.com/blog/tldr-sec-055/]] |Weekly_Newsletter|
===
* __Market, Acquisitions__
** Market: French CNIL invalidates Health Data Hub bid result+++^*[»]
|2020.10.08|FrenchWeb[>img[iCSF/flag_fr.png]]|[[Données de santé: Cédric O veut rapatrier le Health Data Hub hébergé par Microsoft|https://www.frenchweb.fr/donnees-de-sante-cedric-o-veut-rapatrier-le-health-data-hub-heberge-par-microsoft/406519]]|France Health_Data_Hub|
|2020.10.09|Silicon[>img[iCSF/flag_fr.png]]| → [[Health Data Hub : la Cnil récuse le choix de Microsoft Azure|https://www.silicon.fr/health-data-hub-la-cnil-recuse-le-choix-de-microsoft-azure-348943.html]]|France Health_Data_Hub|
|2020.10.08|ITPro[>img[iCSF/flag_fr.png]]|[[Cloud : comment choisir sa région d'hébergement ?|https://www.itpro.fr/cloud-comment-choisir-sa-region-dhebergement/]]|Hosting|
===
** Acquisitions: Kasten by Veeam+++^*[»]
|2020.10.05|//Veeam//|[[Veeam Acquires Kasten to Accelerate Protection of Kubernetes-Native Workloads On-Premises and Across Multi-Cloud Environments|https://www.veeam.com/news/veeam-acquires-kasten-to-accelerate-protection-of-kubernetes-native-workloads-on-premises-and-across-multi-cloud-environments.html]]|Acquisition|
|2020.10.05|Container Journal| → [[Veeam Acquires Kasten to Protect Kubernetes Data|https://containerjournal.com/topics/container-security/veeam-acquires-kasten-to-protect-kubernetes-data/]]|Acquisition|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KAB/|https://CloudSecurityAlliance.fr/go/KAB/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 5 au 11 octobre 2020
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.10.11|
|2020.10.11|Marco Lancini|[[The Cloud Security Reading List #58|https://cloudseclist.com/issues/issue-58/]] |Weekly_Newsletter|
|2020.10.11|Cloud Security Podcast|[[AWS Security in a Large Regulated Enterprise! - Houston Hopkins, Capital One|https://anchor.fm/cloudsecuritypodcast/episodes/AWS-SECURITY-IN-A-LARGE-REGULATED-ENTERPRISE----HOUSTON-HOPKINS--CAPITAL-ONE-ekstdu]]|Podcast|
|2020.10.11|//Arctic Wolf//|[[2020 Security Operations Annual Report|https://arcticwolf.com/resources/analyst-reports/security-operations-annual-report]]|Report|
|2020.10.11|MSSP Alert| → [[Account Takeover Attack Research: Arctic Wolf Findings|https://www.msspalert.com/cybersecurity-research/account-takeover-attacks-arctic-wolf-findings/]]|Report|
|>|>|>|!2020.10.10|
|2020.10.10|Matt Soseman|![[Guide to Training Resources for Microsoft 365 Security/ Compliance (+Azure Sentinel and Azure Security Center)|https://mattsoseman.wordpress.com/2020/10/10/guide-to-training-resources-for-microsoft-365-security-compliance-azure-sentinel-and-azure-security-center/]] |M365 Azure Treaining|
|2020.10.10|//Zscaler//|[[Zero Trust, Microsegmentation, and Cloud Security|https://www.zscaler.com/blogs/corporate/role-microsegmentation-cloud-security]]|Zero_Trust|
|2020.10.10|//FireEye//|[[Gartner: 5 Things You Must Absolutely Get Right for Secure IaaS and PaaS|http://www.fireeye.com/blog/products-and-services/2020/10/gartner-five-things-you-must-absolutely-get-right-for-secure-iaas-and-paas.html]]|Gartner IaaS PaaS|
|2020.05.07|//Gartner//| ← G00461794: [[5 Things You Must Absolutely Get Right for Secure IaaS and PaaS|https://content.fireeye.com/cloud/rpt-gartner-5-things-you-must-absolutely-get-right]]|Gartner IaaS PaaS|
|>|>|>|!2020.10.09|
|2020.10.09|Summit Route|![[Public dataset of Cloudtrail logs from flaws.cloud|https://summitroute.com/blog/2020/10/09/public_dataset_of_cloudtrail_logs_from_flaws_cloud/]] |Incident_Analsis Exercise|
|2020.10.09|Build5Nines|![[Azure TLS certificate changes|https://build5nines.com/azure-tls-certificate-changes/]] |Azure Certificate|
|2020.10.09|Sami Lamppu|![[Azure AD Identity Protection Deep Diver - Part 2|https://samilamppu.com/2020/10/09/azure-ad-identity-protection-deep-diver-part-2/]] (2/2) |AzureAD|
|2020.04.03|Sami Lamppu| ← [[Azure AD Identity Protection Integration with Cloud App Security |https://samilamppu.com/2020/04/03/benefit-of-azure-ad-identity-protection-integration-with-cloud-app-security/]] (1/2) |AzureAD IAM|
|2020.10.09|Shell Hacks|[[Raspberry Pi: Docker - Install Docker on Raspberry Pi|https://www.shellhacks.com/raspberry-pi-docker-install-docker-on-raspberry-pi/]]|Docker RaspberryPi|
|2020.10.09|//Microsoft Azure//|[[Continuous Access Evaluation in Azure AD is now in public preview!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/continuous-access-evaluation-in-azure-ad-is-now-in-public/ba-p/1751704]]|AzureAD Assessment|
|2020.10.09|//Red Canary//|[[Cloud workload security: 7 reasons why it's complicated|https://redcanary.com/blog/cloud-workload-security/]]|Workloads|
|2020.10.09|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of VNC|https://blog.rapid7.com/2020/10/09/nicer-protocol-deep-dive-internet-exposure-of-vnc/]]|Report VNC|
|2020.10.09|//Centilytics//|[[AWS root account with programmatic access should be secure|https://blogs.centilytics.com/aws-root-account-programmatic-access/]]|AWS|
|2020.10.09|//Centilytics//|[[Check your AWS Route53 Traffic Policy service limits|https://blogs.centilytics.com/check-your-aws-route53-traffic-policy-service-limits/]]|AWS DNS|
|2020.10.09|//Centilytics//|[[AWS Route53 Reusable delegation sets service limit - manage your cloud better|https://blogs.centilytics.com/aws-route53-reusable-delegation-sets-service-limit-manage-your-cloud-better/]]|AWS DNS|
|2020.10.09|//Flant//|[[Comparing Ingress controllers for Kubernetes|https://medium.com/flant-com/comparing-ingress-controllers-for-kubernetes-9b397483b46b]]|K8s Ingress|
|2020.10.09|//Microsoft//|[[Hiding in the Clouds - How Attackers Can Use Applications for Sustained Persistence|http://www.sans.org/cyber-security-summit/archives/download/34090]] (SANS Cyber Defense Forum & Training)||
|>|>|>|!2020.10.08|
|2020.10.08|FrenchWeb[>img[iCSF/flag_fr.png]]|[[Données de santé: Cédric O veut rapatrier le Health Data Hub hébergé par Microsoft|https://www.frenchweb.fr/donnees-de-sante-cedric-o-veut-rapatrier-le-health-data-hub-heberge-par-microsoft/406519]]|France Health_Data_Hub|
|2020.10.09|Silicon[>img[iCSF/flag_fr.png]]| → [[Health Data Hub : la Cnil récuse le choix de Microsoft Azure|https://www.silicon.fr/health-data-hub-la-cnil-recuse-le-choix-de-microsoft-azure-348943.html]]|France Health_Data_Hub|
|2020.10.08|ITPro[>img[iCSF/flag_fr.png]]|[[Cloud : comment choisir sa région d'hébergement ?|https://www.itpro.fr/cloud-comment-choisir-sa-region-dhebergement/]]|Hosting|
|2020.10.08|ZDnet|[[Microsoft cloud outages continue as Office and Outlook customers report problems|https://www.zdnet.com/article/microsoft-cloud-services-outages-continue-into-week-two/]]|Outages Azure M365|
|2020.10.08|DZone|Aide mémoire [[Advanced Kubernetes|https://dzone.com/refcardz/advanced-kubernetes]] (après inscription)|Kubernetes Cheatsheet|
|2020.10.08|The Daily Swig|[[Vulnerabilities in HashiCorp Vault could lead to authentication bypass|https://portswigger.net/daily-swig/vulnerabilities-in-hashicorp-vault-could-lead-to-authentication-bypass]]|HashiCorp Flaw|
|2020.10.08|SANS|[[Firebase: Google Cloud's Evil Twin|https://www.sans.org/reading-room/whitepapers/cloud/paper/39885]]|GCP Firebase|
|2020.10.08|//Intezer//|![[Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure|https://www.intezer.com/blog/cloud-security/kud-i-enter-your-server-new-vulnerabilities-in-microsoft-azure/]]|Azure Flaws|
|2020.10.08|//Intezer//| → [[Microsoft Azure App Services Vulnerabilities - PoC|https://www.youtube.com/watch?v=UDqqr3amzu0]] (vidéo)|Azure Flaws|
|2020.10.08|The Hacker News| → [[Researchers Find Vulnerabilities in Microsoft Azure Cloud Service|https://thehackernews.com/2020/10/microsoft-azure-vulnerability.html]]|Azure Flaws|
|2020.10.08|//Threatpost//| → [[Microsoft Azure Flaws Open Admin Servers to Takeover|https://threatpost.com/microsoft-azure-flaws-servers-takeover/159965/]]|Azure Flaws|
|2020.10.08|//Container Journal//|[[Aqua Security Allies with GitHub on Container Security|https://containerjournal.com/topics/container-security/aqua-security-allies-with-github-on-container-security/]]|Products Containers GitHub|
|2020.10.08|//Amazon AWS//|[[Introducing AWS Lambda Extensions - In preview|https://aws.amazon.com/fr/blogs/compute/introducing-aws-lambda-extensions-in-preview/]]|AWS_Lambda|
|2020.10.08|//Amazon AWS//|[[Building Extensions for AWS Lambda - In preview|https://aws.amazon.com/fr/blogs/compute/building-extensions-for-aws-lambda-in-preview/]]|AWS_Lambda|
|2020.10.08|//Amazon AWS//|[[Architecting for database encryption on AWS|https://aws.amazon.com/blogs/security/architecting-for-database-encryption-on-aws/]]|AWS Encryption|
|2020.10.08|//Microsoft Azure//|[[Conditional Access Office 365 Suite now in GA!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-office-365-suite-now-in-ga/ba-p/1751703]]|O365 Conditional_Access|
|2020.10.08|//Microsoft Azure//|[[Azure Blob - Soft Delete for Containers preview region expansion|https://azure.microsoft.com/en-us/updates/azure-blob-soft-delete-for-containers-public-preview-region-expansion/]]|Azure Containers Wiping|
|2020.10.08|//Fugue//|[[Cloud Network Security 101: Azure Service Endpoints vs. Private Endpoints|https://www.fugue.co/blog/cloud-network-security-101-azure-service-endpoints-vs.-private-endpoints]]|Azure Endpoints|
|2020.10.08|//Capsule8//|[[An Introduction to Container Escapes|https://capsule8.com/blog/an-introduction-to-container-escapes/]]|Containers|
|2020.10.08|//Checkpoint Software//|[[Enhancing Serverless Security with Check Point CloudGuard and AWS Lambda Extensions|https://blog.checkpoint.com/2020/10/08/enhancing-serverless-security-with-check-point-cloudguard-and-aws-lambda-extensions/]]|Serverless|
|2020.10.08|//Risk Recon//|[[How secure is a Microsoft 365 enterprise deployment?|https://blog.riskrecon.com/how-secure-is-a-microsoft-365-enterprise-deployment]]|M365|
|2020.10.08|//CipherCloud//|[[Starting from the Right Place: Introducing CASB+ Data Discovery|https://www.ciphercloud.com/starting-from-the-right-place-introducing-casb-data-discovery/]]|CASB|
|2020.10.08|//The Corner//|[[Using AWS Lambda Extensions to Accelerate AWS Secrets Manager Access|https://developer.squareup.com/blog/using-aws-lambda-extensions-to-accelerate-aws-secrets-manager-access/]]|AWS_Lambda|
|>|>|>|!2020.10.07|
|2020.10.07|TL;DR Security|[[#55 - Detection as Code, Vault Authentication Bugs, Fingerprinting Exploit Developers|https://tldrsec.com/blog/tldr-sec-055/]] |Weekly_Newsletter|
|2020.10.07|Build5Nines|[[Azure Outages with Azure Front Door and Internal Azure WAN (October 6 - 7, 2020)|https://build5nines.com/azure-outages-with-azure-front-door-and-internal-azure-wan-october-6-7-2020/]]|Azure Outage|
|2020.10.07|The Register|[[Yes, it's down again: Microsoft's Office 365 takes yet another mid-week tumble, Azure also unwell|https://www.theregister.com/2020/10/07/office_365_outage/]]|O365 Outage|
|2020.10.07|Build5Nines|[[Azure DevOps Outages: October 7, 2020|https://build5nines.com/azure-devops-outages-october-7-2020/]]|Azure Outage|
|2020.10.07|DZone|[[Introduction to Kubernetes Security: Container Security|https://dzone.com/articles/introduction-to-kubernetes-security-container-secu]]|K8s Containers|
|2020.10.07|//BetterCloud//|[[2020 State of SaaSOps|https://stateofsaasops.bettercloud.com/]]|Report|
|2020.10.07|Solutions Review| → [[BetterCloud: 70 Percent of Business Apps are SaaS-Based|https://solutionsreview.com/cloud-platforms/bettercloud-70-percent-of-business-apps-are-saas-based/]]|Report|
|2020.10.07|DevOps.com| → [[BetterCloud Report Reveals Operational Complexity and Risk Concerns as Organizations Reach Tipping Point in SaaS Adoption|https://devops.com/bettercloud-report-reveals-operational-complexity-and-risk-concerns-as-organizations-reach-tipping-point-in-saas-adoption/]]|Report|
|2020.10.07|Help Net Security| → [[SaaS adoption prompting concerns over operational complexity and risk|https://www.helpnetsecurity.com/2020/10/12/saas-adoption-risk/]]|Report|
|2020.10.07|Security and Cloud 24/7|[[How to run HPC in the cloud?|https://security-24-7.com/how-to-run-hpc-in-the-cloud/]]|HPC|
|2020.10.07|//AllCloud//|[[Why Use Enterprise Cloud Disaster Recovery|https://allcloud.io/blog/why-use-enterprise-cloud-disaster-recovery/]]|DRaaS|
|2020.10.07|//Radware//|[[Understanding the Security Risks of Cloud Environments|https://blog.radware.com/security/cloudsecurity/2020/10/understanding-the-security-risks-of-cloud-environments/]]|Risks|
|2020.10.07|//Avast//|[[Business Cloud Security Summit Takeaways|https://blog.avast.com/business-cloud-security-summit-takeaways-avast]]|Conference|
|2020.10.07|//Amazon AWS//|[[AWS Security Hub launches a new user interface for security standards|https://aws.amazon.com/about-aws/whats-new/2020/10/aws-security-hub-launches-new-user-interface-security-standards/]]|AWS_Security_Hub|
|2020.10.07|//Amazon AWS//|[[10 additional AWS services authorized at DoD Impact Level 6 for the AWS Secret Region|https://aws.amazon.com/blogs/security/10-additional-aws-services-authorized-dod-impact-level-6-for-aws-secret-region/]]|Government AWS|
|2020.10.07|//Microsoft Azure//|[[Best practices for defending Azure Virtual Machines|https://www.microsoft.com/security/blog/2020/10/07/best-practices-for-defending-azure-virtual-machines/]]|Azure VMs|
|>|>|>|!2020.10.06|
|2020.10.06|Build5Nines|[[Azure DevOps is Down; Outage is MS not Your CI/CD Builds (October 6, 2020)|https://build5nines.com/azure-devops-down-outage-microsoft-not-your-cicd-builds-october-6-2020/]]|Outage M365|
|2020.10.07|Bleeping Computer|[[Microsoft 365 outage takes down Outlook and Microsoft Teams again|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-outlook-and-microsoft-teams-again/]]|Outage M365|
|2020.10.06|Container Journal|[[How Containers and Kubernetes Advance DevSecOps|https://containerjournal.com/topics/container-security/how-containers-and-kubernetes-advance-devsecops/]]|DevSecOps Containers Kubernetes|
|2020.10.06|Project Zero|[[Enter the Vault: Authentication Issues in HashiCorp Vault|https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html]]|Vulnerabilities HashiCorp AWS|
|2020.10.06|//Palo Alto Networks//|![[Highlights from the Unit 42 Cloud Threat Report, 2H 2020|https://unit42.paloaltonetworks.com/highlight-cloud-threat-report-iam/]] ([[téléchargement|https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research]]) |Report|
|2020.10.07|//Palo Alto Networks//| → [[Unit 42 Cloud Threat Report: CSP Findings on Logging, Encryption and Exposed Services|https://unit42.paloaltonetworks.com/cloud-threat-report-csp-findings-iam/]]|Report|
|2020.10.08|//Palo Alto Networks//| → [[Unit 42 Cloud Threat Report: Misconfigured IAM Roles Lead to Thousands of Compromised Cloud Workloads|https://unit42.paloaltonetworks.com/iam-roles-compromised-workloads/]]|Report|
|2020.10.07|SDX Central| → [[Palo Alto Networks Exposes Multi-Million-Dollar Cloud Misconfigurations|https://www.sdxcentral.com/articles/news/palo-alto-networks-hacks-aws-exposes-multi-million-dollar-misconfigurations/2020/10/]]|Report|
|2020.10.06|//Amazon AWS//|[[AWS Firewall Manager helps automate security group management: 3 scenarios|https://aws.amazon.com/blogs/security/aws-firewall-manager-helps-automate-security-group-management-3-scenarios/]]|AWS Firewalle|
|2020.10.06|//Amazon AWS//|[[New IAMCTL tool compares multiple IAM roles and policies|https://aws.amazon.com/blogs/security/new-iamctl-tool-compares-multiple-iam-roles-and-policies/]]|AWS IAM Tools|
|2020.10.06|//Microsoft Azure//|[[Secure Score by Groups Workbook|https://techcommunity.microsoft.com/t5/azure-security-center/secure-score-by-groups-workbook/ba-p/1749376]]|Azure_Security_Center|
|2020.10.06|//Park My Cloud//|[[Quick Guide: Understanding AWS IP Address Types|https://www.parkmycloud.com/blog/aws-ip-address-types/]]|AWS IP_Address|
|2020.10.06|//Menlo Security//|[[Five Cloud Security Considerations for CISOs|https://www.menlosecurity.com/blog/five-cloud-security-considerations-for-cisos]]|Risks|
|2020.10.06|//Sysdig//|[[Image scanning for Google Cloud Build|https://sysdig.com/blog/image-scanning-google-cloud-build/]]|GCP Images|
|>|>|>|!2020.10.05|
|2020.10.05|Chris Farris|![[Mapping CIS Controls to Cloud|https://www.chrisfarris.com/post/cis-controls/]] |Controls|
|2020.10.05|Cloud Native Computing Foundation|[[A Practical Guide to Kubernetes Logging|https://www.cncf.io/blog/2020/10/05/a-practical-guide-to-kubernetes-logging/]]|K8s Logging|
|2020.09.03|//Logz//| ← [[A Practical Guide to Kubernetes Logging|https://logz.io/blog/a-practical-guide-to-kubernetes-logging/]]|K8s Logging|
|2020.10.05|//OVH Cloud//|[[OVHcloud Predictor, part 1|https://www.ovh.com/blog/ovhcloud-predictor-part-1/]] (1/2)|WAF|
|2020.10.05|//Veeam//|[[Veeam Acquires Kasten to Accelerate Protection of Kubernetes-Native Workloads On-Premises and Across Multi-Cloud Environments|https://www.veeam.com/news/veeam-acquires-kasten-to-accelerate-protection-of-kubernetes-native-workloads-on-premises-and-across-multi-cloud-environments.html]]|Acquisition|
|2020.10.05|Container Journal| → [[Veeam Acquires Kasten to Protect Kubernetes Data|https://containerjournal.com/topics/container-security/veeam-acquires-kasten-to-protect-kubernetes-data/]]|Acquisition|
|2020.10.05|Computer weekly| → [[Veeam buys Kasten to get a boost in Kubernetes backup|https://www.computerweekly.com/news/252490101/Veeam-buys-Kasten-to-get-a-boost-in-Kubernetes-backup]]|Acquisition|
|2020.10.05|The Hackers News|[[Secure Your SaaS Apps With Security Posture Management Platform|https://thehackernews.com/2020/10/saas-security-software.html]]|CSPM|
|2020.10.05|//Flant//|[[Overcoming the challenges of cleaning up container images|https://medium.com/flant-com/cleaning-up-container-images-with-werf-ec35b5d46569]]|Container Images|
<<tiddler [[arOund0C]]>>
[>img(250px,auto)[iCSF/KAJCE.png]]La conférence ''Europe Cloud Summit'' se déroulera du 19 au 23 octobre 2020.
Sur les 5 jours, l'un sera entièrement consacré aux aspects 'Cloud et Cybersécurité'
* Lundi 19 octobre 2020 : ''//Operations ++ -- DevOps, Automation & Infrastructures//''
* Mardi 20 octobre 2020 : ''//Architecture -- Cloud-Native & Application Modernization//''
* Mercredi 21 octobre 2020 : ''//AI-ML & Data//''
* Jeudi 22 octobre 2020 : ''//Security & Cyber//''
** 10:00-10:45 - Keynote: //Death by Cyber: COVID-19 and Much More// -- Menny Barzilay, Cytactic
** 11:00-11:45 - //Lessons Learned From Implementing API Management In The Real World// -- Eldert Grootenboer
** 12:00-12:45 - //There's no such thing as DevSecOps// -- Dave Mangot, Mangoteque
** 13:00-13:45 - //Mid-day Keynote: Two big questions you need to ask about cloud storage, ransomware and Office 365// -- Jeff Reichard, Veeam
** 14:00-14:45 - //Securing Your Web Application Pipeline From Intruders// -- Milecia McGregor
** 15:00-15:45 - //Cloud-Native Incident Management// -- Andrew Krug, Datadog
** 16:00-16:45 - //Security hardening of popular public cloud managed services// -- Runcy Oommen, SonicWall
** 17:00-17:45 - //Prisma Cloud: The Cloud Native Security Platform// -- Tomas Carbonell, Palo Alto Networks
** 18:00-18:15 - //Practical Security Management: Best Practices, Tools, and Use Cases// -- Steven Puddephatt, GlobalDots
** 18:15-18:30 - //IAM - with great power comes great responsibility// -- Shira Shamban, Solvo
* Vendredi 23 octobre 2020 : ''//Leadership & Strategy//''
__Liens :__
* Site → https://www.europecloudsummit.com/
* Incriptions → https://www.europeclouds.com/europeclouds-summit-registration
<<tiddler [[arOund0C]]>>
!"//Cloud Security Alliance APAC Virtual Summit//"
[>img(150px,auto)[iCSA/KAKCW.png]]La conférence se déroulera du 20 au 22 octobre 2020.
* Mardi 20 octobre 2020 : ''Emerging Cloud Security Threats''
:→ https://www.brighttalk.com/summit/4825-csa-apac-virtual-summit/day-one/
> //Cloud computing is one of the key drivers for achieving an organization's mission and is finally becoming a new norm. As a result, cloud spending will continue to grow, making it the top investment area for enterprises. But the complexity of cloud can be the perfect place for attackers to hide, offering concealment as a launchpad for further harm. Unawareness of the threats, risks and vulnerabilities makes it more challenging to protect organizations from data loss. Sessions on this day will provide needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies.//
* Mercredi 21 octobre 2020 : ''Security Paradigm (Zero Trust)''
:→ https://www.brighttalk.com/summit/4825-csa-apac-virtual-summit/day-two-security-paradigm-zero-trust/
> //Cloud technologies and traditional security processes are as bad a match as stripes and polka dots. They simply aren't built to mix well together. As companies adopt cloud technologies, security teams are scrambling to apply what they know to this new way of doing business. But they're quickly realizing how different an on-prem mindset is from one that's geared to the cloud. Sessions on this day will define ways you can effectively shift your security paradigm so it's suited to a cloud-defined world.//
* Jeudi 22 octobre 2020 : ''Cloud Security Solutions''
:→ https://www.brighttalk.com/summit/4825-csa-apac-virtual-summit/day-3-cloud-security-solutions/
> //With cloud as the dominant IT environment and nearly every organization and government leveraging it to some degree, it is not enough to stay on top of what's happening today. The need to look beyond tomorrow and stay ahead of Emerging Trends is paramount to an organization's security. Sessions on this day will focus on cloud security & cbersecurity solutions from the perspective of CSA and other experts.//
__Liens :__
→ https://www.brighttalk.com/summit/4825-csa-apac-virtual-summit/
<<tiddler [[arOund0C]]>>
Les 6 appels à commentaires actuellement ouverts et qui expirent dans les prochains 30 jours sont :
* avant le 15 octobre 2020, sur les aspects ''quantique'' et ''Blockchain'' : //Blockchains in the Quantum Era//, //Confidence in Post Quantum Algorithms//
* avant le 30 octobre 2020, sur les aspects ''IoT'' : //Guide to the Internet of Things (IoT) Security Controls Framework v2//, //Cloud-Based, Intelligent Ecosystems//, //CSA IoT Security Controls Framework v2//
* avant le 4 novembre 2020, sur la ''CCM'' : //Cloud Controls Matrix v4//
* avant le 9 novembre 2020, sur les aspects ''Enterprise Architecture'' : //Enterprise Architecture v2 to CCM v3.0.1 Mapping//, //CSA Enterprise Architecture Reference Guide v2//
__Détails ci-dessous__
!!//Blockchains in the Quantum Era//
* Date limite → 15 octobre 2020
* Lien → https://cloudsecurityalliance.org/artifacts/blockchains-in-the-quantum-era/
> //Digital Ledger Technologies (DLT) such as blockchain are being deployed as part of diverse applications that span multiple market segments. Application developers have successfully leveraged the blockchain characteristics of decentralization, immutability, cryptographic security and transparency to create the solution benefits of redundancy, non-repudiation and enhanced auditing/compliance. Blockchain infrastructures make very extensive use of digital signature algorithms, hashing algorithms and public-key cryptography. The rapid pace of progress that is being experienced with quantum computing technology has made the prospect of quantum computer cyber-attacks a very real possibility.//
> //Initiatives are therefore underway to augment today's DLT/blockchain infrastructures with cryptographic algorithms that are highly resistant to quantum computer attack. These post-quantum algorithms are based on computational problems that are known to be very difficult for quantum computers to solve by using either Shor's algorithm or Grover's algorithm. This paper provides an introduction to DLT/blockchain technology, some of its representative applications, and an overview of the leading post-quantum algorithm candidates that are actively being pursued.//
!!//Confidence in Post Quantum Algorithms//
* Date limite → 15 octobre 2020
* Lien → https://cloudsecurityalliance.org/artifacts/confidence-in-post-quantum-algorithms/
> //NIST made the recent announcement of its Round 3 candidates for future post-quantum cryptography or quantum safe standards. As the world prepares to transition to post-quantum cryptography, it is essential to understand how much analysis has been done on the security of the individual post quantum algorithms and classes of algorithms.//
> //The focus of this note is on the cryptanalytic and mathematical research that adds to building meaningful confidence in the algorithm's security as evidenced in publications. This is not analysis about implementation, performance nor application to protocols.//
!!//Guide to the Internet of Things (IoT) Security Controls Framework v2//
* Date limite → 30 octobre 2020
* Lien → https://cloudsecurityalliance.org/artifacts/guide-to-the-internet-of-things-iot-security-controls-framework-v2/
> //The Guide to the IoT Security Controls Framework provides instructions for using the companion CSA IoT Security Controls Framework v2 spreadsheet. This guide explains how to use the framework to evaluate and implement an IoT system for your organization by providing a column by column description and explanation.//
!!//Cloud-Based, Intelligent Ecosystems//
* Date limite → 30 octobre 2020
* Lien → https://cloudsecurityalliance.org/artifacts/cloud-based-intelligent-ecosystems/
> //This paper proposes a call to action for security executives to break the endless cycle of iterative tool adoption and, instead, move to data-centric security operations, driving integration and automation leveraging cloud-based fusion. Section I unpacks "intelligence" and addresses the challenges of integrating data from internal security tools and external threat feeds. Section II leverages lessons learned from the autonomous vehicle industry's "sense, understand and act;" Section III, proposes secure intelligent ecosystems to enrich data workflow and apply machine learning. Section IV, addresses security business analytics and the importance of measuring business outcomes for boards of directors, chief information security officers, and security operators. Section V proposes areas for further exploration and investigation.//
!!//CSA IoT Security Controls Framework v2//
* Date limite → 30 octobre 2020
* Lien → https://cloudsecurityalliance.org/artifacts/csa-iot-security-controls-framework-v2/
<<<
//The IoT Security Controls Framework is relevant for enterprise IoT systems that incorporate multiple types of connected devices, cloud services, and networking technologies. The Framework has utility across many IoT domains from systems processing only "low-value" data with limited impact potential, to highly sensitive systems that support critical services. The classification of a system is assigned by the system owner based on the value of the data being stored and processed and the potential impact of various types of physical security threats.
Updates for version 2 include...
* Updated Controls - All Controls have been reviewed and updated for technical clarity
* New Domain Structure - Control domains have been reviewed and updated to better categorize each control.
* New Legal Domain - Introduces relevant legal controls
* New Security Testing Domain - Introduces Security testing of architectural allocations.
* Simplified Infrastructure Allocations - Device types have been consolidated to a single type in order to simplify the allocation of controls to architectural components.
//
<<<
!!//Cloud Controls Matrix v4//
* Date limite → 4 novembre 2020
* Lien → https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/
> //The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA Best Practices, that is considered the de-facto standard for cloud security and privacy. CSA released today the early draft of the version 4 of the standard. The CCM v.4 constitutes a significant upgrade to the previous version (v3.0.1) by introducing changes in structure of the framework with a new domain dedicated to Log and Monitoring (LOG), and modifications in the existing ones (GRC, A&A, UEM, CEK). This update will also deliver a significant increase of requirements as result of developing additional controls and updating existing ones. Additional features of the CCM v.4 update are: ensured coverage of requirements deriving from new cloud technologies, new controls and security responsibility matrix, improved auditability of the controls, and enhanced interoperability and compatibility with other standards. The objective of this update is to continue to lead the security industry and market as the cloud provider and user-centric control framework of choice for all. Share your knowledge by providing feedback and contributing to the open peer review for CCM v.4. Participants of the peer review are asked to focus on the content and semantics of controls.//
!!//Enterprise Architecture v2 to CCM v3.0.1 Mapping//
* Date limite → 9 novembre 2020
* Lien → https://cloudsecurityalliance.org/artifacts/enterprise-architecture-v2-ccm-v301-mapping/
> //The EA v2 to CCM v3.0.1 Mapping is a companion piece with the Enterprise Architecture Reference Guide v2. The peer review for both documents are intended to be done in parallel.//
* Document → https://cloudsecurityalliance.atlassian.net/artifacts/enterprise-architecture-reference-guide-v2
!!//CSA Enterprise Architecture Reference Guide v2//
* Date limite → 9 novembre 2020
* Lien → https://cloudsecurityalliance.org/artifacts/enterprise-architecture-reference-guide-v2/
<<<
//The Enterprise Architecture Reference Guide v2 is a companion piece with the EA v2 to CCM v3.0.1 Mapping. The peer review for both documents are intended to be done in parallel. [...].
The CSA Enterprise Architecture is a comprehensive approach for the architecture of a secure, identity-aware cloud infrastructure. EAWG leverages four industry standard architecture models: TOGAF, ITIL, SABSA, and Jericho. This approach combines the best of breed architecture paradigms into a comprehensive approach to cloud security. By combining business drivers with security infrastructure, EAWG increases the value proposition of cloud services within an enterprise business model. The CSA Enterprise Architecture was adopted by the National Institute of Standards and Technologies in NIST SP 500-299 and NIST SP 500-292.
While this document simply compiles the existing architecture definitions, it is needed for upcoming EAWG releases, including a CSA Cloud Controls Matrix (CCM 3.0.1) to EA mapping and a refresh to the Enterprise Architecture itself. //
<<<
<<tiddler [[arOund0C]]>>
Les prochains webinaires Azure sur le cloud et la sécurité sont les suivants :
* 15 octobre 2020 à 17h (CET) : //Introduction to Azure Network Security//
* 26 octobre 2020 à 17h (CET) : //Azure Security Center: VM Protection//
* 27 octobre 2020 à 17h (CET) : //Protecting your web apps with Azure Web Application Firewall (WAF)//
* 28 octobre 2020 à 17h (CET) : //Azure Security Center: Multi Cloud support in ASC//
* 29 octobre 2020 à 17h (CET) : //Cybersecurity Basics: Securing Yourself//
* 2 novembre 2020 à 17h (CET) : //Azure Security Center: Azure Defender for IoT with CyberX //
* 9 novembre 2020 à 17h (CET) : //Azure Security Center: Ignite 2020 Announcements//
* 10 novembre 2020 à 17h (CET) : //Getting started with Azure Distributed Denial of Service (DDoS) Protection//
* 12 novembre 2020 à 17h (CET) : //Boosting your Azure Web Application (WAF) deployment//
* 17 novembre 2020 à 17h (CET) : //Microsoft Threat Protection: l33tSpeak -- Advanced hunting in Microsoft 365 Defender//
* 30 novembre 2020 à 17h (CET) : //Azure Security Center: Azure Defender for SQL Anywhere//
* 1 décembre 2020 à 17h (CET) : //Manage application and network connectivity with Azure Firewall//
* 3 décembre 2020 à 17h (CET) : //Getting started with Azure Firewall Manager//
* 8 décembre 2020 à 17h (CET) : //Azure Network Security for SOCs//
* 10 décembre 2020 à 17h (CET) : //Azure Network Security Advanced Architecture//
* 7 décembre 2020 à 17h (CET) : //Azure Security Center: Investigating Azure Security Center alerts using MCAS and Azure Sentinel//
* 7 janvier 2021 à 17h (CET) : //Azure Security Center: Azure service layers protection//
* 21 janvier 2021 à 17h (CET) : //Azure Sentinel: Auditing and monitoring your Azure Sentinel workspace//
__Liens__
* Détails et inscriptions → https://techcommunity.microsoft.com/t5/microsoft-security-and/security-community-webinars/ba-p/927888
<<tiddler [[arOund0C]]>>
!"//Using CSA's Implementation Guide for SAP to securely migrate to operate ERP applications in the cloud//"
Article publié le 9 octobre 2020 — Rédigé par Juan Perez-Etchegoyen, chair of the Enterprise Resource Planning working group+++^*[»] https://cloudsecurityalliance.org/research/working-groups/enterprise-resource-planning/ === , et CTO of Onapsis.
<<<
//[>img(150px,auto)[iCSA/KA9BU.jpg]]With the increasingly growing adoption of cloud models across Enterprise Resource Planning (ERP) applications, organizations need to increase the level of attention and controls provided to the most critical assets in the organization. To address this growing need, CSA released the second part of our Critical Controls Implementation for SAP, a document with the implementation details on all the top 20 critical controls, focusing on specific ERP technologies. This document, authored by CSA's Enterprise Resource Planning (ERP) Working Group, takes a more technical, granular approach and is designed to help organizations securely migrate to and operate ERP applications in the cloud.
!!Helps companies streamline digital transformation & cloud migration
The release of the document comes at a crucial time, as with the hit of the pandemic, organizations have started to streamline digital transformation and cloud migration projects, to enable more users and employees to operate from remote locations through a digital experience. Additionally, with the increase in threat activity and risks affecting ERP Applications (as discussed in RECON (CVE-2020-6287) and its impact on Cloud Applications) this document covers the controls that could prepare the organization for the increasing threat landscape on ERP Applications. It's our hope that this set of guidelines serves as a springboard for SAP administrators in their journey to implementing and securing their ERP solutions.
The controls implementation and the checklists apply to SAP NetWeaver(C) ABAP(C) and all its versions and provide a detailed description of the control implementation. The checklists provide general steps as well as some direction on how to carry out the implementation of the controls. Combined with the previously released Top 20 Critical Controls document, it explains who would be typically responsible in an IaaS or SaaS scenario.
!!Controls covered by this guide
This document is an implementation of the Top 20 Critical Controls for Cloud Enterprise Resource Planning (ERP) Customers (released in June 2019), which took a more general approach. In this version it combines all of the guidance into a single, comprehensive document. Now, SAP administrators have a more detailed examination of controls implementation, as well as a set of checklists for all of the following 20 controls.
# APP01 - Secure Landscape [>img(250px,auto)[iCSA/KA5PC.jpg]]
# APP02 - Baseline Secure Configurations
# APP03 - Security Vulnerabilities
# INT01 - Secure Integrations and
# API DAT01 - Continuous Monitoring
# DAT02 - Data Separation
# DAT03 - Data Encryption
# BUS01 - Inventory of Business Assets, Data and Processes
# BUS02 - Business Process Controls
# BUS03 - Continuous Compliance
# USR01 - Secure Authentication
# USR02 - User Accounts Management
# USR03 - Role-based Access Control
# USR04 - Emergency Access
# USR05 - Segregation of Duties
# USR06 - Secure User Provisioning/Deprovisioning
# USR07 - ERP Accounts Security
# APP04 - Secure Communications
# APP05 - Change Management Controls
# APP06 - Secure Extensions
__Learn more by downloading the full implementation guide__//
[...]
<<<
__Liens__
* Blog → https://cloudsecurityalliance.org/blog/2020/10/09/using-csa-s-implementation-guide-for-sap-to-securely-migrate-to-operate-erp-applications-in-the-cloud/
* Téléchargement → https://cloudsecurityalliance.org/artifacts/critical-controls-implementation-for-sap-parts-1-and-2/
<<tiddler [[arOund0C]]>>
!"//New 2020 Survey Report on Security Practices in HPC & HPC Cloud//"
Article publié le 8 octobre 2020 — Rédigé par Guan Sin Ong et Andrew Howard au nom du du groupe de travail "High Performance Computing (HPC) Cloud Security Working Group"+++^*[»] https://cloudsecurityalliance.org/research/working-groups/high-performance-computing-cloud-security/ === .
<<<
//[>img(150px,auto)[iCSA/KA8BN.jpg]]With the current trend of HPC workloads and infrastructure increasingly becoming cloud-like (e.g., resource pooling, rapid elasticity, on-demand self-service), or interacting with the cloud (e.g., bursting), security will become a greater concern at an accelerating rate. The secure interchange of data between traditional HPC and HPC Cloud, and the portability of a user's HPC workflow and tools are critical elements of HPC Cloud use. Where a traditional HPC environment has a dedicated team of administrators, a HPC Cloud environment may rely on the use of community-supported, generically preconfigured tools from sources like OpenHPC+++^*[»] http://www.openhpc.community/ === .
To start working towards providing a backdrop for developing a set of best practices / guidelines to secure HPC / HPC Cloud, the Cloud Security Alliance (CSA) released survey report this week to provide insights into the level and type of cyber and cloud security adopted by HPC / HPC Cloud infrastructure to protect their infrastructure and workloads. The report, "Security Practices in HPC & HPC Cloud" is the first deliverable presented by CSA's High Performance Computing (HPC) Cloud Security Working Group.
!What are the challenges of HPC workloads becoming more cloud-like?
'Vanilla' Cloud environments were typically not made to handle harsh environments like that of HPC. Technical concerns for HPC are further complicated by the complex and ever-evolving threat landscape. As we increasingly see cases of pure HPC bare metal infrastructure interacting with the cloud (such as I/O interfaces and processes), it brings along more 'opportunities' for malicious attacks. While this should be considered and integrated into security policies and guidelines, performance faces the peril of being compromised as precious resources are carved out for security protocols and processes. The crossing of cloud and HPC environments often leads us to questions of how security in an HPC Cloud environment can be implemented, enforced and ensured without the need to compromise performance. This working group strives to provide recommendations that can answer these questions+++^*[»] https://cloudsecurityalliance.org/research/working-groups/high-performance-computing-cloud-security/ ===
!The report highlights common challenges faced by the HPC sector.
The survey report from CSA shines a light on common challenges faced in the industry, together with the real-world security processes put in place to tackle such hindrances. The observations presented through this report highlight learning points for the HPC sector in terms of the perceived level of security in the sector, perception of security vs performance, drivers and impediments to cloud-enablement and improving security postures, and security practices that could be adopted in HPC / HPC Cloud environments.
!Key findings from the report
* [>img(500px,auto)[iCSA/KA8B2.png]]The majority of respondents (66.7%) expressed deep concerns about the risk of cyber threats to HPC infrastructure and workloads
* When asked what the barriers to adopting better security practices where, the majority of respondents listed budgetary constraints and lack of awareness.
* Slightly more than 50% of respondents' organizations do not tap industry guidelines / standards for cybersecurity.
* About half of the respondents are offering cloud-based HPC services.
* A dominating concern specific to the HPC sector impeding cloud adoption is performance tradeoff (80%). Interestingly, only 10% of respondents cited not meeting security requirements as a barrier to cloud adoption.
.//
<<<
__Liens__
* Blog → https://cloudsecurityalliance.org/blog/2020/10/08/new-2020-survey-report-on-security-practices-in-hpc-hpc-cloud/
* Téléchargement → https://cloudsecurityalliance.org/artifacts/survey-report-security-practices-in-hpc-cloud/
<<tiddler [[arOund0C]]>>
!"//Survey Report - Security Practices in HPC & HPC Cloud//"
[>img(150px,auto)[iCSA/KA8PS.jpg]]Publication le 8 octobre 2020 du premier livrable du groupe de travail "High Performance Computing (HPC) Cloud Security Working Group"+++^*[»] https://cloudsecurityalliance.org/research/working-groups/high-performance-computing-cloud-security/ === .
<<<
//This survey report aims to provide insights to the level and type of cyber and cloud security adopted by High Performance Computing (HPC) / HPC Cloud infrastructure to protect their infrastructure and workloads, and shines a light on common challenges faced in the industry, together with the real world security processes put in place to tackle such hindrances.
The observations presented through this report highlight learning points for the HPC sector in terms of the perceived level of security in the sector, perception of security vs performance, drivers and impediments to cloud-enablement and improving security postures, and security practices that could be adopted in HPC / HPC Cloud environments. //
<<<
__Liens__
* Annonce et téléchargement → https://cloudsecurityalliance.org/artifacts/survey-report-security-practices-in-hpc-cloud/
<<tiddler [[arOund0C]]>>
!"//Critical Controls Implementation for SAP (Parts 1 and 2)//"
[>img(150px,auto)[iCSA/KA5PC.jpg]]Publication le 5 octobre 2020 du livrable complet du groupe de travail "Enterprise Resource Planning"+++^*[»] https://cloudsecurityalliance.org/research/working-groups/enterprise-resource-planning/ === .
<<<
//SAP security documentation can be difficult to navigate and there are currently no frameworks that aligns with standard controls. This document aims to alleviate that problem by describing the implementation of the Top 20 Critical Controls for Cloud ERP Customer from a technology specific perspective, in this case SAP. SAP customers are extensively migrating to the cloud and will benefit from this document the most.//
<<<
__Liens__
* Annonce → https://cloudsecurityalliance.org/artifacts/critical-controls-implementation-for-sap-parts-1-and-2/
* Téléchargement → https://cloudsecurityalliance.org/download/artifacts/critical-controls-implementation-for-sap-parts-1-and-2/
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #84|2020.10.04 - Newsletter Hebdomadaire #84]]__@@ {{arOund{FRA}}}[>img(100px,auto)[iCSA/logoCSAFR.png]] |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English version #84|2020.10.04 - Weekly Newsletter - #84]]__@@ {{arOund{ENG}}}[>img(100px,auto)[iCSA/logoCSAFR.png]] |
|<<tiddler [[2020.10.04 - Newsletter Hebdomadaire #84]]>> |<<tiddler [[2020.10.04 - Weekly Newsletter - #84]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> === is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 28 septembre au 4 octobre 2020
!!1 - Informations CSA - 28 septembre au 4 octobre 2020
* Publication ANSSI : 'Sécurité relative au déploiement de conteneurs Docker'+++*[»]> <<tiddler [[2020.10.02 - Publication ANSSI : 'Sécurité relative au déploiement de conteneurs Docker']]>>===
* Actu : Ouverture des inscriptions pour le Congrès EMEA du 3 au 5 novembre 2020+++*[»]> <<tiddler [[2020.09.29 - Actu : Ouverture des inscriptions pour le Congrès EMEA du 3 au 5 novembre 2020]]>>===
* Actu : Millième enregistrement dans la base STAR+++*[»]> <<tiddler [[2020.09.29 - Actu : Millième enregistrement dans la base STAR]]>>===
* Actu : Report du Salon 'Cloud & Cyber Security Expo Paris' 2020+++*[»]> <<tiddler [[2020.09.30 - Actu : Report du Salon 'Cloud & Cyber Security Expo Paris' 2020]]>>===
* Blog : 'RECON (CVE-2020-6287) and its impact on Cloud Applications'+++*[»]> <<tiddler [[2020.09.29 - Blog : 'RECON (CVE-2020-6287) and its impact on Cloud Applications']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 60 liens|2020.10.04 - Veille Hebdomadaire - 4 octobre]])
* __''À lire''__
** ''Recommandations de sécurité relatives au déploiement de conteneurs Docker'' (ANSSI)+++^*[»]
|2020.10.02|ANSSI|![[Recommandations de sécurité relatives au déploiement de conteneurs Docker|https://www.ssi.gouv.fr/publication/recommandations-de-securite-relatives-au-deploiement-de-conteneurs-docker/]] |Docker Best_Practices|
|2020.10.02|ANSSI| → [[fiche technique|https://www.ssi.gouv.fr/uploads/2020/10/docker_fiche_technique.pdf]] (pdf)|Docker Best_Practices|
|2020.10.02|ANSSI| → [[évaluation|https://www.ssi.gouv.fr/uploads/2020/10/docker_evaluation.pdf]] (pdf)|Docker Best_Practices|
|2020.10.02|ANSSI| → [[cible de sécurité|https://www.ssi.gouv.fr/uploads/2020/10/docker_cible.pdf]] (pdf)|Docker Best_Practices|
===
** ''Détection de portes dérobées pour Microsoft 365 et Azure AD'' (//FireEye//)+++^*[»]
|2020.09.30|//FireEye//|![[Detecting Microsoft 365 and Azure Active Directory Backdoors|https://www.fireeye.com/blog/threat-research/2020/09/detecting-microsoft-365-azure-active-directory-backdoors.html]] |M365 AzureAD Attacks|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : Documents Office malveillants diffusé depuis le Cloud+++^*[»]
|2020.09.30|//Netskope//|[[Dangerous Docs: Surge in Cloud-delivered Malicious Office Documents|https://www.netskope.com/blog/dangerous-docs-surge-in-cloud-delivered-malicious-office-documents]]|Malware|
===
** Vulnérabilités : Analyse de méthodes de compromission d'environnements AWS par les permissions • et Microsoft Azure par élévation de privilèges+++^*[»]
|2020.09.29|Security Shenanigans|![[Exploiting fine-grained AWS IAM permissions for total cloud compromise: a real world example (part 1/2)|https://medium.com/bugbountywriteup/exploiting-fine-grained-aws-iam-permissions-for-total-cloud-compromise-a-real-world-example-part-5a2f3de4be08]] |AWS IAM|
|2020.09.29|Security Shenanigans|![[Exploiting AWS IAM permissions for total cloud compromise: a real world example (part 2/2)|https://medium.com/bugbountywriteup/exploiting-aws-iam-permissions-for-total-cloud-compromise-a-real-world-example-part-2-2-f27e4b57454e]] |AWS IAM|
|>|>|>|!|
|2020.09.28|Nino Crudele|![[How to hack into Microsoft Azure using privilege escalation and how to protect your company|https://ninocrudele.com/how-to-hack-into-microsoft-azure-using-privilege-escalation-and-how-to-protect-your-company]]|Azure Risk Analysis|
===
** Pannes : Microsoft 365 puis Outlook+++^*[»]
|2020.09.28|//Microsoft Azure//|[[We're investigating an issue affecting access to multiple Microsoft 365 services. We're working to identify the full impact and will provide more information shortly|https://mobile.twitter.com/MSFT365Status/status/1310696819135901696]]|Outage M365|
|2020.09.28|Build5Nines| → [[Azure AD is Down Blocking Access to Azure, Teams, and more! - September 28, 2020 Microsoft Azure Outage|https://build5nines.com/azure-ad-is-down-blocking-access-to-azure-teams-and-more-september-28-2020-microsoft-azure-outage/]]|Outage M365|
|2020.09.28|The Register| → [[Microsoft? More like: My software goes off... Azure AD, Outlook, Office.com, Teams, Authenticator, etc block unlucky folks from logging in|https://www.theregister.com/2020/09/28/microsoft_azure_office_outlook_outage/]]|Outage M365|
|2020.09.29|Computer Weekly| → [[Organisations locked out by Azure AD crash|https://www.computerweekly.com/news/252489780/Organisations-locked-out-by-Azure-AD-crash]]|Outage M365|
|2020.09.29|The Register| → [[With so many cloud services dependent on it, Azure Active Directory has become a single point of failure for Microsoft|https://www.theregister.com/2020/09/29/onedrive_azure_active_directory_outage/]]|Outage M365|
|2020.09.29|Forbes| → [[What Caused The Massive Microsoft Teams, Office 365 Outage On Monday? Here's What We Know|https://www.forbes.com/sites/daveywinder/2020/09/29/what-caused-the-massive-microsoft-teams-office-365-outage-yesterday-heres-what-we-know/]]|Outage M365|
|2020.09.29|//Catchpoint//| → [[Incident Review - Microsoft Office 365 Outage|https://blog.catchpoint.com/2020/09/29/incident-review-microsoft-office-365-outage/]]|Outage M365|
|2020.09.30|//ESET//| → [[Microsoft 365 services back online after hours-long outage|https://www.welivesecurity.com/2020/09/30/microsoft-365-back-online-hours-long-outage/]] |Outage M365|
|2020.10.02|The Register| → [[Microsoft says bug, sorry, 'a latent defect' in Safe Deployment Process system downed Azure Active Directory|https://www.theregister.com/2020/10/02/microsoft_azure_bug/]]|Outage M365|
|>|>|>|!|
|2020.10.01|Forbes|[[Microsoft Suffered Worldwide Outlook Outage Today - Here's What We Know|https://www.forbes.com/sites/daveywinder/2020/10/01/new-worldwide-microsoft-outage-confirmed-heres-what-we-know/]]|Outage M365|
===
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Journaux Azure AD+++^*[»]
|2020.10.01|SANS ISC Handler|![[Making sense of Azure AD (AAD) activity logs|https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/]]|AzureAD Logging|
===
* __Rapports, Sondages, Études, Publications__
** Rapport : 'CISO Cloud/SaaS Security Report' (//Qosmos//)+++^*[»]
|2020.09.29|Qosmos|[[CISO Cloud/SaaS Security Report|https://www.qosmos.com/the-ciso-cloud-saas-security-report/]]|Report|
|2020.09.30|Solutions Review| → [[File Storage and Transfer Services Are the Top SaaS Security Concern|https://solutionsreview.com/cloud-platforms/file-storage-and-transfer-services-are-the-top-saas-security-concern/]]|Report|]
===
** Étude : 'Data Protection Trends and Strategies for Containers' (//Zerto//)+++^*[»]
|2020.09.29|//Zerto//|[[Industry Research Reveals Major Disconnect Between Data Protection Strategies Across Container-Based and Individual Applications|https://www.zerto.com/press-releases/key-findings-co-sponsored-esg-survey-and-ebook-data-protection-strategies-for-containers/]]|Report|
|2020.09.29|//Zerto//| → [[Data Protection Trends and Strategies for Containers|https://www.zerto.com/page/esg-data-protection-trends-and-strategies-for-containers/]]|Report|
|2020.09.29|Container Journal| → [[Zerto and ESG research exposes lack in data protection strategies for containers|https://containerjournal.com/news/news-releases/zerto-and-esg-research-exposes-lack-in-data-protection-strategies-for-containers/]]|Report|
|2020.09.29|Solutions Review| → [[Zerto Study Reveals Disconnect Between Container-Based Data Protection and Individual Apps - Solutions Review|https://solutionsreview.com/backup-disaster-recovery/zerto-study-reveals-disconnect-between-container-based-data-protection-and-individual-apps/]]|Report|
|2020.10.01|Continuity Central| → [[Non-native disaster recovery and backup solutions adversely affect RTOs and RPOs for container-based applications|https://www.continuitycentral.com/index.php/news/technology/5562-non-native-disaster-recovery-and-backup-solutions-adversely-affect-rtos-and-rpos-for-container-based-applications]]|Report|
===
* __Cloud Services Providers, Outils__
** AWS : Annonces sécurité • Accès O365 depuis Active Directory sur AWS+++^*[»]
|2020.10.02|//Amazon AWS//|[[Amazon S3 Update - Three New Security & Access Control Features|https://aws.amazon.com/blogs/aws/amazon-s3-update-three-new-security-access-control-features/]]|AWS Anouncements|
|2020.10.02|//Amazon AWS//|[[Enable Office 365 with AWS Managed Microsoft AD without user password synchronization|https://aws.amazon.com/blogs/security/enable-office-365-with-aws-managed-microsoft-ad-without-user-password-synchronization/]]|AWS O365 AzureAD|
===
** Azure : Confidential Computing sur AKS+++^*[»]
|2020.09.30|//Microsoft Azure//|[[Confidential Containers Nodes Now Supported on Azure Kubernetes Service (AKS) - Public Preview|https://techcommunity.microsoft.com/t5/microsoft-security-and/confidential-containers-nodes-now-supported-on-azure-kubernetes/ba-p/1726992]]|Azure Confidential_Computing AKS|
|2020.10.02|Security Week| → [[Azure Kubernetes Service Now Supports Confidential Containers|https://www.securityweek.com/azure-kubernetes-service-now-supports-confidential-containers]]|Azure Kubernetes Confidential|
===
** Oracle : Apport de la Threat Intelligence+++^*[»]
|2020.09.30|//Oracle Cloud//|![[How Threat Intelligence Complements Security Controls in Oracle SaaS Cloud|https://blogs.oracle.com/cloudsecurity/how-threat-intelligence-complements-security-controls-in-oracle-saas-cloud]] |Threat_Intel|
===
** Kubernetes : Risques à réduire • Comparaison EKS/GKE/AKS+++^*[»]
|2020.10.01|//StackRox//|![[Four Container and Kubernetes Security Risks You Should Mitigate|https://www.stackrox.com/post/2020/10/four-container-and-kubernetes-security-risks-you-should-mitigate/]] |Risks Containers Kubernetes|
|2020.10.01|//StackRox//|![[EKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud|https://www.stackrox.com/post/2020/10/eks-vs-gke-vs-aks/]] |EKS GKE AKS|
===
** Outils : MSSpray • AWS Key Triage Script+++^*[»]
|2020.10.02|Security Risks Advisors|![[MSSpray: Wait, how many endpoints DON'T have MFA??|https://sra.io/blog/msspray-wait-how-many-endpoints-dont-have-mfa/]] |Tools|
|2020.09.28|Cedric Owens|[[AWS Key Triage Script|https://github.com/cedowens/aws_key_triage_tool]] to automate initial triage/enumeration on a set of AWS keys in an input file|Tools AWS|
===
* __Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'__
** Podcasts: 'CISO Challenges in Cloud Security' (Cloud Security Podcast)+++^*[»]
|2020.10.04|Cloud Security Podcast|[[CISO Challenges in Cloud Security - Caleb Sima, VP - Security at Databricks|https://anchor.fm/cloudsecuritypodcast/episodes/CISO-Challenges-in-Cloud-Security---Caleb-Sima--VP---Security-at-Databricks-ekiruk]] ([[audio|https://anchor.fm/s/10fb9928/podcast/play/20589972/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2020-10-04%2F76807f4ceff8ec00574990da914179df.m4a]])|Podcast|
===
** Veilles : TL;DR Security 54 • The Cloud Security Reading List 57+++^*[»]
|2020.10.04|Marco Lancini|[[The Cloud Security Reading List #57|https://cloudseclist.com/issues/issue-57/]] |Weekly_Newsletter|
|2020.09.30|TL;DR Security|[[#54 - Complexity in Capital, Communicating a Breach, Offensive Terraform|https://tldrsec.com/blog/tldr-sec-054/]] |Weekly_Newsletter|
===
* __Marché, Acquisitions__
** Acquisitions : Portshift par Cisco+++^*[»]
|2020.10.01|//Cisco//|[[Cisco Announces Corporate News October 1 2020|https://blogs.cisco.com/news/cisco-announces-corporate-news-october-1-2020]]|Acquisition|
|2020.10.02|Security Week| → [[Cisco Acquires Kubernetes-Native Security Platform Portshift|https://www.securityweek.com/cisco-acquires-kubernetes-native-security-platform-portshift]]|Acquisition|
|2020.10.02|Silicon Angle| → [[Cisco buys Kubernetes security startup Portshift|https://siliconangle.com/2020/10/01/cisco-buys-kubernetes-security-startup-portshift/]]|Acquisition|
===
* __Divers__
** Threat Intelligence et Cloud+++^*[»]
|2020.09.30|//Oracle Cloud//|![[How Threat Intelligence Complements Security Controls in Oracle SaaS Cloud|https://blogs.oracle.com/cloudsecurity/how-threat-intelligence-complements-security-controls-in-oracle-saas-cloud]] |Threat_Intel|
===
** Ransomware et O365+++^*[»]
|2020.10.02|//AvePoint//|[[Ransomware in Office 365: How to Protect Your Data (Case Study)|https://www.avepoint.com/blog/backup/office-365-ransomware/]]|O365 Ransomware|
===
** Concept d'irresponsabilité partagée (//Lacework//)+++^*[»]
|2020.09.29|//Lacework//|[[The Shared Irresponsibility Model in the Cloud Is Putting You at Risk|https://www.darkreading.com/cloud/the-shared-irresponsibility-model-in-the-cloud-is-putting-you-at-risk/a/d-id/1338940]]|Shared_Responsibility|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/KA4/|https://CloudSecurityAlliance.fr/go/KA4/]] |
<<tiddler [[arOund0C]]>>
!!Weekly Cloud and Security Watch Newsletter - September 28th to October 4th, 2020
!!1 - CSA News and Updates - September 28th to October 4th, 2020
* Publication: 'Security for the deployment of Docker containers' (ANSSI)+++*[»]> <<tiddler [[2020.10.02 - Publication ANSSI : 'Sécurité relative au déploiement de conteneurs Docker']]>>===
* News: Registration Open for CSA EMEA Congress 2020, November, 3rd to 5th+++*[»]> <<tiddler [[2020.09.29 - Actu : Ouverture des inscriptions pour le Congrès EMEA du 3 au 5 novembre 2020]]>>===
* News: CSA STAR Registry Reaches Significant Milestone with 1,000 Entries+++*[»]> <<tiddler [[2020.09.29 - Actu : Millième enregistrement dans la base STAR]]>>===
* News: 'Cloud & Cyber Security Expo Paris' 2020 show postponed+++*[»]> <<tiddler [[2020.09.30 - Actu : Report du Salon 'Cloud & Cyber Security Expo Paris' 2020]]>>===
* Blog: 'RECON (CVE-2020-6287) and its impact on Cloud Applications'+++*[»]> <<tiddler [[2020.09.29 - Blog : 'RECON (CVE-2020-6287) and its impact on Cloud Applications']]>>===
!!2 - Cloud and Security News Watch ([[over 60 links|2020.10.04 - Veille Hebdomadaire - 4 octobre]])
* __''Must read''__
** ''Recommandations for a secure deployment of Docker containers'' (in French, ANSSI)+++^*[»]
|2020.10.02|ANSSI|![[Recommandations de sécurité relatives au déploiement de conteneurs Docker|https://www.ssi.gouv.fr/publication/recommandations-de-securite-relatives-au-deploiement-de-conteneurs-docker/]] |Docker Best_Practices|
|2020.10.02|ANSSI| → [[fiche technique|https://www.ssi.gouv.fr/uploads/2020/10/docker_fiche_technique.pdf]] (pdf)|Docker Best_Practices|
|2020.10.02|ANSSI| → [[évaluation|https://www.ssi.gouv.fr/uploads/2020/10/docker_evaluation.pdf]] (pdf)|Docker Best_Practices|
|2020.10.02|ANSSI| → [[cible de sécurité|https://www.ssi.gouv.fr/uploads/2020/10/docker_cible.pdf]] (pdf)|Docker Best_Practices|
===
** ''Détection de portes dérobées pour Microsoft 365 et Azure AD'' (//FireEye//)+++^*[»]
|2020.09.30|//FireEye//|![[Detecting Microsoft 365 and Azure Active Directory Backdoors|https://www.fireeye.com/blog/threat-research/2020/09/detecting-microsoft-365-azure-active-directory-backdoors.html]] |M365 AzureAD Attacks|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: Cloud-delivered Malicious Office Documents+++^*[»]
|2020.09.30|//Netskope//|[[Dangerous Docs: Surge in Cloud-delivered Malicious Office Documents|https://www.netskope.com/blog/dangerous-docs-surge-in-cloud-delivered-malicious-office-documents]]|Malware|
===
** Vulnerabilities: Exploiting AWS IAM permissions • Hack Into Microsoft Azure+++^*[»]
|2020.09.29|Security Shenanigans|![[Exploiting fine-grained AWS IAM permissions for total cloud compromise: a real world example (part 1/2)|https://medium.com/bugbountywriteup/exploiting-fine-grained-aws-iam-permissions-for-total-cloud-compromise-a-real-world-example-part-5a2f3de4be08]] (1/2) |AWS IAM|
|2020.09.29|Security Shenanigans|![[Exploiting AWS IAM permissions for total cloud compromise: a real world example (part 2/2)|https://medium.com/bugbountywriteup/exploiting-aws-iam-permissions-for-total-cloud-compromise-a-real-world-example-part-2-2-f27e4b57454e]] (2/2) |AWS IAM|
|>|>|>|!|
|2020.09.28|Nino Crudele|![[How to hack into Microsoft Azure using privilege escalation and how to protect your company|https://ninocrudele.com/how-to-hack-into-microsoft-azure-using-privilege-escalation-and-how-to-protect-your-company]]|Azure Risk Analysis|
===
** Outages: Microsoft 365 then Outlook+++^*[»]
|2020.09.28|//Microsoft Azure//|[[We're investigating an issue affecting access to multiple Microsoft 365 services. We're working to identify the full impact and will provide more information shortly|https://mobile.twitter.com/MSFT365Status/status/1310696819135901696]]|Outage M365|
|2020.09.28|Build5Nines| → [[Azure AD is Down Blocking Access to Azure, Teams, and more! - September 28, 2020 Microsoft Azure Outage|https://build5nines.com/azure-ad-is-down-blocking-access-to-azure-teams-and-more-september-28-2020-microsoft-azure-outage/]]|Outage M365|
|2020.09.28|The Register| → [[Microsoft? More like: My software goes off... Azure AD, Outlook, Office.com, Teams, Authenticator, etc block unlucky folks from logging in|https://www.theregister.com/2020/09/28/microsoft_azure_office_outlook_outage/]]|Outage M365|
|2020.09.29|Computer Weekly| → [[Organisations locked out by Azure AD crash|https://www.computerweekly.com/news/252489780/Organisations-locked-out-by-Azure-AD-crash]]|Outage M365|
|2020.09.29|The Register| → [[With so many cloud services dependent on it, Azure Active Directory has become a single point of failure for Microsoft|https://www.theregister.com/2020/09/29/onedrive_azure_active_directory_outage/]]|Outage M365|
|2020.09.29|Forbes| → [[What Caused The Massive Microsoft Teams, Office 365 Outage On Monday? Here's What We Know|https://www.forbes.com/sites/daveywinder/2020/09/29/what-caused-the-massive-microsoft-teams-office-365-outage-yesterday-heres-what-we-know/]]|Outage M365|
|2020.09.29|//Catchpoint//| → [[Incident Review - Microsoft Office 365 Outage|https://blog.catchpoint.com/2020/09/29/incident-review-microsoft-office-365-outage/]]|Outage M365|
|2020.09.30|//ESET//| → [[Microsoft 365 services back online after hours-long outage|https://www.welivesecurity.com/2020/09/30/microsoft-365-back-online-hours-long-outage/]] |Outage M365|
|2020.10.02|The Register| → [[Microsoft says bug, sorry, 'a latent defect' in Safe Deployment Process system downed Azure Active Directory|https://www.theregister.com/2020/10/02/microsoft_azure_bug/]]|Outage M365|
|>|>|>|!|
|2020.10.01|Forbes|[[Microsoft Suffered Worldwide Outlook Outage Today - Here's What We Know|https://www.forbes.com/sites/daveywinder/2020/10/01/new-worldwide-microsoft-outage-confirmed-heres-what-we-know/]]|Outage M365|
===
* __Best Practices, and Detection__
** Best Practices: Azure AD Log Analysis+++^*[»]
|2020.10.01|SANS ISC Handler|![[Making sense of Azure AD (AAD) activity logs|https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/]]|AzureAD Logging|
===
* __Reports, Surveys, Studies, Publications__
** Report: 'CISO Cloud/SaaS Security Report' (//Qosmos//)+++^*[»]
|2020.09.29|Qosmos|[[CISO Cloud/SaaS Security Report|https://www.qosmos.com/the-ciso-cloud-saas-security-report/]]|Report|
|2020.09.30|Solutions Review| → [[File Storage and Transfer Services Are the Top SaaS Security Concern|https://solutionsreview.com/cloud-platforms/file-storage-and-transfer-services-are-the-top-saas-security-concern/]]|Report|]
===
** Study: 'Data Protection Trends and Strategies for Containers' (//Zerto//)+++^*[»]
|2020.09.29|//Zerto//|[[Industry Research Reveals Major Disconnect Between Data Protection Strategies Across Container-Based and Individual Applications|https://www.zerto.com/press-releases/key-findings-co-sponsored-esg-survey-and-ebook-data-protection-strategies-for-containers/]]|Report|
|2020.09.29|//Zerto//| → [[Data Protection Trends and Strategies for Containers|https://www.zerto.com/page/esg-data-protection-trends-and-strategies-for-containers/]]|Report|
|2020.09.29|Container Journal| → [[Zerto and ESG research exposes lack in data protection strategies for containers|https://containerjournal.com/news/news-releases/zerto-and-esg-research-exposes-lack-in-data-protection-strategies-for-containers/]]|Report|
|2020.09.29|Solutions Review| → [[Zerto Study Reveals Disconnect Between Container-Based Data Protection and Individual Apps - Solutions Review|https://solutionsreview.com/backup-disaster-recovery/zerto-study-reveals-disconnect-between-container-based-data-protection-and-individual-apps/]]|Report|
|2020.10.01|Continuity Central| → [[Non-native disaster recovery and backup solutions adversely affect RTOs and RPOs for container-based applications|https://www.continuitycentral.com/index.php/news/technology/5562-non-native-disaster-recovery-and-backup-solutions-adversely-affect-rtos-and-rpos-for-container-based-applications]]|Report|
===
* __Cloud Services Providers, Tools__
** AWS : Security Announcements • O365 with AWS Managed Microsoft AD+++^*[»]
|2020.10.02|//Amazon AWS//|[[Amazon S3 Update - Three New Security & Access Control Features|https://aws.amazon.com/blogs/aws/amazon-s3-update-three-new-security-access-control-features/]]|AWS Anouncements|
|2020.10.02|//Amazon AWS//|[[Enable Office 365 with AWS Managed Microsoft AD without user password synchronization|https://aws.amazon.com/blogs/security/enable-office-365-with-aws-managed-microsoft-ad-without-user-password-synchronization/]]|AWS O365 AzureAD|
===
** Azure : Confidential Computing on AKS+++^*[»]
|2020.09.30|//Microsoft Azure//|[[Confidential Containers Nodes Now Supported on Azure Kubernetes Service (AKS) - Public Preview|https://techcommunity.microsoft.com/t5/microsoft-security-and/confidential-containers-nodes-now-supported-on-azure-kubernetes/ba-p/1726992]]|Azure Confidential_Computing AKS|
|2020.10.02|Security Week| → [[Azure Kubernetes Service Now Supports Confidential Containers|https://www.securityweek.com/azure-kubernetes-service-now-supports-confidential-containers]]|Azure Kubernetes Confidential|
===
** Oracle : Threat Intelligence Benefits+++^*[»]
|2020.09.30|//Oracle Cloud//|![[How Threat Intelligence Complements Security Controls in Oracle SaaS Cloud|https://blogs.oracle.com/cloudsecurity/how-threat-intelligence-complements-security-controls-in-oracle-saas-cloud]] |Threat_Intel|
===
** Kubernetes: Risks to Mitigate • EKS vs GKE vs AKS+++^*[»]
|2020.10.01|//StackRox//|![[Four Container and Kubernetes Security Risks You Should Mitigate|https://www.stackrox.com/post/2020/10/four-container-and-kubernetes-security-risks-you-should-mitigate/]] |Risks Containers Kubernetes|
|2020.10.01|//StackRox//|![[EKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud|https://www.stackrox.com/post/2020/10/eks-vs-gke-vs-aks/]] |EKS GKE AKS|
===
** Tools: MSSpray • AWS Key Triage Script+++^*[»]
|2020.10.02|Security Risks Advisors|![[MSSpray: Wait, how many endpoints DON'T have MFA??|https://sra.io/blog/msspray-wait-how-many-endpoints-dont-have-mfa/]] |Tools|
|2020.09.28|Cedric Owens|[[AWS Key Triage Script|https://github.com/cedowens/aws_key_triage_tool]] to automate initial triage/enumeration on a set of AWS keys in an input file|Tools AWS|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcasts: 'CISO Challenges in Cloud Security' (Cloud Security Podcast)+++^*[»]
|2020.10.04|Cloud Security Podcast|[[CISO Challenges in Cloud Security - Caleb Sima, VP - Security at Databricks|https://anchor.fm/cloudsecuritypodcast/episodes/CISO-Challenges-in-Cloud-Security---Caleb-Sima--VP---Security-at-Databricks-ekiruk]] ([[audio|https://anchor.fm/s/10fb9928/podcast/play/20589972/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2020-10-04%2F76807f4ceff8ec00574990da914179df.m4a]])|Podcast|
===
** Newsletters: TL;DR Security 54 • The Cloud Security Reading List 57+++^*[»]
|2020.10.04|Marco Lancini|[[The Cloud Security Reading List #57|https://cloudseclist.com/issues/issue-57/]] |Weekly_Newsletter|
|2020.09.30|TL;DR Security|[[#54 - Complexity in Capital, Communicating a Breach, Offensive Terraform|https://tldrsec.com/blog/tldr-sec-054/]] |Weekly_Newsletter|
===
* __Market, Acquisitions__
** Acquisitions: Portshift by Cisco+++^*[»]
|2020.10.01|//Cisco//|[[Cisco Announces Corporate News October 1 2020|https://blogs.cisco.com/news/cisco-announces-corporate-news-october-1-2020]]|Acquisition|
|2020.10.02|Security Week| → [[Cisco Acquires Kubernetes-Native Security Platform Portshift|https://www.securityweek.com/cisco-acquires-kubernetes-native-security-platform-portshift]]|Acquisition|
|2020.10.02|Silicon Angle| → [[Cisco buys Kubernetes security startup Portshift|https://siliconangle.com/2020/10/01/cisco-buys-kubernetes-security-startup-portshift/]]|Acquisition|
===
* __Miscellaneous__
** Threat Intelligence et Cloud+++^*[»]
|2020.09.30|//Oracle Cloud//|![[How Threat Intelligence Complements Security Controls in Oracle SaaS Cloud|https://blogs.oracle.com/cloudsecurity/how-threat-intelligence-complements-security-controls-in-oracle-saas-cloud]] |Threat_Intel|
===
** Ransomware in O365+++^*[»]
|2020.10.02|//AvePoint//|[[Ransomware in Office 365: How to Protect Your Data (Case Study)|https://www.avepoint.com/blog/backup/office-365-ransomware/]]|O365 Ransomware|
===
** Shared Irresponsibility Model (//Lacework//)+++^*[»]
|2020.09.29|//Lacework//|[[The Shared Irresponsibility Model in the Cloud Is Putting You at Risk|https://www.darkreading.com/cloud/the-shared-irresponsibility-model-in-the-cloud-is-putting-you-at-risk/a/d-id/1338940]]|Shared_Responsibility|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/KA4/|https://CloudSecurityAlliance.fr/go/KA4/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 28 septembre au 4 octobre 2020
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.10.04|
|2020.10.04|Marco Lancini|[[The Cloud Security Reading List #57|https://cloudseclist.com/issues/issue-57/]] |Weekly_Newsletter|
|2020.10.04|Cloudberry Engineering|![[Dockerfile Security Best Practices|https://cloudberry.engineering/article/dockerfile-security-best-practices/]] |Docker Best_Practices|
|2020.10.04|Cloud Security Podcast|[[CISO Challenges in Cloud Security - Caleb Sima, VP - Security at Databricks|https://anchor.fm/cloudsecuritypodcast/episodes/CISO-Challenges-in-Cloud-Security---Caleb-Sima--VP---Security-at-Databricks-ekiruk]] ([[audio|https://anchor.fm/s/10fb9928/podcast/play/20589972/https%3A%2F%2Fd3ctxlq1ktw2nl.cloudfront.net%2Fstaging%2F2020-10-04%2F76807f4ceff8ec00574990da914179df.m4a]])|Podcast|
|>|>|>|!2020.10.03|
|2020.10.03|Dirk-jan Mollema|[[Abusing Azure AD SSO with the Primary Refresh Token|https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/]]|Azure SSO_Abuse|
|>|>|>|!2020.10.02|
|2020.10.02|ANSSI|![[Recommandations de sécurité relatives au déploiement de conteneurs Docker|https://www.ssi.gouv.fr/publication/recommandations-de-securite-relatives-au-deploiement-de-conteneurs-docker/]] |Docker Best_Practices|
|2020.10.02|ANSSI| → [[fiche technique|https://www.ssi.gouv.fr/uploads/2020/10/docker_fiche_technique.pdf]] (pdf)|Docker Best_Practices|
|2020.10.02|ANSSI| → [[évaluation|https://www.ssi.gouv.fr/uploads/2020/10/docker_evaluation.pdf]] (pdf)|Docker Best_Practices|
|2020.10.02|ANSSI| → [[cible de sécurité|https://www.ssi.gouv.fr/uploads/2020/10/docker_cible.pdf]] (pdf)|Docker Best_Practices|
|2020.10.02|BetaNews|[[Four steps to securing sensitive data in the cloud|https://betanews.com/2020/10/02/securing-sensitive-data-in-cloud/]]|Data_Protection|
|2020.10.02|Security Risks Advisors|![[MSSpray: Wait, how many endpoints DON'T have MFA??|https://sra.io/blog/msspray-wait-how-many-endpoints-dont-have-mfa/]] |Tools|
|2020.10.02|//Amazon AWS//|[[Amazon S3 Update - Three New Security & Access Control Features|https://aws.amazon.com/blogs/aws/amazon-s3-update-three-new-security-access-control-features/]]|AWS Anouncements|
|2020.10.02|//Amazon AWS//|[[Enable Office 365 with AWS Managed Microsoft AD without user password synchronization|https://aws.amazon.com/blogs/security/enable-office-365-with-aws-managed-microsoft-ad-without-user-password-synchronization/]]|AWS O365 AzureAD|
|2020.10.02|//AvePoint//|[[Ransomware in Office 365: How to Protect Your Data (Case Study)|https://www.avepoint.com/blog/backup/office-365-ransomware/]]|O365 Ransomware|
|2020.10.02|//Illumio//|[[How to Design and Implement an Effective Container Micro-Segmentation Strategy with Kubernetes|https://www.illumio.com/blog/container-microsegmentation-strategy]]|Containers|
|2020.10.02|//Red Hat//|[[Managing cgroups with CPUShares|https://www.redhat.com/sysadmin/cgroups-part-two]] (2/4)|Containers|
|2020.10.02|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of SMTP|https://blog.rapid7.com/2020/10/02/nicer-protocol-deep-dive-internet-exposure-of-smtp/]]|Report SMTP|
|>|>|>|!2020.10.01|
|2020.10.01|SANS Handlers Diary|![[Making sense of Azure AD (AAD) activity logs|https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/]] |AzureAD Logging|
|2020.10.01|Help Net Security|[[Challenges and drivers influencing container infrastructure backup and recovery|https://www.helpnetsecurity.com/2020/10/01/container-infrastructure-backup-and-recovery/]]|Containers Backup Recovery|
|2020.10.01|Forbes|[[Microsoft Suffered Worldwide Outlook Outage Today - Here's What We Know|https://www.forbes.com/sites/daveywinder/2020/10/01/new-worldwide-microsoft-outage-confirmed-heres-what-we-know/]]|Outage M365|
|2020.10.01|//GitHub//|[[Introducing API Shield|https://blog.cloudflare.com/introducing-api-shield/]]|APIs|
|2020.10.01|//StackRox//|![[Four Container and Kubernetes Security Risks You Should Mitigate|https://www.stackrox.com/post/2020/10/four-container-and-kubernetes-security-risks-you-should-mitigate/]] |Risks Containers Kubernetes|
|2020.10.01|//StackRox//|![[EKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud|https://www.stackrox.com/post/2020/10/eks-vs-gke-vs-aks/]] |EKS GKE AKS|
|2020.10.01|//Oracle Cloud//|[[Announcing Software Protected Keys in Oracle Cloud Infrastructure Vault|https://blogs.oracle.com/cloudsecurity/software-protected-keys-in-oracle-cloud-infrastructure-vault]]|Oracle Vault|
|2020.10.01|//Cisco//|[[Cisco Announces Corporate News October 1 2020|https://blogs.cisco.com/news/cisco-announces-corporate-news-october-1-2020]]|Acquisition|
|2020.10.02|Security Week| → [[Cisco Acquires Kubernetes-Native Security Platform Portshift|https://www.securityweek.com/cisco-acquires-kubernetes-native-security-platform-portshift]]|Acquisition|
|2020.10.02|Silicon Angle| → [[Cisco buys Kubernetes security startup Portshift|https://siliconangle.com/2020/10/01/cisco-buys-kubernetes-security-startup-portshift/]]|Acquisition|
|2020.10.01|//Checkpoint Software//|[[A Preview into the Secure Cloud Summit|https://blog.checkpoint.com/2020/10/01/a-preview-into-the-secure-cloud-summit/]]|Conference|
|2020.10.01|//Trustwave//|[[What Are the Risks of Hosting Data in the Cloud?|https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/what-are-the-risks-of-hosting-data-in-the-cloud/]]|Risks|
|2020.10.01|//K9 Security//|[[Secure data in AWS with Key Management Service (KMS)|https://k9security.io/docs/secure-data-in-aws-with-key-management-service-kms/]]|AWS KMS|
|>|>|>||
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.09.30|
|2020.09.30|TL;DR Security|[[#54 - Complexity in Capital, Communicating a Breach, Offensive Terraform|https://tldrsec.com/blog/tldr-sec-054/]] |Weekly_Newsletter|
|2020.09.30|Sotiris Nanopoulos|[[Envoy Proxy on Windows Containers|https://blog.envoyproxy.io/envoy-proxy-on-windows-containers-193dffa13050?gi=505099a5ea0]]|Containers Proxy|
|2020.09.30|Build5Nines|[[Microsoft Azure is Multiple Clouds - Public, US Gov, China and Germany|https://build5nines.com/microsoft-azure-is-multiple-clouds-public-us-gov-china-and-germany/]]|Azure MultiCloud|
|2020.09.30|//FireEye//|![[Detecting Microsoft 365 and Azure Active Directory Backdoors|https://www.fireeye.com/blog/threat-research/2020/09/detecting-microsoft-365-azure-active-directory-backdoors.html]] |M365 AzureAD Attacks|
|2020.09.30|//Fugue//|[[Thinking Like a Cloud Hacker: Part 1|https://www.fugue.co/blog/thinking-like-a-cloud-hacker-part-1]] (1/2)|Attacks|
|2020.09.30|//GitHub//|[[Code scanning is now available!|https://github.blog/2020-09-30-code-scanning-is-now-available/]]|GitHub|
|2020.09.30|//Microsoft Azure//|[[Confidential Containers Nodes Now Supported on Azure Kubernetes Service (AKS) - Public Preview|https://techcommunity.microsoft.com/t5/microsoft-security-and/confidential-containers-nodes-now-supported-on-azure-kubernetes/ba-p/1726992]]|Azure Confidential_Computing AKS|
|2020.10.02|Security Week| → [[Azure Kubernetes Service Now Supports Confidential Containers|https://www.securityweek.com/azure-kubernetes-service-now-supports-confidential-containers]]|Azure Kubernetes Confidential|
|2020.09.30|//Oracle Cloud//|![[How Threat Intelligence Complements Security Controls in Oracle SaaS Cloud|https://blogs.oracle.com/cloudsecurity/how-threat-intelligence-complements-security-controls-in-oracle-saas-cloud]] |Threat_Intel|
|2020.09.30|//Netskope//|[[Dangerous Docs: Surge in Cloud-delivered Malicious Office Documents|https://www.netskope.com/blog/dangerous-docs-surge-in-cloud-delivered-malicious-office-documents]]|Malware|
|>|>|>|!2020.09.29|
|2020.09.29|Computer Weekly|[[Compare AWS CloudEndure vs. Azure Site Recovery services|https://searchdisasterrecovery.techtarget.com/feature/Compare-AWS-CloudEndure-vs-Azure-Site-Recovery-services]]|Recovery|
|2020.09.29|Security Shenanigans|![[Exploiting fine-grained AWS IAM permissions for total cloud compromise: a real world example (part 1/2)|https://medium.com/bugbountywriteup/exploiting-fine-grained-aws-iam-permissions-for-total-cloud-compromise-a-real-world-example-part-5a2f3de4be08]] |AWS IAM|
|2020.09.29|Security Shenanigans|![[Exploiting AWS IAM permissions for total cloud compromise: a real world example (part 2/2)|https://medium.com/bugbountywriteup/exploiting-aws-iam-permissions-for-total-cloud-compromise-a-real-world-example-part-2-2-f27e4b57454e]] |AWS IAM|
|2020.09.29|Tech target|[[Compare AWS CloudEndure vs. Azure Site Recovery services|https://searchdisasterrecovery.techtarget.com/feature/Compare-AWS-CloudEndure-vs-Azure-Site-Recovery-services]]|Recovery AWS Azure|
|2020.09.29|//Zerto//|[[Industry Research Reveals Major Disconnect Between Data Protection Strategies Across Container-Based and Individual Applications|https://www.zerto.com/press-releases/key-findings-co-sponsored-esg-survey-and-ebook-data-protection-strategies-for-containers/]]|Report|
|2020.09.29|//Zerto//| → [[Data Protection Trends and Strategies for Containers|https://www.zerto.com/page/esg-data-protection-trends-and-strategies-for-containers/]]|Report|
|2020.09.29|Container Journal| → [[Zerto and ESG research exposes lack in data protection strategies for containers|https://containerjournal.com/news/news-releases/zerto-and-esg-research-exposes-lack-in-data-protection-strategies-for-containers/]]|Report|
|2020.09.29|Solutions Review| → [[Zerto Study Reveals Disconnect Between Container-Based Data Protection and Individual Apps - Solutions Review|https://solutionsreview.com/backup-disaster-recovery/zerto-study-reveals-disconnect-between-container-based-data-protection-and-individual-apps/]]|Report|
|2020.10.01|Continuity Central| → [[Non-native disaster recovery and backup solutions adversely affect RTOs and RPOs for container-based applications|https://www.continuitycentral.com/index.php/news/technology/5562-non-native-disaster-recovery-and-backup-solutions-adversely-affect-rtos-and-rpos-for-container-based-applications]]|Report|
|2020.09.29|Cloud Native Computing Foundation|[[Enforce Ingress Best Practices Using OPA|https://www.cncf.io/blog/2020/09/29/enforce-ingress-best-practices-using-opa/]] ([[source|https://www.magalix.com/blog/enforce-ingress-best-practices-using-opa]])|OPE Ingress|
|2020.09.29|InfoSecurity Mag|[[Research: Cloud Skills and Solutions Are in Short Supply|https://www.infosecurity-magazine.com/news/cloud-skills-solutions-shortage/]]|Skills|
|2020.09.29|Qosmos|[[CISO Cloud/SaaS Security Report|https://www.qosmos.com/the-ciso-cloud-saas-security-report/]]|Report|
|2020.09.30|Solutions Review| → [[File Storage and Transfer Services Are the Top SaaS Security Concern|https://solutionsreview.com/cloud-platforms/file-storage-and-transfer-services-are-the-top-saas-security-concern/]]|Report|
|2020.09.29|//Lacework//|[[The Shared Irresponsibility Model in the Cloud Is Putting You at Risk|https://www.darkreading.com/cloud/the-shared-irresponsibility-model-in-the-cloud-is-putting-you-at-risk/a/d-id/1338940]]|Shared_Responsibility|
|2020.09.29|//VMware//|[[VMware Unveils New Cloud Workload Security Solution|https://www.securityweek.com/vmware-unveils-new-cloud-workload-security-solution]]|Products VMware|
|2020.09.29|//AlienVault//|[[Zero Trust Architecture explained|https://cybersecurity.att.com/blogs/security-essentials/what-is-a-zero-trust-architecture]]|Zero_Trust|
|2020.09.29|//Proofpoint//|[[TA2552 Uses OAuth Access Token Phishing to Exploit Read-Only Risks|https://www.proofpoint.com/us/blog/threat-insight/ta2552-uses-oauth-access-token-phishing-exploit-read-only-risks]]|O365 Attack|
|2020.09.29|//Praetorian//|[[A New Tool for Password Spraying Emulation|https://www.praetorian.com/blog/tool-for-password-spraying-emulation]]|Password_Spraying|
|>|>|>|!2020.09.28|
|2020.09.28|Nino Crudele|![[How to hack into Microsoft Azure using privilege escalation and how to protect your company|https://ninocrudele.com/how-to-hack-into-microsoft-azure-using-privilege-escalation-and-how-to-protect-your-company]]|Azure Risk Analysis|
|2020.09.28|Dark Reading|[[9 Tips to Prepare for the Future of Cloud & Network Security|https://www.darkreading.com/cloud/9-tips-to-prepare-for-the-future-of-cloud-and-network-security/d/d-id/1338976]]|Tips|
|2020.09.28|//Microsoft Azure//|[[We're investigating an issue affecting access to multiple Microsoft 365 services. We're working to identify the full impact and will provide more information shortly|https://mobile.twitter.com/MSFT365Status/status/1310696819135901696]]|Outage M365|
|2020.09.28|Build5Nines| → [[Azure AD is Down Blocking Access to Azure, Teams, and more! - September 28, 2020 Microsoft Azure Outage|https://build5nines.com/azure-ad-is-down-blocking-access-to-azure-teams-and-more-september-28-2020-microsoft-azure-outage/]]|Outage M365|
|2020.09.28|The Register| → [[Microsoft? More like: My software goes off... Azure AD, Outlook, Office.com, Teams, Authenticator, etc block unlucky folks from logging in|https://www.theregister.com/2020/09/28/microsoft_azure_office_outlook_outage/]]|Outage M365|
|2020.09.29|Computer Weekly| → [[Organisations locked out by Azure AD crash|https://www.computerweekly.com/news/252489780/Organisations-locked-out-by-Azure-AD-crash]]|Outage M365|
|2020.09.29|The Register| → [[With so many cloud services dependent on it, Azure Active Directory has become a single point of failure for Microsoft|https://www.theregister.com/2020/09/29/onedrive_azure_active_directory_outage/]]|Outage M365|
|2020.09.29|Forbes| → [[What Caused The Massive Microsoft Teams, Office 365 Outage On Monday? Here's What We Know|https://www.forbes.com/sites/daveywinder/2020/09/29/what-caused-the-massive-microsoft-teams-office-365-outage-yesterday-heres-what-we-know/]]|Outage M365|
|2020.09.29|//Catchpoint//| → [[Incident Review - Microsoft Office 365 Outage|https://blog.catchpoint.com/2020/09/29/incident-review-microsoft-office-365-outage/]]|Outage M365|
|2020.09.30|//ESET//| → [[Microsoft 365 services back online after hours-long outage|https://www.welivesecurity.com/2020/09/30/microsoft-365-back-online-hours-long-outage/]] |Outage M365|
|2020.10.02|The Register| → [[Microsoft says bug, sorry, 'a latent defect' in Safe Deployment Process system downed Azure Active Directory|https://www.theregister.com/2020/10/02/microsoft_azure_bug/]]|Outage M365|
|2020.09.28|Cedric Owens|[[AWS Key Triage Script|https://github.com/cedowens/aws_key_triage_tool]] to automate initial triage/enumeration on a set of AWS keys in an input file|Tools AWS|
|2020.09.28|//AlienVault//|[[Stories from the SOC - Cloud and On-site Protection|https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-cloud-and-on-site-protection]]|SOC|
<<tiddler [[arOund0C]]>>
!"//Recommandations de sécurité relatives au déploiement de conteneurs Docker//"
[>img(200px,auto)[iCSF/KB2PR.jpg]]Cet ensemble de 3 document présente les bonnes pratiques de sécurité relatives au déploiement et à l'exécution de conteneur Docker :
* la fiche technique
<<<
//le Docker daemon et la gestion des images Docker sont hors périmètre de l'étude
Bien que hors périmètre, les Linux Security Modules ou LSM (AppArmor+++^*[»] https://docs.docker.com/engine/security/apparmor/ === , SELinux+++^*[»] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/container_security_guide/docker_selinux_security_policy === , TOMOYO+++^*[»] https://www.kernel.org/doc/html/v4.15/admin-guide/LSM/tomoyo.html === , etc.) permettent de renforcer la sécurité des conteneurs Docker+++^*[»] https://docs.docker.com/engine/security/security/ === .
Dans un souci de défense en profondeur, l'étude de leur mise en oeuvre ne peut donc qu'être conseillée.
Les tests réalisés, qui ne visent pas l'exhaustivité du sujet, l'ont été sur la version 18.09.3, build 774a1f4, de Docker Community Edition (CE).//
<<<
* l'évaluation BSS Express du produit Docker Community Edition (CE) dans sa version 18.09.3,build 774a1f4 développé par Docker,Inc.
* la cible de sécurité du produit Docker Community Edition (CE) dans sa version 18.09.4 développé par Docker, Inc. dans le cadre de l'évaluation BSS Express
Note : Il s'agit de productions originales de l'ANSSI placée sous le régime de la "Licence ouverte v2.0" publiée par la mission Etalab, permettant d'être réutilisées librement, "//sous réserve de mentionner sa paternité (source et date de la dernière mise à jour)//"
__Liens__
* Annonce → https://www.ssi.gouv.fr/publication/recommandations-de-securite-relatives-au-deploiement-de-conteneurs-docker/ /% ''[[CloudSecurityAlliance.fr/go/2/|https://CloudSecurityAlliance.fr/go/kb2a/]]'' %/
* Téléchargement de la fiche technique → https://www.ssi.gouv.fr/uploads/2020/10/docker_fiche_technique.pdf /% ''[[CloudSecurityAlliance.fr/go/k9fa/|https://CloudSecurityAlliance.fr/go/k9fa/]]'' %/
* Téléchargement de l'évaluation → https://www.ssi.gouv.fr/uploads/2020/10/docker_evaluation.pdf
* Téléchargement de la cible de sécurité → https://www.ssi.gouv.fr/uploads/2020/10/docker_cible.pdf
<<tiddler [[arOund0C]]>>
Voici la newsletter publiée par le CSA pour les Chapitres Européens, nord et sud américains. pour les mois d'Octobre et Novembre 2020.
<<<
|ssTablN0|k
|>| [img(auto,125px)[iCSA/KA1N1.jpg]] |
|>|Dear Chapters, |
|>|Thank you for participating in CSA's global community. We hope you enjoy this newsletter, created exclusively for CSA Chapters. Feel free to share with your members.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Welcome Newly Chartered Chapters|
| |We are excited to welcome a newly rebootedCSA Chapter:|
|~|The Silicon Valley Chapter, located in Palo Alto, CA, recently rechartered their Chapter withnew leadership. We're excited to reestablish a CSA Chapter in the thriving tech community.|
|[img(150px,auto)[iCSA/KA1N2.png]]|!Certificate of Cloud Auditing Knowledge (CCAK)|
|~|We announced a new partnership with ISACA to operate our previously announced Certificate of Cloud Auditing Knowledge (CCAK) as a joint venture. We expect to deliver the CCAK exam, training and body of knowledge by the end of the year. The strategic significance is not merely the partnership between the world's IT audit and cloud security leaders. It is the shared vision we have to collaborate in order to reinvent, improve and harmonize audit assurance in the cloud. We hope to make a positive difference on the global, national and grassroots levels and truly make cloud computing as trustworthy as any part of the technology spectrum. [[More Information|https://cloudsecurityalliance.org/education/ccak/]]|
|[img(150px,auto)[iCSA/KA1N3.jpg]]|!Cloud Controls Matrix - Peer Review|
|~|CSA is excited to continue development of its security controls framework, the Cloud Controls Matrix. We encourage chapters and their members to get involved in the peer review process and contribute to the CCM v.4 peer review. The CCM v.4 isthe latest iteration of the industry's standard controls framework for cloud security assurance and compliance. Please provide your feedback! [[Contribute|https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/]]|
|>|!Recently Published Research|
|~|CSA released the following research documents this past month. Like all of CSA's research, they are completely vendor-neutral and freely accessible on our website:|
|~|• Research: [[Top Threats to Cloud Computing: Egregious Eleven Deep Dive|https://cloudsecurityalliance.org/artifacts/top-threats-egregious-11-deep-dive/]]|
|~|• Research: [[CSA's Perspective on Cloud Risk Management|https://cloudsecurityalliance.org/artifacts/csa-s-perspective-on-cloud-risk-management/]]|
|~|• Research: [[Enterprise Architecture to CCM Shared Responsibility Model|https://cloudsecurityalliance.org/artifacts/enterprise-architecture-ccm-shared-responsibility-model/]]|
|~|Cloud Security Alliance Vision - October 15 FREE Virtual|
|[img(150px,auto)[iCSA/KA1N4.png]]|Please join us Thursday, October 15th for a CSA Minnesota presentation by ''Jim Reavis'' the Co-Founder and CEO of the Cloud Security Alliance delivering the below takeaways:|
|~|• What CSA can offer you?|
|~|• Getting involved =E2=80=93 what you can do?|
|~|• Where the industry is going?|
|~|• Skillsets that are important for you professionally|
|~|• Key trends in security disrupting the cloud|
|~|• CSA initiatives and roadmap|
|~|[[More Information|https://www.csamn.com/events-1/cloud-security-alliance-vision/form]]|
|>|!Other Research News|
| |• Peer Review: [[Blockchains in the Quantum Era|https://cloudsecurityalliance.org/artifacts/blockchains-in-the-quantum-era/]]|
| |• Peer Review: [[Confidence in Post Quantum Algorithms|https://cloudsecurityalliance.org/artifacts/confidence-in-post-quantum-algorithms/]]|
| |• Peer Review: [[Cloud Controls Matrix v4|https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/]]|
| |• Blog: [[Building a Secure Amazon S3 Bucket|https://cloudsecurityalliance.org/blog/2020/09/23/building-a-secure-amazon-s3-bucket/]]|
| |If you have any questions around how to implement this research, you can ask our research analysts and working group members in ourCircle Communityhere.|
|>|!Chapters Spotlight|
|[img(150px,auto)[iCSA/KA1N5.png]]|CSA LA/SoCal Chapter - This summer, the CSA LA/SoCal Chapter implemented a 7-week CCSK study group for their members. Their study group met once a week to review, discuss, and highlight the material covered in the CSA Knowledge Center CCSK Foundation Course. Leaders of the study group created slide decks and videos to help supplement and highlight key components of the CCSK training. The study group was a huge success with over 25 chapter members achieving their CCSK credentials.|
|[img(150px,auto)[iCSA/KA1N6.jpg]]|CSA New Jersey Chapter - Stanley Mierzwa, the CSA New Jersey Chapter president, had an article published on CISO MAG online. The article, Need Based Evaluation of Cloud Services in the Wake of COVID-19,discusses how widespread legacy applications are still being used, and in what main sectors, along with possible reasons why cloud adoption may not be pursued. The article mentions several resources for analyzing cloud service providers, including CSA's STAR, STAR Registry, and CAIQ tools.
→ https://cisomag.eccouncil.org/cloud-services-covid-19/|
|>|!Upcoming Events|
| |!Cloud Security Alliance Vision|
|~|October 15, 2020, Virtual|
|~|Please join us Thursday, October 15th for a CSA Minnesota Chapter presentation by Jim Reavis the Co-Founder and CEO of the Cloud Security Alliance delivering the below takeaways:|
|~|• What CSA can offer you?|
|~|• Getting involved =E2=80=93 what you can do?|
|~|• Where the industry is going?|
|~|• Skillsets that are important for you professionally|
|~|• Key trends in security disrupting the cloud|
|~|• CSA initiatives and roadmap|
|~|[[More Information|https://www.csamn.com/events-1/cloud-security-alliance-vision/form]]|
| |!RSA Threat Hunting Labyrinth|
|~|October 29, 2020, Virtual|
|~|Please join us Thursday, October 29th for a CSA Minnesota Chapter presentation by Neil Wyler, aThreat Hunting and Incident Response Specialist with RSA, delivering the below objectives:|
|~|• What is threat hunting?|
|~|• Where do we begin with threat hunting?|
|~|• What does a threat hunting methodology and lifecycle look like?|
|~|• Continuing the threat hunting conversation via CSA Circle.|
|~|• Details about a hands-on virtual workshop.|
|~|[[More Information|https://www.csamn.com/events-1/rsa-threat-hunting-labyrinth/form]]|
| |!EMEA Congress|
|~|November 3-5, 2020, Virtual|
|~|As a consequence of the COVID-19 pandemic, organizations are accelerating their migration to the cloud as the optimal strategy to support a virtual workforce and enable digital transformation. From designing zero trust architectures to continuous assurance and compliance, from the European Cloud and GDPR to the growing complexity of cloud certification, security professionals have a tremendous need for cloud security education from trusted experts. This year=E2=80=99s EMEA Congress will focus on core topics that are critical to the cloud ecosystem, providing both educational and practical advice across cloud leadership. Earn CPE credits by attending this free virtual event.|
|~|[[More Information|https://web.cvent.com/event/f4086cc6-2ba1-44c0-aa77-a5d8c0838073/summary]]|
| |See our full list of events [[here|https://cloudsecurityalliance.org/events]].|
|~|Let us know if you would like to post your chapter meeting, event, or webinar on the CSA Circle platform. This is an opportunity to increase your event audience, as thereare currently over 1,500 Circle community users.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|Until next time...|
|>|Sincerely,|
|>|''Todd Edison -- Chapter Relations Manager, Cloud Security Alliance''|
<<<
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202009>>
<<tiddler fAll2Tabs10 with: VeilleM","_202009>>
|!Date|!Sources|!Titres et Liens|!Keywords|
|2020.09.22|//Xen//|[[Xen Security Advisory 336|https://xenbits.xen.org/xsa/advisory-336.html]]|CVE-2020-25604|
|2020.09.22|//Amazon AWS//| → [[Xen Security Advisory 336 (XSA-336) (CVE-2020-25604)|https://aws.amazon.com/security/security-bulletins/AWS-2020-003/]]|CVE-2020-25604|
|2020.09.22|//Xen//|[[Xen Security Advisory 337|https://xenbits.xen.org/xsa/advisory-337.html]]|CVE-2020-25595|
|2020.09.22|//Amazon AWS//| → [[Xen Security Advisory 337 (XSA-337) (CVE-2020-25595)|https://aws.amazon.com/security/security-bulletins/AWS-2020-004/]]|CVE-2020-25595|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Septembre 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202009>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Septembre 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Septembre 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202009'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202009'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Septembre 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202009'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Septembre 2020]]>>
!//Shared Responsibility Model Automation: Automating Your Share Part 2//
[>img(auto,113px)[iCSA/K9UBS.jpg]]^^Article publié le 30 septembre 2020 sur le blog de la CSA et sur le site de Fugue le 8 septembre 2020.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/30/shared-responsibility-model-automation-automating-your-share-part-2/
* Blog CloudPassage ⇒ https://www.cloudpassage.com/blog/shared-responsibility-model-explained/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks//
[>img(auto,113px)[iCSA/K9SBA.jpg]]^^Article de Nicole Fishbein, Malware Analyst and Reverse Engineer (//Intezer//) publié le 28 septembre 2020 sur le blog de la CSA et le 8 septembre 2020 sur celui d'Intezer.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/28/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
* Blog CloudPassage ⇒ https://www.cloudpassage.com/blog/shared-responsibility-model-explained/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//DevOps Security Automation: AWS Cloud Security Report 2020 for DevSecOps//
[>img(auto,113px)[iCSA/K9PBD.jpg]][>img(auto,113px)[iCSF/K9PBA.jpg]]^^Article publié le 25 septembre 2020 sur le blog de la CSA et sur le site de CloudPassage le 8 septembre 2020.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/23/building-a-secure-amazon-s3-bucket/ /% ''[[CloudSecurityAlliance.fr/go/k9px/|https://CloudSecurityAlliance.fr/go/k9px/]]'' %/
* Blog CloudPassage ⇒ https://www.cloudpassage.com/blog/aws-cloud-security-report-2020-for-management-managing-the-rapid-shift-to-cloud/ /% ''[[CloudSecurityAlliance.fr/go/k9pz/|https://CloudSecurityAlliance.fr/go/k9pz/]]'' %/
** Rapport associé ⇒ http://go.cloudpassage.com/ZX00005PB0000000I301QFV (redirection)
** Infographie associée ⇒ https://www.cloudpassage.com/lp/devsecops-adoption-processes/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Building a Secure Amazon S3 Bucket//
[>img(150px,auto)[iCSA/K9NBB.jpg]]^^Article publié le 23 septembre 2020 sur le blog de la CSA et sur le site de Fugue le 8 septembre 2020.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/23/building-a-secure-amazon-s3-bucket/ /% ''[[CloudSecurityAlliance.fr/go/k9nx/|https://CloudSecurityAlliance.fr/go/k9nx/]]'' %/
* Site Fugue ⇒ https://www.fugue.co/blog/building-a-secure-amazon-s3-bucket-aws /% ''[[CloudSecurityAlliance.fr/go/k9nz/|https://CloudSecurityAlliance.fr/go/k9nz/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Experian Granted Patent for Secure Data Transmissions 15 Days Before Revealing Massive Data Breach//
[>img(150px,auto)[iCSA/K9MBE.jpg]]^^Article publié le 22 septembre 2020 — Rédigé par Maëva Ghonda+++^*[»] LinkedIn → [[maevaghonda|https://twitter.com/maevaghonda]] • Twitter → [[maevaghonda|https://twitter.com/maevaghonda]] ===, Co-Chair, CSA Blockchain and Distributed Ledger Technology Working Group; et Leighton Johnson, Member, CSA Blockchain Cybersecurity and Privacy Best Practices Group
<<<
//On the 4th of August 2020, 15 days before Experian - one of the largest global providers of credit reports - revealed that a massive data breach occurred in May 2020 which impacted more than 25 million people and 24,838 businesses, the company was awarded a patent for an encryption method that enables secure data transmissions.
!!Why does the new encryption method matter?
Setting aside this incredible juxtaposition, the patented encryption method Experian developed has the potential to create significant value worldwide: Symmetric Encryption for Private Smart Contracts Among Multiple Parties in a Private Peer-to-Peer Network, Patent No. US10735183B1. Presently, the average cost of a data breach is $3.86 million and data breach cases are expected to increase exponentially due to the rapid rise of remote work, i.e. work from home, as a result of the global pandemic. This new encryption method is also important because Experian is expanding its data portfolio due to increasing demand from consumers in various global markets as well as businesses in multiple verticals, such as Financial services, Healthcare, Energy, and Auto.
!!What are smart contracts and how does the new patent help secure them?
The patent essentially claims that it supplies a secure encryption method for private smart contracts in a private blockchain which can be applied to multiple use cases. Smart contracts are uniquely valuable because they are a collection of codes that self-execute based on a set of predetermined conditions. Effectively, the new patent from Experian asserts that private smart contracts that feature this patented technique will remain obscure to non-participating peers of a private blockchain for heightened security.
!!The patent could provide secure encryption for blockchain that integrates quantum-enabled systems.
This invention is also of high interest due to an additional claim, i.e. this encryption method can include quantum-enabled systems in some implementations. Given the anticipated growth of the quantum computer market to approximately $902.48 billion by 2040 and the potential of these quantum systems to break classical encryption, a new encryption method with quantum considerations would have significant value.//
[...]
<<<
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/22/experian-granted-patent-for-secure-data-transmissions-15-days-before-revealing-massive-data-breach/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Is your vendor platform future proof?//
[>img(auto,113px)[iCSA/K9LBI.jpg]][>img(auto,113px)[iCSA/K9LB2.jpg]]^^Article publié le 21 septembre 2020 sur le blog de la CSA, et sur le site de Whistic le 8 septembre 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/21/is-your-vendor-platform-future-proof/ /% ''[[CloudSecurityAlliance.fr/go/k9lx/|https://CloudSecurityAlliance.fr/go/k9lx/]]'' %/
* Site Whistic ⇒ https://www.whistic.com/resources/is-your-vendor-security-assessment-platform-future-proof /% ''[[CloudSecurityAlliance.fr/go/k9lz/|https://CloudSecurityAlliance.fr/go/k9lz/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Gap Analysis Report - Mapping of the Association of Banks in Singapore Cloud Computing Implementation Guide 2.0 to Cloud Security Alliance Cloud Controls Matrix v3.0.1//
^^Document publié le 14 septembre 2020 sur le site de la CSA.
<<<
//The CCM Addendum (mapping with Association of Banks in Singapore Cloud Computing Implementation Guide 2.9) is a companion piece with the Gap Analysis Report.
The financial services industry is one of most important and regulated sectors in any market. It is typically bounded by a multitude of regulations that financial institutions (FIs) need to comply with. It is both daunting and challenging, yet a necessary task for conscientious FIs to review these available regulations / guidelines / frameworks / best practices, comply with mandatory regulations, and make decisions about which best practices and recommendations to take heed of, in order to reduce their overall risk exposure and keep up with the industry's progress. This mammoth task gets exponentially difficult for FIs operating beyond a single country or regulatory space, especially when relevant regulations and frameworks are constantly evolving. Because of this complex landscape, mapping of frameworks is a useful and popular tool for FIs looking to seek compliance to multiple standards and best practices. In this exercise, the Working Group mapped the Association of Banks in Singapore (ABS) Cloud Computing Implementation Guide (CCIG) 2.0 to CSA's Cloud Controls Matrix 3.0.1, and summarized the mapping results in the accompanying Gap Analysis Report. Singapore FIs who are already in line with ABS CCIG 2.0 will benefit through being able to easily identify and fulfil additional controls (gaps) on top of the ABS CCIG 2.0 to achieve adherence to other targeted frameworks within CCM, which is useful when expanding to other markets.//
<<<
^^__Liens :__
* Annonce CSA ⇒ https://cloudsecurityalliance.org/artifacts/ccm-addendum-abs-ccig/ /% ''[[CloudSecurityAlliance.fr/go/k9ea/|https://CloudSecurityAlliance.fr/go/k9ea/]]'' %/
* Rapport d'écart ⇒ https://cloudsecurityalliance.org/artifacts/ccm-addendum-abs-ccig-gap-analysis-report/ /% ''[[CloudSecurityAlliance.fr/go/k9er/|https://CloudSecurityAlliance.fr/go/k9er/]]'' %/
* Téléchargement du fichier (format Excel XLSX) ⇒ https://cloudsecurityalliance.org/download/artifacts/ccm-addendum-abs-ccig/ /% ''[[CloudSecurityAlliance.fr/go/k9ep/|https://CloudSecurityAlliance.fr/go/k9ep/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//What is Third Party Risk and Why Does It Matter?//
[>img(150px,auto)[iCSA/K9EBW.jpg]]^^Article publié le 14 septembre 2020 sur le blog de la CSA et sur le site de Whstic le 1er septembre 2020.
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/14/what-is-third-party-risk-and-why-does-it-matter/ /% ''[[CloudSecurityAlliance.fr/go/k9ex/|https://CloudSecurityAlliance.fr/go/k9ex/]]'' %/
* Site Whistic ⇒ https://www.whistic.com/resources/what-is-third-party-risk-and-why-does-it-matter /% ''[[CloudSecurityAlliance.fr/go/k9ez/|https://CloudSecurityAlliance.fr/go/k9ez/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Diving Deeper: 4 Best Practices for Securing Enterprise Data in Office 365 (O365)//
[>img(150px,auto)[iCSA/K99BD.jpg]]^^Article publié le 9 septembre 2020 sur le blog de la CSA et sur le site de CipherCloud
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/09/diving-deeper-4-best-practices-for-securing-enterprise-data-in-office-365-o365/ /% ''[[CloudSecurityAlliance.fr/go/k99x/|https://CloudSecurityAlliance.fr/go/k99x/]]'' %/
* Site CipherCloud &rArr: https://www.ciphercloud.com/diving-deeper-4-best-practices-for-securing-enterprise-data-in-office-365-o365/ /% ''[[CloudSecurityAlliance.fr/go/k99z/|https://CloudSecurityAlliance.fr/go/k99z/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Shared Responsibility Model Automation: Automating Your Share//
[>img(150px,auto)[iCSA/K97BS.jpg]]^^Article publié le 7 septembre 2020 après l'avoir été le 18 août 2020 sur le blog de CloudPassage
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/07/shared-responsibility-model-automation-automating-your-share/ /% ''[[CloudSecurityAlliance.fr/go/k97x/|https://CloudSecurityAlliance.fr/go/k97x/]]'' %/
* Site CipherCloud &rArr: https://www.ciphercloud.com/diving-deeper-4-best-practices-for-securing-enterprise-data-in-office-365-o365/ /% ''[[CloudSecurityAlliance.fr/go/k97z/|https://CloudSecurityAlliance.fr/go/k97z/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//The Service Mesh Wars: Why Istio might not be favorite after all//
[>img(150px,auto)[iCSA/K93BT.jpg]]^^Article publié le 3 septembre 2020 sur le blog de la CSA et rédigé par Gadi Naor, CTO et Co-Founder, Alcide
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/03/the-service-mesh-wars-why-istio-might-not-be-favorite-after-all/ /% ''[[CloudSecurityAlliance.fr/go/k93x/|https://CloudSecurityAlliance.fr/go/k93x/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//SSO and the Road to Passwordless//
[>img(150px,auto)[iCSA/K92BX.jpg]][>img(auto,113px)[iCSF/K92BZ.jpg]]^^Article publié le 1er septembre 2020 sur le blog de la CSA, et sur le site de Duo Security le 15 juin 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/09/01/sso-and-the-road-to-passwordless/ /% ''[[CloudSecurityAlliance.fr/go/k92x/|https://CloudSecurityAlliance.fr/go/k92x/]]'' %/
* Site Duo Security ⇒ https://duo.com/blog/sso-and-the-road-to-passwordless /% ''[[CloudSecurityAlliance.fr/go/k92z/|https://CloudSecurityAlliance.fr/go/k92z/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!!//CSA Security Trust Assurance and Risk (STAR) Registry Reaches Significant Milestone with 1,000 Entries//
<<<
[>img(400px,auto)[iCSA/STAR-Registry.jpg]]__//Registry is world's largest repository of cloud provider security testimonials//__
//SEATTLE - Sept. 30, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, announced today that its Security Trust Assurance and Risk (STAR) Registry+++^*[»] https://cloudsecurityalliance.org/star/registry/ ===, a publicly accessible listing which documents the security and privacy controls provided by popular cloud computing offerings, has reached a significant milestone. The STAR Registry has reached a total of 1,000 cloud services evaluated according to the principles of CSA's STAR Program+++^*[»] https://cloudsecurityalliance.org/star/ === and the requirements of the Cloud Control Matrix (CCM)+++^*[»] https://cloudsecurityalliance.org/research/cloud-controls-matrix/ ===.
The STAR Registry, which allows cloud customers to assess their security providers prior to making a procurement decision, has fast become a mandate for enterprise users as part of their third-party risk management program. This achievement further validates the value and relevance of the STAR Program, the industry's most powerful program for security assurance in the cloud, to the cloud community. Since its inception in 2011, the program has become the industry's leading cloud-specific program for governance, risk, and compliance.
"What began as a humble initiative to encourage transparency on the part of cloud providers, as well as alignment with Cloud Security Alliance's best practices, has mushroomed into the world's largest repository of cloud provider security testimonials. By requesting that their cloud providers are listed in CSA STAR, enterprises not only help secure their own journey to the cloud, they help improve the security baseline across the industry," said Jim Reavis, co-founder and CEO, Cloud Security Alliance.
The STAR Program framework provides a flexible, incremental, and multi-layered cloud-provider system that is recognized as the international, certifiable harmonized governance, risk management, and compliance solution. By utilizing the STAR Program and its accompanying tools (Cloud Controls Matrix+++^*[»] https://cloudsecurityalliance.org/research/cloud-controls-matrix/ ===, Consensus Assessment Initiative Questionnaire+++^*[»] https://cloudsecurityalliance.org/artifacts/consensus-assessments-initiative-questionnaire-v3-1/ ===, and the GDPR Code of Conduct)+++^*[»] https://cloudsecurityalliance.org/privacy/gdpr/resource-center/ ===, enterprises are able to reduce complexity, which translates to reduced costs, decreased risk. and increased security.
"When we first announced the STAR registry nine years ago, our goal was to enhance industry transparency and encourage providers to make security capabilities a market differentiator. Nearly a decade later, we have achieved that and more. The industry has embraced STAR as an essential part of understanding one's security posture, and we are confident that the next nine years will bring additional tools and resources to provide organizations with greater levels of assurance," said Daniele Catteddu, chief technology officer, Cloud Security Alliance.
CSA will continue to develop the STAR Program to better serve the cloud ecosystem and its need for trust with a series of near- and medium-term actions, including CCM v4 and STAR Continuous Auditing.
Learn more about how the STAR Program has become the leading program for cloud assurance, transparency, and accountability in STAR 1000 - The reason behind the STAR Program success story+++^*[»] https://www.brighttalk.com/webcast/10415/443966 ===, a complimentary webinar on Oct. 27 at 1pm ET. Save your spot today.+++^*[»] https://www.brighttalk.com/webcast/10415/443966 ===//
<<<
__Lien :__
* Annonce CSA → https://cloudsecurityalliance.org/press-releases/2020/09/30/csa-security-trust-assurance-and-risk-star-registry-reaches-significant-milestone-with-1-000-entries/
* Registre STAR → https://cloudsecurityalliance.org/star/registry/
!"//RECON (CVE-2020-6287) and its impact on Cloud Applications//"
<<<
''Article publié le 29 septembre 2020 — Rédigé par Shamun Mahmud, Sr. Research Analyst à la CSA''//
!!Key takeaways[>img(150px,auto)[iCSA/K9TBR.jpg]]
* Cloud adoption is growing when it comes to ERP Applications
* ERP Applications in the cloud can be vulnerable security issues and organizations need to apply the proper security controls and patches.
!!Introduction
The RECON vulnerability (CVE-2020-6287), patched by SAP on July 13th, affects many SAP Solutions running on top of SAP Netweaver JAVA Application Server and was assigned a maximum CVSS score of 10.0. Based on that, one might wonder things like:
* What is the relevancy of this vulnerability when it comes to SAP Applications running in the cloud?
* Are these applications exposed in the same way?
* Should SAP customers take a different approach when it comes to the Cloud?
So we'll try to address some of these questions in this post.
!!Business Applications and the Cloud Security Alliance
In 2019, the CSA released the findings from the first research survey on "Enterprise Resource Planning (ERP) Applications and Cloud Adoption"+++^*[»] https://cloudsecurityalliance.org/artifacts/enterprise-resource-planning-and-cloud-adoption ===. The study offers greater insight into cloud preparation and migration, the features and benefits gained, and the security and privacy challenges for ERP systems in a cloud environment.
According to the survey, 69 percent of organizations are migrating data from ERP applications to the cloud, moving to major cloud infrastructure-as-a-service providers, and the overwhelming majority, almost 90 percent, state that these applications are mission-critical.
<<<
//"The cloud computing ecosystem is maturing rapidly and business-critical applications, such as ERP solutions, are being moved to cloud environments. With this shift, organizations are starting to explore the question of whether a cloud environment might alleviate traditional challenges that business-critical applications normally face"//
John Yeoh, Director of Research, Americas for the Cloud Security Alliance.
<<<
Among the survey's other key findings:
* Americans (73%) and APAC (73%) were more likely to report that they were currently migrating business-critical applications to the cloud than those in EMEA, where regulations, such as the European Union General Data Protection Regulation (GDPR), impacted organizational plans for technology purchases, cloud services and third-party policies.
* On-premise models (61%) are employed most commonly, with cloud SaaS (41%), cloud IaaS (23%) and cloud PaaS (17%) following.
* Biggest concerns for migrations are around security and compliance.
By themselves, ERP applications utilize complex systems and, consequently, are challenging to secure. In the cloud, their complexity increases due to factors such as shared security models, varying cloud service models, and the intersection between IT and business controls. Nevertheless, due to cloud computing benefits, enterprise resource planning applications are increasingly migrating to the cloud.
!!Potentially vulnerable systems in the cloud
More and more, organizations are running business applications in the cloud in general and the component that is affected by the RECON vulnerability (CVE-2020-6287) in particular.
Using internet scan engines, it is possible to identify in a passive way SAP Applications that are internet-facing. This can be done by searching the HTML response, the HTTP headers and many other data points that can be helpful to identify if an IP address is actually serving an SAP Application. The number of SAP Applications that are JAVA based and internet-facing, according to these types of search engines is consistent with other data points, such as the previously mentioned CSA survey. Even though the numbers are not exactly the same (which is expected, as the sources of data are very different), the top 3 Cloud providers serving SAP Applications are.
|ssTablN0|k
| [img(400px,auto)[iCSA/K9TB1.png]] | [img(400px,auto)[iCSA/K9TB2.png]] |
|| Main providers of SAP Applications in the cloud by Internet search engines and by the CSA Survey "Impact of Cloud on ERP" |
!!Addressing the questions
Now let's get back to addressing the initial questions that we laid out at the beginning of this post:
1. What is the relevancy of this vulnerability when it comes to SAP Applications running in the cloud?
As seen, SAP Applications are running in the cloud and more and more being transitioned to hybrid environments. Especially in Infrastructure as a Service models, organizations need to ensure the proper security processes are in place including patching, secure configuration and monitoring to begin with.
2. Are these applications exposed in the same way?
Yes, applications even running in the cloud can be exposed to software vulnerabilities as it is the case of the RECON vulnerability so it is up to organizations to ensure the right controls are in place around software vulnerabilities in general (not only RECON).
3. Should SAP customers take a different approach when it comes to the Cloud?
Applications running in the cloud are potentially even more exposed as these could be Internet facing and not going through all the processes that organizations already established for on-premise applications, therefore it is even more important to consider security for business applications running in the cloud.
!!The Role of the Cloud Security Alliance
Those are some of the reasons why we started theCSA Cloud ERP Working Group, to help organizations understand and manage the risk of running business applications in the cloud. We have released a set of assets that provide guidance around controls for business applications irrespectively of the cloud service model adopted. Feel free to join and help too!
!!References
[1] Enterprise Resource Planning and Cloud - CSA Survey+++^*[»] https://cloudsecurityalliance.org/artifacts/enterprise-resource-planning-and-cloud-adoption ===
[2] CSA Cloud Enterprise Resource Planning Working Group+++^*[»] https://cloudsecurityalliance.org/research/working-groups/enterprise-resource-planning/ ===
!!The RECON Vulnerability Content Series
Back in July, SAP issued patches for the RECON vulnerability that was identified and disclosed to SAP by the Onapsis Research Labs. Because of the severity and the amount of potential vulnerable Internet exposed SAP systems, the DHS-CISA along with many other global organizations issued CERT Alerts warning organizations of the criticality of the RECON vulnerability. Both SAP and Onapsis urged organizations using SAP Applications to apply the patches immediately. In the days following the release of the patches for RECON, the Onapsis Research Labs and other security/threat intelligence organizations and researchers witnessed and reported rapid threat activity including scanning for vulnerable systems and ultimately weaponized exploit code posted publicly. This content is part of coordinated effort with threat intelligence experts, researchers and organizations to provide further insight, intelligence and actions you should take to ensure your organization is protected from the RECON vulnerability. All the parts can be found here:
* Part 1: The Vulnerability @Onapsis Blog+++^*[»] https://onapsis.link/recon10/1 ===
* Part 2: The Mitigations @SAP Community Network+++^*[»] https://onapsis.link/recon10/2 ===
* Part 3: Relevance to the Cloud @Cloud Security Alliance+++^*[»] https://onapsis.link/recon10/3 ===
* Part 4: Threat Intelligence @DigitalShadows+++^*[»] https://onapsis.link/recon10/4 ===
* Part 5: Active Scanning @Stratosphere Labs+++^*[»] https://onapsis.link/recon10/5 ===
* Part 6: Tools Techniques and Procedures @BlueLiv+++^*[»] https://onapsis.link/recon10/6 ===
* Part 7: Active Exploitation @Onapsis Research Labs+++^*[»] https://onapsis.link/recon10/7 ===
* Part 8: Compliance @The Institute of Internal Auditors+++^*[»] https://onapsis.link/recon10/8 ===
* Part 9: Data Privacy @Radical Compliance+++^*[»] https://onapsis.link/recon10/9 ===
* Part 10: Programmatic Approach @Linkedin+++^*[»] https://onapsis.link/recon10/10 ===
//[...]
<<<
__Lien :__
* Article → https://cloudsecurityalliance.org/blog/2020/09/29/recon-cve-2020-6287-and-its-impact-on-cloud-applications/
!!//Registration Open for Cloud Security Alliance EMEA Congress 2020//
Le Congrès EMEA ne pouvant pas se dérouler à Berlin, comme initialement prévu. il se déroulera en ligne sur la plateforme BrightTalk les ''3, 4 et 5 novembre 2020'' à raison de 5 présentations par jour
Les inscriptions sont maintenant ouvertes.
<<<
__//Virtual event to provide educational, practical advice on core topics critical to cloud ecosystem//__
//SEATTLE - Sept. 29, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, has opened registration for its EMEA Congress 2020 (Nov. 3-5). The free, virtual event will focus on core topics critical to the cloud ecosystem and offer attendees the opportunity to earn up to six continuing professional education (CPE) credits while gleaning educational and practice advice from some of the cloud's top business and thought leaders.
"The pandemic has organizations accelerating their migration to the cloud, recognizing it as the optimal strategy to support a virtual workforce and enable digital transformation. From the growing complexity of cloud certification to navigating continuous assurance and compliance, from the European Cloud and GDPR to GAIA-X, security professionals have a tremendous need for cloud security education from trusted experts," said Linda Strick, Managing Director, CSA EMEA.
The event will be broken into three tracks:
* Day 1 - November 3rd, 2020
** Attendees will learn to improve their organization's cloud governance and risk and compliance posture, in addition to promoting transparency and continuous compliance with
** [[CSA's Perspective on Cloud Risk Management|https://www.brighttalk.com/webinar/csas-perspective-on-cloud-risk-management/]]
** [[The Correlation Between Security Ratings and Breach Likelihood - A Study of 2020 Breaches|https://www.brighttalk.com/webinar/the-correlation-between-security-ratings-and-breach-likelihood/]]
** [[GAIA-X: Current Status and Outlook - What to Expect and How to Engage|https://www.brighttalk.com/webinar/gaia-x-current-status-and-outlook-what-to-expect-and-how-to-engage/]]
** [[Cloud Security Post-COVID-19, Where to Go Next|https://www.brighttalk.com/webinar/cloud-security-post-covid-19-where-to-go-next/]]
** [[Using OPA for Continuous Compliance with Cloud Infrastructure Policy-as-Code|https://www.brighttalk.com/webinar/using-opa-for-continuous-compliance-with-cloud-infrastructure-policy-as-code/]]
* Day 2 - November 4th, 2020
** Modernization of one's approach to the cloud is the day's focus. Attendees will learn how to improve their architecture, implement automations, and prepare for emerging technologies with
** [[Get Quantum Safe|https://www.brighttalk.com/webinar/get-quantum-safe/]]
** [[Shared Responsibility: Someone Else's Problem|https://www.brighttalk.com/webinar/shared-responsibility-someone-elses-problem/]]
** [[STAR Future Roadmap|https://www.brighttalk.com/webinar/star-future-roadmap/]]
** [[Unveiling the Wonder of Automated Vulnerability Management in the Cloud|https://www.brighttalk.com/webinar/unveiling-the-wonder-of-automated-vulnerability-management-in-the-cloud/]]
** [[A Reference Architecture to Modernize Your Approach to Cloud|https://www.brighttalk.com/webinar/a-referenced-architecture-to-modernize-your-approach-to-cloud/]]
* Day 3 - November 5th, 2020
** Participants will discover how to navigate the cloud for third-party risk, Zero Trust and Fog computing, and preview the first cloud auditing credential on the final day
** [[Cloud Control Matrix v4|https://www.brighttalk.com/webinar/cloud-control-matrix-v4/]]
** [[A How-to Guide: Navigating the Top 7 Trends in Third-Party Risk Management|https://www.brighttalk.com/webinar/a-how-to-guide-navigating-the-top-7-trends-in-third-party-risk-management/]]
** [[Securing the Low-Lying Clouds|https://www.brighttalk.com/webinar/the-impact-of-fog-computing-and-edge-computing-on-cloud-security/]]
** [[Zero Trust: The Key to Your IAM Success|https://www.brighttalk.com/webinar/zero-trust-the-key-to-your-iam-success/]]
** [[Certificate of Cloud Auditing Knowledge (CCAK)|https://www.brighttalk.com/webinar/ccak-the-industrys-first-global-cloud-auditing-credential/]]
Secure your spot now+++^*[»] https://www.brighttalk.com/summit/4835-cloud-security-alliance-emea-congress-2020/ ===.//
<<<
__Lien :__
* Annonce CSA → https://cloudsecurityalliance.org/press-releases/2020/09/29/registration-open-for-cloud-security-alliance-emea-congress-2020/
* Inscription sur le site de BrightTalk → https://www.brighttalk.com/summit/4835-cloud-security-alliance-emea-congress-2020/
[>img(250px,auto)[iCSF/K9NFSC.jpg]]L'annonce a été faite ce jour : le salon 'Cloud & Cyber Security Expo Paris' des 17 et 18 novembre 2020 est annulé compte-tenu du contexte sanitaire.
<<<
//Suite aux retours de nos exposants et partenaires de l'industrie et à la lumière des évolutions imprévisibles liées à la pandémie du coronavirus nous avons décidé de reporter Cloud & Cyber Security Expo Paris .
Cloud & Cyber Security Expo Paris se tiendra désormais les 23-24 novembre 2021 à Paris Porte de Versailles.
Notre expertise consiste à réunir l'industrie, un public d'acheteurs et de fournisseurs et nos données ont démontré qu'il y avait trop d'obstacles pour pouvoir le faire efficacement en novembre et ainsi délivrer un événement de haute qualité pour l'ensemble des acteurs présents.
Nous sommes convaincus qu'un rassemblement physique de l'industrie, synonyme d'échanges, d'opportunités et de partages sera plus que jamais demandé et nécessaire dans le sillage de cette crise sanitaire.
Nous envisageons l'avenir avec optimisme et nous vous donnons rendez-vous les 23-24 novembre 2021 !
Prenez soin de vous et à bientôt.
L'équipe Cloud & Cyber Security Expo Paris//
<<<
__Lien :__
* Le site du salon → ''[[cloudsecurityexpo.fr|https://cloudsecurityexpo.fr/]]''
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #83|2020.09.27 - Newsletter Hebdomadaire #83]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #83|2020.09.27 - Weekly Newsletter - #83]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.09.27 - Newsletter Hebdomadaire #83]]>> |<<tiddler [[2020.09.27 - Weekly Newsletter - #83]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> === is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 21 au 27 septembre 2020
!!1 - Informations CSA - 21 au 27 septembre 2020
* Actu : Appel à commentaires : 'Cloud Controls Matrix v4'+++*[»]> <<tiddler [[2020.09.21 - Actu : Appel à commentaires : 'Cloud Controls Matrix v4']]>>===
* Actu : Réunion annuelle du Chapitre Britannique de la CSA+++*[»]> <<tiddler [[2020.09.23 - Actu : Réunion annuelle du Chapitre Britannique de la CSA]]>>===
* Actu : 'Top Threats to Cloud Computing: Egregious Eleven, Deep Dive'+++*[»]> <<tiddler [[2020.09.23 - Actu : 'Top Threats to Cloud Computing: Egregious Eleven, Deep Dive']]>>===
* Présentation du 24 septembre 2020 au 'Forum Securité@Cloud'+++*[»]> <<tiddler [[2020.09.24 - Présentation du 24 septembre 2020 au 'Forum Securité@Cloud']]>>===
* Blog : 'CCSK Success Stories: From the Head of IT at a Financial Services Company'+++*[»]> <<tiddler [[2020.09.22 - Blog : 'CCSK Success Stories: From the Head of IT at a Financial Services Company']]>>===
* Blog : Une 'nouvelle' menace dans le paysage cyber+++*[»]> <<tiddler [[2020.09.27 - Blog : Une 'nouvelle' menace dans le paysage cyber]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 110 liens|2020.09.27 - Veille Hebdomadaire - 27 septembre]])
* __''À lire''__
** Détection par Microsoft d'acteurs malveillants étatiques dans le Cloud+++^*[»]
|2020.09.24|//Microsoft//|![[Microsoft Security - detecting empires in the cloud|https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/]] |APT APT_40|
|2020.09.24|Bleeping Computer| → [[Microsoft disrupts nation-state hacker op using Azure Cloud service|https://www.bleepingcomputer.com/news/security/microsoft-disrupts-nation-state-hacker-op-using-azure-cloud-service/]]|APT APT_40|
|2020.09.25|//Threatpost//| → [[Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks|https://threatpost.com/microsoft-azure-chinese-hackers/159551/]]|APT APT_40|
|2020.09.27|Security Week| → [[Microsoft Says China-Linked Hackers Abused Azure in Attacks|https://www.securityweek.com/microsoft-says-china-linked-hackers-abused-azure-attacks]]|APT APT_40|
===
** Réflexions sur le thème : Cybersécurité et Cloud+++^*[»]
|2020.09.21|Lawfare|![[A Few Questions on Cybersecurity and the Cloud|https://www.lawfareblog.com/few-questions-cybersecurity-and-cloud]] |Strategy Governance Policy|
===
** Le 'Digital Operational Resilience Act' (DORA) met l'accent sur les SLAs+++^*[»]
|2020.09.24|European Commission|![[Digital Finance Package: Commission sets out new, ambitious approach to encourage responsible innovation to benefit consumers and businesses|https://ec.europa.eu/commission/presscorner/detail/en/IP_20_1684]] |Europe Incidents Reporting|
|2020.09.24|European Commission| → [[Digital Operational Resilience Act (DORA)|https://ec.europa.eu/finance/docs/law/200924-digital-operational-resilience-proposal_en.pdf]]|Europe Incidents Reporting|
|2020.09.24|Politico| → [[EU cloud regulation opens new front with US tech giants|https://www.politico.eu/article/eu-cloud-new-front-with-us-tech-giants/]] ([[draft|https://www.politico.eu/wp-content/uploads/2020/09/Clean-Dora-post-ISC-mid-August-2020.pdf]])|Europe Incidents Reporting|
|2020.09.25|CBR Online| → [[Europe Sharpens IT Incident Reporting Requirements, Puts Cloud SLAs Under Microscope|https://www.cbronline.com/news/digital-operational-resilience-act]]|Europe Incidents Reporting|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Menaces : PaaS Malware (CyberZone) • Exposition de rsync (//Rapid7//)+++^*[»]
|2020.09.23|Cyberwar Zone|[[PaaS malware: A hub for criminals|https://cyberwarzone.com/paas-malware-a-hub-for-criminals/]]|PaaS Malware|
|2020.09.25|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of rsync|https://blog.rapid7.com/2020/09/25/nicer-protocol-deep-dive-internet-exposure-of-rsync/]]|Report Rsync|
===
** Vulnérabilités : Google a corrigé des vulnérabilités dans GCP • Détournements de comptes Azure+++^*[»]
|2020.09.23|Security Week|[[Google Patches Privilege Escalation Vulnerability in Cloud Service|https://www.securityweek.com/google-patches-privilege-escalation-vulnerability-cloud-service]]|GCP Flaw|
||Imre Rad| → [[Proof of concept about the privilege escalation flaw identified in Google's Osconfig|https://github.com/irsl/google-osconfig-privesc]]|GCP Flaw|
||//Google Cloud//| → [[Google OS Config Agent|https://github.com/GoogleCloudPlatform/osconfig]]|GCP Flaw|
|2020.09.23|//TrustedSec//|[[Azure Account Hijacking using mimikatz's lsadump::setntlm|https://www.trustedsec.com/blog/azure-account-hijacking-using-mimikatzs-lsadumpsetntlm/]]|Azure Hijacking|
===
** Pannes : AWS SNS toujours en panne+++^*[»]
|2020.09.24|Cloudonaut|![[I'm losing trust in AWS. SNS is broken for 24 days|https://cloudonaut.io/loosing-trust-in-aws-sns-broken-for-24-days/]] |AWS_SNS Outage|
===
* __Rapports, Sondages, Études, Publications__
** Rapports : 'State of Container and Kubernetes Security' (//StackRox//) • Errrurs de configuration et exposition de buckets GCP (//CompariTech//)+++^*[»]
|2020.09.23|//StackRox//|[[State of Container and Kubernetes Security - Fall 2020|https://security.stackrox.com/thanks-download-state-of-container-and-kubernetes-security-fall-2020.html]]|Report|
|2020.09.23|//StackRox//| → [[Top 5 takeaways from the latest Kubernetes security report|https://www.stackrox.com/post/2020/09/top-5-takeaways-from-the-latest-kubernetes-security-report/]]|Report|
|2020.09.23|Container Journal| → [[StackRox State of Container and Kubernetes Security Report Reveals Rapid Growth across Container and Kubernetes Adoption, Security Incidents, and DevSecOps Initiatives|https://containerjournal.com/news/news-releases/stackrox-state-of-container-and-kubernetes-security-report-reveals-rapid-growth-across-container-and-kubernetes-adoption-security-incidents-and-devsecops-initiatives/]]|Report|
|>|>|>|!|
|2020.09.22|//CompariTech//|[[6% of all Google Cloud Buckets are vulnerable to unauthorized access|https://www.comparitech.com/blog/information-security/google-cloud-buckets-unauthorized-access-report/]] |Report GCP|
|2020.09.22|//Threatpost//| → [[Google Cloud Buckets Exposed in Rampant Misconfiguration|https://threatpost.com/google-cloud-buckets-exposed-misconfiguration/159429/]]|Report GCP|
===
** Studies: Benchmarks de conformité+++^*[»]
|2020.09.25|SANS|[[Compliance Benchmarks using Cloud Custodian|https://www.sans.org/reading-room/whitepapers/cloud/compliance-benchmarks-cloud-custodian-39830]] (Vishnu Varma)|SANS Compliance|
===
* __Cloud Services Providers, Outils__
** AWS : qu'est ce qu'AWS IAM • AWS : WAF, AWS et AAD, analyse forensique, Secrets Management, Lambda Handbook...+++^*[»]
|2020.09.23|Security Shenanigans|[[AWS IAM explained for Red and Blue teams|https://medium.com/bugbountywriteup/aws-iam-explained-for-red-and-blue-teams-2dda8b20fbf7]]|AWS IAM|
|2020.09.24|//Amazon AWS//|[[Design patterns to access cross-account secrets stored in AWS Secrets Manager|https://aws.amazon.com/blogs/database/design-patterns-to-access-cross-account-secrets-stored-in-aws-secrets-manager/]]|AWS Secrets_Management|
|2020.09.21|//Amazon AWS//|[[Automatically updating AWS WAF Rule in real time using Amazon EventBridge|https://aws.amazon.com/blogs/security/automatically-updating-aws-waf-rule-in-real-time-using-amazon-eventbridge/]]|AWS WAF Automation|
|2020.09.22|//Amazon AWS//|[[On-Demand SCIM provisioning of Azure AD to AWS SSO with PowerShell|https://aws.amazon.com/blogs/security/on-demand-scim-provisioning-of-azure-ad-to-aws-sso-with-powershell/]]|AWS_SSO AzureAD|
|2020.09.21|//Amazon AWS//|[[AWS Digital Forensics Automation at Goldman Sachs - AWS Online Tech Talks|https://www.youtube.com/watch?v=CR4_a-TO_gw]] (vidéo)|AWS Forensics|
|2020.09.22|//Dashbird//|[[The Complete AWS Lambda Handbook for Beginners (Part 2)|https://dashbird.io/blog/complete-aws-lambda-handbook-beginners-part-2/]] (2/2)|AWS_Lambda|
===
** Azure : Microsoft Defender pour 365 et Azure • Azure IoT • Azure AD+++^*[»]
|2020.09.23|//MSSP Alert//|[[Microsoft Defender for 365 and Azure Cloud: 7 Cybersecurity Services to Know|https://www.msspalert.com/cybersecurity-services-and-products/microsoft-defender-cloud-services-details/]]|Products M365 Microsoft_Defender|
|2020.09.23|//Microsoft Azure//|[[Azure Defender for IoT: Agentless Security for OT|https://techcommunity.microsoft.com/t5/microsoft-security-and/azure-defender-for-iot-agentless-security-for-ot/ba-p/1698679]]|Azure IoT|
|2020.09.23|Dark Reading|[[Microsoft's Azure Defender for IoT Uses CyberX Tech|https://www.darkreading.com/iot/microsofts-azure-defender-for-iot-uses-cyberx-tech/d/d-id/1338996]]|Azure IoT|
|2020.09.24|//Microsoft Azure//|[[How Azure IoT enables business resilience|https://azure.microsoft.com/blog/how-azure-iot-enables-business-resilience/]]|Azure IoT|
|2020.09.22|//Microsoft Azure//|[[What's new in Azure Active Directory at Microsoft Ignite 2020|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/what-s-new-in-azure-active-directory-at-microsoft-ignite-2020/ba-p/1257373]]|AzureAD|
===
** GCP : Chronicle Detect, un nouveau service de détection de la menace &x2022; Kubernetes Ingress+++^*[»]
|2020.09.23|//Google Cloud//|[[Modern detection for modern threats: Changing the game on today's threat actors|https://cloud.google.com/blog/products/identity-security/introducing-chronicle-detect-from-google-cloud]]|GCP Detection|
|2020.09.23|//Google Cloud//| → [[Introducing Chronicle Detect|https://medium.com/@chroniclesec/introducing-chronicle-detect-ef16dd324434]]|GCP Detection|
|2020.09.23||[[Anton Chuvakin| → [[Chronicle Detect is Here|https://medium.com/anton-on-security/chronicle-detect-is-here-63a779679e56]]|GCP Detection|
|2020.09.23|MSSP Alert| → [[Google Chronicle Introduces Threat Detection Solution|https://www.msspalert.com/cybersecurity-services-and-products/google-chronicle-threat-detection-solution/]]|GCP Detection|
|2020.09.23|//Google Cloud//|[[Kubernetes Ingress Goes GA|https://opensource.googleblog.com/2020/09/kubernetes-ingress-goes-ga.html]]|K8s Ingress|
===
** Kubernetes : Bonnes Pratiques • Erreurs de configuration+++^*[»]
|2020.09.25|Container Journal|[[10 Best Practices Worth Implementing to Adopt Kubernetes|https://containerjournal.com/topics/container-management/10-best-practices-worth-implementing-to-adopt-kubernetes/]]|K8s Best_Practices|
|2020.09.23|Container Journal|[[Misconfigurations Tops List of Security Issues Hampering Kubernetes|https://containerjournal.com/topics/container-security/misconfigurations-tops-list-of-security-issues-hampering-kubernetes/]]|Report|
===
** Docker : Exemple de vers en Python • Sécurisation des images+++^*[»]
|2020.09.23|0x00Sec|[[Docker Worm in Python|https://0x00sec.org/t/docker-worm-in-python/23268/1]]|PoC Docker Worm|
|2020.09.24|//Anchore//|[[Docker Image Security in 5 Minutes or Less|https://anchore.com/blog/docker-image-security-in-5-minutes-or-less-2/]]|Docker Image|
===
** Outils : Perspective (//AWS//)
|2020.09.24|//Amazon AWS//|[[AWS Perspective|https://aws.amazon.com/solutions/implementations/aws-perspective/]]|AWS Inventory Tools|
===
* __Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'__
** Podcasts : 'What is Security Chaos Engineering?'+++^*[»]
|2020.09.27|Cloud Security Podcast|[[What is Security Chaos Engineering? - Jerome Walter, Security Modernisation|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-IS-SECURITY-CHAOS-ENGINEERING----JEROME-WALTER--SECURITY-MODERNISATION-ek7umv]]|Podcast|
===
** Newsletters : TL;DR Security #53 • The Cloud Security Reading List #56+++^*[»]
|2020.09.23|TL;DR Security|[[#53 - OneFuzz, Program Analysis, Ring Alarm Teardown|https://tldrsec.com/blog/tldr-sec-053/]] |Weekly_Newsletter|
|2020.09.27|Marco Lancini|[[The Cloud Security Reading List #56|https://cloudseclist.com/issues/issue-56/]] |Weekly_Newsletter|
===
* __Marché, Acquisitions__
** Acquisitions: Preempt Security par Crowdstrike+++^*[»]
|2020.09.23|//CrowdStrike//|[[CrowdStrike to Acquire Preempt Security to Offer Customers Enhanced Zero Trust Security Capabilities|https://www.crowdstrike.com/press-releases/crowdstrike-acquires-preempt-security/]]|Acquisition|
|2020.09.23|//CrowdStrike//| → [[CrowdStrike Plans to Advance Zero Trust Capabilities with Acquisition of Preempt Security|https://www.crowdstrike.com/blog/crowdstrike-advances-zero-trust-capabilities-with-preempt-acquisition/]]|Acquisition|
|2020.09.24|MSSP Alert| → [[CrowdStrike Acquires Zero Trust Access Provider Preempt Security|https://www.msspalert.com/investments/crowdstrike-acquires-zero-trust-access-provider-preempt-security/]]|Acquisition|
===
* __Divers__
** Gaia-X, L'émergence d'un cloud souverain et européen+++^*[»]
|2020.09.25|//Lexing//[>img[iCSF/flag_fr.png]]|[[L'émergence d'un cloud souverain européen : Gaia-X|https://www.alain-bensoussan.com/avocats/emergence-cloud-souverain-europeen/2020/09/25/]]|Gaia-X|
||Revue Lamy Droit de l'immatériel| → [[L'émergence d'un cloud souverain européen|https://www.alain-bensoussan.com/wp-content/uploads/2020/09/LamyRLDI173_ELQ-37-39.pdf]]|Gaia-X|
===
** Informatique quantique+++^*[»]
|2020.09.24|CISO Mag|[[Quantum Computing: Threat to Cybersecurity?|https://cisomag.eccouncil.org/quantum-computing/]]|Quantum Threats|
===
** Le partage d'infoamtion sans mot de passe+++^*[»]
|2020.09.22|Christophe Parisel|[[Passwordless information sharing|https://www.linkedin.com/pulse/passwordless-information-sharing-christophe-parisel/]]|IAM Access|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K9R/|https://CloudSecurityAlliance.fr/go/K9R/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - September 21st to 27th, 2020
!!1 - CSA News and Updates - September 21st to 27th, 2020
* Important Call for Comments: 'Cloud Controls Matrix v4'+++*[»]> <<tiddler [[2020.09.21 - Actu : Appel à commentaires : 'Cloud Controls Matrix v4']]>>===
* Annual General Meeting for CSA's UK Chapter+++*[»]> <<tiddler [[2020.09.23 - Actu : Réunion annuelle du Chapitre Britannique de la CSA]]>>===
* Announcement: 'Top Threats to Cloud Computing: Egregious Eleven, Deep Dive'+++*[»]> <<tiddler [[2020.09.23 - Actu : 'Top Threats to Cloud Computing: Egregious Eleven, Deep Dive']]>>===
* Presentation at the 'Forum Securité@Cloud'+++*[»]> <<tiddler [[2020.09.24 - Présentation du 24 septembre 2020 au 'Forum Securité@Cloud']]>>===
* Blog: 'CCSK Success Stories: From the Head of IT at a Financial Services Company'+++*[»]> <<tiddler [[2020.09.22 - Blog : 'CCSK Success Stories: From the Head of IT at a Financial Services Company']]>>===
* Blog: A "New" Threat in the Security Landscape+++*[»]> <<tiddler [[2020.09.27 - Blog : Une 'nouvelle' menace dans le paysage cyber]]>>===
!!2 - Cloud and Security News Watch ([[over 110 links|2020.09.27 - Veille Hebdomadaire - 27 septembre]])
* __''Must read''__
** Microsoft Detects and Disrupts Nation-State Attacks in the Cloud+++^*[»]
|2020.09.24|//Microsoft//|![[Microsoft Security - detecting empires in the cloud|https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/]] |APT APT_40|
|2020.09.24|Bleeping Computer| → [[Microsoft disrupts nation-state hacker op using Azure Cloud service|https://www.bleepingcomputer.com/news/security/microsoft-disrupts-nation-state-hacker-op-using-azure-cloud-service/]]|APT APT_40|
|2020.09.25|//Threatpost//| → [[Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks|https://threatpost.com/microsoft-azure-chinese-hackers/159551/]]|APT APT_40|
|2020.09.27|Security Week| → [[Microsoft Says China-Linked Hackers Abused Azure in Attacks|https://www.securityweek.com/microsoft-says-china-linked-hackers-abused-azure-attacks]]|APT APT_40|
===
** Cybersecurity and the Cloud+++^*[»]
|2020.09.21|Lawfare|![[A Few Questions on Cybersecurity and the Cloud|https://www.lawfareblog.com/few-questions-cybersecurity-and-cloud]] |Strategy Governance Policy|
===
** Digital Operational Resilience Act (DORA) Puts Cloud SLAs Under Scrutinity+++^*[»]
|2020.09.24|European Commission|![[Digital Finance Package: Commission sets out new, ambitious approach to encourage responsible innovation to benefit consumers and businesses|https://ec.europa.eu/commission/presscorner/detail/en/IP_20_1684]] |Europe Incidents Reporting|
|2020.09.24|European Commission| → [[Digital Operational Resilience Act (DORA)|https://ec.europa.eu/finance/docs/law/200924-digital-operational-resilience-proposal_en.pdf]]|Europe Incidents Reporting|
|2020.09.24|Politico| → [[EU cloud regulation opens new front with US tech giants|https://www.politico.eu/article/eu-cloud-new-front-with-us-tech-giants/]] ([[draft|https://www.politico.eu/wp-content/uploads/2020/09/Clean-Dora-post-ISC-mid-August-2020.pdf]])|Europe Incidents Reporting|
|2020.09.25|CBR Online| → [[Europe Sharpens IT Incident Reporting Requirements, Puts Cloud SLAs Under Microscope|https://www.cbronline.com/news/digital-operational-resilience-act]]|Europe Incidents Reporting|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Threats: PaaS Malware (CyberZone) • Internet Exposure of rsync (//Rapid7//)+++^*[»]
|2020.09.23|Cyberwar Zone|[[PaaS malware: A hub for criminals|https://cyberwarzone.com/paas-malware-a-hub-for-criminals/]]|PaaS Malware|
|2020.09.25|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of rsync|https://blog.rapid7.com/2020/09/25/nicer-protocol-deep-dive-internet-exposure-of-rsync/]]|Report Rsync|
===
** Vulnerabilities: Google Patched Privilege Escalation Vulnerability in Cloud Service • Azure Account hijackings+++^*[»]
|2020.09.23|Security Week|[[Google Patches Privilege Escalation Vulnerability in Cloud Service|https://www.securityweek.com/google-patches-privilege-escalation-vulnerability-cloud-service]]|GCP Flaw|
||Imre Rad| → [[Proof of concept about the privilege escalation flaw identified in Google's Osconfig|https://github.com/irsl/google-osconfig-privesc]]|GCP Flaw|
||//Google Cloud//| → [[Google OS Config Agent|https://github.com/GoogleCloudPlatform/osconfig]]|GCP Flaw|
|2020.09.23|//TrustedSec//|[[Azure Account Hijacking using mimikatz's lsadump::setntlm|https://www.trustedsec.com/blog/azure-account-hijacking-using-mimikatzs-lsadumpsetntlm/]]|Azure Hijacking|
===
** Outages: Long-lasting Outage for AWS SNS+++^*[»]
|2020.09.24|Cloudonaut|![[I'm losing trust in AWS. SNS is broken for 24 days|https://cloudonaut.io/loosing-trust-in-aws-sns-broken-for-24-days/]] |AWS_SNS Outage|
===
* __Reports, Surveys, Studies, Publications__
** Reports: State of Container and Kubernetes Security (//StackRox//) • Google Cloud Buckets Exposed in Rampant Misconfiguration (//CompariTech//)+++^*[»]
|2020.09.23|//StackRox//|[[State of Container and Kubernetes Security - Fall 2020|https://security.stackrox.com/thanks-download-state-of-container-and-kubernetes-security-fall-2020.html]]|Report|
|2020.09.23|//StackRox//| → [[Top 5 takeaways from the latest Kubernetes security report|https://www.stackrox.com/post/2020/09/top-5-takeaways-from-the-latest-kubernetes-security-report/]]|Report|
|2020.09.23|Container Journal| → [[StackRox State of Container and Kubernetes Security Report Reveals Rapid Growth across Container and Kubernetes Adoption, Security Incidents, and DevSecOps Initiatives|https://containerjournal.com/news/news-releases/stackrox-state-of-container-and-kubernetes-security-report-reveals-rapid-growth-across-container-and-kubernetes-adoption-security-incidents-and-devsecops-initiatives/]]|Report|
|>|>|>|!|
|2020.09.22|//CompariTech//|[[6% of all Google Cloud Buckets are vulnerable to unauthorized access|https://www.comparitech.com/blog/information-security/google-cloud-buckets-unauthorized-access-report/]] |Report GCP|
|2020.09.22|//Threatpost//| → [[Google Cloud Buckets Exposed in Rampant Misconfiguration|https://threatpost.com/google-cloud-buckets-exposed-misconfiguration/159429/]]|Report GCP|
===
** Studies: Compliance Benchmarks+++^*[»]
|2020.09.25|SANS|[[Compliance Benchmarks using Cloud Custodian|https://www.sans.org/reading-room/whitepapers/cloud/compliance-benchmarks-cloud-custodian-39830]] (Vishnu Varma)|SANS Compliance|
===
* __Cloud Services Providers, Tools__
** AWS: AWS IAM Explained • AWS perspectives • AWS WAF, SSO and AAD, Secrets Management, Forensics, Lambda Handbook...+++^*[»]
|2020.09.23|Bug Bounty Writeup|[[AWS IAM explained for Red and Blue teams|https://medium.com/bugbountywriteup/aws-iam-explained-for-red-and-blue-teams-2dda8b20fbf7]]|AWS IAM|
|2020.09.24|//Amazon AWS//|[[Design patterns to access cross-account secrets stored in AWS Secrets Manager|https://aws.amazon.com/blogs/database/design-patterns-to-access-cross-account-secrets-stored-in-aws-secrets-manager/]]|AWS Secrets_Management|
|2020.09.24|//Amazon AWS//|[[AWS Perspective|https://aws.amazon.com/solutions/implementations/aws-perspective/]]|AWS Inventory Tools|
|2020.09.21|//Amazon AWS//|[[Automatically updating AWS WAF Rule in real time using Amazon EventBridge|https://aws.amazon.com/blogs/security/automatically-updating-aws-waf-rule-in-real-time-using-amazon-eventbridge/]]|AWS WAF Automation|
|2020.09.22|//Amazon AWS//|[[On-Demand SCIM provisioning of Azure AD to AWS SSO with PowerShell|https://aws.amazon.com/blogs/security/on-demand-scim-provisioning-of-azure-ad-to-aws-sso-with-powershell/]]|AWS_SSO AzureAD|
|2020.09.21|//Amazon AWS//|[[AWS Digital Forensics Automation at Goldman Sachs - AWS Online Tech Talks|https://www.youtube.com/watch?v=CR4_a-TO_gw]] (vidéo)|AWS Forensics|
|2020.09.22|//Dashbird//|[[The Complete AWS Lambda Handbook for Beginners (Part 2)|https://dashbird.io/blog/complete-aws-lambda-handbook-beginners-part-2/]] (2/2)|AWS_Lambda|
===
** Azure: Microsoft Defender for 365 and Azure Cloud • Azure IoT • Azure AD+++^*[»]
|2020.09.23|//MSSP Alert//|[[Microsoft Defender for 365 and Azure Cloud: 7 Cybersecurity Services to Know|https://www.msspalert.com/cybersecurity-services-and-products/microsoft-defender-cloud-services-details/]]|Products M365 Microsoft_Defender|
|2020.09.23|//Microsoft Azure//|[[Azure Defender for IoT: Agentless Security for OT|https://techcommunity.microsoft.com/t5/microsoft-security-and/azure-defender-for-iot-agentless-security-for-ot/ba-p/1698679]]|Azure IoT|
|2020.09.23|Dark Reading|[[Microsoft's Azure Defender for IoT Uses CyberX Tech|https://www.darkreading.com/iot/microsofts-azure-defender-for-iot-uses-cyberx-tech/d/d-id/1338996]]|Azure IoT|
|2020.09.24|//Microsoft Azure//|[[How Azure IoT enables business resilience|https://azure.microsoft.com/blog/how-azure-iot-enables-business-resilience/]]|Azure IoT|
|2020.09.22|//Microsoft Azure//|[[What's new in Azure Active Directory at Microsoft Ignite 2020|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/what-s-new-in-azure-active-directory-at-microsoft-ignite-2020/ba-p/1257373]]|AzureAD|
===
** GCP: Chronicle Detect, a new Threat-Detection Service • Kubernetes Ingress+++^*[»]
|2020.09.23|//Google Cloud//|[[Modern detection for modern threats: Changing the game on today's threat actors|https://cloud.google.com/blog/products/identity-security/introducing-chronicle-detect-from-google-cloud]]|GCP Detection|
|2020.09.23|//Google Cloud//| → [[Introducing Chronicle Detect|https://medium.com/@chroniclesec/introducing-chronicle-detect-ef16dd324434]]|GCP Detection|
|2020.09.23||[[Anton Chuvakin| → [[Chronicle Detect is Here|https://medium.com/anton-on-security/chronicle-detect-is-here-63a779679e56]]|GCP Detection|
|2020.09.23|MSSP Alert| → [[Google Chronicle Introduces Threat Detection Solution|https://www.msspalert.com/cybersecurity-services-and-products/google-chronicle-threat-detection-solution/]]|GCP Detection|
|2020.09.23|//Google Cloud//|[[Kubernetes Ingress Goes GA|https://opensource.googleblog.com/2020/09/kubernetes-ingress-goes-ga.html]]|K8s Ingress|
===
** Kubernetes: Best Pracices • Misconfigurations+++^*[»]
|2020.09.25|Container Journal|[[10 Best Practices Worth Implementing to Adopt Kubernetes|https://containerjournal.com/topics/container-management/10-best-practices-worth-implementing-to-adopt-kubernetes/]]|K8s Best_Practices|
|2020.09.23|Container Journal|[[Misconfigurations Tops List of Security Issues Hampering Kubernetes|https://containerjournal.com/topics/container-security/misconfigurations-tops-list-of-security-issues-hampering-kubernetes/]]|Report|
===
** Docker: Worm in Python • Image Security in Less than 5 Minutes+++^*[»]
|2020.09.23|0x00Sec|[[Docker Worm in Python|https://0x00sec.org/t/docker-worm-in-python/23268/1]]|PoC Docker Worm|
|2020.09.24|//Anchore//|[[Docker Image Security in 5 Minutes or Less|https://anchore.com/blog/docker-image-security-in-5-minutes-or-less-2/]]|Docker Image|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcasts: 'What is Security Chaos Engineering?'+++^*[»]
|2020.09.27|Cloud Security Podcast|[[What is Security Chaos Engineering? - Jerome Walter, Security Modernisation|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-IS-SECURITY-CHAOS-ENGINEERING----JEROME-WALTER--SECURITY-MODERNISATION-ek7umv]]|Podcast|
===
** Newsletters: TL;DR Security #53 • The Cloud Security Reading List #56+++^*[»]
|2020.09.23|TL;DR Security|[[#53 - OneFuzz, Program Analysis, Ring Alarm Teardown|https://tldrsec.com/blog/tldr-sec-053/]] |Weekly_Newsletter|
|2020.09.27|Marco Lancini|[[The Cloud Security Reading List #56|https://cloudseclist.com/issues/issue-56/]] |Weekly_Newsletter|
===
* __Market, Acquisitions__
** Acquisitions: Preempt Security by Crowdstrike+++^*[»]
|2020.09.23|//CrowdStrike//|[[CrowdStrike to Acquire Preempt Security to Offer Customers Enhanced Zero Trust Security Capabilities|https://www.crowdstrike.com/press-releases/crowdstrike-acquires-preempt-security/]]|Acquisition|
|2020.09.23|//CrowdStrike//| → [[CrowdStrike Plans to Advance Zero Trust Capabilities with Acquisition of Preempt Security|https://www.crowdstrike.com/blog/crowdstrike-advances-zero-trust-capabilities-with-preempt-acquisition/]]|Acquisition|
|2020.09.24|MSSP Alert| → [[CrowdStrike Acquires Zero Trust Access Provider Preempt Security|https://www.msspalert.com/investments/crowdstrike-acquires-zero-trust-access-provider-preempt-security/]]|Acquisition|
===
* __Miscellaneous__
** The rise of a European soverign Cloud+++^*[»]
|2020.09.25|//Lexing//[>img[iCSF/flag_fr.png]]|[[L'émergence d'un cloud souverain européen : Gaia-X|https://www.alain-bensoussan.com/avocats/emergence-cloud-souverain-europeen/2020/09/25/]]|Gaia-X|
||Revue Lamy Droit de l'immatériel| → [[L'émergence d'un cloud souverain européen|https://www.alain-bensoussan.com/wp-content/uploads/2020/09/LamyRLDI173_ELQ-37-39.pdf]]|Gaia-X|
===
** Quantum Computing+++^*[»]
|2020.09.24|CISO Mag|[[Quantum Computing: Threat to Cybersecurity?|https://cisomag.eccouncil.org/quantum-computing/]]|Quantum Threats|
===
** Passwordless Information Sharing+++^*[»]
|2020.09.22|Christophe Parisel|[[Passwordless information sharing|https://www.linkedin.com/pulse/passwordless-information-sharing-christophe-parisel/]]|IAM Access|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K9R/|https://CloudSecurityAlliance.fr/go/K9R/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 21 au 27 septembre 2020
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.09.27|
|2020.09.27|Marco Lancini|[[The Cloud Security Reading List #56|https://cloudseclist.com/issues/issue-56/]] |Weekly_Newsletter|
|2020.09.27|Cloud Security Podcast|[[What is Security Chaos Engineering? - Jerome Walter, Security Modernisation|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-IS-SECURITY-CHAOS-ENGINEERING----JEROME-WALTER--SECURITY-MODERNISATION-ek7umv]]|Podcast|
|>|>|>|!2020.09.26|
|2020.09.26|Aidan Steele|[[AWS Access Key ID formats|https://awsteele.com/blog/2020/09/26/aws-access-key-format.html]]|AWS Access_Key|
|2020.09.26|//Cloud Management Insider//|[[Cloud Migration for Businesses Can Be a Challenge, Greenfield Migration Explained|https://www.cloudmanagementinsider.com/cloud-migration-for-businesses-can-be-a-challenge-greenfield-migration-explained/]]|Migration|
|2020.09.26|//Oracle Cloud//|[[Leveraging the NIST Cybersecurity Framework for DevSecOps|https://blogs.oracle.com/cloudsecurity/leveraging-the-nist-cybersecurity-framework-for-devsecops]]|
|2020.09.26|//Microsoft Azure//|[[Azure AD Mailbag: Frequent questions about using device-based Conditional Access for remote work|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-mailbag-frequent-questions-about-using-device-based/ba-p/1257344]]|AzureAD|
|>|>|>|!2020.09.25|
|2020.09.25|//Lexing//[>img[iCSF/flag_fr.png]]|[[L'émergence d'un cloud souverain européen : Gaia-X|https://www.alain-bensoussan.com/avocats/emergence-cloud-souverain-europeen/2020/09/25/]]|Gaia-X|
||Revue Lamy Droit de l'immatériel[>img[iCSF/flag_fr.png]]| → [[L'émergence d'un cloud souverain européen|https://www.alain-bensoussan.com/wp-content/uploads/2020/09/LamyRLDI173_ELQ-37-39.pdf]]|Gaia-X|
|2020.09.25|SANS|[[Compliance Benchmarks using Cloud Custodian|https://www.sans.org/reading-room/whitepapers/cloud/compliance-benchmarks-cloud-custodian-39830]] (Vishnu Varma)|SANS Compliance|
|2020.09.25|Dark Reading|[[Getting Over the Security-to-Business Communication Gap in DevSecOps|https://www.darkreading.com/cloud/getting-over-the-security-to-business-communication-gap-in-devsecops/d/d-id/1339014]]|DevSecOps|
|2020.09.25|Container Journal|[[10 Best Practices Worth Implementing to Adopt Kubernetes|https://containerjournal.com/topics/container-management/10-best-practices-worth-implementing-to-adopt-kubernetes/]]|K8s Best_Practices|
|2020.09.25|BetaNews|[[Q&A: Moving business securely to the cloud|https://betanews.com/2020/09/25/cloud-security-qa/]]|Misc|
|2020.09.25|TelecomPaper|[[Norwegian security agency expresses concern at dependence on foreign cloud services|https://www.telecompaper.com/news/norwegian-security-agency-expresses-concern-at-dependence-on-foreign-cloud-services--1355465]]|Norway Sovereignty|
|2020.09.25|TechBeacon|[[3 critical multi-cloud security strategy requirements|https://techbeacon.com/security/3-critical-multi-cloud-security-strategy-requirements]]|Multi_Cloud|
|2020.09.25|Solutions Review|[[The Best Online Google Cloud Courses and Training|https://solutionsreview.com/cloud-platforms/the-best-online-google-cloud-courses-and-training/]]|Resources GCP|
|2020.09.25|Karim El Melhaoui|[[CloudFormer review part I - The stack|https://blog.karims.cloud/2020/09/25/cloudformer-review-part-1.html]]|
|2020.09.25|//ESET//|[[5 tips for better Google Drive security|https://www.welivesecurity.com/2020/09/25/5-tips-better-google-drive-security/]]|Google_Drive|
|2020.09.25|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of rsync|https://blog.rapid7.com/2020/09/25/nicer-protocol-deep-dive-internet-exposure-of-rsync/]]|Report Rsync|
|2020.09.25|//Fugue//|[[Cloud Network Security 101: Azure Private Link & Private Endpoints|https://www.fugue.co/blog/cloud-network-security-101-azure-private-link-private-endpoints]] (2/3)|Azure Networks|
|2020.09.25|//Sysdig//|[[How to monitor Istio, the Kubernetes service mesh|https://sysdig.com/blog/monitor-istio/]]|K8s Istio|
|2020.09.25|//Red Hat//|[[Rootless containers with Podman: The basics|https://developers.redhat.com/blog/2020/09/25/rootless-containers-with-podman-the-basics/]]|Containers|
|2020.09.29|//Red Hat//|[[A Linux sysadmin's introduction to cgroups|https://www.redhat.com/sysadmin/cgroups-part-one]] (1/4)|Containers|
|2020.09.29|//Amazon AWS//|[[Designing a secure container image registry|https://aws.amazon.com/blogs/containers/designing-a-secure-container-image-registry/]]|Containers Registry|
|>|>|>|!2020.09.24|
|2020.09.24|Zythom[>img[iCSF/flag_fr.png]]|[[Mon PC dans le Cloud|https://zythom.fr/2020/09/mon-pc-dans-le-cloud/]]|Misc|
|2020.09.24|European Commission|![[Digital Finance Package: Commission sets out new, ambitious approach to encourage responsible innovation to benefit consumers and businesses|https://ec.europa.eu/commission/presscorner/detail/en/IP_20_1684]] |Europe Incidents Reporting|
|2020.09.24|European Commission| → [[Digital Operational Resilience Act (DORA)|https://ec.europa.eu/finance/docs/law/200924-digital-operational-resilience-proposal_en.pdf]]|Europe Incidents Reporting|
|2020.09.24|Politico| → [[EU cloud regulation opens new front with US tech giants|https://www.politico.eu/article/eu-cloud-new-front-with-us-tech-giants/]] ([[draft|https://www.politico.eu/wp-content/uploads/2020/09/Clean-Dora-post-ISC-mid-August-2020.pdf]])|Europe Incidents Reporting|
|2020.09.25|CBR Online| → [[Europe Sharpens IT Incident Reporting Requirements, Puts Cloud SLAs Under Microscope|https://www.cbronline.com/news/digital-operational-resilience-act]]|Europe Incidents Reporting|
|2020.09.24|Cloudonaut|![[I'm losing trust in AWS. SNS is broken for 24 days|https://cloudonaut.io/loosing-trust-in-aws-sns-broken-for-24-days/]] |AWS_SNS Outage|
|2020.09.24|ShellHacks|[[AWS CLI: S3 'ls' - List Buckets & Objects (Contents)|https://www.shellhacks.com/aws-cli-s3-ls-list-buckets-objects-contents/]]|AWS_S3 CLI|
|2020.09.24|DZone|[[Top 4 Post Cloud Migration Risks to Look For|https://dzone.com/articles/top-4-post-cloud-migration-risks-to-look-for]]|Migration|
|2020.09.24|CISO Mag|[[Quantum Computing: Threat to Cybersecurity?|https://cisomag.eccouncil.org/quantum-computing/]]|Quantum Threats|
|2020.09.24|//Microsoft//|![[Microsoft Security - detecting empires in the cloud|https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/]] |APT APT_40|
|2020.09.24|Bleeping Computer| → [[Microsoft disrupts nation-state hacker op using Azure Cloud service|https://www.bleepingcomputer.com/news/security/microsoft-disrupts-nation-state-hacker-op-using-azure-cloud-service/]]|APT APT_40|
|2020.09.25|//Threatpost//| → [[Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks|https://threatpost.com/microsoft-azure-chinese-hackers/159551/]]|APT APT_40|
|2020.09.27|Security Week| → [[Microsoft Says China-Linked Hackers Abused Azure in Attacks|https://www.securityweek.com/microsoft-says-china-linked-hackers-abused-azure-attacks]]|APT APT_40|
|2020.09.24|//Amazon AWS//|[[AWS Perspective|https://aws.amazon.com/solutions/implementations/aws-perspective/]]|AWS Inventory Tools|
|2020.09.24|//Amazon AWS//|[[Design patterns to access cross-account secrets stored in AWS Secrets Manager|https://aws.amazon.com/blogs/database/design-patterns-to-access-cross-account-secrets-stored-in-aws-secrets-manager/]]|AWS Secrets_Management|
|2020.09.24|//Amazon AWS//|[[Preview: Anomaly Detection and alerting now available in AWS Cost Management|https://aws.amazon.com/blogs/aws-cost-management/preview-anomaly-detection-and-alerting-now-available-in-aws-cost-management/]]|AWS Anomaly_Detection|
|2020.09.24|//Microsoft Azure//|[[How Azure IoT enables business resilience|https://azure.microsoft.com/blog/how-azure-iot-enables-business-resilience/]]|Azure IoT|
|2020.09.24|//Anchore//|[[Docker Image Security in 5 Minutes or Less|https://anchore.com/blog/docker-image-security-in-5-minutes-or-less-2/]]|Docker Image|
|2020.09.24|//Morphisec//|[[Cloud Workload Security Needs a Proactive Approach to Processes and Technology|https://blog.morphisec.com/cloud-workload-security-needs-a-proactive-approach]]|Workloads|
|2020.09.24|//Capsule8//|[[Q&A: Secure Cloud Migration During a Crisis|https://capsule8.com/blog/qa-on-cloud-migration/]]|Migration|
|2020.09.24|//Cloud Management Insider//|[[Cloud Security Alliance Report Lists Major Cloud Security Threats, Analyzes Top Recent Breaches|https://www.cloudmanagementinsider.com/cloud-security-alliance-report-lists-major-cloud-security-threats-analyzes-top-recent-breaches/]]|CSA|
|2020.09.24|//Alcide//|[[Securing Kubernetes Deployments From Runway To Take-off|https://blog.alcide.io/securing-kubernetes-deployments-from-runway-to-take-off]]|K8s|
|2020.09.24|//Zscaler//|[[Five Data Protection Challenges and How to Combat Them|https://www.zscaler.com/blogs/corporate/five-data-protection-challenges-and-how-combat-them]]|Data_Protection|
|2020.09.24|//CipherCloud//|[[CipherCloud Chronicles #5: Insights Investigate|https://www.ciphercloud.com/ciphercloud-chronicles-5-insights-investigate/]]|CASB|
|2020.09.24|//Baidu//|[[Baidu announces Quantum Leaf, a cloud-based quantum infrastructure service|https://siliconangle.com/2020/09/23/baidu-announces-quantum-leaf-cloud-based-quantum-infrastructure-service/]]|Quantum|
|2020.09.24|//Caylent//|~~[[Insights from Flexera's State of Cloud 2020 Report|https://caylent.com/insights-from-flexeras-state-of-cloud-2020-report]]~~|Report Obsolete|
|>|>|>|!2020.09.23|
|2020.09.23|TL;DR Security|[[#53 - OneFuzz, Program Analysis, Ring Alarm Teardown|https://tldrsec.com/blog/tldr-sec-053/]] |Weekly_Newsletter|
|2020.09.23|Bug Bounty Writeup|[[AWS IAM explained for Red and Blue teams|https://medium.com/bugbountywriteup/aws-iam-explained-for-red-and-blue-teams-2dda8b20fbf7]]|AWS IAM|
|2020.09.23|Security Week|[[Google Patches Privilege Escalation Vulnerability in Cloud Service|https://www.securityweek.com/google-patches-privilege-escalation-vulnerability-cloud-service]]|GCP Flaw|
||Imre Rad| → [[Proof of concept about the privilege escalation flaw identified in Google's Osconfig|https://github.com/irsl/google-osconfig-privesc]]|GCP Flaw|
||//Google Cloud//| → [[Google OS Config Agent|https://github.com/GoogleCloudPlatform/osconfig]]|GCP Flaw|
|2020.09.23|0x00Sec|[[Docker Worm in Python|https://0x00sec.org/t/docker-worm-in-python/23268/1]]|PoC Docker Worm|
|2020.09.23|Container Journal|[[Cloud Security Alliance Releases Top? ?Threats? ?to? ?Cloud? ?Computing:? ?Egregious? 11? Deep? ?Dive?; Articulates Cloud Computing's Most Significant Issues?|https://containerjournal.com/news/news-releases/cloud-security-alliance-releases-top%e2%80%8c-%e2%80%8cthreats%e2%80%8c-%e2%80%8cto%e2%80%8c-%e2%80%8ccloud%e2%80%8c-%e2%80%8ccomputing%e2%80%8c-%e2%80%8cegregious%e2%80%8c-11%e2%80%8c-deep%e2%80%8c/]]|CSA|
|2020.09.23|Container Journal|[[How CSPM Can Help Secure Cloud-Native|https://containerjournal.com/topics/container-security/how-cspm-can-help-secure-cloud-native/]]|CSPM|
|2020.09.23|Container Journal|[[Misconfigurations Tops List of Security Issues Hampering Kubernetes|https://containerjournal.com/topics/container-security/misconfigurations-tops-list-of-security-issues-hampering-kubernetes/]]|Report|
|2020.09.23|Cyberwar Zone|[[PaaS malware: A hub for criminals|https://cyberwarzone.com/paas-malware-a-hub-for-criminals/]]|PaaS Malware|
|2020.09.23|BetaNews|[[Analysis of attacks reveals the top threats to cloud computing|https://betanews.com/2020/09/23/cloud-computing-top-threats/]]|CSA|
|2020.09.23|Michael Irwin|[[EKS Pod Identity Webhook Deep-Dive|https://blog.mikesir87.io/2020/09/eks-pod-identity-webhook-deep-dive/]]|AWS EKS|
|2020.09.23|Lexology|[[Clouds without borders: the dangers of non-localized cloud contracts|https://www.lexology.com/library/detail.aspx?g=83ebc35c-027d-4d3d-ad52-a90967c50c9e]]|Contracts|
|2020.09.23|InfoSec Write-Ups|[[Dangling DNS: AWS EC|https://infosecwriteups.com/dangling-dns-aws-ec2-e2d801701e8]]|AWS DNS|
|2020.09.23|//StackRox//|[[State of Container and Kubernetes Security - Fall 2020|https://security.stackrox.com/thanks-download-state-of-container-and-kubernetes-security-fall-2020.html]]|Report|
|2020.09.23|//StackRox//| → [[Top 5 takeaways from the latest Kubernetes security report|https://www.stackrox.com/post/2020/09/top-5-takeaways-from-the-latest-kubernetes-security-report/]]|Report|
|2020.09.23|Container Journal| → [[StackRox State of Container and Kubernetes Security Report Reveals Rapid Growth across Container and Kubernetes Adoption, Security Incidents, and DevSecOps Initiatives|https://containerjournal.com/news/news-releases/stackrox-state-of-container-and-kubernetes-security-report-reveals-rapid-growth-across-container-and-kubernetes-adoption-security-incidents-and-devsecops-initiatives/]]|Report|
|2020.09.23|//MSSP Alert//|[[Microsoft Defender for 365 and Azure Cloud: 7 Cybersecurity Services to Know|https://www.msspalert.com/cybersecurity-services-and-products/microsoft-defender-cloud-services-details/]]|Products M365 Microsoft_Defender|
|2020.09.23|//Google Cloud//|[[Modern detection for modern threats: Changing the game on today's threat actors|https://cloud.google.com/blog/products/identity-security/introducing-chronicle-detect-from-google-cloud]]|GCP Detection|
|2020.09.23|//Google Cloud//| → [[Introducing Chronicle Detect|https://medium.com/@chroniclesec/introducing-chronicle-detect-ef16dd324434]]|GCP Detection|
|2020.09.23|//Silicon Angle//| → [[Google Cloud Chronicle's new threat detection service promises speed and scale|https://siliconangle.com/2020/09/23/google-cloud-chronicles-new-threat-detection-service-promises-speed-scale/]]|GCP Detection|
|2020.09.23||[[Anton Chuvakin| → [[Chronicle Detect is Here|https://medium.com/anton-on-security/chronicle-detect-is-here-63a779679e56]]|GCP Detection|
|2020.09.23|MSSP Alert| → [[Google Chronicle Introduces Threat Detection Solution|https://www.msspalert.com/cybersecurity-services-and-products/google-chronicle-threat-detection-solution/]]|GCP Detection|
|2020.09.23|Dark Reading| → [[Google Cloud Debuts Threat-Detection Service|https://www.darkreading.com/threat-intelligence/google-cloud-debuts-threat-detection-service/d/d-id/1339000]]|GCP Detection|
|2020.09.24|Security Week| → [[Google Launches Enterprise Threat Detection Solution|https://www.securityweek.com/google-launches-enterprise-threat-detection-solution]]|GCP Detection|
|2020.09.23|//Amazon AWS//|[[Improved client-side encryption: Explicit KeyIds and key commitment|https://aws.amazon.com/blogs/security/improved-client-side-encryption-explicit-keyids-and-key-commitment/]]|AWS Encryption|
|2020.09.23|//Google Cloud//|[[Kubernetes Ingress Goes GA|https://opensource.googleblog.com/2020/09/kubernetes-ingress-goes-ga.html]]|K8s Ingress|
|2020.09.23|//CrowdStrike//|[[CrowdStrike to Acquire Preempt Security to Offer Customers Enhanced Zero Trust Security Capabilities|https://www.crowdstrike.com/press-releases/crowdstrike-acquires-preempt-security/]]|Acquisition|
|2020.09.23|//CrowdStrike//| → [[CrowdStrike Plans to Advance Zero Trust Capabilities with Acquisition of Preempt Security|https://www.crowdstrike.com/blog/crowdstrike-advances-zero-trust-capabilities-with-preempt-acquisition/]]|Acquisition|
|2020.09.24|MSSP Alert| → [[CrowdStrike Acquires Zero Trust Access Provider Preempt Security|https://www.msspalert.com/investments/crowdstrike-acquires-zero-trust-access-provider-preempt-security/]]|Acquisition|
|2020.09.24|Dark Reading| → [[CrowdStrike Agrees to Acquire Preempt Security for $96M |https://www.darkreading.com/endpoint/crowdstrike-agrees-to-acquire-preempt-security-for-$96m-/d/d-id/1339006]]|Acquisition|
|2020.09.23|//Forcepoint//|[[Forcepoint Game Plan Video Series - Cloud Security with Nico Popp|https://www.forcepoint.com/blog/insights/cloud-security-game-plan-cpo-nico-popp]]|Education|
|2020.09.23|//Forcepoint//| → vidéos : [[SASE|https://www.youtube.com/watch?v=9HsdFofZKQI]], [[Private Access|https://www.youtube.com/watch?v=r9pOAMZ3TcM]], [[Cloud Security gateway|https://www.youtube.com/watch?v=RuQcBCH1nsc]], [[Dynamic User Protection (DUP)|https://www.youtube.com/watch?v=ZdkW7fz3LVg]])|Education|
|2020.09.23|//Microsoft Azure//|[[Azure Defender for IoT: Agentless Security for OT|https://techcommunity.microsoft.com/t5/microsoft-security-and/azure-defender-for-iot-agentless-security-for-ot/ba-p/1698679]]|Azure IoT|
|2020.09.23|Dark Reading|[[Microsoft's Azure Defender for IoT Uses CyberX Tech|https://www.darkreading.com/iot/microsofts-azure-defender-for-iot-uses-cyberx-tech/d/d-id/1338996]]|Azure IoT|
|2020.09.24|//Eleven Paths//|[[SASE:The future of networks and security is now here|https://www.elevenpaths.com/wp-content/uploads/2020/09/Paper-SASE-EN.pdf]]|SASE|
|2020.09.23|//TrustedSec//|[[Azure Account Hijacking using mimikatz's lsadump::setntlm|https://www.trustedsec.com/blog/azure-account-hijacking-using-mimikatzs-lsadumpsetntlm/]]|Azure Hijacking|
|2020.09.23|//Amazon AWS//|[[How to add DNS filtering to your NAT instance with Squid|https://aws.amazon.com/blogs/security/how-to-add-dns-filtering-to-your-nat-instance-with-squid/]]|AW Squid Filtering|
|2020.09.23|//Netskope//|[[SASE and TLS 1.3, Part 1: What does it mean to "support" TLS 1.3?|https://www.netskope.com/blog/sase-and-tls-1-3-part-1-what-does-it-mean-to-support-tls-1-3]] (1/2)|SASE TLS|
|2020.09.23|//Centilytics//|[[Pain Points of an MSP in Today's Cloud World|https://blogs.centilytics.com/pain-points-of-an-msp-in-todays-cloud-world/]]|MSP|
|2020.09.23|//Palo Alto Networks//|[[Securing Remote Work: Prisma Access and Prisma Cloud With Azure AD|https://blog.paloaltonetworks.com/2020/09/sase-azure-ad/]]|Products AzureAD|
|2020.09.23|//Sailpoint//|[[Dimensional Research Global Survey of Executives and Governance Professionals|https://www.sailpoint.com/identity-library/state-of-iaas-cloud-infrastructure-security-governance-report/]]|Report|
|2020.09.24|//Sailpoint//| → [[Three Key Findings from SailPoint's State of IaaS Report|https://www.sailpoint.com/blog/three-key-findings-from-sailpoints-state-of-iaas-report/]]|Report|
|2020.10.11|CISO Mag| → [[How Lack of Visibility Over IaaS Cloud Infrastructure Fuels Cyberattacks|https://cisomag.eccouncil.org/iaas-cloud-infrastructure/]]|Report|
|2020.09.23|//Outpost24//|[[Container inspection: walking the security tight rope for cloud DevOps|https://outpost24.com/blog/Container-inspection-walking-the-security-tight-rope-for-cloud-DevOps]]|Containers DevSecOps|
|>|>|>|!2020.09.22|
|2020.09.22|Silicon[>img[iCSF/flag_fr.png]]|[[Télétravail : la flambée d'attaques dans le Cloud montre que les entreprises n'étaient pas prêtes|https://www.silicon.fr/avis-expert/teletravail-la-flambee-dattaques-dans-le-cloud-montre-que-les-entreprises-netaient-pas-pretes]]|Report|
|2020.09.22|Christophe Parisel|[[Passwordless information sharing|https://www.linkedin.com/pulse/passwordless-information-sharing-christophe-parisel/]]|IAM Access|
|2020.09.22|Dark Reading|[[Microsoft Extends Data Loss Prevention to Cloud App Security|https://www.darkreading.com/cloud/microsoft-extends-data-loss-prevention-to-cloud-app-security/d/d-id/1338981]]|Azure DLP|
|2020.09.22|CBR Online|[[Cloud Operational Excellence Guardrails to Avoid Cloud Misconfigurations|https://www.cbronline.com/whitepapers/cloud-operational-excellence-guardrails-to-avoid-cloud-misconfigurations/]]|Misconfigurations|
|2020.09.22|CBR Online|[[Cloud Migration: Achieve More Together with Four Security Considerations|https://www.cbronline.com/whitepapers/cloud-migration-achieve-more-together-with-four-security-considerations/]]|Misc|
|2020.09.22|//CompariTech//|[[6% of all Google Cloud Buckets are vulnerable to unauthorized access|https://www.comparitech.com/blog/information-security/google-cloud-buckets-unauthorized-access-report/]] |Report GCP|
|2020.09.22|//Threatpost//| → [[Google Cloud Buckets Exposed in Rampant Misconfiguration|https://threatpost.com/google-cloud-buckets-exposed-misconfiguration/159429/]]|Report GCP|
|2020.09.22|//Not So Secure//|[[Security Architecture Review Of A Cloud Native Environment|https://notsosecure.com/security-architecture-review-of-a-cloud-native-environment/]]|Cloud_Native Architecture|
|2020.09.22|//Anchore//|[[The Importance of Building Trust in Cloud Security, A Shared Responsibility With DevOps Teams|https://anchore.com/blog/the-importance-of-building-trust-in-cloud-security-a-shared-responsibility-with-devops-teams/]]|Shared_Responsibility|
|2020.09.22|//AlienVault//|[[Why misconfigurations are such an issue in your containers and Kubernetes|https://cybersecurity.att.com/blogs/security-essentials/why-misconfigurations-are-such-an-issue-in-your-containers-and-kubernetes]]|Misconfigurations Containers|
|2020.09.22|//Microsoft Azure//|[[Enterprise grade Kubernetes on Azure|https://techcommunity.microsoft.com/t5/azure-developer-community-blog/enterprise-grade-kubernetes-on-azure/ba-p/1659386]]|Azure Kubernetes|
|2020.09.22|//Microsoft Azure//|[[Azure Security Benchmark v2 is now available with expanded security control assessments|https://techcommunity.microsoft.com/t5/azure-security-center/azure-security-benchmark-v2-is-now-available-with-expanded/ba-p/1689883]]|Azure Benchmark|
|2020.09.22|//Amazon AWS//|[[Improving security as part of accelerated data center migrations|https://aws.amazon.com/blogs/security/improving-security-as-part-of-accelerated-data-center-migrations/]]|AWS|
|2020.09.22|//Amazon AWS//|[[On-Demand SCIM provisioning of Azure AD to AWS SSO with PowerShell|https://aws.amazon.com/blogs/security/on-demand-scim-provisioning-of-azure-ad-to-aws-sso-with-powershell/]]|AWS_SSO AzureAD|
|2020.09.22|//Dashbird//|[[The Complete AWS Lambda Handbook for Beginners (Part 2)|https://dashbird.io/blog/complete-aws-lambda-handbook-beginners-part-2/]] (2/2)|AWS_Lambda|
|2020.09.22|//Microsoft Azure//|[[What's new in Azure Active Directory at Microsoft Ignite 2020|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/what-s-new-in-azure-active-directory-at-microsoft-ignite-2020/ba-p/1257373]]|AzureAD|
|2020.09.22|//Microsoft Azure//|[[Protect multi-cloud workloads with new Azure security innovations|https://azure.microsoft.com/blog/protect-multicloud-workloads-with-new-azure-security-innovations/]]|Azure MultiCloud|
|2020.09.22|//Microsoft Azure//|[[Cross-region load balancer (Preview)|https://docs.microsoft.com/en-us/azure/load-balancer/cross-region-overview]]|Azure Architecture|
|2020.09.22|//Microsoft//|[[Microsoft announces cloud innovation to simplify security, compliance, and identity|https://www.microsoft.com/security/blog/2020/09/22/microsoft-announces-cloud-innovation-to-simplify-security-compliance-and-identity/]]|Products|
|2020.09.22|//Microsoft//|[[Microsoft delivers unified SIEM and XDR to modernize security operations|https://www.microsoft.com/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations/]]|SIEM XDR|
|2020.09.22|//Microsoft Azure//|[[Top 10 Best Practices for Azure Security|https://www.youtube.com/watch?v=g0hgtxBDZVE]]|Azure Best_Practices|
|>|>|>|!2020.09.21|
|2020.09.21|Lawfare|![[A Few Questions on Cybersecurity and the Cloud|https://www.lawfareblog.com/few-questions-cybersecurity-and-cloud]] |Strategy Governance Policy|
|2020.09.21|CIO Dive|[[How cloud threat protection takes on shadow IT|https://www.ciodive.com/news/gartner-cloud-security-shadow-IT-applications/585564/]]|Shadow_IT CASB Gartner|
|2020.09.21|IT Web|[[The new security perimeter is in the cloud|https://www.itweb.co.za/content/kLgB1Me81V1759N4]]|Perimeter|
|2020.09.21|//Anton Chuvakin//|[[Can We Have "Detection as Code"?|https://medium.com/anton-on-security/can-we-have-detection-as-code-96f869cfdc79]]|Detection Code|
|2020.09.21|//Amazon AWS//|[[AWS Digital Forensics Automation at Goldman Sachs - AWS Online Tech Talks|https://www.youtube.com/watch?v=CR4_a-TO_gw]] (vidéo)|AWS Forensics|
|2020.09.21|//Amazon AWS//|[[Automatically updating AWS WAF Rule in real time using Amazon EventBridge|https://aws.amazon.com/blogs/security/automatically-updating-aws-waf-rule-in-real-time-using-amazon-eventbridge/]]|AWS WAF Automation|
|2020.09.21|//Microsoft Azure//|[[Configure an AKS cluster|https://docs.microsoft.com/en-us/azure/aks/cluster-configuration]]|Azure_AKS|
|2020.09.21|//Oracle Cloud//|[[Remaining Vigilant: Security Scanning Throughout the Oracle SaaS Application Lifecycle|https://blogs.oracle.com/cloudsecurity/remaining-vigilant%3a-security-scanning-throughout-the-oracle-saas-application-lifecycle]]|SaaS Scanning|
|2020.09.21|//HashiCorp//|[[Dynamic Secrets Retrieval in Azure App Service with HashiCorp Vault|https://www.hashicorp.com/resources/dynamic-secrets-retrieval-in-azure-app-service-with-hashicorp-vault]]|Azure Secrets|
|2020.09.21|//Prevasio//|[[Don't Neglect Runtime Container Security|https://blog.prevasio.com/2020/09/dont-neglect-runtime-container-security.html]]|Container|
<<tiddler [[arOund0C]]>>
!"//A "New" Threat in the Security Landscape//"
Article publié le 27 septembre 2020 — Rédigé par Dr. Itan Barmes, Cryptography Expert, Deloitte Cyber Risk Services
<<<
!!//''A "new" threat in the security landscape''//[>img(150px,auto)[iCSA/K9TBT.jpg]]
//The cyber security landscape is becoming more complex with the regular introduction of new threat vectors. A cyber threat that is now gaining more attention is the potential ability of a large-scale quantum computer to break a significant part of the cryptography we currently use, undermining our digital security. This threat was identified in 1994 when Peter Shor introduced his famous "Shor's algorithm", but for many years was considered an academic discussion. Even though the realization of a large-scale quantum computer is still far in the future, recent progress in this field raises the question of how to deal with this potential threat.
!!Magnitude of the problem
Quantum computers are not the only threat to cryptography. New (non-quantum) mathematical methods and the increasing computation power of classical computers continuously reduce the security of cryptographic algorithms. However, this is typically solved by increasing the key length or migrating to more secure algorithms. The major challenge with the quantum threat is that it can significantly weaken the security of most crypto algorithms, even for very long keys. New algorithms, that are believed to be quantum-safe, are not yet fully tested and are not standardized. These algorithms also have drawbacks in performance, key length, and other properties which makes it difficult to utilize them in practice. NIST is currently in the third round of standardizing quantum-safe algorithms, however, this is a lengthy process that will take a number of years to finalize+++^*[»]
https://csrc.nist.gov/News/2020/pqc-third-round-candidate-announcement === .
An adversary with a large quantum computer today would be able to break practically all asymmetric cryptography (digital certificates, key exchange etc.) and significantly reduce the security of symmetric encryption (3DES, AES). That would be a devastating outcome. Fortunately, quantum computers are still not developed enough to perform these attacks and it is estimated that it will take at least 10 years before such attacks are feasible+++^*[»]
https://globalriskinstitute.org/publications/quantum-threat-timeline/ === . On the other hand, such a long-time scale should not tempt us to ignore this threat. Migrating to a new type of cryptography, whenever it is ready, will take a long time (e.g. think of all the cars, planes, and medical devices that will have to be replaced). Additionally, some data needs to stay confidential (such as personal information) for a time period close to or beyond the quantum horizon, so an adversary intercepting encrypted data today could compromise it when quantum computers are made available (known as a Harvest Now, Decrypt Later attack). In this event, a migration to quantum-safe cryptography should happen as soon as possible.
!!Don't be emotional, be responsible
Due to the futuristic (and even magical) nature of quantum computers, many people react emotionally to the opportunities and threats this new technology presents. Some are fascinated by its great potential and believe that it will fundamentally change our world within a few years, while others are awed by its complexity and therefore distrust its applicability. Business leaders and decision makers should step past these emotions and take a pragmatic and responsible approach. Rushing into mitigating risks without properly evaluating them can unnecessarily exhaust resources that are better spent elsewhere. Alternatively, dismissing any potential risk without proper analysis is also irresponsible. Dealing with the quantum threat should not be any different than dealing with any other cyber threat. It should be thoroughly analyzed using common risk methodologies, which will then determine the appropriate mitigation measures.
!!Evaluating the risk
The first step towards understanding quantum risk is to create a full inventory+++^*[»]
https://csrc.nist.gov/publications/detail/white-paper/2020/05/26/getting-ready-for-post-quantum-cryptography/draft === of cryptographic assets. This includes the use of cryptography in the organization but also documentation regarding policies and procedures. This might sound trivial, but in practice it can turn out to be a complex endeavor (think of, for example, legacy systems with little documentation, high volatility cloud environments and SaaS solutions). It is also imperative to determine what type of information is protected by cryptography and for how long it must stay protected.
The second step is to perform a detailed risk assessment to calculate the risk to each item in the inventory. It is important to not only focus on technology but also consider other elements such as people and process. Lack of specialized personnel and specific company policies can influence the risk as much as the technology itself.
!!Mitigating the risk
After you've inventoried your cryptography and the data it protects, your organization's security requirements determine whether the risk should be mitigated. Finding the optimal solution can also be a challenging task, as standardization of quantum safe solutions is still ongoing, and experience with these new methods is still limited. If it is not possible to wait until quantum-safe solutions are standardized, then a recommended approach is to use hybrid solutions where the level of security depends on both a classical and a quantum-safe algorithm (e.g. one of the candidates of the NIST standardization process). As long as one of the algorithms is secure, the overall security is maintained.
In general, an important element in the transition to quantum-safe cryptography is the introduction of crypto-agility. This design principle facilitates changes to the cryptography even after deployment. Even though crypto-agility does not provide by itself a solution to the quantum threat, it allows us to prepare for the transition to quantum-safe solutions once the NIST standardization process is completed. System design methodologies should incorporate crypto-agility to ensure long term security and privacy. In particular, implementing crypto-agility in hardware can result is significant cost savings as the need for future hardware replacement can be potentially avoided.
Some implementations of crypto-agility even centralize the rollout of cryptography over the entire environment. With such an approach, a system designer is no longer burdened with the details of correctly choosing cryptographic parameters and algorithms. If a specific algorithm becomes inadequate, it is managed centrally through a process that is ideally transparent to other systems. Such a platform is not only useful for mitigating quantum risk, but can ultimately also improve security by providing a centralized mechanism for cryptographic configurations.
!!Conclusion and call for action
No-one can predict how quickly quantum computers will evolve in the future and when they will impact cryptography. The plethora of opinions that sometimes incite fear, uncertainty and doubt should not divert business leaders from conducting responsible business and protecting their organization through proper risk management.
At Deloitte, we are committed to helping our clients safely navigate through the cyber threat landscape and ensure resilience of their businesses. Just like many other cases in cyber security, dealing with the quantum threat is a marathon, not a sprint. Businesses who rigorously analyze the threat and take appropriate measures will reap the benefits later. In particular, creating a cryptography inventory and implementing crypto-agility can also make your business more resilient to a broader range of cyber threats.
My advice is: Get informed, make a plan, and execute with conviction.//
[...]
<<<
__Liens :__
* Article sur le blog de la CSA
** https://cloudsecurityalliance.org/blog/2020/09/27/the-quantum-threat-to-cyber-security-how-to-prepare-for-risk-mitigation/
[>img(250px,auto)[iCSF/K9NFSC.jpg]]Dans cet article, tout ce qui est lié à la présentation intitulée "''Keynote : Panorama des attaques dans le Cloud''" délivérée le 24 septembre 2020 dans le cadre du Forum Sécurité@Cloud
J'ai surtout voulu revenir aux fondamentaux avec :
* Le document de 2009 de l'ENISA : "Cloud Computing: Benefits, Risks and Recommendations for Information Security" : il identifie la plupart des risques vus depuis
* Les publications "Top Threats" successives de la CSA (Notorious Nine, Treacherous 12, Egregious 11) de 2013 à 2020
* Des exempls d'attaques extraits de la veille hebdomadaire
* Une approche du cerle vertueux pour traiter les attaques en insistant sur le fait que cela commence avant et que c'est par un bilan/RETEX que l'on peut s'améliorer
* Les aspects d'anticipation de ces attaques
En complément : au début, une courte présentation de la CSA et à la fin, celle du Chapitre Français avec le site Web, la newsletter et la veille hebdomadaire, et CIRCLE !
__Liens :__
* Le support utilisé (format PDF) → ''[[CloudSecurityAlliance.fr/go/k9ok/|https://CloudSecurityAlliance.fr/go/k9ok/]]''
* Le lien vers la vidéo de l'intervention enregistrée par les organisateurs (à venir)
* Le programme complet 'Forum Securité@Cloud' 2020 → https://www.datacenter-cloud.com/conferences-et-ateliers/?salon[]=SECURITE
!//Cloud Security Alliance UK Chapter Annual Meeting - 2020//
[>img(300px,auto)[iCSA/CSAUK.png]]La réunion annuelle du Chapitre Britabbique de la Cloud Security Alliance s'est déroulé en ligne le mercredi 23 septembre.
Elle a commencé à 10h30 et s'est terminée à 18h40, comte-tenu du décalage horaire entre la France et le Royaume-Uni.
Elle a été enregistrée et est disponible sur YouTube.
Le programme de la journée était le suivant :
* 10:30 : Introduction / Welcome & Logistics/ Chapter Overview / Activity & Research
** UK Chapter Chair & Host
* 11:00 : Keynote Speaking Slot - Time And Risk Dimensions In Security
** Wendy Nather, Head of Advisory CISOs, Duo Security
* 11:55 : Cloud Technologies - Zero Trust Identity - Only 100% Anonymity can fix the Internet
** Paul Simmonds+++^*[»] https://www.linkedin.com/in/psimmonds/ === , CEO of the Global Identity Foundation, an analyst, and a director of CSA (Europe)
* 12:50 : Security Automation in the cloud (presentation and demo)
** Kriti Mohun, Security Engineer, Check Point UK
* 13:10 : LORCA - 2 Startup Pitches
** 1. Cyberhive by Alan Platt
** 2. BreachLock by Seemant Sehgal
** 2 interesting start ups will spend up to 10 minutes including any questions pitching their cyber security products to the audience
* 13:40 : pause déjeuner
* 14:10 : Election and Voting results
** Paul Simmonds (CSA UK)
* 14:20 : Is Cloud Secure? Is easy if you do it right - 2020
** Francesco Cipollone+++^*[»] https://www.linkedin.com/in/fracipo/ === , Chair, CSA UK
* 15:00 : Past & Future CSA UK events and activities
** Vladimir Jirasek+++^*[»] https://www.linkedin.com/in/vladimirjirasek/ === , Director of Events, CSA UK
* 15:10 : Pause
* 15:25 : Negotiate well! Negotiating a deal - you know what success looks like from a technical/solution perspective but at what price?
** Amal Kotecha, Technology & Security Director, NavyRed Ltd
* 16:20 : Lighting Talk - Access-control, authentication and authorisation in a cloud-native world
** Sean Turner, CSA UK
* 16:50 : Pause
* 17:20 : Women in cybersecurity panel
** Panelists: Zoe Braiterman, Lauren Chiesa, Catherine Lagarde, Monica Verma, Vandana Verma
** Moderated by Shereen Peeroo-Finney+++^*[»] https://www.linkedin.com/in/spf/ === & Runli Guo+++^*[»] https://www.linkedin.com/in/runliguo/ ===
* 18:10 : Risk Management and Security in Machine Learning and Data Science Environments
** Dave Walker, Principal Specialist Solution Architect, Security and Compliance, AWS UK
* 18:40 : Lighting Talk 2 - 20,000 years of computing development in 20 minutes
** Peter Hoath, Guide and Educator at the National Museum of Computing on Bletchley Park
* 19:10 : LORCA 10 min pitch
** 3. RedHunt Labs by Sudhanshu Chauhan
** 1 interesting start ups will spend up to 10 minutes including any questions pitching their cyber security products to the audience
* 19:20 : Conclusion
** Francesco Cipollone, Chair CSA UK
* 19:30 : Fin de la conférence
__Liens :__
* Site de la réunion ⇒ https://www.cloudsecurityalliance.org.uk/events/agm
* Enregistrement sur YouTube ⇒ https://www.youtube.com/watch?v=Sf5WFFJ4gOw
<<tiddler [[arOund0C]]>>
!"//Top Threats to Cloud Computing: Egregious Eleven Deep Dive//"
[>img(150px,auto)[iCSA/K9FPT.jpg]]Annonce de la disponibilité du document 'Top Threats to Cloud Computing: Egregious Eleven, Deep Dive' publié le 15 septembre+++^*[»] <<tiddler [[2020.09.15 - Publication : 'Top Threats to Cloud Computing: Egregious Eleven, Deep Dive']]>> === .
<<<
//__Case studies provide understanding of how lessons and mitigation concepts can be applied in real-world scenarios with identity and access management controls the most relevant mitigation__
SEATTLE - Sept. 23, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released Top? ?Threats? ?to? ?Cloud? ?Computing:? ?Egregious? 11? Deep? ?Dive?. The new report provides case? ?study? ?analyses? ?for? last year's ?The? ?Egregious? ?11:? ?Top? ?Threats? ?to? ?Cloud? ?Computing with nine recent cybersecurity attacks and breaches. The deep dive into the Egregious 11 captures cloud computing's most significant and pressing issues with additional details and actionable information meant to be used as a starting point by cloud architects and engineers for their own analysis and comparisons.
"These anecdotes will let cybersecurity managers better communicate with executives and peers in addition to providing context for discussions with technical staff and offers in-depth detail for implementing mitigations and countermeasures from a security analysis standpoint," said Jon-Michael C. Brook, CISSP, CCSK, chair, Top Threats Working Group and one of the paper's lead authors.
Using nine actual attacks and breaches cited in the Top Threats Deep Dive, including a major financial services company, a leading enterprise video communications firm, and a multinational grocery chain for its foundation, the paper connects the dots between the CSA Top Threats in terms of security analysis. Each example offers a reference chart with an attack-style synopsis of the actor spanning from threats and vulnerabilities to end controls and mitigations, along with a detailed narrative.
"These case studies identify where and how CSA Top Threats fit in a greater security analysis while providing a clear understanding of how lessons and mitigation concepts can be applied in real-world scenarios," said John Yeoh, Global Vice President of Research, Cloud Security Alliance.
Each case study's mitigation controls were mapped according to how frequently they were relevant in the context of the Cloud Controls Matrix's 16 domains. Identity and access management controls (IAM) were the most relevant mitigation in this year's report, accounting for eight of the nine case studies, while Security Incident Management, e-Discovery, and Cloud Forensics (SEF), including planning for an attack fallout and executing on the plan, was deemed paramount to successfully dealing with all but one of the incidents cited. IAM controls are referenced 15 times and SEF controls are referenced 17 times in the cited attacks.//
<<<
__Liens__
* Cmmuniqué de presse → https://cloudsecurityalliance.org/press-releases/2020/09/23/cloud-security-alliance-releases-top-threats-to-cloud-computing-egregious-11-deep-dive-articulates-cloud-computing-s-most-significant-issues/ /% ''[[CloudSecurityAlliance.fr/go/k9na/|https://CloudSecurityAlliance.fr/go/k9na/]]'' %/
* Téléchargement → https://cloudsecurityalliance.org/download/artifacts/top-threats-egregious-11-deep-dive/ /% ''[[CloudSecurityAlliance.fr/go/k9fa/|https://CloudSecurityAlliance.fr/go/k9fa/]]'' %/
<<tiddler [[arOund0C]]>>
!"//CCSK Success Stories: From the Head of IT at a Financial Services Company//"
Article publié le 22 septembre 2020 — Rédigé par Faisal Yahya, Head of IT - Cybersecurity and Insurance Enterprise Architect, PT IBS Insurance Broking Service
<<<
[>img(150px,auto)[iCSA/K9MBC.png]]//This is the fifth part in a +++^*[blog series] https://cloudsecurityalliance.org/blog/?search=CCSK+Success === on cloud security education, in which we will be interviewing Faisal Yahya, Head of IT - Cybersecurity and Insurance Enterprise Architect at PT IBS Insurance Broking Service. In this blog he shares some of the challenges he faces in managing cloud computing in his current organization, common pitfalls and how to avoid them, and his experience earning the Certificate of Cloud Security Knowledge (CCSK).
Q: In your current role at PT IBS Insurance Broking Service, as Head of IT - Cybersecurity and Insurance Enterprise Architect, you oversee the IT and security aspects in your organisation. Can you tell us about what your job involves?
A: I am responsible for all IT strategies and operations of the company. My position is not limited to internal activities but also covers how to connect the current architecture with multiple insurance companies, clients, and reinsurance companies in various countries. As changes in the insurance business are very dynamic; this requires planning an agile and effective IT strategy.
Q: Can you share with us some complexities in managing cloud computing projects?
A: Working in the financial services industry is challenging because there are many government regulations, especially if we talk about privacy and cybersecurity. On the one hand, cloud technology makes it convenient to respond to this. On the other hand, it is not easy to transform on-premise architecture so it can be moved to the cloud. The CCSK provides comprehensive guidance on everything needed for IT professionals to build effective, efficient, and secure cloud architecture.
Q: In managing (outsourced) cloud projects, what are useful tips you could share with IT professionals to avoid common pitfalls?
A: The expenditures for any cloud service remains the most significant drawback, and storage is no different. Unforeseen costs include snapshot costs and unplanned automatic growth in storage. It is vital to ensure that you have the right resources to direct you and enforce strict deployment and budget guidelines.
* Cloud storage also does not require much time to prepare, build, and check properly. And still, companies can benefit from the cloud provider's wide-range of experience. Although, by having experience in software development, we can still leverage cloud storage usability and functionality better than on-premise, including the archiving process required by compliance.
* Data size is another challenge. Data has bulk, which means that when it has to transfer, there is no shortcut. Failure to take sufficient account of data volume poses significant business issues. Industry experts have expressed their concern about cloud backup data.
* In many situations, cloud storage can make sense, but this does not mean that all your infrastructure follows. It's not a trivial task to establish a secure and robust link with your cloud provider. Many features are taken for granted in the company that are not provided with cloud storage.
* The security of any IT project should be at the forefront, and cloud storage is no different. Any resident, his data, and supporting infrastructure can be seen or removed by a lost encryption key or leaked administration account. Too often, companies are stuck in the cloud, and it is the responsibility of the provider.
Q: What made you decide to earn your CCSK? What part of the material from the CCSK has been the most relevant in your work, and why?
A: Compliance, governance, and architecture. These three are the most relevant to my working situation. Working together with many companies outside of Indonesia requires a broad understanding of these areas, especially compliance. CCSK helps us a lot to ease the learning processes. CCSK fits all the related information under one useful framework. This framework greatly supports anyone who wants to study cloud security without any previous background.
Q: How does CCM help communicate with customers?
A: Cloud Security Alliance Cloud Controls Matrix (CCM) offers a precise security mechanism to guide cloud providers. The CCM has become a general practice among many financial services (my industry in general) firms for how they manage cloud use. It is especially helping with how we can communicate the standards among peers.
Q: What's the value in a vendor-neutral certificate like the CCSK or CCSP versus getting certified by, say AWS? In what scenario are the different certificates important?
A: Cloud is about orchestrating resources. I believe, in the future, this will broaden and expand into various cloud service providers (CSPs). Meaning that, when we talk about cloud, we will be primarily talking about designing architecture that enables the connection of several different CSPs. We cannot discuss this by just referring to one specific CSP since they are all connected. We need to have standard best practices that work for all CSPs, and hence the importance of having a vendor-neutral certification.
Q: Would you encourage your staff and/or colleagues to obtain CCSK or other CSA qualifications? Why?
A: Yes, of course. Refer to my previous answer. Cloud is not only a technology but also a platform for which we can connect to various CSPs. To efficiently and effectively design the architecture, we cannot rely on one CSP only. We need to have a vendor-neutral source from which we can learn the best practices.
Q: What is the best advice you will give to IT professionals in order for them to scale new heights in their careers?
A: Technology is changing so fast. Broaden your expertise in one specific domain you are passionate about that will keep you in the spotlight. Do not take shortcuts, and certification is just one step to gain expertise. You need to practise and practise as much as possible. And lastly, network with professionals in the same domain area to advance your skill from other learning experiences.[...]
<<<
__Liens :__
* Article sur le blog de la CSA
** https://cloudsecurityalliance.org/blog/2020/09/22/ccsk-success-stories-from-the-head-of-it-at-a-financial-services-company/
[>img(300px,auto)[iCSA/K9LR4.jpg]]Un appel à commentaires a été lancé pour la nouvelle version 4 de la [[Cloud Cocntrols Matrix]] / [[CCM]].
<<<
//The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to the CSA Best Practices, that is considered the de-facto standard for cloud security and privacy.
CSA released today the early draft of the version 4 of the standard.
The CCM v.4 constitutes a significant upgrade to the previous version (v3.0.1) by introducing changes in structure of the framework with a new domain dedicated to Log and Monitoring (LOG), and modifications in the existing ones (GRC, A&A, UEM, CEK).
This update will also deliver a significant increase of requirements as result of developing additional controls and updating existing ones.
Additional features of the CCM v.4 update are: ensured coverage of requirements deriving from new cloud technologies, new controls and security responsibility matrix, improved auditability of the controls, and enhanced interoperability and compatibility with other standards.
The objective of this update is to continue to lead the security industry and market as the cloud provider and user-centric control framework of choice for all.
Share your knowledge by providing feedback and contributing to the open peer review for CCM v.4.
Participants of the peer review are asked to focus on the content and semantics of controls.//
<<<
__Lien :__
* Téléchargement → https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #82|2020.09.20 - Newsletter Hebdomadaire #82]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #82|2020.09.20 - Weekly Newsletter - #82]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.09.20 - Newsletter Hebdomadaire #82]]>> |<<tiddler [[2020.09.20 - Weekly Newsletter - #82]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> === is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 14 au 20 septembre 2020
!!1 - Informations CSA - 14 au 20 septembre 2020
* Publication : document complémentaire 'Top Threats to Cloud Computing: Egregious Eleven'+++^*[»] <<tiddler [[2020.09.15 - Publication : 'Top Threats to Cloud Computing: Egregious Eleven, Deep Dive']]>>===
* Actu : Programme du 'Forum Securité@Cloud' des 23 et 24 septembre+++^*[»] <<tiddler [[2020.09.18 - Programme du 'Forum Securité@Cloud' des 23 et 24 septembre]]>>===
* Blog : Bitcoin quantique+++^*[»] <<tiddler [[2020.09.19 - Blog : Bitcoin quantique]]>>===
* Blog : Blockweave, le blockchain low-cost ?+++^*[»] <<tiddler [[2020.09.14 - Blog : Blockweave, le blockchain low-cost ?]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 80 liens|2020.09.20 - Veille Hebdomadaire - 20 septembre]])
* __''À lire''__
** ''2020 SANS Enterprise Cloud Incident Response Survey''+++^*[»]
|2020.09.15|SANS|![[2020 SANS Enterprise Cloud Incident Response Survey|https://www.sans.org/reading-room/whitepapers/cloud/paper/39805]] (Chris Dale) |SANS Survey|
|2020.09.15|SANS| → Webcast [[2020 SANS Enterprise Cloud Incident Response Survey|https://www.sans.org/webcasts/114635]] |Webcast SANS|
===
** ''Cloud Service Map'' dynamique (//Nuageo//)+++^*[»]
|2020.09.15|//Nuageo//|[[Cloud Service Map version web dynamique|https://www.nuageo.fr/2020/09/cloud-service-map-version-web-dynamique/]]|Services Mapping|
===
** Bilan des attaques APT contre Linux (//Intezer//)+++^*[»]
|2020.09.16|//Intezer//|[[Intezer - Looking Back on the Last Decade of Linux APT Attacks|https://www.intezer.com/blog/cloud-security/looking-back-on-the-last-decade-of-linux-apt-attacks/]]|APT Linux|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Menaces : Contournement de l'authentification multi-facteurs sur M365+++^*[»]
|2020.09.15|//Threatpost//|![[MFA Bypass Bugs Opened Microsoft 365 to Attack|https://threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/]] |M365 MFA Flaw|
|2020.09.17|GBHackers on Security| → [[Hackers Would Bypass Multi-Factor Authentication to Gain Full Access|https://gbhackers.com/flaw-with-mfa/]]|Authentication MFA|
===
** Pannes : Google Drive le 15 septembre+++^*[»]
|2020.09.15|Bleeping Computer|[[Google Drive is having an outage, users see spinning wheel|https://www.bleepingcomputer.com/news/google/google-drive-is-having-an-outage-users-see-spinning-wheel/]]|Outage GCP|
===
* __Rapports, Sondages, Études, Publications__
** Rapports : Exposition de clés (//Digital Shadows//) • Attaques contre des containers (//Aqua Security//) • Attaques contre les grands fournisseurs d'énergie Cloud (//Coalfire//) • The Cloud Threat Report (//Arctic Wolf//)+++^*[»]
|2020.09.15|//Digital Shadows//|[[Access Keys Exposed: More Than 40% Are For Database Stores|https://www.digitalshadows.com/blog-and-research/access-keys-exposed-more-than-40-are-for-database-stores/]]|Data_Leak Keys|
|2020.09.15|Dark Reading| → [[Research Finds Nearly 800,000 Access Keys Exposed Online|https://www.darkreading.com/vulnerabilities---threats/research-finds-nearly-800000-access-keys-exposed-online/d/d-id/1338918]]|Data_Leak Keys|
|2020.09.15|The Daily Swig| → [[Databases, cloud storage, and more at risk from exposed access keys|https://portswigger.net/daily-swig/databases-cloud-storage-and-more-at-risk-from-exposed-access-keys]]|Data_Leak Keys|
|>|>|>|!|
|2020.09.14|//Aqua Security//|[[Attacks in the Wild on Container Infrastructure|https://info.aquasec.com/cloud-native-threats]] (inscription requise)|Report|
|2020.09.14|BetaNews| → [[Organized attacks on cloud infrastructure and software supply chain increase|https://betanews.com/2020/09/14/organized-cloud-supply-chain-attacks/]]|Threat Cryptomining|
|>|>|>|!|
|2020.09.15|//Coalfire//|[[Offensive Security Testing Using Cloud Tools|https://www.coalfire.com/the-coalfire-blog/september-2020/offensive-security-testing-using-cloud-tools]]|Tools Offensive_Testing|
|2020.09.14|Dark Reading| → [[Large Cloud Providers Much Less Likely Than Enterprises to Get Breached|https://www.darkreading.com/vulnerabilities---threats/large-cloud-providers-much-less-likely-than-enterprises-to-get-breached-/d/d-id/1338914]]|Report|
|>|>|>|!|
|2020.09.18|//Arctic Wolf//|![[The Cloud Threat Report|https://arcticwolf.com/resources/analyst-reports/the-cloud-threat-report]] |Report|
===
* __Cloud Services Providers, Outils__
** AWS : Futures évolutions dans le SSO d'AWS • Utilisation de GuardDuty • RBAC et ABAC+++^*[»]
|2020.09.18|//Amazon AWS//|[[Get ready for upcoming changes in the AWS Single Sign-On user sign-in process|https://aws.amazon.com/blogs/security/get-ready-upcoming-changes-aws-single-sign-on-user-sign-in-process/]]|AWS SSO|
|2020.09.17|//Amazon AWS//|[[How Security Operation Centers can use Amazon GuardDuty to detect malicious behavior|https://aws.amazon.com/blogs/security/how-security-operation-centers-can-use-amazon-guardduty-to-detect-malicious-behavior/]]|AWS Guard_Duty|
|2020.09.15|//Amazon AWS//|[[Role-based access control using Amazon Cognito and an external identity provider|https://aws.amazon.com/blogs/security/role-based-access-control-using-amazon-cognito-and-an-external-identity-provider/]]|AWS RBAC|
|2020.09.15|//Amazon AWS//|[[AWS Organizations now supports tagging, tag-on-create and Attribute-Based Access Control (ABAC)|https://aws.amazon.com/about-aws/whats-new/2020/09/aws-organizations-now-supports-tagging-tag-on-create-and-attribute-based-access-control-abac/]]|AWS ABAC|
===
** Azure : Protection contre le filoutage • Précisions sur E5 • Nom et localisation+++^*[»]
|2020.09.16|//Spanning//|[[Protect Your Office 365 Data Against Consent Phishing|https://spanning.com/blog/protect-office-365-data-against-consent-phishing/]]|O365 Phishing|
|2020.09.15|Frank McGovern|[[Purchased Microsoft 365 E5, Now What?|https://frankmcg.com/2020/09/purchased-microsoft-365-e5-now-what/]]|M365 Threats|
|2020.09.17|//Avepoint//|[[When to Upgrade From E3 to E5 for Stronger Microsoft 365 Data Protection|https://www.avepoint.com/blog/protect/microsoft-365-e3-e5-protection/]]|M365 Protection|
|2020.09.16|Thomas Stinger|[[Search Through Azure Locations and Their Names|https://trstringer.com/get-azure-locations/]]|Azure|
===
** GCP : Alerte sur CVE-2020-14386 et protection par gVisor • Journalisation+++^*[»]
|2020.09.15|//Google Cloud//|[[Alert GCP-2020-012: A vulnerability was recently discovered in the Linux kernel, described in CVE-2020-14386|https://cloud.google.com/kubernetes-engine/docs/security-bulletins#gcp-2020-012]]|Alert GCP CVE-2020-14386|
|2020.09.18|//Google Cloud//|[[How gVisor protects Google Cloud services from CVE-2020-14386|https://cloud.google.com/blog/products/containers-kubernetes/how-gvisor-protects-google-cloud-services-from-cve-2020-14386/]]|GCP CVE-2020-14386|
|2020.09.18|//Google Cloud//|[[Cloud Logging now offers suggested queries|https://cloud.google.com/blog/products/management-tools/cloud-logging-now-offers-suggested-queries/]]|GCP Logging|
|2020.09.18|//Google Cloud//|[[Cloud Logging gets regular expression support|https://cloud.google.com/blog/products/management-tools/cloud-logging-gets-regular-expression-support/]]|GCP Logging|
|2020.09.17|//Google Cloud//|[[Tips and tricks for using new RegEx support in Cloud Logging|https://cloud.google.com/blog/products/management-tools/cloud-logging-gets-regular-expression-support]]|GCP Logging|
|2020.09.16|//Google Cloud//|[[Google Cloud Security Talks - the latest in cloud security|https://cloud.google.com/blog/products/identity-security/google-cloud-security-talks-the-latest-in-cloud-security/]]|GCP Conference|
===
** Oracle : Cloud Guard et nouveaux outils+++^*[»]
|2020.09.17|//Oracle Cloud//|[[Quick Tip #4 - Setting up notifications for Oracle Cloud Guard in 3 easy steps|https://blogs.oracle.com/cloudsecurity/quick-tip-4-setting-up-notifications-for-oracle-cloud-guard-in-3-easy-steps]]|Oracle Cloud_Guard|
|2020.09.15|//Oracle Cloud//|[[Discovering and fixing weak cloud security posture with Oracle Cloud Guard|https://blogs.oracle.com/cloudsecurity/discovering-and-fixing-weak-cloud-security-posture-with-oracle-cloud-guard]]|Products Oracle Cloud_Guard|
|2020.09.15|//MSSP Alert//| → [[Oracle Introduces Cloud Guard, Maximum Security Zones Amid TikTok Partnership Proposal|https://www.msspalert.com/cybersecurity-services-and-products/cloud/oracle-cloud-guard-details/]]|Products Oracle Cloud_Guard|
|2020.09.15|Security Week| → [[Oracle Announces Availability of Cloud Guard, Maximum Security Zones|https://www.securityweek.com/oracle-announces-availability-cloud-guard-maximum-security-zones]]|Products Oracle Cloud_Guard|
|2020.09.16|Silicon.fr[img[iCSF/flag_fr.png]]| → [[Oracle lance Cloud Guard et Maximum Security Zones|https://www.silicon.fr/oracle-cloud-guard-maximum-security-zones-346854.html]]|Products Oracle Cloud_Guard|
|2020.09.14|//Oracle Cloud//|[[Automating Cloud Security with Security Posture Management|https://blogs.oracle.com/cloudsecurity/automating-cloud-security-with-security-posture-management]]|CSPM|
|2020.09.16|//Oracle Cloud//|[[Prevent a weak cloud security posture with Maximum Security Zones|https://blogs.oracle.com/cloudsecurity/prevent-a-weak-cloud-security-posture-with-maximum-security-zones]]|CSPM|
===
** Kubernetes : Architecture et sécurité (//StackRox//)+++^*[»]
|2020.09.16|//StackRox//|[[Kubernetes Architecture and What It Means for Security|https://www.stackrox.com/post/2020/09/kubernetes-architecture-and-what-it-means-for-security/]]|K8s|
===
* __Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'__
** Podcast : 'Security and Compliance in AWS Cloud' • 'Sécurité sur Office 365' (Le Comptoir Sécu)+++^*[»]
|2020.09.20|Cloud Security Podcast|[[Security and Compliance in AWS Cloud|https://anchor.fm/cloudsecuritypodcast/episodes/Security-and-Compliance-in-AWS-Cloud-ejtb1t]]|Podcast|
|2020.09.15|Le Comptoir Sécu[img[iCSF/flag_fr.png]]|[[Épisode 53 : La sécurité sur Office 365|https://www.comptoirsecu.fr/podcast/%C3%A9pisode-53-la-s%C3%A9curit%C3%A9-sur-office-365/]]|O365|
===
** Veilles : TL;DR Security #52 • The Cloud Security Reading List #55+++^*[»]
|2020.09.16|TL;DR Security|![[52 - Prioritizing 3rd Party Vulnerabilities to Fix, LangSec History, Distilled Compliance Controls|https://tldrsec.com/blog/tldr-sec-052/]] |Weekly_Newsletter|
|2020.09.20|Marco Lancini|[[The Cloud Security Reading List #55|https://cloudseclist.com/issues/issue-55/]] |Weekly_Newsletter|
===
* __Marché, Acquisitions__
** Acquisitions : //Odo Security// par //Checkpoint// • //Portworx// par //Pure Storage//+++^*[»]
|2020.09.17|MSSP Alert|[[Check Point Software Acquires Odo Security for SASE Remote Access|https://www.msspalert.com/investments/check-point-software-acquires-odo-security-sase/]]|Acquisition|
|>|>|>||
|2020.09.16|Container Journal|[[Pure Storage to Acquire Portworx, Creating the Industry's Most Complete Kubernetes Data Services Platform for Cloud Native Applications|https://containerjournal.com/news/news-releases/pure-storage-to-acquire-portworx-creating-the-industrys-most-complete-kubernetes-data-services-platform-for-cloud-native-applications/]]|Acquisition|
|2020.09.17|Container Journal| → [[Pure Storage Buys Portworx to Advance Stateful Kubernetes Apps|https://containerjournal.com/topics/container-management/pure-storage-buys-portworx-to-advance-stateful-kubernetes-apps/]]|Acquisition|
===
* __Divers__
** Disaster Recovery : Stratégies+++^*[»]
|2020.09.16|//Centilytics//|[[Why is Multi-Cloud Strategy the Best Disaster Recovery Strategy - Blogs | Centilytics|https://blogs.centilytics.com/why-is-multi-cloud-strategy-the-best-disaster-recovery-strategy/]]|DRP|
|2020.09.16|GovLoop|[[4 Ways Cloud Makes the Best Platform for Disaster Recovery|https://www.govloop.com/4-ways-cloud-makes-the-best-platform-for-disaster-recovery/]]|DRP|
===
** APIs : Sécurité et authentification(//CyberArk Conjur//)+++^*[»]
|2020.09.14|//CyberArk Conjur//|![[Connect to Any API Without Exposing Your Secrets|https://www.conjur.org/blog/connect-to-any-api-without-exposing-your-secrets-secretless-broker/]] |APIs|
|2020.09.17|//Backblaze//|[[The Path to S3 Compatible APIs: The Authentication Challenge|https://www.backblaze.com/blog/the-path-to-s3-compatible-apis-the-authentication-challenge/]]|AWS API|
===
** Ressources bibiographiques Azure et GCP+++^*[»]
|2020.09.17|Solutions Review|[[The Best Online Microsoft Azure Courses and Training|https://solutionsreview.com/cloud-platforms/the-best-online-microsoft-azure-courses-and-training/]]|Azure Education|
|2020.09.16|Solutions Review|[[The Essential Google Cloud Platform Books for Cloud Professionals|https://solutionsreview.com/cloud-platforms/the-essential-google-cloud-platform-books-for-cloud-professionals/]]|Resources|
===
** Emergence du 'Cloud Economist'+++^*[»]
|2020.09.16|DevOps|[[The Rise of the Cloud Economist: The Other CFO|https://devops.com/the-rise-of-the-cloud-economist-the-other-cfo/]]|Misc|
===
!!3 - Agenda
* ''23 au 24'' septembre → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
* Jusqu'au ''30'' septembre → CSA : ''[[Webinaires 'SECtember Experience'|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
!!4 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K9K/|https://CloudSecurityAlliance.fr/go/K9K/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - September 14th to 20th, 2020
!!1 - CSA News and Updates - September 14th to 20th, 2020
* Publication : 'Top Threats to Cloud Computing: Egregious Eleven'+++^*[»] <<tiddler [[2020.09.15 - Publication : 'Top Threats to Cloud Computing: Egregious Eleven, Deep Dive']]>>===
* Actu : 'Forum Securité@Cloud' conference on September 23rd and 24th+++^*[»] <<tiddler [[2020.09.18 - Programme du 'Forum Securité@Cloud' des 23 et 24 septembre]]>>===
* Blog : 'Quantum Bitcoin'+++^*[»] <<tiddler [[2020.09.19 - Blog : Bitcoin quantique]]>>===
* Blog : 'Blockweave: Patents Granted for Low-Cost Alternative to Blockchain'+++^*[»] <<tiddler [[2020.09.14 - Blog : Blockweave, le blockchain low-cost ?]]>>===
!!2 - Cloud and Security News Watch ([[over 80 links|2020.09.20 - Veille Hebdomadaire - 20 septembre]])
* __''Must read''__
** ''2020 SANS Enterprise Cloud Incident Response Survey''+++^*[»]
|2020.09.15|SANS|![[2020 SANS Enterprise Cloud Incident Response Survey|https://www.sans.org/reading-room/whitepapers/cloud/paper/39805]] (Chris Dale) |SANS Survey|
|2020.09.15|SANS| → Webcast [[2020 SANS Enterprise Cloud Incident Response Survey|https://www.sans.org/webcasts/114635]] |Webcast SANS|
===
** Dynamic ''Cloud Service Map'' (//Nuageo//)+++^*[»]
|2020.09.15|//Nuageo//|[[Cloud Service Map version web dynamique|https://www.nuageo.fr/2020/09/cloud-service-map-version-web-dynamique/]]|Services Mapping|
===
** Last Decade of Linux APT Attacks (//Intezer//)+++^*[»]
|2020.09.16|//Intezer//|[[Intezer - Looking Back on the Last Decade of Linux APT Attacks|https://www.intezer.com/blog/cloud-security/looking-back-on-the-last-decade-of-linux-apt-attacks/]]|APT Linux|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Threats: MFA Bypass Bugs Opened Microsoft 365+++^*[»]
|2020.09.15|//Threatpost//|![[MFA Bypass Bugs Opened Microsoft 365 to Attack|https://threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/]] |M365 MFA Flaw|
|2020.09.17|GBHackers on Security| → [[Hackers Would Bypass Multi-Factor Authentication to Gain Full Access|https://gbhackers.com/flaw-with-mfa/]]|Authentication MFA|
===
** Outage: Google Drive on September 15th+++^*[»]
|2020.09.15|Bleeping Computer|[[Google Drive is having an outage, users see spinning wheel|https://www.bleepingcomputer.com/news/google/google-drive-is-having-an-outage-users-see-spinning-wheel/]]|Outage GCP|
===
* __Reports, Surveys, Studies, Publications__
** Reports: Access Keys Exposed (//Digital Shadows//) • Attacks on Container Infrastructure (//Aqua Security//) • Offensive Security Testing Using Cloud Tools (//Coalfire//) • The Cloud Threat Report (//Arctic Wolf//)+++^*[»]
|2020.09.15|//Digital Shadows//|[[Access Keys Exposed: More Than 40% Are For Database Stores|https://www.digitalshadows.com/blog-and-research/access-keys-exposed-more-than-40-are-for-database-stores/]]|Data_Leak Keys|
|2020.09.15|Dark Reading| → [[Research Finds Nearly 800,000 Access Keys Exposed Online|https://www.darkreading.com/vulnerabilities---threats/research-finds-nearly-800000-access-keys-exposed-online/d/d-id/1338918]]|Data_Leak Keys|
|2020.09.15|The Daily Swig| → [[Databases, cloud storage, and more at risk from exposed access keys|https://portswigger.net/daily-swig/databases-cloud-storage-and-more-at-risk-from-exposed-access-keys]]|Data_Leak Keys|
|>|>|>|!|
|2020.09.14|//Aqua Security//|[[Attacks in the Wild on Container Infrastructure|https://info.aquasec.com/cloud-native-threats]] (inscription requise)|Report|
|2020.09.14|BetaNews| → [[Organized attacks on cloud infrastructure and software supply chain increase|https://betanews.com/2020/09/14/organized-cloud-supply-chain-attacks/]]|Threat Cryptomining|
|>|>|>|!|
|2020.09.15|//Coalfire//|[[Offensive Security Testing Using Cloud Tools|https://www.coalfire.com/the-coalfire-blog/september-2020/offensive-security-testing-using-cloud-tools]]|Tools Offensive_Testing|
|2020.09.14|Dark Reading| → [[Large Cloud Providers Much Less Likely Than Enterprises to Get Breached|https://www.darkreading.com/vulnerabilities---threats/large-cloud-providers-much-less-likely-than-enterprises-to-get-breached-/d/d-id/1338914]]|Report|
|>|>|>|!|
|2020.09.18|//Arctic Wolf//|![[The Cloud Threat Report|https://arcticwolf.com/resources/analyst-reports/the-cloud-threat-report]] |Report|
===
* __Cloud Services Providers, Tools__
** AWS: Upcoming Changes in the AWS SSO • GuardDuty Usage• RBAC and ABAC+++^*[»]
|2020.09.18|//Amazon AWS//|[[Get ready for upcoming changes in the AWS Single Sign-On user sign-in process|https://aws.amazon.com/blogs/security/get-ready-upcoming-changes-aws-single-sign-on-user-sign-in-process/]]|AWS SSO|
|2020.09.17|//Amazon AWS//|[[How Security Operation Centers can use Amazon GuardDuty to detect malicious behavior|https://aws.amazon.com/blogs/security/how-security-operation-centers-can-use-amazon-guardduty-to-detect-malicious-behavior/]]|AWS Guard_Duty|
|2020.09.15|//Amazon AWS//|[[Role-based access control using Amazon Cognito and an external identity provider|https://aws.amazon.com/blogs/security/role-based-access-control-using-amazon-cognito-and-an-external-identity-provider/]]|AWS RBAC|
|2020.09.15|//Amazon AWS//|[[AWS Organizations now supports tagging, tag-on-create and Attribute-Based Access Control (ABAC)|https://aws.amazon.com/about-aws/whats-new/2020/09/aws-organizations-now-supports-tagging-tag-on-create-and-attribute-based-access-control-abac/]]|AWS ABAC|
===
** Azure: Protect Office 365 Data Against Consent Phishing • Casting Some Light on E5 • Locations and Names+++^*[»]
|2020.09.16|//Spanning//|[[Protect Your Office 365 Data Against Consent Phishing|https://spanning.com/blog/protect-office-365-data-against-consent-phishing/]]|O365 Phishing|
|2020.09.15|Frank McGovern|[[Purchased Microsoft 365 E5, Now What?|https://frankmcg.com/2020/09/purchased-microsoft-365-e5-now-what/]]|M365 Threats|
|2020.09.17|//Avepoint//|[[When to Upgrade From E3 to E5 for Stronger Microsoft 365 Data Protection|https://www.avepoint.com/blog/protect/microsoft-365-e3-e5-protection/]]|M365 Protection|
|2020.09.16|Thomas Stinger|[[Search Through Azure Locations and Their Names|https://trstringer.com/get-azure-locations/]]|Azure|
===
** GCP: Alert About CVE-2020-14386 and Protection by gVisor Against • Logging Capabilities+++^*[»]
|2020.09.15|//Google Cloud//|[[Alert GCP-2020-012: A vulnerability was recently discovered in the Linux kernel, described in CVE-2020-14386|https://cloud.google.com/kubernetes-engine/docs/security-bulletins#gcp-2020-012]]|Alert GCP CVE-2020-14386|
|2020.09.18|//Google Cloud//|[[How gVisor protects Google Cloud services from CVE-2020-14386|https://cloud.google.com/blog/products/containers-kubernetes/how-gvisor-protects-google-cloud-services-from-cve-2020-14386/]]|GCP CVE-2020-14386|
|2020.09.18|//Google Cloud//|[[Cloud Logging now offers suggested queries|https://cloud.google.com/blog/products/management-tools/cloud-logging-now-offers-suggested-queries/]]|GCP Logging|
|2020.09.18|//Google Cloud//|[[Cloud Logging gets regular expression support|https://cloud.google.com/blog/products/management-tools/cloud-logging-gets-regular-expression-support/]]|GCP Logging|
|2020.09.17|//Google Cloud//|[[Tips and tricks for using new RegEx support in Cloud Logging|https://cloud.google.com/blog/products/management-tools/cloud-logging-gets-regular-expression-support]]|GCP Logging|
|2020.09.16|//Google Cloud//|[[Google Cloud Security Talks - the latest in cloud security|https://cloud.google.com/blog/products/identity-security/google-cloud-security-talks-the-latest-in-cloud-security/]]|GCP Conference|
===
** Oracle: Cloud Guard and New Tools+++^*[»]
|2020.09.17|//Oracle Cloud//|[[Quick Tip #4 - Setting up notifications for Oracle Cloud Guard in 3 easy steps|https://blogs.oracle.com/cloudsecurity/quick-tip-4-setting-up-notifications-for-oracle-cloud-guard-in-3-easy-steps]]|Oracle Cloud_Guard|
|2020.09.15|//Oracle Cloud//|[[Discovering and fixing weak cloud security posture with Oracle Cloud Guard|https://blogs.oracle.com/cloudsecurity/discovering-and-fixing-weak-cloud-security-posture-with-oracle-cloud-guard]]|Products Oracle Cloud_Guard|
|2020.09.15|//MSSP Alert//| → [[Oracle Introduces Cloud Guard, Maximum Security Zones Amid TikTok Partnership Proposal|https://www.msspalert.com/cybersecurity-services-and-products/cloud/oracle-cloud-guard-details/]]|Products Oracle Cloud_Guard|
|2020.09.15|Security Week| → [[Oracle Announces Availability of Cloud Guard, Maximum Security Zones|https://www.securityweek.com/oracle-announces-availability-cloud-guard-maximum-security-zones]]|Products Oracle Cloud_Guard|
|2020.09.16|Silicon.fr[img[iCSF/flag_fr.png]]| → [[Oracle lance Cloud Guard et Maximum Security Zones|https://www.silicon.fr/oracle-cloud-guard-maximum-security-zones-346854.html]]|Products Oracle Cloud_Guard|
|2020.09.14|//Oracle Cloud//|[[Automating Cloud Security with Security Posture Management|https://blogs.oracle.com/cloudsecurity/automating-cloud-security-with-security-posture-management]]|CSPM|
|2020.09.16|//Oracle Cloud//|[[Prevent a weak cloud security posture with Maximum Security Zones|https://blogs.oracle.com/cloudsecurity/prevent-a-weak-cloud-security-posture-with-maximum-security-zones]]|CSPM|
===
** Kubernetes: Architecture and Impact on Security (//StackRox//)+++^*[»]
|2020.09.16|//StackRox//|[[Kubernetes Architecture and What It Means for Security|https://www.stackrox.com/post/2020/09/kubernetes-architecture-and-what-it-means-for-security/]]|K8s|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcast: 'Security and Compliance in AWS Cloud' • 'O365 Security' (Le Comptoir Sécu)+++^*[»]
|2020.09.20|Cloud Security Podcast|[[Security and Compliance in AWS Cloud|https://anchor.fm/cloudsecuritypodcast/episodes/Security-and-Compliance-in-AWS-Cloud-ejtb1t]]|Podcast|
|2020.09.15|Le Comptoir Sécu[img[iCSF/flag_fr.png]]|[[Épisode 53 : La sécurité sur Office 365|https://www.comptoirsecu.fr/podcast/%C3%A9pisode-53-la-s%C3%A9curit%C3%A9-sur-office-365/]] ({{mp3/m4a|https://podcasts.comptoirsecu.fr/CSEC.EP53.2020-09-15.Office365.m4a]])|O365|
===
** Watch: TL;DR Security #52 • The Cloud Security Reading List #55+++^*[»]
|2020.09.16|TL;DR Security|![[52 - Prioritizing 3rd Party Vulnerabilities to Fix, LangSec History, Distilled Compliance Controls|https://tldrsec.com/blog/tldr-sec-052/]] |Weekly_Newsletter|
|2020.09.20|Marco Lancini|[[The Cloud Security Reading List #55|https://cloudseclist.com/issues/issue-55/]] |Weekly_Newsletter|
===
* __Market, Acquisitions__
** Acquisitions: //Odo Security// by //Checkpoint// • //Portworx// by //Pure Storage//+++^*[»]
|2020.09.17|MSSP Alert|[[Check Point Software Acquires Odo Security for SASE Remote Access|https://www.msspalert.com/investments/check-point-software-acquires-odo-security-sase/]]|Acquisition|
|>|>|>||
|2020.09.16|Container Journal|[[Pure Storage to Acquire Portworx, Creating the Industry's Most Complete Kubernetes Data Services Platform for Cloud Native Applications|https://containerjournal.com/news/news-releases/pure-storage-to-acquire-portworx-creating-the-industrys-most-complete-kubernetes-data-services-platform-for-cloud-native-applications/]]|Acquisition|
|2020.09.17|Container Journal| → [[Pure Storage Buys Portworx to Advance Stateful Kubernetes Apps|https://containerjournal.com/topics/container-management/pure-storage-buys-portworx-to-advance-stateful-kubernetes-apps/]]|Acquisition|
===
* __Miscellaneous__
** Disaster Recovery Strategies+++^*[»]
|2020.09.16|//Centilytics//|[[Why is Multi-Cloud Strategy the Best Disaster Recovery Strategy - Blogs | Centilytics|https://blogs.centilytics.com/why-is-multi-cloud-strategy-the-best-disaster-recovery-strategy/]]|DRP|
|2020.09.16|GovLoop|[[4 Ways Cloud Makes the Best Platform for Disaster Recovery|https://www.govloop.com/4-ways-cloud-makes-the-best-platform-for-disaster-recovery/]]|DRP|
===
** APIs: connectivity and Authentication Challenges (//CyberArk Conjur//)+++^*[»]
|2020.09.14|//CyberArk Conjur//|![[Connect to Any API Without Exposing Your Secrets|https://www.conjur.org/blog/connect-to-any-api-without-exposing-your-secrets-secretless-broker/]] |APIs|
|2020.09.17|//Backblaze//|[[The Path to S3 Compatible APIs: The Authentication Challenge|https://www.backblaze.com/blog/the-path-to-s3-compatible-apis-the-authentication-challenge/]]|AWS API|
===
** Online Resources for Azure and GCP+++^*[»]
|2020.09.17|Solutions Review|[[The Best Online Microsoft Azure Courses and Training|https://solutionsreview.com/cloud-platforms/the-best-online-microsoft-azure-courses-and-training/]]|Azure Education|
|2020.09.16|Solutions Review|[[The Essential Google Cloud Platform Books for Cloud Professionals|https://solutionsreview.com/cloud-platforms/the-essential-google-cloud-platform-books-for-cloud-professionals/]]|Resources|
===
** Rise of the 'Cloud Economist'+++^*[»]
|2020.09.16|DevOps|[[The Rise of the Cloud Economist: The Other CFO|https://devops.com/the-rise-of-the-cloud-economist-the-other-cfo/]]|Misc|
===
!!3 - Agenda
* September ''23rd/24th'' → BIRP: ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
* up to September ''30th'' → CSA: ''[[Webinars 'SECtember Experience'|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
!!4 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K9K/|https://CloudSecurityAlliance.fr/go/K9K/]] |
<<tiddler [[arOund0C]]>>
<
!!Veille Hebdomadaire - 14 au 20 septembre 2020
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.09.20|
|2020.09.20|Marco Lancini|[[The Cloud Security Reading List #55|https://cloudseclist.com/issues/issue-55/]] |Weekly_Newsletter|
|2020.09.20|Cloud Security Podcast|[[Security and Compliance in AWS Cloud|https://anchor.fm/cloudsecuritypodcast/episodes/Security-and-Compliance-in-AWS-Cloud-ejtb1t]]|Podcast|
|>|>|>|!2020.09.18|
|2020.09.18|Le Bulletin des Communes[img[iCSF/flag_fr.png]]|[[Sécurité du Cloud : de rapides améliorations impératives Sécurité du Cloud : de rapides améliorations impératives|https://bulletindescommunes.net/securite-cloud-rapides-ameliorations-imperatives/]]|Misc|
|2020.09.18|Info Security Mag|[[GartnerSEC: Cybersecurity Leaders Must Start Preparing for the Next Decade|https://www.infosecurity-magazine.com/news/cybersecurity-leaders-preparing/]]|Gartner|
|2020.09.18|Cloudonaut|[[AWS needs a bug bounty program|https://cloudonaut.io/aws-needs-a-bug-bounty-program/]]|Bug_Bounty|
|2020.09.18|DevOps|[[Report: Cloud Expertise Now Superior to University Degree|https://devops.com/report-cloud-expertise-now-superior-to-university-degree/]]|Report|
|2020.09.18|DevOps Star|![[Fighting API Abusers - Chaotic Good|https://devopstar.com/2020/09/18/fighting-api-abusers-chaotic-good]] |APIs AWS Attack|
|2020.09.18|//Malware Bytes//|[[Is domain name abuse something companies should worry about?|https://blog.malwarebytes.com/business-2/2020/09/is-domain-name-abuse-something-companies-should-worry-about/]]|Domain_Name Abuse|
|2020.09.18|//Amazon AWS//|[[Get ready for upcoming changes in the AWS Single Sign-On user sign-in process|https://aws.amazon.com/blogs/security/get-ready-upcoming-changes-aws-single-sign-on-user-sign-in-process/]]|AWS SSO|
|2020.09.18|//Amazon AWS//|[[Simplifying permissions management at scale using tags in AWS Organizations|https://aws.amazon.com/de/blogs/mt/simplifying-permissions-management-at-scale-using-tags-in-aws-organizations/]]|AWS|
|2020.09.18|//Google Cloud//|[[How gVisor protects Google Cloud services from CVE-2020-14386|https://cloud.google.com/blog/products/containers-kubernetes/how-gvisor-protects-google-cloud-services-from-cve-2020-14386/]]|GCP CVE-2020-14386|
|2020.09.18|//Google Cloud//|[[Cloud Logging now offers suggested queries|https://cloud.google.com/blog/products/management-tools/cloud-logging-now-offers-suggested-queries/]]|GCP Logging|
|2020.09.18|//Google Cloud//|[[Cloud Logging gets regular expression support|https://cloud.google.com/blog/products/management-tools/cloud-logging-gets-regular-expression-support/]]|GCP Logging|
|2020.09.18|//Arctic Wolf//|![[The Cloud Threat Report|https://arcticwolf.com/resources/analyst-reports/the-cloud-threat-report]] |Report|
|>|>|>|!2020.09.17|
|2020.09.17|MSSP Alert|[[Check Point Software Acquires Odo Security for SASE Remote Access|https://www.msspalert.com/investments/check-point-software-acquires-odo-security-sase/]]|Acquisition|
|2020.09.17|jdSupra|[[EU Cloud Services Group Working On Post-Schrems II Data Transfer Solution|https://www.jdsupra.com/legalnews/eu-cloud-services-group-working-on-post-96274/]]|Privacy_Shield|
|2020.09.17|Solutions Review|[[The Best Online Microsoft Azure Courses and Training|https://solutionsreview.com/cloud-platforms/the-best-online-microsoft-azure-courses-and-training/]]|Azure Education|
|2020.09.17|//Backblaze//|[[The Path to S3 Compatible APIs: The Authentication Challenge|https://www.backblaze.com/blog/the-path-to-s3-compatible-apis-the-authentication-challenge/]]|AWS API|
|2020.09.17|//Avepoint//|[[When to Upgrade From E3 to E5 for Stronger Microsoft 365 Data Protection|https://www.avepoint.com/blog/protect/microsoft-365-e3-e5-protection/]]|M365 Protection|
|2020.09.17|//Palo Alto Networks//|[[Cloud Native Zero Trust: Securing Applications|https://blog.paloaltonetworks.com/2020/09/cloud-native-zero-trust/]]|Zero_Trust|
|2020.09.17|//Fugue//|[[Cloud Network Security 101: Azure Virtual Network Service Endpoints|https://www.fugue.co/blog/cloud-network-security-101-azure-virtual-network-service-endpoints]] (1/3)|Azure Networks|
|2020.09.17|//CyberArk Conjur//|[[Understanding Secrets Management, OAuth, and Single Sign-On (SSO)|https://www.conjur.org/blog/difference-between-secrets-management-and-oauth-and-single-sign-on-sso/]]|Secrets_Management SO|
|2020.09.17|//Cloud Management Insider//|[[Microsoft and West Australian Government Ink Major Cloud Contract, Cybersecurity MoU|https://www.cloudmanagementinsider.com/microsoft-and-west-australian-government-ink-major-cloud-contract-cybersecurity-mou/]]|Azure Australia|
|2020.09.17|//Amazon AWS//|[[How Security Operation Centers can use Amazon GuardDuty to detect malicious behavior|https://aws.amazon.com/blogs/security/how-security-operation-centers-can-use-amazon-guardduty-to-detect-malicious-behavior/]]|AWS Guard_Duty|
|2020.09.17|//Amazon AWS//|[[Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS|https://aws.amazon.com/blogs/containers/using-gatekeeper-as-a-drop-in-pod-security-policy-replacement-in-amazon-eks/]]|AWS_EKS|
|2020.09.17|//Amazon AWS//|[[Introducing mutual TLS authentication for Amazon API Gateway|https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/]]|AWS TLS APIs|
|2020.09.17|//Amazon AWS//|[[Amazon Detective introduces IAM Role Session Analysis|https://aws.amazon.com/about-aws/whats-new/2020/09/amazon-detective-introduces-iam-role-session-analysis/]]|AWS_Detective|
|2020.09.17|//Google Cloud//|[[Tips and tricks for using new RegEx support in Cloud Logging|https://cloud.google.com/blog/products/management-tools/cloud-logging-gets-regular-expression-support]]|GCP Logging|
|2020.09.17|//Oracle Cloud//|[[Quick Tip #4 - Setting up notifications for Oracle Cloud Guard in 3 easy steps|https://blogs.oracle.com/cloudsecurity/quick-tip-4-setting-up-notifications-for-oracle-cloud-guard-in-3-easy-steps]]|Oracle Cloud_Guard|
|>|>|>|!2020.09.16|
|2020.09.16|TL;DR Security|![[52 - Prioritizing 3rd Party Vulnerabilities to Fix, LangSec History, Distilled Compliance Controls|https://tldrsec.com/blog/tldr-sec-052/]] |Weekly_Newsletter|
|2020.09.16|Thomas Stinger|[[Search Through Azure Locations and Their Names|https://trstringer.com/get-azure-locations/]]|Azure|
|2020.09.16|Infosec Institute|[[Cloud Pentesting Certification Boot Camp: The ultimate guide|https://resources.infosecinstitute.com/cloud-pentesting-certification-boot-camp-ultimate-guide/]]|PenTest|
|2020.09.16|Last Week in AWS|[[Is the AWS Free Tier really free?|https://www.lastweekinaws.com/blog/is-the-aws-free-tier-really-free/]]|AWS|
|2020.09.16|Solutions Review|[[The Essential Google Cloud Platform Books for Cloud Professionals|https://solutionsreview.com/cloud-platforms/the-essential-google-cloud-platform-books-for-cloud-professionals/]]|Resources|
|2020.09.16|GovLoop|[[4 Ways Cloud Makes the Best Platform for Disaster Recovery|https://www.govloop.com/4-ways-cloud-makes-the-best-platform-for-disaster-recovery/]]|DRP|
|2020.09.16|DevOps|[[The Rise of the Cloud Economist: The Other CFO|https://devops.com/the-rise-of-the-cloud-economist-the-other-cfo/]]|Misc|
|2020.09.16|Container Journal|[[Pure Storage to Acquire Portworx, Creating the Industry's Most Complete Kubernetes Data Services Platform for Cloud Native Applications|https://containerjournal.com/news/news-releases/pure-storage-to-acquire-portworx-creating-the-industrys-most-complete-kubernetes-data-services-platform-for-cloud-native-applications/]]|Acquisition|
|2020.09.17|Container Journal| → [[Pure Storage Buys Portworx to Advance Stateful Kubernetes Apps|https://containerjournal.com/topics/container-management/pure-storage-buys-portworx-to-advance-stateful-kubernetes-apps/]]|Acquisition|
|2020.09.16|Container Journal|[[Accurics Extends Tool for Securing Infrastructure to Kubernetes|https://containerjournal.com/topics/container-networking/accurics-extends-tool-for-securing-infrastructure-to-kubernetes/]]|Products Kubernetes|
|2020.09.16|SilverLining IL|![[Episode 26: Current Challenges With Cloud|https://silverlining-il.castos.com/episodes/episode-26-current-challenges-with-cloud]] ([[mp3|https://episodes.castos.com/5e4aaf232467c1-76191533/EP-26-MP3-CASTOS.mp3]]) |Podcast|
|2020.09.16|//Spanning//|[[Protect Your Office 365 Data Against Consent Phishing|https://spanning.com/blog/protect-office-365-data-against-consent-phishing/]]|O365 Phishing|
|2020.09.16|//StackRox//|[[Kubernetes Architecture and What It Means for Security|https://www.stackrox.com/post/2020/09/kubernetes-architecture-and-what-it-means-for-security/]]|K8s|
|2020.09.16|//Microsoft Azure//|[[Build a scalable security practice with Azure Lighthouse and Azure Sentinel|https://azure.microsoft.com/blog/build-a-scalable-security-practice-with-azure-lighthouse-and-azure-sentinel/]]|Azure_Sentinel|
|2020.09.16|//Microsoft Azure//|[[Azure Container Instances - Docker integration now in Docker Desktop stable release|https://azure.microsoft.com/blog/azure-container-instances-docker-integration-now-in-docker-desktop-stable-release/]]|Azure Docker|
|2020.09.16|//Intezer//|[[Intezer - Looking Back on the Last Decade of Linux APT Attacks|https://www.intezer.com/blog/cloud-security/looking-back-on-the-last-decade-of-linux-apt-attacks/]]|APT Linux|
|2020.09.16|//Centilytics//|[[Why is Multi-Cloud Strategy the Best Disaster Recovery Strategy - Blogs | Centilytics|https://blogs.centilytics.com/why-is-multi-cloud-strategy-the-best-disaster-recovery-strategy/]]|DRP|
|2020.09.16|//Oracle Cloud//|[[Prevent a weak cloud security posture with Maximum Security Zones|https://blogs.oracle.com/cloudsecurity/prevent-a-weak-cloud-security-posture-with-maximum-security-zones]]|CSPM|
|2020.09.16|//CyberSecurity Insiders//| → [[Oracle to block human error propelled data breaches with two innovative Cloud Security tools|https://www.cybersecurity-insiders.com/oracle-to-block-human-error-propelled-data-breaches-with-two-innovative-cloud-security-tools/]]|Oracle|
|2020.09.16|//Cloud Management Insider//| → [[Oracle Launches Two New Cloud Security Tools, Read Details|https://www.cloudmanagementinsider.com/oracle-launches-two-new-cloud-security-tools-read-details/]] |Products Oracle|
|2020.09.16|//Red Hat//|[[An introduction to Kubespray|https://www.redhat.com/sysadmin/kubespray-deploy-kubernetes]]|Tools Kubernetes|
|2020.09.16|//XM Cyber//|[[Privilege Escalation and Lateral Movement on Azure - Part 1|https://medium.com/xm-cyber/privilege-escalation-and-lateral-movement-on-azure-part-1-47e128cfdc06]] (1/2)|Azure Lateral_Movement|
|2020.09.16|//Slack//|[[Building the Next Evolution of Cloud Networks at Slack|https://slack.engineering/building-the-next-evolution-of-cloud-networks-at-slack/]]|Networks|
|>|>|>|!2020.09.15|
|2020.09.15|Le Comptoir Sécu[img[iCSF/flag_fr.png]]|[[Épisode 53 : La sécurité sur Office 365|https://www.comptoirsecu.fr/podcast/%C3%A9pisode-53-la-s%C3%A9curit%C3%A9-sur-office-365/]] ({{mp3/m4a|https://podcasts.comptoirsecu.fr/CSEC.EP53.2020-09-15.Office365.m4a]])|O365|
|2020.09.15|Silicon.fr[img[iCSF/flag_fr.png]]|[[GAIA-X : OVHcloud et T-Systems poussent un cloud "Made in Europe"|https://www.silicon.fr/gaia-x-ovhcloud-t-systems-cloud-europe-346737.html]] |Gaia-X Europe|
|2020.09.15|SANS|![[2020 SANS Enterprise Cloud Incident Response Survey|https://www.sans.org/reading-room/whitepapers/cloud/paper/39805]] (Chris Dale) |SANS Survey|
|2020.09.15|SANS| → Webcast [[2020 SANS Enterprise Cloud Incident Response Survey|https://www.sans.org/webcasts/114635]] |Webcast SANS|
|2020.09.15|Bleeping Computer|[[Google Drive is having an outage, users see spinning wheel|https://www.bleepingcomputer.com/news/google/google-drive-is-having-an-outage-users-see-spinning-wheel/]]|Outage GCP|
|2020.09.15|Security Magazine|[[The evolution of cloud security access brokers (CASB)|https://www.securitymagazine.com/articles/93361-the-evolution-of-cloud-security-access-brokers-casb]]|Report CSA|
|2020.09.15|Frank McGovern|[[Purchased Microsoft 365 E5, Now What?|https://frankmcg.com/2020/09/purchased-microsoft-365-e5-now-what/]]|M365 Threats|
|2020.09.15|Richard Seroter|[[Let's compare the CLI experiences offered by AWS, Microsoft Azure, and Google Cloud Platform|https://seroter.com/2020/09/15/lets-compare-the-cli-experiences-offered-by-aws-microsoft-azure-and-google-cloud-platform/]]|CLI AWS Azure GCP|
|2020.09.15|Amber Shafi|[[Automating Response to Security Events on Google Cloud Platform|https://medium.com/gsktech/automating-response-to-security-events-on-google-cloud-platform-df72a8afdc65]]|GCP Incidents_Handling|
|2020.09.15|//Nuageo//|[[Cloud Service Map version web dynamique|https://www.nuageo.fr/2020/09/cloud-service-map-version-web-dynamique/]]|Services Mapping|
|2020.09.15|//Werner Vogels (AWS)//|[[Reinventing virtualization with the AWS Nitro System|https://www.allthingsdistributed.com/2020/09/reinventing-virtualization-with-aws-nitro.html]]|AWS_Nitro|
|2020.09.15|//Coalfire//|[[Offensive Security Testing Using Cloud Tools|https://www.coalfire.com/the-coalfire-blog/september-2020/offensive-security-testing-using-cloud-tools]]|Tools Offensive_Testing|
|2020.09.14|Dark Reading| → [[Large Cloud Providers Much Less Likely Than Enterprises to Get Breached|https://www.darkreading.com/vulnerabilities---threats/large-cloud-providers-much-less-likely-than-enterprises-to-get-breached-/d/d-id/1338914]]|Report|
|2020.09.15|//Digital Shadows//|[[Access Keys Exposed: More Than 40% Are For Database Stores|https://www.digitalshadows.com/blog-and-research/access-keys-exposed-more-than-40-are-for-database-stores/]]|Data_Leak Keys|
|2020.09.15|Dark Reading| → [[Research Finds Nearly 800,000 Access Keys Exposed Online|https://www.darkreading.com/vulnerabilities---threats/research-finds-nearly-800000-access-keys-exposed-online/d/d-id/1338918]]|Data_Leak Keys|
|2020.09.15|The Daily Swig| → [[Databases, cloud storage, and more at risk from exposed access keys|https://portswigger.net/daily-swig/databases-cloud-storage-and-more-at-risk-from-exposed-access-keys]]|Data_Leak Keys|
|2020.09.15|//ESET//|[[Zoom makes 2FA available for all its users|https://www.welivesecurity.com/2020/09/15/zoom-2fa-available-users/]]|Zoom MFA|
|2020.09.15|//Virsec//|[[Change Your Thinking: Turn Conventional Security Inside Out|https://virsec.com/change-your-thinking-turn-conventional-security-inside-out/]]|Misc|
|2020.09.15|//Sysdig//|[[Secure and monitor AWS Outposts and hybrid clouds|https://sysdig.com/blog/secure-and-monitor-aws-outposts-hybrid-clouds/]]|AWS|
|2020.09.15|//Threatpost//|![[MFA Bypass Bugs Opened Microsoft 365 to Attack|https://threatpost.com/flaws-in-microsoft-365s-mfa-access-cloud-apps/159240/]] |M365 MFA Flaw|
|2020.09.17|GBHackers on Security| → [[Hackers Would Bypass Multi-Factor Authentication to Gain Full Access|https://gbhackers.com/flaw-with-mfa/]]|Authentication MFA|
|2020.09.15|//Amazon AWS//|[[Role-based access control using Amazon Cognito and an external identity provider|https://aws.amazon.com/blogs/security/role-based-access-control-using-amazon-cognito-and-an-external-identity-provider/]]|AWS RBAC|
|2020.09.15|//Amazon AWS//|[[AWS Organizations now supports tagging, tag-on-create and Attribute-Based Access Control (ABAC)|https://aws.amazon.com/about-aws/whats-new/2020/09/aws-organizations-now-supports-tagging-tag-on-create-and-attribute-based-access-control-abac/]]|AWS ABAC|
|2020.09.15|DZone|[[Confused by AWS Storage Options? S3, EBS, EFS Explained|https://dzone.com/articles/confused-by-aws-storage-options-s3-ebs-amp-efs-explained]]|AWS Storage|
|2020.09.15|//CyCognito//|[[Cloud Security - What You Need to Know to Protect Your Company|https://www.cycognito.com/blog/validate-your-cloud-security-effectiveness]]|Misc|
|2020.09.15|//Oracle Cloud//|[[Discovering and fixing weak cloud security posture with Oracle Cloud Guard|https://blogs.oracle.com/cloudsecurity/discovering-and-fixing-weak-cloud-security-posture-with-oracle-cloud-guard]]|Products Oracle Cloud_Guard|
|2020.09.15|//MSSP Alert//| → [[Oracle Introduces Cloud Guard, Maximum Security Zones Amid TikTok Partnership Proposal|https://www.msspalert.com/cybersecurity-services-and-products/cloud/oracle-cloud-guard-details/]]|Products Oracle Cloud_Guard|
|2020.09.15|Security Week| → [[Oracle Announces Availability of Cloud Guard, Maximum Security Zones|https://www.securityweek.com/oracle-announces-availability-cloud-guard-maximum-security-zones]]|Products Oracle Cloud_Guard|
|2020.09.16|Silicon.fr[img[iCSF/flag_fr.png]]| → [[Oracle lance Cloud Guard et Maximum Security Zones|https://www.silicon.fr/oracle-cloud-guard-maximum-security-zones-346854.html]]|Products Oracle Cloud_Guard|
|2020.09.15|//Anchore//|[[Container Registry Audits, 3 Reasons to Implement for Container Security & Compliance|https://anchore.com/blog/container-registry-audits-3-reasons-to-implement-for-container-security-compliance/]]|Container Audit|
|>|>|>|!2020.09.14|
|2020.09.14|MSP Alliance|[[Managing SaaS - the next evolution of Managed Services|https://mspalliance.com/managing-saas-the-next-evolution-of-managed-services/]]|SaaS|
|2020.09.14|Harprit Singh|[[A visual introduction to AWS Lambda permissions|https://www.harprit.dev/visual-aws-lambda-permissions/]]|AWS_lambda|
|2020.09.14|//Aqua Security//|[[Attacks in the Wild on Container Infrastructure|https://info.aquasec.com/cloud-native-threats]] (inscription requise)|Report|
|2020.09.14|BetaNews| → [[Organized attacks on cloud infrastructure and software supply chain increase|https://betanews.com/2020/09/14/organized-cloud-supply-chain-attacks/]]|Threat Cryptomining|
|2020.09.14|//Oracle Cloud//|[[Automating Cloud Security with Security Posture Management|https://blogs.oracle.com/cloudsecurity/automating-cloud-security-with-security-posture-management]]|CSPM|
|2020.09.14|//Threatpost//|[[Cloud Leak Exposes 320M Dating-Site Records|https://threatpost.com/cloud-leak-320m-dating-site-records/159225/]] |Data_Leak|
|2020.09.14|//Microsoft//|[[Microsoft Security: Use baseline default tools to accelerate your security career|https://www.microsoft.com/security/blog/2020/09/14/microsoft-security-use-baselide-default-tools-accelerate-security-career/]]|Misc|
|2020.09.14|//CyberArk Conjur//|![[Connect to Any API Without Exposing Your Secrets|https://www.conjur.org/blog/connect-to-any-api-without-exposing-your-secrets-secretless-broker/]] |APIs|
|2020.09.14|//Cloud Management Insider//|[[Ransomware Attackers Eye IaaS Providers, Here's How You Can Stay Safe|https://www.cloudmanagementinsider.com/ransomware-attackers-eye-iaas-providers-heres-how-you-can-stay-safe/]]|Ransomware|
|2020.09.14|//Cloud Management Insider//|[[Commvault Launches Disaster Recovery Service To Tackle Outage Troubles|https://www.cloudmanagementinsider.com/commvault-launches-disaster-recovery-service-to-tackle-outage-troubles/]]|Products DRP|
|2020.09.14|//Amazon AWS//|[[Integrating AWS CloudFormation security tests with AWS Security Hub and AWS CodeBuild reports|https://aws.amazon.com/blogs/security/integrating-aws-cloudformation-security-tests-with-aws-security-hub-and-aws-codebuild-reports/]]|AWS Security_Tests|
|2020.09.14|//Dashbird//|[[The Complete AWS Lambda Handbook for Beginners (Part 1)|https://dashbird.io/blog/complete-aws-lambda-handbook-beginners-part-1/]] (1/2)|AWS_Lambda|
|2020.09.14|//Meno Security//|![[U.S. Department of Defense Leads the Industry with Cloud-Based Internet Isolation Program|https://www.menlosecurity.com/blog/u.s.-department-of-defense-leads-the-industry-with-cloud-based-internet-isolation-program]] |Government Isolation|
<<tiddler [[arOund0C]]>>
!"//Quantum Bitcoin//"
Article publié le 19 septembre 2020 — Rédigé par le Dr. Jonathan Jogenfors, Quantum Bitcoin Inventor, Hacker, Atea Senior Information Security Consultant, CSA Blockchain Cybersecurity and Privacy Best Practices Group Advisor
<<<
[>img(150px,auto)[iCSA/K9JBQ.png]]//Money requires copy protection. If banknotes or coins could be forged, they would hardly be usable in daily life. Blockchain technology has been proposed as a new way of preventing double-spending in digital currencies because they have advantages over traditional centralized systems, i.e. decentralization brings resilience and greater anonymity. But, a radically different approach can be made using quantum mechanics.
In effect, a surprising consequence of quantum theory is the no-cloning theorem+++^*[»] "A single quantum cannot be cloned"
https://doi.org/10.1038%2F299802a0 === which forbids arbitrary copying of quantum states; this is essentially nature's own copy protection. Here, we do not have to rely on microprint and watermarks. Instead, forgery is prevented by simply applying the laws of physics! In such "quantum money" systems, a bank mints units of currency that each contain a collection of quantum states so that regular users can verify if these units are valid.
!!Can we make a Quantum Money system use a Blockchain?
The answer is yes! This can be accomplished through the use of Quantum Bitcoin+++^*[»] "Quantum Bitcoin: An Anonymous, Distributed, and Secure Currency Secured by the No-Cloning Theorem of Quantum Mechanics"
https://ieeexplore.ieee.org/abstract/document/8751473 === where these two techniques are combined. In the paper, Quantum Bitcoin is described as sharing advantages with both Bitcoin and Quantum Money systems. Basically, forgery is prevented by the no-cloning theorem, there is no limit on transaction scalability, and mining is performed using a two-step process. However, quantum money presently exists as a theoretical concept. Current technology does not yet allow us to reliably create, store and process quantum states with high enough fidelity for practical use. Additionally, while classical bitcoin can be easily transferred over the internet, a quantum bitcoin would need to be transferred physically or by using a "Quantum Internet"+++^*[»] https://www.energy.gov/articles/quantum-internet-future-here === .
Quantum technology is an interesting frontier in physics with many new tangible applications just around the corner. In addition to the much-hyped quantum computer, quantum money is another example that could have disruptive effects on our society worldwide. While the current state of art is far from being practical, it is worthwhile to envision what is possible once advanced technologies mature.
As the breadth and volume of blockchain use cases exponentially increase, it is pertinent that the global community addresses risks introduced by the technology. Consequently, the CSA Blockchain Cybersecurity and Privacy Best Practices Group is developing the playbook for business executives, policy makers, architects, engineers, and security professionals seeking to disrupt their current processes with blockchain innovations.//
<<<
__Liens :__
* Blog sur le site de la CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k9jb/|https://CloudSecurityAlliance.fr/go/k9jb/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/09/19/quantum-bitcoin/
!Le programme du Forum Securité@Cloud des 23 et 24 septembre 2020
[>img(250px,auto)[iCSF/K9NCDC.jpg]][>img(250px,auto)[iCSF/K9NFSC.jpg]]Habituellement prévu en mars, le Forum Securité@Cloud se déroulera donc les 23 et 24 septembre, à la Porte de Versailles, dans le Hall 7.2
Toutes les interventions auont lieu dans la Salle "Forum Sécurité" (aussi appelée Salle Picasso), tout au fond et à droite du lieu de l'exposition
!!?23 septembre 2020
* 09:30 - 10:00 - "''Les enjeux d'un Cloud de confiance pour les entreprises''"
** Intervenant : Raphaël Gauvain, Député de Saône-et-Loire
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S1
* 10:00 - 11:00 - "''Quels sont les principaux risques de sécurité en Cloud IaaS, SaaS et PaaS ?''"
** Intervenants : Alain Bouillé - Délégué Général, CESIN • Jeremy Schwalb - Information Security Officer, Auchan Retail • François-Xavier VINCENT - Groupe CISO et DPO, OODRIVE
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S2
* 11:15 - 12:15 - "''Comment construire sa stratégie Cloud en toute sécurité ?''"
** Intervenants : Jean-Paul Alibert - Président, T-Systems France • Edouard Camoin - RSSI, 3DS Outscale • Benoit Fuzeau - RSSI, CASDEN • Jean-Marc Jacquot - RSSI et animateur du groupe de travail Cloud et Sécurité du Clusif
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S3
* 14:15 - 14:45 - "''Keynote : IA, ML, Biométrie ... les grandes tendances de la cybersécurité ?''"
** Intervenant : Thierry Berthier - chercheur cybersécurité et cyberdéfense, Chaire de Saint-Cyr
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S4
* 14:45 - 15:45 - "''Comment reprendre le contrôle sur sa sécurité du Cloud ? contrôle d'accès, supervision...''"
** Intervenants : Foteini Jean - RSSI, GRT GAZ et membre du Cefcys • Frédéric Le Bars - Directeur R&D, Rohde & Schwarz Cybersecurity SAS • David Ofer - Vice-président & Board Member, ITrust
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S5
* 15:45 - 16:45 - "''La sécurité des données avec des outils collaboratifs dans le Cloud : bilan post-Covid et solutions.''"
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S6
!!24 septembre 2020
* 09:30 - 10:00 - "''Keynote d'ouverture : Quels sont les scénarios à redouter en matière de cyberattaques sur les objets connectés ?''"
** Intervenant : Bertrand Carlier - Animateur du groupe de travail "Sécurité de l'Internet des Objets" du CLUSIF
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S7
* 10:00 - 11:00 - "''Security By Design : règlement européen de cybersécurité, normes et formation en sécurité IoT, où en est-on ?''"
** Intervenants : Roland Atoui - expert IoT et certification, DG RED ALERT LABS • Walter Peretti - Responsable Projet Innovation Industrielle, Pole Léonard de Vinci • Rayna Stamboliyska - experte IoT, membre du groupe de travail "Sécurité de l'Internet des Objets" du Clusif et auteure de "la face cachée d'Internet"
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S8
* 11:10 - 12:10 - "''Quelles mesures techniques adopter en matière de sécurité IoT ?''"
** Intervenants : Bertrand Carlier - Animateur du groupe de travail "Sécurité de l'Internet des Objets" du CLUSIF • Olivier Héron - Directeur du Lab, CEA Tech • Axel Sandot - Business Development Manager, ATOS
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S9
* 14:15 - 14:45 - "''Keynote : Panorama des attaques dans le Cloud''"
** Intervenant : Olivier Caleff - Co-fondateur du chapitre français de la Cloud Security Alliance
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S10
* 14:45 - 15:15 - "''La gestion des risques privacy selon la norme ISO 27701''"
** Intervenante : Amélie Paget - consultante juridique SSI et formatrice ISO 27701
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S11
* 15:15 - 15:45 - "''Comment mettre en oeuvre un PRA dans le Cloud ?''"
** Intervenant : Gaël Esnis - CTO, Transdev
* 15:45 - 16:30 - "''Cyber-résilience : comment se préparer efficacement aux crises et résister ?''"
** Inscription : https://www.datacenter-cloud.com/visiter?interetConf=S12
__Liens :__
* Site → https://www.datacenter-cloud.com/security/
* Programme → https://www.datacenter-cloud.com/conferences-et-ateliers/?salon[]=SECURITE
!"//Top Threats to Cloud Computing: Egregious Eleven Deep Dive//"
[>img(150px,auto)[iCSA/K9FPT.jpg]]Ce document est la suite de du ''Top Threats to Cloud Computing: Egregious Eleven''+++^*[»] <<tiddler [[2019.08.06 - Publication : 'Top Threats to Cloud Computing: Egregious Eleven']]>> === publié en août 2019.
<<<
//The purpose of the report is to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among security experts in CSA community about the most significant security issues in the cloud.//
//''The Top Threats Working Group Recent Contributions''
The "2020 Top Threats Deep Dive" document cites multiple examples of issues relevant to the "Egregious Eleven" survey results. While these anecdotes allow cybersecurity managers to better communicate with executives and peers (and provide context for discussions with technical staff), they do not provide in-depth detail for implementing mitigations and countermeasures from a security analysis standpoint.//
//''What You Will Find''
This case study collection attempts to connect the dots between CSA Top Threats when it comes to security analysis by using nine real- world attacks and breaches cited in the Top Threats Deep Dive for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart's format provides an attack-style synopsis of the actor spanning from threats and vulnerabilities to end controls and mitigations.
We encourage architects and engineers to use this information as a starting point for their own analysis and comparisons. The longer form narratives provide additional context (such as how an incident came to pass or how it should be dealt with) and references for additional research. For cases where details - such as impacts or mitigations - were not discussed publicly, we extrapolated to include expected outcomes and possibilities.//
<<<
__Table des matières__
<<<
# Top Threats EE:DD Analysis
** 'Top Threats' Coverage by Case Study
** Recommended Cloud Controls Matrix (CCM) Domains for Case Study
** Case Study CCM Control Coverage Frequency
# Case Studies
** Capital One • Disney+ • Dow Jones • Github • Imperva • Ring • Tesco • Tesla • Zoom
# Glossary
# References
<<<
__Liens__
* Annonce → https://cloudsecurityalliance.org/artifacts/top-threats-egregious-11-deep-dive/ /% ''[[CloudSecurityAlliance.fr/go/k9fp/|https://CloudSecurityAlliance.fr/go/k9fp/]]'' %/
* Téléchargement → https://cloudsecurityalliance.org/download/artifacts/top-threats-egregious-11-deep-dive/ /% ''[[CloudSecurityAlliance.fr/go/k9fa/|https://CloudSecurityAlliance.fr/go/k9fa/]]'' %/
<<tiddler [[arOund0C]]>>
!"//Blockweave: Patents Granted for Low-Cost Alternative to Blockchain//"
Article publié le 14 septembre 2020 — Rédigé par Maëva Ghonda+++^*[»] LinkedIn → [[maevaghonda|https://twitter.com/maevaghonda]] • Twitter → [[maevaghonda|https://twitter.com/maevaghonda]] === , Co-Chair, CSA Blockchain and Distributed Ledger Technology Working Group.//
<<<
[>img(150px,auto)[iCSA/K9EBB.png]]In the last 24 months, 46 patent applications referencing Blockweave technology have been filed by a single owner, Pure Storage Inc. To date, 5 of these applications have already transitioned to granted patent status by the United States Patent and Trademark Office (USPTO). The promise of Blockweave technology is a low-cost alternative to blockchain with the potential to resist attacks by classical and quantum computers+++^*[»]
* Secret Sharing Data Protection In A Storage System_PATENT GRANTED_4-Apr-2020.
** https://www.lens.org/lens/patent/015-965-762-487-122/fulltext
=== . Blockweave has gained interest because it provides data storage by enabling secure decentralization without employing the entire chain.
Unlike blockchain technology where proof of work (PoW) relies on the previous block to produce each sequential block, with Blockweave, the proof of access (PoA) algorithm can integrate data from a randomly selected preceding block for validation. Consequently, Blockweave consumes significantly less hashing power for consensus as new information is added to the system. This technology facilitates scalability and speed because miners no longer need to store all the blocks as in blockchain platforms. If it delivers on its promise, Blockweave technology could capture a significant tranche of the Blockchain market in a relatively short time because 90% of existing enterprise blockchain platforms will require replacement by next year to remain secure and to prevent obsolescence+++^*[»]
* Gartner Predicts 90% of Current Enterprise Blockchain Platform Implementations Will Require Replacement by 2021. (2019).
** https://www.gartner.com/en/newsroom/press-releases/2019-07-03-gartner-predicts-90--of-current-enterprise-blockchain
===
<<<
//__Liens :__
* Article sur le blog de la CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k9eb/|https://CloudSecurityAlliance.fr/go/k9eb/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/09/14/blockweave-patents-granted-for-low-cost-alternative-to-blockchain/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #81|2020.09.13 - Newsletter Hebdomadaire #81]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #81|2020.09.13 - Weekly Newsletter - #81]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.09.13 - Newsletter Hebdomadaire #81]]>> |<<tiddler [[2020.09.13 - Weekly Newsletter - #81]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 7 au 13 septembre 2020
!!1 - Informations CSA - 7 au 13 septembre 2020
* Blog : Gestion du risque quantique+++^*[»] <<tiddler [[2020.09.08 - Blog : Gestion du risque quantique]]>>===
* Blog : Complexité de la Sécurisation des Télétravailleurs+++^*[»] <<tiddler [[2020.09.08 - Blog : Complexité de la Sécurisation des Télétravailleurs]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 70 liens|2020.09.13 - Veille Hebdomadaire - 13 septembre]])
* __''À lire''__
** Monaco lance son 'Cloud souverain' basé sur AWS : au lieu de polémiquer, ''lire'' les documents et ''réfléchir'' à la signification de l'expression "Cloud Souverain"...+++^*[»]
|2020.09.11|Principauté de Monaco[>img[iCSF/flag_fr.png]]|![[Monaco dévoile son plan de relance ambitieux porté par le numérique|https://www.gouv.mc/Action-Gouvernementale/La-Securite/Actualites/Monaco-devoile-son-plan-de-relance-ambitieux-porte-par-le-numerique]] |Sovereignty Monaco AWS|
|2019.11.29|Principauté de Monaco[>img[iCSF/flag_fr.png]]| → [[Monaco étudie avec Amazon Web Services la création de son Cloud Souverain|https://www.gouv.mc/Actualites/Monaco-etudie-avec-Amazon-Web-Services-la-creation-de-son-Cloud-Souverain2]]|Sovereignty Monaco|
===
** Attaques par détournement d'outils de supervision Cloud (//Intezer//)+++^*[»]
|2020.09.08|//Intezer//|![[Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks|https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/]]|Attacks Abuse|
|2020.09.08|Bleeping Computer| → [[Hackers use legit tool to take over Docker, Kubernetes platforms|https://www.bleepingcomputer.com/news/security/hackers-use-legit-tool-to-take-over-docker-kubernetes-platforms/]]|Attacks Docker Kubernetes|
|2020.09.08|Security Week| → [[Researchers Spot First Cloud Attack Abusing Legitimate Tool|https://www.securityweek.com/researchers-spot-first-cloud-attack-abusing-legitimate-tool]]|Attacks Abuse|
|2020.09.08|//Weaveworks//| → [[Preventing malicious use of Weave Scope|https://www.weave.works/blog/preventing-malicious-use-of-weave-scope]]|Attacks Abuse|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : APT28/Strontium (//Microsoft//) • Compléments d'analyse 'Team TNT' (//Prevasio, Threatpost//) • Alerte cryptomineur (//Aqua Security//) • APT ciblant Linux (//Kaspersky//)+++^*[»]
|>|>|>|!|
|2020.09.10|//Microsoft//|![[STRONTIUM: Detecting new patterns in credential harvesting|https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/]] |O365 APT Threat_Actors|
|2020.09.11|//Threatpost//| → [[APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins|https://threatpost.com/apt28-theft-office365-logins/159195/]]|APT O365|
|>|>|>|!|
|2020.09.13|//Prevasio//|[[A Router Honeypot for an IRC Bot|https://blog.prevasio.com/2020/09/a-router-honeypot-for-irc-bot_18.html]]|Docker AWS Credentials Attack Team_TNT|
|2020.09.09|//Threatpost//|[[TeamTNT Gains Full Remote Takeover of Cloud Instances|https://threatpost.com/teamtnt-remote-takeover-cloud-instances/159075/]]|Docker AWS Credentials Attack Team_TNT|
|>|>|>|!|
|2020.09.11|//Aqua Security//|[[Threat Alert: Massive Cryptomining Campaign Abusing GitHub, Docker Hub, Travis CI & Circle CI|https://blog.aquasec.com/container-security-alert-campaign-abusing-github-dockerhub-travis-ci-circle-ci]]|Threat Cryptomining|
|>|>|>|!|
|2020.09.10|//Kaspersky//|[[An overview of targeted attacks and APTs on Linux|https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/]]|Attacks APT|
===
** Vulnérabilités : Chasse aux Docker mal configurés (//Awake//)+++^*[»]
|2020.09.10|//Awake//|![[Threat Hunting to find Misconfigured Docker Exploitation|https://awakesecurity.com/blog/threat-hunting-to-find-misconfigured-docker-exploitation/]] |Docker Hunting|
===
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Kubernetes (//Sysdig//) • Liste de mauvaises (CSO Online)+++^*[»]
|2020.09.10|//Sysdig//|[[Seven Kubernetes monitoring best practices every monitoring solution should enable|https://sysdig.com/blog/kubernetes-monitoring-best-practices/]]|K8s Best_Practices|
|2020.09.10|CSO Online|[[10 common cloud security mistakes that put your data at risk|https://www.csoonline.com/article/3573267/10-common-cloud-security-mistakes-that-put-your-data-at-risk.html]]|Risks Bad_Practices|
===
** Détection : Matrice TTP pour serveur Linux dns le Cloud (//Intezer//)+++^*[»]
|2020.09.08|//Intezer//|![[TTPs Matrix for Linux Cloud Servers with Detection Methods|https://www.intezer.com/blog/cloud-security/ttps-matrix-for-linux-cloud-servers-with-detection-methods/]]|TTPs Linux Detection|
|2020.09.08|//Intezer//| → [[TTPs matrix for Linux cloud servers|https://www.intezer.com/resource/ttps-matrix-for-linux-cloud-servers-with-detection-methods/]]|TTPs Linux Detection|
===
* __Cloud Services Providers, Outils__
** AWS : Sécurisation de Bucket S3 (//Fugue//) • Identification de vulnérabilités (//XMCO//)+++^*[»]
|2020.09.08|//Fugue//|![[Building a Secure Amazon S3 Bucket (AWS)|https://www.fugue.co/blog/building-a-secure-amazon-s3-bucket-aws]] |AWS_S3|
|2020.09.08|//Fugue//| → Webcast [[Cloud Security Masterclass: Building a Highly Secure S3 Bucket|https://cta-redirect.hubspot.com/cta/redirect/4846674/9864918b-8d5a-4e09-b68a-e50160ca40c0]]|AWS_S3|
|>|>|>|!|
|2020.09.10|//XMCO//[>img[iCSF/flag_fr.png]]|[[Sécurité des environnements AWS - Partie 2|https://www.xmco.fr/actu-secu/XMCO-ActuSecu-54-AWS-DropTheMic.pdf]] (2/2) (pdf)|AWS|
|2020.04.01|//XMCO//[>img[iCSF/flag_fr.png]]|[[Sécurité des environnements AWS - Partie 1|https://www.xmco.fr/actu-secu/XMCO-ActuSecu-53-AWS_Cryptomineur_SmartInstall.pdf]] (1/2) (pdf)|AWS|
===
** Azure : Gestion des correctifs automatique dans les VM • annonces de la semaine+++^*[»]
|2020.09.09|//Microsoft Azure//|[[Automatic VM guest patching is now in public preview|https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/]]|Azure Patch_Management|
|2020.09.10|Silicon[>img[iCSF/flag_fr.png]]| → [[Microsoft expérimente les patchs automatisés sur les VM Azure|https://www.silicon.fr/microsoft-patchs-automatises-vm-azure-346555.html]]|Azure Patch_Management|
|2020.09.10|Thomas Maurer| → [[How to configure Azure Automatic VM guest OS patching|https://www.thomasmaurer.ch/2020/09/how-to-azure-automatic-vm-guest-os-patching/]]|Azure Patch_Management|
|>|>|>|!|
|2020.09.08|//Microsoft Azure//|[[Accelerate your adoption of SIEM using Azure Sentinel and a new offer from Microsoft|https://www.microsoft.com/security/blog/2020/09/08/accelerate-adoption-siem-azure-sentinel-offer-microsoft/]]|Products Azure_Sentinel SIEM|
|2020.09.08|//Microsoft Azure//|[[What's new: Azure DDoS Protection connector in Public Preview for Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-azure-ddos-protection-connector-in-public-preview-for/ba-p/1646681]]|Azure DDoS|
===
** GCP : Extension de l'offre 'Confidential Computing' • Chiffrement+++^*[»]
|2020.09.08|//Google Cloud//|[[Expanding Google Cloud's Confidential Computing portfolio|https://cloud.google.com/blog/products/identity-security/expanding-google-clouds-confidential-computing-portfolio]]|GCP GKE Confidential_Computing|
|2020.09.08|Silicon Angle| → [[Google expands Confidential Computing to Kubernetes workloads|https://siliconangle.com/2020/09/08/google-expands-confidential-computing-kubernetes-workloads/]]|GCP GKE Confidential_Computing|
|2020.09.08|Container Journal| → [[Google Brings Confidential Computing to GKE Service|https://containerjournal.com/topics/container-security/google-brings-confidential-computing-to-gke-service/]]|GCP GKE Confidential_Computing|
|2020.09.08|Security Week| → [[Google Announces Confidential GKE Nodes, General Availability of Confidential VMs|https://www.securityweek.com/google-announces-confidential-gke-nodes-general-availability-confidential-vms]]|GCP GKE Confidential_Computing|
|2020.09.11|//Google Cloud//|[[Lost in translation: encryption, key management, and real security|https://cloud.google.com/blog/products/identity-security/how-encryption-and-key-management-enable-real-security/]]|Encryption|
===
** Oracle : Résilience+++^*[»]
|2020.09.11|//Oracle Cloud//|[[Resiliency is the new currency|https://blogs.oracle.com/cloudsecurity/resiliency-is-the-new-currency]]|Resilience|
===
** Kubernetes : Menaces (fin de la série par //StackRox//) • Contrôle d'accès aux applications+++^*[»]
|2020.09.08|//Stackrox//|[[Guide to Kubernetes Security Context and Security Policies|https://www.stackrox.com/post/2020/09/guide-to-kubernetes-security-context-and-security-policies/]]|K8s Policies|
|2020.09.10|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 9 - Impact|https://www.stackrox.com/post/2020/09/protecting-against-kubernetes-threats-chapter-9-impact/]] (9/9) |Kubernetes Treats|
|2020.09.01|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 8 - Lateral Movement|https://www.stackrox.com/post/2020/09/protecting-against-kubernetes-threats-chapter-8-lateral-movement/]] (8/9) |Kubernetes Treats|
|2020.08.13|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 7 - Discovery|https://www.stackrox.com/post/2020/08/protecting-against-kubernetes-threats-chapter-7-discovery/]] (7/9) |Kubernetes Treats|
|2020.08.05|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 6 - Credential Access|https://www.stackrox.com/post/2020/08/protecting-against-kubernetes-threats-chapter-6-credential-access/]] (6/9) |Kubernetes Treats|
|2020.07.27|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 5 - Defense Evasion|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-5-defense-evasion/]] (5/9) |Kubernetes Treats|
|2020.07.19|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 4 - Privilege Escalation|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-4-privilege-escalation/]] (4/9)|Kubernetes Threats|
|2020.07.14|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 3 - Persistence|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-3-persistence/]] (3/9) |Kubernetes Treats|
|2020.07.02|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 2 - Execution|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-2-execution/]] (2/9) |Kubernetes Threats|
|2020.06.25|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 1 - Initial Access|https://www.stackrox.com/post/2020/06/protecting-against-kubernetes-threats-chapter-1-initial-access/]] (1/9) |Kubernetes Threats|
|>|>|>|!|
|2020.09.08|Container Journal|[[5 Methods for Kubernetes Application Access Control|https://containerjournal.com/topics/container-management/5-methods-for-kubernetes-application-access-control/]]|K8s Access_Controls|
===
** Containers : Persistence (//Palo Alto Networks//) • Terminologie sécurité (//Anchore//)+++^*[»]
|2020.09.10|//Palo Alto Networks//|[[The Challenge of Persistence in Containers and Serverless|https://unit42.paloaltonetworks.com/persistence-in-containers-and-serverless/]]|Persistence containers Serverless|
|>|>|>|!|
|2020.09.03|//Anchore//|[[A Container Security Terminology Guide For Better Communication|https://anchore.com/blog/a-container-security-terminology-guide-for-better-communication/]] (1/2)|Containers Terminology|
|2020.09.08|//Anchore//|[[Part 2. A Container Security Terminology Guide For Better Communication|https://anchore.com/blog/part-2-a-container-security-terminology-guide-for-better-communication/]] (2/2)|Containers Terminology|
===
** Workloads : Protection (//Intezer//)+++^*[»]
|2020.09.10|!//Intezer//|[[Complementing Your CSPM with Runtime Cloud Workload Protection|https://www.intezer.com/blog/cloud-security/complementing-your-cspm-with-runtime-cloud-workload-protection/]]|CSPM Workloads|
===
** Outils: CloudBrute pour la découverte et la cartoraphie des ressources d'une entreprise • DockerENT pour détecter des vulnérabilités et des problèmes de configurations sur Docker+++^*[»]
|2020.09.10|0xSha|![[Introducing CloudBrute, wild hunt on the clouds|https://0xsha.io/posts/introducing-cloudbrute-wild-hunt-on-the-clouds]] |Tools|
|2020.09.08|0xSha| → [[CloudBrute: Tool to find a company (target) infrastructure, files, and apps on the top cloud providers|https://github.com/0xsha/CloudBrute]]|Tools|
|2020.09.12|Cyberwar Zone| → [[Cloudbrute: find a company (target) cloud infrastructure|https://cyberwarzone.com/cloudbrute-find-a-company-target-cloud-infrastructure/]]|Tools|
|>|>|>|!|
|2020.09.13|KitPloit|[[DockerENT - The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks|https://www.kitploit.com/2020/09/dockerent-only-open-source-tool-to.html]]|Tools Docker|
||Rohit Sehgal| → [[Docker ENT|https://github.com/r0hi7/DockerENT]]|Tools Docker|
===
* __Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'__
** Podcasts : Gestion des accès AWS+++^*[»]
|2020.09.13|Cloud Security Podcast|[[Identity & Cross Account Access Management in AWS - Cloud Security - Alexandre Sieira|https://anchor.fm/cloudsecuritypodcast/episodes/Identity--Cross-Account-Access-Management-in-AWS--CLOUD-SECURITY---Alexandre-Sieira-ejhvq7]]|Podcast AWS IAM|
===
** Veilles : TL;DR Security #51 • The Cloud Security Reading List #54+++^*[»]
|2020.09.13|Marco Lancini|[[The Cloud Security Reading List #54|https://cloudseclist.com/issues/issue-54/]] |Weekly_Newsletter|
|2020.09.09|TL;DR Security|[[#51 - Continuous Cloud Monitoring, Web Browser for Hackers, How GitHub Threat Models|https://tldrsec.com/blog/tldr-sec-051/]] |Weekly_Newsletter|
===
* __Divers__
** Privacy Shield : point de vue de //Nuageo//+++^*[»]
|2020.09.08|//Nuageo//[>img[iCSF/flag_fr.png]]|![[Le Privacy Shield est mort ! Vive le retour des DSI actives !|https://www.nuageo.fr/2020/07/le-privacy-shield-est-mort-vive-le-retour-des-dsi-actives/]] |Privacy_Shield|
===
** Quelques livres sur Azure+++^*[»]
|2020.09.08|Solutions Review|[[The Essential Microsoft Azure Books for Cloud Professionals|https://solutionsreview.com/cloud-platforms/the-essential-microsoft-azure-books-for-cloud-professionals/]] |Resources|
===
** Stockage gratuit dans le Cloud ? Vraiment ?+++^*[»]
|2020.09.10|//Backblaze//|![[Free Cloud Storage: What's the Catch?|https://www.backblaze.com/blog/free-cloud-storage-whats-the-catch/]]|Storage|
===
** Les mythes du chiffrement : point de vue de Christophe Parisel+++^*[»]
|2020.09.10|Christophe Parisel|![[Myths of Cloud encryption|https://www.linkedin.com/pulse/myths-cloud-encryption-christophe-parisel/]] |Encryption|
===
!!3 - Agenda
* Jusqu'au ''25'' septembre → CSA : ''[[Webinaires 'SECtember Experience'|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
* ''23 au 24'' septembre → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Lien direct
|ssTablK6|k
|!⇒ [[CloudSecurityAlliance.fr/go/K9D/|https://CloudSecurityAlliance.fr/go/K9D/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - September 7th to 13th, 2020
!!1 - CSA News and Updates - September 7th to 13th, 2020
* Blog: Boardroom Excellence: Quantum Risk Management+++^*[»] <<tiddler [[2020.09.08 - Blog : Gestion du risque quantique]]>>===
* Blog: Understanding the Complexities of Securing a Remote Workforce+++^*[»] <<tiddler [[2020.09.08 - Blog : Complexité de la Sécurisation des Télétravailleurs]]>>===
!!2 - Cloud and Security News Watch ([[over 70 links|2020.09.13 - Veille Hebdomadaire - 13 septembre]])
* __''Must read''__
** Monaco launches an AWS-based 'Sovereign Cloud': ''first of'', let's ''read'' the documents and ''think'' on the meaning of what a 'Sovereign Cloud'...+++^*[»]
|2020.09.11|Principauté de Monaco[>img[iCSF/flag_fr.png]]|![[Monaco dévoile son plan de relance ambitieux porté par le numérique|https://www.gouv.mc/Action-Gouvernementale/La-Securite/Actualites/Monaco-devoile-son-plan-de-relance-ambitieux-porte-par-le-numerique]] |Sovereignty Monaco AWS|
|2019.11.29|Principauté de Monaco[>img[iCSF/flag_fr.png]]| → [[Monaco étudie avec Amazon Web Services la création de son Cloud Souverain|https://www.gouv.mc/Actualites/Monaco-etudie-avec-Amazon-Web-Services-la-creation-de-son-Cloud-Souverain2]]|Sovereignty Monaco|
===
** Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks (//Intezer//)+++^*[»]
|2020.09.08|//Intezer//|![[Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks|https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/]]|Attacks Abuse|
|2020.09.08|Bleeping Computer| → [[Hackers use legit tool to take over Docker, Kubernetes platforms|https://www.bleepingcomputer.com/news/security/hackers-use-legit-tool-to-take-over-docker-kubernetes-platforms/]]|Attacks Docker Kubernetes|
|2020.09.08|Security Week| → [[Researchers Spot First Cloud Attack Abusing Legitimate Tool|https://www.securityweek.com/researchers-spot-first-cloud-attack-abusing-legitimate-tool]]|Attacks Abuse|
|2020.09.08|//Weaveworks//| → [[Preventing malicious use of Weave Scope|https://www.weave.works/blog/preventing-malicious-use-of-weave-scope]]|Attacks Abuse|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: APT28/Strontium (//Microsoft//) • Furthur 'Team TNT' analysis (//Prevasio, Threatpost//) • Massive Cryptomining Campaign (//Aqua Security//) • Overview of APTs on Linux (//Kaspersky//)+++^*[»]
|>|>|>|!|
|2020.09.10|//Microsoft//|![[STRONTIUM: Detecting new patterns in credential harvesting|https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/]] |O365 APT Threat_Actors|
|2020.09.11|//Threatpost//| → [[APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins|https://threatpost.com/apt28-theft-office365-logins/159195/]]|APT O365|
|>|>|>|!|
|2020.09.13|//Prevasio//|[[A Router Honeypot for an IRC Bot|https://blog.prevasio.com/2020/09/a-router-honeypot-for-irc-bot_18.html]]|Docker AWS Credentials Attack Team_TNT|
|2020.09.09|//Threatpost//|[[TeamTNT Gains Full Remote Takeover of Cloud Instances|https://threatpost.com/teamtnt-remote-takeover-cloud-instances/159075/]]|Docker AWS Credentials Attack Team_TNT|
|>|>|>|!|
|2020.09.11|//Aqua Security//|[[Threat Alert: Massive Cryptomining Campaign Abusing GitHub, Docker Hub, Travis CI & Circle CI|https://blog.aquasec.com/container-security-alert-campaign-abusing-github-dockerhub-travis-ci-circle-ci]]|Threat Cryptomining|
|>|>|>|!|
|2020.09.10|//Kaspersky//|[[An overview of targeted attacks and APTs on Linux|https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/]]|Attacks APT|
===
** Vulnerabilities: Threat Hunting to find Misconfigured Docker Exploitation (//Awake//)+++^*[»]
|2020.09.10|//Awake//|![[Threat Hunting to find Misconfigured Docker Exploitation|https://awakesecurity.com/blog/threat-hunting-to-find-misconfigured-docker-exploitation/]] |Docker Hunting|
===
* __Best Practices, and Detection__
** Best Practices: Kubernetes (//Sysdig//) • Cloud security mistakes (CSO Online)+++^*[»]
|2020.09.10|//Sysdig//|[[Seven Kubernetes monitoring best practices every monitoring solution should enable|https://sysdig.com/blog/kubernetes-monitoring-best-practices/]]|K8s Best_Practices|
|2020.09.10|CSO Online|[[10 common cloud security mistakes that put your data at risk|https://www.csoonline.com/article/3573267/10-common-cloud-security-mistakes-that-put-your-data-at-risk.html]]|Risks Bad_Practices|
===
** Detection: TTPs Matrix for Linux Cloud Servers (//Intezer//)+++^*[»]
|2020.09.08|//Intezer//|![[TTPs Matrix for Linux Cloud Servers with Detection Methods|https://www.intezer.com/blog/cloud-security/ttps-matrix-for-linux-cloud-servers-with-detection-methods/]]|TTPs Linux Detection|
|2020.09.08|//Intezer//| → [[TTPs matrix for Linux cloud servers|https://www.intezer.com/resource/ttps-matrix-for-linux-cloud-servers-with-detection-methods/]]|TTPs Linux Detection|
===
* __Cloud Services Providers, Tools__
** AWS: Building a Secure Amazon S3 Bucket (//Fugue//) • Identification of Vulnerabilities (//XMCO//)+++^*[»]
|2020.09.08|//Fugue//|![[Building a Secure Amazon S3 Bucket (AWS)|https://www.fugue.co/blog/building-a-secure-amazon-s3-bucket-aws]] |AWS_S3|
|2020.09.08|//Fugue//| → Webcast [[Cloud Security Masterclass: Building a Highly Secure S3 Bucket|https://cta-redirect.hubspot.com/cta/redirect/4846674/9864918b-8d5a-4e09-b68a-e50160ca40c0]]|AWS_S3|
|>|>|>|!|
|2020.09.10|//XMCO//[>img[iCSF/flag_fr.png]]|[[Sécurité des environnements AWS - Partie 2|https://www.xmco.fr/actu-secu/XMCO-ActuSecu-54-AWS-DropTheMic.pdf]] (2/2) (pdf)|AWS|
|2020.04.01|//XMCO//[>img[iCSF/flag_fr.png]]|[[Sécurité des environnements AWS - Partie 1|https://www.xmco.fr/actu-secu/XMCO-ActuSecu-53-AWS_Cryptomineur_SmartInstall.pdf]] (1/2) (pdf)|AWS|
===
** Azure: Automatic VM Guest Patching • Announcements+++^*[»]
|2020.09.09|//Microsoft Azure//|[[Automatic VM guest patching is now in public preview|https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/]]|Azure Patch_Management|
|2020.09.10|Silicon[>img[iCSF/flag_fr.png]]| → [[Microsoft expérimente les patchs automatisés sur les VM Azure|https://www.silicon.fr/microsoft-patchs-automatises-vm-azure-346555.html]]|Azure Patch_Management|
|2020.09.10|Thomas Maurer| → [[How to configure Azure Automatic VM guest OS patching|https://www.thomasmaurer.ch/2020/09/how-to-azure-automatic-vm-guest-os-patching/]]|Azure Patch_Management|
|>|>|>|!|
|2020.09.08|//Microsoft Azure//|[[Accelerate your adoption of SIEM using Azure Sentinel and a new offer from Microsoft|https://www.microsoft.com/security/blog/2020/09/08/accelerate-adoption-siem-azure-sentinel-offer-microsoft/]]|Products Azure_Sentinel SIEM|
|2020.09.08|//Microsoft Azure//|[[What's new: Azure DDoS Protection connector in Public Preview for Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-azure-ddos-protection-connector-in-public-preview-for/ba-p/1646681]]|Azure DDoS|
===
** GCP: Expanding Google Cloud's Confidential Computing portfolio • Encryption, Key Management, and Real Security+++^*[»]
|2020.09.08|//Google Cloud//|[[Expanding Google Cloud's Confidential Computing portfolio|https://cloud.google.com/blog/products/identity-security/expanding-google-clouds-confidential-computing-portfolio]]|GCP GKE Confidential_Computing|
|2020.09.08|Silicon Angle| → [[Google expands Confidential Computing to Kubernetes workloads|https://siliconangle.com/2020/09/08/google-expands-confidential-computing-kubernetes-workloads/]]|GCP GKE Confidential_Computing|
|2020.09.08|Container Journal| → [[Google Brings Confidential Computing to GKE Service|https://containerjournal.com/topics/container-security/google-brings-confidential-computing-to-gke-service/]]|GCP GKE Confidential_Computing|
|2020.09.08|Security Week| → [[Google Announces Confidential GKE Nodes, General Availability of Confidential VMs|https://www.securityweek.com/google-announces-confidential-gke-nodes-general-availability-confidential-vms]]|GCP GKE Confidential_Computing|
|2020.09.11|//Google Cloud//|[[Lost in translation: encryption, key management, and real security|https://cloud.google.com/blog/products/identity-security/how-encryption-and-key-management-enable-real-security/]]|Encryption|
===
** Oracle: Resiliency+++^*[»]
|2020.09.11|//Oracle Cloud//|[[Resiliency is the new currency|https://blogs.oracle.com/cloudsecurity/resiliency-is-the-new-currency]]|Resilience|
===
** Kubernetes: Protecting Against Kubernetes Threats (9th and final part by //StackRox//) • Application Access Control+++^*[»]
|2020.09.08|//Stackrox//|[[Guide to Kubernetes Security Context and Security Policies|https://www.stackrox.com/post/2020/09/guide-to-kubernetes-security-context-and-security-policies/]]|K8s Policies|
|2020.09.10|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 9 - Impact|https://www.stackrox.com/post/2020/09/protecting-against-kubernetes-threats-chapter-9-impact/]] (9/9) |Kubernetes Treats|
|2020.09.01|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 8 - Lateral Movement|https://www.stackrox.com/post/2020/09/protecting-against-kubernetes-threats-chapter-8-lateral-movement/]] (8/9) |Kubernetes Treats|
|2020.08.13|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 7 - Discovery|https://www.stackrox.com/post/2020/08/protecting-against-kubernetes-threats-chapter-7-discovery/]] (7/9) |Kubernetes Treats|
|2020.08.05|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 6 - Credential Access|https://www.stackrox.com/post/2020/08/protecting-against-kubernetes-threats-chapter-6-credential-access/]] (6/9) |Kubernetes Treats|
|2020.07.27|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 5 - Defense Evasion|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-5-defense-evasion/]] (5/9) |Kubernetes Treats|
|2020.07.19|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 4 - Privilege Escalation|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-4-privilege-escalation/]] (4/9)|Kubernetes Threats|
|2020.07.14|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 3 - Persistence|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-3-persistence/]] (3/9) |Kubernetes Treats|
|2020.07.02|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 2 - Execution|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-2-execution/]] (2/9) |Kubernetes Threats|
|2020.06.25|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 1 - Initial Access|https://www.stackrox.com/post/2020/06/protecting-against-kubernetes-threats-chapter-1-initial-access/]] (1/9) |Kubernetes Threats|
|>|>|>|!|
|2020.09.08|Container Journal|[[5 Methods for Kubernetes Application Access Control|https://containerjournal.com/topics/container-management/5-methods-for-kubernetes-application-access-control/]]|K8s Access_Controls|
===
** Containers: Challenge of Persistence (//Palo Alto Networks//) • Container Security Terminology (//Anchore//)+++^*[»]
|2020.09.10|//Palo Alto Networks//|[[The Challenge of Persistence in Containers and Serverless|https://unit42.paloaltonetworks.com/persistence-in-containers-and-serverless/]]|Persistence containers Serverless|
|>|>|>|!|
|2020.09.03|//Anchore//|[[A Container Security Terminology Guide For Better Communication|https://anchore.com/blog/a-container-security-terminology-guide-for-better-communication/]] (1/2)|Containers Terminology|
|2020.09.08|//Anchore//|[[Part 2. A Container Security Terminology Guide For Better Communication|https://anchore.com/blog/part-2-a-container-security-terminology-guide-for-better-communication/]] (2/2)|Containers Terminology|
===
** Workloads: Protection (//Intezer//)+++^*[»]
|2020.09.10|!//Intezer//|[[Complementing Your CSPM with Runtime Cloud Workload Protection|https://www.intezer.com/blog/cloud-security/complementing-your-cspm-with-runtime-cloud-workload-protection/]]|CSPM Workloads|
===
** Tools: CloudBrute to Find a Company Cloud Infrastructure+++^*[»]
|2020.09.10|0xSha|![[Introducing CloudBrute, wild hunt on the clouds|https://0xsha.io/posts/introducing-cloudbrute-wild-hunt-on-the-clouds]] |Tools|
|2020.09.08|0xSha| → [[CloudBrute: Tool to find a company (target) infrastructure, files, and apps on the top cloud providers|https://github.com/0xsha/CloudBrute]]|Tools|
|2020.09.12|Cyberwar Zone| → [[Cloudbrute: find a company (target) cloud infrastructure|https://cyberwarzone.com/cloudbrute-find-a-company-target-cloud-infrastructure/]]|Tools|
|>|>|>|!|
|2020.09.13|KitPloit|[[DockerENT - The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks|https://www.kitploit.com/2020/09/dockerent-only-open-source-tool-to.html]]|Tools Docker|
||Rohit Sehgal| → [[Docker ENT|https://github.com/r0hi7/DockerENT]]|Tools Docker|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcasts: Identity & Cross Account Access Management in AWS+++^*[»]
|2020.09.13|Cloud Security Podcast|[[Identity & Cross Account Access Management in AWS - Cloud Security - Alexandre Sieira|https://anchor.fm/cloudsecuritypodcast/episodes/Identity--Cross-Account-Access-Management-in-AWS--CLOUD-SECURITY---Alexandre-Sieira-ejhvq7]]|Podcast AWS IAM|
===
** Watch: TL;DR Security #51 • The Cloud Security Reading List #54+++^*[»]
|2020.09.13|Marco Lancini|[[The Cloud Security Reading List #54|https://cloudseclist.com/issues/issue-54/]] |Weekly_Newsletter|
|2020.09.09|TL;DR Security|[[#51 - Continuous Cloud Monitoring, Web Browser for Hackers, How GitHub Threat Models|https://tldrsec.com/blog/tldr-sec-051/]] |Weekly_Newsletter|
===
* __Miscellaneous__
** Privacy Shield: //Nuageo//'s Viewpoint+++^*[»]
|2020.09.08|//Nuageo//[>img[iCSF/flag_fr.png]]|![[Le Privacy Shield est mort ! Vive le retour des DSI actives !|https://www.nuageo.fr/2020/07/le-privacy-shield-est-mort-vive-le-retour-des-dsi-actives/]] |Privacy_Shield|
===
** Essential Microsoft Azure Books+++^*[»]
|2020.09.08|Solutions Review|[[The Essential Microsoft Azure Books for Cloud Professionals|https://solutionsreview.com/cloud-platforms/the-essential-microsoft-azure-books-for-cloud-professionals/]] |Resources|
===
** Free Cloud Storage: What's the Catch?+++^*[»]
|2020.09.10|//Backblaze//|![[Free Cloud Storage: What's the Catch?|https://www.backblaze.com/blog/free-cloud-storage-whats-the-catch/]]|Storage|
===
** Myths of Cloud Encryption: Christophe Parisel's Viewpoint+++^*[»]
|2020.09.10|Christophe Parisel|![[Myths of Cloud encryption|https://www.linkedin.com/pulse/myths-cloud-encryption-christophe-parisel/]] |Encryption|
===
!!3 - Agenda
* ''8 / 25'' → CSA: ''[['SECtember Experience' Webinars|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
* ''23 / 24'' → BIRP: ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Link
|ssTablK6|k
|!⇒ [[CloudSecurityAlliance.fr/go/K9D/|https://CloudSecurityAlliance.fr/go/K9D/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 7 au 13 septembre 2020
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.09.13|
|2020.09.13|Marco Lancini|[[The Cloud Security Reading List #54|https://cloudseclist.com/issues/issue-54/]] |Weekly_Newsletter|
|2020.09.13|Cloud Security Podcast|[[Identity & Cross Account Access Management in AWS - Cloud Security - Alexandre Sieira|https://anchor.fm/cloudsecuritypodcast/episodes/Identity--Cross-Account-Access-Management-in-AWS--CLOUD-SECURITY---Alexandre-Sieira-ejhvq7]]|Podcast AWS IAM|
|2020.09.13|KitPloit|[[DockerENT - The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks|https://www.kitploit.com/2020/09/dockerent-only-open-source-tool-to.html]]|Tools Docker|
||Rohit Sehgal| → [[Docker ENT|https://github.com/r0hi7/DockerENT]]|Tools Docker|
|2020.09.13|//Prevasio//|[[A Router Honeypot for an IRC Bot|https://blog.prevasio.com/2020/09/a-router-honeypot-for-irc-bot_18.html]]|Docker AWS Credentials Attack Team_TNT|
|>|>|>|!2020.09.12|
|2020.09.12|Alex Smolen|[[Using AWS IoT for mutual TLS in a web application|https://medium.com/@alsmola/using-aws-iot-for-mutual-tls-in-a-web-application-5d379eb7a778]]|AWS IoT TLS|
|>|>|>|!2020.09.11|
|2020.09.11|Principauté de Monaco[>img[iCSF/flag_fr.png]]|![[Monaco dévoile son plan de relance ambitieux porté par le numérique|https://www.gouv.mc/Action-Gouvernementale/La-Securite/Actualites/Monaco-devoile-son-plan-de-relance-ambitieux-porte-par-le-numerique]] |Sovereignty Monaco AWS|
|2020.09.11|Bleeping Computer|[[Office 365 will let users view their quarantined phishing messages|https://www.bleepingcomputer.com/news/microsoft/office-365-will-let-users-view-their-quarantined-phishing-messages/]]|O365 Phihsing|
|2020.09.11|Hacking Articles|![[Docker for Pentester: Image Vulnerability Assessment|https://www.hackingarticles.in/docker-for-pentester-image-vulnerability-assessment/]] |Docker Assessment|
|2020.09.11|Dark Reading|[[Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time|https://www.darkreading.com/threat-intelligence/spear-phishers-leverage-office-365-ecosystem-to-validate-stolen-creds-in-real-time/d/d-id/1338892]]|Attacks O365|
|2020.09.11|//Aqua Security//|[[Threat Alert: Massive Cryptomining Campaign Abusing GitHub, Docker Hub, Travis CI & Circle CI|https://blog.aquasec.com/container-security-alert-campaign-abusing-github-dockerhub-travis-ci-circle-ci]]|Threat Cryptomining|
|2020.09.15|Help Net Security| → [[Attacks growing in both scope and sophistication, exposing gaps in the cloud native toolchain|https://www.helpnetsecurity.com/2020/09/15/attacks-on-cloud-native-infrastructure/]]|Threat Cryptomining|
|2020.09.15|Container Journal| → [[Aqua Security Surfaces Attacks on Container Platforms|https://containerjournal.com/topics/container-security/aqua-security-surfaces-attacks-on-container-platforms/]]|Threat Cryptomining|
|2020.09.11|//Catchpoint//|[[Evaluating Cloud Service Providers|https://blog.catchpoint.com/2020/09/11/evaluating-cloud-service-providers/]]|CSP Assessments|
|2020.09.11|//Cloudonaut//|[[Record AWS API calls to improve IAM Policies|https://cloudonaut.io/record-aws-api-calls-to-improve-iam-policies/]]|AWS APIs IAM|
|2020.09.11|//Amazon AWS//|[[Amazon S3 bucket owner condition helps to validate correct bucket ownership|https://aws.amazon.com/about-aws/whats-new/2020/09/amazon-s3-bucket-owner-condition-helps-validate-correct-bucket-ownership/]]|AWS Bucket Ownership|
|2020.09.11|//Google Cloud//|[[Lost in translation: encryption, key management, and real security|https://cloud.google.com/blog/products/identity-security/how-encryption-and-key-management-enable-real-security/]]|Encryption|
|2020.09.11|//Oracle Cloud//|[[Resiliency is the new currency|https://blogs.oracle.com/cloudsecurity/resiliency-is-the-new-currency]]|Resilience|
|2020.09.11|//Microsoft Azure//|[[How to Protect Office 365 with Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-protect-office-365-with-azure-sentinel/ba-p/1656939]]|Azure_Sentinel|
|2020.09.11|//Microsoft Azure//|[[Overview of the Azure Security Benchmark (V2)|https://docs.microsoft.com/en-us/azure/security/benchmarks/overview]]|Azure_Security Benchmark|
|>|>|>|!2020.09.10|
|2020.09.10|Christophe Parisel|![[Myths of Cloud encryption|https://www.linkedin.com/pulse/myths-cloud-encryption-christophe-parisel/]] |Encryption|
|2020.09.10|0xSha|![[Introducing CloudBrute, wild hunt on the clouds|https://0xsha.io/posts/introducing-cloudbrute-wild-hunt-on-the-clouds]] |Tools|
|2020.09.08|0xSha| → [[CloudBrute: Tool to find a company (target) infrastructure, files, and apps on the top cloud providers|https://github.com/0xsha/CloudBrute]]|Tools|
|2020.09.12|Cyberwar Zone| → [[Cloudbrute: find a company (target) cloud infrastructure|https://cyberwarzone.com/cloudbrute-find-a-company-target-cloud-infrastructure/]]|Tools|
|2020.09.10|CSO Online|[[10 common cloud security mistakes that put your data at risk|https://www.csoonline.com/article/3573267/10-common-cloud-security-mistakes-that-put-your-data-at-risk.html]]|Risks Bad_Practices|
|2020.09.10|DZone|[[5 Rules of Cloud Practices|https://dzone.com/articles/5-rules-of-cloud-practices]]|Best_Practices|
|2020.09.10|//XMCO//[>img[iCSF/flag_fr.png]]|[[Sécurité des environnements AWS - Partie 2|https://www.xmco.fr/actu-secu/XMCO-ActuSecu-54-AWS-DropTheMic.pdf]] (2/2) (pdf)|AWS|
|2020.09.10|!//Intezer//|[[Complementing Your CSPM with Runtime Cloud Workload Protection|https://www.intezer.com/blog/cloud-security/complementing-your-cspm-with-runtime-cloud-workload-protection/]]|CSPM Workloads|
|2020.09.10|//Microsoft//|![[STRONTIUM: Detecting new patterns in credential harvesting|https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/]] |O365 APT Threat_Actors|
|2020.09.11|//Threatpost//| → [[APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins|https://threatpost.com/apt28-theft-office365-logins/159195/]]|APT O365|
|2020.09.10|//Kaspersky//|[[An overview of targeted attacks and APTs on Linux|https://securelist.com/an-overview-of-targeted-attacks-and-apts-on-linux/98440/]]|Attacks APT|
|2020.09.10|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 9 - Impact|https://www.stackrox.com/post/2020/09/protecting-against-kubernetes-threats-chapter-9-impact/]] (9/9) |Kubernetes Treats|
|2020.09.10|//Palo Alto Networks//|[[The Challenge of Persistence in Containers and Serverless|https://unit42.paloaltonetworks.com/persistence-in-containers-and-serverless/]]|Persistence containers Serverless|
|2020.09.10|//Awake//|![[Threat Hunting to find Misconfigured Docker Exploitation|https://awakesecurity.com/blog/threat-hunting-to-find-misconfigured-docker-exploitation/]] |Docker Hunting|
|2020.09.10|//Iland//|[[Remember - Not All Workloads Are Created Equal|https://blog.iland.com/cloud/remember-not-all-workloads-are-created-equal/]]|DRP|
|2020.09.10|//Backblaze//|![[Free Cloud Storage: What's the Catch?|https://www.backblaze.com/blog/free-cloud-storage-whats-the-catch/]]|Storage|
|2020.09.10|//AvePoint//|[[Securing Collaboration: Office 365 Governance in an Always Online World|https://www.avepoint.com/blog/manage/office-365-compliant-governance/]]|O365 Compliance|
|2020.09.10|//SecurityScorecard//|[[SecurityScorecard Names Telehealth Biggest Healthcare Threat in New Report|https://www.prnewswire.com/news-releases/securityscorecard-names-telehealth-biggest-healthcare-threat-in-new-report-301127130.html]]|Report|
|2020.09.10|//SecurityScorecard//| → [[Listening to Patient Data Security: Healthcare Industry and Telehealth Cybersecurity Risks Report|https://securityscorecard.com/resources/healthcare-industry-telehealth-cybersecurity-risks-report]]|Report|
|2020.09.10|Dark Reading| → [[Cyber-Risks Explode With Move to Telehealth Services|https://www.darkreading.com/attacks-breaches/cyber-risks-explode-with-move-to-telehealth-services/d/d-id/1338890]]|Report|
|2020.09.10|//Sysdig//|[[Seven Kubernetes monitoring best practices every monitoring solution should enable|https://sysdig.com/blog/kubernetes-monitoring-best-practices/]]|K8s Best_Practices|
|2020.09.10|//CloudKnox//|[[CloudKnox Security Leads Newly Defined Cloud Infrastructure Entitlement Management (CIEM) Market with Unmatched Capabilities|https://cloudknox.io/news/leading-the-way-in-cloud-infrastructure-entitlement-management/]]|Products|
|2020.09.10|//Coalfire//|[[3rd Annual Penetration Risk Report Reveals Surprising Trends, Offers New Recommendations|https://www.prnewswire.com/news-releases/3rd-annual-penetration-risk-report-reveals-surprising-trends-offers-new-recommendations-301127326.html]]|Report|
|2020.09.10|//Amazon AWS//|[[AWS Single Sign-On adds account assignment APIs and AWS CloudFormation support to automate multi-account access management|https://aws.amazon.com/about-aws/whats-new/2020/09/aws-single-sign-on-adds-account-assignment-apis-and-aws-cloudformation-support-to-automate-multi-account-access-management/]]|AWS SSO|
|2020.09.10|//Goole Cloud//|[[New capabilities for Assured Workloads for Government|https://cloud.google.com/blog/products/identity-security/assured-workloads-for-government-is-now-ga]]|GCP Government|
|>|>|>|!2020.09.09|
|2020.09.09|TL;DR Security|[[#51 - Continuous Cloud Monitoring, Web Browser for Hackers, How GitHub Threat Models|https://tldrsec.com/blog/tldr-sec-051/]] |Weekly_Newsletter|
|2020.09.08|//Intezer//|![[TTPs Matrix for Linux Cloud Servers with Detection Methods|https://www.intezer.com/blog/cloud-security/ttps-matrix-for-linux-cloud-servers-with-detection-methods/]]|TTPs Linux Detection|
|2020.09.08|//Intezer//| → [[TTPs matrix for Linux cloud servers|https://www.intezer.com/resource/ttps-matrix-for-linux-cloud-servers-with-detection-methods/]]|TTPs Linux Detection|
|2020.09.09|//Threatpost//|[[TeamTNT Gains Full Remote Takeover of Cloud Instances|https://threatpost.com/teamtnt-remote-takeover-cloud-instances/159075/]]|Docker AWS Credentials Attack Team_TNT|
|2020.09.10|Thomas Maurer| → [[How to configure Azure Automatic VM guest OS patching|https://www.thomasmaurer.ch/2020/09/how-to-azure-automatic-vm-guest-os-patching/]]|Azure Patch_Management|
|2020.09.09|//SonaType//|[[Nexus as a Container Registry|https://blog.sonatype.com/nexus-as-a-container-registry]]|Products|
|2020.09.09|//Amazon AWS//|[[Amazon EKS now supports assigning EC2 security groups to Kubernetes pods|https://aws.amazon.com/about-aws/whats-new/2020/09/amazon-eks-supports-assigning-ec2-security-groups-kubernetes-pods/]]|AWS EKS IAM|
|2020.09.09|//Amazon AWS//|[[How to configure an LDAPS endpoint for Simple AD|https://aws.amazon.com/blogs/security/how-to-configure-ldaps-endpoint-for-simple-ad/]]|AWS LDAP|
|2020.09.09|//Microsoft Azure//|[[Automatic VM guest patching is now in public preview|https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/]]|Azure Patch_Management|
|2020.09.10|Silicon[>img[iCSF/flag_fr.png]]| → [[Microsoft expérimente les patchs automatisés sur les VM Azure|https://www.silicon.fr/microsoft-patchs-automatises-vm-azure-346555.html]]|Azure Patch_Management|
|2020.09.09|//Oracle Cloud//|[[Quick Tip #3 - Understanding Oracle Identity Cloud Service Licensing|https://blogs.oracle.com/cloudsecurity/quick-tip-3-oracle-identity-cloud-service-licensing]]|Oracle Identity|
|2020.09.09|//Google GCP//|[[How Google delivers Defense in Depth?|https://medium.com/google-cloud/how-google-delivers-defense-in-depth-959b97ca782c]]|Comics Defense_in_Depth|
|>|>|>|!2020.09.08|
|2020.09.08|Solutions Review|[[The Essential Microsoft Azure Books for Cloud Professionals|https://solutionsreview.com/cloud-platforms/the-essential-microsoft-azure-books-for-cloud-professionals/]] |Resources|
|2020.09.08|Rick Blaisdell|[[How to harness cloud computing security opportunities in 2020?|https://rickscloud.com/how-to-harness-cloud-computing-security-opportunities-in-2020/]]|Misc|
|2020.09.08|Rick Blaisdell|[[Cloud Migration Risks and Benefits|https://rickscloud.com/cloud-migration-risks-and-benefits/]]|Migration Risks|
|2020.09.08|Hakin9|[[Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS|https://hakin9.org/autovpn-create-on-demand-disposable-openvpn-endpoints-on-aws/]]|AWS AutoVPN|
|2020.09.08|Container Journal|[[5 Methods for Kubernetes Application Access Control|https://containerjournal.com/topics/container-management/5-methods-for-kubernetes-application-access-control/]]|K8s Access_Controls|
|2020.09.08|Ashish Kurmi|[[S3Insights: Derive insights about your S3 environment at scale|https://medium.com/@kurmiashish/s3insights-58f24046cde3]]|AWS Storage|
|2020.09.08|//Nuageo//[>img[iCSF/flag_fr.png]]|![[Le Privacy Shield est mort ! Vive le retour des DSI actives !|https://www.nuageo.fr/2020/07/le-privacy-shield-est-mort-vive-le-retour-des-dsi-actives/]] |Privacy_Shield|
|2020.09.08|//Intezer//|![[Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks|https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/]]|Attacks Abuse|
|2020.09.08|Bleeping Computer| → [[Hackers use legit tool to take over Docker, Kubernetes platforms|https://www.bleepingcomputer.com/news/security/hackers-use-legit-tool-to-take-over-docker-kubernetes-platforms/]]|Attacks Docker Kubernetes|
|2020.09.08|Security Week| → [[Researchers Spot First Cloud Attack Abusing Legitimate Tool|https://www.securityweek.com/researchers-spot-first-cloud-attack-abusing-legitimate-tool]]|Attacks Abuse|
|2020.09.08|//Weaveworks//| → [[Preventing malicious use of Weave Scope|https://www.weave.works/blog/preventing-malicious-use-of-weave-scope]]|Attacks Abuse|
|2020.09.08|//Stackrox//|[[Guide to Kubernetes Security Context and Security Policies|https://www.stackrox.com/post/2020/09/guide-to-kubernetes-security-context-and-security-policies/]]|K8s Policies|
|2020.09.08|//Fugue//|![[Building a Secure Amazon S3 Bucket (AWS)|https://www.fugue.co/blog/building-a-secure-amazon-s3-bucket-aws]] |AWS_S3|
|2020.09.08|//Fugue//| → Webcast [[Cloud Security Masterclass: Building a Highly Secure S3 Bucket|https://cta-redirect.hubspot.com/cta/redirect/4846674/9864918b-8d5a-4e09-b68a-e50160ca40c0]]|AWS_S3|
|2020.09.08|//Microsoft Azure//|[[Accelerate your adoption of SIEM using Azure Sentinel and a new offer from Microsoft|https://www.microsoft.com/security/blog/2020/09/08/accelerate-adoption-siem-azure-sentinel-offer-microsoft/]]|Products Azure_Sentinel SIEM|
|2020.09.08|//Microsoft Azure//|[[What's new: Azure DDoS Protection connector in Public Preview for Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-azure-ddos-protection-connector-in-public-preview-for/ba-p/1646681]]|Azure DDoS|
|2020.09.08|//Google Cloud//|[[Expanding Google Cloud's Confidential Computing portfolio|https://cloud.google.com/blog/products/identity-security/expanding-google-clouds-confidential-computing-portfolio]]|GCP GKE Confidential_Computing|
|2020.09.08|Silicon Angle| → [[Google expands Confidential Computing to Kubernetes workloads|https://siliconangle.com/2020/09/08/google-expands-confidential-computing-kubernetes-workloads/]]|GCP GKE Confidential_Computing|
|2020.09.08|Container Journal| → [[Google Brings Confidential Computing to GKE Service|https://containerjournal.com/topics/container-security/google-brings-confidential-computing-to-gke-service/]]|GCP GKE Confidential_Computing|
|2020.09.08|Security Week| → [[Google Announces Confidential GKE Nodes, General Availability of Confidential VMs|https://www.securityweek.com/google-announces-confidential-gke-nodes-general-availability-confidential-vms]]|GCP GKE Confidential_Computing|
|2020.09.08|//One Cloud Please//|[[Security September: Escaping CodeBuild - The compromise that wasn't|https://onecloudplease.com/blog/security-september-escaping-codebuild]] (2/5)|AWS Exploits|
|2020.09.08|//Anchore//|[[Part 2. A Container Security Terminology Guide For Better Communication|https://anchore.com/blog/part-2-a-container-security-terminology-guide-for-better-communication/]] (2/2)|Containers Terminology|
|2020.09.08|//Google Cloud//|[[Google Cloud API Gateway is now available in public beta|https://cloud.google.com/blog/products/serverless/google-cloud-api-gateway-is-now-available-in-public-beta]]|GCP APIs|
|2020.09.08|//Google Cloud//|[[Designing Secure Data Pipelines with VPC Service Controls|https://medium.com/google-cloud/designing-secure-data-pipelines-with-vpc-service-controls-e3b4502307df]]|GCP|
|2020.09.08|//Aqua Security//|[[Protecting Cloud VMs for Full-Stack Cloud Native Security|https://blog.aquasec.com/cloud-workload-protection-cwpp-vm-security]]|Protection VMs|
|2020.09.08|//Oracle Cloud//|[[The Expanding Role of Identity in the Enterprise|https://blogs.oracle.com/cloudsecurity/the-expanding-role-of-identity-in-the-enterprise]]|Identity|
|2020.09.08|//Armorblox//|[[What Is Cloud Office Security (And Why Do We Need It)?|https://www.armorblox.com/blog/what-is-cloud-office-security-and-why-do-we-need-it]]|Misc|
|2020.09.08|//CloudPassage//|[[DevOps Security Automation: AWS Cloud Security Report 2020 for DevSecOps|https://www.cloudpassage.com/blog/aws-cloud-security-report-2020-for-management-managing-the-rapid-shift-to-cloud/]]|Report|
|2020.09.08|//CloudPassage//| → [[Rapport|http://go.cloudpassage.com/ZX00005PB0000000I301QFV]] et [[infographie|https://www.cloudpassage.com/lp/devsecops-adoption-processes/]]|Report|
|>|>|>|!2020.09.07|
|2020.09.07|LockBoxx|![[Exploring Cloud Trust Relationships: AWS|https://lockboxx.blogspot.com/2020/09/exploring-cloud-trust-relationships-aws.html]] |AWS Trust|
|2020.09.07|//Mnemonic//|[[Abusing dynamic groups in Azure AD for privilege escalation|https://www.mnemonic.no/blog/abusing-dynamic-groups-in-azure/]]|Azure Privilege_Escalation|
|2020.09.01|//Gartner//|G00441742: [[Gartner Magic Quadrant for Cloud Infrastructure and Platform Services|https://www.gartner.com/en/documents/3989743/magic-quadrant-for-cloud-infrastructure-and-platform-ser]]|Gartner IaaS PaaS|
|2020.09.08|//Cloud Management Insider//| → [[AWS Top-Placed, GCP, Azure Emerge as Leaders; Gartner Cloud Report Explained|https://www.cloudmanagementinsider.com/aws-top-placed-gcp-azure-emerge-as-leaders-gartner-cloud-report-explained/]]|Gartner IaaS PaaS|
|2020.09.08|//Google Cloud//| → [[Google a leader in Gartner Magic Quadrant for Cloud Infrastructure and Platform Services|https://cloud.google.com/blog/products/gcp/google-a-leader-in-gartner-cips-mq]]|Gartner IaaS PaaS|
|2020.09.11|Silicon[img[iCSF/flag_fr.png]]| → [[Gartner adoube le "cloud distribué" dans son Magic Quadrant IaaS/PaaS|https://www.silicon.fr/gartner-cloud-distribue-magic-quadrant-iaas-paas-346388.html]]|Gartner IaaS PaaS|
|2020.09.11|Solutions Review| → [[The 3 Major Players in Cloud Infrastructure and Platform Services, 2020|https://solutionsreview.com/cloud-platforms/the-3-major-players-in-cloud-infrastructure-and-platform-services-2020/]]|Gartner IaaS PaaS|
<<tiddler [[arOund0C]]>>
!"//Boardroom Excellence: Quantum Risk Management//"
Article publié le 8 septembre 2020 — Rédigé par Maëva Ghonda+++^*[»] LinkedIn → [[maevaghonda|https://twitter.com/maevaghonda]] • Twitter → [[maevaghonda|https://twitter.com/maevaghonda]] === , Co-Chair, CSA Blockchain and Distributed Ledger Technology Working Group
<<<
[>img(500px,auto)[iCSA/K98B1.png]][>img(150px,auto)[iCSA/K92BG.png]]//Boards only spend 9% of their time on risks+++^*[»]
* Gius, D; Mieszala, J; Panayiotou, E. and Poppensieker, T. 2018. Value and Resilience Through Better Risk Management. McKinsey on Risk Number 6. McKinsey & Company.
** https://www.mckinsey.com/business-functions/risk/our-insights/value-and-resilience-through-better-risk-management
=== . Strategy and Performance Management still dominate the topics discussed at board meetings, 27% and 20% respectively.+++^*[»]
* Hirt, M.; Lund, F.; and Spielmann, N. 2018. A Time for Boards to Act. McKinsey & Company.
** https://www.mckinsey.com/business-functions/strategy-and-corporate-finance/our-insights/a-time-for-boards-to-act
=== . Given the exponential increase of attack surfaces due to widespread remote work, i.e. work from home, coupled with the alarming regularity of cyber-attacks, it is pertinent that boards spend more time on risk management+++^*[»]
* Amjad, A.; Nicholson, M; Douglas, A; Stevenson, C. 2016. New Perspectives on How Cyber Risk Can Power Performance. Deloitte Touche Tohmatsu Limited.
** https://www2.deloitte.com/content/dam/Deloitte/au/Documents/risk/deloitte-au-risk-new-perspectives-cyberrisk-151216.pdf
=== .
Of increasing concern is the general lack of Quantum risk awareness among board members. Essentially, Quantum computers are a threat to our digital ecosystems - i.e. mobile phones, internet, social media, etc. - because they can potentially crack any classical encryption+++^*[»]
* Vermeer, M. and Peet, E. 2020. Securing Communications in the Quantum Computing Age. Managing the Risks to Encryption. RAND Corporation.
** https://www.rand.org/pubs/research_reports/RR3102.html
=== . And, a quantum algorithm with that capability already exists, i.e. Shor's algorithm+++^*[»]
* Ménard, A.; Ostojic, I.; Patel, M.; and Volz, D.2020. A game plan for quantum computing. McKinsey Quarterly.
** https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/a-game-plan-for-quantum-computing
=== . Quantum computers will continue to arise at unpredictable speeds and conceivably cause astonishing impact to all organizations+++^*[»] "A game plan for quantum computing" McKinsey Quarterly === . Yet, Quantum Risk Management is not a standard topic discussed at board meetings.
A Quantum-aware board of directors must become the new standard. All leaders should have an understanding of how this technology works+++^*[»] "A game plan for quantum computing" McKinsey Quarterly === . For boardroom excellence, the board of directors of all enterprises should verify now that a well-defined Quantum Risk Management Plan is in place to help ensure that the organizations they oversee are Quantum resilient.//
<<<
__Liens :__
* Article sur le blog de la CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k98b/|https://CloudSecurityAlliance.fr/go/k98b/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/09/08/boardroom-excellence-quantum-risk-management/
!"//Understanding the Complexities of Securing a Remote Workforce//"
Article publié le 9 septembre 2020 — Rédigé par Sean Gray, Sr. Director InfoSec, Paypal et Co-Chair of the CSA Financial Services Working Group
<<<
[>img(150px,auto)[iCSA/K99BU.jpg]]We have all witnessed sudden and stunning changes in how companies - big and small - operate in response to the challenges necessitated by COVID-19. Many have pivoted successfully, however there are companies and industries that are struggling to adapt quickly to an increasingly contact-less society. The business challenges are many and complex, but one of particular interest is how an employee workforce can be managed and businesses kept secure in this new paradigm.
With offices and shops closing their doors to customers and adopting a heavy focus on online interaction, those same closed doors have created a workforce that is quite suddenly "working from home". It would be too simplistic for leaders to say, "We've got a Corporate VPN service, so we're all set" the situation is far more complex and calls for much deeper analysis and decision making.
Most companies have already spent time and effort adapting to this new world - and did so with limited advance notice and limited knowledge on how long it would last. With several months of experience in this new paradigm and understanding that in many cases it won't be short-term, a review of lessons learned and re-evaluation of long-term solutions with technology leaders is important. What worked, what didn't work, and perhaps reframe the problem and solutions if needed.
To set expectations, the intention is not to lay out a step-by-step approach for securing a remote workforce. Each business is unique - even within the same industry - and an attempt to do something so all-encompassing would not appropriately address the question nor solve the problem for any specific business. The goal of this writing is to help provide a strategy for understanding and articulating the problem for security leaders: what are the considerations that should be taken into account, how can technology help (or introduce additional challenges), and what role does Public Cloud play?
!!While developing or evolving a strategy for remote work, there are two fundamental priorities that I believe should drive the strategy:
* Ensuring a safe, secure and productive work environment for employees.
* Maintaining the security, availability, and continuity of services for customers.
As with any problem, the first step to solving it is understanding it. Since we're discussing a workforce that is now working from home (WFH), clearly categorizing the types of work being done and the risks associated with each is a good place to start. Each category is defined by a combination of factors: level of technical sophistication in tooling and sensitivity of the data and resources required to perform the job function. I chose these two factors because they speak to how easily the employees can manage and access the technology required for remote work and also address how difficult or risky it is to expose those technologies.
!!!1. Technical Staff (e.g. developers, engineers, system and network administrators)
This group is least likely to be significantly impacted by the new WFH situation. In my experience, they already use VPNs, bastion/jump hosts, local and remote tools, and due to their job function are set up with such tools in a secure manner. While this demographic regularly accesses sensitive systems, the surrounding controls and mechanisms to support secure remote access are usually in place and that access typically does not include direct access to sensitive customer data.
Worth mentioning specifically here is Technical Support Staff (i.e. Corporate IT Support). One of the results of supporting a remote workforce with varying levels of technical experience or who is using older tooling is that the IT teams see a significant increase in support requests - "my VPN isn't connecting", "I can't see my file share", "how do I enroll in MFA". This creates a situation where these personnel are seeing their own work methods changes at the same time as a potentially huge spike in amount of work. While not specifically a security issue, it is one that businesses would do well to understand and get ahead of.
!!!2. Business Management Personnel (e.g. finance, sales, marketing, HR)
Frequently the tools used by these groups are more "corporate LAN" focused: network files hares, spreadsheets, etc. with some SaaS elements thrown in (e.g. WorkDay, ADP) and while the data they interact with can be sensitive and confidential, it is typically NOT sensitive customer data.
!!!3. Customer Support Operations Staff
Properly managing customer support teams is where the remote work problem becomes really interesting. This group needs to interact with customer data of varying sensitivity levels on a DAILY BASIS. Call centers, as a result, have a significant number of physical security controls built in to prevent data exfiltration, internal fraud, etc., however these controls don't easily transfer to a remote work environment.
!!!4. Fraud & Risk Operations Personnel
Depending on how your business operates - and what your regulatory obligations are - this group of employees presents the most interesting challenge. The technical sophistication of their tooling can vary greatly, however employees in fraud and risk organizations are usually the ones who require access to the most sensitive datasets to perform their jobs.
The next step in analyzing the problem is to focus on the company technology: what is the current level of technical capability and how many critical services need to be modified for remote accessibility. How "SaaS" are you? Are your critical services and tools hosted primarily in data centers? Or are you leveraging public-cloud infrastructure and/or SaaS products and tools? The answer to these questions will have a substantial impact on both how easy it is to adopt fully remote work, and how risky that adoption will be to the business.
[>img(200px,auto)[iCSA/K99BV.png]]
If your business strategy for technology has been focused on data center hosting, the leap to remote work is more challenging. The network and systems teams will need to figure out how best to expose tooling to the employees - and there are numerous risks associated with this process. Do your internal applications have role-based authentication baked in? Multi-factor authentication? Logging of activity performed by the users of the platform? Have you performed vulnerability assessments, static or dynamic code testing, or penetration testing of the apps? Are these apps communicating via secure channels (e.g. HTTPS/SSL/TLS)? Are you running scans against public-facing infrastructure to discover rogue assets or ports open on the hosts/services? All of these questions and many more come into play during the transition to working remotely, and each one carries a level of risk if the answer is 'no'.
''An inevitable question is: "How does Public Cloud matter here?" And the answer is that it can matter A LOT. Potentially it comes into play as both an enabling technology AND a vector for additional risk.''
The beauty of public cloud (whether it's IaaS, PaaS, or SaaS) is that it enables companies to quickly establish and manage capabilities - either for customers or employees. Additionally, most of the big Cloud Service Providers (CSPs) have invested heavily in building native services to solve a myriad of the problems mentioned earlier in this post. Identity and Access Management, Logging and Alerting, defensive capabilities such as ACLs, and web application firewalls are well-defined and for the most part easily deployed by the users.
SaaS-based service are everywhere and relatively easy to adopt and use. Whether they are tools for Customer Relationship Management (CRM), Teleconferencing, Collaboration, monitoring and alerting, or any other of the myriad services available in a SaaS model - the providers have put a lot of time and money into building ready-to-use services that make life substantially easier - which is great! The drawback is that sometimes you do not have line of sight into the security controls that may or may not exist to protect them.
For example, what type of data is captured in these services? Where is the data stored? How is that data protected? Is it encrypted in transit? How do you manage or control access to these tools and the data they contain? All of these key questions - and more - need to be asked and answered during adoption and deployment of these services.
!!Technology Used to Enable Remote Access
One last important question is specifically around the technology used to enable remote access itself– whether it's an enterprise VPN service, a virtual desktop (VDI) tool, or you've built a mature zero-trust capability. The earlier question about whether your technology platforms are housed in data centers or in public cloud matters a lot.
!!!If you're hosted in data centers, how are you thinking about this problem?
If you have a Corporate VPN deployed, can it scale quickly to support the higher number of concurrent users? Does it have built-in security capabilities needed to protect all of these new access patterns and tools, such as web/URL filtering, data loss prevention (DLP), packet inspection, malware detection, etc.? Same questions apply to VDI deployments: can they scale sufficiently, and are they defended appropriately? And if none of these capabilities already exist for your users, properly designing and deploying them is a massive undertaking (possible side benefit: it does present the opportunity to "do it right" from a security standpoint!).
!!!If your business is already leveraging public cloud heavily, part of the problem becomes easier.
Remember those native capabilities I mentioned earlier that the CSPs built? Services like VDI are already in place and ready to deploy and scale quickly. Same with VPN, and other services to support a remote workforce. However, as we've seen all too often in the news, public cloud services are only as secure as you make them. A phrase I've heard before and rings true is "Public Cloud providers give you all the rope you need". The technological capabilities - and security controls to protect them - are usually well-defined and well-built. But they rely on the user to follow appropriate steps to actually do the right things and put those defensive capabilities in place!
!!!What does all of this mean, and how does your company identify and manage these risks?
While there are a huge number of considerations and risks to be evaluated, quantified, accepted, denied, and so on, - start by breaking the problem down into the four main areas discussed above:
# Clearly define your priorities.
# Identify the types of employees you are solving for, using simple and logical criteria (I chose sophistication of tooling and data access needs, this may not be the right fit for your business).
# Understand the specific technologies and tools used by these groups and where they live - e.g. in data centers, on public cloud, SaaS.
# Look for opportunities to leverage native cloud-based tooling where possible, and take the time to understand how those tools are managed and secured well ahead of adoption.
As I mentioned earlier, this is not meant to be a "how to" guide. Every business is different, and the challenges associated with remote work manifest in many different ways. But every problem has a solution! Take the time to assess and understand the scope of the challenge. Break it up into digestible chunks. Tackle each area, and keep in mind that a "one size fits all" approach may not be feasible and multiple solutions may have to come together in the larger scenario in order for your business to effectively and securely manage a remote workforce.
<<<
__Liens :__
* Article sur le blog de la CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k99c/|https://CloudSecurityAlliance.fr/go/k99c/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/09/09/understanding-the-complexities-of-securing-a-remote-workforce/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #80|2020.09.06 - Newsletter Hebdomadaire #80]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #80|2020.09.06 - Weekly Newsletter - #80]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.09.06 - Newsletter Hebdomadaire #80]]>> |<<tiddler [[2020.09.06 - Weekly Newsletter - #80]]>> |
|>| La dernière Newsletter publiée est datée du ''<<tiddler [[LatestWeeklyFR]]>>'' et est accessible+++*[ici • Here] <<tiddler [[Dernière Newsletter]]>> ===is where you can read the latest published Newsletter |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 31 août au 6 septembre 2020
!!1 - Informations CSA - 31 août au 6 septembre 2020
* Blog Chapitre Français
** Premier Bilan 2020 et perspectives pour le Chapitre Français+++^*[»] <<tiddler [[2020.09.05 - Blog : Bilan et perspectives pour le Chapitre Français]]>>===
** Hype Cycle 'Sécurité du Cloud' du Gartner (juillet 2020)+++^*[»] <<tiddler [[2020.09.04 - Blog : Hype Cycle 'Sécurité du Cloud' du Gartner (juillet 2020)]]>>===
* Blog CSA
** Prêt au saut quantique ?+++^*[»] <<tiddler [[2020.09.02 - Blog : Prêt au saut quantique ?]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 120 liens|2020.09.06 - Veille Hebdomadaire - 6 septembre]])
* __''À lire''__
** ''Cloud Security: A Primer for Policymakers'' par le think tank Carnegie Endowment for Internatinal Peace+++^*[»]
|2020.08.31|Carnegie Endowment for Internatinal Peace|[[Cloud Security: A Primer for Policymakers|https://carnegieendowment.org/publications/82597]] ([[pdf|https://carnegieendowment.org/files/Maurer_Hinck_Cloud_Security-V3.pdf]]) |Policy_Makers Risks|
|2020.08.31|CSO Online| → [[Cloud technology great for security but poses systemic risks, according to new report|https://www.csoonline.com/article/3573371/cloud-technology-great-for-security-but-poses-systemic-risks-according-to-new-report.html]]|Policy_Makers Risks|
===
** ''SaaS Continuity Control Certification Framework''+++^*[»]
|2020.09.01|Continuity Central|[['Clearing the Cloudiness of SaaS: A SaaS Continuity Control Certification Framework'|https://www.continuitycentral.com/index.php/news/technology/5457-clearing-the-cloudiness-of-saas-a-saas-continuity-control-certification-framework]]|SaaS Continuity Framework|
|2020.08.04|Utrecht University| → Thèse [['Clearing the Cloudiness of SaaS: A SaaS Continuity Control Certification Framework'|https://dspace.library.uu.nl/bitstream/handle/1874/398735/Thesis_Final.pdf]]|SaaS Continuity Framework|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : Nouvelle analyse du cryptomineur 'Team TNT' • Cycle de vie d'un serveur (Cloud) compromis • Phishing O365 • Sauvé par le Cloud du rançongiciel Maze ?+++^*[»]
|2020.08.31|Container Journal|[[Latest Docker Container Attack Highlights Remote Networking Flaws|https://containerjournal.com/topics/container-security/latest-docker-container-attack-highlights-remote-networking-flaws/]]|Docker AWS Credentials Attack Team_TNT|
TeamTNT Gains Full Remote Takeover of Cloud Instances|2020.08.17|//Cado Security//| → [[Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials|https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/]] |Docker AWS Credentials Attack Team_TNT|
|2020.08.22|//Prevasio//| → [[Kinsing Punk: An Epic Escape From Docker Containers|https://blog.prevasio.com/2020/08/kinsing-punk-epic-escape-from-docker.html]]|Docker AWS Credentials Attack Team_TNT|
|>|>|>|!|
|2020.09.01|//Trend Micro//|![[The Life Cycle of a Compromised (Cloud) Server|https://blog.trendmicro.com/the-lifecycle-of-a-compromised-cloud-server/]] |Compromise|
|2020.09.04|//Cyren//|[[Anatomy of a Phishing Attack: Stolen Microsoft 365 Credentials|https://www.cyren.com/blog/articles/anatomy-of-a-phishing-attack-stolen-microsoft-365-credentials]]|Phishing M365|
|2020.08.31|Le MagIT[>img[iCSF/flag_fr.png]]|![[Expanscience, sauvé de Maze par le cloud ?|https://www.lemagit.fr/actualites/252488355/Expanscience-sauve-de-Maze-par-le-Cloud]] |Ransomware Resilience|
===
** Fuites de données : Encore une base de données exposée+++^*[»]
|2020.09.04|Silicon Angle|[[38M records linked to marketing company working with media found online|https://siliconangle.com/2020/09/03/38m-records-linked-marketing-company-working-media-found-online/]]|Data_Leak Misconfiguration|
|2020.09.04|CISO MAg| → [[Massive Data Breach! View Media's Unsecured Database Exposes 38 Mn User Records|https://cisomag.eccouncil.org/view-media-unsecured-database/]]|Data_Leak Misconfiguration|
===
** Menaces : Ciblage des comptes de services • et sur le SaaS+++^*[»]
|2020.09.02|Jason Alvarez|[[Service accounts are the reason you're hacked|https://0xbanana.com/blog/service-accounts-are-the-reason-you-re-hacked/]]|Attacks Service_Accounts|
|2020.08.31|SecurityWeek|[[It's Not Just an Unusual Login: Why Pay Attention to Threats Facing SaaS and Cloud?|https://www.securityweek.com/its-not-just-unusual-login-why-pay-attention-threats-facing-saas-and-cloud]]|Threats|
===
** Vulnérabilités : Escalade de privilèges avec AWS EKS • Bug d'API GCP+++^*[»]
|2020.08.31|Christophe Tafani-Dereeper|[[Privilege Escalation in AWS Elastic Kubernetes Service (EKS) by compromising the instance role of worker nodes|https://blog.christophetd.fr/privilege-escalation-in-aws-elastic-kubernetes-service-eks-by-compromising-the-instance-role-of-worker-nodes/]]|AWS EKS Flaw|
|2020.09.03|The Daily Swig|[[Google Cloud API bug leaks private project information|https://portswigger.net/daily-swig/google-cloud-api-bug-leaks-private-project-information]]|GCP API Flaw|
|2020.08.26|Ezequiel Pereira| → [[Auth bypass: Leaking Google Cloud service accounts and projects|https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html]]|GCP Flaw|
===
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : pour AWS (//Amazon//) • pour les workloads (//Illumio//) • pour Office 365 (//CipherCloud//)+++^*[»]
|2020.09.04|//Amazon AWS//|[[Introducing the AWS Best Practices for Security, Identity, & Compliance Webpage and Customer Polling Feature|https://aws.amazon.com/blogs/security/introducing-aws-best-practices-security-identity-compliance-webpage-and-customer-polling-feature/]]|AWS best_Practices|
|2020.09.01|Thomas Maurer|[[Azure Architecture Best Practices Virtual Event - October 20|https://www.thomasmaurer.ch/2020/09/azure-architecture-best-practices-virtual-event-october-20/]]|Azure Best_Practices|
|2020.09.03|//Centilytics//|[[Cloud Security Done Right: Three Critical Moves You Need To Know|https://blogs.centilytics.com/cloud-security-done-right-three-critical-moves-you-need-to-know/]]|Best_Practices|
|2020.09.01|//CipherCloud//|[[Diving Deeper: 4 Best Practices for Securing Enterprise Data in Office 365 (O365)|https://www.ciphercloud.com/diving-deeper-4-best-practices-for-securing-enterprise-data-in-office-365-o365/]]|O365 Best_Practices|
|2020.09.04|//XM Cyber//|[[An effective cloud security posture begins with these three steps|https://www.xmcyber.com/an-effective-cloud-security-posture-begins-with-these-three-steps/]]|CSPM Best_Practices|
|2020.09.04|//Illumio//|[[Best practices for workload segmentation: lean and streamlined, or heavy and complex?|https://www.illumio.com/blog/segmentation-approaches]]|Workloads|
===
* __Rapports, Sondages, Études, Publications__
** Rapports : 'Global DevSecOps Insights Report 2020' (//Cap Gemini//) • '//2020 Insider Threat Report//' (//Bitglass//)+++^*[»]
|2020.09.01|//Cap Gemini//|[[Global DevSecOps Insights Report 2020|https://www.capgemini.com/gb-en/resources/the-state-of-devsecops-2020/]] ([[pdf|https://www.capgemini.com/gb-en/wp-content/uploads/sites/3/2020/08/DevSecOps-Report.pdf]])|Report|
|2020.09.02|//Bitglass//|[[Bitglass 2020 Insider Threat Report: 61% of Companies Have Experienced an Insider Attack over the Last Year|https://vmblog.com/archive/2020/09/02/bitglass-2020-insider-threat-report-61-of-companies-have-experienced-an-insider-attack-over-the-last-year.aspx]]|Report|
|2020.09.03|CISO MAG| → [[Threat to Privacy! 61% of Organizations Suffered an Insider Attack Last Year|https://cisomag.eccouncil.org/insider-attacks/]]|Report|
===
** Études : '//Hype Cycle for Cloud Security//' (//Gartner// via //Fortanix//) • '//2020 Magic Quadrant for Cloud Infrastructure and Platform Services//' (//Gartner//)+++^*[»]
|2020.09.02|//Fortanix//|[[Multicloud Data Security Trends Noted in Gartner Hype Cycle for Cloud Security, 2020|https://vmblog.com/archive/2020/09/02/multicloud-data-security-trends-noted-in-gartner-hype-cycle-for-cloud-security-2020.aspx]]|Gartner|
|2020.09.02|//Gartner//| → [[G00448013 - Hype Cycle for Cloud Security, 2020|https://resources.fortanix.com/gartner-hype-cycle-for-cloud-data-security-2020]]|Gartner Hype_Cycle|
|>|>|>|!|
|2020.09.01|Gartner|[[G00441742 - 2020 Magic Quadrant for Cloud Infrastructure and Platform Services|https://pages.awscloud.com/GLOBAL-multi-DL-gartner-mq-cips-2020-learn.html]] (après inscription) /% https://www.gartner.com/doc/reprints?id=1-242R58F3&ct=200902&st=sb %/ |Gartner|
|2020.09.01|//Silicon Angle//| → [[AWS keeps 'commanding' lead in latest Gartner cloud report|https://siliconangle.com/2020/09/04/aws-keeps-commanding-lead-latest-gartner-cloud-report/]]|Gartner|
===
* __Cloud Services Providers, Outils__
** AWS : Annonce de ''Bottlerocket'', le nouvel système Linux en Open Source et taillé pour le cloud (//Amazon//) • Analyse de GuardDuty (//Forgenix//) • Vulnérabilités courantes lors des tests d'intrusion (//Cobalt//)+++^*[»]
|2020.08.31|//Amazon AWS//|[[Announcing the General Availability of Bottlerocket, a new open source Linux-based operating system purpose-built to run containers|https://aws.amazon.com/about-aws/whats-new/2020/08/announcing-general-availability-of-bottlerocket/]]|AWS Bottlerocket|
|2020.08.31|//Amazon AWS//| → [[Announcing the General Availability of Bottlerocket, an open source Linux distribution built to run containers|https://aws.amazon.com/blogs/opensource/announcing-the-general-availability-of-bottlerocket-an-open-source-linux-distribution-purpose-built-to-run-containers/]]|AWS Bottlerocket|
|2020.08.31|//Amazon AWS//| → [[Bottlerocket|https://github.com/bottlerocket-os]]|AWS Bottlerocket|
|2020.08.31|//Amazon AWS//| → [[AWS launches its Bottlerocket container operating system into general availability|https://siliconangle.com/2020/08/31/aws-launches-bottlerocket-container-operating-system-general-availability/]]|AWS Bottlerocket|
|2020.08.31|//Sysdig//| → [[Secure and monitor your containers on Bottlerocket from AWS|https://sysdig.com/blog/secure-monitor-aws-bottlerocket/]]|AWS Bottlerocket|
|2020.08.31|//NeuVector//| → [[NeuVector Announces Container Security Integration with Bottlerocket, Open Source Operating System Built by AWS for Container Deployments|https://neuvector.com/article/aws-bottlerocket/]]|AWS Bottlerocket|
|2020.09.01|Container Journal| → [[AWS Fires Bottlerocket Linux for Container Apps|https://containerjournal.com/topics/container-ecosystems/aws-fires-bottlerocket-linux-for-container-apps/]]|AWS Bottlerocket|
|>|>|>|!|
|2020.08.31|//Forgenix//|![[Amazon GuardDuty Security Review|https://d1.awsstatic.com/certifications/foregenix_amazon_guardduty_security_review_07-2020.pdf]] |Report AWS_GuardDuty|
|2020.08.31|//Amazon AWS//|[[Amazon CloudFront announces real-time logs|https://aws.amazon.com/about-aws/whats-new/2020/08/cloudfront-realtimelogs/]]|AWS_CloudFront Logging|
|2020.08.31|//Amazon AWS//| → [[New third-party test compares Amazon GuardDuty to network intrusion detection systems|https://aws.amazon.com/blogs/security/new-third-party-test-compares-amazon-guardduty-to-network-intrusion-detection-systems/]]|AWS_GuardDuty|
|>|>|>|!|
|2020.08.31|//Cobalt//|[[AWS Cloud Security: How to Look for and Prevent the Most Common Pentest Vulnerabilities|https://blog.cobalt.io/aws-cloud-security-how-to-look-for-and-prevent-the-most-common-pentest-vulnerabilities-32aa4d50ae06]]|AWS PenTesting|
|2020.09.02|//Amazon AWS//|[[Defense in depth using AWS Managed Rules for AWS WAF (part 1)|https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/]] (1/2)|AWS WAF|
|2020.09.02|//Amazon AWS//|[[Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)|https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/]] (2/2)|AWS WAF|
|2020.09.02|Help Net Security|[[Essential features of security automation for the AWS platform|https://www.helpnetsecurity.com/2020/09/02/essential-features-of-security-automation-for-the-aws-platform/]]|AWS Automation|
===
** Azure : Azure Security Center • Azure AD • Culture de la fiabilité • 'Confidential Computing'+++^*[»]
|2020.08.31|//SecureCloudBlog//|[[Azure Security Center - Exhibits from the field|https://securecloud.blog/2020/08/31/azure-security-center-exhibits-from-the-field/]]|Azure_Security_Center|
|2020.09.02|Secure Cloud Blog|[[Azure Security Center Exhibits from the field - Detecting SQL Injection with Advanced Data Security|https://securecloud.blog/2020/09/02/azure-security-center-exhibits-from-the-field-detecting-sql-injection-with-advanced-data-security/]]|Azre_Security_Center Detection|
|>|>|>|!|
|2020.09.05|//TRIMARC//|[[Escalating to Domain Admin in Microsoft's Cloud Hosted Active Directory (Azure AD Domain Services)|https://www.hub.trimarcsecurity.com/post/escalating-to-domain-admin-in-microsoft-s-cloud-hosted-active-directory-azure-ad-domain-services]]|AzureAD|
|2020.09.02|//Microsoft Azure//|[[Azure Active Directory External Identities goes premium with advanced security for B2C|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-active-directory-external-identities-goes-premium-with/ba-p/1604572]]|AzureAD|
|>|>|>|!|
|2020.08.31|//Microsoft Azure//|[[Advancing a culture of reliability at the pace of Azure|https://azure.microsoft.com/blog/advancing-a-culture-of-reliability-at-the-pace-of-azure/]]|Azure Reliability|
|2020.08.31|//Kindite//|[[Azure Confidential Computing|https://blog.kindite.com/azure-confidential-computing]]|Azure Confidential_Computing|
|2020.09.01|Thomas Stinger|[[Azure Linux VM SSH Error - Permission denied (publickey)|https://trstringer.com/azure-linux-vm-ssh-public-key-denied/]]|Azure VM SSH|
===
** Gouvernance : Point de vue de David das Neves • Comparaison AWS/Azure/GCP (//Park My Cloud//)+++^*[»]
|2020.08.31|David das Neves|[[Governance in the Cloud World|https://www.linkedin.com/pulse/governance-cloud-world-david-das-neves/]]|Governance|
|2020.09.01|//Park My Cloud//|[[AWS vs. Azure vs. Google Cloud Governance Models|https://www.parkmycloud.com/blog/cloud-governance-models/]]|Governanc AWS Azure GCP|
===
** OVH : extension de l'offre Cloud privé+++^*[»]
|2020.09.01|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud privé : OVHcloud pousse Hosted Private Cloud Premier|https://www.silicon.fr/ovhcloud-hosted-private-cloud-premier-346041.html]]|Products OVH|
|2020.09.01|//VMblog//| → [[OVHcloud US Enhances and Expands Hosted Private Cloud Offering|https://vmblog.com/archive/2020/09/01/ovhcloud-us-enhances-and-expands-hosted-private-cloud-offering.aspx]]|Products OVH|
===
** Kubernetes : Menaces (suite de la série) • Sécurité des Clusters • Détectio des API obsolètes+++^*[»]
|2020.09.01|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 8 - Lateral Movement|https://www.stackrox.com/post/2020/09/protecting-against-kubernetes-threats-chapter-8-lateral-movement/]] (8/9) |Kubernetes Treats|
|2020.09.02|Dark Reading|[[Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them)|https://www.darkreading.com/cloud/why-kubernetes-clusters-are-intrinsically-insecure-%28and-what-to-do-about-them%29/a/d-id/1338747]]|
|2020.09.02|DZone|[[Protecting Hosts in Kubernetes Cluster|http://feeds.dzone.com/link/16357/13849872/protecting-hosts-in-kubernetes-cluster]]|K8s|
|2020.09.01|Cloud Native Computing Foundation|[[Kubernetes: How to automatically detect and deal with deprecated APIs|https://www.cncf.io/blog/2020/09/01/kubernetes-how-to-automatically-detect-and-deal-with-deprecated-apis-2/]]|K8s APIs|
===
** Containers : Terminologie sécurité+++^*[»]
|2020.09.03|//Anchore//|[[A Container Security Terminology Guide For Better Communication|https://anchore.com/blog/a-container-security-terminology-guide-for-better-communication/]] (1/2)|Containers Terminology|
===
** Workloads : Responsabilité(s)+++^*[»]
|2020.09.04|//Morphisec//|[[Cloud Workloads: How Does Shared Responsibility Affect Security?|https://blog.morphisec.com/cloud-workload-shared-responsibility-security]]|Shared_Responsibility|
===
* __Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'__
** Podcasts : 'Automating Your IAM Roles' • 'Azure Identity Management' • Les 5 ans de GKE • Analyse de la panne CenturyLink / Level 3+++^*[»]
|2020.09.06|Cloud Security Podcast|[[What Is Azure Identity Management - Cloud Security|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-IS-AZURE-IDENTITY-MANAGEMENT--CLOUD-SECURITY-ej6hdi]]|Podcast Azure IAM|
|2020.09.02|//Google Cloud Platform Podcast//|[[GKE Turns Five with Alex Zakonov and Drew Bradstock|https://www.gcppodcast.com/post/episode-234-gke-turns-five-with-alex-zakonov-and-drew-bradstock/]]|Podcast GCP GKE|
|2020.09.01|SilverLining IL|![[Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles|https://silverlining-il.castos.com/episodes/episode-25-from-excessive-permissions-to-least-privileges-automating-your-iam-roles]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/EP-25.mp3]]) |Podcast|
|2020.09.01|//Thousand Eyes//|[[CenturyLink / Level 3 Outage Analysis|https://blog.thousandeyes.com/centurylink-level-3-outage-analysis/]]|Podcast Outage|
|2020.09.01|//Thousand Eyes//| → [[Ep. 21: Under the Hood On the CenturyLink / Level 3 Outage|https://blog.thousandeyes.com/ep-21-under-the-hood-on-the-centurylink-level-3-outage/]] et transcription|Podcast Outage|
===
** Veilles : TL;DR Security #50 • The Cloud Security Reading List #53+++^*[»]
|2020.09.03|TL;DR Security|[[#50 - Engineering Empathy, Golang Security, Bardcore|https://tldrsec.com/blog/tldr-sec-050/]] |Weekly_Newsletter|
|2020.09.06|Marco Lancini|[[The Cloud Security Reading List #53|https://cloudseclist.com/issues/issue-53/]] |Weekly_Newsletter|
===
* __Divers__
** Ressources : Livres de références sur AWS • sur la sécurité du Cloud+++^*[»]
|2020.08.31|Solutions Review|![[The Essential Cloud Security Books for Cybersecurity Professionals|https://solutionsreview.com/cloud-platforms/the-essential-cloud-security-books-for-cybersecurity-professionals/]] |Resources|
|2020.09.04|Solutions Review|![[The Essential Amazon Web Services (AWS) Books for Cloud Professionals|https://solutionsreview.com/cloud-platforms/the-essential-amazon-web-services-aws-books-for-cloud-professionals/]] |Resources|
===
** Inventaire des ressources Cloud+++^*[»]
|2020.09.04|Marco Lancini|[[Tracking Moving Clouds: How to continuously track cloud assets with Cartography|https://www.marcolancini.it/2020/blog-tracking-moving-clouds-with-cartography/]]|Assets Inventory|
===
!!3 - Agenda
* ''7 au 9'' septembre → CSA : ''ASEAN Virtual Summit'' ^^• [[Agenda et inscription|http://web.cvent.com/event/b8b02c8b-2ac8-4e5e-bb17-ad6f7c8c2ebf/summary?RefId=Mainsite]]^^
* ''8 au 25'' septembre → CSA : ''[[Webinaires 'SECtember Experience'|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
* ''23 au 24'' septembre → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K96/|https://CloudSecurityAlliance.fr/go/K96/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - August 31st to September 6th, 2020
!!1 - CSA News and Updates - August 31st to September 6th
* French Chapter's Blog
** Intermediate Status and Outlook for 2020+++^*[»] <<tiddler [[2020.09.05 - Blog : Bilan et perspectives pour le Chapitre Français]]>>===
** Gartner's Hype Cycle 'Cloud Security' (July 2020)+++^*[»] <<tiddler [[2020.09.04 - Blog : Hype Cycle 'Sécurité du Cloud' du Gartner (juillet 2020)]]>>===
* CSA's Blog
** 'Get Quantum Ready'+++^*[»] <<tiddler [[2020.09.02 - Blog : Prêt au saut quantique ?]]>>===
!!2 - Cloud and Security News Watch ([[over 120 links|2020.09.06 - Veille Hebdomadaire - 6 septembre]])
* __''Must read''__
** ''Cloud Security: A Primer for Policymakers'' by the Carnegie Endowment for Internatinal Peace think tank+++^*[»]
|2020.08.31|Carnegie Endowment for Internatinal Peace|[[Cloud Security: A Primer for Policymakers|https://carnegieendowment.org/publications/82597]] ([[pdf|https://carnegieendowment.org/files/Maurer_Hinck_Cloud_Security-V3.pdf]]) |Policy_Makers Risks|
|2020.08.31|CSO Online| → [[Cloud technology great for security but poses systemic risks, according to new report|https://www.csoonline.com/article/3573371/cloud-technology-great-for-security-but-poses-systemic-risks-according-to-new-report.html]]|Policy_Makers Risks|
===
** ''SaaS Continuity Control Certification Framework''+++^*[»]
|2020.09.01|Continuity Central|[['Clearing the Cloudiness of SaaS: A SaaS Continuity Control Certification Framework'|https://www.continuitycentral.com/index.php/news/technology/5457-clearing-the-cloudiness-of-saas-a-saas-continuity-control-certification-framework]]|SaaS Continuity Framework|
|2020.08.04|Utrecht University| → Thèse [['Clearing the Cloudiness of SaaS: A SaaS Continuity Control Certification Framework'|https://dspace.library.uu.nl/bitstream/handle/1874/398735/Thesis_Final.pdf]]|SaaS Continuity Framework|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: New analysis of the 'Team TNT' Crypto-Mining Worm • Life Cycle of a Compromised (Cloud) Server • O365 Phishing • The Cloud to Mitigate the Maze Ransomware?+++^*[»]
|2020.08.31|Container Journal|[[Latest Docker Container Attack Highlights Remote Networking Flaws|https://containerjournal.com/topics/container-security/latest-docker-container-attack-highlights-remote-networking-flaws/]]|Docker AWS Credentials Attack Team_TNT|
|2020.08.17|//Cado Security//| → [[Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials|https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/]] |Docker AWS Credentials Attack Team_TNT|
|2020.08.22|//Prevasio//| → [[Kinsing Punk: An Epic Escape From Docker Containers|https://blog.prevasio.com/2020/08/kinsing-punk-epic-escape-from-docker.html]]|Docker AWS Credentials Attack Team_TNT|
|>|>|>|!|
|2020.09.01|//Trend Micro//|![[The Life Cycle of a Compromised (Cloud) Server|https://blog.trendmicro.com/the-lifecycle-of-a-compromised-cloud-server/]] |Compromise|
|2020.09.04|//Cyren//|[[Anatomy of a Phishing Attack: Stolen Microsoft 365 Credentials|https://www.cyren.com/blog/articles/anatomy-of-a-phishing-attack-stolen-microsoft-365-credentials]]|Phishing M365|
|2020.08.31|Le MagIT[>img[iCSF/flag_fr.png]]|![[Expanscience, sauvé de Maze par le cloud ?|https://www.lemagit.fr/actualites/252488355/Expanscience-sauve-de-Maze-par-le-Cloud]] |Ransomware Resilience|
===
** Leaks: Yet Another Unsecured Database+++^*[»]
|2020.09.04|Silicon Angle|[[38M records linked to marketing company working with media found online|https://siliconangle.com/2020/09/03/38m-records-linked-marketing-company-working-media-found-online/]]|Data_Leak Misconfiguration|
|2020.09.04|CISO MAg| → [[Massive Data Breach! View Media's Unsecured Database Exposes 38 Mn User Records|https://cisomag.eccouncil.org/view-media-unsecured-database/]]|Data_Leak Misconfiguration|
===
** Threats: Aiming at Service Accounts • and at the SaaS+++^*[»]
|2020.09.02|Jason Alvarez|[[Service accounts are the reason you're hacked|https://0xbanana.com/blog/service-accounts-are-the-reason-you-re-hacked/]]|Attacks Service_Accounts|
|2020.08.31|SecurityWeek|[[It's Not Just an Unusual Login: Why Pay Attention to Threats Facing SaaS and Cloud?|https://www.securityweek.com/its-not-just-unusual-login-why-pay-attention-threats-facing-saas-and-cloud]]|Threats|
===
** Vulnerabilities: Privilege Escalation in AWS EKS • GCP API bug+++^*[»]
|2020.08.31|Christophe Tafani-Dereeper|[[Privilege Escalation in AWS Elastic Kubernetes Service (EKS) by compromising the instance role of worker nodes|https://blog.christophetd.fr/privilege-escalation-in-aws-elastic-kubernetes-service-eks-by-compromising-the-instance-role-of-worker-nodes/]]|AWS EKS Flaw|
|2020.09.03|The Daily Swig|[[Google Cloud API bug leaks private project information|https://portswigger.net/daily-swig/google-cloud-api-bug-leaks-private-project-information]]|GCP API Flaw|
|2020.08.26|Ezequiel Pereira| → [[Auth bypass: Leaking Google Cloud service accounts and projects|https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html]]|GCP Flaw|
===
* __Best Practices, and Detection__
** Best Practices: for AWS (//Amazon//) • for workloads (//Illumio//) • for Office 365 (//CipherCloud//)+++^*[»]
|2020.09.04|//Amazon AWS//|[[Introducing the AWS Best Practices for Security, Identity, & Compliance Webpage and Customer Polling Feature|https://aws.amazon.com/blogs/security/introducing-aws-best-practices-security-identity-compliance-webpage-and-customer-polling-feature/]]|AWS best_Practices|
|2020.09.01|Thomas Maurer|[[Azure Architecture Best Practices Virtual Event - October 20|https://www.thomasmaurer.ch/2020/09/azure-architecture-best-practices-virtual-event-october-20/]]|Azure Best_Practices|
|2020.09.03|//Centilytics//|[[Cloud Security Done Right: Three Critical Moves You Need To Know|https://blogs.centilytics.com/cloud-security-done-right-three-critical-moves-you-need-to-know/]]|Best_Practices|
|2020.09.01|//CipherCloud//|[[Diving Deeper: 4 Best Practices for Securing Enterprise Data in Office 365 (O365)|https://www.ciphercloud.com/diving-deeper-4-best-practices-for-securing-enterprise-data-in-office-365-o365/]]|O365 Best_Practices|
|2020.09.04|//XM Cyber//|[[An effective cloud security posture begins with these three steps|https://www.xmcyber.com/an-effective-cloud-security-posture-begins-with-these-three-steps/]]|CSPM Best_Practices|
|2020.09.04|//Illumio//|[[Best practices for workload segmentation: lean and streamlined, or heavy and complex?|https://www.illumio.com/blog/segmentation-approaches]]|Workloads|
===
* __Reports, Surveys, Studies, Publications__
** Reports: 'Global DevSecOps Insights Report 2020' (//Cap Gemini//) • '//2020 Insider Threat Report//' (//Bitglass//)+++^*[»]
|2020.09.01|//Cap Gemini//|[[Global DevSecOps Insights Report 2020|https://www.capgemini.com/gb-en/resources/the-state-of-devsecops-2020/]] ([[pdf|https://www.capgemini.com/gb-en/wp-content/uploads/sites/3/2020/08/DevSecOps-Report.pdf]])|Report|
|2020.09.02|//Bitglass//|[[Bitglass 2020 Insider Threat Report: 61% of Companies Have Experienced an Insider Attack over the Last Year|https://vmblog.com/archive/2020/09/02/bitglass-2020-insider-threat-report-61-of-companies-have-experienced-an-insider-attack-over-the-last-year.aspx]]|Report|
|2020.09.03|CISO MAG| → [[Threat to Privacy! 61% of Organizations Suffered an Insider Attack Last Year|https://cisomag.eccouncil.org/insider-attacks/]]|Report|
===
** Studies: '//Hype Cycle for Cloud Security//' (//Gartner// via //Fortanix//) • '//2020 Magic Quadrant for Cloud Infrastructure and Platform Services//' (//Gartner//)+++^*[»]
|2020.09.02|//Fortanix//|[[Multicloud Data Security Trends Noted in Gartner Hype Cycle for Cloud Security, 2020|https://vmblog.com/archive/2020/09/02/multicloud-data-security-trends-noted-in-gartner-hype-cycle-for-cloud-security-2020.aspx]]|Gartner|
|2020.09.02|//Gartner//| → [[G00448013 - Hype Cycle for Cloud Security, 2020|https://resources.fortanix.com/gartner-hype-cycle-for-cloud-data-security-2020]]|Gartner Hype_Cycle|
|>|>|>|!|
|2020.09.01|Gartner|[[G00441742 - 2020 Magic Quadrant for Cloud Infrastructure and Platform Services|https://pages.awscloud.com/GLOBAL-multi-DL-gartner-mq-cips-2020-learn.html]] (après inscription) /% https://www.gartner.com/doc/reprints?id=1-242R58F3&ct=200902&st=sb %/ |Gartner|
|2020.09.01|//Silicon Angle//| → [[AWS keeps 'commanding' lead in latest Gartner cloud report|https://siliconangle.com/2020/09/04/aws-keeps-commanding-lead-latest-gartner-cloud-report/]]|Gartner|
===
* __Cloud Services Providers, Tools__
** AWS: General Availability of ''Bottlerocket'', new open source Linux-based OS built to run containers (//Amazon//) • GuardDuty Security Review (//Forgenix//) • Caring for the Most Common Pentest Vulnerabilities (//Cobalt//)+++^*[»]
|2020.08.31|//Amazon AWS//|[[Announcing the General Availability of Bottlerocket, a new open source Linux-based operating system purpose-built to run containers|https://aws.amazon.com/about-aws/whats-new/2020/08/announcing-general-availability-of-bottlerocket/]]|AWS Bottlerocket|
|2020.08.31|//Amazon AWS//| → [[Announcing the General Availability of Bottlerocket, an open source Linux distribution built to run containers|https://aws.amazon.com/blogs/opensource/announcing-the-general-availability-of-bottlerocket-an-open-source-linux-distribution-purpose-built-to-run-containers/]]|AWS Bottlerocket|
|2020.08.31|//Amazon AWS//| → [[Bottlerocket|https://github.com/bottlerocket-os]]|AWS Bottlerocket|
|2020.08.31|//Amazon AWS//| → [[AWS launches its Bottlerocket container operating system into general availability|https://siliconangle.com/2020/08/31/aws-launches-bottlerocket-container-operating-system-general-availability/]]|AWS Bottlerocket|
|2020.08.31|//Sysdig//| → [[Secure and monitor your containers on Bottlerocket from AWS|https://sysdig.com/blog/secure-monitor-aws-bottlerocket/]]|AWS Bottlerocket|
|2020.08.31|//NeuVector//| → [[NeuVector Announces Container Security Integration with Bottlerocket, Open Source Operating System Built by AWS for Container Deployments|https://neuvector.com/article/aws-bottlerocket/]]|AWS Bottlerocket|
|2020.09.01|Container Journal| → [[AWS Fires Bottlerocket Linux for Container Apps|https://containerjournal.com/topics/container-ecosystems/aws-fires-bottlerocket-linux-for-container-apps/]]|AWS Bottlerocket|
|>|>|>|!|
|2020.08.31|//Forgenix//|![[Amazon GuardDuty Security Review|https://d1.awsstatic.com/certifications/foregenix_amazon_guardduty_security_review_07-2020.pdf]] |Report AWS_GuardDuty|
|2020.08.31|//Amazon AWS//|[[Amazon CloudFront announces real-time logs|https://aws.amazon.com/about-aws/whats-new/2020/08/cloudfront-realtimelogs/]]|AWS_CloudFront Logging|
|2020.08.31|//Amazon AWS//| → [[New third-party test compares Amazon GuardDuty to network intrusion detection systems|https://aws.amazon.com/blogs/security/new-third-party-test-compares-amazon-guardduty-to-network-intrusion-detection-systems/]]|AWS_GuardDuty|
|>|>|>|!|
|2020.08.31|//Cobalt//|[[AWS Cloud Security: How to Look for and Prevent the Most Common Pentest Vulnerabilities|https://blog.cobalt.io/aws-cloud-security-how-to-look-for-and-prevent-the-most-common-pentest-vulnerabilities-32aa4d50ae06]]|AWS PenTesting|
|2020.09.02|//Amazon AWS//|[[Defense in depth using AWS Managed Rules for AWS WAF (part 1)|https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/]] (1/2)|AWS WAF|
|2020.09.02|//Amazon AWS//|[[Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)|https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/]] (2/2)|AWS WAF|
|2020.09.02|Help Net Security|[[Essential features of security automation for the AWS platform|https://www.helpnetsecurity.com/2020/09/02/essential-features-of-security-automation-for-the-aws-platform/]]|AWS Automation|
===
** Azure: Azure Security Center • Azure AD • Culture of Reliability • 'Confidential Computing'+++^*[»]
|2020.08.31|//SecureCloudBlog//|[[Azure Security Center - Exhibits from the field|https://securecloud.blog/2020/08/31/azure-security-center-exhibits-from-the-field/]]|Azure_Security_Center|
|2020.09.02|Secure Cloud Blog|[[Azure Security Center Exhibits from the field - Detecting SQL Injection with Advanced Data Security|https://securecloud.blog/2020/09/02/azure-security-center-exhibits-from-the-field-detecting-sql-injection-with-advanced-data-security/]]|Azre_Security_Center Detection|
|>|>|>|!|
|2020.09.05|//TRIMARC//|[[Escalating to Domain Admin in Microsoft's Cloud Hosted Active Directory (Azure AD Domain Services)|https://www.hub.trimarcsecurity.com/post/escalating-to-domain-admin-in-microsoft-s-cloud-hosted-active-directory-azure-ad-domain-services]]|AzureAD|
|2020.09.02|//Microsoft Azure//|[[Azure Active Directory External Identities goes premium with advanced security for B2C|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-active-directory-external-identities-goes-premium-with/ba-p/1604572]]|AzureAD|
|>|>|>|!|
|2020.08.31|//Microsoft Azure//|[[Advancing a culture of reliability at the pace of Azure|https://azure.microsoft.com/blog/advancing-a-culture-of-reliability-at-the-pace-of-azure/]]|Azure Reliability|
|2020.08.31|//Kindite//|[[Azure Confidential Computing|https://blog.kindite.com/azure-confidential-computing]]|Azure Confidential_Computing|
|2020.09.01|Thomas Stinger|[[Azure Linux VM SSH Error - Permission denied (publickey)|https://trstringer.com/azure-linux-vm-ssh-public-key-denied/]]|Azure VM SSH|
===
** Governance: David das Neves' Position• AWS vs. Azure vs. Google Cloud Governance Models (//Park My Cloud//)+++^*[»]
|2020.08.31|David das Neves|[[Governance in the Cloud World|https://www.linkedin.com/pulse/governance-cloud-world-david-das-neves/]]|Governance|
|2020.09.01|//Park My Cloud//|[[AWS vs. Azure vs. Google Cloud Governance Models|https://www.parkmycloud.com/blog/cloud-governance-models/]]|Governanc AWS Azure GCP|
===
** OVH: Hosted Private Cloud Offering Enhanced+++^*[»]
|2020.09.01|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud privé : OVHcloud pousse Hosted Private Cloud Premier|https://www.silicon.fr/ovhcloud-hosted-private-cloud-premier-346041.html]]|Products OVH|
|2020.09.01|//VMblog//| → [[OVHcloud US Enhances and Expands Hosted Private Cloud Offering|https://vmblog.com/archive/2020/09/01/ovhcloud-us-enhances-and-expands-hosted-private-cloud-offering.aspx]]|Products OVH|
===
** Kubernetes: Protecting Against Kubernetes Threats (8/9) • Kubernetes Cluster (in)security • Deprecated APIs Handling+++^*[»]
|2020.09.01|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 8 - Lateral Movement|https://www.stackrox.com/post/2020/09/protecting-against-kubernetes-threats-chapter-8-lateral-movement/]] (8/9) |Kubernetes Treats|
|2020.09.02|Dark Reading|[[Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them)|https://www.darkreading.com/cloud/why-kubernetes-clusters-are-intrinsically-insecure-%28and-what-to-do-about-them%29/a/d-id/1338747]]|
|2020.09.02|DZone|[[Protecting Hosts in Kubernetes Cluster|http://feeds.dzone.com/link/16357/13849872/protecting-hosts-in-kubernetes-cluster]]|K8s|
|2020.09.01|Cloud Native Computing Foundation|[[Kubernetes: How to automatically detect and deal with deprecated APIs|https://www.cncf.io/blog/2020/09/01/kubernetes-how-to-automatically-detect-and-deal-with-deprecated-apis-2/]]|K8s APIs|
===
** Containers: Security Terminology+++^*[»]
|2020.09.03|//Anchore//|[[A Container Security Terminology Guide For Better Communication|https://anchore.com/blog/a-container-security-terminology-guide-for-better-communication/]] (1/2)|Containers Terminology|
===
** Workloads: Shared Responsibility+++^*[»]
|2020.09.04|//Morphisec//|[[Cloud Workloads: How Does Shared Responsibility Affect Security?|https://blog.morphisec.com/cloud-workload-shared-responsibility-security]]|Shared_Responsibility|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcasts: Automating Your IAM Roles • Azure Identity Management • GKE Turns Five • 'Under the Hood On the CenturyLink / Level 3 Outage'+++^*[»]
|2020.09.06|Cloud Security Podcast|[[What Is Azure Identity Management - Cloud Security|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-IS-AZURE-IDENTITY-MANAGEMENT--CLOUD-SECURITY-ej6hdi]]|Podcast Azure IAM|
|2020.09.02|//Google Cloud Platform Podcast//|[[GKE Turns Five with Alex Zakonov and Drew Bradstock|https://www.gcppodcast.com/post/episode-234-gke-turns-five-with-alex-zakonov-and-drew-bradstock/]]|Podcast GCP GKE|
|2020.09.01|SilverLining IL|![[Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles|https://silverlining-il.castos.com/episodes/episode-25-from-excessive-permissions-to-least-privileges-automating-your-iam-roles]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/EP-25.mp3]]) |Podcast|
|2020.09.01|//Thousand Eyes//|[[CenturyLink / Level 3 Outage Analysis|https://blog.thousandeyes.com/centurylink-level-3-outage-analysis/]]|Podcast Outage|
|2020.09.01|//Thousand Eyes//| → [[Ep. 21: Under the Hood On the CenturyLink / Level 3 Outage|https://blog.thousandeyes.com/ep-21-under-the-hood-on-the-centurylink-level-3-outage/]] et transcription|Podcast Outage|
===
** Newsletters: TL;DR Security #50 • The Cloud Security Reading List #53+++^*[»]
|2020.09.03|TL;DR Security|[[#50 - Engineering Empathy, Golang Security, Bardcore|https://tldrsec.com/blog/tldr-sec-050/]] |Weekly_Newsletter|
|2020.09.06|Marco Lancini|[[The Cloud Security Reading List #53|https://cloudseclist.com/issues/issue-53/]] |Weekly_Newsletter|
===
* __Miscellaneous__
** Essential Books on Cloud Security • on AWS+++^*[»]
|2020.08.31|Solutions Review|![[The Essential Cloud Security Books for Cybersecurity Professionals|https://solutionsreview.com/cloud-platforms/the-essential-cloud-security-books-for-cybersecurity-professionals/]] |Resources|
|2020.09.04|Solutions Review|![[The Essential Amazon Web Services (AWS) Books for Cloud Professionals|https://solutionsreview.com/cloud-platforms/the-essential-amazon-web-services-aws-books-for-cloud-professionals/]] |Resources|
===
** Cloud Assets Tracking+++^*[»]
|2020.09.04|Marco Lancini|[[Tracking Moving Clouds: How to continuously track cloud assets with Cartography|https://www.marcolancini.it/2020/blog-tracking-moving-clouds-with-cartography/]]|Assets Inventory|
===
!!3 - Agenda
* ''7/9'' → CSA: ''ASEAN Virtual Summit'' ^^• [[Agenda et inscription|http://web.cvent.com/event/b8b02c8b-2ac8-4e5e-bb17-ad6f7c8c2ebf/summary?RefId=Mainsite]]^^
* ''8 / 25'' → CSA: ''[['SECtember Experience' Webinars|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
* ''23 / 24'' → BIRP: ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K96/|https://CloudSecurityAlliance.fr/go/K96/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 31 août au 6 septembre 2020
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.09.06|
|2020.09.06|Marco Lancini|[[The Cloud Security Reading List #53|https://cloudseclist.com/issues/issue-53/]] |Weekly_Newsletter|
|2020.09.06|Cloud Security Podcast|[[What Is Azure Identity Management - Cloud Security|https://anchor.fm/cloudsecuritypodcast/episodes/WHAT-IS-AZURE-IDENTITY-MANAGEMENT--CLOUD-SECURITY-ej6hdi]]|Podcast Azure IAM|
|2020.09.06|//Zscaler//|[[Ditch the Complexity and Cost of CASB Point Product Overlays|https://www.zscaler.com/blogs/corporate/ditch-complexity-and-cost-casb-point-product-overlays]]|CASB|
|2020.09.06|//DZone//|[[Identity Federation in AWS with Okta|https://dzone.com/articles/identity-federation-in-aws-with-okta]]|Products AWS|
|2020.09.08|//Microsoft Azure//|[[How to integrate vulnerability management in Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-integrate-vulnerability-management-in-azure-sentinel/ba-p/1635728]]|Azure_Sentinel Vulnerability_Management|
|>|>|>|!2020.09.05|
|2020.09.05|//Trimarc Security//|[[Escalating to Domain Admin in Microsoft's Cloud Hosted Active Directory (Azure AD Domain Services)|https://www.hub.trimarcsecurity.com/post/escalating-to-domain-admin-in-microsoft-s-cloud-hosted-active-directory-azure-ad-domain-services]]|AzureAD|
|2020.09.05|//CloudKnox//|[[CloudKnox Named a 2020 Gartner Cool Vendor in Identity and Access Management (IAM)|https://go.cloudknox.io/cool-vendor-2020]]|Market|
|2020.05.26|//Gartner//| → G00723243 - [[Cool Vendors in Identity and Access Management and Fraud Detection|https://www.gartner.com/doc/reprints?id=1-1Z8XQ8YN&ct=200615&st=sb]]|Gartner|
|>|>|>|!2020.09.04|
|2020.09.04|Marco Lancini|[[Tracking Moving Clouds: How to continuously track cloud assets with Cartography|https://www.marcolancini.it/2020/blog-tracking-moving-clouds-with-cartography/]]|Assets Inventory|
|2020.09.04|Thomas Stringer|[[Access the OS Disk from an Inaccessible Azure Linux VM|https://trstringer.com/recovery-os-disk-azure-linux-vm/]]|Azure VM|
|2020.09.04|Solutions Review|![[The Essential Amazon Web Services (AWS) Books for Cloud Professionals|https://solutionsreview.com/cloud-platforms/the-essential-amazon-web-services-aws-books-for-cloud-professionals/]] |Resources|
|2020.09.04|Silicon Angle|[[38M records linked to marketing company working with media found online|https://siliconangle.com/2020/09/03/38m-records-linked-marketing-company-working-media-found-online/]]|Data_Leak Misconfiguration|
|2020.09.04|CISO MAg| → [[Massive Data Breach! View Media's Unsecured Database Exposes 38 Mn User Records|https://cisomag.eccouncil.org/view-media-unsecured-database/]]|Data_Leak Misconfiguration|
|2020.09.04|Security Boulevard|[[Google Cloud Under Siege|https://securityboulevard.com/2020/09/google-cloud-under-siege/]]|GCP Attacks|
|2020.09.04|//Amazon AWS//|[[Introducing the AWS Best Practices for Security, Identity, & Compliance Webpage and Customer Polling Feature|https://aws.amazon.com/blogs/security/introducing-aws-best-practices-security-identity-compliance-webpage-and-customer-polling-feature/]]|AWS best_Practices|
|2020.09.04|//Google Cloud//|[[Security groups help manage groups used for security and access control|https://gsuiteupdates.googleblog.com/2020/09/security-groups-beta.html]]|G-Suite|
|2020.09.04|//XM Cyber//|[[How a Breach and Attack Simulation Platform Can Improve Your Cloud Security|https://www.xmcyber.com/how-a-breach-and-attack-simulation-platform-can-improve-your-cloud-security/]]|Exercise Simulation|
|2020.09.04|//XM Cyber//|[[An effective cloud security posture begins with these three steps|https://www.xmcyber.com/an-effective-cloud-security-posture-begins-with-these-three-steps/]]|CSPM Best_Practices|
|2020.09.04|//Illumio//|[[Best practices for workload segmentation: lean and streamlined, or heavy and complex?|https://www.illumio.com/blog/segmentation-approaches]]|Workloads|
|2020.09.04|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of FTP|https://blog.rapid7.com/2020/09/04/nicer-protocol-deep-dive-internet-exposure-of-ftp/]]|Report NICER FTP|
|2020.09.04|//Morphisec//|[[Cloud Workloads: How Does Shared Responsibility Affect Security?|https://blog.morphisec.com/cloud-workload-shared-responsibility-security]]|Shared_Responsibility|
|2020.09.04|//Cyren//|[[Anatomy of a Phishing Attack: Stolen Microsoft 365 Credentials|https://www.cyren.com/blog/articles/anatomy-of-a-phishing-attack-stolen-microsoft-365-credentials]]|Phishing M365|
|>|>|>|!2020.09.03|
|2020.09.03|TL;DR Security|[[#50 - Engineering Empathy, Golang Security, Bardcore|https://tldrsec.com/blog/tldr-sec-050/]] |Weekly_Newsletter|
|2020.09.03|Daily Mail|[[Amazon refuses to reveal which company had 54,000 NSW driver's licences stored on its cloud|https://www.dailymail.co.uk/news/article-8692163/Amazon-refuses-reveal-company-54-000-NSW-drivers-licences-stored-cloud.html]]|AWS Data_Leak|
|2020.09.03|The Daily Swig|[[Google Cloud API bug leaks private project information|https://portswigger.net/daily-swig/google-cloud-api-bug-leaks-private-project-information]]|GCP API Flaw|
|2020.08.26|Ezequiel Pereira| → [[Auth bypass: Leaking Google Cloud service accounts and projects|https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html]]|GCP Flaw|
|2020.09.03|Bug Bounty Writeup|[[How a badly configured DB allowed us to own an entire cloud of over 25K hosts (part 2/2)|https://medium.com/bugbountywriteup/how-a-badly-configured-db-allowed-us-to-own-an-entire-cloud-of-over-25k-hosts-part-1-2-8846beab691e]]|Compromise|
|2020.09.03|CIO Dive|[[Cloud shared responsibility models are misunderstood, report says|https://www.ciodive.com/news/shared-responsibility-models-cloud-security-alliance/584652/]]|CSA Report|
|2020.09.03|Bug Bounty Writeup|[[How a badly configured DB allowed us to own an entire cloud of over 25K hosts (part 2/2)|https://medium.com/@securityshenaningans/how-a-badly-configured-db-allowed-us-to-own-an-entire-cloud-of-over-25k-hosts-part-2-2-5a63da194bc1]]|Compromise|
|2020.09.03|//Caylent//|[[What is Containerd?|https://caylent.com/what-is-containerd]]|Docker Containerd|
|2020.09.03|//Anchore//|[[A Container Security Terminology Guide For Better Communication|https://anchore.com/blog/a-container-security-terminology-guide-for-better-communication/]] (1/2)|Containers Terminology|
|2020.09.03|//Oracle Cloud//|[[Quick Tip #2 - Creating multiple Oracle Identity Cloud Service instances|https://blogs.oracle.com/cloudsecurity/quick-tip-2-creating-multiple-oracle-identity-cloud-service-instances]] (2)|OracleCloud Tips|
|2020.09.03|//Centilytics//|[[Why are Websites and Web Applications Rapidly Adopting Cloud Security Solutions?|https://blogs.centilytics.com/why-are-websites-and-web-applications-rapidly-adopting-cloud-security-solutions/]]|Misc|
|2020.09.03|//Centilytics//|[[Cloud Security Concerns Set Trends for Computing Technologies in COVID-Era|https://blogs.centilytics.com/cloud-security-concerns-set-trends-for-computing-technologies-in-covid-era/]]|Trends WFH|
|2020.09.03|//Centilytics//|[[Cloud Security Done Right: Three Critical Moves You Need To Know|https://blogs.centilytics.com/cloud-security-done-right-three-critical-moves-you-need-to-know/]]|Best_Practices|
|2020.09.03|//ScaleSec//|[[Intricacies of IAM Conditions|https://scalesec.com/blog/intricacies-of-iam-conditions/]]|GCP IAM|
|2020.09.03|//Logz//|[[A Practical Guide to Kubernetes Logging|https://logz.io/blog/a-practical-guide-to-kubernetes-logging/]]|K8s Logging|
|2020.09.03|//Trimarc Security//|[[Escalating to Domain Admin in Microsoft's Cloud Hosted Active Directory (Azure AD Domain Services)|https://www.hub.trimarcsecurity.com/post/escalating-to-domain-admin-in-microsoft-s-cloud-hosted-active-directory-azure-ad-domain-services]]|AzureAD|
|>|>|>|!2020.09.02|
|2020.09.02|Rick Blaisdell|[[Cloud Hosting vs Dedicated Hosting - Which Is Right For Me?|https://rickscloud.com/cloud-hosting-vs-dedicated-hosting-which-is-right-for-me/]]|Hosting|
|2020.09.02|Jason Alvarez|[[Service accounts are the reason you're hacked|https://0xbanana.com/blog/service-accounts-are-the-reason-you-re-hacked/]]|Attacks Service_Accounts|
|2020.09.02|Dark Reading|[[Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them)|https://www.darkreading.com/cloud/why-kubernetes-clusters-are-intrinsically-insecure-%28and-what-to-do-about-them%29/a/d-id/1338747]]|
|2020.09.02|Help Net Security|[[Essential features of security automation for the AWS platform|https://www.helpnetsecurity.com/2020/09/02/essential-features-of-security-automation-for-the-aws-platform/]]|AWS Automation|
|2020.09.02|Secure Cloud Blog|[[Azure Security Center Exhibits from the field - Detecting SQL Injection with Advanced Data Security|https://securecloud.blog/2020/09/02/azure-security-center-exhibits-from-the-field-detecting-sql-injection-with-advanced-data-security/]]|Azre_Security_Center Detection|
|2020.09.02|DZone|[[Protecting Hosts in Kubernetes Cluster|http://feeds.dzone.com/link/16357/13849872/protecting-hosts-in-kubernetes-cluster]]|K8s|
|2020.09.02|Gabor Matuz|![[Testing docker CVE scanners. Part 2.5 - Exploiting CVE scanners|https://medium.com/@matuzg/testing-docker-cve-scanners-part-2-5-exploiting-cve-scanners-b37766f73005]] |Docker CVE_Scanning|
|2020.09.02|A cloud Guru|[[168 AWS Services in 2 minutes|https://www.youtube.com/watch?v=BtJAsvJOlhM]]|Fun|
|2020.09.02|//GitHub//|[[GitHub Availability Report: August 2020|https://github.blog/2020-09-02-github-availability-report-august-2020/]]|Report Availability|
|2020.09.02|//GitHub//|[[How we threat model|https://github.blog/2020-09-02-how-we-threat-model/]]|GitHub Threat_Modeling|
|2020.09.02|//GitHub//|[[Secure at every step: What is software supply chain security and why does it matter?|https://github.blog/2020-09-02-secure-your-software-supply-chain-and-protect-against-supply-chain-threats-github-blog/]] (3/3)|DevSecOps|
|2020.09.02|//Fortanix//|[[Multicloud Data Security Trends Noted in Gartner Hype Cycle for Cloud Security, 2020|https://vmblog.com/archive/2020/09/02/multicloud-data-security-trends-noted-in-gartner-hype-cycle-for-cloud-security-2020.aspx]]|Gartner|
|2020.09.02|//Gartner//| → [[G00448013 - Hype Cycle for Cloud Security, 2020|https://resources.fortanix.com/gartner-hype-cycle-for-cloud-data-security-2020]]|Gartner Hype_Cycle|
|2020.09.02|//Rancher Labs//|[[Multi-Cluster Vulnerability Scanning with Alcide and Rancher|https://rancher.com/blog/2020/multi-cluster-vulnerability-scanning-alcide-rancher/]]|Vulnerability_Scanning|
|2020.09.02|//Amazon AWS//|[[Defense in depth using AWS Managed Rules for AWS WAF (part 1)|https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/]] (1/2)|AWS WAF|
|2020.09.02|//Amazon AWS//|[[Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)|https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/]] (2/2)|AWS WAF|
|2020.09.02|//Microsoft//|[[Securing a remote workforce with Zero Trust|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/securing-a-remote-workforce-with-zero-trust/ba-p/1623996]]|Zero_Trust|
|2020.09.02|//Microsoft Azure//|[[Azure Active Directory External Identities goes premium with advanced security for B2C|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-active-directory-external-identities-goes-premium-with/ba-p/1604572]]|AzureAD|
|2020.09.02|//Sysdig//|[[A security journey to open source|https://sysdig.com/blog/a-security-journey-to-open-source/]]|K8s|
|2020.09.02|//Cequence//|[[Aite Group Research Validates API Security Gaps|https://www.cequence.ai/blog/aite-group-research-validates-api-security-gaps/]]|APIs|
|2020.09.02|//Google Cloud Platform Podcast//|[[GKE Turns Five with Alex Zakonov and Drew Bradstock|https://www.gcppodcast.com/post/episode-234-gke-turns-five-with-alex-zakonov-and-drew-bradstock/]]|Podcast GCP GKE|
|2020.09.02|//Bitglass//|[[Bitglass 2020 Insider Threat Report: 61% of Companies Have Experienced an Insider Attack over the Last Year|https://vmblog.com/archive/2020/09/02/bitglass-2020-insider-threat-report-61-of-companies-have-experienced-an-insider-attack-over-the-last-year.aspx]]|Report|
|2020.09.03|CISO MAG| → [[Threat to Privacy! 61% of Organizations Suffered an Insider Attack Last Year|https://cisomag.eccouncil.org/insider-attacks/]]|Report|
|2020.09.02|//Last week in AWS//|[[8 AWS Terms Project Managers Need to Know|https://www.lastweekinaws.com/blog/8-aws-terms-project-managers-need-to-know/]]|AWS Termminology|
|2020.09.02|//Divvy Cloud//|[[Gaining Control Over Cloud IAM Chaos|https://divvycloud.com/iam-whitepaper/]]|Products IAM Whitepaper|
|2020.09.08|//Divvy Cloud//| → [[Just Released: New White Paper on Cloud IAM|https://divvycloud.com/new-white-paper-cloud-iam/]]|Products IAM Whitepaper|
|>|>|>|!2020.09.01|
|2020.09.01|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud privé : OVHcloud pousse Hosted Private Cloud Premier|https://www.silicon.fr/ovhcloud-hosted-private-cloud-premier-346041.html]]|Products OVH|
|2020.09.01|//VMblog//| → [[OVHcloud US Enhances and Expands Hosted Private Cloud Offering|https://vmblog.com/archive/2020/09/01/ovhcloud-us-enhances-and-expands-hosted-private-cloud-offering.aspx]]|Products OVH|
|2020.09.01|Gartner|[[G00441742 - 2020 Magic Quadrant for Cloud Infrastructure and Platform Services|https://pages.awscloud.com/GLOBAL-multi-DL-gartner-mq-cips-2020-learn.html]] (après inscription) /% https://www.gartner.com/doc/reprints?id=1-242R58F3&ct=200902&st=sb %/ |Gartner|
|2020.09.01|//Silicon Angle//| → [[AWS keeps 'commanding' lead in latest Gartner cloud report|https://siliconangle.com/2020/09/04/aws-keeps-commanding-lead-latest-gartner-cloud-report/]]|Gartner|
|2020.09.01|SilverLining IL|![[Episode 25: From Excessive Permissions To Least Privileges - Automating Your IAM Roles|https://silverlining-il.castos.com/episodes/episode-25-from-excessive-permissions-to-least-privileges-automating-your-iam-roles]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/EP-25.mp3]]) |Podcast|
|2020.09.01|Jason Alvarez|[[Terraform on GCP - DFIR Lab Hello World!|https://0xbanana.com/blog/terraform-on-gcp-dfir-lab-hello-world/]] (3/5)|Forensics Lab DFIR GCP|
|2020.09.01|Thomas Maurer|[[Azure Architecture Best Practices Virtual Event - October 20|https://www.thomasmaurer.ch/2020/09/azure-architecture-best-practices-virtual-event-october-20/]]|Azure Best_Practices|
|2020.09.01|Cloud Native Computing Foundation|[[Kubernetes: How to automatically detect and deal with deprecated APIs|https://www.cncf.io/blog/2020/09/01/kubernetes-how-to-automatically-detect-and-deal-with-deprecated-apis-2/]]|K8s APIs|
|2020.09.01|Thomas Stinger|[[Azure Linux VM SSH Error - Permission denied (publickey)|https://trstringer.com/azure-linux-vm-ssh-public-key-denied/]]|Azure VM SSH|
|2020.09.01|Continuity Central|[['Clearing the Cloudiness of SaaS: A SaaS Continuity Control Certification Framework'|https://www.continuitycentral.com/index.php/news/technology/5457-clearing-the-cloudiness-of-saas-a-saas-continuity-control-certification-framework]]|SaaS Continuity Framework|
|2020.08.04|Utrecht University| → Thèse [['Clearing the Cloudiness of SaaS: A SaaS Continuity Control Certification Framework'|https://dspace.library.uu.nl/bitstream/handle/1874/398735/Thesis_Final.pdf]]|SaaS Continuity Framework|
|2020.09.01|Bug Bounty Writeup|[[How a badly configured DB allowed us to own an entire cloud of over 25K hosts (part 1/2)|https://medium.com/bugbountywriteup/how-a-badly-configured-db-allowed-us-to-own-an-entire-cloud-of-over-25k-hosts-part-1-2-8846beab691e]]|Compromise|
|2020.09.01|//Blackblaze//|[[Cloud Storage Vs. Backup: B2, Backup, or Both?|https://www.backblaze.com/blog/cloud-storage-vs-backup-to-b1-b2-or-both/]]|Backup|
|2020.09.01|//Park My Cloud//|[[AWS vs. Azure vs. Google Cloud Governance Models|https://www.parkmycloud.com/blog/cloud-governance-models/]]|Governanc AWS Azure GCP|
|2020.09.01|//Netskope//|[[Migrating from On-prem Proxies to the Cloud|https://www.netskope.com/blog/migrating-from-on-prem-proxies-to-the-cloud]]|Migration|
|2020.09.01|//AllCloud//|[[What is Kubernetes - It's all Greek to me|https://allcloud.io/blog/what-is-kubernetes/]]|K8s|
|2020.09.01|//Cloud Management Insider//|[[Cloud Security Concerns Set Trends for Computing Technologies in COVID-Era|https://www.cloudmanagementinsider.com/cloud-security-concerns-set-trends-for-computing-technologies-in-covid-era/]]|COVID-19|
|2020.09.01|//Trend Micro//|![[The Life Cycle of a Compromised (Cloud) Server|https://blog.trendmicro.com/the-lifecycle-of-a-compromised-cloud-server/]] |Compromise|
|2020.09.01|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 8 - Lateral Movement|https://www.stackrox.com/post/2020/09/protecting-against-kubernetes-threats-chapter-8-lateral-movement/]] (8/9) |Kubernetes Treats|
|2020.09.01|//Thousand Eyes//|[[CenturyLink / Level 3 Outage Analysis|https://blog.thousandeyes.com/centurylink-level-3-outage-analysis/]]|Podcast Outage|
|2020.09.01|//Thousand Eyes//| → [[Ep. 21: Under the Hood On the CenturyLink / Level 3 Outage|https://blog.thousandeyes.com/ep-21-under-the-hood-on-the-centurylink-level-3-outage/]] et transcription|Podcast Outage|
|2020.09.01|//AlienVault//|[[Cloud-based SIEM explained|https://cybersecurity.att.com/blogs/security-essentials/cloud-based-siem]]|SIEM|
|2020.09.01|//One Cloud Please//|[[Security September: Fun with Fn::Cidr|https://onecloudplease.com/blog/security-september-fun-with-fncidr]] (1/5)|AWS Exploits|
|2020.09.01|//CipherCloud//|[[Diving Deeper: 4 Best Practices for Securing Enterprise Data in Office 365 (O365)|https://www.ciphercloud.com/diving-deeper-4-best-practices-for-securing-enterprise-data-in-office-365-o365/]]|O365 Best_Practices|
|2020.09.01|//Exabeam//|[[Zero Trust Architecture: Best Practices for Safer Networks|https://www.exabeam.com/information-security/zero-trust-architecture/]]|Zero_Trust|
|2020.09.01|//AppOmni//|[[Treating SaaS as the Critical Infrastructure it is|https://appomni.com/saas-as-critical-infrastructure-white-paper/]] (livre blanc)|SaaS|
|2020.09.01|//GitHub//|[[Introducing GitHub Container Registry|https://github.blog/2020-09-01-introducing-github-container-registry/]]|GitHub Container Registry|
|2020.09.01|//Cap Gemini//|[[Global DevSecOps Insights Report 2020|https://www.capgemini.com/gb-en/resources/the-state-of-devsecops-2020/]] ([[pdf|https://www.capgemini.com/gb-en/wp-content/uploads/sites/3/2020/08/DevSecOps-Report.pdf]])|Report|
|2020.09.01|//Strimzi//|[[Enforce Custom Resource policies with Open Policy Agent Gatekeeper|https://strimzi.io/blog/2020/09/01/enforce-custom-resource-policies-with-opa-gatekeeper/]]|K8s OPA|
|>|>|>|!|
|>|>|>||
|!Août|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.08.31|
|2020.08.31|Le MagIT[>img[iCSF/flag_fr.png]]|![[Expanscience, sauvé de Maze par le cloud ?|https://www.lemagit.fr/actualites/252488355/Expanscience-sauve-de-Maze-par-le-Cloud]] |Ransomware Resilience|
|2020.08.31|Carnegie Endowment for Internatinal Peace|[[Cloud Security: A Primer for Policymakers|https://carnegieendowment.org/publications/82597]] ([[pdf|https://carnegieendowment.org/files/Maurer_Hinck_Cloud_Security-V3.pdf]]) |Policy_Makers Risks|
|2020.08.31|CSO Online| → [[Cloud technology great for security but poses systemic risks, according to new report|https://www.csoonline.com/article/3573371/cloud-technology-great-for-security-but-poses-systemic-risks-according-to-new-report.html]]|Policy_Makers Risks|
|2020.08.31|SANS|[[How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK Matrix|https://www.sans.org/reading-room/whitepapers/analyst/improve-threat-detection-hunting-aws-cloud-mitre-att-ck-matrix-39775]] (Dave Shackleford)|AWS Detection Hunting|
|2020.08.31|Solutions Review|![[The Essential Cloud Security Books for Cybersecurity Professionals|https://solutionsreview.com/cloud-platforms/the-essential-cloud-security-books-for-cybersecurity-professionals/]] |Resources|
|2020.08.31|DZone|[[Enforce CIS Kubernetes - PodSecurityPolicies|http://feeds.dzone.com/link/16357/13846474/enforce-cis-kubernetes-podsecuritypolicies]]|K8s CISecurity|
|2020.08.31|Help Net Security|[[Five critical cloud security challenges and how to overcome them|https://www.helpnetsecurity.com/2020/08/31/critical-cloud-security-challenges-how-to-overcome/]]|Challenges|
|2020.08.31|Christophe Tafani-Dereeper|[[Privilege Escalation in AWS Elastic Kubernetes Service (EKS) by compromising the instance role of worker nodes|https://blog.christophetd.fr/privilege-escalation-in-aws-elastic-kubernetes-service-eks-by-compromising-the-instance-role-of-worker-nodes/]]|AWS EKS Flaw|
|2020.08.31|SecurityWeek|[[It's Not Just an Unusual Login: Why Pay Attention to Threats Facing SaaS and Cloud?|https://www.securityweek.com/its-not-just-unusual-login-why-pay-attention-threats-facing-saas-and-cloud]]|Threats|
|2020.08.31|David das Neves|[[Governance in the Cloud World|https://www.linkedin.com/pulse/governance-cloud-world-david-das-neves/]]|Governance|
|2020.08.31|Container Journal|[[Latest Docker Container Attack Highlights Remote Networking Flaws|https://containerjournal.com/topics/container-security/latest-docker-container-attack-highlights-remote-networking-flaws/]]|Docker AWS Credentials Attack Team_TNT|
|2020.08.17|//Cado Security//| → [[Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials|https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/]] |Docker AWS Credentials Attack Team_TNT|
|2020.08.22|//Prevasio//| → [[Kinsing Punk: An Epic Escape From Docker Containers|https://blog.prevasio.com/2020/08/kinsing-punk-epic-escape-from-docker.html]]|Docker AWS Credentials Attack Team_TNT|
|2020.08.31|CIO Dive|[[Undoing pandemic cloud mistakes|https://www.ciodive.com/news/undoing-pandemic-cloud-mistakes/584294/]]|Misc|
|2020.08.31|Jason Alvarez|[[One Click Forensics Lab in the Cloud|https://0xbanana.com/blog/one-click-forensics-lab-in-the-cloud/]]|Forensics Lab DFIR|
|2020.08.31|Help Net Security|[[Five critical cloud security challenges and how to overcome them|https://www.helpnetsecurity.com/2020/08/31/critical-cloud-security-challenges-how-to-overcome/]]|Challenges|
|2020.08.31|//Amazon AWS//|[[Announcing the General Availability of Bottlerocket, a new open source Linux-based operating system purpose-built to run containers|https://aws.amazon.com/about-aws/whats-new/2020/08/announcing-general-availability-of-bottlerocket/]]|AWS Bottlerocket|
|2020.08.31|//Amazon AWS//| → [[Announcing the General Availability of Bottlerocket, an open source Linux distribution built to run containers|https://aws.amazon.com/blogs/opensource/announcing-the-general-availability-of-bottlerocket-an-open-source-linux-distribution-purpose-built-to-run-containers/]]|AWS Bottlerocket|
|2020.08.31|//Amazon AWS//| → [[Bottlerocket|https://github.com/bottlerocket-os]]|AWS Bottlerocket|
|2020.08.31|//Amazon AWS//| → [[AWS launches its Bottlerocket container operating system into general availability|https://siliconangle.com/2020/08/31/aws-launches-bottlerocket-container-operating-system-general-availability/]]|AWS Bottlerocket|
|2020.08.31|//Sysdig//| → [[Secure and monitor your containers on Bottlerocket from AWS|https://sysdig.com/blog/secure-monitor-aws-bottlerocket/]]|AWS Bottlerocket|
|2020.08.31|//NeuVector//| → [[NeuVector Announces Container Security Integration with Bottlerocket, Open Source Operating System Built by AWS for Container Deployments|https://neuvector.com/article/aws-bottlerocket/]]|AWS Bottlerocket|
|2020.09.01|Container Journal| → [[AWS Fires Bottlerocket Linux for Container Apps|https://containerjournal.com/topics/container-ecosystems/aws-fires-bottlerocket-linux-for-container-apps/]]|AWS Bottlerocket|
|2020.09.01|//Aqua Security//| → [[Securing Container Workloads on AWS Bottlerocket|https://blog.aquasec.com/aws-linux-bottlerocket]]|AWS Bottlerocket|
|2020.09.07|Silicon[>img[iCSF/flag_fr.png]]|[[Conteneurs : AWS porte Bottlerocket OS|https://www.silicon.fr/conteneurs-aws-bottlerocket-os-346357.html]]|AWS Bottlerocket|
|2020.08.31|//Forgenix//|![[Amazon GuardDuty Security Review|https://d1.awsstatic.com/certifications/foregenix_amazon_guardduty_security_review_07-2020.pdf]] |Report AWS_GuardDuty|
|2020.08.31|//Amazon AWS//|[[Amazon CloudFront announces real-time logs|https://aws.amazon.com/about-aws/whats-new/2020/08/cloudfront-realtimelogs/]]|AWS_CloudFront Logging|
|2020.08.31|//Amazon AWS//| → [[New third-party test compares Amazon GuardDuty to network intrusion detection systems|https://aws.amazon.com/blogs/security/new-third-party-test-compares-amazon-guardduty-to-network-intrusion-detection-systems/]]|AWS_GuardDuty|
|2020.08.31|//Microsoft Azure//|[[Advancing a culture of reliability at the pace of Azure|https://azure.microsoft.com/blog/advancing-a-culture-of-reliability-at-the-pace-of-azure/]]|Azure Reliability|
|2020.08.31|//SecureCloudBlog//|[[Azure Security Center - Exhibits from the field|https://securecloud.blog/2020/08/31/azure-security-center-exhibits-from-the-field/]]|Azure_Security_Center|
|2020.08.31|//Cobalt//|[[AWS Cloud Security: How to Look for and Prevent the Most Common Pentest Vulnerabilities|https://blog.cobalt.io/aws-cloud-security-how-to-look-for-and-prevent-the-most-common-pentest-vulnerabilities-32aa4d50ae06]]|AWS PenTesting|
|2020.08.31|//Kindite//|[[The Importance of Efficient Data Classification to Cloud Migration|https://blog.kindite.com/the-importance-of-efficient-data-classification-to-cloud-migration]]|Data_Classification|
|2020.08.31|//Kindite//|[[Azure Confidential Computing|https://blog.kindite.com/azure-confidential-computing]]|Azure Confidential_Computing|
|2020.08.31|//Google Cloud//|[[Manage all your Kubernetes clusters with Anthos attached clusters|https://cloud.google.com/blog/topics/anthos/getting-to-know-anthos-attached-clusters]]|Anthos Kubernetes|
<<tiddler [[arOund0C]]>>
{{ss2col{
Cet article fait un bilan du 1er semestre 2020, et donne des perspectives pour le 2eme.
!!1 -- Bilan du 1er trimestre 2020
Cela ne surprendra personne, si l'on résume ce premier semestre a été //compliqué// :
* Un premier trimestre sous tension avec peu de disponibilités
* L'annulation en mars du salon ''Cloud Computing Expo Europe'' et donc du cycle de conférence ''Forum Securité@Cloud'' au cours duquel une intervention était prévue.
* Aucun événement CSA n'a été organisé
* Le comité de pilotage du Chapitre Français n'a pas pu être réactivé
* Pas d'utilisation du compte ''Twitter'' du Chapitre Français
Il y a aussi de nombreux motifs de satisfactions :
* Publication de ''3 traductions françaises'' de document de la CSA : ''CCM'', ''CAIQ'' et ''PLA CoC''
* Participation au ''Forum Securité@Cloud'' des 23 et 24 septembre
* Participation au salon ''Cloud & Cyber Security Paris'' des 17 et 18 novembre
* Poursuite du partenariat avec l'ISEP Formation Continue pour le ''Mastère Spécialisé® Expertise Cloud Computing'' malgré le contexte sanitaire
* ''Mise à jour du site Web'' CloudSecurityAlliance.fr 2 fois par semaine
* Presque ''250 références'' dans la rubrique ''Outils''
* Poursuite de l'intégration d'une partie des ''archives'' de l'ancien site
* Bon fonctionnement du ''réducteur'' de liens/URLs
* Publication hebdomadaire de la ''newsletter'' sans interruption (depuis mars 2019) et lancement d'une version ''anglaise'' depuis mars 2020
* Publication hebdomadaire des ''newsletters'' e nfrançais et en anglais sur ''Circle''
* Lancement de la communauté ''CSA France Chapter'' sur la plate-forme ''Circle''
!!2 -- Perspectives pour le deuxième trimestre
* Participation au cycle de conférence ''Forum Securité@Cloud'' lors du salon ''Cloud Computing Expo Europe'' des 23 et 24 septembre
* Participation au salon ''Cloud & Cyber Security Paris'' des 17 et 18 novembre
* Lancement d'un ''sondage sur la Veille Hebdomadaire''
* Participation au ''Comité de programme'' des différents événements de la CSA, dont l'EMEA Summit de novembre
* Poursuite des publications actuelles : newsletters et veille Web hebdomadaires
* Poursuite de l'intégration des ''archives'' de l'ancien site Web
* Deux formations ''CCSK''/''CCSK+'' sont organisées (semaines du 31 août et du 23 novembre)
* Réactivation du ''comité de pilotage'' du Chapitre Français
!!3 -- Que faire maintenant ?
Inscrivez-vous sur la plate-forme +++*[Circle]> <<tiddler [[CSA Circle]]>>=== afin de rejoindre la communauté "CSA France Chapter" mieux suivre toute l'activité de la CSA et de participer aux groupes de travail
!!4 -- Contacts
Si vous souhaitez participer activement aux activités du Chapitre Français, ou simplement découvrir les travaux de la [[Cloud Security Alliance]], contactez nous par [[email|Contact]], via [[LinkedIN]], via l'espace [[Slack]]
<<tiddler [[arOund0C]]>>
!"//Hype Cycle for Cloud Security//, juillet 2020 (Gartner)"
[>img(100px,auto)[iCSF/Fortanix.png]]Fortanix, a Runtime Encryption company, provides a reprint of the Gartner 'Hype Cycle for Cloud Security, 2020' (after registration).
This Gartner Hype Cycle report is numbered "G00448013", and was published on July 17th, 2020. It describes emerging technologies that improve the security of public and private cloud computing.
[>img(100px,auto)[iCSF/Gartner.gif]]It defines, tracks adoption, and discusses the business impact of critical data security technologies, and casts the usual "Hype" graph, which splits data security trends into 5 categories:
* 1 - Innovation Trigger+++^*[»] __© 2020 Gartner, Inc. and/or its affiliates:__
//A breakthrough, public demonstration, product launch or other event generates significant press and industry interest.// ===
* 2 - Peak of Inflated Expectations+++^*[»] __© 2020 Gartner, Inc. and/or its affiliates:__
//During this phase of overenthusiasm and unrealistic projections, a flurry of well-publicized activity by technology leaders results in some successes, but more failures, as the technology is pushed to its limits. The only enterprises making money are conference organizers and magazine publishers.// ===
* 3 - Trough of Disillusionment+++^*[»] __© 2020 Gartner, Inc. and/or its affiliates:__
//Because the technology does not live up to its overinflated expectations, it rapidly becomes unfashionable. Media interest wanes, except for a few cautionary tales.// ===
* 4 - Slope of Enlightenment+++^*[»] __© 2020 Gartner, Inc. and/or its affiliates:__
//Focused experimentation and solid hard work by an increasingly diverse range of organizations lead to a true understanding of the technology's applicability, risks and benefits. Commercial off-the-shelf methodologies and tools ease the development process.// ===
* 5 - Plateau of Productivity+++^*[»] __© 2020 Gartner, Inc. and/or its affiliates:__
//The real-world benefits of the technology are demonstrated and accepted. Tools and methodologies are increasingly stable as they enter their second and third generations. Growing numbers of organizations feel comfortable with the reduced level of risk; the rapid growth phase of adoption begins. Approximately 20% of the technology's target audience has adopted or is adopting the technology as it enters this phase.// ===
An assessment is made on how long when a given technology to reach this 'Plateau of Productivity': less than 2 years, 2 to 5 years, 5 to 10 years, over 10 years, or never. Gartner named this "Years to Mainstream Adoption"+++^*[»] __© 2020 Gartner, Inc. and/or its affiliates:__
//The time required for the technology to reach the Plateau of Productivity.// ===
{{floatC{[img(600px,auto)[iCSF/K7HHC.png][iCSF/K7HHC.png]]
Cliquer pour élargir le graphique}}}
__Liens :__
* Lien de téléchargement du document Gartner "G00448013" après inscription sur le site de la société Fortanix ⇒ ''[[CloudSecurityAlliance.fr/go/k94b/|https://CloudSecurityAlliance.fr/go/k94b/]]''
<<tiddler [[arOund0C]]>>
!"//Get Quantum Ready//"
Article publié le 2 septembre 2020 — Rédigé par Maëva Ghonda+++^*[»] LinkedIn → [[maevaghonda|https://twitter.com/maevaghonda]] • Twitter → [[maevaghonda|https://twitter.com/maevaghonda]] ===, Co-Chair, CSA Blockchain and Distributed Ledger Technology Working Group; et Leighton Johnson, Member, CSA Blockchain Cybersecurity and Privacy Best Practices Group
<<<
[>img(150px,auto)[iCSA/K92BG.png]]//Blockchain transactions rely on the strength of the "hash" process for integrity control. What happens when this "hash" process is disrupted?
Quantum-enabled cryptographic protocols are rapidly evolving and expected to soon penetrate our digital ecosystems.+++^*[»]
* Fedorov, A.; Kiktenko, E.; Lvovsky, A. 2018. Quantum Computers Put Blockchain Security at Risk. Nature 563, 465-467. doi: 10.1038/d41586-018-07449-z.
** https://www.nature.com/articles/d41586-018-07449-z
* Quantum Key Distribution (QKD). European Union Quantum Flagship.
** https://qt.eu/understand/underlying-principles/quantum-key-distribution-qkd/
===
These quantum systems will impact the numerous industries that are increasingly using the power of blockchain to develop safe and secure applications.+++^*[»]
* Massey, R. and Pawczuk, L. 2019. Blockchain: Inspiring an Evolution in Commerce. Deloitte. https://www2.deloitte.com/us/en/pages/consulting/articles/future-of-blockchain.html
===
Thus, the dynamic security risk from the general use of classical hash necessitates the development of new cryptographic algorithms that improve a blockchain system's quantum resilience.//
[...]
<<<
__Liens :__
* Article sur le blog de la CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k92b/|https://CloudSecurityAlliance.fr/go/k92b/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/09/02/get-quantum-ready/
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202008>>
<<tiddler fAll2Tabs10 with: VeilleM","_202008>>
|!Date|!Sources|!Titres et Liens|!Keywords|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Août 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202008>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Août 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Août 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202008'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202008'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Août 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202008'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Août 2020]]>>
!//Shared Responsibility Model Explained//
[>img(150px,auto)[iCSA/K8QBS.jpg]]^^Article publié le 26 août 2020 sur le blog de la CSA, après l'avoir été sur le site de CloudPassage
__Lien :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8qx/|https://CloudSecurityAlliance.fr/go/k8qx/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/08/26/shared-responsibility-model-explained/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//3 Ways to Overcome Challenges in Vendor Risk Management//
[>img(150px,auto)[iCSA/K8PB3.jpg]]^^Article publié le 25 août 2020 sur le blog de la CSA, après l'avoir été sur le site de Whistic
__Lien :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8pw/|https://CloudSecurityAlliance.fr/go/k8pw/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/08/25/3-ways-to-overcome-challenges-in-vendor-risk-management/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Security Alliance's CASB Survey Finds Nearly 70% House Their Most Sensitive Data in Microsoft SharePoint Online/OneDrive//
[>img(150px,auto)[iCSA/K8PBC.jpg]]^^Article publié le 25 août 2020 sur le blog de la CSA, après l'avoir été sur le site de Proofpoint
__Lien :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8px/|https://CloudSecurityAlliance.fr/go/k8px/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/08/25/cloud-security-alliance-s-casb-survey-finds-nearly-70-house-their-most-sensitive-data-in-microsoft-sharepoint-online-onedrive/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Enabling Data Protection and Compliance in the G Suite Environment//
[>img(150px,auto)[iCSA/K8LBE.jpg]]^^Article publié le 21 août 2020 sur le blog de la CSA, après l'avoir été sur le site de CipherCloud
__Lien :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8lx/|https://CloudSecurityAlliance.fr/go/k8lx/]]'' %/
** https://cloudsecurityalliance.org/articles/enabling-data-protection-and-compliance-in-the-g-suite-environment/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//SaaS Security Series: Understanding Salesforce Administrative Permissions//
[>img(150px,auto)[iCSA/K8JBS.jpg]]^^Article publié le 19 août 2020 sur le blog de la CSA
__Lien :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8jx/|https://CloudSecurityAlliance.fr/go/k8jx/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/08/19/saas-security-series-understanding-salesforce-administrative-permissions/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Can Passwordless Authentication Be Trusted?//
[>img(150px,auto)[iCSA/K8HBC.jpg]]^^Article publié le 17 août 2020 sur le blog de la CSA, après l'avoir été le 14 juillet 2020 sur celui de Duo Security.
__Liens :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8hx/|https://CloudSecurityAlliance.fr/go/k8hx/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/08/17/can-passwordless-authentication-be-trusted/
* Blog Duo Security /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8hz/|https://CloudSecurityAlliance.fr/go/k8hz/]]'' %/
** https://duo.com/blog/can-passwordless-be-trusted
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//How to secure DevOps//
[>img(150px,auto)[iCSA/K8CBH.jpg]]^^Article publié le 12 août 2020 sur le blog de la CSA, après l'avoir été le 25 juin 2020 sur celui de Kaspersky.
__Liens :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8cx/|https://CloudSecurityAlliance.fr/go/k8cx/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/08/12/how-to-secure-devops/
* Blog Kaspersky /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8cz/|https://CloudSecurityAlliance.fr/go/k8cz/]]'' %/
** https://www.kaspersky.com/blog/devops-security-hybrid/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//CSA Study Finds While CASB Demand Is High, Additional Education Is Needed to Clarify Cloud Security Goals//"
[>img(150px,auto)[iCSA/K75PE.png]]^^Communiqué de presse tardif sur le résultat d'un sondage CSA sur l'évolution du CASB clos le 20 avril+++*[»]> <<tiddler [[2020.07.05 - Publication : 'Evolution of CASB Survey Report']]>>=== et publié le 5 juillet 2020.
Extraits :
<<<
//__More training, clear goals are needed to ensure companies get full effectiveness of cloud security access broker products__//
//SEATTLE - Aug. 11, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today the release of its latest survey report, The Evolution of the CASB. The study, which queried more than 200 IT and security professionals from a variety of organization sizes and locations, examined the expectations, technical implementations, and challenges of using cloud security access brokers (CASB). The results reveal unrealized gaps between the rate of implementation or operation and the effective use of the capabilities within the enterprise.
"//CASB solutions have been underutilized on all the pillars but in particular on the compliance, data security, and threat protection capabilities within the service,//" said Hillary Baron, lead author and research analyst, Cloud Security Alliance. //"It's clear that training and knowledge of how to use the products need to be made a priority if CASBs are to become effective as a service or solution."
[...]
//Further, more than 30% of respondents reported having to use multiple CASBs to meet their security needs and just over one-third (34%) find solution complexities an inhibitor in fully realizing the potential of CASB solutions. Overall, CASBs perform well for visibility and detecting behavior anomalies in the cloud but have yet to become practical as a tool for remediation or prevention.//
[...]
//Additionally, the report found that when it comes to utilizing CASBs, of those surveyed:
* 83% have security in the cloud as a top project for improvement
* 55% use their CASB to monitor user behaviors, while 53% use it to gain visibility into unauthorized access
* 38% of enterprises use their CASB for regulatory compliance while just 22% use it for internal compliance
* 55% of total respondents use multi-factor authentication that is provided by their identity provider as opposed to a standalone product in the cloud (20%)
//
<<<
__Lien :__
* Téléchargement du document (après inscription) → ''[[CloudSecurityAlliance.fr/go/k75p/|https://CloudSecurityAlliance.fr/go/k75p/]]'' /% https://cloudsecurityalliance.org/artifacts/evolution-of-casb-survey-report %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//You've passed your SOX audit, but is your cloud environment really secure?//
[>img(150px,auto)[iCSA/K8ABY.jpg]]^^Article publié le 10 août 2020 sur le blog de la CSA.
Il a été rédigé par Petrina Youhan, Director of Channel Partnerships and Services chez Hyperproof
__Liens :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8a2/|https://CloudSecurityAlliance.fr/go/k8a2/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/08/10/you-ve-passed-your-sox-audit-but-is-your-cloud-environment-really-secure/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Compliance is the Equal and Opposite Force to Digital Transformation…that's where DevOps comes in//
[>img(150px,auto)[iCSA/K87BC.jpg]][>img(auto,113px)[iCSF/K7PBO.png]]^^Article publié le 7 août 2020 sur le blog de la CSA, et sur le site de C2 Labs le 27 juillet 2020.
__Liens :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k87x/|https://CloudSecurityAlliance.fr/go/k87x/]]'' %/
** https://cloudsecurityalliance.org/articles/compliance-is-the-equal-and-opposite-force-to-digital-transformation-that-s-where-devops-comes-in/
* Site C2 Labs /% ⇒ ''[[CloudSecurityAlliance.fr/go/k87z/|https://CloudSecurityAlliance.fr/go/k87z/]]'' ù/
** https://www.c2labs.com/post/overcoming-the-equal-and-opposite-force-to-digital-transformation
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//A Better Than Remote Chance - More People Work from Home in Post COVID World//
[>img(150px,auto)[iCSA/K85BA.jpg]]^^Article publié le 5 août 2020 sur le blog de la CSA, et sur le site de CipherCloud le 27 juillet 2020.
__Liens :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k85x/|https://CloudSecurityAlliance.fr/go/k85x/]]'' %/
** https://cloudsecurityalliance.org/articles/a-better-than-remote-chance-more-people-work-from-home-in-post-covid-world/
* Site CipherCloud /% ⇒ ''[[CloudSecurityAlliance.fr/go/k85z/|https://CloudSecurityAlliance.fr/go/k85z/]]'' %/
** https://www.ciphercloud.com/a-better-than-remote-chance-more-people-work-from-home-in-post-covid-world/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Upending Old Assumptions in Security//
[>img(150px,auto)[iCSA/K83BU.jpg]]^^Article publié le 3 août 2020 sur le blog de la CSA, et sur le site de Duo Security le 1er juin 2020
__Liens :__
* Blog CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k83x/|https://CloudSecurityAlliance.fr/go/k83x/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/08/03/upending-old-assumptions-in-security/
* Site Duo Security /% ⇒ ''[[CloudSecurityAlliance.fr/go/k83z/|https://CloudSecurityAlliance.fr/go/k83z/]]'' %/
** https://duo.com/blog/upending-old-assumptions-in-security
^^[img(25%,1px)[iCSF/BluePixel.gif]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #79|2020.08.30 - Newsletter Hebdomadaire #79]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #79|2020.08.30 - Weekly Newsletter - #79]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.08.30 - Newsletter Hebdomadaire #79]]>> |<<tiddler [[2020.08.30 - Weekly Newsletter - #79]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 24 au 30 août 2020
!!1 - Informations CSA - 24 au 30 août 2020
* ''Répondez au sondage CSA sur l'adoption du Cloud'' en 2020+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* Blog : 'Blockchain et Quantique'+++^*[»] <<tiddler [[2020.08.28 - Blog : Blockchain et Quantique]]>>===
* Publication : ''NIST IR 8006 sur les enjeux du Forensique dans le Cloud''+++^*[»] <<tiddler [[2020.08.26 - Publication : NISTIR 8006 - Enjeux du Forensique dans le Cloud]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 50 liens|2020.08.30 - Veille Hebdomadaire - 30 août]])
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : Docker ciblé par le ver cryptomineur Cetus • Filoutage O365 via Box+++^*[»]
|2020.08.27|//Palo Alto Networks//|![[Cetus: Cryptojacking Worm Targeting Docker Daemons|https://unit42.paloaltonetworks.com/cetus-cryptojacking-worm/]] |Docker Worm|
|>|!|>||
|2020.08.25|//ArmorBlox//|[[Blox Tales #14: Credential Phishing Hosted on Box|https://www.armorblox.com/blog/blox-tales-credential-phishing-hosted-on-box/]]|Phishing O365 Box|
|2020.08.25|BetaNews| → [[New phishing attack tries to steal Office 365 credentials via Box|https://betanews.com/2020/08/25/office-365-box-phishing/]]|Phishing O365 Box|
===
** Incidents : Retour sur le sabotage contre l'infrastructure Cloud de Cisco en septembre 2018+++^*[»]
|2020.08.26|U.S. Attorney's Office|[[San Jose Man Pleads Guilty To Damaging Cisco's Network|https://www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network]]|Sabotage Cisco 2018.09|
|2020.07.31|U.S. Attorney's Office| → [[document préliminaire|https://www.courtlistener.com/recap/gov.uscourts.cand.362365/gov.uscourts.cand.362365.9.0.pdf]] (pdf)|Sabotage Cisco 2018.09|
|2020.08.30|Hack Read| → [[Ex-employee hacked Cisco's AWS Infrastructure; erased virtual machines|https://www.hackread.com/ex-employee-hacked-cisco-cloud-erased-virtual-machines/]]|Sabotage Cisco 2018.09|
===
** Menaces : Ciblage des comptes AWS+++^*[»]
|2020.08.24|//KnowBe4//|[[An Embarrassment of Riches: Malicious Actors Target AWS Accounts|https://blog.knowbe4.com/an-embarrassment-of-riches-malicious-actors-target-aws-accounts]]|AWS Phishing|
===
** Fuites de données : Encore des Buckets S3 mal configurés+++^*[»]
|2020.08.26|CISO Mag|[[Misconfigured AWS S3 Bucket Exposes PII of up to 350,000 SSL247 Customers|https://cisomag.eccouncil.org/misconfigured-aws-s3-bucket/]]|AWS_S3 Data_Leak|
|2020.08.26|vpnMentor| → [[Report of SSL247 Breach|https://www.vpnmentor.com/blog/report-ssl247-breach/]]|AWS_S3 Data_Leak|
===
** Pannes : M365 et Zoom le 24 août • Bilan de la panne GCP du 19 août+++^*[»]
|2020.08.24|Bleeping Computer|[[Microsoft 365 Admin Portal is down, Office 365 services also affected|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-admin-portal-is-down-office-365-services-also-affected/]]|Outage M365|
|2020.08.24|Bleeping Computer|[[Zoom went down and schools got a digital snow day|https://www.bleepingcomputer.com/news/technology/zoom-went-down-and-schools-got-a-digital-snow-day/]]|Outage Zoom|
|>|!|>||
|2020.08.19|//Google Cloud//|[[Google Cloud Issue Summary Multiple Products - 2020-08-19|https://static.googleusercontent.com/media/www.google.com/en//appsstatus/ir/bd9m3vkqwpvkk4j.pdf]] (pdf)|Outage GCP|
|2020.08.25|The Register| → [[Mysterious metadata monster swamped Google's blobs and crashed its cloud|https://www.theregister.com/2020/08/25/gmail_outage_root_cause/]]|Outage GCP|
===
* __Bonnes Pratiques, Techniques de Détection__
** Bonnes pratiques : Règles de cyber-hygiène pour AWS+++^*[»]
|2020.08.27|//InterVision//|[[3 Tips for Cyber Hygiene in an AWS Environment|https://vmblog.com/archive/2020/08/27/3-tips-for-cyber-hygiene-in-an-aws-environment.aspx]]|AWS Best_Practices|
===
** Techniques de détection : Malware 'Doki' sur Linux • Attaque contre Kubernetes • Malware dans Azure+++^*[»]
|2020.08.24|Container Journal|[[Protecting Containers Against 'Doki' Malware|https://containerjournal.com/topics/container-security/protecting-containers-against-doki-malware/]]|Doki Malware|
|2020.08.26|//SentinelOne//|[[Defeating 'Doki' Malware and Container Escapes with Advanced Linux Behavioral Detection|https://www.sentinelone.com/blog/defeating-doki-malware-and-container-escapes-with-advanced-linux-behavioral-detection/]]|Malware Doki|
|>|!|>||
|2020.08.25|//Anchore//|![[3 Best Practices for Detecting Attack Vectors on Kubernetes Containers|https://anchore.com/blog/3-best-practices-for-detecting-attack-vectors-on-kubernetes-containers/]] |K8s Best_Practices|
|2020.08.24|SANS|[[Detecting and Locking Down Network-Based Malware in Azure|https://www.sans.org/blog/detecting-and-locking-down-network-based-malware-in-azure?msc=rss]]|Azure Malware Detection|
===
* __Rapports, Sondages, Études, Publications__
** Rapports : '2020 Under the Hoodie Report' (//Rapid7//)+++^*[»]
|2020.08.26|//Rapid7//|![[Rapid7 Releases 2020 Under the Hoodie Report: Lessons Learned from a Year of Penetration Tests|https://blog.rapid7.com/2020/08/26/rapid7-releases-2020-under-the-hoodie-report-lessons-learned-from-a-year-of-penetration-tests/]] |Report|
|2020.08.26|//Rapid7//| → [[Under the Hoodie - 2020 Research Report|https://www.rapid7.com/research/reports/under-the-hoodie-2020/]]|Report|
|2020.08.26|Dark Reading| → [[With More Use of Cloud, Passwords Become Even Weaker Link|https://www.darkreading.com/application-security/with-more-use-of-cloud-passwords-become-even-weaker-link/d/d-id/1338761]]|Report|
===
** Publication : NIST IR 8006 sur les analyses forensique dans le Cloud+++^*[»]
|2020.08.26|NIST|![[NIST IR 8006 : Cloud Computing Forensic Science Challenges|https://csrc.nist.gov/publications/detail/nistir/8006/final]] |NIST Forensics|
|2020.08.27|NextGov| → [[NIST Calls for Standards to Improve Forensic Capabilities in the Cloud|https://www.nextgov.com/it-modernization/2020/08/nist-calls-standards-improve-forensic-capabilities-cloud/168051/]]|NIST Forensics|
===
* __Cloud Services Providers, Outils__
** AWS : Journalisation des requêtes DNS • Approche de la gouvernance+++^*[»]
|2020.08.27|//Amazon AWS//|![[Log your VPC DNS queries with Route 53 Resolver Query Logs|https://aws.amazon.com/blogs/aws/log-your-vpc-dns-queries-with-route-53-resolver-query-logs/]] |AWS DNS Logging|
|2020.08.25|//Amazon AWS//|[[How to think about cloud security governance|https://aws.amazon.com/blogs/security/how-to-think-about-cloud-security-governance/]]|AWS Governance|
===
** Azure : Automatisation du reporting • Sandbox pour les pièces jointes dans O365+++^*[»]
|2020.05.06|SecureCloudBlog|[[Project Log 0: Automating Azure Security Reports With AZSK, NodeJS and PS|https://securecloud.blog/2020/05/06/project-log-0-automating-azure-security-reports-with-azsk-nodejs-and-ps/]] (1/3)|Azure Reporting|
|2020.08.14|SecureCloudBlog|[[Project Log Part 2: Automating Azure Security Reports - NodeJS API for AZSK|https://securecloud.blog/2020/08/14/project-log-part-2-automating-azure-security-reports-nodejs-api-for-azsk/]] (2/3)|Azure Reporting|
|2020.08.29|SecureCloudBlog|[[Project Log Part 3: Automating Azure Security Reports - Combining Subscription and resource security results|https://securecloud.blog/2020/08/29/project-log-part-3-automating-azure-security-reports-combining-subscription-and-resource-security-results/]] (3/3)|Azure Reporting|
|2020.08.24|Bleeping Computer|[[Office 365 now opens attachments in a sandbox to prevent infections|https://www.bleepingcomputer.com/news/security/office-365-now-opens-attachments-in-a-sandbox-to-prevent-infections/]]|O365 Attachments|
===
** GCP : Détournement de jetons OAuth+++^*[»]
|2020.08.07|//Netskope//|[[GCP OAuth Token Hijacking in Google Cloud - Part 1|https://www.netskope.com/blog/gcp-oauth-token-hijacking-in-google-cloud-part-1]] (1/2)|GCP OAuth Attack|
|2020.08.25|//Netskope//|[[GCP OAuth Token Hijacking in Google Cloud - Part 2|https://www.netskope.com/blog/gcp-oauth-token-hijacking-in-google-cloud-part-2]] (2/2)|GCP OAuth Attack|
===
** Kubernetes : Sécurisation de clusters+++^*[»]
|2020.08.27|//TrendMicro//|[[The Basics of Keeping Kubernetes Clusters Secure|https://www.trendmicro.com/vinfo/us/security/news/security-technology/the-basics-of-keeping-your-kubernetes-cluster-secure-part-1) - Read more (https://www.trendmicro.com/vinfo/us/security/news/security-technology/the-basics-of-keeping-your-kubernetes-cluster-secure-part-1]]|K8s|
===
* __Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'__
** Podcasts : CSPM dans le 'Cloud Security Podcast'+++^*[»]
|2020.08.30|Cloud Security Podcast|[[Cloud Security Posture Management - CSPM - Gaurav Kumar|https://anchor.fm/cloudsecuritypodcast/episodes/CLOUD-SECURITY-POSTURE-MANAGEMENT---CSPM---GAURAV-KUMAR-eis787]]|Podcast CSPM|
===
** Veilles : TL;DR Security #49 • The Cloud Security Reading List #52+++^*[»]
|2020.08.30|Marco Lancini|[[The Cloud Security Reading List #52|https://cloudseclist.com/issues/issue-52/]] |Weekly_Newsletter|
|2020.08.26|TL;DR Security|[[#49 - Web Cache Entanglement, Finding a Mentor, Build Tools Around Workflows|https://tldrsec.com/blog/tldr-sec-049/]]|Weekly_Newsletter|
===
* __Marché, Acquisitions__
** Marché : Positionnement de Docker+++^*[»]
|2020.08.24|Docker|![[Scaling Docker's Business to Serve Millions More Developers: Storage|https://www.docker.com/blog/scaling-dockers-business-to-serve-millions-more-developers-storage/]] (1/2) |Storage Dimensionning|
|2020.08.24|Docker|![[Scaling Docker to Serve Millions More Developers: Network Egress|https://www.docker.com/blog/scaling-docker-to-serve-millions-more-developers-network-egress/]] (2/2) |Storage Filtering|
|2020.08.24|The Register| → [[Docker blocker: Container crew takes on The 1%... of anonymous download whales|https://www.theregister.com/2020/08/25/docker_rate_limits/]]|Storage|
===
** Acquisitions : Signal Sciences par Fastly+++^*[»]
|2020.08.27|//Signal Sciences//|[[Fastly to Acquire Signal Sciences|https://www.signalsciences.com/blog/fastly-to-acquire-signal-sciences/]]|Acquisition|
|2020.08.28|MSSP Alert| → [[Fastly Acquires Web App Security, API Provider Signal Sciences|https://www.msspalert.com/investments/fastly-acquires-web-app-security-api-provider-signal-sciences/]]|Acquisition|
===
* __Divers__
** Outils: Litmus Chaos pour Kubernetes+++^*[»]
|2020.08.28|Cloud Native Computing Foundation|[[Introduction to LitmusChaos|https://www.cncf.io/blog/2020/08/28/introduction-to-litmuschaos/]]|K8s Chaos|
===
** Réflexions : Anton Chuvakin sur la notion de confiance externalisée • Le Cloud public entre dans les Data Centers+++^*[»]
|2020.08.26|Anton Chuvakin|![[On Externalizing Cloud Trust|https://medium.com/anton-on-security/on-externalizing-cloud-trust-c4c5f282a7b6]] |Trust|
|2020.08.29|Security and Cloud 24/7|[[The Public Cloud is Coming to Your Local Data Center|https://security-24-7.com/the-public-cloud-is-coming-to-your-local-data-center/]]|Public_Cloud|
===
!!3 - Agenda
* __Septembre 2020__
** ''8 au 25'' → CSA : ''[[Webinaires 'SECtember Experience'|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
** ''23 au 24'' → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K8U/|https://CloudSecurityAlliance.fr/go/K8U/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - August 24th to 30th, 2020
!!1 - CSA News and Updates - August 24th to 30th, 2020
* ''Fill in the new CSA survey on Cloud Adoption in 2020''+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* Blog : 'Quantum-Safe Blockchain'+++^*[»] <<tiddler [[2020.08.28 - Blog : Blockchain et Quantique]]>>===
* Publication : ''NIST IR 8006 - Cloud Computing Forensic Science Challenges''+++^*[»] <<tiddler [[2020.08.26 - Publication : NISTIR 8006 - Enjeux du Forensique dans le Cloud]]>>===
!!2 - Cloud and Security News Watch ([[over 50 links|2020.08.30 - Veille Hebdomadaire - 30 août]])
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: Cetus Cryptojacking Worm Targets Docker • O365 Phishing Hosted on Box+++^*[»]
|2020.08.27|//Palo Alto Networks//|![[Cetus: Cryptojacking Worm Targeting Docker Daemons|https://unit42.paloaltonetworks.com/cetus-cryptojacking-worm/]] |Docker Worm|
|>|!|>||
|2020.08.25|//ArmorBlox//|[[Blox Tales #14: Credential Phishing Hosted on Box|https://www.armorblox.com/blog/blox-tales-credential-phishing-hosted-on-box/]]|Phishing O365 Box|
|2020.08.25|BetaNews| → [[New phishing attack tries to steal Office 365 credentials via Box|https://betanews.com/2020/08/25/office-365-box-phishing/]]|Phishing O365 Box|
===
** Incidents: Follow-Up on the September 2018 Sabotage on Cisco's AWS Infrastructure+++^*[»]
|2020.08.26|U.S. Attorney's Office|[[San Jose Man Pleads Guilty To Damaging Cisco's Network|https://www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network]]|Sabotage Cisco 2018.09|
|2020.07.31|U.S. Attorney's Office| → [[document préliminaire|https://www.courtlistener.com/recap/gov.uscourts.cand.362365/gov.uscourts.cand.362365.9.0.pdf]] (pdf)|Sabotage Cisco 2018.09|
|2020.08.30|Hack Read| → [[Ex-employee hacked Cisco's AWS Infrastructure; erased virtual machines|https://www.hackread.com/ex-employee-hacked-cisco-cloud-erased-virtual-machines/]]|Sabotage Cisco 2018.09|
===
** Threats: AWS Accounts Targeted+++^*[»]
|2020.08.24|//KnowBe4//|[[An Embarrassment of Riches: Malicious Actors Target AWS Accounts|https://blog.knowbe4.com/an-embarrassment-of-riches-malicious-actors-target-aws-accounts]]|AWS Phishing|
===
** Leaks: Misconfigured AWS S3 Bucket (again)+++^*[»]
|2020.08.26|CISO Mag|[[Misconfigured AWS S3 Bucket Exposes PII of up to 350,000 SSL247 Customers|https://cisomag.eccouncil.org/misconfigured-aws-s3-bucket/]]|AWS_S3 Data_Leak|
|2020.08.26|vpnMentor| → [[Report of SSL247 Breach|https://www.vpnmentor.com/blog/report-ssl247-breach/]]|AWS_S3 Data_Leak|
===
** Outages: M365 and Zoom (24th) • Follow-Up on the GCP Outage (19th)+++^*[»]
|2020.08.24|Bleeping Computer|[[Microsoft 365 Admin Portal is down, Office 365 services also affected|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-admin-portal-is-down-office-365-services-also-affected/]]|Outage M365|
|2020.08.24|Bleeping Computer|[[Zoom went down and schools got a digital snow day|https://www.bleepingcomputer.com/news/technology/zoom-went-down-and-schools-got-a-digital-snow-day/]]|Outage Zoom|
|>|!|>||
|2020.08.19|//Google Cloud//|[[Google Cloud Issue Summary Multiple Products - 2020-08-19|https://static.googleusercontent.com/media/www.google.com/en//appsstatus/ir/bd9m3vkqwpvkk4j.pdf]] (pdf)|Outage GCP|
|2020.08.25|The Register| → [[Mysterious metadata monster swamped Google's blobs and crashed its cloud|https://www.theregister.com/2020/08/25/gmail_outage_root_cause/]]|Outage GCP|
===
* __Best Practices, and Detection__
** Best Practices: Tips for Cyber Hygiene in an AWS Environment+++^*[»]
|2020.08.27|//InterVision//|[[3 Tips for Cyber Hygiene in an AWS Environment|https://vmblog.com/archive/2020/08/27/3-tips-for-cyber-hygiene-in-an-aws-environment.aspx]]|AWS Best_Practices|
===
** Detection: 'Doki' Malware on • Attack Vectors on Kubernetes Containers • Network-Based Malware in Azure+++^*[»]
|2020.08.24|Container Journal|[[Protecting Containers Against 'Doki' Malware|https://containerjournal.com/topics/container-security/protecting-containers-against-doki-malware/]]|Doki Malware|
|2020.08.26|//SentinelOne//|[[Defeating 'Doki' Malware and Container Escapes with Advanced Linux Behavioral Detection|https://www.sentinelone.com/blog/defeating-doki-malware-and-container-escapes-with-advanced-linux-behavioral-detection/]]|Malware Doki|
|>|!|>||
|2020.08.25|//Anchore//|![[3 Best Practices for Detecting Attack Vectors on Kubernetes Containers|https://anchore.com/blog/3-best-practices-for-detecting-attack-vectors-on-kubernetes-containers/]] |K8s Best_Practices|
|2020.08.24|SANS|[[Detecting and Locking Down Network-Based Malware in Azure|https://www.sans.org/blog/detecting-and-locking-down-network-based-malware-in-azure?msc=rss]]|Azure Malware Detection|
===
* __Reports, Surveys, Studies, Publications__
** Reports: '2020 Under the Hoodie Report' (//Rapid7//)+++^*[»]
|2020.08.26|//Rapid7//|![[Rapid7 Releases 2020 Under the Hoodie Report: Lessons Learned from a Year of Penetration Tests|https://blog.rapid7.com/2020/08/26/rapid7-releases-2020-under-the-hoodie-report-lessons-learned-from-a-year-of-penetration-tests/]] |Report|
|2020.08.26|//Rapid7//| → [[Under the Hoodie - 2020 Research Report|https://www.rapid7.com/research/reports/under-the-hoodie-2020/]]|Report|
|2020.08.26|Dark Reading| → [[With More Use of Cloud, Passwords Become Even Weaker Link|https://www.darkreading.com/application-security/with-more-use-of-cloud-passwords-become-even-weaker-link/d/d-id/1338761]]|Report|
===
** Publication: NIST IR 8006 on Cloud Computing Forensic Science Challenges+++^*[»]
|2020.08.26|NIST|![[NIST IR 8006 : Cloud Computing Forensic Science Challenges|https://csrc.nist.gov/publications/detail/nistir/8006/final]] |NIST Forensics|
|2020.08.27|NextGov| → [[NIST Calls for Standards to Improve Forensic Capabilities in the Cloud|https://www.nextgov.com/it-modernization/2020/08/nist-calls-standards-improve-forensic-capabilities-cloud/168051/]]|NIST Forensics|
===
* __Cloud Services Providers, Tools__
** AWS: DNS Queries Logging • About Cloud Security Governance+++^*[»]
|2020.08.27|//Amazon AWS//|![[Log your VPC DNS queries with Route 53 Resolver Query Logs|https://aws.amazon.com/blogs/aws/log-your-vpc-dns-queries-with-route-53-resolver-query-logs/]] |AWS DNS Logging|
|2020.08.25|//Amazon AWS//|[[How to think about cloud security governance|https://aws.amazon.com/blogs/security/how-to-think-about-cloud-security-governance/]]|AWS Governance|
===
** Azure: Automating Azure Security Reports • Sandbox for O365 Attachments+++^*[»]
|2020.05.06|SecureCloudBlog|[[Project Log 0: Automating Azure Security Reports With AZSK, NodeJS and PS|https://securecloud.blog/2020/05/06/project-log-0-automating-azure-security-reports-with-azsk-nodejs-and-ps/]] (1/3)|Azure Reporting|
|2020.08.14|SecureCloudBlog|[[Project Log Part 2: Automating Azure Security Reports - NodeJS API for AZSK|https://securecloud.blog/2020/08/14/project-log-part-2-automating-azure-security-reports-nodejs-api-for-azsk/]] (2/3)|Azure Reporting|
|2020.08.29|SecureCloudBlog|[[Project Log Part 3: Automating Azure Security Reports - Combining Subscription and resource security results|https://securecloud.blog/2020/08/29/project-log-part-3-automating-azure-security-reports-combining-subscription-and-resource-security-results/]] (3/3)|Azure Reporting|
|2020.08.24|Bleeping Computer|[[Office 365 now opens attachments in a sandbox to prevent infections|https://www.bleepingcomputer.com/news/security/office-365-now-opens-attachments-in-a-sandbox-to-prevent-infections/]]|O365 Attachments|
===
** GCP: OAuth Token Hijacking+++^*[»]
|2020.08.07|//Netskope//|[[GCP OAuth Token Hijacking in Google Cloud - Part 1|https://www.netskope.com/blog/gcp-oauth-token-hijacking-in-google-cloud-part-1]] (1/2)|GCP OAuth Attack|
|2020.08.25|//Netskope//|[[GCP OAuth Token Hijacking in Google Cloud - Part 2|https://www.netskope.com/blog/gcp-oauth-token-hijacking-in-google-cloud-part-2]] (2/2)|GCP OAuth Attack|
===
** Kubernetes: Keeping Kubernetes Clusters Secure+++^*[»]
|2020.08.27|//TrendMicro//|[[The Basics of Keeping Kubernetes Clusters Secure|https://www.trendmicro.com/vinfo/us/security/news/security-technology/the-basics-of-keeping-your-kubernetes-cluster-secure-part-1) - Read more (https://www.trendmicro.com/vinfo/us/security/news/security-technology/the-basics-of-keeping-your-kubernetes-cluster-secure-part-1]]|K8s|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcasts: 'Cloud Security Podcast' about CSPM+++^*[»]
|2020.08.30|Cloud Security Podcast|[[Cloud Security Posture Management - CSPM - Gaurav Kumar|https://anchor.fm/cloudsecuritypodcast/episodes/CLOUD-SECURITY-POSTURE-MANAGEMENT---CSPM---GAURAV-KUMAR-eis787]]|Podcast CSPM|
===
** Newsletters: TL;DR Security #49 • The Cloud Security Reading List #52+++^*[»]
|2020.08.30|Marco Lancini|[[The Cloud Security Reading List #52|https://cloudseclist.com/issues/issue-52/]] |Weekly_Newsletter|
|2020.08.26|TL;DR Security|[[#49 - Web Cache Entanglement, Finding a Mentor, Build Tools Around Workflows|https://tldrsec.com/blog/tldr-sec-049/]]|Weekly_Newsletter|
===
* __Market, Acquisitions__
** Market: Scaling Docker's Business+++^*[»]
|2020.08.24|Docker|![[Scaling Docker's Business to Serve Millions More Developers: Storage|https://www.docker.com/blog/scaling-dockers-business-to-serve-millions-more-developers-storage/]] (1/2) |Storage Dimensionning|
|2020.08.24|Docker|![[Scaling Docker to Serve Millions More Developers: Network Egress|https://www.docker.com/blog/scaling-docker-to-serve-millions-more-developers-network-egress/]] (2/2) |Storage Filtering|
|2020.08.24|The Register| → [[Docker blocker: Container crew takes on The 1%... of anonymous download whales|https://www.theregister.com/2020/08/25/docker_rate_limits/]]|Storage|
===
** Acquisitions: Signal Sciences by Fastly+++^*[»]
|2020.08.27|//Signal Sciences//|[[Fastly to Acquire Signal Sciences|https://www.signalsciences.com/blog/fastly-to-acquire-signal-sciences/]]|Acquisition|
|2020.08.28|MSSP Alert| → [[Fastly Acquires Web App Security, API Provider Signal Sciences|https://www.msspalert.com/investments/fastly-acquires-web-app-security-api-provider-signal-sciences/]]|Acquisition|
===
* __Miscellaneous__
** Tools: Litmus Chaos for Kubernetes+++^*[»]
|2020.08.28|Cloud Native Computing Foundation|[[Introduction to LitmusChaos|https://www.cncf.io/blog/2020/08/28/introduction-to-litmuschaos/]]|K8s Chaos|
===
** Opinions: Anton Chuvakin on Externalizing Cloud Trust • Public Cloud Entering Data Center+++^*[»]
|2020.08.26|Anton Chuvakin|![[On Externalizing Cloud Trust|https://medium.com/anton-on-security/on-externalizing-cloud-trust-c4c5f282a7b6]] |Trust|
|2020.08.29|Security and Cloud 24/7|[[The Public Cloud is Coming to Your Local Data Center|https://security-24-7.com/the-public-cloud-is-coming-to-your-local-data-center/]]|Public_Cloud|
===
!!3 - Agenda
* __September 2020__
** ''8 / 25'' → CSA : ''[['SECtember Experience' Webinars|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
** ''23 / 24'' → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K8U/|https://CloudSecurityAlliance.fr/go/K8U/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 30 août 2020
|!Août|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.08.30|
|2020.08.30|Marco Lancini|[[The Cloud Security Reading List #52|https://cloudseclist.com/issues/issue-52/]] |Weekly_Newsletter|
|2020.08.30|Cloud Security Podcast|[[Cloud Security Posture Management - CSPM - Gaurav Kumar|https://anchor.fm/cloudsecuritypodcast/episodes/CLOUD-SECURITY-POSTURE-MANAGEMENT---CSPM---GAURAV-KUMAR-eis787]]|Podcast CSPM|
|2020.08.30|SANS|[[Fight or Flight: Moving Smalland Medium Businesses intothe Cloud During a MajorIncident|https://www.sans.org/reading-room/whitepapers/incident/fight-flight-moving-small-medium-businesses-cloud-major-incident-39840]]|Incident_Handling|
|2020.08.30|//Luminousmen//|[[Kubernetes 101|https://luminousmen.com/post/kubernetes-101]]|K8s|
|>|>|>|!2020.08.29|
|2020.08.29|Security and Cloud 24/7|[[The Public Cloud is Coming to Your Local Data Center|https://security-24-7.com/the-public-cloud-is-coming-to-your-local-data-center/]]|Public_Cloud|
|2020.08.29|SecureCloudBlog|[[Project Log Part 3: Automating Azure Security Reports - Combining Subscription and resource security results|https://securecloud.blog/2020/08/29/project-log-part-3-automating-azure-security-reports-combining-subscription-and-resource-security-results/]] (3/3)|Azure Reporting|
|2020.08.29|Ned in the Cloud|[[Use HashiCorp Vault AWS engine with multiple accounts|https://nedinthecloud.com/2020/08/29/use-hashicorp-vault-aws-engine-with-multiple-accounts/]]|AWS Vault HashiCorp|
|>|>|>|!2020.08.28|
|2020.08.28|Cloud Native Computing Foundation|[[Introduction to LitmusChaos|https://www.cncf.io/blog/2020/08/28/introduction-to-litmuschaos/]]|K8s Chaos|
|2020.08.28|//Amazon AWS//|[[How to use trust policies with IAM roles|https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/]]|AWS IAM|
|2020.08.28|//Rapid7//|[[NICER Protocol Deep Dive: Secure Shell (SSH)|https://blog.rapid7.com/2020/08/28/nicer-protocol-deep-dive-secure-shell-ssh/]]|Report NICER SSH|
|>|>|>|!2020.08.27|
|2020.08.27|//AWS//|[[AWS Well-Architected Framework Security Design Principles|https://wa.aws.amazon.com/wat.pillar.security.en.html]]|Framework|
|2020.08.27|//Gartner//|[[Top Actions From Gartner Hype Cycle for Cloud Security, 2020|https://www.gartner.com/smarterwithgartner/top-actions-from-gartner-hype-cycle-for-cloud-security-2020/]]|Gartner Hype_Cycle|
|2020.08.27|//Palo Alto Networks//|![[Cetus: Cryptojacking Worm Targeting Docker Daemons|https://unit42.paloaltonetworks.com/cetus-cryptojacking-worm/]] |Docker Worm|
|2020.08.27|//TrendMicro//|[[The Basics of Keeping Kubernetes Clusters Secure|https://www.trendmicro.com/vinfo/us/security/news/security-technology/the-basics-of-keeping-your-kubernetes-cluster-secure-part-1) - Read more (https://www.trendmicro.com/vinfo/us/security/news/security-technology/the-basics-of-keeping-your-kubernetes-cluster-secure-part-1]]|K8s|
|2020.08.27|//Microsoft//|[[Microsoft Zero Trust deployment guide for your applications|https://www.microsoft.com/security/blog/2020/08/27/zero-trust-deployment-guide-microsoft-applications/]]|Zero_Trust|
|2020.08.27|//Oracle Cloud//|[[Leveraging the NIST Cybersecurity Framework for DevSecOps||https://blogs.oracle.com/cloudsecurity/leveraging-the-nist-cybersecurity-framework-for-devsecops]]|DevSecOps NIST|
|2020.08.27|//InterVision//|[[3 Tips for Cyber Hygiene in an AWS Environment|https://vmblog.com/archive/2020/08/27/3-tips-for-cyber-hygiene-in-an-aws-environment.aspx]]|AWS Best_Practices|
|2020.08.27|//Bitglass//|[[Bitglass Awarded Fundamental Patent for Cloud Access Control|https://vmblog.com/archive/2020/08/27/bitglass-awarded-fundamental-patent-for-cloud-access-control.aspx]]|Patent|
|2020.08.25|U.S. Patent| → [[No. 10,757,090: Secure application access system|http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=bitglass.AANM.&OS=AANM/bitglass&RS=AANM/bitglass]]|Patent|
|2020.08.27|//Signal Sciences//|[[Fastly to Acquire Signal Sciences|https://www.signalsciences.com/blog/fastly-to-acquire-signal-sciences/]]|Acquisition|
|2020.08.28|MSSP Alert| → [[Fastly Acquires Web App Security, API Provider Signal Sciences|https://www.msspalert.com/investments/fastly-acquires-web-app-security-api-provider-signal-sciences/]]|Acquisition|
|2020.08.27|//Amazon AWS//|![[Log your VPC DNS queries with Route 53 Resolver Query Logs|https://aws.amazon.com/blogs/aws/log-your-vpc-dns-queries-with-route-53-resolver-query-logs/]] |AWS DNS Logging|
|2020.08.27|//GitHub//|[[Secure at every step: Putting DevSecOps into practice with code scanning |https://github.blog/2020-08-27-secure-at-every-step-putting-devsecops-into-practice-with-code-scanning/]] (2/3)|DevSecOps|
|2020.08.27|//UpGuard//|[[What Are Cloud Leaks?|https://www.upguard.com/blog/what-are-cloud-leaks]] (mise à jour)|Data_Leaks|
|>|>|>|!2020.08.26|
|2020.08.26|NIST|![[NIST IR 8006 : Cloud Computing Forensic Science Challenges|https://csrc.nist.gov/publications/detail/nistir/8006/final]] |NIST Forensics|
|2020.08.27|NextGov| → [[NIST Calls for Standards to Improve Forensic Capabilities in the Cloud|https://www.nextgov.com/it-modernization/2020/08/nist-calls-standards-improve-forensic-capabilities-cloud/168051/]]|NIST Forensics|
|2020.08.26|Anton Chuvakin|![[On Externalizing Cloud Trust|https://medium.com/anton-on-security/on-externalizing-cloud-trust-c4c5f282a7b6]] |Trust|
|2020.08.26|TL;DR Security|[[#49 - Web Cache Entanglement, Finding a Mentor, Build Tools Around Workflows|https://tldrsec.com/blog/tldr-sec-049/]]|Weekly_Newsletter|
|2020.08.26|U.S. Attorney's Office|[[San Jose Man Pleads Guilty To Damaging Cisco's Network|https://www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network]]|Sabotage Cisco 2018.09|
|2020.07.31|U.S. Attorney's Office| → [[document préliminaire|https://www.courtlistener.com/recap/gov.uscourts.cand.362365/gov.uscourts.cand.362365.9.0.pdf]] (pdf)|Sabotage Cisco 2018.09|
|2020.08.30|Hack Read| → [[Ex-employee hacked Cisco's AWS Infrastructure; erased virtual machines|https://www.hackread.com/ex-employee-hacked-cisco-cloud-erased-virtual-machines/]]|Sabotage Cisco 2018.09|
|2020.08.26|Dark Reading|[[The 'Shared Responsibility' Misnomer: Why the Cloud Continues to Confound|https://www.darkreading.com/cloud/the-shared-responsibility-misnomer-why-the-cloud-continues-to-confound/a/d-id/1338710]]|Shared_Responsibility|
|2020.08.26|CISO Mag|[[Misconfigured AWS S3 Bucket Exposes PII of up to 350,000 SSL247 Customers|https://cisomag.eccouncil.org/misconfigured-aws-s3-bucket/]]|AWS_S3 Data_Leak|
|2020.08.26|vpnMentor| → [[Report of SSL247 Breach|https://www.vpnmentor.com/blog/report-ssl247-breach/]]|AWS_S3 Data_Leak|
|2020.08.26|Ezequiel Pereira|[[Auth bypass: Leaking Google Cloud service accounts and projects|https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html]]|GCP Flaw|
|2020.08.26|DZone|[[How to Give Access to AWS Resources Without Creating 100s of IAM Users|https://dzone.com/articles/how-to-give-access-to-aws-resources-without-creati]]|AWS IAM|
|2020.08.26|//Rapid7//|![[Rapid7 Releases 2020 Under the Hoodie Report: Lessons Learned from a Year of Penetration Tests|https://blog.rapid7.com/2020/08/26/rapid7-releases-2020-under-the-hoodie-report-lessons-learned-from-a-year-of-penetration-tests/]] |Report|
|2020.08.26|//Rapid7//| → [[Under the Hoodie - 2020 Research Report|https://www.rapid7.com/research/reports/under-the-hoodie-2020/]]|Report|
|2020.08.26|Dark Reading| → [[With More Use of Cloud, Passwords Become Even Weaker Link|https://www.darkreading.com/application-security/with-more-use-of-cloud-passwords-become-even-weaker-link/d/d-id/1338761]]|Report|
|2020.08.26|//SentinelOne//|[[Defeating 'Doki' Malware and Container Escapes with Advanced Linux Behavioral Detection|https://www.sentinelone.com/blog/defeating-doki-malware-and-container-escapes-with-advanced-linux-behavioral-detection/]]|Malware Doki|
|>|>|>|!2020.08.25|
|2020.08.25|//ArmorBlox//|[[Blox Tales #14: Credential Phishing Hosted on Box|https://www.armorblox.com/blog/blox-tales-credential-phishing-hosted-on-box/]]|Phishing O365 Box|
|2020.08.25|BetaNews| → [[New phishing attack tries to steal Office 365 credentials via Box|https://betanews.com/2020/08/25/office-365-box-phishing/]]|Phishing O365 Box|
|2020.08.25|//Amazon AWS//|[[How to think about cloud security governance|https://aws.amazon.com/blogs/security/how-to-think-about-cloud-security-governance/]]|AWS Governance|
|2020.08.25|//Anchore//|![[3 Best Practices for Detecting Attack Vectors on Kubernetes Containers|https://anchore.com/blog/3-best-practices-for-detecting-attack-vectors-on-kubernetes-containers/]] |K8s Best_Practices|
|2020.08.25|//DivvyCloud//|[[Conflicting News in Cloud Security - Are Data Breaches Down?|https://divvycloud.com/conflicting-news-in-cloud-security/]]|Data_Breaches|
|2020.08.25|//Cloud Intelligent Management//|[[On-Premises vs Cloud Storage - Which is best for end-customers?|https://blogs.centilytics.com/on-prem-or-cloud-storage-which-is-best-for-you/]]|Storage|
|2020.08.25|//Netskope//|[[GCP OAuth Token Hijacking in Google Cloud - Part 2|https://www.netskope.com/blog/gcp-oauth-token-hijacking-in-google-cloud-part-2]] (2/2)|GCP OAuth Attack|
|2020.08.25|//Microsoft Azure//|[[Become an Azure Security Center Ninja|https://techcommunity.microsoft.com/t5/azure-security-center/become-an-azure-security-center-ninja/ba-p/1608761]]|Resources|
|2020.08.25|//Darkbit//|[[Why You Should Enable GKE Shielded Nodes Today|https://darkbit.io/blog/gke-shielded-nodes]]|GKE|
|>|>|>|!2020.08.24|
|2020.08.24|SANS|[[Detecting and Locking Down Network-Based Malware in Azure|https://www.sans.org/blog/detecting-and-locking-down-network-based-malware-in-azure?msc=rss]]|Azure Malware Detection|
|2020.08.24|Bleeping Computer|[[Microsoft 365 Admin Portal is down, Office 365 services also affected|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-admin-portal-is-down-office-365-services-also-affected/]]|Outage M365|
|2020.08.24|Bleeping Computer|[[Zoom went down and schools got a digital snow day|https://www.bleepingcomputer.com/news/technology/zoom-went-down-and-schools-got-a-digital-snow-day/]]|Outage Zoom|
|2020.08.24|Bleeping Computer|[[Office 365 now opens attachments in a sandbox to prevent infections|https://www.bleepingcomputer.com/news/security/office-365-now-opens-attachments-in-a-sandbox-to-prevent-infections/]]|O365 Attachments|
|2020.08.24|Container Journal|[[Protecting Containers Against 'Doki' Malware|https://containerjournal.com/topics/container-security/protecting-containers-against-doki-malware/]]|Doki Malware|
|2020.08.24|Docker|![[Scaling Docker's Business to Serve Millions More Developers: Storage|https://www.docker.com/blog/scaling-dockers-business-to-serve-millions-more-developers-storage/]] (1/2) |Storage Dimensionning|
|2020.08.24|Docker|![[Scaling Docker to Serve Millions More Developers: Network Egress|https://www.docker.com/blog/scaling-docker-to-serve-millions-more-developers-network-egress/]] (2/2) |Storage Filtering|
|2020.08.24|The Register| → [[Docker blocker: Container crew takes on The 1%... of anonymous download whales|https://www.theregister.com/2020/08/25/docker_rate_limits/]]|Storage|
|2020.08.24|Red Timmy Security|[[A Tale of Escaping a Hardened Docker container|https://www.redtimmy.com/docker/a-tale-of-escaping-a-hardened-docker-container/]]|Containers Hardening|
|2020.08.24|//KnowBe4//|[[An Embarrassment of Riches: Malicious Actors Target AWS Accounts|https://blog.knowbe4.com/an-embarrassment-of-riches-malicious-actors-target-aws-accounts]]|AWS Phishing|
|2020.08.24|//Bitglass//|[[Cost-Effective Cloud Security for the Modern Enterprise: Part 3|https://www.bitglass.com/blog/cost-effective-cloud-security-for-the-modern-enterprise-part-3]] (3/?)|Misc|
|2020.08.24|//Cloud Management Insider//|[[IBM Confidential Computing Is A Customizable Security Suite|https://www.cloudmanagementinsider.com/ibm-confidential-computing-is-a-customizable-security-suite/]]|Confidential_Computing|
|2020.08.24|//Google Cloud//|[[How to limit public IPs on Google Cloud|https://www.youtube.com/watch?v=SiZ5b4a4EUY]] (vidéo)|Filtering|
|>|>|>|!2020.08.19|
|2020.08.19|//Google Cloud//|[[Google Cloud Issue Summary Multiple Products - 2020-08-19|https://static.googleusercontent.com/media/www.google.com/en//appsstatus/ir/bd9m3vkqwpvkk4j.pdf]] (pdf)|Outage GCP|
|2020.08.25|The Register| → [[Mysterious metadata monster swamped Google's blobs and crashed its cloud|https://www.theregister.com/2020/08/25/gmail_outage_root_cause/]]|Outage GCP|
<<tiddler [[arOund0C]]>>
!"//Quantum-Safe Blockchain//"
Article publié le 28 août 2020 — Rédigé par Maëva Ghonda+++^*[»] LinkedIn → [[maevaghonda|https://twitter.com/maevaghonda]] • Twitter → [[maevaghonda|https://twitter.com/maevaghonda]] ===, Co-Chair, CSA Blockchain and Distributed Ledger Technology Working Group
<<<
[>img(150px,auto)[iCSA/K8SBQ.png]]//Blockchain technologies are expected to generate more than $3 trillion annually in the next several years - by 2030+++^*[»] Groombridge, D. ''Blockchain Potential and Pitfalls''. Gartner.
→ https://www.gartner.com/en/webinars/3878710/blockchain-potential-and-pitfalls ===. The promise of blockchain is a self-contained decentralized ledger system that enables secure digital transactions by consensus, i.e. via a peer-to-peer network. It is the technology that empowers Bitcoin, a cryptocurrency that relies on cryptographic proof instead of trust+++^*[»] Nakamoto, S. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf ===. However, the projected influx of quantum computers - an estimated addressable market of $902.48 billion by 2040+++^*[»] ''Growing Australia's Quantum Technology Industry''. 2020. Commonwealth Scientific and Industrial Research Organization. National Science Agency.
→ https://www.csiro.au/~/media/News-releases/2020/Quantum/CSIRO-Growing-Australias-Quantum-Industry--pre-release--EMBARGOED-until-22-May-2020.pdf === - posits catastrophic risks for blockchain systems due to security vulnerabilities. Accordingly, these security risks necessitate the development of new cryptographic algorithms that are quantum resistant to improve a blockchain system's reliability. Yet, there are no standards to guide the development of a quantum-safe blockchain+++^*[»] Ashrafi, S. 2020. Quantum Resistant Blockchain With Multi-dimensional Quantum Key Distribution. NxGen Partners.
US 10708046 B1. United States Patent and Trademark Office ===.
As the breadth and volume of blockchain use cases exponentially increase, it is pertinent that the global community addresses risks introduced by the technology. Consequently, the CSA Blockchain Cybersecurity and Privacy Best Practices Group is developing the playbook for business executives, policy makers, architects, engineers, and security professionals seeking to disrupt their current processes with blockchain innovations.//[...]
<<<
__Liens :__
* Article sur le blog de la CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8sb/|https://CloudSecurityAlliance.fr/go/k8sb/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/08/28/quantum-safe-blockchain/
!"NIST IR 8006 : //Cloud Computing Forensic Science Challenges//"
[>img(100px,auto)[iCSF/NIST.gif]]La version finale du document NIST IR 8006 : "Cloud Computing Forensic Science Challenges" est maintenant publiée.
Elle donne notamment la liste d'une soixantaine de challenges auxquels sont confrontés les acteurs de l'analyse forensique dans le Cloud.
<<<
Le NIST annonce la publication finale du document NIST IR 8006, intitulé 'NIST Cloud Computing Forensic Science Challenges', qui définit et examine les enjeux liés à la réalisation d'une investigation scientifique efficace dans le domaine de l'informatique en nuage. La réduction de ces problèmes est importante pour les propriétaires de systèmes basés sur le Cloud, les développeurs d'outils de forensique dans le Cloud et les investigateurs forensique, ainsi que pour le développement de solutions conformes aux exigences du forensique. Cet effort soutiendra les systèmes de justice pénale et de gestion des contentieux au civil, et fournira des moyens pour répondre aux incidents de sécurité et aux opérations internes de l'entreprise.
L'étude NISTIR 8006 comprend une analyse préliminaire des enjeux en abordant :
* la relation entre chaque enjeu et les cinq caractéristiques essentielles de la technologie du Cloud telles que définies par le modèle de Cloud Computing du NIST,
* la corrélation entre les enjeux et la technologie du Cloud en considérant leur relation avec l'architecture d'entreprise de la Cloud Security Alliance
* les neuf catégories auxquelles appartiennent ces enjeux, et
* les résultats potentiels de la résolution de chaque challenge.
Il fournit également une analyse des données de journalisation, des données dans les supports et des problèmes associés au facteur temps, au lieu et aux données sensibles. Ce document a pour but d'initier un dialogue au sein de la communauté du Cloud Computing afin de comprendre les préoccupations et les défis du forensique dans les écosystèmes du Cloud et d'identifier les technologies et les normes qui peuvent réduire ces challenges.
<<<
__Extrait__
<<<
|background-color:#EEE;//The NIST Cloud Computing Forensic Science Working Group (NCC FSWG) was established to research forensic science challenges in the cloud environment and to develop plans for standards and technology research to mitigate the challenges that cannot be addressed by current technology and methods. The NCC FSWG has surveyed existing literature and defined a set of challenges related to cloud computing forensics. These challenges, along with associated literature, are presented in this document. The document also provides a preliminary analysis of these challenges by including: (1) the relationship between each challenge to the five essential characteristics of cloud computing as defined in the NIST cloud computing model [3], (2) how the challenges correlate to cloud technology, and (3) nine categories to which the challenges belong. In addition, the analysis considers logging data, data in media, and issues associated with time, location, and sensitive data.//|
<<<
__Table des matières__
{{ss2col{
<<<
//Executive Summary
1. INTRODUCTION
1.1. Document Goals
1.2. Audience
2. OVERVIEW
2.1. Cloud Computing Forensic Science
2.2. Defining What Constitutes A Challenge For Cloud Computing Forensics
3. CLOUD FORENSIC CHALLENGES
3.1. Collection And Aggregation Of Forensic Science Challenges
3.2. Analysis And Categorization Of The Challenges
3.2.1. Relevance of Essential Cloud Characteristics
3.2.2. Correlation Between Cloud Technology and Forensic Science Challenges
3.2.3. Categorization of Challenges
4. ADDITIONAL ANALYSIS OF THE CHALLENGES
4.1. ADDITIONAL OBSERVATIONS
5. CONCLUSIONS
REFERENCES
APPENDIX A: Acronyms
APPENDIX B: Glossary
ANNEX A: Cloud Forensic Challenges
ANNEX B: CSA'S Enterprise Architecture (TCI V2.0)
ANNEX C: Mind Maps
//
<<<
}}}
En conclusion : un document solide de 87 pages qui entre lui aussi dans la longue liste des documents de référence publiés par le NIST.
__Liens sur le site du NIST :__
* → https://csrc.nist.gov/publications/detail/nistir/8006/final /% ''[[CloudSecurityAlliance.fr/go/k8??/|https://CloudSecurityAlliance.fr/go/k8??/]]'' %/
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #78|2020.08.23 - Newsletter Hebdomadaire #78]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #78|2020.08.23 - Weekly Newsletter - #78]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.08.23 - Newsletter Hebdomadaire #78]]>> |<<tiddler [[2020.08.23 - Weekly Newsletter - #78]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 17 au 23 août 2020
!!1 - Informations CSA - 17 au 23 août 2020
* ''Répondez au sondage CSA sur l'adoption du Cloud'' en 2020+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* ''Formation CCSK en Français fin août : inscriptions toujours ouvertes'' !+++^*[»] <<tiddler [[2020.08.02 - Actu : Formation CCSK en Français fin août 2020]]>>===
* Publication : ''Vision CSA sur la Gestion des Risques dans le Cloud''+++^*[»] <<tiddler [[2020.08.20 - Publication : Vision CSA sur la Gestion des Risques dans le Cloud]]>>===
* Annonce : ''Partenariat CSA-ISACA sur le CCAK''+++^*[»] <<tiddler [[2020.08.17 - Annonce : Partenariat CSA-ISACA sur le CCAK]]>>===
* Conférence : Retour sur la 'CSA CloudCon 2020'+++^*[»] <<tiddler [[2020.08.22 - Actu : Retour sur la conférence 'CSA CloudCon 2020']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 130 liens|2020.08.23 - Veille Hebdomadaire - 23 août]])
* __''À lire''__
** ''Team TNT'', un cryptomineur qui vole les identifiants AWS (//Cado Security//)+++^*[»]
|2020.08.17|//Cado Security//|![[Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials|https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/]] |AWS Credentials Attack Team_TNT|
|2020.08.18|//Duo Security//| → [[Cryptomining Botnet Steals AWS Credentials|https://duo.com/decipher/cryptomining-botnet-steals-aws-credentials]]|AWS Credentials Attack Team_TNT|
|2020.08.18|//Threatpost//| → [[AWS Cryptojacking Worm Spreads Through the Cloud|https://threatpost.com/aws-cryptojacking-worm-cloud/158427/]]|AWS Credentials Attack Team_TNT|
|2020.08.19|CERT-EU| → [[A cryptomining worm that steals AWS credentials|https://media.cert.europa.eu/static/MEMO/2020/TLP-WHITE-CERT-EU-THREAT-MEMO-Cryptominer-steals-AWS-credentials-v1.0.pdf]] (pdf) |AWS Credentials Attack Team_TNT|
|2020.08.19|Security Week| → [[Crypto-Mining Worm Targets AWS Credentials|https://www.securityweek.com/crypto-mining-worm-targets-aws-credentials]]|AWS Credentials Attack Team_TNT|
===
** ''The State of Vulnerability Management in the Cloud and On-Premises'' (//IBM X-Force// & //Ponemon//)+++^*[»]
|2020.08.17|//IBM X-Force// & //Ponemon//|Rapport [[The State of Vulnerability Management in the Cloud and On-Premises|https://www.ibm.com/account/reg/us-en/signup?formid=urx-46992]] (après inscription)|Report|
|2020.08.17|//Security Intelligence//| → [[New Ponemon Report: A Programmatic Approach to Vulnerability Management for Hybrid Multicloud|https://securityintelligence.com/posts/security-vulnerability-management-hybrid-multicloud/]]|Report|
|2020.08.17|Dark Reading| → [[Firms Still Struggle to Prioritize Security Vulnerabilities|https://www.darkreading.com/vulnerabilities---threats/vulnerability-management/firms-still-struggle-to-prioritize-security-vulnerabilities/d/d-id/1338687]]|Report|
===
* __Attaques, Incidents, Fuites de données, Menaces, Vulnérabilités et Pannes__
** Attaques : Team TNT (//AWS//) • Containers visés (//Aqua Security//)+++^*[»]
|2020.08.21|Container Journal|![[Aqua Security Reveals Sophisticated Container Attack|https://containerjournal.com/topics/container-security/aqua-security-reveals-sophisticated-container-attack/]] |Containers Attacks|
===
** Menaces : Vérifiez vos AMI avant de les utiliser dans AWS (//Mitiga//) • Sécurité de vos buckets S3 (CERT-EU) • Règles dans O365 (SANS, Martin Rothe)+++^*[»]
|2020.08.21|//Mitiga//|![[Security Advisory: Mitiga Recommends All AWS Customers Running Community AMIs to Verify Them for Malicious Code|https://medium.com/mitiga-io/security-advisory-mitiga-recommends-all-aws-customers-running-community-amis-to-verify-them-for-5c3e8b47d2d8]] |AWS_AMI CryptoMining Malicious_Images|
|2020.08.21|Bleeping Computer| → [[Community-provided Amazon Machine Images come with malware risk|https://www.bleepingcomputer.com/news/security/community-provided-amazon-machine-images-come-with-malware-risk/]]|AWS_AMI CryptoMining Malicious_Images|
|2020.08.21|Dark Reading| → [[Cryptominer Found Embedded in AWS Community AMI|https://www.darkreading.com/cloud/cryptominer-found-embedded-in-aws-community-ami/d/d-id/1338713]]|AWS_AMI CryptoMining Malicious_Images|
|2020.08.21|//Threatpost//| → [[Researchers Sound Alarm Over Malicious AWS Community AMIs|https://threatpost.com/malicious-aws-community-amis/158555/]]|AWS_AMI CryptoMining Malicious_Images|
|>|!|>||
|2020.08.19|//TrendMicro//|[[Malicious Docker Hub Container Images Used for Cryptocurrency Mining|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/malicious-docker-hub-container-images-cryptocurrency-mining]]|DockerHub CryptoMining Malicious_Images|
|>|!|>||
|2020.08.19|CERT-EU|![[Insecure S3 buckets can lead to serial exploitation|https://media.cert.europa.eu/static/MEMO/2020/TLP-WHITE-CERT-EU-THREAT-MEMO-Cryptominer-steals-AWS-credentials-v1.0.pdf]] (pdf) |AWS_S3 Data_Leak|
|>|!|>||
|2020.08.20|SANS ISC Handler|![[Office 365 Mail Forwarding Rules (and other Mail Rules too)|https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/]] |O365 Prevention|
|2020.08.23|Martin Rothe|[[Hunting for Risky Rules in Office 365|https://blog.rothe.uk/risky-rules-in-office365/]]|Tools O365|
|2020.08.23|Martin Rothe| → [[py365: a set of Python scripts for finding threats in Office365|https://github.com/mrrothe/py365]]|Tools O365|
===
** Vulnérabilités : Mouvement latéral d'Azure à Active Directory (//SpecterOps//) • Technique d'attaque contre Kubernetes (//Cyberark//)+++^*[»]
|2020.08.17|//SpecterOps//|![[Death from Above: Lateral Movement from Azure to On-Prem AD|https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d]] |AzureAD Lateral_Movement|
|2020.08.20|//SpecterOps//|![[Attacking Azure & Azure AD, Part II|https://posts.specterops.io/attacking-azure-azure-ad-part-ii-5f336f36697d]] (2/2) |AzureAD Lateral_Movement|
|>|!|>||
|2020.08.19|//Cyberark//|![[Using Kubelet Client to Attack the Kubernetes Cluster|https://www.cyberark.com/resources/threat-research-blog/using-kubelet-client-to-attack-the-kubernetes-cluster]] |K8s Flaw|
|2020.08.20|Container Journal| → [[CyberArk Discloses Potential Security Flaw in Kubernetes Agent Software|https://containerjournal.com/topics/container-security/cyberark-discloses-potential-security-flaw-in-kubernetes-agent-software/]]|K8s Flaw|
===
** Pannes : Slack le 19 août, GCP et Gmail le 20 août+++^*[»]
|2020.08.19|//Slack//|[[Outage - Some customers may have trouble loading new messages or connecting to Slack|https://status.slack.com/2020-08/c9cf7aaf51ffda19]]|Outage|
|2020.08.20|Computer Weekly|[[Google Cloud services outage hits Gmail users across Europe|https://www.computerweekly.com/news/252487889/Google-Cloud-services-outage-hits-Gmail-users-across-Europe]]|Outage Gmail|
|2020.08.20|The Register| → [[Worldwide Google services - from GCP to G Suite - hit with the outage stick|https://www.theregister.com/2020/08/20/gmail_outage/]]|Outage GCP|
===
* __Rapports, Sondages, Études, Publications__
** Rapports : '2020 Container Security Snapshot' (//Sysdig//) • 'The State of Vulnerability Management in the Cloud and On-Premises' (//IBM X-Force// & //Ponemon//) • Statistiques trimestrielles Blackblaze+++^*[»]
|2020.08.17|//Sysdig//|[[Sysdig 2020 Container Security Snapshot: Key image scanning and configuration insights|https://sysdig.com/blog/sysdig-2020-container-security-snapshot/]] (pdf)|Report Containers|
|2020.08.17|Container Journal| → [[Sysdig: Container Security Issues Increasing|https://containerjournal.com/topics/container-security/sysdig-container-security-issues-increasing/]]|Report Containers|
|>|!|>||
|2020.08.18|//Backblaze//|[[Backblaze Drive Stats Q2 2020|https://www.backblaze.com/blog/backblaze-hard-drive-stats-q2-2020/]]|Storage Reliability|
===
** Sondages : '2020 Enterprise Cloud Trend' (//2nd Watch//)+++^*[»]
|2020.08.20|//2nd Watch//|[[2020 Enterprise Cloud Trend|http://offers.2ndwatch.com/2020-enterprise-cloud-trends-report]] ([[infographie|https://www.2ndwatch.com/insights/2020-enterprise-cloud-trends/]])|Survey|
|2020.08.20|Globe Newswire| → [[2nd Watch Survey Shows Enterprise IT Remains Focused on Long-Term, Organization-Changing Initiatives, Despite Pandemic-Related Challenges|https://www.globenewswire.com/news-release/2020/08/20/2081360/0/en/2nd-Watch-Survey-Shows-Enterprise-IT-Remains-Focused-on-Long-Term-Organization-Changing-Initiatives-Despite-Pandemic-Related-Challenges.html]]|Survey|
|2020.08.20|DevOps.com| → [[Survey: Cloud Security, DevOps Emerging as Enterprise Priorities|https://devops.com/survey-cloud-security-devops-emerging-as-enterprise-priorities/]]|Survey|
===
* __Marché, Acquisitions__
** Acquisitions : pourparlers entre Amazon et Rackspace+++^*[»]
|2020.08.17|Reuters|![[Exclusive: Amazon in talks to invest in cloud services company Rackspace, say sources|https://www.reuters.com/article/us-amazon-com-rackspace-tech-exclusive/exclusive-amazon-in-talks-to-invest-in-cloud-services-company-rackspace-say-sources-idUSKCN25D1Q6]] |Potential_Acquisition|
|2020.08.17|CRN (AU)| → [[Amazon in talks to buy Rackspace|http://www.crn.com.au/news/amazon-in-talks-to-invest-in-cloud-services-company-rackspace---sources-551860]]|Potential_Acquisition|
===
* __Cloud Services Providers, Outils__
** AWS : Défense en profondeur • Fuite de méta-données • divers articles+++^*[»]
|2020.08.17|//AWS//|![[Application and Classic Load Balancers are adding defense in depth with the introduction of Desync Mitigation Mode|https://aws.amazon.com/about-aws/whats-new/2020/08/application-and-classic-load-balancers-adding-defense-in-depth-with-introduction-of-desync-mitigation-mode/]] |AWS Load_Balancing|
|2020.08.18|//The Daily Swig//| → [[AWS launches open source tool to protect against HTTP request smuggling attacks|https://portswigger.net/daily-swig/aws-launches-open-source-tool-to-protect-against-http-request-smuggling-attacks]]|AWS Load_Balancing|
||//AWS//| → Outil [[HTTP Desync|https://github.com/aws/http-desync-guardian]]|Tools AWS|
|2020.08.13|InfoSec Write-ups|[[Leaking AWS Metadata|https://medium.com/bugbountywriteup/leaking-aws-metadata-f5bc8de03284]]|AWS Metadata Leakage|
|>|!|>||
|2020.08.18|//AWS//|[[Amazon S3 Batch Operations|https://aws.amazon.com/fr/s3/features/batch-operations/]]|AWS_S3 Amazon Batch_Operations|
|2020.08.17|//Amazon AWS//|[[How to use AWS RAM to share your ACM Private CA cross-account|https://aws.amazon.com/blogs/security/how-to-use-aws-ram-to-share-your-acm-private-ca-cross-account/]]|AWS Certificate_Authority|
|2020.08.19|DZone|[[AWS KMS Use Case With Serverless Application Model (SAM): An End To End Solution|https://dzone.com/articles/aws-kms-use-case-with-serverless-application-model]]|AWS KMS|
|2020.08.04|GitHub| → [[aws-kms-signup-login|https://github.com/rajanpanchal/aws-kms-signup-login]]|Tools|
|2020.08.19|//AWS//|[[Introducing the AWS Controllers for Kubernetes (ACK)|https://aws.amazon.com/blogs/containers/aws-controllers-for-kubernetes-ack/]]|AWS Kubernetes ACK|
===
** Azure : Licences sécurité et conformité Microsoft 365 • AzureAD • API AzureAD Connect • Azure PowerShell dans un Docker • Contrôles • Résilience avec Kubernetes+++^*[»]
|2020.08.18|//Thibault Joubert//[>img[iCSF/flag_fr.png]]|![["Petit" guide pour se retrouver dans la jungle des licences sécurité et conformité Microsoft 365|https://www.linkedin.com/pulse/petit-guide-pour-se-retrouver-dans-la-jungle-des-licences-joubert/]] |M365 Licences Compliance|
|2020.08.21|//Varonis//|[[What is Azure Active Directory? A Complete Overview|https://www.varonis.com/blog/azure-active-directory/]]|AzureAD|
|2020.08.21|Sami Lamppu|[[Azure AD Connect - V2 API|https://samilamppu.com/2020/08/21/azure-ad-connect-v2-api/]]|AzureAD|
|2020.08.20|//Microsoft Azure//|[[Azure PowerShell Docker image |https://techcommunity.microsoft.com/t5/azure-developer-tools/azure-powershell-docker-image/ba-p/1242407]]|Azure_PowerShell Docker|
|2020.08.21|Thomas Maurer| → [[Run Azure PowerShell in a Docker Container|https://www.thomasmaurer.ch/2020/03/run-azure-powershell-in-a-docker-container/]]|Azure_PowerShell Docker|
|2020.08.17|//Digital Guardian//|[[What is Azure Security?|https://digitalguardian.com/blog/what-azure-security]]|Azure|
|2020.08.17|//Microsoft Azure//|[[Security Controls in ASC: Restrict Unauthorized Network Access|https://techcommunity.microsoft.com/t5/azure-security-center/security-controls-in-asc-restrict-unauthorized-network-access/ba-p/1593833]]|Azure_Security_Center|
|2020.08.17|//Microsoft Azure//|[[Build resilient applications with Kubernetes on Azure|https://azure.microsoft.com/blog/build-resilient-applications-with-kubernetes-on-azure/]]|Azure Resilience Kubernetes|
|2020.08.17|//Microsoft Azure//|[[Advancing the outage experience - automation, communication, and transparency|https://azure.microsoft.com/blog/advancing-the-outage-experience-automation-communication-and-transparency/]]|Reliability Outage|
===
** GCP : Journalisation • Gestion des identités par API+++^*[»]
|2020.08.21|//Google Cloud//|![[Bucket list: Better log storage and management for Cloud Logging|https://cloud.google.com/blog/products/management-tools/cloud-logging-adds-log-buckets-feature]]|Logging|
|2020.08.21|//Google Cloud//|[[Using Cloud Logging as your single pane of glass|https://cloud.google.com/blog/products/identity-security/centralize-cloud-identity-logs-behind-a-single-pane-of-glass]] (2/3) |Logging|
|2020.08.20|//Google Cloud//|[[Manage groups programmatically with the Cloud Identity Groups API beta|https://gsuiteupdates.googleblog.com/2020/08/new-api-cloud-identity-groups-google.html]]|G-Suite APIs|
|2020.08.19|//Google Cloud//|[[New GKE Dataplane V2 increases security and visibility for containers|https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine]]|GCP_GKE eBPF|
===
** Docker : Modification de la politique de rétention des images Docker Hub+++^*[»]
|2020.08.18|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Docker Hub va supprimer les images de containers inactives depuis 6 mois|https://www.lemondeinformatique.fr/actualites/lire-docker-hub-va-supprimer-les-images-de-containers-inactives-depuis-6-mois-80058.html]]|Docker Retention|
|2020.08.14|The Register|[[Docker shocker: Cash-strapped container crew threatens to delete 4.5 petabytes of unloved images|https://www.theregister.com/2020/08/14/docker_container_retention_policy/]]|Docker Retention|
||Docker Hub|[[Container Image Retention Policy|https://www.docker.com/pricing/retentionfaq]]|Docker Retention|
===
** Kubernetes: articles sur RBAC+++^*[»]
|2020.06.09|//Kublr//|[[Kubernetes RBAC 101: Overview|https://kublr.com/blog/kubernetes-rbac-101-overview/]] (1/3)|Kubernetes RBAC|
|2020.07.23|//Kublr//|[[Kubernetes RBAC 101: Authentication|https://kublr.com/blog/kubernetes-rbac-101-authentication/]] (2/3)|Kubernetes RBAC|
|2020.08.17|//Kublr//|[[Kubernetes RBAC 101: Authorization|https://kublr.com/blog/kubernetes-rbac-101-authorization/]] (3/3)|Kubernetes RBAC|
===
* __Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'__
** Podcasts : Envisonnements sécurisés dans GCP+++^*[»]
|2020.08.23|Cloud Security Podcast|[[How To Build Secure Environments In Google Cloud - Darpan Shah|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-BUILD-SECURE-ENVIRONMENTS-IN-Google-Cloud---DARPAN-SHAH-eihein]]|GCP|
|2020.08.23|Cloud Security Podcast| → [[Transcription|https://anchor.fm/dashboard/episode/eavn9r/metadata/www.cloudsecuritypodcast.tv]]|Podcast|
===
** Veilles : TL;DR Security #48 • The Cloud Security Reading List #51+++^*[»]
|2020.08.19|TL;DR Security|[[#48 - Automating Recon Summary, GraphQL Tools, DEF CON 2020 Live Notes|https://tldrsec.com/blog/tldr-sec-048/]] |Weekly_Newsletter|
|2020.08.23|Marco Lancini|[[The Cloud Security Reading List #51|https://cloudseclist.com/issues/issue-51/]] |Weekly_Newsletter|
===
* __Divers__
** Recherche de compromission+++^*[»]
|2020.08.17|//Check Point//|[[Cloud Threat Hunting: Attack & Investigation Series - Privilege Escalation via EC2|https://blog.checkpoint.com/2020/08/17/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-ec2/]] ([[vidéo|https://www.youtube.com/watch?v=A0hZOwvGAgk]])|Threat_Hunting|
===
** Containers : Modélisation de la menace+++^*[»]
|2020.08.17|//Security Intelligence//|[[Threat Modeling in a Container Environment|https://securityintelligence.com/articles/threat-modeling-container-environment/]]|Container Threat_Modeling|
===
** Sécurité et données personnelles dans le Cloud+++^*[»]
|2020.08.20|TechBeacon|![[The state of cloud security and privacy: 5 key trends to watch|https://techbeacon.com/security/state-cloud-security-privacy-5-key-trends-watch]] |Trends|
|2020.08.20|//Amazon AWS//|[[Privacy conscious cloud migrations: mapping the AWS Cloud Adoption Framework to the NIST Privacy Framework|https://aws.amazon.com/blogs/security/privacy-conscious-cloud-migrations-mapping-aws-cloud-adoption-framework-to-nist-privacy-framework/]]|AWS NIST Privacy|
===
** Zero Trust : Document NIST SP 800-207 Zero Trust Architecture+++^*[»]
|2020.08.18|MSSP Alert|[[NIST Explains Zero Trust Architecture: A Closer Look|https://www.msspalert.com/cybersecurity-research/nist-explains-zero-trust-architecture-a-closer-look/]]|NIST Zero_Trust SP800-207|
||NIST| → [[SP 800-207 Zero Trust Architecture ([[pdf|https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf]])|NIST Zero_Trust SP800-207|
|2020.08.19|//AlienVault//|[[Zero Trust Network Access (ZTNA) explained|https://cybersecurity.att.com/blogs/security-essentials/zero-trust-network-access-explained]]|Zero_Trust|
===
!!3 - Agenda
* __Août 2020__
** ''31'' → fin de l'appel à proposition pour le congrès ''CSA EMEA 2020''
** ''31'' et suivants → ''Formation CCSK / CCSK Plus en français''
* __Septembre 2020__
** ''8 au 25'' → CSA : ''[[Webinaires 'SECtember Experience'|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
** ''23 au 24'' → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K8N/|https://CloudSecurityAlliance.fr/go/K8N/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - August 17th to 23th, 2020
!!1 - CSA News and Updates - August 17th to 23th, 2020
* ''Fill in the new CSA survey on Cloud Adoption in 2020''+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* CCSK training in French and English end of August : ''You can still register'' !+++^*[»] <<tiddler [[2020.08.02 - Actu : Formation CCSK en Français fin août 2020]]>>===
* Publication: ''"CSA's Perspective on Cloud Risk Management"''+++^*[»] <<tiddler [[2020.08.20 - Publication : Vision CSA sur la Gestion des Risques dans le Cloud]]>>===
* Press Release: ''CSA and ISACA Announce Strategic Partnership on CCAK''+++^*[»] <<tiddler [[2020.08.17 - Annonce : Partenariat CSA-ISACA sur le CCAK]]>>===
* Conference: Feedback on the 'CSA CloudCon 2020'+++^*[»] <<tiddler [[2020.08.22 - Actu : Retour sur la conférence 'CSA CloudCon 2020']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 130 liens|2020.08.23 - Veille Hebdomadaire - 23 août]])
* __''Must read''__
** ''Team TNT'', a Cryptomining Botnet Steals AWS Credentials (//Cado Security//)+++^*[»]
|2020.08.17|//Cado Security//|![[Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials|https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/]] |AWS Credentials Attack Team_TNT|
|2020.08.18|//Duo Security//| → [[Cryptomining Botnet Steals AWS Credentials|https://duo.com/decipher/cryptomining-botnet-steals-aws-credentials]]|AWS Credentials Attack Team_TNT|
|2020.08.18|//Threatpost//| → [[AWS Cryptojacking Worm Spreads Through the Cloud|https://threatpost.com/aws-cryptojacking-worm-cloud/158427/]]|AWS Credentials Attack Team_TNT|
|2020.08.19|CERT-EU| → [[A cryptomining worm that steals AWS credentials|https://media.cert.europa.eu/static/MEMO/2020/TLP-WHITE-CERT-EU-THREAT-MEMO-Cryptominer-steals-AWS-credentials-v1.0.pdf]] (pdf) |AWS Credentials Attack Team_TNT|
|2020.08.19|Security Week| → [[Crypto-Mining Worm Targets AWS Credentials|https://www.securityweek.com/crypto-mining-worm-targets-aws-credentials]]|AWS Credentials Attack Team_TNT|
===
** ''The State of Vulnerability Management in the Cloud and On-Premises'' (//IBM X-Force// & //Ponemon//)+++^*[»]
|2020.08.17|//IBM X-Force// & //Ponemon//|Rapport [[The State of Vulnerability Management in the Cloud and On-Premises|https://www.ibm.com/account/reg/us-en/signup?formid=urx-46992]] (après inscription)|Report|
|2020.08.17|//Security Intelligence//| → [[New Ponemon Report: A Programmatic Approach to Vulnerability Management for Hybrid Multicloud|https://securityintelligence.com/posts/security-vulnerability-management-hybrid-multicloud/]]|Report|
|2020.08.17|Dark Reading| → [[Firms Still Struggle to Prioritize Security Vulnerabilities|https://www.darkreading.com/vulnerabilities---threats/vulnerability-management/firms-still-struggle-to-prioritize-security-vulnerabilities/d/d-id/1338687]]|Report|
===
* __Attacks, Incidents, Leaks, Threats, Vulnerabilities, Outages__
** Attacks: Team TNT (//AWS//) • Containers visés (//Aqua Security//)+++^*[»]
|2020.08.21|Container Journal|![[Aqua Security Reveals Sophisticated Container Attack|https://containerjournal.com/topics/container-security/aqua-security-reveals-sophisticated-container-attack/]] |Containers Attacks|
===
** Threats: Embedded Cryptominer Found in AWS Community AMI (//Mitiga//) • Insecure S3 buckets (CERT-EU) • Règles dans O365 (SANS, Martin Rothe)+++^*[»]
|2020.08.21|//Mitiga//|![[Security Advisory: Mitiga Recommends All AWS Customers Running Community AMIs to Verify Them for Malicious Code|https://medium.com/mitiga-io/security-advisory-mitiga-recommends-all-aws-customers-running-community-amis-to-verify-them-for-5c3e8b47d2d8]] |AWS_AMI CryptoMining Malicious_Images|
|2020.08.21|Bleeping Computer| → [[Community-provided Amazon Machine Images come with malware risk|https://www.bleepingcomputer.com/news/security/community-provided-amazon-machine-images-come-with-malware-risk/]]|AWS_AMI CryptoMining Malicious_Images|
|2020.08.21|Dark Reading| → [[Cryptominer Found Embedded in AWS Community AMI|https://www.darkreading.com/cloud/cryptominer-found-embedded-in-aws-community-ami/d/d-id/1338713]]|AWS_AMI CryptoMining Malicious_Images|
|2020.08.21|//Threatpost//| → [[Researchers Sound Alarm Over Malicious AWS Community AMIs|https://threatpost.com/malicious-aws-community-amis/158555/]]|AWS_AMI CryptoMining Malicious_Images|
|>|!|>||
|2020.08.19|//TrendMicro//|[[Malicious Docker Hub Container Images Used for Cryptocurrency Mining|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/malicious-docker-hub-container-images-cryptocurrency-mining]]|DockerHub CryptoMining Malicious_Images|
|>|!|>||
|2020.08.19|CERT-EU|![[Insecure S3 buckets can lead to serial exploitation|https://media.cert.europa.eu/static/MEMO/2020/TLP-WHITE-CERT-EU-THREAT-MEMO-Cryptominer-steals-AWS-credentials-v1.0.pdf]] (pdf) |AWS_S3 Data_Leak|
|>|!|>||
|2020.08.20|SANS ISC Handler|![[Office 365 Mail Forwarding Rules (and other Mail Rules too)|https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/]] |O365 Prevention|
|2020.08.23|Martin Rothe|[[Hunting for Risky Rules in Office 365|https://blog.rothe.uk/risky-rules-in-office365/]]|Tools O365|
|2020.08.23|Martin Rothe| → [[py365: a set of Python scripts for finding threats in Office365|https://github.com/mrrothe/py365]]|Tools O365|
===
** Vulnérabilities: Lateral Movement from Azure to On-Prem AD (//SpecterOps//) • Potential Security Flaw in Kubernetes (//Cyberark//)+++^*[»]
|2020.08.17|//SpecterOps//|![[Death from Above: Lateral Movement from Azure to On-Prem AD|https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d]] |AzureAD Lateral_Movement|
|2020.08.20|//SpecterOps//|![[Attacking Azure & Azure AD, Part II|https://posts.specterops.io/attacking-azure-azure-ad-part-ii-5f336f36697d]] (2/2) |AzureAD Lateral_Movement|
|>|!|>||
|2020.08.19|//Cyberark//|![[Using Kubelet Client to Attack the Kubernetes Cluster|https://www.cyberark.com/resources/threat-research-blog/using-kubelet-client-to-attack-the-kubernetes-cluster]] |K8s Flaw|
|2020.08.20|Container Journal| → [[CyberArk Discloses Potential Security Flaw in Kubernetes Agent Software|https://containerjournal.com/topics/container-security/cyberark-discloses-potential-security-flaw-in-kubernetes-agent-software/]]|K8s Flaw|
===
** Outages: Slack on august 19th, GCP and Gmail on 20th+++^*[»]
|2020.08.19|//Slack//|[[Outage - Some customers may have trouble loading new messages or connecting to Slack|https://status.slack.com/2020-08/c9cf7aaf51ffda19]]|Outage|
|2020.08.20|Computer Weekly|[[Google Cloud services outage hits Gmail users across Europe|https://www.computerweekly.com/news/252487889/Google-Cloud-services-outage-hits-Gmail-users-across-Europe]]|Outage Gmail|
|2020.08.20|The Register| → [[Worldwide Google services - from GCP to G Suite - hit with the outage stick|https://www.theregister.com/2020/08/20/gmail_outage/]]|Outage GCP|
===
* __Reports, Surveys, Studies, Publications__
** Reports: '2020 Container Security Snapshot' (//Sysdig//) • 'The State of Vulnerability Management in the Cloud and On-Premises' (//IBM X-Force// & //Ponemon//) • Blackblaze Quarterly Stats+++^*[»]
|2020.08.17|//Sysdig//|[[Sysdig 2020 Container Security Snapshot: Key image scanning and configuration insights|https://sysdig.com/blog/sysdig-2020-container-security-snapshot/]] (pdf)|Report Containers|
|2020.08.17|Container Journal| → [[Sysdig: Container Security Issues Increasing|https://containerjournal.com/topics/container-security/sysdig-container-security-issues-increasing/]]|Report Containers|
|>|!|>||
|2020.08.18|//Backblaze//|[[Backblaze Drive Stats Q2 2020|https://www.backblaze.com/blog/backblaze-hard-drive-stats-q2-2020/]]|Storage Reliability|
===
** Surveys: '2020 Enterprise Cloud Trend' (//2nd Watch//)+++^*[»]
|2020.08.20|//2nd Watch//|[[2020 Enterprise Cloud Trend|http://offers.2ndwatch.com/2020-enterprise-cloud-trends-report]] ([[infographie|https://www.2ndwatch.com/insights/2020-enterprise-cloud-trends/]])|Survey|
|2020.08.20|Globe Newswire| → [[2nd Watch Survey Shows Enterprise IT Remains Focused on Long-Term, Organization-Changing Initiatives, Despite Pandemic-Related Challenges|https://www.globenewswire.com/news-release/2020/08/20/2081360/0/en/2nd-Watch-Survey-Shows-Enterprise-IT-Remains-Focused-on-Long-Term-Organization-Changing-Initiatives-Despite-Pandemic-Related-Challenges.html]]|Survey|
|2020.08.20|DevOps.com| → [[Survey: Cloud Security, DevOps Emerging as Enterprise Priorities|https://devops.com/survey-cloud-security-devops-emerging-as-enterprise-priorities/]]|Survey|
===
* __Market, Acquisitions__
** Acquisitions : Amazon in talks with Rackspace+++^*[»]
|2020.08.17|Reuters|![[Exclusive: Amazon in talks to invest in cloud services company Rackspace, say sources|https://www.reuters.com/article/us-amazon-com-rackspace-tech-exclusive/exclusive-amazon-in-talks-to-invest-in-cloud-services-company-rackspace-say-sources-idUSKCN25D1Q6]] |Potential_Acquisition|
|2020.08.17|CRN (AU)| → [[Amazon in talks to buy Rackspace|http://www.crn.com.au/news/amazon-in-talks-to-invest-in-cloud-services-company-rackspace---sources-551860]]|Potential_Acquisition|
===
* __Cloud Services Providers, Solutions__
** AWS: Défense in Depth • Meta-data Leaks • Miscellaneous+++^*[»]
|2020.08.17|//AWS//|![[Application and Classic Load Balancers are adding defense in depth with the introduction of Desync Mitigation Mode|https://aws.amazon.com/about-aws/whats-new/2020/08/application-and-classic-load-balancers-adding-defense-in-depth-with-introduction-of-desync-mitigation-mode/]] |AWS Load_Balancing|
|2020.08.18|//The Daily Swig//| → [[AWS launches open source tool to protect against HTTP request smuggling attacks|https://portswigger.net/daily-swig/aws-launches-open-source-tool-to-protect-against-http-request-smuggling-attacks]]|AWS Load_Balancing|
||//AWS//| → Outil [[HTTP Desync|https://github.com/aws/http-desync-guardian]]|Tools AWS|
|2020.08.13|InfoSec Write-ups|[[Leaking AWS Metadata|https://medium.com/bugbountywriteup/leaking-aws-metadata-f5bc8de03284]]|AWS Metadata Leakage|
|>|!|>||
|2020.08.18|//AWS//|[[Amazon S3 Batch Operations|https://aws.amazon.com/fr/s3/features/batch-operations/]]|AWS_S3 Amazon Batch_Operations|
|2020.08.17|//Amazon AWS//|[[How to use AWS RAM to share your ACM Private CA cross-account|https://aws.amazon.com/blogs/security/how-to-use-aws-ram-to-share-your-acm-private-ca-cross-account/]]|AWS Certificate_Authority|
|2020.08.19|DZone|[[AWS KMS Use Case With Serverless Application Model (SAM): An End To End Solution|https://dzone.com/articles/aws-kms-use-case-with-serverless-application-model]]|AWS KMS|
|2020.08.04|GitHub| → [[aws-kms-signup-login|https://github.com/rajanpanchal/aws-kms-signup-login]]|Tools|
|2020.08.19|//AWS//|[[Introducing the AWS Controllers for Kubernetes (ACK)|https://aws.amazon.com/blogs/containers/aws-controllers-for-kubernetes-ack/]]|AWS Kubernetes ACK|
===
** Azure: Security licenses and Microsoft 365 Cmopliance • AzureAD • AzureAD Connect APIs • Azure PowerShell in a Docker Container • Controls • Résilience with Kubernetes+++^*[»]
|2020.08.18|//Thibault Joubert//[>img[iCSF/flag_fr.png]]|![["Petit" guide pour se retrouver dans la jungle des licences sécurité et conformité Microsoft 365|https://www.linkedin.com/pulse/petit-guide-pour-se-retrouver-dans-la-jungle-des-licences-joubert/]] |M365 Licences Compliance|
|2020.08.21|//Varonis//|[[What is Azure Active Directory? A Complete Overview|https://www.varonis.com/blog/azure-active-directory/]]|AzureAD|
|2020.08.21|Sami Lamppu|[[Azure AD Connect - V2 API|https://samilamppu.com/2020/08/21/azure-ad-connect-v2-api/]]|AzureAD|
|2020.08.20|//Microsoft Azure//|[[Azure PowerShell Docker image |https://techcommunity.microsoft.com/t5/azure-developer-tools/azure-powershell-docker-image/ba-p/1242407]]|Azure_PowerShell Docker|
|2020.08.21|Thomas Maurer| → [[Run Azure PowerShell in a Docker Container|https://www.thomasmaurer.ch/2020/03/run-azure-powershell-in-a-docker-container/]]|Azure_PowerShell Docker|
|2020.08.17|//Digital Guardian//|[[What is Azure Security?|https://digitalguardian.com/blog/what-azure-security]]|Azure|
|2020.08.17|//Microsoft Azure//|[[Security Controls in ASC: Restrict Unauthorized Network Access|https://techcommunity.microsoft.com/t5/azure-security-center/security-controls-in-asc-restrict-unauthorized-network-access/ba-p/1593833]]|Azure_Security_Center|
|2020.08.17|//Microsoft Azure//|[[Build resilient applications with Kubernetes on Azure|https://azure.microsoft.com/blog/build-resilient-applications-with-kubernetes-on-azure/]]|Azure Resilience Kubernetes|
|2020.08.17|//Microsoft Azure//|[[Advancing the outage experience - automation, communication, and transparency|https://azure.microsoft.com/blog/advancing-the-outage-experience-automation-communication-and-transparency/]]|Reliability Outage|
===
** GCP: Logging & Log Storage • APIs to Manage Cloud Identity Groups+++^*[»]
|2020.08.21|//Google Cloud//|![[Bucket list: Better log storage and management for Cloud Logging|https://cloud.google.com/blog/products/management-tools/cloud-logging-adds-log-buckets-feature]]|Logging|
|2020.08.21|//Google Cloud//|[[Using Cloud Logging as your single pane of glass|https://cloud.google.com/blog/products/identity-security/centralize-cloud-identity-logs-behind-a-single-pane-of-glass]] (2/3) |Logging|
|2020.08.20|//Google Cloud//|[[Manage groups programmatically with the Cloud Identity Groups API beta|https://gsuiteupdates.googleblog.com/2020/08/new-api-cloud-identity-groups-google.html]]|G-Suite APIs|
|2020.08.19|//Google Cloud//|[[New GKE Dataplane V2 increases security and visibility for containers|https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine]]|GCP_GKE eBPF|
===
** Docker: Images Retention Policy Changes at Docker Hub+++^*[»]
|2020.08.18|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Docker Hub va supprimer les images de containers inactives depuis 6 mois|https://www.lemondeinformatique.fr/actualites/lire-docker-hub-va-supprimer-les-images-de-containers-inactives-depuis-6-mois-80058.html]]|Docker Retention|
|2020.08.14|The Register|[[Docker shocker: Cash-strapped container crew threatens to delete 4.5 petabytes of unloved images|https://www.theregister.com/2020/08/14/docker_container_retention_policy/]]|Docker Retention|
||Docker Hub|[[Container Image Retention Policy|https://www.docker.com/pricing/retentionfaq]]|Docker Retention|
===
** Kubernetes: articles on RBAC+++^*[»]
|2020.06.09|//Kublr//|[[Kubernetes RBAC 101: Overview|https://kublr.com/blog/kubernetes-rbac-101-overview/]] (1/3)|Kubernetes RBAC|
|2020.07.23|//Kublr//|[[Kubernetes RBAC 101: Authentication|https://kublr.com/blog/kubernetes-rbac-101-authentication/]] (2/3)|Kubernetes RBAC|
|2020.08.17|//Kublr//|[[Kubernetes RBAC 101: Authorization|https://kublr.com/blog/kubernetes-rbac-101-authorization/]] (3/3)|Kubernetes RBAC|
===
* __Podcasts, Weekly 'Cloud and Security' Watch__
** Podcasts: Secure Environments in GCP+++^*[»]
|2020.08.23|Cloud Security Podcast|[[How To Build Secure Environments In Google Cloud - Darpan Shah|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-BUILD-SECURE-ENVIRONMENTS-IN-Google-Cloud---DARPAN-SHAH-eihein]]|GCP|
|2020.08.23|Cloud Security Podcast| → [[Transcription|https://anchor.fm/dashboard/episode/eavn9r/metadata/www.cloudsecuritypodcast.tv]]|Podcast|
===
** Watch: TL;DR Security #48 • The Cloud Security Reading List #51+++^*[»]
|2020.08.19|TL;DR Security|[[#48 - Automating Recon Summary, GraphQL Tools, DEF CON 2020 Live Notes|https://tldrsec.com/blog/tldr-sec-048/]] |Weekly_Newsletter|
|2020.08.23|Marco Lancini|[[The Cloud Security Reading List #51|https://cloudseclist.com/issues/issue-51/]] |Weekly_Newsletter|
===
* __Miscellaneous__
** Cloud Threat Hunting+++^*[»]
|2020.08.17|//Check Point//|[[Cloud Threat Hunting: Attack & Investigation Series - Privilege Escalation via EC2|https://blog.checkpoint.com/2020/08/17/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-ec2/]] ([[vidéo|https://www.youtube.com/watch?v=A0hZOwvGAgk]])|Threat_Hunting|
===
** Threat Modeling in a Container Environmente+++^*[»]
|2020.08.17|//Security Intelligence//|[[Threat Modeling in a Container Environment|https://securityintelligence.com/articles/threat-modeling-container-environment/]]|Container Threat_Modeling|
===
** Privacy in the Cloud+++^*[»]
|2020.08.20|TechBeacon|![[The state of cloud security and privacy: 5 key trends to watch|https://techbeacon.com/security/state-cloud-security-privacy-5-key-trends-watch]] |Trends|
|2020.08.20|//Amazon AWS//|[[Privacy conscious cloud migrations: mapping the AWS Cloud Adoption Framework to the NIST Privacy Framework|https://aws.amazon.com/blogs/security/privacy-conscious-cloud-migrations-mapping-aws-cloud-adoption-framework-to-nist-privacy-framework/]]|AWS NIST Privacy|
===
** NIST SP 800-207 document on Zero Trust Architecture+++^*[»]
|2020.08.18|MSSP Alert|[[NIST Explains Zero Trust Architecture: A Closer Look|https://www.msspalert.com/cybersecurity-research/nist-explains-zero-trust-architecture-a-closer-look/]]|NIST Zero_Trust SP800-207|
||NIST| → [[SP 800-207 Zero Trust Architecture ([[pdf|https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf]])|NIST Zero_Trust SP800-207|
|2020.08.19|//AlienVault//|[[Zero Trust Network Access (ZTNA) explained|https://cybersecurity.att.com/blogs/security-essentials/zero-trust-network-access-explained]]|Zero_Trust|
===
!!3 - Agenda
* __August 2020__
** ''31'' → End of the call for papers for the ''CSA EMEA 2020 Congress''
** ''31'' → ''CCSK / CCSK Plus trainings'' in frnech
* __September 2020__
** ''8 / 25'' → CSA : ''[['SECtember Experience' Webinars|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
** ''23 / 24'' → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K8N/|https://CloudSecurityAlliance.fr/go/K8N/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 23 août 2020
|!Août|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.08.23|
|2020.08.23|Marco Lancini|[[The Cloud Security Reading List #51|https://cloudseclist.com/issues/issue-51/]] |Weekly_Newsletter|
|2020.08.23|Cloud Security Podcast|[[How To Build Secure Environments In Google Cloud - Darpan Shah|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-BUILD-SECURE-ENVIRONMENTS-IN-Google-Cloud---DARPAN-SHAH-eihein]]|GCP|
|2020.08.23|Cloud Security Podcast| → [[Transcription|https://anchor.fm/dashboard/episode/eavn9r/metadata/www.cloudsecuritypodcast.tv]]|Podcast|
|2020.08.23|Martin Rothe|[[Hunting for Risky Rules in Office 365|https://blog.rothe.uk/risky-rules-in-office365/]]|Tools O365|
|2020.08.23|Martin Rothe| → [[py365: a set of Python scripts for finding threats in Office365|https://github.com/mrrothe/py365]]|Tools O365|
|>|>|>|!2020.08.22|
|2020.08.22|nixCraft|[[SSH Into Google Cloud Compute Engine Instance Using Secure Shell Client|https://www.cyberciti.biz/faq/google-cloud-compute-engin-ssh-into-an-instance-from-linux-unix-appleosx/]]|Tools GCP SSH|
|2020.08.22|The Hacker News|[[A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware|https://thehackernews.com/2020/08/google-drive-file-versions.html]]|Google_Drive|
|2020.08.23|Secure Reading| → [[The Weakness in Google Drive could let Attackers to Induce Malicious Files|https://securereading.com/the-weakness-in-google-drive-could-let-attackers-to-induce-malicious-files/]]|GCP Flaw|
|2020.08.22|PogsDotNet|[[Serverless Ninja: Serverless = Efficiency|https://www.pogsdotnet.com/2020/08/serverless-ninja-serverless-efficiency.html]]|Serverless|
|>|>|>|!2020.08.21|
|2020.08.21|PogsDotnet|[[Serverless Ninja: Serverless = Efficiency|https://www.pogsdotnet.com/2020/08/serverless-ninja-serverless-efficiency.html]]|Serverless|
|2020.08.21|Sami Lamppu|[[Azure AD Connect - V2 API|https://samilamppu.com/2020/08/21/azure-ad-connect-v2-api/]]|AzureAD|
|2020.08.21|Cloud Academy|[[Docker Image Security: Get it in Your Sights|https://cloudacademy.com/blog/docker-image-security-get-it-in-your-sights/]]|Docker Image|
|2020.08.21|DZone|[[High Availability Kubernetes Monitoring Using Prometheus and Thanos|https://dzone.com/articles/high-availability-kubernetes-monitoring-using-prom]]|K8s Monitoring|
|2020.08.21|//Google Cloud//|![[Bucket list: Better log storage and management for Cloud Logging|https://cloud.google.com/blog/products/management-tools/cloud-logging-adds-log-buckets-feature]]|Logging|
|2020.08.21|//Varonis//|[[What is Azure Active Directory? A Complete Overview|https://www.varonis.com/blog/azure-active-directory/]]|AzureAD|
|2020.08.21|//Mitiga//|![[Security Advisory: Mitiga Recommends All AWS Customers Running Community AMIs to Verify Them for Malicious Code|https://medium.com/mitiga-io/security-advisory-mitiga-recommends-all-aws-customers-running-community-amis-to-verify-them-for-5c3e8b47d2d8]] |AWS_AMI CryptoMining Malicious_Images|
|2020.08.21|Bleeping Computer| → [[Community-provided Amazon Machine Images come with malware risk|https://www.bleepingcomputer.com/news/security/community-provided-amazon-machine-images-come-with-malware-risk/]]|AWS_AMI CryptoMining Malicious_Images|
|2020.08.21|Dark Reading| → [[Cryptominer Found Embedded in AWS Community AMI|https://www.darkreading.com/cloud/cryptominer-found-embedded-in-aws-community-ami/d/d-id/1338713]]|AWS_AMI CryptoMining Malicious_Images|
|2020.08.21|//Threatpost//| → [[Researchers Sound Alarm Over Malicious AWS Community AMIs|https://threatpost.com/malicious-aws-community-amis/158555/]]|AWS_AMI CryptoMining Malicious_Images|
|2020.08.21|Container Journal|![[Aqua Security Reveals Sophisticated Container Attack|https://containerjournal.com/topics/container-security/aqua-security-reveals-sophisticated-container-attack/]] |Containers Attacks|
|2020.08.21|//Google Cloud//|[[Using Cloud Logging as your single pane of glass|https://cloud.google.com/blog/products/identity-security/centralize-cloud-identity-logs-behind-a-single-pane-of-glass]] (2/3) |Logging|
|2020.08.21|//Adobe//|Outil [[stringlifier|https://github.com/adobe/stringlifier]] sur GitHub|Tools Log_Analysis|
|2020.08.21|Container Journal| → [[Adobe Open Sources Tool for Sanitizing Logs, Detecting Exposed Credentials|https://www.securityweek.com/adobe-open-sources-tool-sanitizing-logs-detecting-exposed-credentials]]|Tools Log_Analysis|
|2020.08.21|//NeuVector//|[[Protect Kubernetes Containers on AWS Using the Shared Responsibility Model|https://neuvector.com/cloud-security/kubernetes-container-security-on-aws/]]|K8s AWS|
|2020.08.21|//Rapid7//|[[NICER Protocol Deep Dive: Internet Exposure of Telnet Services|https://blog.rapid7.com/2020/08/21/nicer-protocol-deep-dive-internet-exposure-of-telnet-services/]]|Report NICER Telnet|
|>|>|>|!2020.08.20|
|2020.08.20|Free Code Camp|![[The Kubernetes Handbook|https://www.freecodecamp.org/news/the-kubernetes-handbook/]]|K8s|
|2020.08.20|SANS ISC Handler|![[Office 365 Mail Forwarding Rules (and other Mail Rules too)|https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/]] |O365 Prevention|
|2020.08.20|TechBeacon|![[The state of cloud security and privacy: 5 key trends to watch|https://techbeacon.com/security/state-cloud-security-privacy-5-key-trends-watch]] |Trends|
|2020.08.20|Computer Weekly|[[Google Cloud services outage hits Gmail users across Europe|https://www.computerweekly.com/news/252487889/Google-Cloud-services-outage-hits-Gmail-users-across-Europe]]|Outage Gmail|
|2020.08.20|The Register| → [[Worldwide Google services - from GCP to G Suite - hit with the outage stick|https://www.theregister.com/2020/08/20/gmail_outage/]]|Outage GCP|
|2020.08.20|DevOps.com|[[How API Testing Can Save You Thousands|https://devops.com/how-api-testing-can-save-you-thousands/]]|APIs|
|2020.08.20|Interesting Engineering|[[5 of the Best EU-based Cloud Storage Providers Around|https://interestingengineering.com/5-of-the-best-eu-based-cloud-storage-providers-around]]|Storage Europe|
|2020.08.20|Thomas Stringer|[[Connect Kubernetes Applications to Azure Resources with Managed Service Identities|https://trstringer.com/connect-k8s-apps-msi/]]|K8s Azure|
|2020.08.20|//2nd Watch//|[[2020 Enterprise Cloud Trend|http://offers.2ndwatch.com/2020-enterprise-cloud-trends-report]] ([[infographie|https://www.2ndwatch.com/insights/2020-enterprise-cloud-trends/]])|Survey|
|2020.08.20|Globe Newswire| → [[2nd Watch Survey Shows Enterprise IT Remains Focused on Long-Term, Organization-Changing Initiatives, Despite Pandemic-Related Challenges|https://www.globenewswire.com/news-release/2020/08/20/2081360/0/en/2nd-Watch-Survey-Shows-Enterprise-IT-Remains-Focused-on-Long-Term-Organization-Changing-Initiatives-Despite-Pandemic-Related-Challenges.html]]|Survey|
|2020.08.20|DevOps.com| → [[Survey: Cloud Security, DevOps Emerging as Enterprise Priorities|https://devops.com/survey-cloud-security-devops-emerging-as-enterprise-priorities/]]|Survey|
|2020.08.20|//Amazon AWS//|[[Privacy conscious cloud migrations: mapping the AWS Cloud Adoption Framework to the NIST Privacy Framework|https://aws.amazon.com/blogs/security/privacy-conscious-cloud-migrations-mapping-aws-cloud-adoption-framework-to-nist-privacy-framework/]]|AWS NIST Privacy|
|2020.08.20|//Microsoft Azure//|[[Azure PowerShell Docker image |https://techcommunity.microsoft.com/t5/azure-developer-tools/azure-powershell-docker-image/ba-p/1242407]]|Azure_PowerShell Docker|
|2020.08.21|Thomas Maurer| → [[Run Azure PowerShell in a Docker Container|https://www.thomasmaurer.ch/2020/03/run-azure-powershell-in-a-docker-container/]]|Azure_PowerShell Docker|
|2020.08.20|//SpecterOps//|![[Attacking Azure & Azure AD, Part II|https://posts.specterops.io/attacking-azure-azure-ad-part-ii-5f336f36697d]] (2/2) |AzureAD Lateral_Movement|
|2020.08.20|//Google Cloud//|[[Assess the security of Cloud deployments with InSpec for GCP|https://opensource.googleblog.com/2020/08/assess-security-of-cloud-deployments.html]]|GCP InSpec|
|2020.08.20|//Amazon AWS//|[[How to use AWS Config to determine compliance of AWS KMS key policies to your specifications|https://aws.amazon.com/blogs/security/how-to-use-aws-config-to-determine-compliance-of-aws-kms-key-policies-to-your-specifications/]]|AWS KMS|
|2020.08.18|//Tripwire//|[[Taking Care of Your Data Responsibilities in a Shared Responsibility Model in the Cloud|https://www.tripwire.com/state-of-security/featured/data-responsibilities-shared-responsibility-model-cloud/]]|Shared_Responsibility|
|2020.08.19|//Slack//|[[Outage - Some customers may have trouble loading new messages or connecting to Slack|https://status.slack.com/2020-08/c9cf7aaf51ffda19]]|Outage|
|2020.08.20|//Container Journal//|[[Snyk Launches Tool to Address Kubernetes Configuration Issues|https://containerjournal.com/features/snyk-launches-tool-to-address-kubernetes-configuration-issues/]]|Tools Kubernetes|
|2020.08.20|//Cloudflare//|[[Orange Clouding with Secondary DNS|https://blog.cloudflare.com/orange-clouding-with-secondary-dns/]]|!DNS|
|2020.08.20|//Fugue//|![[The Engineer's Handbook on Cloud Security - A primer on securing your cloud infrastructure and ensuring compliance|https://resources.fugue.co/engineers-handbook-on-cloud-security]] (inscription requise) |eBook |
|2020.08.20|//AvePoint//|[[Salesforce Retires Data Recovery Service Making Third-Party Backup Solutions Critical|https://www.avepoint.com/blog/backup/backup-salesforce-data/]]|Salesforce Backup End_of_Life|
|2020.07.31| → [[Data Recovery Retirement|https://help.salesforce.com/articleView?id=000352139&type=1&mode=1]]|Salesforce Backup End_of_Life|
|2020.08.20|//Cloudflare//|[[Require hard key auth with Cloudflare Access|https://blog.cloudflare.com/require-hard-key-auth-with-cloudflare-access/]]|Authentication|
|2020.08.20|//Google Cloud//|[[Manage groups programmatically with the Cloud Identity Groups API beta|https://gsuiteupdates.googleblog.com/2020/08/new-api-cloud-identity-groups-google.html]]|G-Suite APIs|
|2020.08.20|//Divvy Cloud//|[[Ten Easy and Functional Ways to Harden Your Multi-cloud Security Posture - You Won't Believe Number Seven!|https://divvycloud.com/cloudcon-2020/]] ([[vidéo|https://www.youtube.com/watch?v=SX5tVOXvwlc]])|Security_Posture|
|>|>|>|!2020.08.19|
|2020.08.19|TL;DR Security|[[#48 - Automating Recon Summary, GraphQL Tools, DEF CON 2020 Live Notes|https://tldrsec.com/blog/tldr-sec-048/]] |Weekly_Newsletter|
|2020.08.19|CERT-EU|![[Insecure S3 buckets can lead to serial exploitation|https://media.cert.europa.eu/static/MEMO/2020/TLP-WHITE-CERT-EU-THREAT-MEMO-Cryptominer-steals-AWS-credentials-v1.0.pdf]] (pdf) |AWS_S3 Data_Leak|
|2020.08.19|CISO Mag|[[Who's Responsible for a Safer Cloud?|https://cisomag.eccouncil.org/secure-your-cloud/]]|Shared_Responsibility|
|2020.08.19|Computer Business Review|[[Understanding the Relationship between Cloud Management and Workload Placement|https://www.cbronline.com/whitepapers/understanding-the-relationship-between-cloud-management-and-workload-placement/]]|Workloads Management|
|2020.08.19|Computer Business Review|[[ESG: Cloud Benchmarking: The Role of Modern Storage in a Multi-cloud Future|https://www.cbronline.com/whitepapers/esg-cloud-benchmarking-the-role-of-modern-storage-in-a-multi-cloud-future/]]|Report|
|2020.08.19|Medium|[[Azure AD Pass The Certificate|https://medium.com/@mor2464/azure-ad-pass-the-certificate-d0c5de624597]]|AzureAD|
|2020.08.19|//Lexology//|[[Cloud services - Guidance for managing cybersecurity risks|https://www.lexology.com/library/detail.aspx?g=8723660c-56e3-410d-8b43-28ccd27c2d29]]|Canada|
|2020.08.19|//AvePoint//|[[Securing Collaboration: How to Build a Strong Office 365 Permissions Management Strategy|https://www.avepoint.com/blog/protect/office-365-permissions-management/]]|O365 Permissions|
|2020.08.19|//Lacework//|[[Cloud Security Is Not A Patchwork; How Lacework Approaches Security Differently|https://www.lacework.com/cloud-security-is-not-a-patchwork-how-lacework-approaches-security-differently/]]|Misc|
|2020.08.19|//Google Cloud//|[[New GKE Dataplane V2 increases security and visibility for containers|https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine/]]|GKE|
|2020.08.19|//AlienVault//|[[Zero Trust Network Access (ZTNA) explained|https://cybersecurity.att.com/blogs/security-essentials/zero-trust-network-access-explained]]|Zero_Trust|
|2020.08.19|//Cyberark//|![[Using Kubelet Client to Attack the Kubernetes Cluster|https://www.cyberark.com/resources/threat-research-blog/using-kubelet-client-to-attack-the-kubernetes-cluster]] |K8s Flaw|
|2020.08.20|Container Journal| → [[CyberArk Discloses Potential Security Flaw in Kubernetes Agent Software|https://containerjournal.com/topics/container-security/cyberark-discloses-potential-security-flaw-in-kubernetes-agent-software/]]|K8s Flaw|
|2020.08.19|//Cloud Management Insider//|[[Cloud Security Done Right: Three Critical Moves You Need To Know|https://www.cloudmanagementinsider.com/cloud-security-done-right-three-critical-moves-you-need-to-know/]]|Misc|
|2020.08.19|//Centilytics//|[[Prepare For Better Tomorrow With Cloud Assessment|https://blogs.centilytics.com/prepare-for-better-tomorrow-with-cloud-assessment/]]|Assessment|
|2020.08.19|//Tripwire//|[[Taking Care of Your Data Responsibilities in a Shared Responsibility Model in the Cloud|https://www.tripwire.com/state-of-security/featured/data-responsibilities-shared-responsibility-model-cloud/]]|Shared_Responsibility|
|2020.08.19|DZone|[[AWS KMS Use Case With Serverless Application Model (SAM): An End To End Solution|https://dzone.com/articles/aws-kms-use-case-with-serverless-application-model]]|AWS KMS|
|2020.08.04|GitHub| → [[aws-kms-signup-login|https://github.com/rajanpanchal/aws-kms-signup-login]]|Tools|
|2020.08.19|//TrendMicro//|[[Malicious Docker Hub Container Images Used for Cryptocurrency Mining|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/malicious-docker-hub-container-images-cryptocurrency-mining]]|DockerHub CryptoMining Malicious_Images|
|2020.08.19|//AWS//|[[Introducing the AWS Controllers for Kubernetes (ACK)|https://aws.amazon.com/blogs/containers/aws-controllers-for-kubernetes-ack/]]|AWS Kubernetes ACK|
|2020.08.19|//Microsoft Azure//|[[Azure Kubernetes Service (AKS) Production Baseline|https://github.com/mspnp/aks-secure-baseline]]|Azure_AKS|
||//Microsoft Azure//| → [[AKS Secure Baseline reference implementation as produced by the Microsoft Azure Architecture Center|https://github.com/mspnp/aks-secure-baseline]]|Azure_AKS|
|2020.08.19|//Google Cloud//|[[New GKE Dataplane V2 increases security and visibility for containers|https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine]]|GCP_GKE eBPF|
|2020.08.19|//Oracle Cloud//|[[Keeping Data Safe - on-premises!|https://blogs.oracle.com/cloudsecurity/data-safe-on-premises]]|Data|
|2020.08.19|//NetApp//|[[Data Governance and Ransomware Detection in the NetApp Cloud|https://vmblog.com/archive/2020/08/19/data-governance-and-ransomware-detection-in-the-netapp-cloud.aspx]]|Detection Ransomware|
|2020.08.19|//Bitglass//|[[The Bitglass SASE Triangle: CASB for Managed Apps|https://www.bitglass.com/blog/the-bitglass-sase-triangle-casb-for-managed-apps]]|SASE CASB|
|>|>|>|!2020.08.18|
|2020.08.18|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Docker Hub va supprimer les images de containers inactives depuis 6 mois|https://www.lemondeinformatique.fr/actualites/lire-docker-hub-va-supprimer-les-images-de-containers-inactives-depuis-6-mois-80058.html]]|Docker Retention|
|2020.08.14|The Register|[[Docker shocker: Cash-strapped container crew threatens to delete 4.5 petabytes of unloved images|https://www.theregister.com/2020/08/14/docker_container_retention_policy/]]|Docker Retention|
||Docker Hub|[[Container Image Retention Policy|https://www.docker.com/pricing/retentionfaq]]|Docker Retention|
|2020.08.18|MSSP Alert|[[NIST Explains Zero Trust Architecture: A Closer Look|https://www.msspalert.com/cybersecurity-research/nist-explains-zero-trust-architecture-a-closer-look/]]|NIST Zero_Trust SP800-207|
||NIST| → [[SP 800-207 Zero Trust Architecture ([[pdf|https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf]])|NIST Zero_Trust SP800-207|
|2020.08.18|Dark Reading|[[How to Stay Secure on GitHub|https://www.darkreading.com/theedge/how-to-stay-secure-on-github/b/d-id/1338684]]|GitHub|
|2020.08.18|Container Journal|[[The Security Case for Containerized Cloud Architecture|https://containerjournal.com/topics/container-security/the-security-case-for-containerized-cloud-architecture/]]|Containers|
|2020.08.18|The Register|[[How to have a more positive 'outage experience' according to Microsoft: Please don't rely on the Azure Status page|https://www.theregister.com/2020/08/18/dont_use_azure_status_page/]]|Azure Outage Monitoring|
|2020.08.18|The Register|[[Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers|https://www.theregister.com/2020/08/17/albion_college_coronavirus_tracking_app/]]|Misc|
|2020.08.18|DZone|[[User Authentication With Amazon Cognito|https://dzone.com/articles/user-authentication-with-aws-cognito]]|AWS Authentication|
|2020.08.18|//Amazon AWS//|[[Securing resource tags used for authorization using a service control policy in AWS Organizations|https://aws.amazon.com/blogs/security/securing-resource-tags-used-for-authorization-using-service-control-policy-in-aws-organizations/]]|ABAC|
|2020.08.18|//Netskope//|[[Leaky O365 Links: Accidental Exposure in O365 Link Sharing|https://www.netskope.com/blog/leaky-o365-links-accidental-exposure-in-o365-link-sharing]]|0365 Flaw|
|2020.08.18|//CyberArk Conjur//|[[Service-to-Service Authentication in Cloud Applications & Microservices|https://www.conjur.org/blog/service-to-service-authentication-in-cloud-applications-microservices/]]|Authentication|
|2020.08.18|//Backblaze//|[[Backblaze Drive Stats Q2 2020|https://www.backblaze.com/blog/backblaze-hard-drive-stats-q2-2020/]]|Storage Reliability|
|2020.08.18|//Thibault Joubert//[>img[iCSF/flag_fr.png]]|![["Petit" guide pour se retrouver dans la jungle des licences sécurité et conformité Microsoft 365|https://www.linkedin.com/pulse/petit-guide-pour-se-retrouver-dans-la-jungle-des-licences-joubert/]] |M365 Licences Compliance|
|2020.08.18|//Microsoft Azure//|[[End of support for non-secure cipher suites in Microsoft Cloud App Security|https://techcommunity.microsoft.com/t5/microsoft-security-and/end-of-support-for-non-secure-cipher-suites-in-microsoft-cloud/ba-p/1596262]]|Azure_MCAS CASB Cipher_Suite|
|2020.08.18|Bleeping Computer| → [[Microsoft is killing off insecure Cloud App Security cipher suites|https://www.bleepingcomputer.com/news/security/microsoft-is-killing-off-insecure-cloud-app-security-cipher-suites/]]|Azure_MCAS CASB Cipher_Suite|
|2020.08.18|//AWS//|[[Amazon S3 Batch Operations|https://aws.amazon.com/fr/s3/features/batch-operations/]]|AWS_S3 Amazon Batch_Operations|
|2020.08.18|//CloudPassage//|![[Shared Responsibility Model Automation: Automating Your Share|https://www.cloudpassage.com/blog/shared-responsibility-model-automation-automating-your-share/]] (2/2) |Shared_Responsibility|
|2020.08.18|//Expel//|[[The power of orchestration: how we automated enrichments for AWS alerts|https://expel.io/blog/power-of-orchestration-how-we-automated-enrichments-aws-alerts/]]|AWS Alerting|
|>|>|>|!2020.08.17|
|2020.08.17|LeMagIT[>img[iCSF/flag_fr.png]]|[[IaaS : l'essor chinois (Gartner)|https://www.lemagit.fr/actualites/252487730/IaaS-lessor-chinois-Gartner]]|IaaS China|
|2020.08.17|Reuters|![[Exclusive: Amazon in talks to invest in cloud services company Rackspace, say sources|https://www.reuters.com/article/us-amazon-com-rackspace-tech-exclusive/exclusive-amazon-in-talks-to-invest-in-cloud-services-company-rackspace-say-sources-idUSKCN25D1Q6]] |Potential_Acquisition|
|2020.08.17|CRN (AU)| → [[Amazon in talks to buy Rackspace|http://www.crn.com.au/news/amazon-in-talks-to-invest-in-cloud-services-company-rackspace---sources-551860]]|Potential_Acquisition|
|2020.08.17|CSO Online|[[Hybrid cloud complexity, rush to adopt pose security risks, expert says|https://www.csoonline.com/article/3571172/hybrid-cloud-complexity-rush-to-adopt-pose-security-risks-expert-says.html]] ([[vidéo|https://www.youtube.com/watch?v=AR5aLszXA2E]])|Hybrid_Cloud Risks|
|2020.08.17|//Check Point//|[[Cloud Threat Hunting: Attack & Investigation Series - Privilege Escalation via EC2|https://blog.checkpoint.com/2020/08/17/cloud-threat-hunting-attack-investigation-series-privilege-escalation-via-ec2/]] ([[vidéo|https://www.youtube.com/watch?v=A0hZOwvGAgk]])|Threat_Hunting|
|2020.08.17|//IBM X-Force// & //Ponemon//|Rapport [[The State of Vulnerability Management in the Cloud and On-Premises|https://www.ibm.com/account/reg/us-en/signup?formid=urx-46992]] (après inscription)|Report|
|2020.08.17|//Security Intelligence//| → [[New Ponemon Report: A Programmatic Approach to Vulnerability Management for Hybrid Multicloud|https://securityintelligence.com/posts/security-vulnerability-management-hybrid-multicloud/]]|Report|
|2020.08.17|Dark Reading| → [[Firms Still Struggle to Prioritize Security Vulnerabilities|https://www.darkreading.com/vulnerabilities---threats/vulnerability-management/firms-still-struggle-to-prioritize-security-vulnerabilities/d/d-id/1338687]]|Report|
|2020.08.17|//Security Intelligence//|[[Threat Modeling in a Container Environment|https://securityintelligence.com/articles/threat-modeling-container-environment/]]|Container Threat_Modeling|
|2020.08.17|//Cado Security//|![[Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials|https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/]] |AWS Credentials Attack Team_TNT|
|2020.08.17|ZDNet| → [[Crypto-mining worm steal AWS credentials|https://www.zdnet.com/article/crypto-mining-worm-steal-aws-credentials/]]|AWS Credentials Attack Team_TNT|
|2020.08.18|//Duo Security//| → [[Cryptomining Botnet Steals AWS Credentials|https://duo.com/decipher/cryptomining-botnet-steals-aws-credentials]]|AWS Credentials Attack Team_TNT|
|2020.08.18|//Threatpost//| → [[AWS Cryptojacking Worm Spreads Through the Cloud|https://threatpost.com/aws-cryptojacking-worm-cloud/158427/]]|AWS Credentials Attack Team_TNT|
|2020.08.19|CERT-EU| → [[A cryptomining worm that steals AWS credentials|https://media.cert.europa.eu/static/MEMO/2020/TLP-WHITE-CERT-EU-THREAT-MEMO-Cryptominer-steals-AWS-credentials-v1.0.pdf]] (pdf) |AWS Credentials Attack Team_TNT|
|2020.08.19|Security Week| → [[Crypto-Mining Worm Targets AWS Credentials|https://www.securityweek.com/crypto-mining-worm-targets-aws-credentials]]|AWS Credentials Attack Team_TNT|
|2020.08.17|//SpecterOps//|![[Death from Above: Lateral Movement from Azure to On-Prem AD|https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d]] |AzureAD Lateral_Movement|
|2020.08.17|//Pivot Point Security//|[[Alternatives to Microsoft GCC High Cloud for CMMC Compliant Email and File Sharing|https://www.pivotpointsecurity.com/blog/alternatives-to-microsoft-gcc-high-cloud-for-cmmc-compliant-email-and-file-sharing/]]|CMCC|
|2020.08.17|//AlienVault//|[[Cloud Security|https://cybersecurity.att.com/blogs/security-essentials/cloud-security]]|Misc|
|2020.08.17|//Cloud Management Insider//|[[Google Cloud Security Showcase; How Can It Benefit Users?|https://www.cloudmanagementinsider.com/google-cloud-security-showcase-how-can-it-benefit-users/]]|GCP Showcase|
|2020.08.17|//AWS//|![[Application and Classic Load Balancers are adding defense in depth with the introduction of Desync Mitigation Mode|https://aws.amazon.com/about-aws/whats-new/2020/08/application-and-classic-load-balancers-adding-defense-in-depth-with-introduction-of-desync-mitigation-mode/]] |AWS Load_Balancing|
|2020.08.18|//The Daily Swig//| → [[AWS launches open source tool to protect against HTTP request smuggling attacks|https://portswigger.net/daily-swig/aws-launches-open-source-tool-to-protect-against-http-request-smuggling-attacks]]|AWS Load_Balancing|
||//AWS//| → Outil [[HTTP Desync|https://github.com/aws/http-desync-guardian]]|Tools AWS|
|2020.08.17|//Microsoft Azure//|[[Security Controls in ASC: Restrict Unauthorized Network Access|https://techcommunity.microsoft.com/t5/azure-security-center/security-controls-in-asc-restrict-unauthorized-network-access/ba-p/1593833]]|Azure_Security_Center|
|2020.08.17|//Microsoft Azure//|[[Build resilient applications with Kubernetes on Azure|https://azure.microsoft.com/blog/build-resilient-applications-with-kubernetes-on-azure/]]|Azure Resilience Kubernetes|
|2020.08.17|//Microsoft Azure//|[[Advancing the outage experience - automation, communication, and transparency|https://azure.microsoft.com/blog/advancing-the-outage-experience-automation-communication-and-transparency/]]|Reliability Outage|
|2020.08.17|//Sysdig//|[[Sysdig 2020 Container Security Snapshot: Key image scanning and configuration insights|https://sysdig.com/blog/sysdig-2020-container-security-snapshot/]] (pdf)|Report Containers|
|2020.08.17|Container Journal| → [[Sysdig: Container Security Issues Increasing|https://containerjournal.com/topics/container-security/sysdig-container-security-issues-increasing/]]|Report Containers|
|2020.08.17|//Digital Guardian//|[[What is Azure Security?|https://digitalguardian.com/blog/what-azure-security]]|Azure|
|2020.08.17|//Amazon AWS//|[[How to use AWS RAM to share your ACM Private CA cross-account|https://aws.amazon.com/blogs/security/how-to-use-aws-ram-to-share-your-acm-private-ca-cross-account/]]|AWS Certificate_Authority|
|2020.08.17|//Kublr//|[[Kubernetes RBAC 101: Authorization|https://kublr.com/blog/kubernetes-rbac-101-authorization/]] (3/3)|Kubernetes RBAC|
|2020.08.17|//NetSPI//|[[Lateral Movement in Azure App Services|https://blog.netspi.com/lateral-movement-azure-app-services/]]|Azure Lateral_Movement|
<<tiddler [[arOund0C]]>>
!Agenda du 'CSA CloudCon 2020'
[>img(200px,auto)[iCSA/202008US-GrandRapids.png]]Comme annoncé précédemment+++^*[»] <<tiddler [[2020.07.06 - Actu : Agenda du 'CSA CloudCon 2020']]>>===, la ''CSA CloudCon 2020'' s'est déroulée les 19 et 20 août 2020.
La plupart des interventions ont été enregistrées et sont visibles sur la chaine YouTube du chapitre CSA "West Michigan".
Les interventions dont la vidéo est disponible sont les suivantes (voir ci-dessous) :
* ''The Enterprise of Things''
* ''Cloud Security and Compliance''
* ''The Path To Identity Maturity''
* ''From the Deck of the CEO''
* ''WAF are you talking about?''
* ''What is this thing called SASE?''
* ''Defense on a Budget: Cloud Security Tips and Tricks''
L'intervention non enregistrée et non disponible est :
* ''Tales From the Cyber War Trenches''
__Liens :__
* site de la conférence ⇒ [[CloudConGR.org|https://cloudcongr.org/]]
* la chaine YouTube du chapitre CSA "West Michigan" → https://www.youtube.com/channel/UCKSWghzvduXRDMGpZEkCcXg
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tabs tK8M "Tales from Cyber War Trenches" '' [[K8M-CC##TFTCWT]]
'Enterprise of Things' '' [[K8M-CC##TEOT]]
'Cloud Security and Compliance' '' [[K8M-CC##CSAC]]
'Path To Identity Maturity' '' [[K8M-CC##TPTIM]]
'From the Deck of the CEO' '' [[K8M-CC##FTDOTC]]
'WAF are you talking about' '' [[K8M-CC##WAYTA]]
'What is this thing called SASE?' '' [[K8M-CC##WITTCS]]
'Defense on a Budget...' '' [[K8M-CC##DOABCSTAT]] >>
<<tiddler [[arOund0C]]>>
/%
!TFTCWT
__''Tales From the Cyber War Trenches''__
* Intervenant : Jim Kuiphof, Spectrum Health
* Date : 19 août 2020
* Liens : [[description|https://cloudcongr.org/?page_id=287]], vidéo indisponible
* Détails :
> //Cybersecurity is war; war is composed of a series of battles, some large and strategic, some small and insignificant. If you have worked in Information Security for any length of time you have known some of these battles: security incidents, organization change, security projects, and management battles. Some battles resulted in victory, others in defeat and failure. Every battle, regardless of the outcome, was an opportunity to learn and grow. In this session, Jim will share several war stories in order to draw out leadership and organizational lessons from incident response, novel security threats, successful and failed control implementations, leading cybersecurity teams, surviving bad leadership, and transformational cybersecurity programs. This session should be interesting to anyone working in, working with, or leading information security practitioners and teams.//
!TEOT
__''The Enterprise of Things''__
* Intervenant : Ellen Sundra, Forescout
* Date : 19 août 2020
* Liens : [[description|https://cloudcongr.org/?page_id=453]], [[vidéo|https://www.youtube.com/watch?v=LcLUgBuxviA]]
* Détails :
> //While cybersecurity teams work to address operational and functional gaps, cybercriminals develop attacks targeting the top areas of risk for a company. Using the Forescout Device Cloud, the world's largest repository of connected device data, Forescout Research Labs analyzed the risk posture of more than 8 million devices to uncover detailed information about the greatest points of risk inherent across today's extended enterprise.
Session discussion topics include:
• Top 10 riskiest device types in enterprise-scale networks • Riskiest device functions across verticals • How to mitigate and remediate identified points of risk//
!CSAC
__''Cloud Security and Compliance''__
* Intervenant : Jeremy Snyder, DivvyCloud
* Date : 19 août 2020
* Liens : [[description|https://cloudcongr.org/?page_id=422]], [[vidéo|https://www.youtube.com/watch?v=SX5tVOXvwlc]]
* Détails :
> //One of the hottest topics in the Information Security world today, Jeremy's presentation will focus on 10 easy and functional ways to harden your multi-cloud security posture. This session will be built on a foundation of best practices, learned through years of helping leading cloud-adopting enterprises stay secure.//
!TPTIM
__''The Path To Identity Maturity''__
* Intervenant : Jerod Brennen, SailPoint
* Date : 19 août 2020
* Liens : [[description|https://cloudcongr.org/?page_id=140]], [[vidéo|https://www.youtube.com/watch?v=PR36wHnaEXU]]
* Détails :
> //"Are we secure?" It's the most dreaded question that information security and risk management professionals need to answer. Compliance is a useful starting point, but the number of "compliant" organizations who still suffered a data breach is proof positive that compliance simply isn't enough. That's where maturity models come into play.
In this presentation, I'll show you how to apply a capability maturity model (CMM) to your identity and access management (IAM) program, using that model to assess where you are today. I'll also share tools and techniques you can use to accelerate improvements to your program.//
!FTDOTC
__''From the Deck of the CEO''__
* Intervenant : Jim Reavis, Cloud Security Alliance
* Date : 20 août 2020
* Liens : [[description|https://cloudcongr.org/?page_id=494]], [[vidéo|https://www.youtube.com/watch?v=AgUAHjh_XAI]]
* Détails :
> //In his role as the CEO of the global Cloud Security Alliance, Jim has a special view into the world of Cloud security. His keynote presentation will focus on the importance of Cloud security in today's always connected Cloud-focused world.//
!WAYTA
__''WAF are you talking about?''__
* Intervenant : Phillip Maddux, Signal Sciences
* Date : 20 août 2020
* Liens : [[description|https://cloudcongr.org/?page_id=275]], [[vidéo|https://www.youtube.com/watch?v=G4nDNJkK16w]]
* Détails :
<<<
//Over the last several years we've witnessed, and experienced, an advance towards new approaches in web technologies and the processes to deploy web applications. In this talk, we'll explore and describe the "Modern Web", discuss observations on the evolution of the Secure SDLC, recognize existing challenges in achieving real-time threat visibility once web applications are deployed to production, and finally, walk through the concepts such as:
* Visibility • Attack traffic • Anomalous traffic • Dynamic Detection • Application Instrumentation • Reduction in mean time to response • Integrations
which all help to address the challenges in fast paced "agile" development cycles.//
<<<
!WITTCS
__''What is this thing called SASE?''__
* Intervenant : William Houcheime, Bitglass
* Date : 20 août 2020
* Liens : [[description|https://cloudcongr.org/?page_id=271]], [[vidéo|https://www.youtube.com/watch?v=pidOdQbFEUo]]
* Détails :
> //With the rapid growth of the remote workforce, organizations are in need of a comprehensive security platform that offers advanced capabilities for optimizing today's business environment. Bitglass' SmartEdge architecture delivers a complete Secure Access Service Edge (SASE) platform that simultaneously circumvents the management overhead and performance bottlenecks. Organizations that deploy Bitglass' SmartEdge enable endpoints to carry their own on-device Secure Web Gateway (SWG), ensuring business continuity in a more efficient manner.//
!DOABCSTAT
__''Defense on a Budget: Cloud Security Tips and Tricks''__
* Intervenant : Robert Wagner, Splunk
* Date : 20 août 2020
* Liens : [[description|https://cloudcongr.org/?page_id=383]], [[vidéo|https://www.youtube.com/watch?v=5CsUjo-Ii30]]
* Détails :
> //There is never enough budget or time to solve every security problem an organization faces. However, there are a lot of free or inexpensive tactics and techniques that every organization can leverage to make it harder for attackers to enter your environment. This presentation is a collection of basic tips and tricks learned from security professionals around the world These are tactics that either stop attackers in their tracks, or make it more difficult for them to succeed. You'll walk away with actionable tips to fill your security gaps and help reduce your attack surface.//
!end
%/
!"//CSA's Perspective on Cloud Risk Management//"
<<<
{{ss2col{
//The rapid growth in both scope and market share, combined with the inherent complexity of cloud computing, appears to be straining the capabilities of existing governance and risk management frameworks. In light of the dramatic growth and apparent onset of harmful events, similar to those hampering non-cloud technology environments, CSA developed this position paper to question the perceived effectiveness of current governance and maturity in the use of risk management frameworks applied to cloud computing.//
[img(150px,auto)[iCSA/K8KPC.jpg]] }}}
<<<
__Annonce__
<<<
{{ss2col{
//SEATTLE - Aug. 20, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released Perspective on Cloud Risk Management, a new paper that looks to examine the effectiveness of governance and maturity with cloud computing risk management frameworks. The paper addresses how the underlying concepts of effective risk management can be integral to managing the broad risk introduced to enterprises by cloud computing.
"The rapid growth in both scope and market share, combined with the inherent complexity of cloud computing, is straining the capabilities of existing governance and risk management frameworks. As the users - and uses - of cloud computing evolve, so must the supporting governance models, including the maturity of governance and risk management programs," said Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance, one of the paper's lead authors. "We hope to spur debate with this document within the cloud and risk management communities on the suitability of existing methodologies and practices."
The document lays out five questions to stimulate discussion and facilitate possible solutions:
* Are the risk management methodologies currently available adequate to manage risks in the cloud?
* Are organizations aware of the shared responsibility model introduced by cloud computing, and are the responsibilities appropriately reflected in the risk management processes and programs?
* Are organizations aware of the concepts and implications of indirect/loss of control imposed by cloud computing and the challenges they pose to the design of risk mitigation procedures and their validation?
* Are organizations sufficiently aware of the impact that cloud computing has on the propagation of their supply chains and the difficulty in evaluating and monitoring the consolidated residual risk of third/fourth parties?
* Are the current governance practices adequate to effectively identify, evaluate and report the relevant cloud risks to relevant stakeholders?
Risk management when applied to cloud operations plays a vital role in all of an organization's processes and is essential to its overall business improvement strategy. As such, it must be a top-level, enterprise-wide process rather than a siloed or departmental exercise. While the risk management approach is the same whether in the cloud or on-prem, there are significant differences in tactics and implementation that must be addressed. An effective risk management program will address issues related to economic value, process improvement, compliance, information security, and privacy, including:
* New operational security risks created by moving to the cloud
* Costs related to the failure to address cloud compliance
* Risks related to the cloud market growth
* Mitigation measures
CSA's Perspective on Cloud Risk Management is a free document.// }}}
<<<
__Table des matières__
<<<
{{ss2col{
//1. Introduction
2. Background
3. Objectives and scope
* 3.1 Why should you read this paper?
4. Five key questions to explore
* 4.1 Are the existing risk management methodologies adequate to manage risks in the cloud?
* 4.2 Is the shared responsibility model appropriately reflected in the risk management processes and programs?
* 4.3 Are companies aware of the implications of governance forced by the idea of indirect control?
* 4.4 Is the cloud supply chain complexity factor sufficiently integrated into the risk management practices?
* 4.5 Are current practices adequate to effectively and clearly communicate risks to the members of the board?
5. Conclusion and recommendations//
}}}
<<<
__Liens :__
* Communiqué de presse ⇒ ''[[CloudSecurityAlliance.fr/go/k8kr/|https://CloudSecurityAlliance.fr/go/k8kr/]]''
** https://cloudsecurityalliance.org/press-releases/2020/08/20/cloud-security-alliance-releases-perspective-on-cloud-risk-management-report-that-identifies-cloud-computing-rapid-adoption-gaps-and-risks/
* Téléchargement ⇒ ''[[CloudSecurityAlliance.fr/go/k8kp/|https://CloudSecurityAlliance.fr/go/k8kp/]]''
** https://cloudsecurityalliance.org/artifacts/csa-s-perspective-on-cloud-risk-management
<<tiddler [[arOund0C]]>>
!"//Cloud Security Alliance, ISACA Announce Strategic Partnership to Reinvent Cloud Auditing and Assurance//"
[>img(150px,auto)[iCSF/cloud-security-alliance.png]][>img(180px,auto)[iCSF/ISACA.jpg]]Communiqué de presse publié le 17 août 2020 conjointement avec l'ISACA.
Il comporte deux points importants :
* Le partenariat de la [[CSA]] avec l'''ISACA'' (Information Systems Audit and control Association®), association bien connue dans le monde du contrôle et de l'audit informatique,
* L'annonce de la disponibilité au cours du dernier trimestre 2020 de la certification [[CCAK]].
<<<
{{ss2col{//__Organizations to collaborate on joint venture to bring the Certificate of Cloud Auditing Knowledge (CCAK) to the market__//
//SEATTLE - Aug. 17, 2020 - Global technology association ISACA and the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced a strategic partnership to collaborate closely on critical initiatives to transform the auditing and assurance of cloud computing. The first initiative will combine forces to bring to market the previously announced Certificate of Cloud Auditing Knowledge (CCAK) as a joint venture. The two industry leaders will announce a broader collaboration roadmap later in 2020.
The CCAK, scheduled for completion in Q4 2020, is the first credential for industry professionals that demonstrates expertise in the essential principles of auditing cloud computing systems. With this announcement, ISACA has joined CSA as an equal partner to deliver the CCAK portfolio (body of knowledge, training materials, and an examination), giving IT, audit and information security professionals the opportunity to obtain the credential and raise the baseline of cloud assurance knowledge across the industry.
"I have enjoyed a professional relationship with ISACA for over 20 years that predates the founding of Cloud Security Alliance," said Jim Reavis, co-founder and CEO of Cloud Security Alliance. "I am delighted that we are working together even more closely to deliver authoritative education about cloud auditing and assurance to our mutual community. ISACA's global leadership within the IT audit profession and its reputation for high-integrity knowledge programs make them the ideal partner to achieve real progress in creating trust in the cloud."
"ISACA is pleased to forge this new partnership with CSA, an organization we have worked with since its founding in 2009," said David Samuelson, CEO of ISACA. "As cloud becomes the centerpiece of organizational IT strategies and the repository of corporate crown jewels, we have a unique responsibility to increase the security and transparency of this platform. We truly believe that this partnership allows us to do more together than we could individually to accelerate cloud assurance competencies throughout our global audience."
The CCAK's holistic body of knowledge will be composed of the CSA's Cloud Controls Matrix (CCM), the fundamental framework of cloud control objectives; its companion Consensus Assessments Initiative Questionnaire (CAIQ), the primary means for assessing a cloud provider's adherence to CCM; and the Security, Trust, Assurance & Risk (STAR) program, the global leader in cloud security audits and self-assessments, in addition to new material.
ISACA and CSA will announce detailed availability and pricing of the CCAK offerings later this year.
More information can be found at [[cloudsecurityalliance.org/education/ccak/|https://cloudsecurityalliance.org/education/ccak/]].
In the coming months, ISACA and CSA will provide a roadmap of additional initiatives they will undertake to broaden this partnership for cloud auditing and assurance. The collaboration will promote harmonization between the myriad cloud trustmarks and standards within various industries and nations, as well as drive greater consensus between cloud providers, customers, and governing bodies. ISACA and CSA members will be key stakeholders in moving these initiatives forward and improving the assurance of the global cloud ecosystem.
"We look forward to continuing to partner with CSA going forward to not only drive collaboration and progress in the area of cloud security but also bring value to our respective members worldwide," said Nader Qaimari, ISACA chief learning officer. // }}}
<<<
^^__Liens :__
* Site CSA → ''[[CloudSecurityAlliance.fr/go/k8hr/|https://CloudSecurityAlliance.fr/go/k8hr/]]''
* Site ISACA → ''[[CloudSecurityAlliance.fr/go/k8h2/|https://CloudSecurityAlliance.fr/go/k8h2/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #77|2020.08.16 - Newsletter Hebdomadaire #77]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #77|2020.08.16 - Weekly Newsletter - #77]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.08.16 - Newsletter Hebdomadaire #77]]>> |<<tiddler [[2020.08.16 - Weekly Newsletter - #77]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 10 au 16 août 2020
!!1 - Informations CSA - 10 au 16 août 2020
* ''Répondez au sondage CSA sur l'adoption du Cloud'' en 2020+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* ''Formation CCSK en Français fin août 2020 : inscriptions toujours ouvertes'' !+++^*[»] <<tiddler [[2020.08.02 - Actu : Formation CCSK en Français fin août 2020]]>>===
* Blog : Sécurité de la Blockchain+++^*[»] <<tiddler [[2020.08.10 - Blog : Sécurité de la Blockchain]]>>===
* Actu : Retour sur le 'Cloud Security Summit' de SecurityWeek+++^*[»] <<tiddler [[2020.08.15 - Actu : Retour sur le 'Cloud Security Summit' de SecurityWeek]]>>===
* Blog : Impact de Schrems 2 sur la Protection des Données par Françoise Gilbert+++^*[»] <<tiddler [[2020.08.10 - Blog : Impact de Schrems 2 sur la Protection des Données]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 90 liens|2020.08.16 - Veille Hebdomadaire - 16 août]])
* __''À lire''__
** ''2020 Cloud Security Report'' (Checkpoint)+++^*[»]
|2020.08.10|//Checkpoint Software//|![[Check Point's 2020 Cloud Security Report Highlights Enterprise Security Concerns and Challenges in Public Clouds|https://www.checkpoint.com/press/2020/check-points-2020-cloud-security-report-highlights-enterprise-security-concerns-and-challenges-in-public-clouds/]] ([[rapport|https://pages.checkpoint.com/2020-cloud-security-report.html]]) |Report|
|2020.08.10|Computer Weekly| → [[Security teams struggle to keep pace with cloud threats|https://www.computerweekly.com/news/252487395/Security-teams-struggle-to-keep-pace-with-cloud-threats]]|Report|
|2020.08.10|BetaNews| → [[Existing security tools struggle with public clouds|https://betanews.com/2020/08/10/security-tools-struggle-public-clouds/]]|Report|
|2020.08.11|Continuity Central| → [[2020 Cloud Security Report highlights top challenges|https://www.continuitycentral.com/index.php/news/technology/5398-2020-cloud-security-report-highlights-top-challenges]]|Report|
|2020.08.12|Developpez.com[>img[iCSF/flag_fr.png]]| → [[La sécurité reste un problème clé pour les clients de service cloud, les accès non autorisés|https://cloud-computing.developpez.com/actu/307984/La-securite-reste-un-probleme-cle-pour-les-clients-de-service-cloud-les-acces-non-autorises-et-les-interfaces-non-securisees-figurant-parmi-les-plus-grandes-menaces-selon-Check-Point/]]|Report|
===
* __Attaques, Incidents, Fuites de données, Vulnérabilités et Pannes__
** Analyse et bilan de l'incident Docker Hub de juillet 2020+++^*[»]
|2020.08.20|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Docker publie son 1er post-mortem public sur un incident interne|https://www.lemondeinformatique.fr/actualites/lire-docker-publie-son-1er-post-mortem-public-sur-un-incident-interne-80094.html]]|Incident Post_Analysis|
|2020.08.12|//GitHub//|! → [[Docker Hub Incident Review - 5 July 2020|https://www.docker.com/blog/docker-hub-incident-review-5-july-2020/]] |Incident Post_Analysis|
===
** Fuite de données multiples+++^*[»]
|2020.08.11|//vpnMentor//|[[Report Multiple Firms Breach|https://www.vpnmentor.com/blog/report-multiple-firms-breach/]]|AWS Data_Leaks|
|2020.08.11|//CyberSecurity Insiders//| → [[Over 5.5m files or 343GB data leaked from Amazon Web Services AWS|https://www.cybersecurity-insiders.com/over-5-5m-files-or-343gb-data-leaked-from-amazon-web-services-aws/]]|AWS Data_Leak|
|2020.08.13|CISO Mag| → [[Unsecured Database Exposes 5.5 Mn Records of Multiple Organizations|https://cisomag.eccouncil.org/unsecured-databae/]]|AWS Data_Leaks|
===
** Vulnérabilités corrigées des mécanismes de chiffrement AWS+++^*[»]
|2020.08.10|//Decipher//|![[Amazon Fixes Five Flaws in AWS Encryption Client|https://medium.com/bugbountywriteup/gain-access-to-an-internal-machine-using-port-forwarding-penetration-testing-518c0b6a4a0e]] |AWS Flaws Enryption|
|2020.08.11|CBR Online| → [[Google Crypto Expert Exposes Trio of AWS Encryption Bugs|https://www.cbronline.com/news/aws-encryption-bugs]]|Encryption AWS Flaws|
===
* __Rapports et études__
** Niveau de sécurité et ereurs humaines (Tripwire) • Importance du Zero-Trust (Illumio)+++^*[»]
|2020.08.12|//Tripwire//|[[Survey: 76% of IT Pros Say It's Difficult to Maintain Security Configs in the Cloud|https://www.tripwire.com/state-of-security/featured/survey-security-configs-cloud/]]|Report|
|2020.08.13|Help Net Security| → [[Most security pros are concerned about human error exposing cloud data|https://www.helpnetsecurity.com/2020/08/13/most-security-pros-are-concerned-about-human-error-exposing-cloud-data/]]|Errors|
|>|!|>||
|2020.08.13|//Illumio//|[[New Illumio Report Reveals Zero Trust Is Critically Important to Enterprises but Vastly Underutilized|https://www.illumio.com/news/press-releases/zero-trust-survey-report]]|Report Zero_Trust|
|2020.08.13|//Illumio//| → Rapport [[Zero in on Zero Trust|https://www.illumio.com/resource-center/research-report/zero-trust-report]]|Report Zero_Trust|
|2020.08.13|Container Journal| → [[New Illumio Report Reveals Zero Trust Is Critically Important to Enterprises but Vastly Underutilized|https://containerjournal.com/news/news-releases/new-illumio-report-reveals-zero-trust-is-critically-important-to-enterprises-but-vastly-underutilized/]]|Report Zero_Trust|
===
* __Autres veilles hebdomadaires Cloud et Sécurité__
** TL;DR Security #47 • ''The Cloud Security Reading List'' #50+++^*[»]
|2020.08.16|Marco Lancini|[[The Cloud Security Reading List #50|https://cloudseclist.com/issues/issue-50/]] |Weekly_Newsletter|
|2020.08.12|TL;DR Security|[[#47 - Automating Recon, Podcasts, and Lateral Movement / Privilege Escalation in GCP|https://tldrsec.com/blog/tldr-sec-047/]] |Weekly_Newsletter|
===
* __Cloud Services Providers, Outils__
** AWS : Abus dans le suivi des connexions • Fédération d'identités • IAM • Rôle d'Amazon Detective • Détection d'abus avec Splunk+++^*[»]
|2020.08.11|Nick Frichette|![[Abusing AWS Connection Tracking|https://frichetten.com/blog/abusing-aws-connection-tracking/]] |AWS Bypass_Technique|
|2020.08.13|//Caylent//|[[Identity Federation in AWS with Okta|https://caylent.com/identity-federation-in-aws-with-okta]]|AWS Identity_Federation Okta|
|2020.08.10|//AWS//|[[Using AWS Lambda IAM condition keys for VPC settings|https://aws.amazon.com/blogs/compute/using-aws-lambda-iam-condition-keys-for-vpc-settings/]]|AWS_Lambda IAM VPC|
|2020.08.10|//AWS//| → [[AWS Lambda now provides IAM condition keys for VPC settings|https://aws.amazon.com/about-aws/whats-new/2020/08/aws-lambda-provides-iam-condition-keys-vpc-settings/]]|AWS_Lambda IAM|
|2020.08.12|MSSP Alert|[[Amazon Detective's Role in AWS Cloud Security|https://www.msspalert.com/cybersecurity-services-and-products/amazon-detectives-role-in-aws-cloud-security/]]|AWS|
|2020.08.12|//Splunk//|[[Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials|https://www.splunk.com/en_us/blog/security/using-splunk-to-detect-abuse-of-aws-permanent-and-temporary-credentials.html]]|AWS Detection Abuse|
|2020.08.12|//AWS//|[[Quickly build STIG-compliant Amazon Machine Images using Amazon EC2 Image Builder|https://aws.amazon.com/blogs/security/quickly-build-stig-compliant-amazon-machine-images-using-amazon-ec2-image-builder/]]|AWS Compliance STIG|
===
** Azure : Programme d'audit défini par l'ISACA • Réflexions d'Adrian Grigorof sur Azure Sentinel • Compte de secours Azure AD • Politiques d'accès conditionnel • AKS • Reporting+++^*[»]
|2020.08.10|ISACA|![[Azure Audit Program|https://www.isaca.org/bookstore/audit-control-and-security-essentials/waazu]] (accès réservé aux membres ISACA) |Azure Audit|
|2020.08.16|//Managed Sentinel//|[[Azure Sentinel Design|https://www.managedsentinel.com/2020/08/16/azure-sentinel-data-connectors/]]|Azure_Sentinel|
|2020.08.16|SecureCloudBlog|[[Alternative take on Azure AD 'Break Glass' account|https://securecloud.blog/2020/08/16/alternative-take-on-azure-ad-break-glass-account/]]|AzureAD|
|>|!|>||
|2020.08.14|SecureCloudBlog|[[Project Log Part 2: Automating Azure Security Reports - NodeJS API for AZSK|https://securecloud.blog/2020/08/14/project-log-part-2-automating-azure-security-reports-nodejs-api-for-azsk/]] (2/3)|Azure Reporting|
|2020.08.10|//Microsoft Azure//|[[Azure Cloud Shell can now run in an isolated virtual network (public preview)|https://azure.microsoft.com/en-au/updates/cloudshell-vnet/]]|Azure_CloudShell|
|2020.08.10|//Microsoft Azure//| → [[documentation|https://aka.ms/cloudshell/docs/vnet]]|Azure_CloudShell|
|2020.08.13|//Microsoft Azure//|[[Conditional Access policies now apply to all client applications by default|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-policies-now-apply-to-all-client-applications/ba-p/1257371]]|AzureAD|
|2020.08.13|//Microsoft Azure//|[[Monitoring Azure Kubernetes Service (AKS) with Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/monitoring-azure-kubernetes-service-aks-with-azure-sentinel/ba-p/1583204]]|Azure_Sentinel AKS|
|2020.08.13|//Microsoft Azure//|[[Enterprise-Scale for Azure landing zones|https://techcommunity.microsoft.com/t5/azure-architecture-blog/enterprise-scale-for-azure-landing-zones/ba-p/1576575]]|Azure|
===
** GCP : gestion des adresses IP+++^*[»]
|2020.08.13|//Google Cloud//|[[Understanding IP address management in GKE|https://cloud.google.com/blog/products/containers-kubernetes/ip-address-management-in-gke/]]|GKE IP_Address|
===
** Kubernetes : menaces (suite de la série d'articles)+++^*[»]
|2020.08.13|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 7 - Discovery|https://www.stackrox.com/post/2020/08/protecting-against-kubernetes-threats-chapter-7-discovery/]] (7/9) |Kubernetes Treats|
===
** (Cloud) VPS+++^*[»]
|2020.08.14|CloudTweaks|![[Difference-between VPS and Cloud VPS|https://cloudtweaks.com/2020/08/difference-between-vps-and-cloud-vps/]] |VPS|
===
* __Divers__
** Bonnes et mauvaises pratiques 'Cloud et Sécurité' : généralités • GKE • DevSecOps • M365/O365+++^*[»]
|2020.08.10|Solutions Review|![[7 Devastating Cloud Computing Mistakes You Need to Avoid|https://solutionsreview.com/cloud-platforms/7-devastating-cloud-computing-mistakes-you-need-to-avoid/]] |Errors|
|>|!|>||
|2020.08.16|//Tripwire//|![[Implementing Cloud Security Best Practices|https://www.tripwire.com/solutions/cloud-cybersecurity/cloud-security-best-practices-report/]] (août 2020) |Report Best_Practices|
|2020.08.16|MSSP Alert| → [[Implementing Cloud Security Best Practices|https://www.msspalert.com/cybersecurity-research/cloud-security-best-practices/]]|Report Best_Practices|
|2020.08.14|//Google Cloud//|[[GKE best practices: Day 2 operations for business continuity|https://cloud.google.com/blog/products/containers-kubernetes/ensuring-reliability-and-uptime-for-your-gke-cluster/]] (2/2)|BCP GCP GKE|
|2020.08.12|//StackRox//|[[GKE Monitoring Best Practices for Better Security and Operability|https://www.stackrox.com/post/2020/08/gke-monitoring-best-practices-for-better-security-and-operability/]]|GCP Kubernetes|
|2020.08.12|GovLoop|[[3 Ways DevSecOps Can Improve Cybersecurity Practices|https://www.govloop.com/3-ways-devsecops-can-improve-cybersecurity-practices/]]|DevSecOps|
|2020.08.11|//Anchore//|[[Cloud Native Security For DevOps, Applying The 4 C's As Security Best Practice|https://anchore.com/blog/cloud-native-security-for-devops-applying-the-4-cs-as-security-best-practice/]]|DevSecOps|
|2020.08.11|//Microsoft Azure//|[[Microsoft Office 365 - Do you have a false sense of cloud security?|https://www.microsoft.com/security/blog/2020/08/11/microsoft-office-365-do-you-have-a-false-sense-of-cloud-security/]]|Best_Practices M365|
===
** Brevets CloudPassage sur la sécurisation des containers+++^*[»]
|2020.08.13|//CloudPassage//|[[CloudPassage Granted Patent for Container Security|https://vmblog.com/archive/2020/08/13/cloudpassage-granted-patent-for-container-security.aspx]]|Patent|
===
** DRP dans le Cloud+++^*[»]
|2020.08.14|Continuity Central|[[Moving Towards A Cloud First Strategy Disaster Recovery Is A Good First Step|https://www.continuitycentral.com/index.php/news/technology/5411-moving-towards-a-cloud-first-strategy-disaster-recovery-is-a-good-first-step|https://www.continuitycentral.com/index.php/news/technology/5411-moving-towards-a-cloud-first-strategy-disaster-recovery-is-a-good-first-step]]|DRP|
|2020.08.12|//Nero//|[[Ignore these outdated disaster recovery myths|https://www.nero-consulting.com/2020/08/ignore-these-outdated-disaster-recovery-myths-2/]]|DRP Myths|
|2020.08.10|Container Journal|[[Backup and DR in the Age of GitOps|https://containerjournal.com/topics/container-security/backup-and-dr-in-the-age-of-gitops/]]|Backup DRP|
|2020.08.10|//Rancher Labs//|[[Disaster Recovery Preparedness for Your Kubernetes Clusters|https://rancher.com/blog/2020/disaster-recovery-preparedness-kubernetes-clusters/]]|K8s DRP|
===
** Ransomware dans le Cloud+++^*[»]
|2020.08.15|//Crowdstrike//|![[Ransom in the Cloud - Spencer Gietzen (DEF CON Cloud Village)|https://forum.defcon.org/node/234714]] ([[vidéo|https://www.youtube.com/watch?v=8QdZ2-sAQFs]])|Ransomware|
===
!!3 - Agenda
* __Août 2020__
** ''19 et 20'' → "''[[CSA CloudCon 2020|2020.07.06 - Actu : Agenda du 'CSA CloudCon 2020']]''" • Grand Rapids, Michigan
** ''31'' → fin de l'appel à proposition pour le congrès ''CSA EMEA 2020''
** ''31'' et suivants → ''Formation CCSK / CCSK Plus en français''
* __Septembre 2020__
** ''8 au 25'' → CSA : ''[[Webinaires 'SECtember Experience'|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
** ''23 au 24'' → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K8G/|https://CloudSecurityAlliance.fr/go/K8G/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - August 10th to 16th, 2020
!!1 - CSA News and Updates - August 10th to 16th, 2020
* ''Fill in the new CSA survey on Cloud Adoption in 2020''+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* CCSK training in French and English end of August : ''You can still register'' !+++^*[»] <<tiddler [[2020.08.02 - Actu : Formation CCSK en Français fin août 2020]]>>===
* Blog : 'Security of the Blockchain'+++^*[»] <<tiddler [[2020.08.10 - Blog : Sécurité de la Blockchain]]>>===
* Actu : SecurityWeek's 'Cloud Security Summit'+++^*[»] <<tiddler [[2020.08.15 - Actu : Retour sur le 'Cloud Security Summit' de SecurityWeek]]>>===
* Blog : 'What Schrems 2 Means for your Privacy Shield Program' by Françoise Gilbert+++^*[»] <<tiddler [[2020.08.10 - Blog : Impact de Schrems 2 sur la Protection des Données]]>>===
!!2 - Cloud and Security News Watch ([[over 90 links|2020.08.16 - Veille Hebdomadaire - 16 août]])
* __''Must read''__
** ''2020 Cloud Security Report'' (Checkpoint)+++^*[»]
|2020.08.10|//Checkpoint Software//|![[Check Point's 2020 Cloud Security Report Highlights Enterprise Security Concerns and Challenges in Public Clouds|https://www.checkpoint.com/press/2020/check-points-2020-cloud-security-report-highlights-enterprise-security-concerns-and-challenges-in-public-clouds/]] ([[rapport|https://pages.checkpoint.com/2020-cloud-security-report.html]]) |Report|
|2020.08.10|Computer Weekly| → [[Security teams struggle to keep pace with cloud threats|https://www.computerweekly.com/news/252487395/Security-teams-struggle-to-keep-pace-with-cloud-threats]]|Report|
|2020.08.10|BetaNews| → [[Existing security tools struggle with public clouds|https://betanews.com/2020/08/10/security-tools-struggle-public-clouds/]]|Report|
|2020.08.11|Continuity Central| → [[2020 Cloud Security Report highlights top challenges|https://www.continuitycentral.com/index.php/news/technology/5398-2020-cloud-security-report-highlights-top-challenges]]|Report|
|2020.08.12|Developpez.com[>img[iCSF/flag_fr.png]]| → [[La sécurité reste un problème clé pour les clients de service cloud, les accès non autorisés|https://cloud-computing.developpez.com/actu/307984/La-securite-reste-un-probleme-cle-pour-les-clients-de-service-cloud-les-acces-non-autorises-et-les-interfaces-non-securisees-figurant-parmi-les-plus-grandes-menaces-selon-Check-Point/]]|Report|
===
* __Attacks, Incidents, Data Leaks, Vulnerabilities, Outages__
** Juy 5th, 2020 Docker Hub Incident Review+++^*[»]
|2020.08.20|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Docker publie son 1er post-mortem public sur un incident interne|https://www.lemondeinformatique.fr/actualites/lire-docker-publie-son-1er-post-mortem-public-sur-un-incident-interne-80094.html]]|Incident Post_Analysis|
|2020.08.12|//GitHub//|! → [[Docker Hub Incident Review - 5 July 2020|https://www.docker.com/blog/docker-hub-incident-review-5-july-2020/]] |Incident Post_Analysis|
===
** Multiple Firms Breach+++^*[»]
|2020.08.11|//vpnMentor//|[[Report Multiple Firms Breach|https://www.vpnmentor.com/blog/report-multiple-firms-breach/]]|AWS Data_Leaks|
|2020.08.11|//CyberSecurity Insiders//| → [[Over 5.5m files or 343GB data leaked from Amazon Web Services AWS|https://www.cybersecurity-insiders.com/over-5-5m-files-or-343gb-data-leaked-from-amazon-web-services-aws/]]|AWS Data_Leak|
|2020.08.13|CISO Mag| → [[Unsecured Database Exposes 5.5 Mn Records of Multiple Organizations|https://cisomag.eccouncil.org/unsecured-databae/]]|AWS Data_Leaks|
===
** Amazon Fixes Five Flaws in AWS Encryption Client+++^*[»]
|2020.08.10|//Decipher//|![[Amazon Fixes Five Flaws in AWS Encryption Client|https://medium.com/bugbountywriteup/gain-access-to-an-internal-machine-using-port-forwarding-penetration-testing-518c0b6a4a0e]] |AWS Flaws Enryption|
|2020.08.11|CBR Online| → [[Google Crypto Expert Exposes Trio of AWS Encryption Bugs|https://www.cbronline.com/news/aws-encryption-bugs]]|Encryption AWS Flaws|
===
* __Reports and Surveys__
** Maintaining Security Configs in the Cloud (Tripwire) • Zero-Trust Is Critical but Underutilized(Illumio)+++^*[»]
|2020.08.12|//Tripwire//|[[Survey: 76% of IT Pros Say It's Difficult to Maintain Security Configs in the Cloud|https://www.tripwire.com/state-of-security/featured/survey-security-configs-cloud/]]|Report|
|2020.08.13|Help Net Security| → [[Most security pros are concerned about human error exposing cloud data|https://www.helpnetsecurity.com/2020/08/13/most-security-pros-are-concerned-about-human-error-exposing-cloud-data/]]|Errors|
|>|!|>||
|2020.08.13|//Illumio//|[[New Illumio Report Reveals Zero Trust Is Critically Important to Enterprises but Vastly Underutilized|https://www.illumio.com/news/press-releases/zero-trust-survey-report]]|Report Zero_Trust|
|2020.08.13|//Illumio//| → Rapport [[Zero in on Zero Trust|https://www.illumio.com/resource-center/research-report/zero-trust-report]]|Report Zero_Trust|
|2020.08.13|Container Journal| → [[New Illumio Report Reveals Zero Trust Is Critically Important to Enterprises but Vastly Underutilized|https://containerjournal.com/news/news-releases/new-illumio-report-reveals-zero-trust-is-critically-important-to-enterprises-but-vastly-underutilized/]]|Report Zero_Trust|
===
* __Additional relevant 'Cloud and Security' Weekly Watch__
** TL;DR Security #47 • ''The Cloud Security Reading List'' #50+++^*[»]
|2020.08.16|Marco Lancini|[[The Cloud Security Reading List #50|https://cloudseclist.com/issues/issue-50/]] |Weekly_Newsletter|
|2020.08.12|TL;DR Security|[[#47 - Automating Recon, Podcasts, and Lateral Movement / Privilege Escalation in GCP|https://tldrsec.com/blog/tldr-sec-047/]] |Weekly_Newsletter|
===
* __Cloud Services Providers and Solutions__
** AWS: Connection Tracking Abuse • Identity Federation • IAM • Amazon Detective's Role • Abuse Détection with Splunk+++^*[»]
|2020.08.11|Nick Frichette|![[Abusing AWS Connection Tracking|https://frichetten.com/blog/abusing-aws-connection-tracking/]] |AWS Bypass_Technique|
|2020.08.13|//Caylent//|[[Identity Federation in AWS with Okta|https://caylent.com/identity-federation-in-aws-with-okta]]|AWS Identity_Federation Okta|
|2020.08.10|//AWS//|[[Using AWS Lambda IAM condition keys for VPC settings|https://aws.amazon.com/blogs/compute/using-aws-lambda-iam-condition-keys-for-vpc-settings/]]|AWS_Lambda IAM VPC|
|2020.08.10|//AWS//| → [[AWS Lambda now provides IAM condition keys for VPC settings|https://aws.amazon.com/about-aws/whats-new/2020/08/aws-lambda-provides-iam-condition-keys-vpc-settings/]]|AWS_Lambda IAM|
|2020.08.12|MSSP Alert|[[Amazon Detective's Role in AWS Cloud Security|https://www.msspalert.com/cybersecurity-services-and-products/amazon-detectives-role-in-aws-cloud-security/]]|AWS|
|2020.08.12|//Splunk//|[[Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials|https://www.splunk.com/en_us/blog/security/using-splunk-to-detect-abuse-of-aws-permanent-and-temporary-credentials.html]]|AWS Detection Abuse|
|2020.08.12|//AWS//|[[Quickly build STIG-compliant Amazon Machine Images using Amazon EC2 Image Builder|https://aws.amazon.com/blogs/security/quickly-build-stig-compliant-amazon-machine-images-using-amazon-ec2-image-builder/]]|AWS Compliance STIG|
===
** Azure: ISACA's Audit Program • Azure Sentinel Design by Adrian Grigorof sur Azure Sentinel • Azure AD 'Break Glass' account • Conditional Access policies • AKS • Reporting+++^*[»]
|2020.08.10|ISACA|![[Azure Audit Program|https://www.isaca.org/bookstore/audit-control-and-security-essentials/waazu]] (accès réservé aux membres ISACA) |Azure Audit|
|2020.08.16|//Managed Sentinel//|[[Azure Sentinel Design|https://www.managedsentinel.com/2020/08/16/azure-sentinel-data-connectors/]]|Azure_Sentinel|
|2020.08.16|SecureCloudBlog|[[Alternative take on Azure AD 'Break Glass' account|https://securecloud.blog/2020/08/16/alternative-take-on-azure-ad-break-glass-account/]]|AzureAD|
|>|!|>||
|2020.08.14|SecureCloudBlog|[[Project Log Part 2: Automating Azure Security Reports - NodeJS API for AZSK|https://securecloud.blog/2020/08/14/project-log-part-2-automating-azure-security-reports-nodejs-api-for-azsk/]] (2/3)|Azure Reporting|
|2020.08.10|//Microsoft Azure//|[[Azure Cloud Shell can now run in an isolated virtual network (public preview)|https://azure.microsoft.com/en-au/updates/cloudshell-vnet/]]|Azure_CloudShell|
|2020.08.10|//Microsoft Azure//| → [[documentation|https://aka.ms/cloudshell/docs/vnet]]|Azure_CloudShell|
|2020.08.13|//Microsoft Azure//|[[Conditional Access policies now apply to all client applications by default|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-policies-now-apply-to-all-client-applications/ba-p/1257371]]|AzureAD|
|2020.08.13|//Microsoft Azure//|[[Monitoring Azure Kubernetes Service (AKS) with Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/monitoring-azure-kubernetes-service-aks-with-azure-sentinel/ba-p/1583204]]|Azure_Sentinel AKS|
|2020.08.13|//Microsoft Azure//|[[Enterprise-Scale for Azure landing zones|https://techcommunity.microsoft.com/t5/azure-architecture-blog/enterprise-scale-for-azure-landing-zones/ba-p/1576575]]|Azure|
===
** GCP: IP Address Management in GKE+++^*[»]
|2020.08.13|//Google Cloud//|[[Understanding IP address management in GKE|https://cloud.google.com/blog/products/containers-kubernetes/ip-address-management-in-gke/]]|GKE IP_Address|
===
** Kubernetes: Protecting Against Kubernetes Threats (7/9)+++^*[»]
|2020.08.13|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 7 - Discovery|https://www.stackrox.com/post/2020/08/protecting-against-kubernetes-threats-chapter-7-discovery/]] (7/9) |Kubernetes Treats|
===
** (Cloud) VPS+++^*[»]
|2020.08.14|CloudTweaks|![[Difference-between VPS and Cloud VPS|https://cloudtweaks.com/2020/08/difference-between-vps-and-cloud-vps/]] |VPS|
===
* __Miscellaneous__
** Best Practices, and Devastating Ones in Cloud Security: Overview • with GKE • with DevSecOps • with M365/O365+++^*[»]
|2020.08.10|Solutions Review|![[7 Devastating Cloud Computing Mistakes You Need to Avoid|https://solutionsreview.com/cloud-platforms/7-devastating-cloud-computing-mistakes-you-need-to-avoid/]] |Errors|
|>|!|>||
|2020.08.16|//Tripwire//|![[Implementing Cloud Security Best Practices|https://www.tripwire.com/solutions/cloud-cybersecurity/cloud-security-best-practices-report/]] (août 2020) |Report Best_Practices|
|2020.08.16|MSSP Alert| → [[Implementing Cloud Security Best Practices|https://www.msspalert.com/cybersecurity-research/cloud-security-best-practices/]]|Report Best_Practices|
|2020.08.14|//Google Cloud//|[[GKE best practices: Day 2 operations for business continuity|https://cloud.google.com/blog/products/containers-kubernetes/ensuring-reliability-and-uptime-for-your-gke-cluster/]] (2/2)|BCP GCP GKE|
|2020.08.12|//StackRox//|[[GKE Monitoring Best Practices for Better Security and Operability|https://www.stackrox.com/post/2020/08/gke-monitoring-best-practices-for-better-security-and-operability/]]|GCP Kubernetes|
|2020.08.12|GovLoop|[[3 Ways DevSecOps Can Improve Cybersecurity Practices|https://www.govloop.com/3-ways-devsecops-can-improve-cybersecurity-practices/]]|DevSecOps|
|2020.08.11|//Anchore//|[[Cloud Native Security For DevOps, Applying The 4 C's As Security Best Practice|https://anchore.com/blog/cloud-native-security-for-devops-applying-the-4-cs-as-security-best-practice/]]|DevSecOps|
|2020.08.11|//Microsoft Azure//|[[Microsoft Office 365 - Do you have a false sense of cloud security?|https://www.microsoft.com/security/blog/2020/08/11/microsoft-office-365-do-you-have-a-false-sense-of-cloud-security/]]|Best_Practices M365|
===
** CloudPassage's Patent for Container Security+++^*[»]
|2020.08.13|//CloudPassage//|[[CloudPassage Granted Patent for Container Security|https://vmblog.com/archive/2020/08/13/cloudpassage-granted-patent-for-container-security.aspx]]|Patent|
===
** Disaster Recovery in the Cloud+++^*[»]
|2020.08.14|Continuity Central|[[Moving Towards A Cloud First Strategy Disaster Recovery Is A Good First Step|https://www.continuitycentral.com/index.php/news/technology/5411-moving-towards-a-cloud-first-strategy-disaster-recovery-is-a-good-first-step|https://www.continuitycentral.com/index.php/news/technology/5411-moving-towards-a-cloud-first-strategy-disaster-recovery-is-a-good-first-step]]|DRP|
|2020.08.12|//Nero//|[[Ignore these outdated disaster recovery myths|https://www.nero-consulting.com/2020/08/ignore-these-outdated-disaster-recovery-myths-2/]]|DRP Myths|
|2020.08.10|Container Journal|[[Backup and DR in the Age of GitOps|https://containerjournal.com/topics/container-security/backup-and-dr-in-the-age-of-gitops/]]|Backup DRP|
|2020.08.10|//Rancher Labs//|[[Disaster Recovery Preparedness for Your Kubernetes Clusters|https://rancher.com/blog/2020/disaster-recovery-preparedness-kubernetes-clusters/]]|K8s DRP|
===
** Ransomware in the Cloud+++^*[»]
|2020.08.15|//Crowdstrike//|![[Ransom in the Cloud - Spencer Gietzen (DEF CON Cloud Village)|https://forum.defcon.org/node/234714]] ([[vidéo|https://www.youtube.com/watch?v=8QdZ2-sAQFs]])|Ransomware|
===
!!3 - Agenda
* __August 2020__
** ''19 / 20'' → "''[[CSA CloudCon 2020|2020.07.06 - Actu : Agenda du 'CSA CloudCon 2020']]''" • Grand Rapids, Michigan
** ''31'' → End of the call for papers for the ''CSA EMEA 2020 Congress''
** ''31'' → ''CCSK / CCSK Plus trainings'' in frnech
* __September 2020__
** ''8 / 25'' → CSA : ''[['SECtember Experience' Webinars|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
** ''23 / 24'' → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K8G/|https://CloudSecurityAlliance.fr/go/K8G/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 16 août 2020
|!Août|!Sources|!Titres et Liens|!Keywords|h
|>|>|>|!2020.08.16|
|2020.08.16|Marco Lancini|[[The Cloud Security Reading List #50|https://cloudseclist.com/issues/issue-50/]] |Weekly_Newsletter|
|2020.08.16|Cloud Security Podcast|![[How To Build Secure Environments In Microsoft Azure - Nicholas Hughes|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-BUILD-SECURE-ENVIRONMENTS-IN-MICROSOFT-AZURE---NICHOLAS-HUGHES-ei7d72]] ([[transcription|https://www.cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-build-secure-environments-in-microsoft-azure]]) |Podcast|
|2020.08.16|SecureCloudBlog|[[Alternative take on Azure AD 'Break Glass' account|https://securecloud.blog/2020/08/16/alternative-take-on-azure-ad-break-glass-account/]]|AzureAD|
|2020.08.16|0x00Sec|[[Problems setting up a docker pentesting-lab|https://0x00sec.org/t/problems-setting-up-a-docker-pentesting-lab/22735/2]]|Docker PenTesting|
|2020.08.16|TMCnet|[[ Who Was First in Multicloud?|https://blog.tmcnet.com/blog/rich-tehrani/call-center/who-was-first-in-multicloud.html]]|History Multi-Cloud|
|2020.08.16|//Tripwire//|![[Implementing Cloud Security Best Practices|https://www.tripwire.com/solutions/cloud-cybersecurity/cloud-security-best-practices-report/]] (août 2020) |Report Best_Practices|
|2020.08.16|MSSP Alert| → [[Implementing Cloud Security Best Practices|https://www.msspalert.com/cybersecurity-research/cloud-security-best-practices/]]|Report Best_Practices|
|2020.08.16|JDN[>img[iCSF/flag_fr.png]]|[[Le Cloud, allié ou ennemi de la cybersécurité de l'entreprise ?|https://www.journaldunet.com/web-tech/cloud/1493381-le-cloud-allie-ou-ennemi-de-la-cybersecurite-de-l-entreprise/]]|Misc|
|2020.08.16|//Managed Sentinel//|[[Azure Sentinel Design|https://www.managedsentinel.com/2020/08/16/azure-sentinel-data-connectors/]]|Azure_Sentinel|
|>|>|>|!2020.08.15|
|2020.08.15|InfoSec Write-ups|[[How I was able to send Authentic Emails as others - Google VRP (Resolved)|https://medium.com/bugbountywriteup/how-i-was-able-to-send-authentic-emails-as-others-google-vrp-resolved-2af94295f326]]|GCP Flaw|
|2020.08.15|SC Magazine|[[Why a cloud-native platform is a requirement for modern cybersecurity|https://www.scmagazine.com/home/advertise/why-a-cloud-native-platform-is-a-requirement-for-modern-cybersecurity/]]|Cloud_Native|
|2020.08.15|//Crowdstrike//|![[Ransom in the Cloud - Spencer Gietzen (DEF CON Cloud Village)|https://forum.defcon.org/node/234714]] ([[vidéo|https://www.youtube.com/watch?v=8QdZ2-sAQFs]])|Ransomware|
|2020.08.15|//Crowdstrike//| ← DEFCON 28: [[Ransom in the Cloud|https://forum.defcon.org/node/234714]]|Ransomware|
|>|>|>|!2020.08.14|
|2020.08.14|Security Week|[[Adaptive Shield Emerges From Stealth to Secure SaaS Applications|https://www.securityweek.com/adaptive-shield-emerges-stealth-secure-saas-applications]] ([[Adaptive Shield|https://www.adaptive-shield.com/]])|Market SaaS|
|2020.08.14|Continuity Central|[[Moving Towards A Cloud First Strategy Disaster Recovery Is A Good First Step|https://www.continuitycentral.com/index.php/news/technology/5411-moving-towards-a-cloud-first-strategy-disaster-recovery-is-a-good-first-step|https://www.continuitycentral.com/index.php/news/technology/5411-moving-towards-a-cloud-first-strategy-disaster-recovery-is-a-good-first-step]]|DRP|
|2020.08.14|DevOps.com|[[Evolving from FaaS to a Truly Serverless Paradigm|https://devops.com/faas-evolving-to-a-truly-serverless-paradigm/]]|DaaS Serverless|
|2020.08.14|SecureCloudBlog|[[Project Log Part 2: Automating Azure Security Reports - NodeJS API for AZSK|https://securecloud.blog/2020/08/14/project-log-part-2-automating-azure-security-reports-nodejs-api-for-azsk/]] (2/3)|Azure Reporting|
|2020.08.14|CloudTweaks|![[Difference-between VPS and Cloud VPS|https://cloudtweaks.com/2020/08/difference-between-vps-and-cloud-vps/]] |VPS|
|2020.08.14|The Register|[[Docker shocker: Cash-strapped container crew threatens to delete 4.5 petabytes of unloved images|https://www.theregister.com/2020/08/14/docker_container_retention_policy/]]|Docker Retention|
|2020.08.14|//Chef//|[[Consistent, Secure Machine Identities at DevOps Speed|https://blog.chef.io/consistent-secure-machine-identities-at-devops-speed/]]|DevOps Identities|
|2020.08.14|//Google Cloud//|[[GKE best practices: Day 2 operations for business continuity|https://cloud.google.com/blog/products/containers-kubernetes/ensuring-reliability-and-uptime-for-your-gke-cluster/]] (2/2)|BCP GCP GKE|
|>|>|>|!2020.08.13|
|2020.08.13|Security Boulevard|[[DEF CON 28 Safe Mode - Sean Metcalf's 'Hacking The Hybrid Cloud'|https://www.youtube.com/watch?v=AR5aLszXA2E]] (vidéo)|AzureAD Hybrid_Cloud|
|2020.08.13|Center for Internet Security|[[How to Provide a Secure Cloud Environment for Remote Workers|https://www.cisecurity.org/blog/how-to-provide-a-secure-cloud-environment-for-remote-workers/]]|WFH|
|2020.08.13|DZone|[[What Is Kubernetes and How Does It Relate to Docker?|https://dzone.com/articles/what-is-kubernetes-and-how-does-it-relate-to-docke]]|Docker Kubernetes|
|2020.08.13|InfoSec Write-ups|[[Leaking AWS Metadata|https://medium.com/bugbountywriteup/leaking-aws-metadata-f5bc8de03284]]|AWS Metadata Leakage|
|2020.08.13|//Illumio//|[[New Illumio Report Reveals Zero Trust Is Critically Important to Enterprises but Vastly Underutilized|https://www.illumio.com/news/press-releases/zero-trust-survey-report]]|Report Zero_Trust|
|2020.08.13|//Illumio//| → Rapport [[Zero in on Zero Trust|https://www.illumio.com/resource-center/research-report/zero-trust-report]]|Report Zero_Trust|
|2020.08.13|Container Journal| → [[New Illumio Report Reveals Zero Trust Is Critically Important to Enterprises but Vastly Underutilized|https://containerjournal.com/news/news-releases/new-illumio-report-reveals-zero-trust-is-critically-important-to-enterprises-but-vastly-underutilized/]]|Report Zero_Trust|
|2020.08.13|//Virtustream//|[[New Study Reveals Value of Expert Managed Services to Maximize the Benefits of Multicloud|https://www.virtustream.com/blog/new-study-value-expert-managed-services-multicloud]]|Report|
|2020.08.13|//Microsoft Azure//|[[Conditional Access policies now apply to all client applications by default|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/conditional-access-policies-now-apply-to-all-client-applications/ba-p/1257371]]|AzureAD|
|2020.08.13|//Google Cloud//|[[Understanding IP address management in GKE|https://cloud.google.com/blog/products/containers-kubernetes/ip-address-management-in-gke/]]|GKE IP_Address|
|2020.08.13|//Caylent//|[[Identity Federation in AWS with Okta|https://caylent.com/identity-federation-in-aws-with-okta]]|AWS Identity_Federation Okta|
|2020.08.13|//Proofpoint//|[[WFH Pressures Accelerate Cloud Security Demand|https://www.proofpoint.com/us/newsroom/news/wfh-pressures-accelerate-cloud-security-demand]]|WFH|
|2020.08.13|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 7 - Discovery|https://www.stackrox.com/post/2020/08/protecting-against-kubernetes-threats-chapter-7-discovery/]] (7/9) |Kubernetes Treats|
|2020.08.13|//Microsoft Azure//|[[Monitoring Azure Kubernetes Service (AKS) with Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/monitoring-azure-kubernetes-service-aks-with-azure-sentinel/ba-p/1583204]]|Azure_Sentinel AKS|
|2020.08.13|//Microsoft Azure//|[[Enterprise-Scale for Azure landing zones|https://techcommunity.microsoft.com/t5/azure-architecture-blog/enterprise-scale-for-azure-landing-zones/ba-p/1576575]]|Azure|
|2020.08.13|//CloudPassage//|![[Shared Responsibility Model Explained|https://www.cloudpassage.com/blog/shared-responsibility-model-explained/]] (1/2) |Shared_Responsibility|
|2020.08.13|//Bitnami//|[[Simplify Kubernetes Resource Access Control using RBAC Impersonation|https://docs.bitnami.com/tutorials/simplify-kubernetes-resource-access-rbac-impersonation/]]|K8s RBAC|
|2020.09.17|Cloud Native Computing Foundation| ← [[Simplify Kubernetes Resource Access Control using RBAC Impersonation|https://www.cncf.io/blog/2020/09/17/simplify-kubernetes-resource-access-control-using-rbac-impersonation/]]|K8s RBAC|
|2020.08.13|//GitHub//|[[Secure at every step: A guide to DevSecOps, shifting left, and GitOps|https://github.blog/2020-08-13-secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops/]] (1/3)|DevSecOps|
|>|>|>|!2020.08.12|
|2020.08.12|TL;DR Security|[[#47 - Automating Recon, Podcasts, and Lateral Movement / Privilege Escalation in GCP|https://tldrsec.com/blog/tldr-sec-047/]] |Weekly_Newsletter|
|2020.08.12|IT Social[>img[iCSF/flag_fr.png]]|[[Infrastructures multi-cloud : comment les sécuriser ?|https://itsocial.fr/expertises/infrastructures-multi-cloud-comment-les-securiser/]]|Multi_Cloud|
|2020.08.12|Security Week|[[SecurityWeek to Host Virtual Cloud Security Summit on August 13, 2020|https://www.securityweek.com/securityweek-host-virtual-cloud-security-summit-august-13-2020]]|Conference_Virtual|
|2020.08.12|MSSP Alert|[[Amazon Detective's Role in AWS Cloud Security|https://www.msspalert.com/cybersecurity-services-and-products/amazon-detectives-role-in-aws-cloud-security/]]|AWS|
|2020.08.12|GovLoop|[[3 Ways DevSecOps Can Improve Cybersecurity Practices|https://www.govloop.com/3-ways-devsecops-can-improve-cybersecurity-practices/]]|DevSecOps|
|2020.08.12|//GitHub//|![[Docker Hub Incident Review - 5 July 2020|https://www.docker.com/blog/docker-hub-incident-review-5-july-2020/]] |Incident Post_Analysis|
|2020.08.20|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Docker publie son 1er post-mortem public sur un incident interne|https://www.lemondeinformatique.fr/actualites/lire-docker-publie-son-1er-post-mortem-public-sur-un-incident-interne-80094.html]]|Incident Post_Analysis|
|2020.08.12|//Tripwire//|![[Google App Engine, Azure App Service Abused in Phishing Campaign|https://www.tripwire.com/state-of-security/security-data-protection/google-app-engine-azure-app-service-abused-in-phishing-campaign/]] |Phishing GCP Azure|
|2020.08.12|//Tripwire//|[[Survey: 76% of IT Pros Say It's Difficult to Maintain Security Configs in the Cloud|https://www.tripwire.com/state-of-security/featured/survey-security-configs-cloud/]]|Report|
|2020.08.13|Help Net Security| → [[Most security pros are concerned about human error exposing cloud data|https://www.helpnetsecurity.com/2020/08/13/most-security-pros-are-concerned-about-human-error-exposing-cloud-data/]]|Errors|
|2020.08.12|Help Net Security|[[Half of IT teams can't fully utilize cloud security solutions due to understaffing|https://www.helpnetsecurity.com/2020/08/12/utilize-cloud-security-solutions/]]|Report CSA|
|2020.08.12|//StackRox//|[[GKE Monitoring Best Practices for Better Security and Operability|https://www.stackrox.com/post/2020/08/gke-monitoring-best-practices-for-better-security-and-operability/]]|GCP Kubernetes|
|2020.08.12|//Nero//|[[Ignore these outdated disaster recovery myths|https://www.nero-consulting.com/2020/08/ignore-these-outdated-disaster-recovery-myths-2/]]|DRP Myths|
|2020.08.12|//Avanan//|[[5 Questions Your Secure Email Gateway Vendor Hopes You Never Ask|https://www.avanan.com/blog/five-questions-for-your-seg-vendor]]|Vendors|
|2020.08.12|//Splunk//|[[Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials|https://www.splunk.com/en_us/blog/security/using-splunk-to-detect-abuse-of-aws-permanent-and-temporary-credentials.html]]|AWS Detection Abuse|
|2020.08.12|//AWS//|[[Quickly build STIG-compliant Amazon Machine Images using Amazon EC2 Image Builder|https://aws.amazon.com/blogs/security/quickly-build-stig-compliant-amazon-machine-images-using-amazon-ec2-image-builder/]]|AWS Compliance STIG|
|2020.08.12|//Alcide//|[[Whitelisting Processes on Kubernetes Pods Using AppArmor (Part 1)|https://blog.alcide.io/whitelisting-processes-on-kubernetes-using-apparmor]] (1/2)|Kubernetes Whitelisting|
|2020.08.12|//CyberArk Conjur//|[[CNCF: Supporting a Strong, Secure OSS Cloud Native Ecosystem |https://www.conjur.org/blog/cncf-supporting-a-strong-secure-oss-cloud-native-ecosystem/]]|Products|
|>|>|>|!2020.08.11|
|2020.08.11|Nick Frichette|![[Abusing AWS Connection Tracking|https://frichetten.com/blog/abusing-aws-connection-tracking/]] |AWS Bypass_Technique|
|2020.08.11|Dark Reading|[[EU-US Privacy Shield Dissolution: What Happens Next?|https://www.darkreading.com/cloud/eu-us-privacy-shield-dissolution-what-happens-next-/a/d-id/1338587]]|Privacy_Shield|
|2020.08.11|Thomas Naunheim|[[Privileged Access Groups: Manage privileged access outside of Azure AD admin roles with Azure PIM|https://www.cloud-architekt.net/azurepim-pag-rbac/]]|Azure Privileged_Access|
|2020.08.11|DevOps.com|[[DevOps and Security in a Cloud-Native World|https://devops.com/devops-and-security-in-a-cloud-native-world/]]|DevSecOps|
|2020.08.11|GovLoop|[[Defending Cloud Security, a Pillar of IT Modernization|https://www.govloop.com/defending-cloud-security-a-pillar-of-it-modernization/]]|Misc|
|2020.08.11|GovLoop Academy| → [[Cloud Security: Defending a Pillar of IT Modernization|https://academy.govloop.com/watch/DFXj7K5nA8HNsjquPP5qD3]]|Training|
|2020.08.11|TechBeacon|[[Cloud security and data privacy essentials, and why they matter|https://techbeacon.com/security/cloud-security-data-privacy-essentials-why-they-matter]]|Data_Privacy|
|2020.08.11|Aidan W Steele|[[Very interesting new managed IAM policy named AWSCompromisedKeyQuarantine|https://twitter.com/__steele/status/1293259959136735233]]|AWS IAM|
|2020.08.11|Thomas Maurer|[[https://www.thomasmaurer.ch/2020/08/connect-azure-cloud-shell-to-virtual-network-vnet/|Connect Azure Cloud Shell to Virtual Network vNet]]|Azure|
|2020.08.11|//Microsoft Azure//|[[Microsoft Office 365 - Do you have a false sense of cloud security?|https://www.microsoft.com/security/blog/2020/08/11/microsoft-office-365-do-you-have-a-false-sense-of-cloud-security/]]|Best_Practices M365|
|2020.08.11|//Sysdig//|[[Automate registry scanning with Harbor & Sysdig|https://sysdig.com/blog/harbor-registry-scanning/]]|Registry_Scanning|
|2020.08.11|//vpnMentor//|[[Report Multiple Firms Breach|https://www.vpnmentor.com/blog/report-multiple-firms-breach/]]|AWS Data_Leaks|
|2020.08.11|//CyberSecurity Insiders//| → [[Over 5.5m files or 343GB data leaked from Amazon Web Services AWS|https://www.cybersecurity-insiders.com/over-5-5m-files-or-343gb-data-leaked-from-amazon-web-services-aws/]]|AWS Data_Leak|
|2020.08.13|CISO Mag| → [[Unsecured Database Exposes 5.5 Mn Records of Multiple Organizations|https://cisomag.eccouncil.org/unsecured-databae/]]|AWS Data_Leaks|
|2020.08.11|//Microsoft Azure//|[[Azure Database for MySQL data encryption with a customer-managed key|https://docs.microsoft.com/en-gb/azure/mysql/concepts-data-encryption-mysql]]|Azure MySQL Encryption|
|2020.08.11|//Anchore//|[[Cloud Native Security For DevOps, Applying The 4 C's As Security Best Practice|https://anchore.com/blog/cloud-native-security-for-devops-applying-the-4-cs-as-security-best-practice/]]|DevSecOps|
|2020.08.11|//Cloud Management Insider//|[[Journey to Google Cloud - Part 2|https://www.cloudmanagementinsider.com/google-cloud-migration-part-2/]] (2/2)|GCP|
|2020.08.11|//ScaleSec//|[[Best Practices for Serverless Endpoints on AWS|https://scalesec.com/aws-series/best-practices-for-serverless-endpoints-on-aws/]]|AWS Best_Practices|
|>|>|>|!2020.08.10|
|2020.08.10|ISACA|![[Azure Audit Program|https://www.isaca.org/bookstore/audit-control-and-security-essentials/waazu]] (accès réservé aux membres ISACA) |Azure Audit|
|2020.08.10|Bleeping Computer|[[Office 365 will let you manage phishing simulation emails|https://www.bleepingcomputer.com/news/security/office-365-will-let-you-manage-phishing-simulation-emails/]]|O365 Phishing|
|2020.08.10|Container Journal|[[Backup and DR in the Age of GitOps|https://containerjournal.com/topics/container-security/backup-and-dr-in-the-age-of-gitops/]]|Backup DRP|
|2020.08.10|Solutions Review|![[7 Devastating Cloud Computing Mistakes You Need to Avoid|https://solutionsreview.com/cloud-platforms/7-devastating-cloud-computing-mistakes-you-need-to-avoid/]] |Errors|
|2020.08.10|Emanuel Evans|![[The Simplest Multi-Node Kubernetes Cluster|https://eevans.co/blog/kubernetes-multi-node/]] (3/3) |K8s|
|2020.08.10|Gabor Matuz|[[Testing Docker CVE Scanners. Part 3: Test It Yourself/Conclusions|https://medium.com/swlh/testing-docker-cve-scanners-part-3-test-it-yourself-conclusions-6de868124d3d]]|Docker Scanning|
|2020.08.10|Tim Orr|![[AWS Incident Response|https://easttimor.github.io/aws-incident-response/]] |Incidents AWS|
|2020.08.10|//Rancher Labs//|[[Disaster Recovery Preparedness for Your Kubernetes Clusters|https://rancher.com/blog/2020/disaster-recovery-preparedness-kubernetes-clusters/]]|K8s DRP|
|2020.08.10|//Decipher//|![[Amazon Fixes Five Flaws in AWS Encryption Client|https://medium.com/bugbountywriteup/gain-access-to-an-internal-machine-using-port-forwarding-penetration-testing-518c0b6a4a0e]] |AWS Flaws Enryption|
|2020.08.11|CBR Online| → [[Google Crypto Expert Exposes Trio of AWS Encryption Bugs|https://www.cbronline.com/news/aws-encryption-bugs]]|Encryption AWS Flaws|
|2020.08.10|//Checkpoint Software//|![[Check Point's 2020 Cloud Security Report Highlights Enterprise Security Concerns and Challenges in Public Clouds|https://www.checkpoint.com/press/2020/check-points-2020-cloud-security-report-highlights-enterprise-security-concerns-and-challenges-in-public-clouds/]] ([[rapport|https://pages.checkpoint.com/2020-cloud-security-report.html]]) |Report|
|2020.08.10|Computer Weekly| → [[Security teams struggle to keep pace with cloud threats|https://www.computerweekly.com/news/252487395/Security-teams-struggle-to-keep-pace-with-cloud-threats]]|Report|
|2020.08.10|BetaNews| → [[Existing security tools struggle with public clouds|https://betanews.com/2020/08/10/security-tools-struggle-public-clouds/]]|Report|
|2020.08.11|Continuity Central| → [[2020 Cloud Security Report highlights top challenges|https://www.continuitycentral.com/index.php/news/technology/5398-2020-cloud-security-report-highlights-top-challenges]]|Report|
|2020.08.12|Developpez.com[>img[iCSF/flag_fr.png]]| → [[La sécurité reste un problème clé pour les clients de service cloud, les accès non autorisés|https://cloud-computing.developpez.com/actu/307984/La-securite-reste-un-probleme-cle-pour-les-clients-de-service-cloud-les-acces-non-autorises-et-les-interfaces-non-securisees-figurant-parmi-les-plus-grandes-menaces-selon-Check-Point/]]|Report|
|2020.08.10|//Netskope//|[[Netskope Threat Coverage: GuLoader|https://www.netskope.com/blog/netskope-threat-coverage-guloader]]|Malware|
|2020.08.10|//eXemplify//|[[Three Options for SD-WAN Security|http://www.exemplifygroup.com/three-options-for-sd-wan-security/]]|SD-WAN|
|2020.08.10|//Oracle Cloud//|[[Secure your Oracle Applications in the Cloud with Oracle and Fortinet|https://blogs.oracle.com/cloudsecurity/secure-your-oracle-applications-in-the-cloud-with-oracle-and-fortinet]]|Products Oracle|
|2020.08.10|//AWS//|[[Using AWS Lambda IAM condition keys for VPC settings|https://aws.amazon.com/blogs/compute/using-aws-lambda-iam-condition-keys-for-vpc-settings/]]|AWS_Lambda IAM VPC|
|2020.08.10|//AWS//| → [[AWS Lambda now provides IAM condition keys for VPC settings|https://aws.amazon.com/about-aws/whats-new/2020/08/aws-lambda-provides-iam-condition-keys-vpc-settings/]]|AWS_Lambda IAM|
|2020.08.10|//Microsoft Azure//|[[Azure Cloud Shell can now run in an isolated virtual network (public preview)|https://azure.microsoft.com/en-au/updates/cloudshell-vnet/]]|Azure_CloudShell|
|2020.08.10|//Microsoft Azure//| → [[documentation|https://aka.ms/cloudshell/docs/vnet]]|Azure_CloudShell|
|2020.08.10|//InfoSec Island//|[[Holding public cloud security to account|https://www.infosecisland.com/blogview/25265-Holding-public-cloud-security-to-account.html]]|Public_Cloud|
<<tiddler [[arOund0C]]>>
!"//Security of the Blockchain//"
Article publié le 14 août 2020 — Rédigé par Maëva Ghonda+++^*[»] LinkedIn → [[maevaghonda|https://twitter.com/maevaghonda]] • Twitter → [[maevaghonda|https://twitter.com/maevaghonda]] ===, CSA Blockchain Cybersecurity and Privacy Best Practices Group+++*[»] https://cloudsecurityalliance.org/research/working-groups/blockchain === Leader et Anjlica Malla, CSA Blockchain Cybersecurity and Privacy Best Practices Program Lead and Enterprise Security Architect
<<<
[>img(150px,auto)[iCSA/K8EBS.jpg]]//Enterprise agility is the new standard. New products are now launched at a pace that is crippling supply chains. Therefore, enterprise innovations must be disruptive. To enable disruptive innovations, we now leverage: the Blockchain.
Blockchain is effectively a collaborative, tamper-resistant ledger that maintains transactional records of various asset types. This unique technology produces records of peer-to-peer transactions that are validated and executed via an established multi-party consensus process. The peer-to-peer consensus model authorizes transactions in near real-time while reducing the cost of each transaction. The unique value generated by the simplicity of the distributed and decentralized networked entities is the essential driver for global blockchain adoption.
As the breadth and volume of blockchain use cases exponentially increase, it is pertinent that the global community addresses risks introduced by the technology. Consequently, the CSA Blockchain Cybersecurity and Privacy Best Practices Group +++*[»] https://cloudsecurityalliance.org/research/working-groups/blockchain === is developing the playbook for business executives, architects, engineers, and security professionals seeking to disrupt their current processes with blockchain innovations.
//[...]
<<<
__Liens :__
* Article sur le blog de la CSA /% ⇒ ''[[CloudSecurityAlliance.fr/go/k8eb/|https://CloudSecurityAlliance.fr/go/k8eb/]]'' %/
** https://cloudsecurityalliance.org/blog/2020/08/14/security-of-the-blockchain/
[<img(140px,auto)[iCSF/K8DCS.png]][>img(300px,auto)[iCSF/SecurityWeek.jpg]]Le magazine SecurityWeek a organisé son événement "Cloud Security Summit 2020" en ligne le jeudi 13 août 2020.
Le programme est détaillé ci-dessous (Fuseau horaire EDT / Etats-Unis, côte Est).
|11h00|!All Your Base Are Belong to Everyone - Managing Digital Trust in the Era of Cloud Megabreaches|
|~|Intervenant : Alexander Heid, Chief Research & Development Officer at SecurityScorecard|
|~|//The year 2020 has disclosed an unprecedented amount of compromised data sets, most of which were made freely available to the public within the hacker underground. It is reported that over one trillion sets of usernames, email addresses, and passwords have been released and are leveraged by hacking crews for various malicious purposes. These breaches go as far back as ten years, and include household names, obscure companies, and even underground hacker resources.
Furthermore, advanced toolkits from nation-states are now public domain, whereby any script kiddie can become a shadow government hacking master. Where do these breaches come from? How did they originate? Why did it sometimes take years to discover? What have attackers been doing with the data? What can attackers still do with this data? What can companies and individuals do to protect themselves and each other during these floods of hacked data sets? How dramatically has this shifted the cyber risk landscape? This talk will explore these questions, and discuss ways for enterprises to avoid succumbing to these trending attacks.//|
|11h30|!Augmenting Native Cloud Security Services to Achieve Enterprise-grade Security|
|~|Intervenants : Thomas Martin, Former CIO at General Electric; Christopher Hertz, VP Cloud Security Sales at Rapid7|
|~|//Appropriate use of native security controls in Amazon Web Services, Microsoft Azure, and Google Cloud Platform is essential to managing cloud risk (and avoiding a costly breach). However, many organizations struggle with determining when and how to use these native security controls, doing so in a consistent fashion, and also understanding how and when to augment these to ensure continuous security and compliance. Join Thomas Martin (former GE CIO and founder of NephoSec) and Christopher Hertz (VP Cloud Security Sales at Rapid7) for a discussion on:
• How and when to use native cloud security controls
• Why and when you may want to augment these controls
• How to leverage automation to gain continuous security and compliance in public cloud//|
|12h45|!Measuring and Mitigating the Risk of Lateral Movement|
|~|Intervenant : Patrick Pushor, Technical Evangelist at Orca Security|
|~|//The ability to remotely execute code is often the cornerstone of an attack, but bad actors also attempt to reduce their footprint by abusing legitimate credentials combined with network, application and operating system functionality, and new cloud capabilities to remotely access systems and find high risk data.//|
|13h15|!Weathering the Storm: Cyber AI for Cloud and SaaS|
|~|Intervenant : Nabil Zoldjalali, Director of Cloud Security, Darktrace|
|~|//Innovation, collaboration, and sharing in digital environments is now easier than ever before, thanks to cloud and SaaS platforms - but at what cost? the rapid adoption of cloud and SaaS tools across the globe is inadvertently creating a wave of new, stealthy cyber-attacks. Learn why thousands of organizations utilize Cyber AI to safeguard their ever-evolving digital infrastructure and dynamic workforces, as well as real-world threat stories thwarted by Cyber AI.//|
|13h45|!Securing Cloud Requires Network Policy and Segmentation|
|~|Intervenant : Reuven Harrison - Tufin|
|~|//Not unlike network segmentation today where assets are segmented by zones and regions, to reduce the environments attack surface, cloud environments need to be segmented as well to establish true security in the cloud. However, zones and regions are not concepts that translate to cloud environments, and a new approach and tools are required. This talk will cover how cloud-native security policies can be established, monitored, and managed at scale across multi and hybrid-cloud environments to achieve segmentation and zero trust security posture in public cloud and Kubernetes based workload environments.
Topics covered in this session will include:
• Gaining visibility into Cloud Security Posture (what talks to what, who talks to whom)
• Establishing security policies
• Monitor Compliance of policies continuously in the DevOps pipeline and alerting
• Cloud-native automation for security solutions - they key imperative//|
|14h30|!The Rise of Secure Access Service Edge (SASE)|
|~|Intervenant : Jacob Serpa, Sr. Product Marketing Manager at Bitglass|
|~|//Secure access service edge (SASE) offerings are cloud-delivered platforms that give consistent security across different applications, devices, web destinations, on-premises resources, and infrastructure. To achieve this, these platforms deliver a variety of functionality from complementary security solutions. As organizations operate in our frenetic business world, SASE becomes imperative.
In this session, you will learn:
• Why organizations need SASE
• The key components of SASE offerings
• How SASE architectures impact performance//|
|15h00|!An Intro to DivvyCloud|
|~|//Technical session to see how DivvyCloud protects cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. This demo covers a basic introduction to how DivvyCloud works and shows you how with automated prevention and real-time remediation, our customers achieve continuous security and compliance.//|
|15h30|!Fireside Chat With Gunter Ollmann, CSO of Microsoft's Cloud and AI Security Division|
|~|Intervenant : Gunter Ollmann, Chief Security Officer (CSO), Microsoft's Cloud and AI Security Division|
__Lien :__
* Site de la conférence → https://www.securitysummits.com/event/cloud-security-summit/
!"//What Schrems 2 Means for your Privacy Shield Program//"
Article publié le 10 août 2020 — Rédigé par Francoise Gilbert, CEO, DataMinding, Inc.
<<<
[>img(150px,auto)[iCSA/K8ABW.jpg]]//The publication of the EU Court of Justice decision in the Schrems 2 case+++*[»]> https://cloudsecurityalliance.org/blog/2020/07/16/eu-court-of-justice-decision-privacy-shield-invalidated/ === has left many organizations, worldwide, facing a difficult dilemma. What to do next to ensure the continuity of personal data flows from the European Union or European Economic Area ("EU/EEA") towards the United States? The consequences of the EU Court of Justice decision are complex, and numerous aspects must be taken into account.
The Schrems 2 decision focuses primarily on two elements, the EU-US Privacy Shield and the Standard Contractual Clauses Controller-to-Processors, but it also affects companies that rely on binding corporate rules, as the EDPB observed in the FAQs it recently published+++*[»]> <<tiddler [[2020.07.24 - Blog : FAQ du Comité Européen de la Protection des Données sur Schrems 2]]>>===. At this point, for most organizations, reliance on Standard Contractual Clauses (with the modifications needed to address the EU CJ decision) appears to the most viable means of ensuring the legality of transfers of certain categories of personal data out of the EU/EEA.
However, members of the EU-US Privacy Shield program should also pay attention to the parts of the Schrems 2 decision that pertain to the Privacy Shield program. The invalidation of the European Commission decision concerning the adequacy of the protection provided by the EU-US Privacy Shield framework has very important consequences. It would be an error to simply remove all references to the organization's participation in the Privacy Shield program from the company's website, and just move on.
!!What the "Privacy Shield Invalidation" Means
"Privacy Shield Invalidation" is a deceptive shortcut. Actually, the Court of Justice of the European Union declared as "invalid"+++*[»]> http://curia.europa.eu/juris/document/document.jsf?text=&docid=228677&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=9791227 === the 2016 decision of the European Commission on the adequacy of the protection provided by the EU-US Privacy Shield. The Privacy Shield framework still exists. However, the EU-US Privacy Shield Framework is no longer a valid mechanism to meet the requirements of the EU/EEA laws when transferring personal data from the European Union or European Economic Area to the United States. The principles of the Privacy Shield, and the promises made to the US Department of Commerce - International Trade Administration (ITA) by those who registered to the EU-US Privacy Shield program remain.
Further the "invalidation" is limited, and it not global or universal. It applies only to transatlantic data flows between EU/EEA member states and the United States. It does not affect other aspects of the Privacy Shield program. Nor does it automatically relieve US businesses that have self-certified under the EU-US Privacy Shield program from the obligations they otherwise have under US laws.
If your organization has self-certified with the EU-US Privacy Shield program, and/or the Swiss-US Privacy Shield program, it is listed on the Privacy Shield List+++*[»]> https://www.privacyshield.gov/list ===, and it is directly affected by the parts of the Schrems 2 decision that pertain to the EU-US Privacy Shield. The organization should evaluate the extent to which it - or its service providers - relied on EU-US Privacy Shield self-certification to provide foreign customers and other contracting parties with assurances concerning the "adequacy" of the protection of personal data if offers. It should evaluate every aspect of the program, their benefits and deficiencies, before making any decision concerning continued adherence to, or withdrawal from, the program.
In this article, we will identify some of the issues that organizations that do business internationally should keep in mind:
* Privacy Shield is not just an EU-US agreement. It is relevant to relations with other countries;
* The invalidation of the 2016 European Commission Decision to recognize the EU-US Privacy Shield as a means to demonstrate that adequate protection is provided to personal data of EU/EEA residents does not cancel other aspects of the Privacy Shield program;
* US law still applies to US businesses that have self-certified their practices under the EU-US Privacy Shield program. These obligations do not go away because of the EUCJ decision;
* Organizations that decide to withdraw from the Privacy Shield program must follow specific rules described below, or risk legal troubles.
!!The Many Facets of the Privacy Shield Program
The Court of Justice of the European Union declared as "invalid"+++*[»]> http://curia.europa.eu/juris/document/document.jsf?text=&docid=228677&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=9791227 === the decision of the European Commission on the adequacy of the protection provided by the EU-U.S. Privacy Shield; it did not invalidate the Privacy Shield program itself. This means only that the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to meet the requirements of the EU/EEA laws regarding the "adequacy" of the protection of personal data in the context of transatlantic transfers of personal data.
The Privacy Shield program is much more complex than it may appear. It is not just an EU-US agreement. It is relevant to relations with other countries. The invalidation of the 2016 European Commission Decision to recognize the EU-US Privacy Shield as a means to demonstrate that adequate protection is provided to personal data of EU/EEA residents does not cancel other aspects of the Privacy Shield.
!!There are Two Privacy Shield Programs
First, there are two Privacy Shield programs. One has been signed with the European Union (and extends to the three countries member of the European Economic Area) and the other with Switzerland. Only the program that pertains to personal data of EU/EEA residents was the focus of the EU Court of Justice decision.
The EU-Swiss Privacy Shield program, which applies to personal data of Switzerland residents, is not affected by the EU Court of Justice decision. While Switzerland follows certain aspects of the EU/EEA legal framework, it is not bound by decisions of the EU Court of Justice. Further, Switzerland has not yet made public any opinion regarding the Schrems 2 decision. According to the website of the Swiss Data Commissioner+++*[»]> https://www.edoeb.admin.ch/edoeb/en/home/latest-news/aktuell_news.html#2131377919 ===, the ruling of the EU Court of Justice is "not directly applicable to Switzerland", and the "Federal Data Protection and Information Commissioner will examine the judgement in detail and comment on it in due course".
!!The Privacy Shield Program has Important Applications Worldwide
Second, while the EU-US Privacy Shield program is legally limited to personal data of EU/EEA residents, it has become a de-facto standard in other parts of the world when dealing with cross border data transfers to the United States - and before that, so did the Safe Harbor -.
More than 100 countries outside the European Economic Area have adopted privacy laws that, like the EU General Data Protection Regular (GDPR) also find their roots and basic principles in the 1980 OECD Privacy Principles (or their successor). These laws frequently include cross border data transfer restrictions that are similar to those found in Articles 45 to 50 of the GDPR (or, previously, Articles 25 and 26 of EU 1995 Data Protection Directive 95/46 (EC)).
A significant number of these countries outside the EU/EEA occasionally rely, directly or not, Privacy Shield self-certification, among other means, for evaluating the practices of a US organization in order to allow certain crossborder data transfers from their territory to the United States in the same manner as this was done between the EU/EEA and the United States. So far, it appears that no country outside the EU/EEA other than the United Kingdom, has publicly stated that it would follow the EUCJ Schrems 2 decision and cease recognizing Privacy Shield certification.
!!Privacy Shield is Still Subject to US Law
US law still applies to US businesses that have self-certified their practices under the EU-US Privacy Shield program, and these obligations are not erased by the EUCJ decision. This invalidation of the EU Commission decision does not relieve US businesses from the obligations they have under US laws with respect to their past or current participation in the Privacy Shield program. Nor does it affect other aspects of the Privacy Shield program.
The US Department of Commerce International Trade Administration (ITA)+++*[»]> https://www.privacyshield.gov/article?id=EU-U-S-Privacy-Shield-Program-Update ===, which is in charge of administering the Privacy Shield program, has recently published a FAQs+++*[»]> https://www.privacyshield.gov/article?id=EU-U-S-Privacy-Shield-Program-Update === in which it reminds companies that the decision of the EU Court of Justice does not relieve participants in the EU-U.S. Privacy Shield program of their obligations under the EU-U.S. Privacy Shield Framework and under US laws. It also points out that the Federal Trade Commission+++*[»]> https://www.ftc.gov/tips-advice/business-center/privacy-and-security/privacy-shield === has reiterated that it will "continue to expect companies to comply with their ongoing obligations with respect to transfers made under the Privacy Shield Framework."
!!If your Organization Wishes to Maintain its Privacy Shield Self-certification
If your organization is listed on the Privacy Shield List+++*[»]> https://www.privacyshield.gov/list ===, it is directly impacted by the judgement of the EU Court of Justice regarding the Privacy Shield program in that it can no longer rely on its Privacy Shield self-certification in connection with data transfers from the EU/EEA. However, it may still want to take advantage of the other aspects of the program discussed above in its relations with Switzerland and other countries that have recognized the Privacy Shield program in the past.
The Department of Commerce, in its FAQ No 3+++*[»]> https://www.privacyshield.gov/article?id=EU-U-S-Privacy-Shield-Program-Update ===, encourages continued participation in the EU-US Privacy Shield program, stating that "organizations continued participation in the EU-US Privacy Shield demonstrate a serious commitment to protect personal information in accordance with a set of privacy principles that offer meaningful privacy protections and recourse of EU Individuals.
To remain on the Privacy List, your organization will be required to re-certify annually. There are specific formalities for re-certification+++*[»]> https://www.privacyshield.gov/article?id=How-to-Re-certify-to-Privacy-Shield ===, as detailed on the website of the Privacy Shield program. In addition, to continue participation in the Privacy Shield, the organization is also required to pay the annual processing fee to the US Department of Commerce International Trade Administration (ITA).
In addition, there are other direct costs, such as the cost of providing an independent recourse mechanism to hear individual complaints at no cost to the individual. Providers of such services set their own fees. Alternatively, the Privacy Shield provides the option for an EU or Swiss individual, as appropriate, to invoke binding arbitration to determine whether a Privacy Shield organization has violated its obligations under the Privacy Shield Principles as to that individual and whether any such violation remains fully or partially unremedied.
The U.S. Department of Commerce International Trade Administration (ITA) has facilitated the establishment of a fund into which Privacy Shield organizations are required to make contributions to cover the arbitration costs as described in Annex I to the Privacy Shield Principles+++*[»]> https://go.adr.org/privacyshieldfund.html ===. The International Centre for Dispute Resolution-American Arbitration Association (ICDR-AAA) was selected to administer these arbitrations and manage this fund.
Beyond the administrative costs associated with membership in the Privacy Shield program, organizations must remember that they are expected to comply with their ongoing obligations (defined in their Privacy Shield self-certification documents) to protect the personal data received through the program, and meet the privacy shield principles.
!!If your Organization Wishes to Withdraw from the Privacy Shield Program
The organization may also opt to withdraw from the Privacy Shield program, but in that case, it should keep in mind that US law still applies to US businesses that have self-certified their practices under the EU-US Privacy Shield program. Organizations that decide to withdraw from the Privacy Shield program must follow specific rules described below, or risk legal troubles.
While remaining within the Privacy Shield program is costly, withdrawal from the program may also open an organization to legal and financial risks. If it wishes to withdraw from the Privacy Shield program, your organization must follow the withdrawal procedure defined in the Privacy Shield documents. The U.S. Department of Commerce's International Trade Administration (ITA) is in charge of processing submissions for withdrawal from the Privacy Shield and maintaining a record of organizations that have been removed from the Privacy Shield List+++*[»]> https://www.privacyshield.gov/inactive ===.
Upon confirming your organization's withdrawal, the ITA will remove the organization from the Privacy Shield List and add it to the record of organizations that had previously self-certified, but have withdrawn, which is accessible from the Privacy Shield website.
Upon removal from the Privacy Shield List, the organization must continue to apply the Privacy Shield Principles to the personal data it received while it participated in the Privacy Shield, and affirm to the ITA, on an annual basis, its commitment to do so, for as long as it retains such data. Alternatively, the organization must return or delete the personal data or provide "adequate" protection by another authorized means.
If, at the time of its withdrawal, the organization elects to retain the personal data, it will have to:
* Complete and return to the ITA a withdrawal questionnaire to verify whether the organization will return, delete, or continue to apply the Privacy Shield Principles to the personal information that it received while participating in the Privacy Shield;
* If personal information will be retained, indicate in the withdrawal questionnaire, who within the organization will serve as an ongoing point of contact for Privacy Shield-related questions;
* Over the years, complete an annual questionnaire+++*[»]> https://www.privacyshield.gov/ps-q-post-withdrawal-data-retention-05312023 === that describes what was done and what it will do with respect to the retained personal data and affirm whether it continues to apply the Privacy Shield Principles to the personal data so retained; and identify the responsible person within the organization who will serve as an ongoing point of contact for Privacy Shield-related questions; and
* Pay an annual $200 fee.
In addition, the organization will have to remove from its websites, privacy policy statements, and any other public documents or contracts any representations that could be construed as claims that it participates in or comply with the Privacy Shield.
Businesses that send or receive personal data of EU/EEA residents are struggling to ensure continuity in transatlantic data flows and privacy protections, and to limit the negative consequences of the decision of the EU Court of Justice on their global business. However, while there is naturally a focus on how to supplement Standard Contractual Clauses to address the new standards set forth in the EU Court of Justice decision, other aspects of the decision should not be neglected in that they may have drastic and costly consequences. The EU Court of Justice invalidation of the 2016 decision of the EU Commission on the adequacy of the protection provided by the EU-US Privacy Shield has more complex and broader consequences than it might appear at first sight. Before deciding to withdraw from the EU-US Privacy Shield program, US organizations should fully evaluate the consequences of such withdrawal to avoid tripping on the landmine of re-certification requirements and withdrawal obligations under the different aspects of the Privacy Shield programs.//
<<<
__Liens :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k8ab/|https://CloudSecurityAlliance.fr/go/k8ab/]]''
https://cloudsecurityalliance.org/articles/what-schrems-2-means-for-your-privacy-shield-program/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #76|2020.08.09 - Newsletter Hebdomadaire #76]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #76|2020.08.09 - Weekly Newsletter - #76]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.08.09 - Newsletter Hebdomadaire #76]]>> |<<tiddler [[2020.08.09 - Weekly Newsletter - #76]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 2 au 9 août 2020
!!1 - Informations CSA - 2 au 9 août 2020
* ''Répondez au sondage CSA sur l'adoption du Cloud'' en 2020+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* Formation CCSK en Français fin août : ''inscriptions toujours ouvertes'' !+++^*[»] <<tiddler [[2020.08.02 - Actu : Formation CCSK en Français fin août 2020]]>>===
* Mise à jour du corpus documentaire 'Sécurité du Cloud' de l'ACSC+++^*[»] <<tiddler [[2020.08.03 - Actu : Mise à jour du corpus documentaire Cloud de l'Agence Australienne de CyberSecurité]]>>===
* Conférence : Retour sur 'BlackHat USA 2020'+++^*[»] <<tiddler [[2020.08.08 - Actu : Retour sur la conférence BlackHat USA 2020]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 90 liens|2020.08.09 - Veille Hebdomadaire - 9 août]])
* __''À lire''__
** Identifier le segment de marché de la sécurité dans le Cloud+++^*[»]
|2020.08.04|Forbes|[[There Is No Cloud Security Market Segment|https://www.forbes.com/sites/richardstiennon/2020/08/04/there-is-no-cloud-security-market-segment/]]|
===
** AWS Control Tower par l'exemple^*[»]
|2020.07.30|//CodeBurst//|![[AWS Control Tower By Example: Part 1|https://codeburst.io/aws-control-tower-by-example-part-1-d1b94df4c58c]] (1/4) |AWS Build|
|2020.07.31|//CodeBurst//|![[AWS Control Tower By Example: Part 2|https://codeburst.io/aws-control-tower-by-example-part-2-2b79e52e8bd9]] (2/4) |AWS Build|
|2020.08.02|//CodeBurst//|![[AWS Control Tower By Example: Part 3|https://codeburst.io/aws-control-tower-by-example-part-3-c06e448a4b3b]] (3/4) |AWS Build|
|2020.08.04|//CodeBurst//|![[AWS Control Tower By Example: Part 4|https://codeburst.io/aws-control-tower-by-example-part-4-babe453533ec]] (4/4) |AWS Build|
===
* __Attaques__
** Office 365 : une cible de prédilection (Mandiant à la BlackHat), campagne de filoutage+++^*[»]
|2020.08.06|//Mandiant//|!"[[My Cloud is APT's Cloud: Investigating and Defending Office 365|https://www.blackhat.com/us-20/briefings/schedule/index.html#my-cloud-is-apts-cloud-investigating-and-defending-office--20982]]" ([[presentation à BlackHat|http://i.blackhat.com/USA-20/Thursday/us-20-Bienstock-My-Cloud-Is-APTs-Cloud-Investigating-And-Defending-Office-365.pdf]]) |O365 Attacks|
|2020.08.07|ZDNet| → [[Microsoft Office 365 is becoming the core of many businesses. And hackers have noticed|https://www.zdnet.com/article/microsoft-office-365-is-becoming-the-core-of-many-businesses-and-hackers-have-noticed/]]|M365 Threats|
|2020.08.06|//Trend Micro//|[[Water Nue Phishing Campaign Targets C-Suite's Office 365 Accounts|https://blog.trendmicro.com/trendlabs-security-intelligence/water-nue-campaign-targets-c-suites-office-365-accounts/]]|O365 Phishing|
|2020.08.04|//DarkTrace//|[[Phishing from the inside: Microsoft 365 account hijack|https://www.darktrace.com/en/blog/phishing-from-the-inside-microsoft-365-account-hijack/]]|M365 Phishing|
===
** GCP : détournement de jeton OAuth+++^*[»]
|2020.08.07|//Netskope//|[[GCP OAuth Token Hijacking in Google Cloud - Part 1|https://www.netskope.com/blog/gcp-oauth-token-hijacking-in-google-cloud-part-1]] (1/2)|GCP OAuth Attack|
===
* __Vulnérabilités__
** Containers et Kubernetes, risques d'abus avec Teams+++^*[»]
|2020.08.06|Container Journal|[[Palo Alto Networks Discloses Kata Container Flaws|https://containerjournal.com/topics/container-security/palo-alto-networks-discloses-kata-container-flaws/]]|Container Flaw|
|2020.08.03|Container Journal|[[Common Container and Kubernetes Vulnerabilities|https://containerjournal.com/topics/container-security/common-container-and-kubernetes-vulnerabilities/]]|Containers Kubernetes Flaws|
|2020.08.05|Bleeping Computer|[[Hackers can abuse Microsoft Teams updater to install malware|https://www.bleepingcomputer.com/news/security/hackers-can-abuse-microsoft-teams-updater-to-install-malware/]]|Teams Malware|
===
* __Rapports et études__
** 'Cloud and Threat Report' (Netskope), 'State of DevSecOps' (Accurics), 'Internet Performance Report' (ThousandEyes), Buckets S3 qui fuitent, Rapport mensuel de GitHub+++^*[»]
|2020.08.07|//Netskope//|!Netskope [[Cloud and Threat Report|https://resources.netskope.com/cloud-threat-report/cloud-and-threat-report-august-2020]] (2020S1) |Report|
|2020.08.07|MSSP Alert| → [[Cloud Threats: Malware Delivery, Risky App Usage Climb|https://www.msspalert.com/cybersecurity-research/cloud-threats-malware-delivery-risky-app-usage-climb/]]|Report|
|>|!|>||
|2020.08.04|//Accurics//|![[State of DevSecOps - Summer 2020|https://start.accurics.com/CT-2020-08-Research-Report_LP-Reg.html/]]|Report|
|2020.08.04|Silicon Angle| → [[Studies find epidemic of human errors threatens cloud security|https://siliconangle.com/2020/08/04/studies-find-cloud-misconfigurations-epidemic/]]|Report Misconfiguration|
|2020.08.05|Help Net Security| → [[Misconfigured cloud storage services are commonplace in 93% of deployments|https://www.helpnetsecurity.com/2020/08/06/misconfigured-cloud-storage-services/]]|Report|
|>|!|>||
|2020.08.05|//Thousand Eyes//|[[ThousandEyes Releases Inaugural Internet Performance Report, Revealing Impact of COVID-19|https://www.comparethecloud.net/news/press-release/thousandeyes-releases-inaugural-internet-performance-report-revealing-impact-of-covid-19/]]|Report|
|2020.08.05|//Thousand Eyes//| → [[2020 Internet Performance Report|https://www.thousandeyes.com/resources/internet-performance-report-covid-19-impact]]|Report|
|>|!|>||
|2020.08.04|Office of Inadequate Security|[[Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets|https://www.databreaches.net/leaky-s3-buckets-have-gotten-so-common-that-theyre-being-found-by-the-thousands-now-with-lots-of-buried-secrets/]]||
|>|!|>||
|2020.08.05|GitHub|[[GitHub Availability Report: July 2020|https://github.blog/2020-08-05-github-availability-report-july-2020/]]|GitHub Monthly_Report|
|2020.08.06|The Register| → [[CSI GitHub: That big outage last month? It's always DNS. Or it was Kubernetes. Maybe it was a heady blend of both|https://www.theregister.com/2020/08/06/july_github_outage_postmortem/]]|Outages|
===
* __Podcasts__
** SilverLining IL et Cloud Security Podcast+++^*[»]
|2020.08.04|SilverLining IL|![[Episode 23: Understanding Microsoft Cloud Security Pillars|https://silverlining-il.castos.com/]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/EP-23-5.8.mp3]]) |Podcast|
|2020.08.03|SilverLining IL|![[Episode 21: Building The Next Generation Of Cloud Services|https://silverlining-il.castos.com/]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/Ep-21.mp3]]) |Misc|
|2020.08.09|Cloud Security Podcast|[[How To Create An Effective Cyber Security Team - Clint Gibler|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-CREATE-AN-EFFECTIVE-CYBER-SECURITY-TEAM---CLINT-GIBLER-ehstlk]] ([[transcription|https://www.cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-create-effective-cyber-security-team]])|Podcast|
===
* __Autres veilles hebdomadaires Cloud et Sécurité__
** TL;DR Security #46 et ''The Cloud Security Reading List'' #49+++^*[»]
|2020.08.09|Marco Lancini|[[The Cloud Security Reading List #49|https://cloudseclist.com/issues/issue-49/]] |Weekly_Newsletter|
|2020.08.05|TL;DR Security|[[#46 - Grokking CSP, Automating Threat Model - Security Tests, Unknown Blob - Plaintext |https://tldrsec.com/blog/tldr-sec-046/]] |Weekly_Newsletter|
===
* __Divers__
** Bonnes pratiques de sécurité : déploiement ou migration dans le Cloud, GCP, surface d'attaque, menaces affectant Kubernetes+++^*[»]
|2020.08.03|Security and Cloud 24/7|![[Best Practices for Deploying New Environments in the Cloud for the First Time|https://security-24-7.com/best-practices-for-deploying-new-environments-in-the-cloud-for-the-first-time/]] |Deployment|
|2020.08.04|Rick Blaisdell|![[The Ultimate Cloud Migration Checklist|https://rickscloud.com/the-ultimate-cloud-migration-checklist/]] |Migration|
|2020.08.06|//GCP//|[[New best practices to help automate more secure Cloud deployments|https://cloud.google.com/blog/products/identity-security/best-practices-to-help-automate-more-secure-cloud-deployments/]]|Best_Practices Deployment|
|2020.08.06|//AllCloud//|[[Three Things You Can Do Today to Reduce Your AWS Attack Surface|https://allcloud.io/blog/three-things-you-can-do-today-to-reduce-your-aws-attack-surface/]]|AWS Attack_Surface|
|2020.08.05|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 6 - Credential Access|https://www.stackrox.com/post/2020/08/protecting-against-kubernetes-threats-chapter-6-credential-access/]] (6/9) |Kubernetes Treats|
===
** Audit et contrôles: événements Office 365, les 'CIS Controls'+++^*[»]
|2020.08.07|Sami Lamppu|![[Office 365 Audit Events - Visibility In Cloud App Security|https://samilamppu.com/2020/08/07/office-365-audit-events-visibility-in-cloud-app-security/]] |O365 Events Audit|
|2020.08.03|//Palo Alto Networks//|![[Do You Have Enough Cloud Security? Use CIS Controls to Assess Yourself|https://blog.paloaltonetworks.com/2020/08/cloud-cis-controls/]] |Assessment CIS_Controls|
===
** Azure : Azure Monitor pour containers; interactions Azure Sentinel avec Teams, avec QRadar, et avec AWS Lambda; les schémas d'Adrian Grigorof sur Azure Sentinel et Azure AD Identity Protection+++^*[»]
|2020.08.09|//Microsoft Azure//|[[Azure Monitor for containers overview|https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-overview]]|Azure|
|2020.08.07|//Microsoft Azure//|![[Azure Sentinel Side-by-Side with QRadar|https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-side-by-side-with-qradar/ba-p/1488333]] |Azure_Sentinel QRadar|
|2020.08.07|//Microsoft Azure//|[[Ingesting log files from AWS S3 using AWS Lambda|https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-log-files-from-aws-s3-using-aws-lambda/ba-p/1571136]]|Azure_Sentinel AWS_Lambda|
|2020.08.06|SecureCloudBlog|[[Complete guide for Integrating Azure Security Center Alerts with MS Teams!|https://securecloud.blog/2020/08/06/complete-guide-for-integrating-azure-security-center-alerts-2-ms-teams/]] (2/2)|Azure Security_Center Teams|
|2020.07.07|SecureCloudBlog|[[PoC part 0 - Integrating Azure Security Center Alerts with MS Teams!|https://securecloud.blog/2020/07/07/poc-part-0-integrating-azure-security-center-alerts-with-ms-teams/]] (1/2)|Azure Security_Center Teams|
|2020.08.04|//Managed Sentinel//|[[Azure Sentinel Design|https://www.managedsentinel.com/2020/08/04/azure-sentinel-design-aug-2020/]]|Azure_Sentinel|
|2020.08.03|//Managed Sentinel//|[[Azure AD Identity Protection Design|https://www.managedsentinel.com/2020/08/03/azure-ad-identity-protection/]]|Azure_AD AAIP|
===
** AWS : la gamme 'AWS Snow', conversion de règles AWS WAF, intégration d'un certificat Let's Encrypt, posture sécurité+++^*[»]
|2020.08.07|//Cloud Management Insider//|[[AWS Snow Family - Physical Devices To Migrate Data|https://www.cloudmanagementinsider.com/aws-snow-family-physical-devices-to-migrate-data/]]|AWS_Snow Products|
|2020.08.06|//Cloud Management Insider//|[[AWS Snowmobile! What is that?|https://www.cloudmanagementinsider.com/what-is-aws-snowmobile/]]|AWS_Snow Products|
|2020.08.04|//Cloud Management Insider//|[[Why, When And Where Do We Need AWS Snowball?|https://www.cloudmanagementinsider.com/why-when-and-where-do-we-need-aws-snowball/]]|AWS_Snow Products|
|2020.08.04|//AWS//|[[Migrating your rules from AWS WAF Classic to the new AWS WAF|https://aws.amazon.com/blogs/security/migrating-rules-from-aws-waf-classic-to-new-aws-waf/]]|AWS WAF|
|2020.08.03|nixCraft|[[Route 53 Let's Encrypt wildcard certificate with acme.sh|https://www.cyberciti.biz/faq/route-53-lets-encrypt-wildcard-certificate-with-acme-sh/]]|Certificate AWS|
|2020.08.03|//AWS//|[[Assess your security posture to identify and remediate security gaps susceptible to ransomware|https://aws.amazon.com/blogs/publicsector/assess-your-security-posture-identify-remediate-security-gaps-ransomware/]]|Tools AWS Gap_Assessment|
===
** GCP : détection basée sur l'analyse des journaux, Autorité de Certification+++^*[»]
|2020.08.06|//GCP//|![[Logs-based Security Alerting in Google Cloud: Detecting attacks in Cloud Identity|https://cloud.google.com/blog/products/identity-security/logs-based-security-alerting-in-google-cloud/]] (1/3) |Detection Logging|
|2020.08.04|//GCP//|[[Introducing CAS: Securing applications with private CAs and certificates|https://cloud.google.com/blog/products/identity-security/introducing-cas-a-cloud-based-managed-ca-for-the-devops-and-iot-world]]|GCP Certificate_Authority|
|2020.08.05|The Register| → [[Google catches up to AWS and steals a march on Azure with introduction of cloudy Certificate Authority Service|https://www.theregister.com/2020/08/05/google_introduces_cloudy_certificate_authority/]]|GCP Certificate_Authority|
===
** Kubernetes : Point EKS/GKE/AKS+++^*[»]
|2020.08.04|//StackRox//|[[EKS vs GKE vs AKS - August 2020 Update|https://www.stackrox.com/post/2020/08/eks-vs-gke-vs-aks-august-2020-updates/]]|EKS GKS AKS Support|
===
** Oracle : annonce d'un data center en France pour 2021+++^*[»]
|2020.08.06|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud : un datacenter Oracle en France d'ici 2021|https://www.silicon.fr/oracle-datacenter-france-2021-344831.html]]|
===
** Zéro Trust et identité (Robert Halbheer)+++^*[»]
|2020.08.06|Robert Halbheer|[[Zero Trust: Identity at the Core|https://www.halbheer.ch/security/2020/08/06/zero-trust-identity-at-the-core/]]|Zero_Trust|
===
** Sécurité des données et SaaS par Securosis+++^*[»]
|2020.08.06|//Securosis//|![[Data Security in the SaaS Age: Quick Wins|https://securosis.com/blog/data-security-in-the-saas-age-quick-wins]] (4/4) |SaaS|
|2020.06.22|//Securosis//|![[Data Security in the SaaS Age: Thinking Small|https://securosis.com/blog/data-security-in-the-saas-age-thinking-small]] (3/4) |SaaS|
|2020.06.15|//Securosis//|![[Data Security in the SaaS Age: Focus on What You Control|https://securosis.com/blog/data-security-in-the-saas-age-focus-on-what-you-control]] (2/4) |SaaS|
|2020.06.03|//Securosis//|![[Data Security in the SaaS Age: Rethinking Data Security|https://securosis.com/blog/data-security-in-the-saas-age-rethinking-data-security]] (1/4) |SaaS|
===
** Outils : adressage dynamique via AWS, KubiScan (Kubernetes)+++^*[»]
|2020.08.05|Devin Stokes|[[How to Create Unlimited Rotating IP Addresses with AWS|https://medium.com/@devinjaystokes/using-proxycannon-ng-to-create-unlimited-rotating-proxies-fccffa70a728]]|Tools AWS IP_Address|
|2020.08.05|The Daily Swig|[[KubiScan: Open source Kubernetes security tool showcased at Black Hat 2020|https://portswigger.net/daily-swig/kubiscan-open-source-kubernetes-security-tool-showcased-at-black-hat-2020]]|K8s Tools|
===
!!3 - Agenda
* __Août 2020__
** ''19 et 20'' → "''[[CSA CloudCon 2020|2020.07.06 - Actu : Agenda du 'CSA CloudCon 2020']]''" • Grand Rapids, Michigan
** ''31'' → fin de l'appel à proposition pour le congrès ''CSA EMEA 2020''
** ''31'' et suivants → ''Formation CCSK / CCSK Plus en français''
* __Septembre 2020__
** ''8 au 25'' → CSA : ''[[Webinaires 'SECtember Experience'|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
** ''23 au 24'' → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K89/|https://CloudSecurityAlliance.fr/go/K89/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - August 2nd to 9th, 2020
!!1 - CSA News and Updates - August 2nd to 9th, 2020
* ''Fill in the new CSA survey on Cloud Adoption in 2020''+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* CCSK training in French and English end of August : ''You can still register'' !+++^*[»] <<tiddler [[2020.08.02 - Actu : Formation CCSK en Français fin août 2020]]>>===
* Cloud Security Guidance by the Australian CyberSecurity Center+++^*[»] <<tiddler [[2020.08.03 - Actu : Mise à jour du corpus documentaire Cloud de l'Agence Australienne de CyberSecurité]]>>===
* Excerpts from the 'BlackHat USA 2020' Conference+++^*[»] <<tiddler [[2020.08.08 - Actu : Retour sur la conférence BlackHat USA 2020]]>>===
!!2 - Cloud and Security News Watch ([[over 90 links|2020.08.09 - Veille Hebdomadaire - 9 août]])
* __''Must read''__
** Is There a Cloud Security Market Segment?+++^*[»]
|2020.08.04|Forbes|[[There Is No Cloud Security Market Segment|https://www.forbes.com/sites/richardstiennon/2020/08/04/there-is-no-cloud-security-market-segment/]]|
===
** AWS Control Tower by Example^*[»]
|2020.07.30|//CodeBurst//|![[AWS Control Tower By Example: Part 1|https://codeburst.io/aws-control-tower-by-example-part-1-d1b94df4c58c]] (1/4) |AWS Build|
|2020.07.31|//CodeBurst//|![[AWS Control Tower By Example: Part 2|https://codeburst.io/aws-control-tower-by-example-part-2-2b79e52e8bd9]] (2/4) |AWS Build|
|2020.08.02|//CodeBurst//|![[AWS Control Tower By Example: Part 3|https://codeburst.io/aws-control-tower-by-example-part-3-c06e448a4b3b]] (3/4) |AWS Build|
|2020.08.04|//CodeBurst//|![[AWS Control Tower By Example: Part 4|https://codeburst.io/aws-control-tower-by-example-part-4-babe453533ec]] (4/4) |AWS Build|
===
* __Attacks__
** Microsoft Office 365 Now a Primary Target for Threat Actors, Phishing Campaigns+++^*[»]
|2020.08.06|//Mandiant//|!"[[My Cloud is APT's Cloud: Investigating and Defending Office 365|https://www.blackhat.com/us-20/briefings/schedule/index.html#my-cloud-is-apts-cloud-investigating-and-defending-office--20982]]" ([[presentation à BlackHat|http://i.blackhat.com/USA-20/Thursday/us-20-Bienstock-My-Cloud-Is-APTs-Cloud-Investigating-And-Defending-Office-365.pdf]]) |O365 Attacks|
|2020.08.07|ZDNet| → [[Microsoft Office 365 is becoming the core of many businesses. And hackers have noticed|https://www.zdnet.com/article/microsoft-office-365-is-becoming-the-core-of-many-businesses-and-hackers-have-noticed/]]|M365 Threats|
|2020.08.06|//Trend Micro//|[[Water Nue Phishing Campaign Targets C-Suite's Office 365 Accounts|https://blog.trendmicro.com/trendlabs-security-intelligence/water-nue-campaign-targets-c-suites-office-365-accounts/]]|O365 Phishing|
|2020.08.04|//DarkTrace//|[[Phishing from the inside: Microsoft 365 account hijack|https://www.darktrace.com/en/blog/phishing-from-the-inside-microsoft-365-account-hijack/]]|M365 Phishing|
===
** GCP: OAuth Token Hijacking+++^*[»]
|2020.08.07|//Netskope//|[[GCP OAuth Token Hijacking in Google Cloud - Part 1|https://www.netskope.com/blog/gcp-oauth-token-hijacking-in-google-cloud-part-1]] (1/2)|GCP OAuth Attack|
===
* __Vulnérabilities__
** Containers and Kubernetes, Abuse Microsoft Teams Updater+++^*[»]
|2020.08.06|Container Journal|[[Palo Alto Networks Discloses Kata Container Flaws|https://containerjournal.com/topics/container-security/palo-alto-networks-discloses-kata-container-flaws/]]|Container Flaw|
|2020.08.03|Container Journal|[[Common Container and Kubernetes Vulnerabilities|https://containerjournal.com/topics/container-security/common-container-and-kubernetes-vulnerabilities/]]|Containers Kubernetes Flaws|
|2020.08.05|Bleeping Computer|[[Hackers can abuse Microsoft Teams updater to install malware|https://www.bleepingcomputer.com/news/security/hackers-can-abuse-microsoft-teams-updater-to-install-malware/]]|Teams Malware|
===
* __Reports and Surveys__
** 'Cloud and Threat Report' (Netskope), 'State of DevSecOps' (Accurics), 'Internet Performance Report' (ThousandEyes), Leaky S3 buckets, GitHub Monthly Availability Report+++^*[»]
|2020.08.07|//Netskope//|!Netskope [[Cloud and Threat Report|https://resources.netskope.com/cloud-threat-report/cloud-and-threat-report-august-2020]] (2020S1) |Report|
|2020.08.07|MSSP Alert| → [[Cloud Threats: Malware Delivery, Risky App Usage Climb|https://www.msspalert.com/cybersecurity-research/cloud-threats-malware-delivery-risky-app-usage-climb/]]|Report|
|>|!|>||
|2020.08.04|//Accurics//|![[State of DevSecOps - Summer 2020|https://start.accurics.com/CT-2020-08-Research-Report_LP-Reg.html/]]|Report|
|2020.08.04|Silicon Angle| → [[Studies find epidemic of human errors threatens cloud security|https://siliconangle.com/2020/08/04/studies-find-cloud-misconfigurations-epidemic/]]|Report Misconfiguration|
|2020.08.05|Help Net Security| → [[Misconfigured cloud storage services are commonplace in 93% of deployments|https://www.helpnetsecurity.com/2020/08/06/misconfigured-cloud-storage-services/]]|Report|
|>|!|>||
|2020.08.05|//Thousand Eyes//|[[ThousandEyes Releases Inaugural Internet Performance Report, Revealing Impact of COVID-19|https://www.comparethecloud.net/news/press-release/thousandeyes-releases-inaugural-internet-performance-report-revealing-impact-of-covid-19/]]|Report|
|2020.08.05|//Thousand Eyes//| → [[2020 Internet Performance Report|https://www.thousandeyes.com/resources/internet-performance-report-covid-19-impact]]|Report|
|>|!|>||
|2020.08.04|Office of Inadequate Security|[[Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets|https://www.databreaches.net/leaky-s3-buckets-have-gotten-so-common-that-theyre-being-found-by-the-thousands-now-with-lots-of-buried-secrets/]]||
|>|!|>||
|2020.08.05|GitHub|[[GitHub Availability Report: July 2020|https://github.blog/2020-08-05-github-availability-report-july-2020/]]|GitHub Monthly_Report|
|2020.08.06|The Register| → [[CSI GitHub: That big outage last month? It's always DNS. Or it was Kubernetes. Maybe it was a heady blend of both|https://www.theregister.com/2020/08/06/july_github_outage_postmortem/]]|Outages|
===
* __Podcasts__
** SilverLining IL and Cloud Security Podcast+++^*[»]
|2020.08.04|SilverLining IL|![[Episode 23: Understanding Microsoft Cloud Security Pillars|https://silverlining-il.castos.com/]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/EP-23-5.8.mp3]]) |Podcast|
|2020.08.03|SilverLining IL|![[Episode 21: Building The Next Generation Of Cloud Services|https://silverlining-il.castos.com/]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/Ep-21.mp3]]) |Misc|
|2020.08.09|Cloud Security Podcast|[[How To Create An Effective Cyber Security Team - Clint Gibler|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-CREATE-AN-EFFECTIVE-CYBER-SECURITY-TEAM---CLINT-GIBLER-ehstlk]] ([[transcription|https://www.cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-create-effective-cyber-security-team]])|Podcast|
===
* __Additional relevant 'Cloud and Security' Weekly Watch__
** TL;DR Security #46 and ''The Cloud Security Reading List'' #49+++^*[»]
|2020.08.09|Marco Lancini|[[The Cloud Security Reading List #49|https://cloudseclist.com/issues/issue-49/]] |Weekly_Newsletter|
|2020.08.05|TL;DR Security|[[#46 - Grokking CSP, Automating Threat Model - Security Tests, Unknown Blob - Plaintext |https://tldrsec.com/blog/tldr-sec-046/]] |Weekly_Newsletter|
===
* __Miscellaneous__
** Best Practices for Deploying Migrating in the Cloud, GCP, Reducing the AWS Attack, and Against Kubernetes Threats+++^*[»]
|2020.08.03|Security and Cloud 24/7|![[Best Practices for Deploying New Environments in the Cloud for the First Time|https://security-24-7.com/best-practices-for-deploying-new-environments-in-the-cloud-for-the-first-time/]] |Deployment|
|2020.08.04|Rick Blaisdell|![[The Ultimate Cloud Migration Checklist|https://rickscloud.com/the-ultimate-cloud-migration-checklist/]] |Migration|
|2020.08.06|//GCP//|[[New best practices to help automate more secure Cloud deployments|https://cloud.google.com/blog/products/identity-security/best-practices-to-help-automate-more-secure-cloud-deployments/]]|Best_Practices Deployment|
|2020.08.06|//AllCloud//|[[Three Things You Can Do Today to Reduce Your AWS Attack Surface|https://allcloud.io/blog/three-things-you-can-do-today-to-reduce-your-aws-attack-surface/]]|AWS Attack_Surface|
|2020.08.05|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 6 - Credential Access|https://www.stackrox.com/post/2020/08/protecting-against-kubernetes-threats-chapter-6-credential-access/]] (6/9) |Kubernetes Treats|
===
** Audit and Controls: Office 365 Events, 'CIS Controls'+++^*[»]
|2020.08.07|Sami Lamppu|![[Office 365 Audit Events - Visibility In Cloud App Security|https://samilamppu.com/2020/08/07/office-365-audit-events-visibility-in-cloud-app-security/]] |O365 Events Audit|
|2020.08.03|//Palo Alto Networks//|![[Do You Have Enough Cloud Security? Use CIS Controls to Assess Yourself|https://blog.paloaltonetworks.com/2020/08/cloud-cis-controls/]] |Assessment CIS_Controls|
===
** Azure: Azure Monitor for containers; Azure Sentinel Side-by-Side with QRadar, Teams and AWS Lambda; Adrian Grigorof's Designs for Azure Sentinel and Azure AD Identity Protection+++^*[»]
|2020.08.09|//Microsoft Azure//|[[Azure Monitor for containers overview|https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-overview]]|Azure|
|2020.08.07|//Microsoft Azure//|![[Azure Sentinel Side-by-Side with QRadar|https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-side-by-side-with-qradar/ba-p/1488333]] |Azure_Sentinel QRadar|
|2020.08.07|//Microsoft Azure//|[[Ingesting log files from AWS S3 using AWS Lambda|https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-log-files-from-aws-s3-using-aws-lambda/ba-p/1571136]]|Azure_Sentinel AWS_Lambda|
|2020.08.06|SecureCloudBlog|[[Complete guide for Integrating Azure Security Center Alerts with MS Teams!|https://securecloud.blog/2020/08/06/complete-guide-for-integrating-azure-security-center-alerts-2-ms-teams/]] (2/2)|Azure Security_Center Teams|
|2020.07.07|SecureCloudBlog|[[PoC part 0 - Integrating Azure Security Center Alerts with MS Teams!|https://securecloud.blog/2020/07/07/poc-part-0-integrating-azure-security-center-alerts-with-ms-teams/]] (1/2)|Azure Security_Center Teams|
|2020.08.04|//Managed Sentinel//|[[Azure Sentinel Design|https://www.managedsentinel.com/2020/08/04/azure-sentinel-design-aug-2020/]]|Azure_Sentinel|
|2020.08.03|//Managed Sentinel//|[[Azure AD Identity Protection Design|https://www.managedsentinel.com/2020/08/03/azure-ad-identity-protection/]]|Azure_AD AAIP|
===
** AWS: AWS Snow Family, Migrating AWS WAF Rules, Route 53 Let's Encrypt wildcard certificatet, Assess Your Security Posture+++^*[»]
|2020.08.07|//Cloud Management Insider//|[[AWS Snow Family - Physical Devices To Migrate Data|https://www.cloudmanagementinsider.com/aws-snow-family-physical-devices-to-migrate-data/]]|AWS_Snow Products|
|2020.08.06|//Cloud Management Insider//|[[AWS Snowmobile! What is that?|https://www.cloudmanagementinsider.com/what-is-aws-snowmobile/]]|AWS_Snow Products|
|2020.08.04|//Cloud Management Insider//|[[Why, When And Where Do We Need AWS Snowball?|https://www.cloudmanagementinsider.com/why-when-and-where-do-we-need-aws-snowball/]]|AWS_Snow Products|
|2020.08.04|//AWS//|[[Migrating your rules from AWS WAF Classic to the new AWS WAF|https://aws.amazon.com/blogs/security/migrating-rules-from-aws-waf-classic-to-new-aws-waf/]]|AWS WAF|
|2020.08.03|nixCraft|[[Route 53 Let's Encrypt wildcard certificate with acme.sh|https://www.cyberciti.biz/faq/route-53-lets-encrypt-wildcard-certificate-with-acme-sh/]]|Certificate AWS|
|2020.08.03|//AWS//|[[Assess your security posture to identify and remediate security gaps susceptible to ransomware|https://aws.amazon.com/blogs/publicsector/assess-your-security-posture-identify-remediate-security-gaps-ransomware/]]|Tools AWS Gap_Assessment|
===
** GCP: Detecting attacks in Cloud Identity, Introducing CAS+++^*[»]
|2020.08.06|//GCP//|![[Logs-based Security Alerting in Google Cloud: Detecting attacks in Cloud Identity|https://cloud.google.com/blog/products/identity-security/logs-based-security-alerting-in-google-cloud/]] (1/3) |Detection Logging|
|2020.08.04|//GCP//|[[Introducing CAS: Securing applications with private CAs and certificates|https://cloud.google.com/blog/products/identity-security/introducing-cas-a-cloud-based-managed-ca-for-the-devops-and-iot-world]]|GCP Certificate_Authority|
|2020.08.05|The Register| → [[Google catches up to AWS and steals a march on Azure with introduction of cloudy Certificate Authority Service|https://www.theregister.com/2020/08/05/google_introduces_cloudy_certificate_authority/]]|GCP Certificate_Authority|
===
** Kubernetes: EKS/GKE/AKS Update+++^*[»]
|2020.08.04|//StackRox//|[[EKS vs GKE vs AKS - August 2020 Update|https://www.stackrox.com/post/2020/08/eks-vs-gke-vs-aks-august-2020-updates/]]|EKS GKS AKS Support|
===
** Oracle: data center in France in 2021+++^*[»]
|2020.08.06|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud : un datacenter Oracle en France d'ici 2021|https://www.silicon.fr/oracle-datacenter-france-2021-344831.html]]|
===
** Zero Trust and Identity by Robert Halbheer+++^*[»]
|2020.08.06|Robert Halbheer|[[Zero Trust: Identity at the Core|https://www.halbheer.ch/security/2020/08/06/zero-trust-identity-at-the-core/]]|Zero_Trust|
===
** Data Security in the SaaS Age by Securosis+++^*[»]
|2020.08.06|//Securosis//|![[Data Security in the SaaS Age: Quick Wins|https://securosis.com/blog/data-security-in-the-saas-age-quick-wins]] (4/4) |SaaS|
|2020.06.22|//Securosis//|![[Data Security in the SaaS Age: Thinking Small|https://securosis.com/blog/data-security-in-the-saas-age-thinking-small]] (3/4) |SaaS|
|2020.06.15|//Securosis//|![[Data Security in the SaaS Age: Focus on What You Control|https://securosis.com/blog/data-security-in-the-saas-age-focus-on-what-you-control]] (2/4) |SaaS|
|2020.06.03|//Securosis//|![[Data Security in the SaaS Age: Rethinking Data Security|https://securosis.com/blog/data-security-in-the-saas-age-rethinking-data-security]] (1/4) |SaaS|
===
** Tools: Rotating IP Addresses with AWS, KubiScan (Kubernetes)+++^*[»]
|2020.08.05|Devin Stokes|[[How to Create Unlimited Rotating IP Addresses with AWS|https://medium.com/@devinjaystokes/using-proxycannon-ng-to-create-unlimited-rotating-proxies-fccffa70a728]]|Tools AWS IP_Address|
|2020.08.05|The Daily Swig|[[KubiScan: Open source Kubernetes security tool showcased at Black Hat 2020|https://portswigger.net/daily-swig/kubiscan-open-source-kubernetes-security-tool-showcased-at-black-hat-2020]]|K8s Tools|
===
!!3 - Agenda
* __August 2020__
** ''19 / 20'' → "''[[CSA CloudCon 2020|2020.07.06 - Actu : Agenda du 'CSA CloudCon 2020']]''" • Grand Rapids, Michigan
** ''31'' → End of the call for papers for the ''CSA EMEA 2020 Congress''
** ''31'' → ''CCSK / CCSK Plus trainings'' in frnech
* __September 2020__
** ''8 / 25'' → CSA : ''[['SECtember Experience' Webinars|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
** ''23 / 24'' → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K89/|https://CloudSecurityAlliance.fr/go/K89/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 9 août 2020
|!Août|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.08.09|
|2020.08.09|Marco Lancini|![[The Cloud Security Reading List 49|https://cloudseclist.com/issues/issue-49/]] |Weekly_Newsletter|
|2020.08.09|Cloud Security Podcast|[[How To Create An Effective Cyber Security Team - Clint Gibler|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-CREATE-AN-EFFECTIVE-CYBER-SECURITY-TEAM---CLINT-GIBLER-ehstlk]] ([[transcription|https://www.cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-create-effective-cyber-security-team]])|Podcast|
|2020.08.09|Gerben Wierda|[[Key posts on IT|https://ea.rna.nl/2020/08/09/sticky-key-posts-on-it/]] (1/2)|Architecture|
|2020.08.09|//Microsoft Azure//|[[Azure Monitor for containers overview|https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-overview]]|Azure|
|>|>|>|!2020.08.08|
|2020.08.08|//Microsoft Azure//|[[Select an Azure data store for your application|https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/data-store-decision-tree]]|Azure Storage|
|>|>|>|!2020.08.07|
|2020.08.07|Help Net Security|[[What are the benefits of automated, cloud-native patch management?|https://www.helpnetsecurity.com/2020/08/07/what-are-the-benefits-of-automated-cloud-native-patch-management/]]|Patch_Management|
|2020.08.07|//SANS//|[[SANS Cloud Security Curriculum|https://www.sans.org/blog/sans-cloud-security-curriculum]]|Training|
|2020.08.07|//Netskope//|!Netskope [[Cloud and Threat Report|https://resources.netskope.com/cloud-threat-report/cloud-and-threat-report-august-2020]] (2020S1) |Report|
|2020.08.07|MSSP Alert| → [[Cloud Threats: Malware Delivery, Risky App Usage Climb|https://www.msspalert.com/cybersecurity-research/cloud-threats-malware-delivery-risky-app-usage-climb/]]|Report|
|2020.08.07|Sami Lamppu|![[Office 365 Audit Events - Visibility In Cloud App Security|https://samilamppu.com/2020/08/07/office-365-audit-events-visibility-in-cloud-app-security/]] |O365 Events Audit|
|2020.08.07|Help Net Security|[[Open source tool Infection Monkey allows security pros to test their network like never before|https://www.helpnetsecurity.com/2020/08/07/open-source-tool-infection-monkey/]]|Tools Simulation Attacks|
|2020.08.07|//Netskope//|[[GCP OAuth Token Hijacking in Google Cloud - Part 1|https://www.netskope.com/blog/gcp-oauth-token-hijacking-in-google-cloud-part-1]] (1/2)|GCP OAuth Attack|
|2020.08.07|//GCP//|[[Security in the new normal: What happened week 4 at Google Cloud Next '20: OnAir|https://cloud.google.com/blog/topics/google-cloud-next/what-happened-week4-of-google-cloud-next20-onair/]]|GCP Conference|
|2020.08.07|//GCP//|[[Introducing the Google Cloud Security Showcase|https://cloud.google.com/blog/products/identity-security/introducing-the-google-cloud-security-showcase/]]|GCP Showcase|
|2020.08.07|//Security Intelligence//|[[Cloud IAM and the Path Toward Digital Transformation|https://securityintelligence.com/posts/cloud-iam-digital-transformation/]]|IAM|
|2020.08.07|//Microsoft Azure//|![[Azure Sentinel Side-by-Side with QRadar|https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-side-by-side-with-qradar/ba-p/1488333]] |Azure_Sentinel QRadar|
|2020.08.07|//Microsoft Azure//|[[Ingesting log files from AWS S3 using AWS Lambda|https://techcommunity.microsoft.com/t5/azure-sentinel/ingesting-log-files-from-aws-s3-using-aws-lambda/ba-p/1571136]]|Azure_Sentinel AWS_Lambda|
|2020.08.07|//Cloud Management Insider//|[[AWS Snow Family - Physical Devices To Migrate Data|https://www.cloudmanagementinsider.com/aws-snow-family-physical-devices-to-migrate-data/]]|AWS_Snow Products|
|2020.08.07|//Cloud Management Insider//|[[Why are Websites and Web Applications Rapidly Adopting Cloud Security Solutions?|https://www.cloudmanagementinsider.com/websites-and-web-applications-adopting-cloud-security-solutions/]]|Misc|
|2020.08.07|//Threatpost//|[[Augmenting AWS Security Controls|https://threatpost.com/divvycloud-augmenting-aws-security-controls/158132/]]|Products AWS Controls|
|2020.08.07|//DZone//|[[Advanced Docker Security with AppArmor|https://dzone.com/articles/advanced-docker-security-with-apparmor]]|Docker|
|2020.01.11|//AppFleet//| → [[Advanced Docker Security with AppArmor|https://appfleet.com/blog/advanced-docker-security-with-apparmor/]]|Docker|
|2020.08.07|//SimplyBusiness//|[[Overcoming Terraform state locking issues with ECS tasks|https://www.simplybusiness.co.uk/about-us/tech/2020/08/terraform-state-file-locking/]]|Terraform|
|2020.08.07|//AWS//|[[Cross-account bulk transfer of files using Amazon S3 Batch Operations|https://aws.amazon.com/fr/blogs/storage/cross-account-bulk-transfer-of-files-using-amazon-s3-batch-operations/]]|AWS_S3 Amazon Batch_Operations|
|>|>|>|!2020.08.06|
|2020.08.06|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud : un datacenter Oracle en France d'ici 2021|https://www.silicon.fr/oracle-datacenter-france-2021-344831.html]]|
|2020.08.06|ZDNet|[[Return of the sovereign cloud|https://www.zdnet.com/article/return-of-the-sovereign-cloud/]]|Sovereignty|
|2020.08.06|Robert Halbheer|[[Zero Trust: Identity at the Core|https://www.halbheer.ch/security/2020/08/06/zero-trust-identity-at-the-core/]]|Zero_Trust|
|2020.08.06|Container Journal|[[Palo Alto Networks Discloses Kata Container Flaws|https://containerjournal.com/topics/container-security/palo-alto-networks-discloses-kata-container-flaws/]]|Container Flaw|
|2020.08.06|SecureCloudBlog|[[Complete guide for Integrating Azure Security Center Alerts with MS Teams!|https://securecloud.blog/2020/08/06/complete-guide-for-integrating-azure-security-center-alerts-2-ms-teams/]] (2/2)|Azure Security_Center Teams|
|2020.08.06|//Securosis//|![[Data Security in the SaaS Age: Quick Wins|https://securosis.com/blog/data-security-in-the-saas-age-quick-wins]] (4/4) |SaaS|
|2020.08.06|//Mandiant//|!"[[My Cloud is APT's Cloud: Investigating and Defending Office 365|https://www.blackhat.com/us-20/briefings/schedule/index.html#my-cloud-is-apts-cloud-investigating-and-defending-office--20982]]" ([[presentation à BlackHat|http://i.blackhat.com/USA-20/Thursday/us-20-Bienstock-My-Cloud-Is-APTs-Cloud-Investigating-And-Defending-Office-365.pdf]]) |O365 Attacks|
|2020.08.07|ZDNet| → [[Microsoft Office 365 is becoming the core of many businesses. And hackers have noticed|https://www.zdnet.com/article/microsoft-office-365-is-becoming-the-core-of-many-businesses-and-hackers-have-noticed/]]|M365 Threats|
|2020.07.08|Dark Reading| → [[How Advanced Attackers Take Aim at Office 365|https://www.darkreading.com/threat-intelligence/how-advanced-attackers-take-aim-at-office-365/d/d-id/1338301]]|O365 Attacks|
|2020.08.09|ZDNet[>img[iCSF/flag_fr.png]]| → [[Microsoft Office 365 est central pour de nombreuses entreprises et les pirates le savent|https://www.zdnet.fr/actualites/microsoft-office-365-est-central-pour-de-nombreuses-entreprises-et-les-pirates-le-savent-39907913.htm]]|O365 Attacks|
|2020.08.06|//Trend Micro//|[[Water Nue Phishing Campaign Targets C-Suite's Office 365 Accounts|https://blog.trendmicro.com/trendlabs-security-intelligence/water-nue-campaign-targets-c-suites-office-365-accounts/]]|O365 Phishing|
|2020.08.06|//Security Intelligence//|[[Security Modernization for the Cloud|https://securityintelligence.com/posts/enterprise-security-cloud-modernization-transformation/]] (1/6)|Security_Delivery|
|2020.08.06|//GCP//|[[New best practices to help automate more secure Cloud deployments|https://cloud.google.com/blog/products/identity-security/best-practices-to-help-automate-more-secure-cloud-deployments/]]|Best_Practices Deployment|
|2020.08.06|//GCP//|![[Logs-based Security Alerting in Google Cloud: Detecting attacks in Cloud Identity|https://cloud.google.com/blog/products/identity-security/logs-based-security-alerting-in-google-cloud/]] (1/3) |Detection Logging|
|2020.08.06|//AllCloud//|[[Three Things You Can Do Today to Reduce Your AWS Attack Surface|https://allcloud.io/blog/three-things-you-can-do-today-to-reduce-your-aws-attack-surface/]]|AWS Attack_Surface|
|2020.08.06|//StackRox//|[[Guide to GKE Runtime Security for GCP Workloads|https://www.stackrox.com/post/2020/08/guide-to-gke-runtime-security-for-gcp-workloads/]]|GCP GKE Workloads|
|2020.08.06|//Avast//|[[Cloud-Based Internet Security|https://blog.avast.com/cloud-based-secure-internet-gateways-avast]]|Misc|
|2020.08.06|//Cloud Management Insider//|[[AWS Snowmobile! What is that?|https://www.cloudmanagementinsider.com/what-is-aws-snowmobile/]]|AWS_Snow Products|
|2020.08.06|//Cloud Management Insider//|[[Journey to Google Cloud - Part 1|https://www.cloudmanagementinsider.com/cloud-migration-gcp/]] (1/2)|GCP|
|>|>|>|!2020.08.05|
|2020.08.05|TL;DR Security|[[#46 - Grokking CSP, Automating Threat Model - Security Tests, Unknown Blob - Plaintext |https://tldrsec.com/blog/tldr-sec-046/]] |Weekly_Newsletter|
|2020.08.05|Bleeping Computer|[[Hackers can abuse Microsoft Teams updater to install malware|https://www.bleepingcomputer.com/news/security/hackers-can-abuse-microsoft-teams-updater-to-install-malware/]]|Teams Malware|
|2020.08.05|GitHub|[[GitHub Availability Report: July 2020|https://github.blog/2020-08-05-github-availability-report-july-2020/]]|GitHub Monthly_Report|
|2020.08.06|The Register| → [[CSI GitHub: That big outage last month? It's always DNS. Or it was Kubernetes. Maybe it was a heady blend of both|https://www.theregister.com/2020/08/06/july_github_outage_postmortem/]]|Outages|
|2020.08.05|Devin Stokes|[[How to Create Unlimited Rotating IP Addresses with AWS|https://medium.com/@devinjaystokes/using-proxycannon-ng-to-create-unlimited-rotating-proxies-fccffa70a728]]|Tools AWS IP_Address|
|2020.08.05|The Daily Swig|[[KubiScan: Open source Kubernetes security tool showcased at Black Hat 2020|https://portswigger.net/daily-swig/kubiscan-open-source-kubernetes-security-tool-showcased-at-black-hat-2020]]|K8s Tools|
|2020.08.05|Dark Reading|[[Why Confidential Computing Is a Game Changer|https://www.darkreading.com/cloud/why-confidential-computing-is-a-game-changer/a/d-id/1338510]]|Confidential_Computing|
|2020.08.05|Dirk-jan Mollema|[[Digging further into the Primary Refresh Token|https://dirkjanm.io/digging-further-into-the-primary-refresh-token/]]|AzureAD Exploit|
|2020.08.05|//AWS//|[[Logical Separation on AWS - Moving Beyond Physical Isolation in the Era of Cloud Computing|https://d1.awsstatic.com/whitepapers/compliance/AWS_Logical_Separation_Handbook.pdf]] (pdf)|AWS Isolation|
|2020.08.05|//GCP//|[[The best of Google Cloud Next '20: OnAir's Security Week for technical practitioners|https://cloud.google.com/blog/products/identity-security/google-cloud-next20-onair-security-week-for-technical-practitioners/]]|GCP Conference|
|2020.08.05|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 6 - Credential Access|https://www.stackrox.com/post/2020/08/protecting-against-kubernetes-threats-chapter-6-credential-access/]] (6/9) |Kubernetes Treats|
|2020.08.05|//Netskope//|![[Understanding Coverage Isn't Just About Counting Data Centers|https://www.netskope.com/blog/understanding-coverage-isnt-just-about-counting-data-centers]] (2/2) |Coverage vPoP|
|2020.08.05|//StackRox//|[[Hooah! StackRox Soars with the U.S. Air Force on Kube Security|https://www.stackrox.com/post/2020/08/hooah-stackrox-soars-with-the-u.s.-air-force-on-kube-security/]]|Market Products|
|2020.08.05|//CipherCloud//|[[Enabling Data Protection and Compliance in the G Suite Environment|https://www.ciphercloud.com/enabling-data-protection-and-compliance-in-the-g-suite-environment/]]|GCP Compliance|
|2020.08.05|//InfraCloud//|[[Protecting Kubernetes applications data using Kanister|https://www.infracloud.io/blogs/protecting-kubernetes-applications-with-kanister/]]|K8s|
|>|>|>|!2020.08.04|
|2020.08.04|Forbes|[[There Is No Cloud Security Market Segment|https://www.forbes.com/sites/richardstiennon/2020/08/04/there-is-no-cloud-security-market-segment/]]|
|2020.08.04|SilverLining IL|![[Episode 23: Understanding Microsoft Cloud Security Pillars|https://silverlining-il.castos.com/]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/EP-23-5.8.mp3]]) |Podcast|
|2020.08.04|Rick Blaisdell|![[The Ultimate Cloud Migration Checklist|https://rickscloud.com/the-ultimate-cloud-migration-checklist/]]|Migration|
|2020.08.04|Bleeping Computer|[[Suspicious Canon outage leads to image.canon data loss|https://www.bleepingcomputer.com/news/technology/suspicious-canon-outage-leads-to-imagecanon-data-loss/]]|Outage|
|2020.08.04|Bleeping Computer|[[Canon hit by Maze Ransomware attack, 10TB data allegedly stolen|https://www.bleepingcomputer.com/news/security/canon-hit-by-maze-ransomware-attack-10tb-data-allegedly-stolen/]]|Ransomware|
|2020.08.05|MSSP Alert| → [[Ransomware Attacks Canon Email, Microsoft Teams Data: Report|https://www.msspalert.com/cybersecurity-news/maze-ransomware-attacks-canon-email-microsoft-teams-report/]]|Maze Ransomware|
|2020.08.04|Office of Inadequate Security|[[Leaky S3 buckets have gotten so common that they're being found by the thousands now, with lots of buried secrets|https://www.databreaches.net/leaky-s3-buckets-have-gotten-so-common-that-theyre-being-found-by-the-thousands-now-with-lots-of-buried-secrets/]]||
|2020.08.04|Emanuel Evans|![[Deconstructing Kubernetes Networking|https://eevans.co/blog/deconstructing-kubernetes-networking/]] (2/3) |K8s|
|2020.08.04|//Accurics//|![[State of DevSecOps - Summer 2020|https://start.accurics.com/CT-2020-08-Research-Report_LP-Reg.html/]]|Report|
|2020.08.04|Silicon Angle| → [[Studies find epidemic of human errors threatens cloud security|https://siliconangle.com/2020/08/04/studies-find-cloud-misconfigurations-epidemic/]]|Report Misconfiguration|
|2020.08.04|TechRepublic| → [[Study finds misconfigured cloud storage services in 93% of cloud deployments analyzed|https://www.techrepublic.com/article/study-finds-misconfigured-cloud-storage-services-in-93-of-cloud-deployments-analyzed/]]|Report|
|2020.08.04|Security Magazine|[[Misconfigured servers contributed to more than 200 cloud breaches|https://www.scmagazine.com/featured/cloud-misconfigurations-contributed-to-more-than-200-breaches/]]|Report|
|2020.08.05|SC Magazine| → [[Misconfigured servers contributed to more than 200 cloud breaches|https://www.scmagazine.com/home/security-news/cloud-misconfigurations-contributed-to-more-than-200-breaches/]]|Report|
|2020.08.05|Help Net Security| → [[Misconfigured cloud storage services are commonplace in 93% of deployments|https://www.helpnetsecurity.com/2020/08/06/misconfigured-cloud-storage-services/]]|Report|
|2020.08.05|//Thousand Eyes//|[[ThousandEyes Releases Inaugural Internet Performance Report, Revealing Impact of COVID-19|https://www.comparethecloud.net/news/press-release/thousandeyes-releases-inaugural-internet-performance-report-revealing-impact-of-covid-19/]]|Report|
|2020.08.05|//Thousand Eyes//| → [[2020 Internet Performance Report"|https://www.thousandeyes.com/resources/internet-performance-report-covid-19-impact]]|Report|
|2020.08.04|//StackRox//|[[EKS vs GKE vs AKS - August 2020 Update|https://www.stackrox.com/post/2020/08/eks-vs-gke-vs-aks-august-2020-updates/]]|EKS GKS AKS Support|
|2020.08.04|//GCP//|[[A better, safer normal: Helping you modernize security in the cloud or in place|https://cloud.google.com/blog/products/identity-security/helping-you-modernize-security-in-the-cloud/]]|Conference GCP|
|2020.08.04|//DarkTrace//|[[Phishing from the inside: Microsoft 365 account hijack|https://www.darktrace.com/en/blog/phishing-from-the-inside-microsoft-365-account-hijack/]]|M365 Phishing|
|2020.08.04|//MSSP Alert//|[[Tanium, Google Chronicle Partner On Cloud Threat Response|https://www.msspalert.com/cybersecurity-services-and-products/endpoint/tanium-google-chronicle-cloud-security-analytics/]]|Products|
|2020.08.04|//GCP//|[[Introducing CAS: Securing applications with private CAs and certificates|https://cloud.google.com/blog/products/identity-security/introducing-cas-a-cloud-based-managed-ca-for-the-devops-and-iot-world]]|GCP Certificate_Authority|
|2020.08.05|The Register| → [[Google catches up to AWS and steals a march on Azure with introduction of cloudy Certificate Authority Service|https://www.theregister.com/2020/08/05/google_introduces_cloudy_certificate_authority/]]|GCP Certificate_Authority|
|2020.08.04|//AWS//|[[Migrating your rules from AWS WAF Classic to the new AWS WAF|https://aws.amazon.com/blogs/security/migrating-rules-from-aws-waf-classic-to-new-aws-waf/]]|AWS WAF|
|2020.08.04|//Threat Stack//|[[Introducing Threat Stack support for AWS Fargate|https://www.threatstack.com/blog/introducing-threat-stack-support-for-aws-fargate]]|Products AWS_Fargate|
|2020.08.04|//Silicon Angle//| → [[Threat Stack Announces Availability of Container Security Monitoring for AWS Fargate|https://vmblog.com/archive/2020/08/04/threat-stack-announces-availability-of-container-security-monitoring-for-aws-fargate.aspx]]|Products AWS_Fargate|
|2020.08.04|//Argentra//|[[Securing Remote Workforce: Why Enterprises Need SASE Now More Than Ever|https://www.argentra.com/securing-remote-workforce-why-enterprises-need-sase-now-more-than-ever/]]|SASE|
|2020.08.04|//Cloud Management Insider//|[[Why, When And Where Do We Need AWS Snowball?|https://www.cloudmanagementinsider.com/why-when-and-where-do-we-need-aws-snowball/]]|AWS_Snow Products|
|2020.08.04|//Microsoft Azure//|[[Episode 370 - Microsoft Inspire 2020|https://www.microsoftcloudshow.com/podcast/Episodes/370-microsoft-inspire-2020/]]|Podcast Azure Products|
|2020.08.04|//GCP//|[[Achieve least privilege with less effort using IAM Recommender|https://cloud.google.com/blog/products/identity-security/achieve-least-privilege-with-less-effort-using-iam-recommender]]|GCP IAM|
|2020.08.04|//Managed Sentinel//|[[Azure Sentinel Design|https://www.managedsentinel.com/2020/08/04/azure-sentinel-design-aug-2020/]]|Azure_Sentinel|
|2020.08.04|//Cequence//|[[API Security Need to Know: Questions Every Executive Should Ask About Their APIs|https://www.cequence.ai/blog/api-security-need-to-know-questions-every-executive-should-ask-about-their-apis/]]|APIs|
|2020.08.04|//CodeBurst//|![[AWS Control Tower By Example: Part 4|https://codeburst.io/aws-control-tower-by-example-part-4-babe453533ec]] (4/4) |AWS Build|
|>|>|>|!2020.08.03|
|2020.08.03|Security and Cloud 24/7|![[Best Practices for Deploying New Environments in the Cloud for the First Time|https://security-24-7.com/best-practices-for-deploying-new-environments-in-the-cloud-for-the-first-time/]] |Deployment|
|2020.08.03|Container Journal|[[Common Container and Kubernetes Vulnerabilities|https://containerjournal.com/topics/container-security/common-container-and-kubernetes-vulnerabilities/]]|Containers Kubernetes Flaws|
|2020.08.03|nixCraft|[[Route 53 Let's Encrypt wildcard certificate with acme.sh|https://www.cyberciti.biz/faq/route-53-lets-encrypt-wildcard-certificate-with-acme-sh/]]|Certificate AWS|
|2020.08.03|SilverLining IL|![[Episode 21: Building The Next Generation Of Cloud Services|https://silverlining-il.castos.com/]] ([[mp3|https://chtbl.com/track/F583FD/episodes.castos.com/5e4aaf232467c1-76191533/Ep-21.mp3]]) |Misc|
|2020.08.03|Computer Weekly|[[Cloud security vs. network security: What's the difference?|https://searchnetworking.techtarget.com/answer/Cloud-security-vs-network-security-Whats-the-difference]]|Network|
|2020.08.03|Andrii Sumko|[[Single Sign-On in Kubernetes|https://medium.com/@andriisumko/single-sign-on-in-kubernetes-1ad9528350ed]]|K8s SSO|
|2020.08.03|//Palo Alto Networks//|![[Do You Have Enough Cloud Security? Use CIS Controls to Assess Yourself|https://blog.paloaltonetworks.com/2020/08/cloud-cis-controls/]] |Assessment CIS_Controls|
|2020.08.03|//AppFleet//|[[Tutorial: Kubernetes-Native Backup and Recovery With Stash|https://appfleet.com/blog/kubernetes-native-backup-and-recovery-with-stash/]]|K8s Backup|
|2020.08.03|//AWS//|[[Assess your security posture to identify and remediate security gaps susceptible to ransomware|https://aws.amazon.com/blogs/publicsector/assess-your-security-posture-identify-remediate-security-gaps-ransomware/]]|Tools AWS Gap_Assessment|
|2020.08.03|//AWS//|[[Why Cloud Native Security Requires a Unified Platform|https://blog.checkpoint.com/2020/08/03/why-cloud-native-security-requires-a-unified-platform/]]|Cloud_Native|
|2020.08.04|//Managed Sentinel//|[[Azure Sentinel Design|https://www.managedsentinel.com/2020/08/04/azure-sentinel-design-aug-2020/]]|Azure_Sentinel|
|2020.08.03|//Managed Sentinel//|[[Azure AD Identity Protection Design|https://www.managedsentinel.com/2020/08/03/azure-ad-identity-protection/]]|Azure_AD AAIP|
|2020.08.03|//Black Hills Infosec//|[[How To: Applied Purple Teaming Lab Build on Azure with Terraform (Windows DC, Member, and HELK!)|https://www.blackhillsinfosec.com/how-to-applied-purple-teaming-lab-build-on-azure-with-terraform/]]|Azure Labs|
|2020.08.03|//Black Hills Infosec//| → [[Applied Purple Teaming Lab Terraform|https://github.com/DefensiveOrigins/APT-Lab-Terraform]]|Azure Labs|
<<tiddler [[arOund0C]]>>
!"//Synthèse des présentations 'Cloud et sécurité'//"
[>img(auto,80px)[iCSF/BlackHat.png]]La conférence BlackHat qui aurait dû se tenir à Las Vegas s'est déroulée en ligne du 1er au 6 août 2020.
Les 5 présentations traitant des sujets 'Cloud et Sécurité' sont présentées ci-dessous :
# "//''My Cloud is APT's Cloud: Investigating and Defending Office 365''//"
# "//''Escaping Virtualized Containers''//"
# "//''Lateral Movement and Privilege Escalation in GCP; Compromise any Organization without Dropping an Implant''//"
# "//''Defending Containers Like a Ninja: A Walk through the Advanced Security Features of Docker & Kubernetes''//"
# "//''CloudLeak: DNN Model Extractions from Commercial MLaaS Platforms''//"
__Lien direct :__
* Site de la conférence BlackHat USA 2020 ⇒ https://www.blackhat.com/us-20/
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tabs tK88 "My Cloud is APT's Cloud..." '' [[K88-BH##MYIAC]]
'Escaping Virtualized Containers' '' [[K88-BH##EVC]]
'Lateral Movement and Privilege Escalation in GCP...' '' [[K88-BH##LMAPEIG]]
'Defending Containers Like a Ninja...' '' [[K88-BH##DCLAN]]
'CloudLeak' '' [[K88-BH##CDMEFCMP]] >>
<<tiddler [[arOund0C]]>>
/%
!MYIAC
__''My Cloud is APT's Cloud: Investigating and Defending Office 365''__
* Intervenants : Doug Bienstock (Principal Consultant, Mandiant), Josh Madeley (Manager, Mandiant)
* Date : 6 août 2020, 1:30pm-2:10pm (PST)
* Liens : [[description|https://www.blackhat.com/us-20/briefings/schedule/#my-cloud-is-apts-cloud-investigating-and-defending-office--20982]], [[présentation (pdf)|http://i.blackhat.com/USA-20/Thursday/us-20-Bienstock-My-Cloud-Is-APTs-Cloud-Investigating-And-Defending-Office-365.pdf]]
* Détails :
<<<
{{ss2col{//As organizations increase their adoption of cloud services, we see attackers following them to the cloud. Microsoft Office 365 is becoming the most common email platform in enterprises across the world and it is also becoming an increasingly interesting target for threat actors. Office 365 encompasses not only Exchange, but also Teams, SharePoint, OneDrive, and more. The sheer volume of data stored in Office 365 means that in many cases an attacker need not compromise the on-premise network to complete their mission.
In this talk, we walk through a number of case studies taken from real APT intrusions that we've been a part of. We will begin with relatively unsophisticated techniques that are used by small-time actors and have been widely discussed. From there, we work our way up to the most sophisticated and stealthy techniques that we have only observed in the wild on a few occasions. These techniques utilize parts of Office 365 that are often poorly understood and not closely monitored.
Along the way, we will provide insight into the various forensic artifacts available to an investigator and their many nuances. We will discuss some important gotchas that can trip up inexperienced analysts. Lastly, we will also discuss important best practices for administrators to defend their tenants against these increasingly sophisticated threats.// }}}
<<<
!EVC
__''Escaping Virtualized Containers''__
* Intervenants : Yuval Avrahami (Senior Security Researcher, Palo Alto Networks)
* Date : 6 août 2020, 10:00am-10:40am (PST)
* Liens : [[description|https://www.blackhat.com/us-20/briefings/schedule/#escaping-virtualized-containers-20514]], [[présentation (pdf)|http://i.blackhat.com/USA-20/Thursday/us-20-Avrahami-Escaping-Virtualized-Containers.pdf]]
* Détails :
<<<
{{ss2col{//Containers offer speed, performance, and portability, but do they actually contain? While they try their best, the shared kernel is a disturbing attack surface: a mere kernel vulnerability may allow containerized processes to escape and compromise the host. This issue prompted a new wave of sandboxing tools that use either unikernels, lightweight VMs or userspace-kernels to separate the host OS from the container's OS.
One of these solutions is Kata Containers, a container runtime that spawns each container inside a lightweight VM, and can function as the underlying runtime in Docker and Kubernetes. Kata's virtualized containers provide two layers of isolation: even if an attacker breaks out of the container, he is still confined to the microVM.
Several Cloud Service Providers are deploying Kata in production to support customer multitenancy in their Serverless and CaaS offerings. With its focus on isolation, does Kata Containers actually contain?
In this talk, we'll put Kata's isolation to the test, and attempt to escape the container, break out of the encapsulating VM, and finally, compromise the host.// }}}
<<<
!LMAPEIG
__''Lateral Movement and Privilege Escalation in GCP; Compromise any Organization without Dropping an Implant''__
* Intervenants : Dylan Ayrey (Security Engineer) • Allison Donovan (Senior Infrastructure Security Engineer, Cruise)
* Date : 6 août 2020, 2:30pm-3:10pm (PST)
* Liens : [[description|https://www.blackhat.com/us-20/briefings/schedule/#lateral-movement-and-privilege-escalation-in-gcp-compromise-any-organization-without-dropping-an-implant-19435]], [[Vidéo (pdf)|https://www.youtube.com/watch?v=Ml09R38jpok]], outils [[GCPloit|https://github.com/dxa4481/gcploit]] (//GCP Exploit Framework//)
* Détails :
<<<
{{ss2col{//Google Cloud's security model in many ways is quite different from AWS. Spark jobs, Cloud Functions, Jupyter Notebooks, and more default to having administrative capabilities over cloud API's. Instead of defaulting to no capabilities, permissions are granted to default identities. One default permission these identities have is called actAs, which allows a service by default to assume the identity of every service account in its project; many of which typically have role bindings into other projects and across an organization's resources.
This means by default many API's and identities can compromise large swaths of an organization by moving laterally by impersonating or gaining access to other identities. This can all be done without dropping a single implant on a machine.
In this talk, we'll demonstrate several techniques to perform identity compromise via the ActAs permission, privilege escalation, lateral movement, and widespread project compromise in Google Cloud. We will also release tools for exploitation.
Next, we'll show what detection capabilities are possible in the Google Cloud ecosystem, by showing Stackdriver logs that correspond with our exploitation techniques, and showing limitations in what's available. We'll also release tools and queries that can be used for detection as well as insight to how we have attempted to tackle this problem at scale.
Lastly, we'll go over remediation efforts you can take as a Google cloud customer, and show how difficult it can be to secure yourself against these attacks. We will release tools that can be used to harden your organization, and walk through user stories and anecdotes of what this process looks at scale within our organization.// }}}
<<<
!DCLAN
__''Defending Containers Like a Ninja: A Walk through the Advanced Security Features of Docker & Kubernetes''__
* Intervenants : Sheila Berta (Head of Research, Dreamlab Technologies)
* Date : 5 août 2020, 10:00am-10:40am (PST)
* Liens : [[description|https://www.blackhat.com/us-20/briefings/schedule/#defending-containers-like-a-ninja-a-walk-through-the-advanced-security-features-of-docker--kubernetes-20153]], [[présentation (pdf)|http://i.blackhat.com/USA-20/Wednesday/us-20-Berta-Defending-Containers-Like-A-Ninja-A-Walk-Through-The-Advanced-Security-Features-Of-Docker-And-Kubernetes.pdf]]
* Détails :
<<<
{{ss2col{//Today, with a few commands anyone can have containers running on their machine; at this point, they seem to be neither complex nor complicated to secure. However, the story dramatically changes when the ecosystem grows exponentially and now we have thousands of nodes that fulfill different roles, with different resources, running different applications, in different virtual environments, remotely accessed by different users who must have different types of permissions and so on. Complexity is the worst enemy of security, what can we do to protect these huge containerized environments?
There are many features of Docker and Kubernetes that allow to secure quite well these environments. However, the eternal official documentation makes, perhaps, these functionalities go unnoticed.
Throughout this talk it will be explained how to implement the advanced security features to secure the Docker daemon and its core components, the containers execution, Swarm and Kubernetes orchestrated environments. We will go from the depths, limiting the kernel's capabilities at container runtime and remapping it to the user-namespace, until successfully apply the RBAC at the orchestrator in Swarm or Kubernetes. In addition, the talk reveals various attacks that could be carried out if these advanced security measures are not applied.// }}}
<<<
!CDMEFCMP
__''CloudLeak: DNN Model Extractions from Commercial MLaaS Platforms''__
* Intervenants : Yier Jin (Associate Professor, University of Florida), Honggang Yu (PhD Student, University of Florida), Tsung-Yi Ho (Professor, National Tsing Hua University)
* Date : 5 août 2020, 10:00am-10:40am (PST)
* Liens : [[description|https://www.blackhat.com/us-20/briefings/schedule/#cloudleak-dnn-model-extractions-from-commercial-mlaas-platforms-20825]], [[présentation (pdf)|http://i.blackhat.com/USA-20/Wednesday/us-20-Jin-CloudLeak-DNN-Model-Extractions-From-Commercial-MLaaS-Platform.pdf]], [[article (pdf)|http://i.blackhat.com/USA-20/Wednesday/us-20-Jin-CloudLeak-DNN-Model-Extractions-From-Commercial-MLaaS-Platform-wp.pdf]]|
* Détails :
> {{ss2col{//Deep Neural Networks (DNN) have been widely deployed for a variety of tasks across many disciplines, for example, image processing, natural language processing, and voice recognition. However, creating a successful DNN model depends on the availability of huge amounts of data as well as enormous computing power, and the model training is often an arduously slow process. This presents a large barrier to those interested in utilizing a DNN. To meet the demands of users who may not have sufficient resources, cloud-based deep learning services arose as a cost-effective and flexible solution allowing users to complete their machine learning (ML) tasks efficiently. Machine Learning as a Service (MLaaS) platform providers may spend great effort collecting data and training models, and thus want to keep them proprietary. The DNN models of MLaaS platforms can only be used as web-based API interface and thus is isolated from users. In this work, we develop a novel type of attack that allows the adversary to easily extract the large-scale DNN models from various cloud-based MLaaS platforms, which are hosted by Microsoft, Face++, IBM, Google and Clarifai.// }}}
!end
%/
!"//Mise à jour de 7 documents//"
[>img(auto,80px)[iCSF/ASD+ACSC.png]]L'Agence Australienne de CyberSecurité (//ACSC// ou //Australian Cyber Security Center//) a publié 7 mises à jour de son corpus documentaire sur les problématiques de sécurité du Cloud.
Ces mises à jour publiées le 27 juillet 2020 sur le portail de l'ASC+++*[»]> https://www.cyber.gov.au/advice/cloud-computing-security === sont réprises ci-dessous sous la forme d'un tableau de synthèse, puis de détails avec tous les liens directs.
Tous les documents relatifs à la Sécurité du Cloud publiés par l'ACSC et référencés sur ce site sont disponibles +++*[ici »]> <<tiddler [[Ref-AgencNat-AU]]>> ===
|>|>|>||>|>| !Format |
|!Publication|!Source|!Titre|!Page|!PDF|!DOCX|!XLSX|
|2020.07.27|ACSC (AU)|Anatomy of a Cloud Assessment and Authorisation|[[HTML|https://www.cyber.gov.au/node/2735]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-07/Anatomy%20of%20a%20Cloud%20Assessment%20and%20Authorisation%20%28July%202020%29.pdf]]|[[DOCX|https://www.cyber.gov.au/sites/default/files/2020-07/Anatomy%20of%20a%20Cloud%20Assessment%20and%20Authorisation%20%28July%202020%29.docx]]|!|
|2020.07.27|ACSC (AU)|Cloud Computing Security Considerations|[[HTML|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-computing-security-considerations]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20Considerations%20%28July%202020%29.pdf]]|[[DOCX|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20Considerations%20%28July%202020%29.docx]]|!|
|2020.07.27|ACSC (AU)|Cloud Computing Security for Cloud Service Providers|[[HTML|https://www.cyber.gov.au/node/1315]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28July%202020%29.pdf]]|[[DOCX|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28July%202020%29.docx]]|!|
|2020.07.27|ACSC (AU)|Cloud Security Assessment Report Template|[[HTML|https://www.cyber.gov.au/node/2736]]|!|[[DOCX|https://www.cyber.gov.au/sites/default/files/2020-07/Cloud%20Security%20Assessment%20Report%20Template%20%28July%202020%29.docx]]|!|
|2020.07.27|ACSC (AU)|Cloud Computing Security for Tenants|[[HTML|https://www.cyber.gov.au/node/1316]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28July%202020%29.pdf]]|[[DOCX|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28July%202020%29.docx]]|!|
|2020.07.27|ACSC (AU)|Cloud Security Controls Matrix|[[HTML|https://www.cyber.gov.au/node/2737]]|!|!|[[XLSX|https://www.cyber.gov.au/sites/default/files/2020-08/Cloud%20Security%20Controls%20Matrix%20%28July%202020%29.xlsx]]|
|2020.07.27|ACSC (AU)|Cloud Assessment and Authorisation - Frequently Asked Questions|[[HTML|https://www.cyber.gov.au/node/2734]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Assessment%20and%20Authorisation%20%E2%80%93%20Frequently%20Asked%20Questions%20%28July%202020%29.pdf]]|!|!|
!!Contexte
<<<
{{ss2col{On 27 July 2020, following the closure of the Cloud Services Certification Program (CSCP) and the associated Certified Cloud Services List (CCSL), the Australian Cyber Security Centre (ACSC) and the Digital Transformation Agency (DTA) released new Cloud Security Guidance co-designed with industry to support the secure adoption of cloud services across government and industry.
The Cloud Security Guidance aims to guide organisations including government, cloud service providers (CSP), and Information Security Registered Assessors Program (IRAP) assessors on how to perform a comprehensive assessment of a cloud service provider and its cloud services so a risk-informed decision can be made about its suitability to handle an organisation's data.
The Cloud Security Guidance package includes:
* ''Anatomy of a Cloud Assessment and Authorisation''
** The Anatomy of a Cloud Assessment and Authorisation is co-designed with industry to support the secure adoption of cloud services across government and industry.
* ''Cloud Security Assessment Report Template''
** The Cloud Security Assessment Report Template is used to assess a cloud service provider (CSP) and its cloud services, improving the consistency of the Cloud Security Assessment Reports.
* ''Cloud Security Controls Matrix''
** The Cloud Security Controls Matrix (CSCM) provides additional context to the Australian Government Information Security Manual (ISM) security controls for cloud computing to assist security assessments.
To assist organisations to transition from the CSCP to this new assessment framework, ACSC has also developed the ''Cloud assessment and authorisation framework - frequently asked questions'' (FAQs).
The Cloud Security Guidance is supported by forthcoming updates to the Australian Government Information Security Manual (ISM)+++*[»]> https://www.cyber.gov.au/node/1896 ===, the Attorney-General's Protective Security Policy Framework (PSPF)+++*[»]> https://www.protectivesecurity.gov.au/ ===, and the DTA's Secure Cloud Strategy+++*[»]> https://www.dta.gov.au/our-projects/secure-cloud-strategy ===.
Current Australian Cyber Security Centre (ACSC) guidance is also available and supports the new guidance:
* ''Cloud Computing Security Considerations''
* ''Cloud Computing Security Considerations for Cloud Service Providers''
* ''Cloud Computing Security Considerations for Tenants''
__Related information__
* The Privacy Act 1988 defines legislative requirements for the handling of private information.
* The Archives Act 1983 regulates government record-keeping requirements.
* The Digital Transformation Agency provides the Whole-of-Government Cloud Services Panel (CSP), a non-mandatory procurement mechanism to enable Australian Government agencies to procure cloud services. The CSP lists cloud service providers who have negotiated a contractual head agreement with the Digital Transformation Agency for use by the whole of Australian Government.
Source ⇒ https://www.cyber.gov.au/acsc/government/cloud-security-guidance }}}
<<<
!!Anatomy of a Cloud Assessment and Authorisation
<<<
[>img(300px,auto)[iCSF/K7RAUACAA.png]]The ''Anatomy of a Cloud Assessment and Authorisation'' is co-designed with industry to support the secure adoption of cloud services across government and industry.
The ''Anatomy of a Cloud Assessment and Authorisation'' document assists and guides Information Security Registered Assessors Program (IRAP) assessors, cloud consumers, cyber security practitioners, cloud architects and business representatives on how to perform an assessment of a cloud service provider (CSP) and its cloud services. This allows a risk-informed decision to be made about its suitability to handle an organisation's data.
[...]
<<<
__Liens directs :__
* [[Permalien|https://www.cyber.gov.au/node/2735]] et [[Présentation|https://www.cyber.gov.au/acsc/view-all-content/publications/anatomy-cloud-assessment-and-authorisation]]
* versions [[PDF|https://www.cyber.gov.au/sites/default/files/2020-07/Anatomy%20of%20a%20Cloud%20Assessment%20and%20Authorisation%20%28July%202020%29.pdf]] et [[DOCX|https://www.cyber.gov.au/sites/default/files/2020-07/Anatomy%20of%20a%20Cloud%20Assessment%20and%20Authorisation%20%28July%202020%29.docx]]
!!Cloud Computing Security Considerations
<<<
[>img(300px,auto)[iCSF/K7RAUC0N.png]]Cloud computing offers potential benefits including cost savings and improved business outcomes for organisations. However, there are a variety of information security risks that need to be carefully considered. Risks will vary depending on the sensitivity of the data to be stored or processed, and how the chosen cloud vendor (also referred to as a cloud service provider) has implemented their specific cloud services.
[...]
<<<
__Liens directs :__
* [[Permalien|https://www.cyber.gov.au/node/837]] et [[Présentation|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-computing-security-considerations]]
* versions [[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20Considerations%20%28July%202020%29.pdf]] et [[DOCX|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20Considerations%20%28July%202020%29.docx]]
!!Cloud Computing Security for Cloud Service Providers
<<<
[>img(300px,auto)[iCSF/K7RAU4CSP.png]]This document is designed to assist assessors validating the security posture of a cloud service in order to provide organisations with independent assurance of security claims made by Cloud Service Providers (CSPs). This document can also assist CSPs to offer secure cloud services.
[...]
<<<
__Liens directs :__
* [[Permalien|https://www.cyber.gov.au/node/1315]] et [[Présentation|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-computing-security-cloud-service-providers]]
* versions [[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28July%202020%29.pdf]] et [[DOCX|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28July%202020%29.docx]]
!!Cloud Security Assessment Report Template
<<<
[>img(300px,auto)[iCSF/K7RAUREP.png]]The ''Cloud Security Assessment Report Template'' is used to assess a cloud service provider (CSP) and its cloud services, improving the consistency of the Cloud Security Assessment Reports[...]
The ''Cloud Security Assessment Report Template'' is to be used to document the Phase 1 assessment of a cloud service provider (CSP) and its cloud services. It details the security assessment findings that should be included and how it should be presented in the report. This improves the consistency of the cloud security assessment reports, allowing cloud consumers to more easily compare CSPs against one another, and to determine which CSP is best suited to their security and business needs.
The ''Cloud Security Assessment Report Template'' can be customised as needed to best document the findings from the security assessment of a CSP and its cloud services. Information Security Registered Assessors Program (IRAP) assessors should, however, limit the changes to the report to only what is necessary, maintaining its structure and headings to ensure reports are consistent.
[...]
<<<
__Liens directs :__
* [[Permalien|https://www.cyber.gov.au/node/2736]] et [[Présentation|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-security-assessment-report-template]]
* version [[DOCX|https://www.cyber.gov.au/sites/default/files/2020-07/Cloud%20Security%20Assessment%20Report%20Template%20%28July%202020%29.docx]]
!!Cloud Computing Security for Tenants
<<<
[>img(300px,auto)[iCSF/K7RAU4T.png]]This document is designed to assist an organisation's cyber security team, cloud architects and business representatives to jointly perform a risk assessment and use cloud services securely
Assessors validating the security posture of a cloud service offered by Cloud Service Providers (CSPs), and CSPs that want to offer secure cloud services, should refer to the companion document ''Cloud Computing Security for Cloud Service Providers''[...]
The scope of this document covers Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), provided by a CSP as part of a public cloud, community cloud and, to a lesser extent, a hybrid cloud or outsourced private cloud.
[...]
<<<
__Liens directs :__
* [[Permalien|https://www.cyber.gov.au/node/1316]] et [[Présentation|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-computing-security-tenants]]
* versions [[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28July%202020%29.pdf]] et [[DOCX|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28July%202020%29.docx]]
!!Cloud Security Controls Matrix
<<<
[>img(50%,auto)[iCSF/K7RAUCSCM2.png]]The ''Cloud Security Controls Matrix'' (CSCM) provides additional context to the Australian Government Information Security Manual (ISM) security controls for cloud computing to assist security assessments.[...]
The ''Cloud Security Controls Matrix'' (CSCM) is a tool intended to be used by Information Security Registered Assessors Program (IRAP) assessors to capture the implementation of security controls from the Australian Government's Information Security Manual (ISM) by cloud service providers (CSPs) for their systems and services.
The CSCM provides indicative guidance on the scoping of cloud security assessments, and inheritance for systems under a shared responsibility model, though it should be noted that guidance is not definitive and should be interpreted by the assessor in the context of the assessed system. Further, these comments have generally been developed with reference to OFFICIAL: Sensitive and PROTECTED public clouds. This does not preclude their use for other types of cloud services, though additional scrutiny should be applied to their reference in this case.
Importantly, the CSCM also captures the ability for cloud consumers to implement security controls for systems built on top of the CSP's services by identifying where they are responsible for configuring the service in accordance with the ISM.
[...]
<<<
__Liens directs :__
* [[Permalien|https://www.cyber.gov.au/node/2737]] et [[Présentation|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-security-controls-matrix]]
* version [[XLSX|https://www.cyber.gov.au/sites/default/files/2020-08/Cloud%20Security%20Controls%20Matrix%20%28July%202020%29.xlsx]]
!!Cloud Assessment and Authorisation - Frequently Asked Questions
<<<
[>img(300px,auto)[iCSF/K7RAUCAAF.png]]This publication provides answers relating to frequently asked questions on the Australian Cyber Security Centre (ACSC)'s new cloud security guidance, future support, government self-assessment and cloud security assessment reports.
[...]
<<<
__Liens directs :__
* [[Permalien|https://www.cyber.gov.au/node/2734]] et [[Présentation|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-assessment-and-authorisation-frequently-asked-questions]]
* versions [[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Assessment%20and%20Authorisation%20%E2%80%93%20Frequently%20Asked%20Questions%20%28July%202020%29.pdf]] et [[DOCX|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Assessment%20and%20Authorisation%20%E2%80%93%20Frequently%20Asked%20Questions%20%28July%202020%29.docx]]
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #75|2020.08.02 - Newsletter Hebdomadaire #75]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #75|2020.08.02 - Weekly Newsletter - #75]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.08.02 - Newsletter Hebdomadaire #75]]>> |<<tiddler [[2020.08.02 - Weekly Newsletter - #75]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 27 juillet au 2 août 2020
!!1 - Informations CSA - 27 juillet au 2 août 2020
* ''Répondez au sondage CSA sur l'adoption du Cloud'' en 2020+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* Formation CCSK en Français fin août : ''inscriptions toujours ouvertes'' !+++^*[»] <<tiddler [[2020.08.02 - Actu : Formation CCSK en Français fin août 2020]]>>===
* Conférence 'SECtember' : évolution de la formule en une série de webinaires+++^*[»] <<tiddler [[2020.07.28 - Actu : Transformation de la conférence SECtember en une série de Webinaires]]>>=== et programme prévisionnel+++^*[»] <<tiddler [[2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]>>===
* Publication : NIST SP 800-210 'General Access Control Guidance for Cloud Systems'+++^*[»] <<tiddler [[2020.07.30 - Publication : NIST SP 800-210 'General Access Control Guidance for Cloud Systems']]>>===
* Appel à commentaires : 'Enterprise Architecture-CCM'+++^*[»] <<tiddler [[2020.07.29 - Appel à commentaires 'Enterprise Architecture-CCM']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 90 liens|2020.08.02 - Veille Hebdomadaire - 02 août]])
* __''À lire''__
** ''Mise à jour du corpus documentaire de l'Agence australienne de CyberSécurité (ACSC)''+++^*[»]
|2020.07.27|ACSC (AU)|[[Anatomy of a Cloud Assessment and Authorisation|https://www.cyber.gov.au/node/2735]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Computing Security Considerations|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-computing-security-considerations]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Computing Security for Cloud Service Providers|https://www.cyber.gov.au/node/1315]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Security Assessment Report Template|https://www.cyber.gov.au/node/2736]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Computing Security for Tenants|https://www.cyber.gov.au/node/1316]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Security Controls Matrix|https://www.cyber.gov.au/node/2737]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Assessment and Authorisation - Frequently Asked Questions|https://www.cyber.gov.au/node/2734]]|Guidance Australia|
|2020.07.27|IT Wire| → [[Australian Cyber Security Centre, DTA unveil new rules for secure cloud services|https://www.itwire.com/government-tech-policy/australian-cyber-security-centre,-dta-unveil-new-rules-for-secure-cloud-services.html]]|Governmental_Cloud Australia|
|2020.07.27|CRN (AU)| → [[Feds update guidance for cloud providers|http://www.crn.com.au/news/feds-update-guidance-for-cloud-providers-550886]]|Governmental_Cloud US|
|2020.07.27|ZDNet| → [[Commonwealth entities left to self-assess security in cloud procurement|https://www.zdnet.com/article/commonwealth-entities-left-to-self-assess-security-in-cloud-procurement/]]|Commonwealth Procurement|
|2020.07.28|//Cloud Management Insider//| → [[Australia Releases 'Cloud Security Guidance' To Bolster Cybersecurity|https://www.cloudmanagementinsider.com/australia-releases-cloud-security-guidance-to-bolster-cybersecurity/]]|Governmental_Cloud Australia|
===
** Chiffrer ou ne pas chiffrer, telle est la question+++^*[»]
|2020.08.02|Chris Farris|![[Cloud Encryption is worthless! Click here to see why...|https://www.chrisfarris.com/post/cloud-encryption/]] |Encryption|
===
** AWS Control Tower par l'exemple^*[»]
|2020.07.30|//CodeBurst//|![[AWS Control Tower By Example: Part 1|https://codeburst.io/aws-control-tower-by-example-part-1-d1b94df4c58c]] (1/4) |AWS Build|
|2020.07.31|//CodeBurst//|![[AWS Control Tower By Example: Part 2|https://codeburst.io/aws-control-tower-by-example-part-2-2b79e52e8bd9]] (2/4) |AWS Build|
|2020.08.02|//CodeBurst//|![[AWS Control Tower By Example: Part 3|https://codeburst.io/aws-control-tower-by-example-part-3-c06e448a4b3b]] (3/4) |AWS Build|
|2020.08.04|//CodeBurst//|![[AWS Control Tower By Example: Part 4|https://codeburst.io/aws-control-tower-by-example-part-4-babe453533ec]] (4/4) |AWS Build|
===
* __Attaques__
** Malware "Doki" contre des containers Docker+++^*[»]
|2020.07.28|//Intezer//|![[Watch Your Containers: Doki Infecting Docker Servers in the Cloud|https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/]] |Docker Attack Doki|
|2020.07.29|Bleeping Computer| → [[Sneaky Doki Linux malware infiltrates Docker cloud instances|https://www.bleepingcomputer.com/news/security/sneaky-doki-linux-malware-infiltrates-docker-cloud-instances/]] |Docker Attack Doki|
|2020.07.30|//NeuVector//| → [[How to Protect Container Infrastructures Against the Malware "Doki"|https://neuvector.com/docker-security/protect-against-doki-malware/]] |Docker Attack Doki|
===
** Vulnérabilité Kubernetes CVE-2020-8558+++^*[»]
|2020.07.27|//Palo Alto Networks//|![[CVE-2020-8558: Kubernetes Vulnerability, Analysis and Mitigation|https://unit42.paloaltonetworks.com/cve-2020-8558/]] |K8s CVE-2020-8558|
|2020.07.29|Container Journal| → [[Palo Alto Networks Digs Into Kubernetes Security Flaw|https://containerjournal.com/topics/container-security/pan-digs-deep-into-kubernetes-security-flaw/]]|K8s CVE-2020-8558|
===
** Cas de Phishing O365 : via Google Ads et fausses alertes Sharepoint+++^*[»]
|2020.07.30|Bleeping Computer|[[Office 365 phishing abuses Google Ads to bypass email filters|https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-google-ads-to-bypass-email-filters/]] |Phishing O365|
|2020.07.27|Bleeping Computer|[[Office 365 phishing baits employees with fake SharePoint alerts|https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-employees-with-fake-sharepoint-alerts/]] |Phishing O365|
===
* __Rapports et études__
** Rapport '2020 State of Public Cloud Security Risks' (//Orca Security//), menaces sur les containers (//Forrester Research//) et sur les Buckets S3 (//Truffle Security//), Threat Report Q2 2020 (//ESET//)+++^*[»]
|2020.07.28|//Orca Security//|![[Orca Security 2020 State of Public Cloud Security Risks Report|https://orca.security/public-cloud-security-risks-research/]] |Report|
|2020.07.28|//Orca Security//| → [[2020 State of Public Cloud Security Report|https://info.orca.security/2020-state-of-public-cloud-security-report]] '[[pdf|https://orca.security/wp-content/uploads/Orca-Security-2020-State-of-Public-Cloud-Security-Report.pdf]])|Report|
|2020.07.28|Dark Reading| → [[Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness|https://www.darkreading.com/cloud/out-of-date-and-unsupported-cloud-workloads-continue-as-a-common-weakness/d/d-id/1338465]] |Report|
|>|!|>||
|2020.07.28|Container Journal|![[Forrester Highlights Rising Container Security Issues|https://containerjournal.com/topics/container-security/forrester-highlights-rising-container-security-issues/]] |Containers Forrester|
|2020.07.24|Forrester Research| → [[Container Adoption Is On The Rise: How Can Security Keep Up?|https://go.forrester.com/blogs/container-adoption-is-on-the-rise-how-can-security-keep-up/]]|Containers Forrester|
|2020.07.24|Forrester Research| → [[Best Practices For Container Security|https://www.forrester.com/report/Best+Practices+For+Container+Security/-/E-RES159820]]|Containers Forrester|
|>|!|>||
|2020.08.02|Truffle Security|![[An API Worm In The Making: Thousands Of Secrets Found In Open S3 Buckets|https://trufflesecurity.com/blog/an-s3-bucket-worm-in-the-making-thousands-of-secrets-found-in-open-s3-buckets]] |AWS_S3 Worm Report|
|>|!|>||
|2020.07.29|//ESET//|[[ESET Threat Report Q2 2020|https://www.welivesecurity.com/2020/07/29/eset-threat-report-q22020/]] ([[pdf|https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf]])|Report|
===
* __Acquisitions__
** OpenIO par OVHcloud+++^*[»]
|2020.07.27|le Mag IT[>img[iCSF/flag_fr.png]]|[[Stockage : OVHcloud rachète OpenIO pour mieux rivaliser avec S3 d'AWS|https://www.lemagit.fr/actualites/252486700/Stockage-OVHcloud-rachete-OpenIO-pour-mieux-rivaliser-avec-S3-dAWS]]|Acquisition|
===
* __Autres veilles hebdomadaires Cloud et Sécurité__
** TL;DR Security #45 et ''The Cloud Security Reading List'' #48+++^*[»]
|2020.08.02|Marco Lancini|[[The Cloud Security Reading List #48|https://cloudseclist.com/issues/issue-48/]] |Weekly_Newsletter|
|2020.07.29|TL;DR Security|[[#45 - Bucket Brigade, ReDoS Cheat-sheet, Understanding OAuth|https://tldrsec.com/blog/tldr-sec-045/]] |Weekly_Newsletter|
===
* __Divers__
** Quelques articles en français+++^*[»]
|2020.07.31|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cyberattaques : de Cloud Hopper à WannaCry, l'UE sanctionne pour l'exemple|https://www.silicon.fr/cyberattaques-cloud-hopper-wannacry-ue-344331.html]] |Europe Attacks Sanctions|
|2020.07.31|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Comment bâtir une stratégie de sauvegarde des données à l'épreuve du futur ?|https://www.silicon.fr/avis-expert/comment-batir-une-strategie-de-sauvegarde-des-donnees-a-lepreuve-du-futur]] |Resilience Storage|
|2020.07.31|Le MagIT[>img[iCSF/flag_fr.png]]|![[Souveraineté numérique et "Guerre Froide" technologique : l'avenir du cloud s'annonce orageux|https://www.lemagit.fr/actualites/252487001/Souverainete-numerique-et-Guerre-Froide-technologique-lavenir-du-cloud-sannonce-orageux]] |Sovereignty|
===
** Bonnes pratiques de sécurité : AWS, AWS Lambda, protection contre les menaces affectant Kubernetes+++^*[»]
|2020.07.30|//Rapid7//|![[Cloud Best Practices Every Security Professional Should Know|https://blog.rapid7.com/2020/07/30/cloud-best-practices-every-security-professional-should-know/]] |Best_Pratices|
|2020.07.30|//Radware//|[[Protecting AWS Assets: A Case Study|https://blog.radware.com/security/cloudsecurity/2020/07/protecting-aws-assets-a-case-study/]]|AWS Assets|
|2020.07.27|DevOps.com|![[How to Achieve AWS Security in 10 Steps|https://devops.com/how-to-achieve-aws-security-in-10-steps/]] |AWS|
|2020.07.27|//Check Point//|![[AWS Lambda Security Best Practices|https://blog.checkpoint.com/2020/07/27/aws-lambda-security-best-practices/]] |AWS_Lambda|
|2020.07.27|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 5 - Defense Evasion|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-5-defense-evasion/]] (5/9) |Kubernetes Treats|
|2020.07.28|SANS|[[Locking Down and Monitoring Cloud Infrastructure|https://www.sans.org/blueprint-podcast/locking-down-and-monitoring-cloud-infrastructure-with-kyle-dickinson]] ([[podcast mp3|https://www.buzzsprout.com/1142720/4691612-locking-down-and-monitoring-cloud-infrastructure.mp3]])|Podcast|
===
** Containers : série de 3 articles+++^*[»]
|2020.07.30|Jan Harrie|![[Container Breakouts - Part 3: Docker Socket|https://blog.nody.cc/posts/container-breakouts-part3/]] (3/3) |Containers|
|2020.07.21|Jan Harrie|![[Container Breakouts - Part 2: Privileged Container|https://blog.nody.cc/posts/container-breakouts-part2]] (2/3) |Containers|
|2020.07.15|Jan Harrie|![[Container Breakouts - Part 1: Access to root directory of the Host|https://blog.nody.cc/posts/container-breakouts-part1/]] (1/3) |Containers|
===
** Faire du Cloud en Chine+++^*[»]
|2020.07.27|SANS|![[Doing Cloud in China|https://www.sans.org/blog/doing-cloud-in-china]] |China|
===
** Sandboxing, isolation et workloads (MalwareBytes, Fly.io, AWS)+++^*[»]
|2020.07.29|//Malware Bytes//|[[Cloud workload security: Should you worry about it?|https://blog.malwarebytes.com/business-2/2020/07/cloud-workload-security-should-it-be-something-to-worry-about/]] |Workloads|
|2020.07.29|//Fly.io//|[[Sandboxing and Workload Isolation|https://fly.io/blog/sandboxing-and-workload-isolation/]]|Sandboxing Workloads|
|2020.07.29|//AWS//|[[Logical separation: Moving beyond physical isolation in the cloud computing era|https://aws.amazon.com/blogs/security/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era/]]|AWS Physical_Isolation|
===
** Conférence : "AWS re:Invent" se fera en ligne+++^*[»]
|2020.07.29|GeekWire|![[Amazon moves annual AWS re:Invent conference online as part of a free 3-week event|https://www.geekwire.com/2020/amazon-moves-annual-aws-reinvent-conference-online/]] |AWS Conference|
===
** Juridique : protection des données, Privacy Shield (compléments)+++^*[»]
|2020.07.30|//Bricker & Eckler Attorneys//|[[Your data is under attack: Are you ready?|https://www.bricker.com/insights-resources/publications/your-data-is-under-attack-are-you-ready]]|Blackbaud Attack|
|2020.07.27|//AWS//|[[Customer update: AWS and the EU-US Privacy Shield|https://aws.amazon.com/blogs/security/customer-update-aws-and-the-eu-us-privacy-shield/]]|Privacy_Shield|
===
* Outils
** Pour Kubernetes (Rakkes, Kubebo)+++^*[»]
|2020.07.29|SecTechno|[[Rakkess - Show Access Matrix for Kubernetes|https://sectechno.com/rakkess-show-access-matrix-for-kubernetes/]]|Tools|
|2020.07.30|Hakin9|[[Kubebox - Terminal And Web Console For Kubernetes|https://hakin9.org/kubebox-terminal-and-web-console-for-kubernetes/]]|Tools|
|2020.07.29|KitPloit|[[Kubebox - Terminal And Web Console For Kubernetes|https://www.kitploit.com/2020/07/kubebox-terminal-and-web-console-for.html]]|Tools Kubernetes|
===
** Pour AWS (''AWS Exposable Resources'', Cloudsplaining)+++^*[»]
|2020.07.31|Scott Piper|![[AWS Exposable Resources|https://github.com/SummitRoute/aws_exposable_resources]] |Tools AWS Resources Leaks|
|2020.08.01|KitPloit|[[Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report|https://www.kitploit.com/2020/08/cloudsplaining-aws-iam-security.html]]|Tools AWS|
===
* __Offres du marché__
** AWS, BlackBlaze, and GCP+++^*[»]
|2020.07.30|//AWS//|![[Over 150 AWS services now have a security chapter|https://aws.amazon.com/blogs/security/over-150-aws-services-now-have-security-chapter/]] |AWS|
|2020.07.31|//AWS//|[[New - Using Amazon GuardDuty to Protect Your S3 Buckets|https://aws.amazon.com/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/]]|Products AWS GuardDuty S3|
|>|!|>||
|2020.07.30|//BlackBlaze//|![[Protecting Your Business: Cloud Backup Vs. Cloud Sync|https://www.backblaze.com/blog/business-cloud-backup-vs-cloud-sync/]] |Storage Backup Sync|
|>|!|>||
|2020.07.30|//GCP//|[[Preventing lateral movement in Google Compute Engine|https://cloud.google.com/blog/products/identity-security/preventing-lateral-movement-in-google-compute-engine]]|GCP Lateral_Movement|
===
!!3 - Agenda
* __Août 2020__
** ''19 et 20'' → "''[[CSA CloudCon 2020|2020.07.06 - Actu : Agenda du 'CSA CloudCon 2020']]''" • Grand Rapids, Michigan
** ''31'' → fin de l'appel à proposition pour le congrès ''CSA EMEA 2020''
** ''31'' et suivants → ''Formation CCSK / CCSK Plus en français''
* __Septembre 2020__
** ''8 au 25'' septembre → CSA : ''[[Webinaires 'SECtember Experience'|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]'' • Seattle, Etats-Unis
** ''23 au 24'' septembre → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K82/|https://CloudSecurityAlliance.fr/go/K82/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - July 27th to August 2nd, 2020
!!1 - CSA News and Updates - July 27th to August 2nd, 2020
* ''Fill in the new CSA survey on Cloud Adoption in 2020''+++^*[»] <<tiddler [[2020.08.02 - Actu : Sondage CSA sur l'adoption du Cloud en 2020]]>>===
* CCSK training in French and English end of August : ''You can still register'' !+++^*[»] <<tiddler [[2020.08.02 - Actu : Formation CCSK en Français fin août 2020]]>>===
* 'SECtember' Conference: Switching to a webinar format+++^*[»] <<tiddler [[2020.07.28 - Actu : Transformation de la conférence SECtember en une série de Webinaires]]>>=== with the Current Agenda+++^*[»] <<tiddler [[2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]>>===
* Publication: NIST SP 800-210 'General Access Control Guidance for Cloud Systems'+++^*[»] <<tiddler [[2020.07.30 - Publication : NIST SP 800-210 'General Access Control Guidance for Cloud Systems']]>>===
* Call for Comments: 'Enterprise Architecture-CCM'+++^*[»] <<tiddler [[2020.07.29 - Appel à commentaires 'Enterprise Architecture-CCM']]>>===
!!2 - Cloud and Security News Watch ([[over 90 links|2020.08.02 - Veille Hebdomadaire - 02 août]])
* __''Must read''__
** ''Cloud Security Guidance by the Australian CyberSecurity Center (ACSC)''+++^*[»]
|2020.07.27|ACSC (AU)|[[Anatomy of a Cloud Assessment and Authorisation|https://www.cyber.gov.au/node/2735]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Computing Security Considerations|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-computing-security-considerations]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Computing Security for Cloud Service Providers|https://www.cyber.gov.au/node/1315]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Security Assessment Report Template|https://www.cyber.gov.au/node/2736]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Computing Security for Tenants|https://www.cyber.gov.au/node/1316]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Security Controls Matrix|https://www.cyber.gov.au/node/2737]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Assessment and Authorisation - Frequently Asked Questions|https://www.cyber.gov.au/node/2734]]|Guidance Australia|
|2020.07.27|IT Wire| → [[Australian Cyber Security Centre, DTA unveil new rules for secure cloud services|https://www.itwire.com/government-tech-policy/australian-cyber-security-centre,-dta-unveil-new-rules-for-secure-cloud-services.html]]|Governmental_Cloud Australia|
|2020.07.27|CRN (AU)| → [[Feds update guidance for cloud providers|http://www.crn.com.au/news/feds-update-guidance-for-cloud-providers-550886]]|Governmental_Cloud US|
|2020.07.27|ZDNet| → [[Commonwealth entities left to self-assess security in cloud procurement|https://www.zdnet.com/article/commonwealth-entities-left-to-self-assess-security-in-cloud-procurement/]]|Commonwealth Procurement|
|2020.07.28|//Cloud Management Insider//| → [[Australia Releases 'Cloud Security Guidance' To Bolster Cybersecurity|https://www.cloudmanagementinsider.com/australia-releases-cloud-security-guidance-to-bolster-cybersecurity/]]|Governmental_Cloud Australia|
===
** Is Cloud Encryption Worthless?+++^*[»]
|2020.08.02|Chris Farris|![[Cloud Encryption is worthless! Click here to see why...|https://www.chrisfarris.com/post/cloud-encryption/]] |Encryption|
===
** AWS Control Tower by Example^*[»]
|2020.07.30|//CodeBurst//|![[AWS Control Tower By Example: Part 1|https://codeburst.io/aws-control-tower-by-example-part-1-d1b94df4c58c]] (1/4) |AWS Build|
|2020.07.31|//CodeBurst//|![[AWS Control Tower By Example: Part 2|https://codeburst.io/aws-control-tower-by-example-part-2-2b79e52e8bd9]] (2/4) |AWS Build|
|2020.08.02|//CodeBurst//|![[AWS Control Tower By Example: Part 3|https://codeburst.io/aws-control-tower-by-example-part-3-c06e448a4b3b]] (3/4) |AWS Build|
|2020.08.04|//CodeBurst//|![[AWS Control Tower By Example: Part 4|https://codeburst.io/aws-control-tower-by-example-part-4-babe453533ec]] (4/4) |AWS Build|
===
* __Attacks__
** "Doki" Malware Infecting Docker Servers+++^*[»]
|2020.07.28|//Intezer//|![[Watch Your Containers: Doki Infecting Docker Servers in the Cloud|https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/]] |Docker Attack Doki|
|2020.07.29|Bleeping Computer| → [[Sneaky Doki Linux malware infiltrates Docker cloud instances|https://www.bleepingcomputer.com/news/security/sneaky-doki-linux-malware-infiltrates-docker-cloud-instances/]] |Docker Attack Doki|
|2020.07.30|//NeuVector//| → [[How to Protect Container Infrastructures Against the Malware "Doki"|https://neuvector.com/docker-security/protect-against-doki-malware/]] |Docker Attack Doki|
===
** Kubernetes Vulnerability (CVE-2020-8558)+++^*[»]
|2020.07.27|//Palo Alto Networks//|![[CVE-2020-8558: Kubernetes Vulnerability, Analysis and Mitigation|https://unit42.paloaltonetworks.com/cve-2020-8558/]] |K8s CVE-2020-8558|
|2020.07.29|Container Journal| → [[Palo Alto Networks Digs Into Kubernetes Security Flaw|https://containerjournal.com/topics/container-security/pan-digs-deep-into-kubernetes-security-flaw/]]|K8s CVE-2020-8558|
===
** O365 Phishing Cases: Abusing Google Ads and Fake Sharepoint Alerts+++^*[»]
|2020.07.30|Bleeping Computer|[[Office 365 phishing abuses Google Ads to bypass email filters|https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-google-ads-to-bypass-email-filters/]] |Phishing O365|
|2020.07.27|Bleeping Computer|[[Office 365 phishing baits employees with fake SharePoint alerts|https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-employees-with-fake-sharepoint-alerts/]] |Phishing O365|
===
* __Reports and Surveys__
** '2020 State of Public Cloud Security Risks' report (//Orca Security//), Best Practices For Container Security (//Forrester Research//) and threats against S3 Buckets (//Truffle Security//), Threat Report Q2 2020 (//ESET//)+++^*[»]
|2020.07.28|//Orca Security//|![[Orca Security 2020 State of Public Cloud Security Risks Report|https://orca.security/public-cloud-security-risks-research/]] |Report|
|2020.07.28|//Orca Security//| → [[2020 State of Public Cloud Security Report|https://info.orca.security/2020-state-of-public-cloud-security-report]] '[[pdf|https://orca.security/wp-content/uploads/Orca-Security-2020-State-of-Public-Cloud-Security-Report.pdf]])|Report|
|2020.07.28|Dark Reading| → [[Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness|https://www.darkreading.com/cloud/out-of-date-and-unsupported-cloud-workloads-continue-as-a-common-weakness/d/d-id/1338465]] |Report|
|>|!|>||
|2020.07.28|Container Journal|![[Forrester Highlights Rising Container Security Issues|https://containerjournal.com/topics/container-security/forrester-highlights-rising-container-security-issues/]] |Containers Forrester|
|2020.07.24|Forrester Research| → [[Container Adoption Is On The Rise: How Can Security Keep Up?|https://go.forrester.com/blogs/container-adoption-is-on-the-rise-how-can-security-keep-up/]]|Containers Forrester|
|2020.07.24|Forrester Research| → [[Best Practices For Container Security|https://www.forrester.com/report/Best+Practices+For+Container+Security/-/E-RES159820]]|Containers Forrester|
|>|!|>||
|2020.08.02|Truffle Security|![[An API Worm In The Making: Thousands Of Secrets Found In Open S3 Buckets|https://trufflesecurity.com/blog/an-s3-bucket-worm-in-the-making-thousands-of-secrets-found-in-open-s3-buckets]] |AWS_S3 Worm Report|
|>|!|>||
|2020.07.29|//ESET//|[[ESET Threat Report Q2 2020|https://www.welivesecurity.com/2020/07/29/eset-threat-report-q22020/]] ([[pdf|https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf]])|Report|
===
* __Acquisitions__
** OpenIO by OVHcloud+++^*[»]
|2020.07.27|le Mag IT[>img[iCSF/flag_fr.png]]|[[Stockage : OVHcloud rachète OpenIO pour mieux rivaliser avec S3 d'AWS|https://www.lemagit.fr/actualites/252486700/Stockage-OVHcloud-rachete-OpenIO-pour-mieux-rivaliser-avec-S3-dAWS]]|Acquisition|
===
* __Additional relevant 'Cloud and Security' Weekly Watch__
** TL;DR Security #45 and ''The Cloud Security Reading List'' #48+++^*[»]
|2020.08.02|Marco Lancini|[[The Cloud Security Reading List #48|https://cloudseclist.com/issues/issue-48/]] |Weekly_Newsletter|
|2020.07.29|TL;DR Security|[[#45 - Bucket Brigade, ReDoS Cheat-sheet, Understanding OAuth|https://tldrsec.com/blog/tldr-sec-045/]] |Weekly_Newsletter|
===
* __Miscellaneous__
** A few articles in French+++^*[»]
|2020.07.31|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cyberattaques : de Cloud Hopper à WannaCry, l'UE sanctionne pour l'exemple|https://www.silicon.fr/cyberattaques-cloud-hopper-wannacry-ue-344331.html]] |Europe Attacks Sanctions|
|2020.07.31|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Comment bâtir une stratégie de sauvegarde des données à l'épreuve du futur ?|https://www.silicon.fr/avis-expert/comment-batir-une-strategie-de-sauvegarde-des-donnees-a-lepreuve-du-futur]] |Resilience Storage|
|2020.07.31|Le MagIT[>img[iCSF/flag_fr.png]]|![[Souveraineté numérique et "Guerre Froide" technologique : l'avenir du cloud s'annonce orageux|https://www.lemagit.fr/actualites/252487001/Souverainete-numerique-et-Guerre-Froide-technologique-lavenir-du-cloud-sannonce-orageux]] |Sovereignty|
===
** Cloud Best Practices for: AWS, AWS Lambda, Protecting Against Kubernetes Threats+++^*[»]
|2020.07.30|//Rapid7//|![[Cloud Best Practices Every Security Professional Should Know|https://blog.rapid7.com/2020/07/30/cloud-best-practices-every-security-professional-should-know/]] |Best_Pratices|
|2020.07.30|//Radware//|[[Protecting AWS Assets: A Case Study|https://blog.radware.com/security/cloudsecurity/2020/07/protecting-aws-assets-a-case-study/]]|AWS Assets|
|2020.07.27|DevOps.com|![[How to Achieve AWS Security in 10 Steps|https://devops.com/how-to-achieve-aws-security-in-10-steps/]] |AWS|
|2020.07.27|//Check Point//|![[AWS Lambda Security Best Practices|https://blog.checkpoint.com/2020/07/27/aws-lambda-security-best-practices/]] |AWS_Lambda|
|2020.07.27|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 5 - Defense Evasion|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-5-defense-evasion/]] (5/9) |Kubernetes Treats|
|2020.07.28|SANS|[[Locking Down and Monitoring Cloud Infrastructure|https://www.sans.org/blueprint-podcast/locking-down-and-monitoring-cloud-infrastructure-with-kyle-dickinson]] ([[podcast mp3|https://www.buzzsprout.com/1142720/4691612-locking-down-and-monitoring-cloud-infrastructure.mp3]])|Podcast|
===
** Containers : a serie of 3 articles+++^*[»]
|2020.07.30|Jan Harrie|![[Container Breakouts - Part 3: Docker Socket|https://blog.nody.cc/posts/container-breakouts-part3/]] (3/3) |Containers|
|2020.07.21|Jan Harrie|![[Container Breakouts - Part 2: Privileged Container|https://blog.nody.cc/posts/container-breakouts-part2]] (2/3) |Containers|
|2020.07.15|Jan Harrie|![[Container Breakouts - Part 1: Access to root directory of the Host|https://blog.nody.cc/posts/container-breakouts-part1/]] (1/3) |Containers|
===
** Doing Cloud in China+++^*[»]
|2020.07.27|SANS|![[Doing Cloud in China|https://www.sans.org/blog/doing-cloud-in-china]] |China|
===
** Sandboxing, isolation and workloads (MalwareBytes, Fly.io, AWS)+++^*[»]
|2020.07.29|//Malware Bytes//|[[Cloud workload security: Should you worry about it?|https://blog.malwarebytes.com/business-2/2020/07/cloud-workload-security-should-it-be-something-to-worry-about/]] |Workloads|
|2020.07.29|//Fly.io//|[[Sandboxing and Workload Isolation|https://fly.io/blog/sandboxing-and-workload-isolation/]]|Sandboxing Workloads|
|2020.07.29|//AWS//|[[Logical separation: Moving beyond physical isolation in the cloud computing era|https://aws.amazon.com/blogs/security/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era/]]|AWS Physical_Isolation|
===
** Conference: "AWS re:Invent" will take place online+++^*[»]
|2020.07.29|GeekWire|![[Amazon moves annual AWS re:Invent conference online as part of a free 3-week event|https://www.geekwire.com/2020/amazon-moves-annual-aws-reinvent-conference-online/]] |AWS Conference|
===
** Legal: Data Protection, Privacy Shield (update)+++^*[»]
|2020.07.30|//Bricker & Eckler Attorneys//|[[Your data is under attack: Are you ready?|https://www.bricker.com/insights-resources/publications/your-data-is-under-attack-are-you-ready]]|Blackbaud Attack|
|2020.07.27|//AWS//|[[Customer update: AWS and the EU-US Privacy Shield|https://aws.amazon.com/blogs/security/customer-update-aws-and-the-eu-us-privacy-shield/]]|Privacy_Shield|
===
* __Tools__
** For Kubernetes (Rakkes, Kubebo)+++^*[»]
|2020.07.29|SecTechno|[[Rakkess - Show Access Matrix for Kubernetes|https://sectechno.com/rakkess-show-access-matrix-for-kubernetes/]]|Tools|
|2020.07.30|Hakin9|[[Kubebox - Terminal And Web Console For Kubernetes|https://hakin9.org/kubebox-terminal-and-web-console-for-kubernetes/]]|Tools|
|2020.07.29|KitPloit|[[Kubebox - Terminal And Web Console For Kubernetes|https://www.kitploit.com/2020/07/kubebox-terminal-and-web-console-for.html]]|Tools Kubernetes|
===
** For AWS (''AWS Exposable Resources'', Cloudsplaining)+++^*[»]
|2020.07.31|Scott Piper|![[AWS Exposable Resources|https://github.com/SummitRoute/aws_exposable_resources]] |Tools AWS Resources Leaks|
|2020.08.01|KitPloit|[[Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report|https://www.kitploit.com/2020/08/cloudsplaining-aws-iam-security.html]]|Tools AWS|
===
* __Cloud Security Market__
** AWS, BlackBlaze, and GCP+++^*[»]
|2020.07.30|//AWS//|![[Over 150 AWS services now have a security chapter|https://aws.amazon.com/blogs/security/over-150-aws-services-now-have-security-chapter/]] |AWS|
|2020.07.31|//AWS//|[[New - Using Amazon GuardDuty to Protect Your S3 Buckets|https://aws.amazon.com/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/]]|Products AWS GuardDuty S3|
|>|!|>||
|2020.07.30|//BlackBlaze//|![[Protecting Your Business: Cloud Backup Vs. Cloud Sync|https://www.backblaze.com/blog/business-cloud-backup-vs-cloud-sync/]] |Storage Backup Sync|
|>|!|>||
|2020.07.30|//GCP//|[[Preventing lateral movement in Google Compute Engine|https://cloud.google.com/blog/products/identity-security/preventing-lateral-movement-in-google-compute-engine]]|GCP Lateral_Movement|
===
!!3 - Agenda
* __August 2020__
** ''19 / 20'' → "''[[CSA CloudCon 2020|2020.07.06 - Actu : Agenda du 'CSA CloudCon 2020']]''" • Grand Rapids, Michigan
** ''31'' → End of the call for papers for the ''CSA EMEA 2020 Congress''
** ''31'' → ''CCSK / CCSK Plus trainings'' in frnech
* __September 2020__
** ''8 / 25'' → CSA : ''[['SECtember Experience' Webinars|2020.08.01 - Actu : Programme prévisionnel des webinaires 'SECtember Experience']]''
** ''23 / 24'' → BIRP : ''[[Forum Sécurité@Cloud|https://cloudsecurityalliance.fr/go/k9ns/]]'' • Paris, Porte de Versailles
!!4 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K82/|https://CloudSecurityAlliance.fr/go/K82/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 2 août 2020
|!Août|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.08.02|
|2020.08.02|Marco Lancini|[[The Cloud Security Reading List #48|https://cloudseclist.com/issues/issue-48/]] |Weekly_Newsletter|
|2020.08.02|Truffle Security|![[An API Worm In The Making: Thousands Of Secrets Found In Open S3 Buckets|https://trufflesecurity.com/blog/an-s3-bucket-worm-in-the-making-thousands-of-secrets-found-in-open-s3-buckets]] |AWS_S3 Worm Report|
|2020.08.03|The Register| → [[Leaky AWS S3 buckets are so common, they're being found by the thousands now - with lots of buried secrets|https://www.theregister.com/2020/08/03/leaky_s3_buckets/]]|AWS_S3 Worm Report|
|2020.08.02|Chris Farris|![[Cloud Encryption is worthless! Click here to see why...|https://www.chrisfarris.com/post/cloud-encryption/]] |Encryption|
|2020.08.02|//CodeBurst//|![[AWS Control Tower By Example: Part 3|https://codeburst.io/aws-control-tower-by-example-part-3-c06e448a4b3b]] (3/4) |AWS Build|
|>|>|>|!2020.08.01|
|2020.08.01|KitPloit|[[Cloudsplaining - An AWS IAM Security Assessment Tool That Identifies Violations Of Least Privilege And Generates A Risk-Prioritized Report|https://www.kitploit.com/2020/08/cloudsplaining-aws-iam-security.html]]|Tools AWS|
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.07.31|
|2020.07.31|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cyberattaques : de Cloud Hopper à WannaCry, l'UE sanctionne pour l'exemple|https://www.silicon.fr/cyberattaques-cloud-hopper-wannacry-ue-344331.html]] |Europe Attacks Sanctions|
|2020.07.31|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Comment bâtir une stratégie de sauvegarde des données à l'épreuve du futur ?|https://www.silicon.fr/avis-expert/comment-batir-une-strategie-de-sauvegarde-des-donnees-a-lepreuve-du-futur]] |Resilience Storage|
|2020.07.31|Le MagIT[>img[iCSF/flag_fr.png]]|![[Souveraineté numérique et "Guerre Froide" technologique : l'avenir du cloud s'annonce orageux|https://www.lemagit.fr/actualites/252487001/Souverainete-numerique-et-Guerre-Froide-technologique-lavenir-du-cloud-sannonce-orageux]] |Sovereignty|
|2020.07.31|Help Net Security|[[Citrix Web App and API Protection: Security for apps and APIs in the multi-cloud|https://www.helpnetsecurity.com/2020/07/31/citrix-web-app-and-api-protection-security-for-apps-and-apis-in-the-multi-cloud/]] |APIs|
|2020.07.31|Scott Piper|![[AWS Exposable Resources|https://github.com/SummitRoute/aws_exposable_resources]] |Tools AWS Resources Leaks|
|2020.07.31|InfoSecurity Insttute|![[Configuring DNS in AWS|https://resources.infosecinstitute.com/category/certifications-training/aws-essentials/configuring-dns-in-aws/]] |AWS DNS|
|2020.07.31|//AWS//|[[New - Using Amazon GuardDuty to Protect Your S3 Buckets|https://aws.amazon.com/blogs/aws/new-using-amazon-guardduty-to-protect-your-s3-buckets/]]|Products AWS GuardDuty S3|
|2020.07.31|//NeuVector//|[[How to Enforce Egress Container Security Policies in Kubernetes, OpenShift, and Istio|https://neuvector.com/container-security/enforce-egress-control-containers/]]|Container Network|
|2020.07.31|//CyberSecurity Insiders//|[[Cost-Effective Cloud Security for the Modern Enterprise: Part 2|https://www.cybersecurity-insiders.com/cost-effective-cloud-security-for-the-modern-enterprise-part-2/]] ||
|2020.07.31|GCN|[[DOD plans next JEDI announcement by end of August|https://gcn.com/articles/2020/07/31/jedi-reannouncement-coming.aspx]]|JEDI US|
|2020.07.31|//CodeBurst//|![[AWS Control Tower By Example: Part 2|https://codeburst.io/aws-control-tower-by-example-part-2-2b79e52e8bd9]] (2/4) |AWS Build|
|>|>|>|!2020.07.30|
|2020.07.30|Economie Matin[>img[iCSF/flag_fr.png]]|[[Vaincre le chaos de la collaboration dans le Cloud en sécurisant les données à risque|http://www.economiematin.fr/news-informatique-donnees-protection-cloud-girard]]|Market|
|2020.07.30|Jan Harrie|![[Container Breakouts - Part 3: Docker Socket|https://blog.nody.cc/posts/container-breakouts-part3/]] (3/3) |Containers|
|2020.07.30|Hakin9|[[Kubebox - Terminal And Web Console For Kubernetes|https://hakin9.org/kubebox-terminal-and-web-console-for-kubernetes/]]|Tools|
|2020.07.30|InfoSecurity Insttute|![[AWS Storage Services|https://resources.infosecinstitute.com/category/certifications-training/aws-essentials/aws-storage-services/]] |AWS|
|2020.07.30|//Radware//|[[Protecting AWS Assets: A Case Study|https://blog.radware.com/security/cloudsecurity/2020/07/protecting-aws-assets-a-case-study/]]|AWS Assets|
|2020.07.30|//Bricker & Eckler Attorneys//|[[Your data is under attack: Are you ready?|https://www.bricker.com/insights-resources/publications/your-data-is-under-attack-are-you-ready]]|Blackbaud Attack|
|2020.07.30|//BlackBlaze//|![[Protecting Your Business: Cloud Backup Vs. Cloud Sync|https://www.backblaze.com/blog/business-cloud-backup-vs-cloud-sync/]] |Storage Backup Sync|
|2020.07.30|//GCP//|[[Preventing lateral movement in Google Compute Engine|https://cloud.google.com/blog/products/identity-security/preventing-lateral-movement-in-google-compute-engine]]|GCP Lateral_Movement|
|2020.07.30|//AWS//|![[Over 150 AWS services now have a security chapter|https://aws.amazon.com/blogs/security/over-150-aws-services-now-have-security-chapter/]] |AWS|
|2020.07.30|//Rapid7//|![[Cloud Best Practices Every Security Professional Should Know|https://blog.rapid7.com/2020/07/30/cloud-best-practices-every-security-professional-should-know/]] |Best_Pratices|
|2020.07.30|//FireEye//|[[Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant|https://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html]]|O365 Attacks|
|2020.07.28|//Intezer//|![[Watch Your Containers: Doki Infecting Docker Servers in the Cloud|https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/]] |Docker Attack Doki|
|2020.07.29|Bleeping Computer| → [[Sneaky Doki Linux malware infiltrates Docker cloud instances|https://www.bleepingcomputer.com/news/security/sneaky-doki-linux-malware-infiltrates-docker-cloud-instances/]]|Docker Attack Doki|
|2020.07.30|//NeuVector//| → [[How to Protect Container Infrastructures Against the Malware "Doki"|https://neuvector.com/docker-security/protect-against-doki-malware/]]|Docker Attack Doki|
|2020.08.04|//Lacework//| → [[Doki Dukes with Kinsing|https://www.lacework.com/doki-dukes-kinsing/]]|Docker Attack Doki|
|2020.07.30|Bleeping Computer|[[Office 365 phishing abuses Google Ads to bypass email filters|https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-google-ads-to-bypass-email-filters/]] |Phishing O365|
|2020.07.30|//CodeBurst//|![[AWS Control Tower By Example|https://codeburst.io/aws-control-tower-by-example-part-1-d1b94df4c58c]] |AWS Build|
|2020.07.30|//Microsoft Azure//|[[Azure Monitor Community Repository is now available|https://azure.microsoft.com/en-us/updates/azure-monitor-community-repository-is-now-available-2/]]|Azure_Monitor|
|2020.07.30|//Microsoft Azure//| → [[Azure Monitor Community|https://github.com/microsoft/AzureMonitorCommunity]]|Azure_Monitor|
|>|>|>|!2020.07.29|
|2020.07.29|TL;DR Security|[[#45 - Bucket Brigade, ReDoS Cheat-sheet, Understanding OAuth|https://tldrsec.com/blog/tldr-sec-045/]] |Weekly_Newsletter|
|2020.07.29|MSSP Alert|[[FireEye Managed Security Services, Cloud Revenue Gain Momentum|https://www.msspalert.com/cybersecurity-companies/fireeye-managed-securiity-services-momentum/]] ||
|2020.07.29|SecTechno|[[Rakkess - Show Access Matrix for Kubernetes|https://sectechno.com/rakkess-show-access-matrix-for-kubernetes/]]|Tools|
|2020.07.29|DZone|[[Docker Centralized Logging With ELK Stack|https://dzone.com/articles/docker-centralized-logging-with-elk-stack]]|Docker Logging|
|2020.07.29|BetaNews|[[The role of SASE in securing the modern workforce [Q&A]|https://betanews.com/2020/07/29/sase-modern-workforce-qa/]]|SASE|
|2020.07.29|KitPloit|[[Kubebox - Terminal And Web Console For Kubernetes|https://www.kitploit.com/2020/07/kubebox-terminal-and-web-console-for.html]]|Tools Kubernetes|
|2020.07.29|//Malware Bytes//|[[Cloud workload security: Should you worry about it?|https://blog.malwarebytes.com/business-2/2020/07/cloud-workload-security-should-it-be-something-to-worry-about/]] |Workloads|
|2020.07.29|//Cloudflare//|[[Mitigating Spectre and Other Security Threats: The Cloudflare Workers Security Model|https://blog.cloudflare.com/mitigating-spectre-and-other-security-threats-the-cloudflare-workers-security-model/]]|Workers Spectre|
|2020.07.29|//AWS//|![[AWS Security Hub launches new automated security controls|https://aws.amazon.com/about-aws/whats-new/2020/07/aws-security-hub-launches-new-automated-security-controls/]] |AWS Security_Hub|
|2020.07.29|//AWS//|[[Logical separation: Moving beyond physical isolation in the cloud computing era|https://aws.amazon.com/blogs/security/logical-separation-moving-beyond-physical-isolation-in-the-cloud-computing-era/]]|AWS Physical_Isolation|
|2020.07.29|//AWS//|[[Amazon Fraud Detector is now Generally Available|https://aws.amazon.com/blogs/aws/amazon-fraud-detector-is-now-generally-available/]]|AWS Fraud_Detector|
|2020.07.29|//Tripwire//|[[How Cloud Mitigation Techniques Can Help Prevent Ransomware and Phishing Attacks|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-mitigation-techniques-help-prevent-ransomware-phishing-attacks/]]|Best_Practices|
|2020.07.29|//ESET//|[[ESET Threat Report Q2 2020|https://www.welivesecurity.com/2020/07/29/eset-threat-report-q22020/]] ([[pdf|https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf]])|Report|
|2020.07.29|GeekWire|![[Amazon moves annual AWS re:Invent conference online as part of a free 3-week event|https://www.geekwire.com/2020/amazon-moves-annual-aws-reinvent-conference-online/]] |AWS Conference|
|2020.07.29|//SiliconAngle//|[[CyberArk launches open-source Shadow Admin identification tool for Azure and AWS|https://siliconangle.com/2020/07/29/cyberark-launches-open-source-shadow-admin-identification-tool-azure-aws/]]|Products AWS Azure|
|2020.07.29|//Fly.io//|[[Sandboxing and Workload Isolation|https://fly.io/blog/sandboxing-and-workload-isolation/]]|Sandboxing Workloads|
|2020.07.29|//AvePoint//|[[Securing Collaboration: 5 Risk Management Challenges in Office 365|https://www.avepoint.com/blog/protect/office-365-risk-management/]]|O365 Risk_Management|
|2020.07.29|//SecureFlag//|[[7 Kubernetes security challenges, and how to steer the container ship|https://blog.secureflag.com/2020/07/29/kubernetes-security-challenges-and-how-to-steer-the-container-ship.html]]|
|>|>|>|!2020.07.28|
|2020.07.28|SANS|[[Locking Down and Monitoring Cloud Infrastructure|https://www.sans.org/blueprint-podcast/locking-down-and-monitoring-cloud-infrastructure-with-kyle-dickinson]] ([[podcast mp3|https://www.buzzsprout.com/1142720/4691612-locking-down-and-monitoring-cloud-infrastructure.mp3]])|Podcast|
|2020.07.28|Container Journal|![[Forrester Highlights Rising Container Security Issues|https://containerjournal.com/topics/container-security/forrester-highlights-rising-container-security-issues/]] |Containers Forrester|
|2020.07.24|Forrester Research| → [[Container Adoption Is On The Rise: How Can Security Keep Up?|https://go.forrester.com/blogs/container-adoption-is-on-the-rise-how-can-security-keep-up/]]|Containers Forrester|
|2020.07.24|Forrester Research| → [[Best Practices For Container Security|https://www.forrester.com/report/Best+Practices+For+Container+Security/-/E-RES159820]]|Containers Forrester|
|2020.07.28|JD Supra Law|[[Blackbaud Data Breach: Do You Need to Notify Affected Individuals or EU Data Protection Authorities?|https://www.jdsupra.com/legalnews/blackbaud-data-breach-do-you-need-to-37544/]]|Data_Breach Notification|
|2020.07.28|Dark Reading|[[As Businesses Move to the Cloud, Cybercriminals Follow Close Behind|https://www.darkreading.com/cloud/as-businesses-move-to-the-cloud-cybercriminals-follow-close-behind/a/d-id/1338450]]|Threat_Landscape|
|2020.07.28|Kubernetes|[[Services, Load Balancing, and Networking / Ingress|https://kubernetes.io/docs/concepts/services-networking/ingress/]]|K8s Ingress|
|2020.07.28|DZone|[[Calculating Application Availability in the Cloud|https://dzone.com/articles/calculating-application-availability-in-the-cloud]]|Availability|
|2020.07.28|Thomas Stringer|[[Azure CLI Tips and Tricks|https://trstringer.com/azure-cli-tips-and-tricks/]]|Azure CLI|
|2020.07.28|//Orca Security//|![[Orca Security 2020 State of Public Cloud Security Risks Report|https://orca.security/public-cloud-security-risks-research/]] |Report|
|2020.07.28|//Orca Security//| → [[2020 State of Public Cloud Security Report|https://info.orca.security/2020-state-of-public-cloud-security-report]] '[[pdf|https://orca.security/wp-content/uploads/Orca-Security-2020-State-of-Public-Cloud-Security-Report.pdf]])|Report|
|2020.07.28|Dark Reading| → [[Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness|https://www.darkreading.com/cloud/out-of-date-and-unsupported-cloud-workloads-continue-as-a-common-weakness/d/d-id/1338465]] |Report|
|2020.07.28|//Expel//|![[Behind the scenes in the Expel SOC: Alert-to-fix in AWS|https://expel.io/blog/behind-the-scenes-expel-soc-alert-aws/]] |AWS Real_Case Incident_Handling|
|2020.07.28|//GCP//|[[New Private Service Connect simplifies secure access to services|https://cloud.google.com/blog/products/networking/introducing-private-service-connect]]|GCP|
|2020.07.28|//GCP//|[[Authorization enforcement for Cloud Run|https://medium.com/google-cloud/authorization-enforcement-for-cloud-run-1864f4f0a2d1]]|GCP Authorization|
|2020.07.28|//Hashicorp//|[[Introducing Custom Workspace Permissions|https://www.hashicorp.com/blog/introducing-custom-workspace-permissions/]]|Terraform|
|2020.07.28|//Palo Alto Networks//|[[CN-Series Firewalls: Comprehensive Network Security for Kubernetes|https://blog.paloaltonetworks.com/2020/07/network-cn-series-firewalls/]]|K8s Firewall|
|2020.07.28|//BetaNews//|[[New solution delivers zero trust for multi-cloud and hybrid access|https://betanews.com/2020/07/28/zero-trust-multi-cloud-hybrid/]]|Products Zero_Trust|
|>|>|>|!2020.07.27|
|2020.07.27|le Mag IT[>img[iCSF/flag_fr.png]]|[[Stockage : OVHcloud rachète OpenIO pour mieux rivaliser avec S3 d'AWS|https://www.lemagit.fr/actualites/252486700/Stockage-OVHcloud-rachete-OpenIO-pour-mieux-rivaliser-avec-S3-dAWS]]|Acquisition|
|2020.07.27|SANS|![[Doing Cloud in China|https://www.sans.org/blog/doing-cloud-in-china]] |China|
|2020.07.27|ACSC (AU)|[[Anatomy of a Cloud Assessment and Authorisation|https://www.cyber.gov.au/node/2735]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Computing Security Considerations|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-computing-security-considerations]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Computing Security for Cloud Service Providers|https://www.cyber.gov.au/node/1315]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Security Assessment Report Template|https://www.cyber.gov.au/node/2736]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Computing Security for Tenants|https://www.cyber.gov.au/node/1316]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Security Controls Matrix|https://www.cyber.gov.au/node/2737]]|Guidance Australia|
|2020.07.27|ACSC (AU)|[[Cloud Assessment and Authorisation - Frequently Asked Questions|https://www.cyber.gov.au/node/2734]]|Guidance Australia|
|2020.07.27|IT Wire| → [[Australian Cyber Security Centre, DTA unveil new rules for secure cloud services|https://www.itwire.com/government-tech-policy/australian-cyber-security-centre,-dta-unveil-new-rules-for-secure-cloud-services.html]]|Governmental_Cloud Australia|
|2020.07.27|CRN (AU)| → [[Feds update guidance for cloud providers|http://www.crn.com.au/news/feds-update-guidance-for-cloud-providers-550886]]|Governmental_Cloud US|
|2020.07.27|ZDNet| → [[Commonwealth entities left to self-assess security in cloud procurement|https://www.zdnet.com/article/commonwealth-entities-left-to-self-assess-security-in-cloud-procurement/]]|Commonwealth Procurement|
|2020.07.28|//Cloud Management Insider//| → [[Australia Releases 'Cloud Security Guidance' To Bolster Cybersecurity|https://www.cloudmanagementinsider.com/australia-releases-cloud-security-guidance-to-bolster-cybersecurity/]]|Governmental_Cloud Australia|
|2020.07.27|Bleeping Computer|[[Office 365 phishing baits employees with fake SharePoint alerts|https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-employees-with-fake-sharepoint-alerts/]] |Phishing O365|
|2020.07.27|Bleeping Computer|[[Office 365 adds new features to help identify malicious spam|https://www.bleepingcomputer.com/news/security/office-365-adds-new-features-to-help-identify-malicious-spam/]] |Products O365 Spam|
|2020.07.27|Bleeping Computer|![[Source code from dozens of companies leaked online|https://www.bleepingcomputer.com/news/security/source-code-from-dozens-of-companies-leaked-online/]] |Leak|
|2020.07.28|Security Week| → [[Source Code From Major Firms Leaked via Unprotected DevOps Infrastructure|https://www.securityweek.com/source-code-major-firms-leaked-unprotected-devops-infrastructure]] |Leak|
|2020.07.27|DevOps.com|![[How to Achieve AWS Security in 10 Steps|https://devops.com/how-to-achieve-aws-security-in-10-steps/]] |AWS|
|2020.07.27|CyberSecurity Insiders|[[Some Cloud Storage Security Tips|https://www.cybersecurity-insiders.com/some-cloud-storage-security-tips/]]|Storage Tips|
|2020.07.27|DZone|[[The Anatomy of a Container: The Kernel|https://dzone.com/articles/what-is-a-container-a-kernel-introduction]]|Container|
|2020.07.27|Ryan Canty|[[Stop Downloading Google Cloud Service Account Keys!|https://medium.com/@jryancanty/stop-downloading-google-cloud-service-account-keys-1811d44a97d9]]|GCP Keys|
|2020.07.27|//Heimdal Security//|[[Cloud Computing Threats: Beyond Vulnerabilities|https://heimdalsecurity.com/blog/cloud-computing-threats/]]|Threats Flaws|
|2020.07.27|//AWS//|[[Customer update: AWS and the EU-US Privacy Shield|https://aws.amazon.com/blogs/security/customer-update-aws-and-the-eu-us-privacy-shield/]]|Privacy_Shield|
|2020.07.27|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 5 - Defense Evasion|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-5-defense-evasion/]] (5/9) |Kubernetes Treats|
|2020.07.27|//Digital Guardian//|[[What is AWS Security?|https://digitalguardian.com/blog/what-aws-security]]|AWS|
|2020.07.27|//GitHub//|[[GitHub public roadmap|https://github.com/github/roadmap/projects/1?card_filter_query=label%3A%22security+%26+compliance%22]] (mise à jour)|GitHub Roadmap|
|2020.07.27|//MSSP Alert//|[[Sophos Furthers Cloud Security Posture Management (CSPM)|https://www.msspalert.com/cybersecurity-services-and-products/cloud/sophos-cspm-tools/]] |CSPM|
|2020.07.27|//Check Point//|![[AWS Lambda Security Best Practices|https://blog.checkpoint.com/2020/07/27/aws-lambda-security-best-practices/]] |AWS_Lambda|
|2020.07.27|//CyberSecurity Insiders//|[[Some Cloud Storage Security Tips|https://www.cybersecurity-insiders.com/some-cloud-storage-security-tips/]] |Storage|
|2020.07.27|//Palo Alto Networks//|![[CVE-2020-8558: Kubernetes Vulnerability, Analysis and Mitigation|https://unit42.paloaltonetworks.com/cve-2020-8558/]] |K8s CVE-2020-8558|
|2020.07.29|Container Journal| → [[Palo Alto Networks Digs Into Kubernetes Security Flaw|https://containerjournal.com/topics/container-security/pan-digs-deep-into-kubernetes-security-flaw/]]|K8s CVE-2020-8558|
|2020.07.27|//Help Net Security//|[[McAfee MVISION Cloud now maps threats to MITRE ATT&CK|https://www.helpnetsecurity.com/2020/07/27/mcafee-mvision-cloud-mitre-attck/]]|Products CASB MITRE_ATT&CK|
|2020.07.27|//Container Journal//|[[Prevasio Previews Container Security Service|https://containerjournal.com/topics/container-security/prevasio-previews-container-security-service/]]|Products Container|
|2020.07.27|//BetaNews//|[[Forcepoint SASE solution helps protect enterprise clouds|https://betanews.com/2020/07/27/forcepoint-sase-solution-helps-protect-enterprise-clouds/]]|Products SASE|
|2020.07.27|//Prevasio//|[[Best Practices for Docker Containers' Security|https://blog.prevasio.com/2020/07/best-practices-for-docker-containers.html]]|Docker Best_Practices|
<<tiddler [[arOund0C]]>>
[>img(500px,auto)[iCSF/K82SA.png]]Sous l'impulsion du Chapitre israélien de la CSA, le travail commun de plusieurs Chapitres européens de la CSA, et des communautés GÉANT et EuropeClouds, un grand sondage est lancé afin d'analyser l'adoption du Cloud dans différentes zones géographiques.
Le sondage a été traduit par les différents Chapitres et est déjà disponible en anglais, français, espagnol, portugais, turc, et le sera prochainement en italien et allemand.
''L'objectif est d'examiner les cas d'usage du Cloud public, les types d'utilisation, les raisons de la migration vers le Cloud public et les challenges auxquels sont confrontées les organisations qui utilisent le Cloud public.''
Afin de respecter la confidentialité des réponses des participants, ni le nom du participant ou de l'organisation ne sont demandés : les données collectées lors de ce sondage ne le sont qu'à des fins de recherche.
Pour vous préparer à répondre à ce sondage sur SurveyMonkey, voici la liste des principales questions posées :
* L'organisation dans laquelle vous travaillez est-elle dans le secteur public (étatique, gouvernementale, collectivité locale, ...) ou privé ?
* Quelle est la taille de votre organisation ?
* Votre organisation utilise-t-elle actuellement les Clouds publics ? (IaaS / PaaS / SaaS)
* Quels sont les modèles de déploiement de votre organisation dans le Cloud ?
* Quel(s) fournisseur(s) de services IaaS dans le Cloud public utilisez-vous actuellement ?
* Quelles sont les préoccupations ou les challenges actuels auxquels sont confrontés votre organisation par rapport à l'utilisation des Clouds publics ?
* Pour quelles raisons votre organisation utilise-t-elle le Cloud public ?
* Précisez votre utilisation des services IaaS/PaaS ?
* Quelle est l'utilisation actuelle du Cloud public dans votre organisation ?
* comment décririez-vous la topologie IaaS/PaaS de vore organisation ?
* Si votre organisation utilise le multicloud (plusieurs IaaS/PaaS), quelles ont été les raisons de choisir le multicloud ?
* Votre organisation fait-elle actuellement appel à des fournisseurs IaaS/PaaS publics qui sont situés dans votre région/pays ?
* Si votre organisation préfère utiliser un centre d'hébergement dans votre région/pays, pour quelles raisons avez-vous choisi un ou plusieurs fournisseurs de services Cloud IaaS/PaaS public situés dans votre région/pays ?
* Au cas où votre organisation n'utiliserait PAS le Cloud public, quelles en sont les raisons ?
* Préciser quelle réglementation locale empêche l'utilisation intégrale des Clouds publics ?
* Quelle est la politique de votre organisation concernant l'utilisation du cloud privé (Azure Stack, OpenShift, VMWare vCloud Director, Nutanix, ...)
Lien vers le sondage sur SurveyMonkey ⇒ ''[[CloudSecurityAlliance.fr/go/CSACloudAdoption2020|https://CloudSecurityAlliance.fr/go/CSACloudAdoption2020]]''
<<tiddler [[arOund0C]]>>
|!Dernière session avec réduction "COVID-19" de 20% offerte par la Cloud Security Alliance |
|!Exemple : CCSK Foundation à 1.080 €uros au lieu de 1.350 €uros |
|!Exemple : CCSK Plus à 1.560 €uros au lieu de 1.950 €uros |
[>img(400px,auto)[iCSF/K7DGB.png]]<<tiddler fFormCCSK with: '31 août 2020' 'Lundi 31 août et mardi 1er septembre 2020' 'Lundi 31 août, mardi 1er et mercredi 2 septembre 2020'>>
!Programme prévisionnel des webinaires 'SECtember Experience' qui se dérouleront sur BrightTALK
^^Cet article a été mis à jour afin de fournir des informations sur toutes les sessions.^^
'SECtember Experience' se déroulera en ligne les jours ouvrés du 8 au 25 septembre à 20h, heure française.
|!8/09
20h (CET)|!Securing the Work-From-Cloud Lifecycle|[img(250px,auto)[iCSA/K98WS.png]]|
|~|Jerry Archer, CISO, Sallie Mae|~|
|~|Lien → [[Webinaire 10415/429753|https://www.brighttalk.com/webcast/10415/429753]]|~|
|~|//In recent months, the COVID pandemic has forced employers to move to a work-from-home model much faster than expected. Many critical business employees are now virtual and may not be coming back to a secured office environment. As a security team, how do you provision capabilities for thousands of employees working in this new normal? Jerry shares over 20 additional authoritative requirements for identified security gaps, regulatory challenges, and lessons learned in securing today's work-from-home environment.//|~|
|!10/09
20h (CET)|!Talking to the Board About the New Realities of IT Security|[img(250px,auto)[iCSA/K9AWT.png]]|
|~|Jeff Costlow, Deputy CISO, Extrahop|~|
|~|Lien → [[Webinaire 10415/430034|https://www.brighttalk.com/webcast/10415/430034]]|~|
|~|//With the sudden shift of the global workforce from in-office to remote, IT teams quickly transformed their operations to accommodate the new realities of business - including large-scale adoption of work-from-home technologies, heightened activity on customer-facing networks, and greater use of online services. While these examples of agility allowed business to continue, they also greatly increased the risk of misconfigurations and cyberthreats. Now, it's looking like they could be here to say for a while. On top of that, bad actors have wasted no time trying to exploit new vulnerabilities. In the past several weeks, we've seen ransomware attacks affect several major organizations. These attacks come on the tail of a surge of attacks across the board brought on during the pandemic, as hackers scanned and took advantage of new workloads, and vulnerable VPN connections and misconfigurations left the gates to the network open.
When attacks like these make headlines, panicked board members have one question for CISOs: how can we be sure that won't happen to us? Drawing from nearly 25 years of experience in the security industry, Jeff Costlow, CISO at ExtraHop, will share his top strategies for CISOs to lead board-level conversations about risk management amidst the stark new realities of IT.//|~|
|!11/09
20h (CET)|!Software Defined Perimeter, Microsegmentation & Zero Trust|[img(250px,auto)[iCSA/K9BWS.png]]|
|~|Juanita Koilpillai, Founder and CEO, Waverly Labs|~|
|~|//Security has become of paramount importance in recent times, especially due to the advent of cloud computing and virtualization. With so many devices in the mix, users have the choice of working from anywhere they want. The rapid increase in global IP traffic has challenged network service providers to scale and improve infrastructure to meet this new demand. We explore the merits and performance of Software Defined Perimeters to withstand DDoS attacks in multiple network implementations, including hybrid cloud applications, network function virtualization and software defined networks.//|~|
|~|Lien → [[Webinaire 10415/429790|https://www.brighttalk.com/webcast/10415/429790]]|~|
|!14/09
20h (CET)|!Maturing Your Cloud Security|[img(250px,auto)[iCSA/K9EWM.png]]|
|~|Mike Rothman, President, Securosis|~|
|~|//In this session, Mike will go through the Cloud Security Maturity Model, developed in partnership between Securosis and IANS, to provide perspective on your cloud security journey. The session will describe the 12 categories across 3 domains, as well as laying out success criteria to improve maturity (and there improve cloud security posture). Anchored by a number of stories of success (and failure) in cloud security, attendees will leave with a clear view of what lies ahead for them.//|~|
|~|Lien → [[Webinaire 10415/429791|https://www.brighttalk.com/webcast/10415/429791]]|~|
|!15/09
20h (CET)|!Risk Appetite and the Alignment of Cybersecurity with Business Agility. Are You Hungry?|[img(250px,auto)[iCSA/K9FWR.png]]|
|~|Andy Kirkland, CISO, Starbucks|~|
|~|//Most organizations would like you to believe they are agile. In 2020, they get to prove it. Everything has changed. Historical trend and proforma comparisons suddenly mean nothing. Sales drivers and market dynamics are now being influenced at a hyper-local level. Meanwhile, a workforce that used to pile into conference rooms to review data together now have to find a quiet place at home and find other ways to be heard. Join me as we discuss how a business value-driven cybersecurity organization keeps up with a rapidly evolving business.Most organizations would like you to believe they are agile. In 2020, they get to prove it. Everything has changed. Historical trend and proforma comparisons suddenly mean nothing. Sales drivers and market dynamics are now being influenced at a hyper-local level. Meanwhile, a workforce that used to pile into conference rooms to review data together now have to find a quiet place at home and find other ways to be heard. Join me as we discuss how a business value driven cybersecurity organization keeps up with a rapidly evolving business.//|~|
|~|Lien → [[Webinaire 10415/430049|https://www.brighttalk.com/webcast/10415/430049]]|~|
|!16/09
20h (CET)|!XDR: Myth or Reality|[img(250px,auto)[iCSA/K9GWX.png]]|
|~|Sumedh Thakar, President and Chief Product Officer, Qualys|~|
|~|//In this session, Sumedh will discuss XDR a term that's been trending in the security industry of late. Is this just a buzz word, or is there something real behind its rapid rise in popularity? He will discuss the current interpretations of the term, the background of why this is trending and possible reasons for the interest. He will discuss the pain points an XDR solution may address and which types of companies and departments will benefit from its implementation.//|~|
|~|Lien → [[Webinaire 10415/429792|https://www.brighttalk.com/webcast/10415/429792]]|~|
|!17/09
20h (CET)|!Table ronde : "Vendor Risk Assessment: Secrets for Procuring Secure Cloud Services"|[img(250px,auto)[iCSA/K9HWV.png]]|
|~|Participants : Gary Gooden, Chief Information Security Officer, Seattle Children's • Nick Sorensen, Chief Executive Officer, Whistic • Walton Stephens, Third-Party Risk Consultant, OneTrust Vendorpedia • Steve Quane, Executive Vice President of Network Defense and Hybrid Cloud, Trend Micro Inc. • Jerry Cochran, Chief Information Security Officer, Pacific Northwest National Laboratory|~|
|~|//In this panel, our experts will share lessons learned and best practices for securing cloud services. From proactive risk assessments within the procurement process to architectural considerations to secure systems management, our diverse panel will provide a holistic perspective on the strategic programs organizations should have in place to secure their cloud experience.//|~|
|~|Lien → [[Webinaire 10415/429792|https://www.brighttalk.com/webcast/10415/430052]]|~|
|!18/09
20h (CET)|!How to Prepare for an Audit Against the CSA STAR Standard|[img(250px,auto)[iCSA/K9IWH.png]]|
|~|Walt Williams, CISO, Monotype & John DiMaria, CSA|~|
|~|//The CSA STAR allows for both an attestation under a SOC 2 audit or certification under ISO 27001. While most organizations self attest to the CSA Star, this presentation will discuss how to prepare for a successful audit under either SOC 2 or ISO 27001 to demonstrate compliance with the CSA STAR standard//|~|
|~|Lien → [[Webinaire 10415/430052|https://www.brighttalk.com/webcast/10415/429793]]|~|
|!21/09
20h (CET)|!In the Trenches of Cloud Governance Battles|[img(250px,auto)[iCSA/K9LWI.png]]|
|~|Jim de Haas|~|
|~|//When a large organization adopts cloud computing, it goes through several learning curves. Especially when during this journey, a transformation towards a DevOps way of working is implemented. It goes through multiple growth stages. After two to three years, one reaches a stage with turf wars. A true story that reads like an Asterix and Obelix comic book, I will tell a story of an organization adopting both AWS and Azure cloud. While doing so they drastically change their IT strategy. As the years go by, more managers learn about cloud computing and consider themselves to be responsible for govern.//|~|
|~|Lien → [[Webinaire 10415/429794|https://www.brighttalk.com/webcast/10415/429794]]|~|
|!22/09
20h (CET)|!Collaborating for Inclusion & Equality in Cybersecurity|[img(250px,auto)[iCSA/K9MWC.png]]|
|~|Larry Whiteside, Jr., Co-Founder & President ICMCP • Illena Armstrong, Industry Strategy Advisor, CSA|~|
|~|//Diversity, inclusion and equality strategies and practices have always been integral to organizations' daily operations and future growth. The need for executive leaders to genuinely embrace, evolve and continually hone their strategies this front has, indeed, become an even more acute differentiator and positive, constructive attribute of leading organizations. And while the cybersecurity industry, as a whole, has made some solid inroads to drive and nurture diversity, inclusion and equality efforts, more can and must be done. To be truly impactful in the long-term committed and continuous collaboration will be required. In this spirit, the Cloud Security Alliance and the International Association of Minority Cybersecurity Professionals are teaming up to support their respective members and the wider industry to aid them in further refine and reinforcing their inclusion and equality programs and long-term strategies//|~|
|~|Lien → [[Webinaire 10415/430055|https://www.brighttalk.com/webcast/10415/430055]]|~|
|!23/09
20h (CET)|!Security Automation: Principles, Opportunities, Risks, and Examples |[img(250px,auto)[iCSA/K9NWU.png]]|
|~|Mike Mellor, Senior Director of Information Security, Adobe|~|
|~|//One of the fundamental principles of any security program is a focus on reducing the "timeline to compromise" for security issues. Not only are attacks getting more and more sophisticated, but they are also starting to get more aggressive as all of us have been forced by the pandemic crisis into new modes of working. Responding well to these challenges requires the ability to focus your resources on your most challenging security problems. Manual processes just cannot keep up with these changing security needs, especially as your organization grows. Thus, using automation as much as possible can help you scale to better manage necessary change.
In this presentation, Mike Mellor, Head of Security for the Digital Experience Business at Adobe, will share his insights on these issues and talk about how Adobe is using automation throughout our security efforts to better focus our resources, be smarter about resource expansion as our business continues to grow, and better "foolproof" our processes. Mellor will provide details on automation techniques Adobe is using in application security, operational security, compliance, and enterprise security teams. These are techniques based upon industry best practices that you will be able to leverage for your own organization.//|~|
|~|Lien → [[Webinaire 10415/430056|https://www.brighttalk.com/webcast/10415/430056]]|~|
|!24/09
20h (CET)|!Building a World-Class Security Program|[img(250px,auto)[iCSA/K9OWB.png]]|
|~|James Christiansen, Vice President of Cloud Security Transformation, Netskope|~|
|~|//There is no "playbook" for today's information security officer to becoming a successful leader. With thousands of security technologies, millions of threat actors, and new attack vectors to defend against, simply working harder won't solve the problem. Information security leaders must transform from reactive, infrastructure-focused, into proactive, business-aligned security leaders. A world-class security program combines people, process, and technology. The best security programs are guided by dynamic leaders who understand the business to provide consistent demonstrable value.//|~|
|~|Lien → [[Webinaire 10415/430060|https://www.brighttalk.com/webcast/10415/430060]]|~|
|!25/09
__19h__ (CET)|!It's Been Ten Years. Why has nothing changed?|[img(250px,auto)[iCSA/K9PWI.png]]|
|~|Jim Reavis, CEO, CSA • Peter Karlson • Candy Alexander,|~|
|~|//Join us for a candid discussion on why we continue to see a shortage of skilled Cyber professional and how it is fast becoming one of the least understood problems faced by businesses and the profession today. Based on the latest research paper The Life and Times of Cybersecurity Professionals 2019. A Cooperative Research Project by Enterprise Strategic Group and the International Systems Security Association (ISSA), Jim Reavis and Candy Alexander, two of our prominent leaders in the community, discuss why it was so important to forge the alliance between ISSA and CSA and how to best tackle the problem at hand.//|~|
|~|Lien → [[Webinaire 10415/439506|https://www.brighttalk.com/webcast/10415/439506]]|~|
|!25/09
20h (CET)|!The Blind Spot in Object Storage|[img(250px,auto)[iCSA/K9PWT.png]]|
|~|Tim Albrecht, General Manager Cloud Practice, Cloud Storage Security|~|
|~|//Amazon S3 is one of the most successful services provided by AWS. AWS has unlimited emphasis, ensuring your data is safe. Customers and AWS leverage many native features and security frameworks, including redundancy, bucket permissions, encryption and duplication across regions and availability zones. However, the hidden threat to your customers and corporate applications dependent on Amazon S3 is the ability for intentional malware to be uploaded by an attacker, or an unintentional upload of potentially malicious files or objects by a legitimate user to your object storage.//|~|
|~|Lien → [[Webinaire 10415/429795|https://www.brighttalk.com/webcast/10415/429795]]|~|
|!29/09
''20h15'' (CET)|!Table ronde : "Pandemic & Beyond: Migrating to Cloud Securely"|[img(250px,auto)[iCSA/K99WP.png]]|
|~|Jim Reavis, CEO, CSA • Pete Chronis • Tima Soni • Patti Titus • Vinay Patel |~|
|~|//In this panel, our group of CISOs will be discussing the central cloud security issues currently being faced. Is the pandemic accelerating the push to the cloud? What are the governance, technical and cultural lessons learned? The CISO panelists represent organizations with diverse cloud maturity, from dipping the toes to all in, and the panel will have something of value to all audience members.//|~|
|~|Lien → [[Webinaire 10415/429789|https://www.brighttalk.com/webcast/10415/439877]]|~|
|!30/09
20h (CET)|!"SECtember Experience Wrap-Up: Guiding your Race to the Cloud"|[img(250px,auto)[iCSA/K9UWS.png]]|
|~|Jim Reavis, CEO, CSA|~|
|~|//In this session, Jim will take a look back at the critical topics covered throughout this month-long SECtember Experience and highlight key takeaways that can help guide you on your race to the cloud. How do you move forward and leverage the information and tools you collected during this past month? Jim will provide his insights and a roadmap ahead as you look to navigate the challenges of the current cloud climate.//|~|
|~|Lien → [[Webinaire 10415/440877|https://www.brighttalk.com/webcast/10415/440877]]|~|
__Lien :__
→ https://www.brighttalk.com/search/?q=sectember-experience
<<tiddler [[arOund0C]]>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202007>>
<<tiddler fAll2Tabs10 with: VeilleM","_202007>>
|!Date|!Sources|!Titres et Liens|!Keywords|
|2020.07.09|//Amazon AWS//|![[Latest Bulletins - Amazon Web Services (AWS)|https://aws.amazon.com/security/security-bulletins/AWS-2020-002/]] |Alert AWS Kubernetes CVE-2020-8558|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Juillet 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202007>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Juillet 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Juillet 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202007'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202007'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Juillet 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202007'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Juillet 2020]]>>
!//Strong MFA: The First Stop on the Path to Passwordless//
[>img(150px,auto)[iCSA/K7VBS.jpg]]^^Article publié le 31 juillet 2020 sur le blog de la CSA, et sur le site de Duo security le 30 juin 2020
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/07/31/strong-mfa-the-first-stop-on-the-path-to-passwordless/ /% ''[[CloudSecurityAlliance.fr/go/k7vx/|https://CloudSecurityAlliance.fr/go/k7vx/]]'' %/
* Site Duo Security ⇒ https://duo.com/blog/strong-mfa-the-first-stop-on-the-path-to-passwordless /% ''[[CloudSecurityAlliance.fr/go/k7vz/|https://CloudSecurityAlliance.fr/go/k7vz/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Implementing a Vendor Assessment Platform? Tips for Long-Term Success//
[>img(150px,auto)[iCSA/K7RBI.jpg]]^^Article publié le 27 juillet 2020 sur le blog de la CSA, et sur le site de Whistic
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/07/27/implementing-a-vendor-assessment-platform-tips-for-long-term-success/ /% ''[[CloudSecurityAlliance.fr/go/k7rx/|https://CloudSecurityAlliance.fr/go/k7rx/]]'' %/
* Site Whistic ⇒ https://www.whistic.com/resources/implementing-vendor-assessment-tips-for-success /% ''[[CloudSecurityAlliance.fr/go/k7rz/|https://CloudSecurityAlliance.fr/go/k7rz/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//How Hackers Changed Strategy with Cloud//
[>img(150px,auto)[iCSA/K7LBH.jpg]]^^Article publié le 21 juillet 2020 sur le blog de la CSA, après l'avoir été le 30 juin sur le site de Fugue
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/07/21/how-hackers-changed-strategy-with-cloud/ /% ''[[CloudSecurityAlliance.fr/go/k7lx/|https://CloudSecurityAlliance.fr/go/k7lx/]]'' %/
* Site Fugue ⇒ https://www.fugue.co/blog/how-hackers-changed-strategy-with-cloud ⇒ /% ''[[CloudSecurityAlliance.fr/go/k7lz/|https://CloudSecurityAlliance.fr/go/k7lz/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Securing the multi-cloud environment through CSPM and SSPM//
[>img(150px,auto)[iCSA/K7DBS.jpg]]^^Article publié le 13 juillet 2020 sur le blog de la CSA, après l'avoir été le 7 juillet 2020 sur le site de CipherCloud
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k7dx/|https://CloudSecurityAlliance.fr/go/k7dx/]]''
* Site CipherCloud ⇒ ''[[CloudSecurityAlliance.fr/go/k7dz/|https://CloudSecurityAlliance.fr/go/k7dz/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//What Does Proactive Vendor Security Mean?//
[>img(150px,auto)[iCSA/K7ABW.jpg]]^^Article publié le 10 juillet 2020 sur le blog de la CSA, après l'avoir été le 6 juillet 2020 sur le site de Whistic
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k7ax/|https://CloudSecurityAlliance.fr/go/k7ax/]]''
* Site Whistic ⇒ ''[[CloudSecurityAlliance.fr/go/k7az/|https://CloudSecurityAlliance.fr/go/k7az/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Data Discovery to Rescue Historical Data from Compliance Violations//
[>img(150px,auto)[iCSA/K71BD.jpg]]^^Article publié le 1er juillet 2020 sur le blog de la CSA, après l'avoir été le 24 mai 2020 sur le site de CipherCloud
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k71x/|https://CloudSecurityAlliance.fr/go/k71x/]]''
* Site CipherCloud ⇒ ''[[CloudSecurityAlliance.fr/go/k71z/|https://CloudSecurityAlliance.fr/go/k71z/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Risk Management//
[>img(150px,auto)[iCSA/K72BC.jpg]]^^Article publié le 2 juillet 2020 sur le blog de la CSA — Rédigé par Ashwin Chaudhary de Accedere
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k2ax/|https://CloudSecurityAlliance.fr/go/k2ax/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"NIST SP 800-210 : //General Access Control Guidance for Cloud Systems//"
[>img(150px,auto)[iCSF/NIST.gif]]Le document NIST SP 800-210 "General Access Control Guidance for Cloud Systems" est publié.
Il propose une approche pour comprendre les défis de sécurité dans le cloud en analysant les aspects de contrôle d'accès (//AC/Access Control//) dans les trois modèles de services cloud : IaaS, PaaS et SaaS.
Les caractéristiques essentielles qui affecteraient la conception du contrôle d'accès au cloud sont également résumées, telles que : l'accès au réseau, la mise en commun des ressources, l'élasticité rapide, les services à la consommation et le partage des données.
Diverses orientations pour la conception du contrôle d'accès de l'IaaS, du PaaS et du SaaS sont proposées en fonction de leurs caractéristiques respectives.
Enfin, des recommandations pour la conception du contrôle d'accès dans différents systèmes cloud sont également incluses pour faciliter les futures mises en œuvre.
En outre, des exemples de règles sont synthétisées pour chaque système de cloud.
En conclusion : un document assez court et synthétique (26 pages) qui entre dans la longue liste des documents de référence publiés par le NIST.
Lien → ''[[CloudSecurityAlliance.fr/go/k7un/|https://CloudSecurityAlliance.fr/go/k7un/]]'' (format pdf)
__Annonce__
{{ss2col{
> //NIST has published Special Publication (SP) 800-210, General Access Control Guidance for Cloud Systems, which presents an initial step toward understanding security challenges in cloud systems by analyzing the access control (AC) considerations in all three cloud service delivery models-Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Essential characteristics that would affect the Cloud's AC design are also summarized, such as broad network access, resource pooling, rapid elasticity, measured service, and data sharing. Various guidance for AC design of IaaS, PaaS, and SaaS are proposed according to their different characteristics. Recommendations for AC design in different cloud systems are also included to facilitate future implementations. Additionally, potential policy rules are summarized for each cloud system//
}}}
__Résumé__
{{ss2col{
> //This document presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Different service delivery models require managing different types of access on offered service components. Such service models can be considered hierarchical, thus the access control guidance of functional components in a lower-level service model are also applicable to the same functional components in a higher-level service model. In general, access control guidance for IaaS is also applicable to PaaS and SaaS, and access control guidance for IaaS and PaaS is also applicable to SaaS. However, each service model has its own focus with regard to access control requirements for its service.//
}}}
__Synthèse__
{{ss2col{
<<<
//Cloud systems have been developed over time and conceptualized through a combination of software, hardware components, and virtualization technologies. Characteristics of the cloud, such as resource pooling, rapid elasticity, and pay-as-you-go services, accelerated its wide adoption by industry, government, and academia. Specifically, cloud systems offer application services, data storage, data management, networking, and computing resources management to consumers over a network (the internet in general). Despite the great advancements of cloud systems, concerns have been raised about the offered level of security and privacy. The importance of these concerns becomes more evident when considering the increasing number of users who have adopted cloud services.
This document presents cloud access control (AC) characteristics and a set of general access control guidance for cloud service models-IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). The main focus is on technical aspects of access control without considering deployment models (e.g., public, private, hybrid clouds etc.), as well as trust and risk management issues, which require different layers of discussions that depend on the security requirements of the business function or the organization of deployment for which the cloud system is implemented. Different service delivery models need to consider managing different types of access on offered service components. Such considerations can be hierarchical, such as how the access control considerations of functional components in a lower-level service model (e.g., networking and storage layers in the IaaS model) are also applicable to the same functional components in a higher-level service model (e.g., networking and storage in PaaS and SaaS models). In general, access control considerations for IaaS are also applicable to PaaS and SaaS, and access control considerations for IaaS and PaaS are also applicable to SaaS. Therefore, AC guidance for IaaS is applicable to PaaS and SaaS, and AC guidance for IaaS and PaaS is also applicable to SaaS. However, each service model has its own focus with regard to access control requirements for its service.//
<<<
}}}
__Table des matières__
{{ss2col{
<<<
//Executive Summary
1 - Introduction
1.1 - Purpose
1.2 - Scope
1.3 - Audience
1.4 - Document Structure
2 - Cloud Access Control Characteristics
3 - Access Control Guidance for IaaS
3.1 - Guidance for Network
3.2 - Guidance for Hypervisor
3.3 - Guidance for Virtual Machines
3.4 - Guidance for APIs
3.5 - Recommendations for IaaS Access Control
4 - Access Control System for PaaS
4.1 - Guidance for Memory Data
4.2 - Guidance for APIs
4.3 - Recommendations for PaaS Access Control
5 - AC System for SaaS
5.1 - Guidance for Data Owner's Control
5.2 - Guidance for Confidentiality
5.3 - Guidance for Privilege Management
5.4 - Guidance for Multiple Replicas of Data
5.5 - Guidance for Multi-tenancy
5.6 - Guidance for Attribute and Role Management
5.7 - Guidance for Policies
5.8 - Guidance for APIs
5.9 - Recommendations for SaaS Access Control
6 - Guidance for Inter and Intra Operation
7 - Conclusions
References
List of Appendices
Guidance and SP 800-53 Revision 4 AC Control Mapping//
<<<
}}}
__Historique du document__
* Date de publication du Draft : 1er avril 2020+++^*[»] <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]===
* Date limite d'envoi des commentaires : 15 mai 2020
* Date de publication de la version finale : 31 juillet 2020
__Liens sur le site du NIST :__
⇒ Lire [[l'annonce|https://CloudSecurityAlliance.fr/go/k7ua/]]
⇒ Télécharger [[le document (pdf)|https://CloudSecurityAlliance.fr/go/k7un/]]
<<tiddler [[arOund0C]]>>
!"//Enterprise Architecture to CCM Shared Responsibility Model//" et "//Enterprise Architecture to CCM v3.0.1 Mapping//"
Ces deux documents sont intimement liés et doivent être revus simultanément. La date limite pour transmettre les commentaires sur chacun de ces documents est le ''28 août 2020''.
<<<
//The ''EA-CCM Shared Responsibility Model'' is a companion piece with the ''EA-CCM Mapping''.
The ''EA-CCM Mapping'' is a companion piece with the ''EA-CCM Shared Responsibility Model''.
The peer review for both documents are intended to be done in parallel.
The ''Enterprise Architecture'' working group's ''Enterprise Reference Architecture'' (ERA) is both a methodology and a set of tools enabling security architects, enterprise architects and GRC professionals to leverage a common set of solutions that fulfill their common needs.
The expectation is the ERA will assist in assessments where their internal IT and their cloud providers are in terms of security capabilities and roadmap planning to meet the security needs of their business.
The ERA provides a security viewpoint on a typical ''Enterprise Architecture'', thus taking a domain-based approach covering Business Operations, IT Operations, Security and Risk Management as well as the classic layered architecture of Presentation, Application, Information, and Infrastructure domains.
The mapping of CCM controls per the ''Shared Responsibility Model'' according to the following service levels - IaaS, PaaS, SaaS.
It is intended to give the reader an overview of cloud responsibility with the specific control domain from the view of either the cloud service provider and/or the cloud consumer.
0 (zero) signifies no responsibility, whereas the placement of a 1 (one) signifies the given responsibility.
From here, the reader can map that control domain back to the CCM control for further guidance and architecture.//
<<<
__Liens :__
* Téléchargement (après inscription) 'CCM Shared Responsibility Model' ⇒ ''[[CloudSecurityAlliance.fr/go/k7td/|https://CloudSecurityAlliance.fr/go/k7td/]]''
* Téléchargement (après inscription) 'CCM v3.0.1 Mapping' ⇒ ''[[CloudSecurityAlliance.fr/go/k7te/|https://CloudSecurityAlliance.fr/go/k7te/]]''
!"//CSA's SECtember Experience to Provide a Month of Vital Expert Briefings//"
La conférence [[SECtember]] qui devait se tenir du 14 au 18 septembre 2020 en présentiel à Seattle, est transformée en une série de webinaires en ligne.
Elle est maintenant appelée [[SECtember Experience|SECtember]].
''Les sessions se dérouleront à 20h (heure française) du 8 au 11, 14 au 16, 18, et du 22 au 25 septembre 2020''.
<<<
|ssTablN0L|k
|[>img(300px,auto)[iCSA/K9-SECtemberExperience.png]]//SEATTLE - 28 juillet 2020 - La Cloud Security Alliance (CSA), le leader mondial de l'écosystème du Cloud sécurisé, a annoncé aujourd'hui le [[SECtember Experience|SECtember]] (entre les 8 et 25 septembre), une série de webinaires qui donnera un aperçu de la qualité de ce que sera la conférence [[SECtember]] 2021. Gratuite, cette série de webinaires est conçue pour guider les participants dans leur démarche vers le Cloud , tout en leur offrant la possibilité d'obtenir des crédits CPE.//|!|[>img(300px,auto)[iCSA/K9-SECtemberExperience.png]]//SEATTLE - July 28, 2020 - The Cloud Security Alliance (CSA), the global leader of the secure cloud ecosystem, today announced the [[SECtember Experience|SECtember]] (Sept. 8-25), a webinar series that will provide a preview of the top-notch content attendees can expect to receive at the in-person [[SECtember]] conference in 2021. This complimentary series is designed to guide participants in their race to the cloud, while offering the opportunity to earn CPE credits.//|
||||
|//Suite à la pandémie COVID-19, les organisations accélèrent leur migration vers le Cloud comme stratégie optimale pour soutenir une main-d'œuvre virtuelle et permettre la transformation numérique. De la conception d'architectures "zero trust" à la sécurisation des pipelines de déploiement DevOps en passant par la modernisation de la gouvernance informatique, les acteurs ont de grands besoins de formation à la sécurité du Cloud dispensée par de vrais experts. La CSA a répondu à ce nouveau besoin en organisant une série de webinaires tout au long du mois de septembre, afin de couvrir des sujets essentiels à la migration et à la sécurisation des données dans le Cloud.//|!|//As a consequence of the COVID-19 pandemic, organizations are accelerating their migration to the cloud as the optimal strategy to support a virtual workforce and enable digital transformation. From designing zero trust architectures to securing DevOps deployment pipelines to modernizing IT governance, security professionals have a tremendous need for cloud security education from trusted experts. CSA has responded to this unprecedented need with a series of webinars throughout the month of September designed to cover a range of topics critical to moving to and securing data in the cloud.//|
||||
|//"Nous ne pourrons pas nous rencontrer physiquement en septembre, mais il est essentiel que nous comprenions l'importance de ce moment pour notre industrie. Les acteurs de la sécurité doivent se défendre contre une augmentation des menaces avec des budgets qui stagnent ou en décroissance, tout en étant des leaders pour inciter leurs organisations à adopter le Cloud Computing en toute sécurité", a déclaré Jim Reavis, co-fondateur et dirigeant de la Cloud Security Alliance. "C'est dans cet esprit que nous avons conçu un programme de premier plan, que nous déclinerons chaque jour en sessions interactives d'une à deux heures. Le [[SECtember Experience|SECtember]] permettra aux participants d'améliorer rapidement leurs connaissances en matière de Cloud et de cybersécurité avec un minimum de perturbations dans la journée de travail".//|!|//"While we will miss the opportunity to engage in person this September, it is critical that we understand the importance of this moment for our industry. Security professionals must defend against an increase in threats with flat to declining budgets while being leaders in driving their organizations to securely adopt cloud computing," said Jim Reavis, co-founder and CEO, Cloud Security Alliance. "With this in mind, we have curated a world class program, which we are delivering in 1-2 hour interactive sessions each day. The [[SECtember Experience|SECtember]] will allow participants to rapidly level up their cloud and cybersecurity knowledge with minimal disruptions to the work day."//|
||||
|//Parmi les sessions il y aura des discours d'ouverture de RSSI des 2000 plus grandes sociétés, des panels d'experts et de spécialistes de la sécurité du Cloud.
En outre, la CSA organisera des sessions spéciales en ligne de la formation [[CCSK]] présentées par un formatteur certifié et du nouveau cours sur le [[SDP]].
Le [[SECtember Experience|SECtember]] donnera également un aperçu du cours Certificate of Cloud Auditing Knowledge ([[CCAK]]). Les participants bénéficieront de réductions et de cadeaux surprise.//|!|//Among the sessions will be keynote speeches from Global 2000 security leaders, Chief Information Security Officer (CISO) panels, and cloud security technology deep dives. In addition, CSA will be conducting special online versions of the Certificate of Cloud Security Knowledge (CCSK) class with instructor-led labs and the new Software Defined Perimeter (SDP) course. The [[SECtember Experience|SECtember]] will also provide a preview of our highly anticipated Certificate of Cloud Auditing Knowledge (CCAK) course. Participants will be treated to several surprise promotions and product giveaways.//|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<<
__Lien :__
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/k7rc/|https://CloudSecurityAlliance.fr/go/k7rc/]]''
* La page de la conférence sur le site BrighTALK ⇒ https://www.brighttalk.com/search/?q=sectember-experience
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #74|2020.07.26 - Newsletter Hebdomadaire #74]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #74|2020.07.26 - Weekly Newsletter - #74]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.07.26 - Newsletter Hebdomadaire #74]]>> |<<tiddler [[2020.07.26 - Weekly Newsletter - #74]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 20 au 26 juillet 2020
!!1 - Informations CSA - 20 au 26 juillet 2020
* Blog : FAQ du Comité Européen de la Protection des Données sur Schrems 2+++^*[»] <<tiddler [[2020.07.24 - Blog : FAQ du Comité Européen de la Protection des Données sur Schrems 2]]>>===
* Publication : 'Healthcare Big Data in the Cloud'+++^*[»] <<tiddler [[2020.07.21 - Publication : 'Healthcare Big Data in the Cloud']]>>===
* Publication : 'Mobile Application Security Testing - Sum-Up & Landscape Overview'+++^*[»] <<tiddler [[2020.07.20 - Publication : 'Mobile Application Security Testing - Sum-Up & Landscape Overview']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 70 liens|2020.07.26 - Veille Hebdomadaire - 26 juillet]])
* __''À lire''__
** Containers : Bonnes pratiques et sécurisation+++^*[»]
|2020.07.23|Container Journal|![[Container Security Best Practices Taking Shape|https://containerjournal.com/topics/container-security/container-security-best-practices-taking-shape/]] |Container Best_Practices|
|2020.07.22|TL;DR Security|[[Container Security|https://tldrsec.com/blog/container-security/]] |Containers|
|2020.07.21|Jan Harrie|![[Container Breakouts - Part 2: Privileged Container|https://blog.nody.cc/posts/container-breakouts-part2]] (2/3) |Containers|
|2020.07.21|//Sysdig//|![[12 Container image scanning best practices to adopt in production|https://sysdig.com/blog/image-scanning-best-practices/]]|Containers Image_Scanning|
===
* __Alertes, Attaques, Pannes__
** Techniques de Phishing+++^*[»]
|2020.07.21|//Check Point//|![[How scammers are hiding their phishing trips in public clouds|https://blog.checkpoint.com/2020/07/21/how-scammers-are-hiding-their-phishing-trips-in-public-clouds/]] |Phishing O365 GCP|
|2020.07.21|Bleeping Computer| → [[Phishing campaign uses Google Cloud Services to steal Office 365 logins|https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/]]|Phishing O365 GCP|
|2020.07.20|//Tripwire//|[[Cloud Services Abused by Clever Phishing Campaign|https://www.tripwire.com/state-of-security/security-data-protection/cloud-services-abused-by-clever-phishing-campaign/]]|Phishing|
===
** Impacts suite à l'attaque contre Blackbaud+++^*[»]
|2020.07.20|Silicon Angle|[[1M e-learning student records found exposed on misconfigured cloud storage|https://siliconangle.com/2020/07/20/1m-e-learning-student-records-found-exposed-misconfigured-cloud-storage/]]|Data_Leak Misconfiguration|
|2020.07.20|Security Week| → [[Cloud Company Blackbaud Pays Ransomware Operators to Avoid Data Leak|https://www.securityweek.com/cloud-company-blackbaud-pays-ransomware-operators-avoid-data-leak]]|Ransomware|
|2020.07.20|Office of Inadequate Security| → [[Ransomware attack on cloud-services provider affects charities and not-for-profits|https://www.databreaches.net/ransomware-attack-on-cloud-services-provider-affects-charities-and-not-for-profits/]]|Ransomware|
===
* __Rapports et études__
** Exposition du Cloud (Rapid7)+++^*[»]
|2020.07.20|//Rapid7//|![[Rapid7 Releases the 2020 NICER Report|https://blog.rapid7.com/2020/07/20/rapid7-releases-2020-nicer-report/]] |Report|
===
* __Acquisitions__
** OPAQ par Fortinet+++^*[»]
|2020.07.20|//Fortinet//|[[Fortinet Acquires OPAQ|https://www.fortinet.com/products/fortinet-acquires-opaq]]|Acquisition|
|2020.07.20|MSSP Alert| → [[Fortinet Acquires SASE Security Provider Opaq Networks|https://www.msspalert.com/investments/fortinet-acquires-sase-security-provider-opaq-networks/]]|Acquisition|
|2020.07.21|Dark Reading| → [[Fortinet Buys Cloud Security Firm OPAQ|https://www.darkreading.com/cloud/fortinet-buys-cloud-security-firm-opaq/d/d-id/1338413]]|Acquisition|
|2020.07.21|Silicon Angle| → [[Fortinet snaps up OPAQ Networks to build out its security offering|https://siliconangle.com/2020/07/21/fortinet-snaps-opaq-networks-build-sase-security-offering/]]|Acquisition|
===
* __Autres veilles hebdomadaires Cloud et Sécurité__
** TL;DR Security #44 et ''The Cloud Security Reading List'' #47+++^*[»]
|2020.07.22|TL;DR Security|[[#44 - Formal Methods, New Web Security Mechanisms, Have GPT-3 Code for You|https://tldrsec.com/blog/tldr-sec-044/]] |Weekly_Newsletter|
|2020.07.26|Marco Lancini|[[The Cloud Security Reading List #47|https://cloudseclist.com/issues/issue-47/]] |Weekly_Newsletter|
===
* __Divers__
** Invalidation du Privacy Shield : commentaires (Nuageo)+++^*[»]
|2020.07.24|//Nuageo//[>img[iCSF/flag_fr.png]]|[[Le Privacy Shield est mort ! Vive le retour des DSI actives !|https://www.nuageo.fr/2020/07/le-privacy-shield-est-mort-vive-le-retour-des-dsi-actives/]]|Privacy_Shield|
|2020.07.22|Charlotte Galichet[>img[iCSF/flag_fr.png]]|[[Annulation du Privacy Shield - L'intégralité des transferts ou stockage de données aux Etats-Unis remis en cause|http://avocatspi.com/2020/07/22/annulation-du-privacy-shield-lintegralite-des-transferts-ou-stockage-de-donnees-aux-etats-unis-remis-en-cause/]]|Privacy_Shield|
===
* Zero Trust : articles par Intezer et Palo Alto+++^*[»]
|2020.07.22|//Intezer//|[[What is Zero Trust Execution? Definition, Adoption & More|https://www.intezer.com/blog/cloud-workload-protection/what-is-zero-trust-execution-definition-adoption-more/]]|Zero_Trust|
|2020.07.21|//Palo Alto Networks//|[[Zero Trust for Cloud Users and Environments|https://blog.paloaltonetworks.com/2020/07/cloud-zero-trust-for-cloud/]]|Zero_Trust|
===
* APIs : Liste de contrôle (Cloud Vector)+++^*[»]
|2020.07.21|//Cloud Vector//|![[API Security Checklist: Cheatsheet|https://www.cloudvector.com/api-security-checklist-cheatsheet/]] |APIs|
===
** Outils : Kubei+++^*[»]
|2020.07.22|SecTechno|[[Kubei - Kubernetes Runtime Vulnerability Scanner - SecTechno|https://sectechno.com/kubei-kubernetes-runtime-vulnerability-scanner/]] |Tools|
===
** Podcasts : SASE (Recorded Future), Chaos Engineering (Cloud Security Podcast)+++^*[»]
|2020.07.20|//Recorded future//|[[The Emerging Role of SASE and the Cloud|https://www.recordedfuture.com/podcast-episode-167/]] ([[podcast|https://hwcdn.libsyn.com/p/c/f/8/cf87a60d76dac4ce/167_The_Emerging_Role_of_SASE_and_the_Cloud.mp3]]|SASE Podcast|
|2020.07.26|Cloud Security Podcast|[[Getting Started with Chaos Engineering - What is it and how can it be used to build Application resiliency? - Aaron Rinehart, Verica|https://anchor.fm/cloudsecuritypodcast/episodes/Getting-Started-with-Chaos-Engineering---What-is-it-and-how-can-it-be-used-to-build-Application-resiliency----Aaron-Rinehart--Verica-eh8pbl]]|Podcast|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K7Q/|https://CloudSecurityAlliance.fr/go/K7Q/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - July 20th to 26th, 2020
!!1 - CSA News and Updates - July 20th to 26th, 2020
* Blog: FAQs by the EDPB on Schrems 2, but Little Practical Guidance+++^*[»] <<tiddler [[2020.07.24 - Blog : FAQ du Comité Européen de la Protection des Données sur Schrems 2]]>>===
* Publication: 'Healthcare Big Data in the Cloud'+++^*[»] <<tiddler [[2020.07.21 - Publication : 'Healthcare Big Data in the Cloud']]>>===
* Publication: 'Mobile Application Security Testing - Sum-Up & Landscape Overview'+++^*[»] <<tiddler [[2020.07.20 - Publication : 'Mobile Application Security Testing - Sum-Up & Landscape Overview']]>>===
!!2 - Cloud and Security News Watch ([[over 70 links|2020.07.26 - Veille Hebdomadaire - 26 juillet]])
* __''Must read''__
** Containers: Some Best Practices+++^*[»]
|2020.07.23|Container Journal|![[Container Security Best Practices Taking Shape|https://containerjournal.com/topics/container-security/container-security-best-practices-taking-shape/]] |Container Best_Practices|
|2020.07.22|TL;DR Security|[[Container Security|https://tldrsec.com/blog/container-security/]] |Containers|
|2020.07.21|Jan Harrie|![[Container Breakouts - Part 2: Privileged Container|https://blog.nody.cc/posts/container-breakouts-part2]] (2/3) |Containers|
|2020.07.21|//Sysdig//|![[12 Container image scanning best practices to adopt in production|https://sysdig.com/blog/image-scanning-best-practices/]]|Containers Image_Scanning|
===
* __Attacks__
** Phishing Campaigns Tricks+++^*[»]
|2020.07.21|//Check Point//|![[How scammers are hiding their phishing trips in public clouds|https://blog.checkpoint.com/2020/07/21/how-scammers-are-hiding-their-phishing-trips-in-public-clouds/]] |Phishing O365 GCP|
|2020.07.21|Bleeping Computer| → [[Phishing campaign uses Google Cloud Services to steal Office 365 logins|https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/]]|Phishing O365 GCP|
|2020.07.20|//Tripwire//|[[Cloud Services Abused by Clever Phishing Campaign|https://www.tripwire.com/state-of-security/security-data-protection/cloud-services-abused-by-clever-phishing-campaign/]]|Phishing|
===
** Follow-up after the Blackbaud Attack+++^*[»]
|2020.07.20|Silicon Angle|[[1M e-learning student records found exposed on misconfigured cloud storage|https://siliconangle.com/2020/07/20/1m-e-learning-student-records-found-exposed-misconfigured-cloud-storage/]]|Data_Leak Misconfiguration|
|2020.07.20|Security Week| → [[Cloud Company Blackbaud Pays Ransomware Operators to Avoid Data Leak|https://www.securityweek.com/cloud-company-blackbaud-pays-ransomware-operators-avoid-data-leak]]|Ransomware|
|2020.07.20|Office of Inadequate Security| → [[Ransomware attack on cloud-services provider affects charities and not-for-profits|https://www.databreaches.net/ransomware-attack-on-cloud-services-provider-affects-charities-and-not-for-profits/]]|Ransomware|
===
* __Reports and Surveys__
** Cloud Exposure (Rapid7)+++^*[»]
|2020.07.20|//Rapid7//|![[Rapid7 Releases the 2020 NICER Report|https://blog.rapid7.com/2020/07/20/rapid7-releases-2020-nicer-report/]] |Report|
===
* __Acquisitions__
** OPAQ by Fortinet+++^*[»]
|2020.07.20|//Fortinet//|[[Fortinet Acquires OPAQ|https://www.fortinet.com/products/fortinet-acquires-opaq]]|Acquisition|
|2020.07.20|MSSP Alert| → [[Fortinet Acquires SASE Security Provider Opaq Networks|https://www.msspalert.com/investments/fortinet-acquires-sase-security-provider-opaq-networks/]]|Acquisition|
|2020.07.21|Dark Reading| → [[Fortinet Buys Cloud Security Firm OPAQ|https://www.darkreading.com/cloud/fortinet-buys-cloud-security-firm-opaq/d/d-id/1338413]]|Acquisition|
|2020.07.21|Silicon Angle| → [[Fortinet snaps up OPAQ Networks to build out its security offering|https://siliconangle.com/2020/07/21/fortinet-snaps-opaq-networks-build-sase-security-offering/]]|Acquisition|
===
* __Additional relevant 'Cloud and Security' Weekly Watch__
** TL;DR Security #44 and ''The Cloud Security Reading List'' #47+++^*[»]
|2020.07.22|TL;DR Security|[[#44 - Formal Methods, New Web Security Mechanisms, Have GPT-3 Code for You|https://tldrsec.com/blog/tldr-sec-044/]] |Weekly_Newsletter|
|2020.07.26|Marco Lancini|[[The Cloud Security Reading List #47|https://cloudseclist.com/issues/issue-47/]] |Weekly_Newsletter|
===
* __Miscellaneous__
** Privacy Shield Invalidation: some comments (Nuageo, in French)+++^*[»]
|2020.07.24|//Nuageo//[>img[iCSF/flag_fr.png]]|[[Le Privacy Shield est mort ! Vive le retour des DSI actives !|https://www.nuageo.fr/2020/07/le-privacy-shield-est-mort-vive-le-retour-des-dsi-actives/]]|Privacy_Shield|
|2020.07.22|Charlotte Galichet[>img[iCSF/flag_fr.png]]|[[Annulation du Privacy Shield - L'intégralité des transferts ou stockage de données aux Etats-Unis remis en cause|http://avocatspi.com/2020/07/22/annulation-du-privacy-shield-lintegralite-des-transferts-ou-stockage-de-donnees-aux-etats-unis-remis-en-cause/]]|Privacy_Shield|
===
* Zero Trust: articles by Intezer and Palo Alto+++^*[»]
|2020.07.22|//Intezer//|[[What is Zero Trust Execution? Definition, Adoption & More|https://www.intezer.com/blog/cloud-workload-protection/what-is-zero-trust-execution-definition-adoption-more/]]|Zero_Trust|
|2020.07.21|//Palo Alto Networks//|[[Zero Trust for Cloud Users and Environments|https://blog.paloaltonetworks.com/2020/07/cloud-zero-trust-for-cloud/]]|Zero_Trust|
===
* API Security Checklist (Cloud Vector)+++^*[»]
|2020.07.21|//Cloud Vector//|![[API Security Checklist: Cheatsheet|https://www.cloudvector.com/api-security-checklist-cheatsheet/]] |APIs|
===
** Tools: Kubei+++^*[»]
|2020.07.22|SecTechno|[[Kubei - Kubernetes Runtime Vulnerability Scanner - SecTechno|https://sectechno.com/kubei-kubernetes-runtime-vulnerability-scanner/]] |Tools|
===
** Podcasts: SASE (Recorded Future), Chaos Engineering (Cloud Security Podcast)+++^*[»]
|2020.07.20|//Recorded future//|[[The Emerging Role of SASE and the Cloud|https://www.recordedfuture.com/podcast-episode-167/]] ([[podcast|https://hwcdn.libsyn.com/p/c/f/8/cf87a60d76dac4ce/167_The_Emerging_Role_of_SASE_and_the_Cloud.mp3]]|SASE Podcast|
|2020.07.26|Cloud Security Podcast|[[Getting Started with Chaos Engineering - What is it and how can it be used to build Application resiliency? - Aaron Rinehart, Verica|https://anchor.fm/cloudsecuritypodcast/episodes/Getting-Started-with-Chaos-Engineering---What-is-it-and-how-can-it-be-used-to-build-Application-resiliency----Aaron-Rinehart--Verica-eh8pbl]]|Podcast|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K7Q/|https://CloudSecurityAlliance.fr/go/K7Q/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 26 juillet 2020
+++^*[Table des Matières / Table of Contents] <<tiddler [[Veille ToC]]>>===
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!À lire / Must read |
|2020.07.23|Container Journal|![[Container Security Best Practices Taking Shape|https://containerjournal.com/topics/container-security/container-security-best-practices-taking-shape/]] |Container Best_Practices|
|2020.07.23|Chris Farris|![[What is Cloud Governance|https://www.chrisfarris.com/post/cloud-gov/]] |Governance|
|2020.07.22|TL;DR Security|[[Container Security|https://tldrsec.com/blog/container-security/]] |Containers|
|2020.07.21|Jan Harrie|![[Container Breakouts - Part 2: Privileged Container|https://blog.nody.cc/posts/container-breakouts-part2]] (2/3) |Containers|
|2020.07.21|//Sysdig//|![[12 Container image scanning best practices to adopt in production|https://sysdig.com/blog/image-scanning-best-practices/]]|Containers Image_Scanning|
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|2020.07.24|CSO Online|[[Microsoft Office the most targeted platform to carry out attacks|https://www.csoonline.com/article/3390221/microsoft-office-now-the-most-targeted-platform-as-browser-security-improves.amp.html]] |Report|
|2020.07.23|NJCCIC|[[Enterprise Cloud Services Phishing Campaign|https://www.cyber.nj.gov/alerts-advisories/enterprise-cloud-services-phishing-campaign/]]|Phishing|
|2020.07.22|Info Security Mag|[[Dangerous Liaisons - Cloudphishing|https://www.infosecurity-magazine.com/blogs/dangerous-liaisons-cloudphishing/]]|Phishing|
|2020.07.21|//Check Point//|![[How scammers are hiding their phishing trips in public clouds|https://blog.checkpoint.com/2020/07/21/how-scammers-are-hiding-their-phishing-trips-in-public-clouds/]] |Phishing O365 GCP|
|2020.07.21|Bleeping Computer| → [[Phishing campaign uses Google Cloud Services to steal Office 365 logins|https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/]]|Phishing O365 GCP|
|>|>|>|''Fuites de données / Leaks'' |
|2020.07.21|The Register|[[Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK for customers|https://www.theregister.com/2020/07/21/twilio_javascript_sdk_code_injection/]]|Misconfiguration AWS_S3 Incident|
|2020.07.22|Bleeping Computer|[[Twilio exposes SDK, attackers inject it with malvertising code|https://www.bleepingcomputer.com/news/security/twilio-exposes-sdk-attackers-inject-it-with-malvertising-code/]]|Misconfiguration AWS_S3 Incident|
|2020.07.23|Security Week| → [[Exposed Twilio SDK Abused for Malvertising Attack|https://www.securityweek.com/exposed-twilio-sdk-abused-malvertising-attack]]|Misconfiguration AWS_S3 Incident|
|2020.07.23|Help Net Security| → [[Attackers exploit Twilio's misconfigured cloud storage, inject malicious code into SDK|https://www.helpnetsecurity.com/2020/07/23/twilio-malicious-sdk/]]|Misconfiguration AWS_S3 Incident|
|2020.07.23|Dark Reading| → [[Twilio Security Incident Shows Danger of Misconfigured S3 Buckets|https://www.darkreading.com/cloud/twilio-security-incident-shows-danger-of-misconfigured-s3-buckets/d/d-id/1338447]]|Misconfiguration AWS_S3 Incident|
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|2020.07.22|Federal News Network|[[Edge computing reveals new risks, requires new security strategies|https://federalnewsnetwork.com/technology-main/2020/07/edge-computing-reveals-new-risks-requires-new-security-strategies/]]|Strategies|
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|2020.07.21|Dirk-jan Mollema|[[Abusing Azure AD SSO with the Primary Refresh Token|https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/]]|AzureAD Exploit|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.07.23|//SonicWall//|[[SonicWall's Mid-Year Cyber Threat Report Finds Malicious Microsoft Office Files On Rise, Ransomware Up in US, Globally|https://www.sonicwall.com/news/sonicwalls-mid-year-cyber-threat-report/]]|Report|
|2020.07.20|//Rapid7//|![[Rapid7 Releases the 2020 NICER Report|https://blog.rapid7.com/2020/07/20/rapid7-releases-2020-nicer-report/]] |Report|
|>|>|>|''Sondages / Surveys'' |
|>|>|>|''Études / Studies'' |
|>|>|>|''Publications'' |
|2020.07.22|SWIPO.eu|[[SWIPO codes published|https://swipo.eu/news/swipo-codes-published/]] ([[téléchargement|https://swipo.eu/download-section/]])|Data Portability|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.07.24|//Cloudonaut//|[[Use multiple AWS accounts, but keep it simple!|https://cloudonaut.io/use-multiple-aws-accounts-but-keep-it-simple/]]|AWS|
|2020.07.24|//Cloudonaut//|[[Run the AWS CLI v2 inside Docker|https://cloudonaut.io/run-the-aws-cli-v2-inside-docker/]]|AWS Docker|
|2020.07.22|//Amazon AWS//|[[How to use AWS Organizations to simplify security at enormous scale|https://aws.amazon.com/blogs/security/how-to-use-aws-organizations-to-simplify-security-at-enormous-scale/]]|AWS|
|2020.07.21|//AWS//|![[Introducing The CIS Amazon EKS Benchmark|https://aws.amazon.com/blogs/containers/introducing-cis-amazon-eks-benchmark/]] |AWS_EKS Best_Practices|
|2020.07.21|//AWS//| → [[Amazon EKS Best Practices Guide for Security|https://aws.github.io/aws-eks-best-practices/]] |AWS_EKS Best_Practices|
|2020.07.20|//AWS//|[[How to lower costs by automatically deleting and recreating HSMs|https://aws.amazon.com/blogs/security/how-to-lower-costs-by-automatically-deleting-and-recreating-hsms/]]|AWS HSM|
|2020.07.20|//Pentest Magazine//|[[Amazon EKS Security: 5 Hacks and Tricks|https://pentestmag.com/amazon-eks-security-5-hacks-and-tricks/]]|Amazon_EKS|
|>|>|>|''Azure (Microsoft)'' |
|2020.07.26|//Microsoft Azure//|[[Enterprise-Scale and Azure Policy for policy-driven governance|https://techcommunity.microsoft.com/t5/azure-architecture-blog/enterprise-scale-and-azure-policy-for-policy-driven-governance/ba-p/1614060]]|Azure Policy Governance|
|2020.07.23|//Cisco//|[[Cisco Secure Cloud Architecture for Azure|https://blogs.cisco.com/security/secure-cloud-for-azure]]|Azure|
|2020.07.23|//Microsoft Azure//|[[Azure Functions and App Service Authentication with Auth0 and other OpenID Connect providers|https://dev.to/azure/azure-functions-and-app-service-authentication-with-auth0-and-other-openid-connect-providers-47fg]]|Azure OpenId_Connect|
|2020.07.22|//Microsoft Azure//|![[Microsoft Security Best Practices|https://docs.microsoft.com/en-us/security/compass/compass]] |Azure Best_Practices|
|2020.07.22|//Microsoft Azure//|[[Azure Sentinel|https://docs.microsoft.com/en-us/rest/api/securityinsights/]]|Azuresentinel APIs|
|2020.07.21|Thomas Maurer|[[Download New Azure Architecture Icons now!|https://www.thomasmaurer.ch/2020/07/download-new-azure-architecture-icons-now/]]|Icons|
|2020.07.21|//Cloud Management Insider//|[[How Azure Stack Fits Into Your Hybrid Cloud Strategy?|https://www.cloudmanagementinsider.com/what-is-azure-stack/]]|Azure Hybrid_Cloud|
|2020.07.21|//Microsoft//|[[Learn about Microsoft 365 Endpoint data loss prevention (preview)|https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-learn-about?view=o365-worldwide]]|Products M365|
|2020.07.21|Bleeping Computer| → [[Microsoft 365 adds endpoint data leak protection in public preview|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-adds-endpoint-data-leak-protection-in-public-preview/]]|Products M365|
|2020.07.21|Dark Reading| → [[Microsoft 365 Updated with New Security, Risk, Compliance Tools|https://www.darkreading.com/cloud/microsoft-365-updated-with-new-security-risk-compliance-tools/d/d-id/1338412]]|Products M365|
|2020.07.21|Security Week| → [[New Security Capabilities Announced for Microsoft 365, Azure|https://www.securityweek.com/new-security-capabilities-announced-microsoft-365-azure]]|Products M365|
|2020.07.21|//Microsoft//|[[Preventing data loss and mitigating risk in today's remote work environment twitter|https://www.microsoft.com/security/blog/2020/07/21/preventing-data-loss-mitigating-risk-remote-work-environment/]]|Data_Loss|
|2020.07.21|//Microsoft//|[[Azure AD Mailbag: Identity protection|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-mailbag-identity-protection/ba-p/1257350]] |AzureAD|
|2020.07.20|Secure Cloud Blog|[[TOP3 Picks from Azure Security Center Standard|https://securecloud.blog/2020/07/20/top3-picks-from-azure-security-center-standard/]]|Azure_Security_Center|
|2020.07.20|//Microsoft//|[[Primary Refresh Token|https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-primary-refresh-token]]|!|
|>|>|>|''GCP (Google)'' |
|2020.07.24|//Google Cloud//|[[Updates on G Suite and more from week 2 at Google Cloud Next'20: OnAir|https://cloud.google.com/blog/topics/google-cloud-next/what-happened-week2-of-google-cloud-next20-onair/]]|Conference|
|2020.07.21|//Google Cloud//|[[Getting around Google Cloud Next'20: OnAir|https://cloud.google.com/blog/topics/google-cloud-next/getting-around-google-cloud-next20-onair/]]|Conference|
|2020.07.21|//Google Cloud//|[[G Suite security updates for Gmail, Meet, Chat and Admin|https://cloud.google.com/blog/products/g-suite/gsuite-security-updates-for-gmail-meet-chat-and-admin/]]|GCP G-Suite|
|2020.07.21|Silicon Angle| → [[Google adds more security features to Gmail and G Suite|https://siliconangle.com/2020/07/21/519836/]]|GCP G-Suite|
|>|>|>|''Oracle'' |
|2020.07.20|//Oracle Cloud//|[[How Oracle is helping you maintain a strong security posture in the cloud|https://blogs.oracle.com/cloudsecurity/how-oracle-is-helping-you-maintain-a-strong-security-posture-in-the-cloud]]|CSPM|
|>|>|>|''Kubernetes'' |
|2020.07.25|Mattias te Wierik|[[Discovering Running Pods By Using DNS and Headless Services in Kubernetes|https://medium.com/swlh/discovering-running-pods-by-using-dns-and-headless-services-in-kubernetes-7002a50747f4]]|K8s DNS Discovery|
|2020.07.24|//Alcide//|[[Three Ways to Simplify and Secure your Infrastructure using Kubernetes Namespaces|https://blog.alcide.io/three-ways-to-simplify-and-secure-your-infrastructure-using-kubernetes-namespaces]]|K8s|
|2020.07.23|//Kublr//|[[Kubernetes RBAC 101: Authentication|https://kublr.com/blog/kubernetes-rbac-101-authentication/]] (2/3)|Kubernetes RBAC|
|2020.07.21|OverOps|[[Kubernetes Troubleshooting: 7 Essential Steps for Delivering Reliable Applications|https://blog.overops.com/kubernetes-troubleshooting/]] ([[webcast|https://youtu.be/GHKGoiQDVaA]])|Kubernetes Troubleshooting|
|>|>|>|''Containers'' |
|2020.07.22|Container Journal|[[Carbonetes Unfurls Container Security Service|https://containerjournal.com/features/carbonetes-unfurls-container-security-service/]]|Products|
|2020.07.21|Jan Harrie|![[Container Breakouts - Part 2: Privileged Container|https://blog.nody.cc/posts/container-breakouts-part2]] (2/3) |Containers|
|>|>|>|''Outils / Tools'' |
|2020.07.22|SecTechno|[[Kubei - Kubernetes Runtime Vulnerability Scanner - SecTechno|https://sectechno.com/kubei-kubernetes-runtime-vulnerability-scanner/]] |Tools|
|2020.07.22|antiTree|[[Keyctl-unmask: "Going Florida" on The State Of Containerizing Linux Keyrings|https://www.antitree.com/2020/07/keyctl-unmask-going-florida-on-the-state-of-containerizing-linux-keyrings/]]|Tools|
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Podcasts'' |
|2020.07.26|Cloud Security Podcast|[[Getting Started with Chaos Engineering - What is it and how can it be used to build Application resiliency? - Aaron Rinehart, Verica|https://anchor.fm/cloudsecuritypodcast/episodes/Getting-Started-with-Chaos-Engineering---What-is-it-and-how-can-it-be-used-to-build-Application-resiliency----Aaron-Rinehart--Verica-eh8pbl]]|Podcast|
|>|>|>|''Veilles / Newsletters'' |
|2020.07.22|TL;DR Security|[[#44 - Formal Methods, New Web Security Mechanisms, Have GPT-3 Code for You|https://tldrsec.com/blog/tldr-sec-044/]] |Weekly_Newsletter|
|2020.07.26|Marco Lancini|[[The Cloud Security Reading List #47|https://cloudseclist.com/issues/issue-47/]] |Weekly_Newsletter|
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''Privacy Shield'' |
|2020.07.24|//Nuageo//[>img[iCSF/flag_fr.png]]|[[Le Privacy Shield est mort ! Vive le retour des DSI actives !|https://www.nuageo.fr/2020/07/le-privacy-shield-est-mort-vive-le-retour-des-dsi-actives/]]|Privacy_Shield|
|2020.07.22|Charlotte Galichet[>img[iCSF/flag_fr.png]]|[[Annulation du Privacy Shield - L'intégralité des transferts ou stockage de données aux Etats-Unis remis en cause.|http://avocatspi.com/2020/07/22/annulation-du-privacy-shield-lintegralite-des-transferts-ou-stockage-de-donnees-aux-etats-unis-remis-en-cause/]] |Privacy_Shield|
|>|>|>|''Zero Trust'' |
|2020.07.22|//Intezer//|[[What is Zero Trust Execution? Definition, Adoption & More|https://www.intezer.com/blog/cloud-workload-protection/what-is-zero-trust-execution-definition-adoption-more/]]|Zero_Trust|
|>|>|>|''Cloud Security Posture Management / CSPM'' |
|2020.07.24|//Check Point//|[[Striving to Achieve High Fidelity Cloud Security|https://blog.checkpoint.com/2020/07/24/striving-to-achieve-high-fidelity-cloud-security/]]|CSPM|
|2020.07.21|MSSP Alert|[[What Are Cloud Security Posture Management Tools?|https://www.msspalert.com/cybersecurity-services-and-products/cloud/cspm-tools-explained/]]|CSPM Tools|
|>|>|>|''Autres / Others'' |
|2020.07.26|Wired|[[9 Tips to Keep Your Cloud Storage Safe and Secure|https://www.wired.com/story/9-tips-cloud-storage-security]]|Storage|
|2020.07.24|Silicon Angle|[[Running with scissors: Speed in cloud native requires rethinking security|https://siliconangle.com/2020/07/24/running-scissors-speed-cloud-native-requires-rethinking-security/]]|Cloud_Native|
|2020.07.24|//Security Intelligence//|[[5 Core Tenets for Effective Multicloud Security|https://securityintelligence.com/posts/securing-multicloud-deployment/]]|Multi-Cloud|
|2020.07.23|Datacenter Magazine[>img[iCSF/flag_fr.png]]|[[Oracle Cloud Infrastructure (OCI) obtient la certification HDS – Datacenter Magazine|https://datacenter-magazine.fr/oracle-cloud-infrastructure-oci-obtient-la-certification-hds/]]|Health France HDS|
|2020.07.23|The Register|[[Make your public cloud truly secure for you with this one neat trick - no, really|https://www.theregister.com/2020/07/23/make_your_public_cloud_truly/]]|Misc|
|2020.07.23|ResellerClub|[[Security Strategies to Keep Your Hybrid Cloud Safe|https://medium.com/@TeamResellerClub/security-strategies-to-keep-your-hybrid-cloud-safe-77e77462e814]]|Hybrid_Cloud|
|2020.07.23|Info Security Mag|[[Cloud Misconfigurations a Major Compliance Risk, Say IT Decision Makers|https://www.infosecurity-magazine.com/news/cloud-misconfigurations-compliance/]]|Misconfiguration|
|2020.07.23|Marco Lancini|![[So I Heard You Want to Learn Kafka|https://www.marcolancini.it/2020/blog-learn-kafka/]] |Apache_Kafka|
|2020.07.23|//Perimeter81//|[[FWaaS Prevents the Cloud from Going Up in Flames|https://www.perimeter81.com/blog/cloud/fwaas-prevents-cloud-from-going-up-in-flames/]]|Firewalls|
|2020.07.23|//Uber Engineering//|[[Introducing Domain-Oriented Microservice Architecture|https://eng.uber.com/microservice-architecture/]] (article dépublié)|Microservice Architecture|
|2020.07.22|//Capsule8//|[[Security Considerations for Cloud Migration|https://capsule8.com/blog/security-considerations-for-cloud-migration/]]|Migration|
|>|>|>|!|
|>|>|>||
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|2020.07.21|Mc Kinsey|[[COVID-19 crisis shifts cybersecurity priorities and budgets|https://www.mckinsey.com/business-functions/risk/our-insights/covid-19-crisis-shifts-cybersecurity-priorities-and-budgets]]|COVID-19 Budget Trends|
|2020.07.21|//Sysdig//|![[12 Container image scanning best practices to adopt in production|https://sysdig.com/blog/image-scanning-best-practices/]]|Containers Image_Scanning|
|2020.07.21|//Netskope//|[[The Days of the "Security Stack" are Over, Long Live SASE|https://www.netskope.com/blog/the-days-of-the-security-stack-are-over-long-live-sase]]|SASE|
|2020.07.21|//Cloud Vector//|![[API Security Checklist: Cheatsheet|https://www.cloudvector.com/api-security-checklist-cheatsheet/]] |APIs|
|2020.07.21|//Palo Alto Networks//|[[Zero Trust for Cloud Users and Environments|https://blog.paloaltonetworks.com/2020/07/cloud-zero-trust-for-cloud/]]|Zero_Trust|
|2020.07.21|//StackRox//|[[GKE Security Best Practices: Designing Secure Clusters|https://www.stackrox.com/post/2020/07/gke-security-best-practices-designing-secure-clusters/]]|GKE Best_Practices|
|2020.07.21|//BridgeCrew//|[[Introducing the State of Open Source Terraform Security Report|https://bridgecrew.io/blog/state-of-open-source-terraform-security-report-2020/]]|Report|
|2020.07.21|//BridgeCrew//| → [[State of Open Source Terraform Security Report|https://bridgecrew.io/state-of-open-source-terraform-security-2020/]]|Report|
|2020.07.21|Pentest Magazine|[[A Security Reminder: Containers Talk to Each Other and Other Endpoints|https://pentestmag.com/a-security-reminder-containers-talk-to-each-other-and-other-endpoints/]]|Containers|
|>|>|>|!2020.07.20|
|2020.07.20|Bleeping Computer|[[Office 365 adds new security configuration analysis feature|https://www.bleepingcomputer.com/news/security/office-365-adds-new-security-configuration-analysis-feature/]]|O365|
|2020.07.20|Silicon Angle|[[1M e-learning student records found exposed on misconfigured cloud storage|https://siliconangle.com/2020/07/20/1m-e-learning-student-records-found-exposed-misconfigured-cloud-storage/]]|Data_Leak Misconfiguration|
|2020.07.20|Security Week| → [[Cloud Company Blackbaud Pays Ransomware Operators to Avoid Data Leak|https://www.securityweek.com/cloud-company-blackbaud-pays-ransomware-operators-avoid-data-leak]]|Ransomware|
|2020.07.20|Office of Inadequate Security| → [[Ransomware attack on cloud-services provider affects charities and not-for-profits|https://www.databreaches.net/ransomware-attack-on-cloud-services-provider-affects-charities-and-not-for-profits/]]|Ransomware|
|2020.07.20|//Fortinet//|[[Fortinet Acquires OPAQ|https://www.fortinet.com/products/fortinet-acquires-opaq]]|Acquisition|
|2020.07.20|MSSP Alert| → [[Fortinet Acquires SASE Security Provider Opaq Networks|https://www.msspalert.com/investments/fortinet-acquires-sase-security-provider-opaq-networks/]]|Acquisition|
|2020.07.21|CRN AU| → [[Fortinet buys cloud security startup Opaq to protect networks|http://www.crn.com.au/news/fortinet-buys-cloud-security-startup-opaq-to-protect-networks-550683]]|Acquisition|
|2020.07.21|Dark Reading| → [[Fortinet Buys Cloud Security Firm OPAQ|https://www.darkreading.com/cloud/fortinet-buys-cloud-security-firm-opaq/d/d-id/1338413]]|Acquisition|
|2020.07.21|Silicon Angle| → [[Fortinet snaps up OPAQ Networks to build out its security offering|https://siliconangle.com/2020/07/21/fortinet-snaps-opaq-networks-build-sase-security-offering/]]|Acquisition|
|2020.07.21|Security Week| → [[Fortinet Acquires SASE Cloud Provider OPAQ Networks|https://www.securityweek.com/fortinet-acquires-sase-cloud-provider-opaq-networks]]|Acquisition|
|2020.07.21|ZDnet| → [[Fortinet snaps up OPAQ in secure access, cloud security push|https://www.zdnet.com/article/fortinet-snaps-up-opaq-in-secure-access-cloud-security-push/]]|Acquisition|
|2020.07.20|//Digital Guardian//|[[What is Cloud Security?|https://digitalguardian.com/blog/what-cloud-security]]|Misc|
|2020.07.20|//Rapid7//|![[Rapid7 Releases the 2020 NICER Report|https://blog.rapid7.com/2020/07/20/rapid7-releases-2020-nicer-report/]] |Report|
|2020.07.20|//Recorded future//|[[The Emerging Role of SASE and the Cloud|https://www.recordedfuture.com/podcast-episode-167/]] ([[podcast|https://hwcdn.libsyn.com/p/c/f/8/cf87a60d76dac4ce/167_The_Emerging_Role_of_SASE_and_the_Cloud.mp3]]|SASE Podcast|
|2020.07.20|//Tripwire//|[[Cloud Services Abused by Clever Phishing Campaign|https://www.tripwire.com/state-of-security/security-data-protection/cloud-services-abused-by-clever-phishing-campaign/]]|Phishing|
|2020.07.20|//Recorded Future//|[[The Emerging Role of SASE and the Cloud|https://www.recordedfuture.com/podcast-episode-167/]] |Podcast SASE|
<<tiddler [[arOund0C]]>>
!"//Schrems 2 - 12 FAQs Published by the EDPB but Little Practical Guidance??//"
Article publié le 24 juillet 2020 — Rédigé par Francoise Gilbert, CEO, DataMinding, Inc.
Le Comité Européen de la Protection des Données (CEPD) est le European Data Protection Board (EDPB).
<<<
[>img(150px,auto)[iCSA/K7OBS.jpg]]//Since the publication of the European Court of Justice (EUCJ) decision in the Schrems 2 case+++^*[»] <<tiddler [[2020.07.16 - Blog : Invalidation du Privacy Shield !]]>>===, businesses located on both sides of the Atlantic, and around the world, have been attempting to determine how they should interpret and act upon the decision. On July 23, 2020, the EU Data Protection Board (EDPB) issued a first series of Frequently Asked Questions+++^*[»] https://edpb.europa.eu/sites/edpb/files/files/file1/20200724_edpb_faqoncjeuc31118.pdf === to help analyze, and react to, the EUCJ decision. Since the EDPB is comprised primarily of representatives of the supervisory authorities of each EU Member State, its opinion, guidance and recommendations are of great significance and help understand the expectations of the EU/EEA regulators. Unfortunately, this first draft provides little practical assistance. However, the EDPB commits to pursue its analysis and come back with more specific guidance.
!!Shield, SCC and also BCRs
[>img(150px,auto)[iCSF/EDPB.png]]The most unequivocal clarification in these 12 FAQs is that ''the Schrems 2 decision also affects BCRs and transfers other than to the United States''.
In FAQ #2, 3, 9, the EDPB indicates that the threshold set by the EUCJ decision applies to all appropriate means used under GPDR Art. 46 to transfer data from the EEA to any third country, and pertains to all transfers of personal data to the United States via electronic means that fall under the U.S. laws identified in the Court decision, regardless of the tools used for the transfer. As a result, transfers conducted through Binding Corporate Rules (BCR) are also affected.
Organizations that rely on BCRs to provide a legal basis to their ability to transfer personal data among their subsidiaries across the world must also conduct an assessment of the effect of US laws on these transfers. As in the case of SCCs, their ability to rely on BCRs will depend on the result of an assessment of the laws applying to the data being transferred.
While most of the attention has been focused on aspects of US surveillance laws, FAQ #9 points out that the threshold set by the EUCJ for transfers to the U.S. applies as well to transfer to any third country. The same goes for BCRs. The EDPB notes that both the data exporter and data importer are responsible for assessing whether the level of protection required by EU law is respected in the third country concerned in order to determine whether the guarantees provided by the SCCs or the BCRs can be complied with in practice. If this is not the case, the data exporter and data importer should assess whether they can provide supplementary measures to ensure an essentially equivalent level of protection as provided in the EU/EEA if the law of the third country will not impinge on these supplementary measures so as to prevent their effectiveness.
!!What Assessment and What Safeguards
Further, the EDPB confirms that whether an EU/EEA based data exporter can transfer personal data out of the EU/EEA on the basis of Standard Contractual Clauses or BCRs will depend on the result of its assessment of the law of the country of the data importer. (FAQ #5, 6 ). This assessment must take into account the circumstances of the transfers, and supplementary measures that would be put in place by the data exporter and the data importer.
FAQ #10 begins to address the key question that businesses are facing: What kind of supplementary measures can be introduced to meet this new standard? According to FAQ #10, the supplementary measures would have to:
* Be provided on a case-by-case basis;
* Take into account all the circumstances of the transfer; and
* Follow the assessment of the law of the third country, in order to check if it ensures an adequate level of protection.
If the data exporter determines that appropriate safeguards would not be ensured, it must suspend or end the transfer or notify its competent Supervisory Authority.
The EDPB recognizes the limitation of this guidance and promises to look further and provide more tangible and practicable suggestions.
!!Role of the Supervisory Authority
The EDPB also points out (FAQ #9) that while data exporters and data importers are primarily responsible for assessing whether the legislation of the third country of destination enables the data importer to comply with the Standard Contractual Clauses or the BCRs, the Supervisory Authorities will also have a key role when enforcing the GDPR and issuing further decisions on transfers to third countries.
We expect more developments in the next few weeks. Stay tuned for more reports on the aftermaths of the Schrems 2 decision.//
<<<
__Liens :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k7ob/|https://CloudSecurityAlliance.fr/go/k7gob/]]''
* [>img(150px,auto)[iCSF/K7OEE.jpg]]'FAQs on Schrems II' sur le site du Comité Européen de la Protection des Données (CEPD)
** version {{arOund{ENG}}} ⇒ https://edpb.europa.eu/sites/edpb/files/files/file1/20200724_edpb_faqoncjeuc31118.pdf
* Statement on the Court of Justice of the European Union Judgment in Case C-311/18 - Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (17 juillet 2020)
** ⇒ https://edpb.europa.eu/news/news/2020/statement-court-justice-european-union-judgment-case-c-31118-data-protection_en
!"//Healthcare Big Data in the Cloud//"
!!Publication - 'Healthcare Big Data in the Cloud'
> [>img(150px,auto)[iCSA/K7LPH.jpg]]Publication//We are living in the information age. There are large and complex data sets generated daily. Data is generated by social media, emails, as well as numerous data sensors. As we become a more digitized society the large data sets present both opportunities and challenges. In the area of healthcare, big data sharing and analysis can aid in the identification and treatment of diseases as well as predicting epidemics. Additionally, big data analytics can aid in predicting healthcare requirements for specific populations with modeling and management of healthcare patterns for predictive analysis. The goal is to collect and analyze as much data about a patient as possible. Data can come from patient records as well as from patient wearable devices. Collection and analysis of data can aid in identifying warning signs of serious illness at an early stage allowing for better treatment options. The challenges with big data are storage capacity, privacy & security, and collaboration. //
Table des matières ://
<<<
* Abstract
* Introduction
* Big Data Characteristics and Analytics
* Big Data in Healthcare
* Privacy and Security
* Conclusion
* References
<<<
!!Blog - 'Healthcare Big Data in the Cloud Summary'
Article publié le 20 juillet — Co-rédigé par Dr. Jim Angle, Trinity Health, et Alex Kaluza, Cloud Security Alliance
<<<
[>img(150px,auto)[iCSA/K7NBH.jpg]]//In the modern age of technology and all the ways that it impacts our lives, healthcare is no exception. The use of cloud computing, big data analytics, and the move to consumer-focused health care is changing the way health care is delivered. Healthcare Delivery Organizations (HDO) have access to large quantities of data that, if properly analyzed and utilized, can provide tremendous benefit to both the HDO and the patient. This data is coming from sources that were unavailable until recently, including the Internet of Things, electronic health records (EHR), other clinical data, and social media (Faggella, 2019).
"Big data analytics in health care enables analysis of large data sets from large numbers of patients, identifying clusters and correlation between datasets and developing predictive models. The information produced can be shared with other HDOs and research organizations for improving patient outcomes and can also identify health issues and allow for early intervention and treatment. The use of predictive analytics can aid in both patient care and HDO care delivery utilization, which is extremely important in rural areas where health care capacity is limited." - Dr. Jim Angle, Co-Chair of CSA's Health Information Management Working Group.
In response to the rapidly changing environment the Cloud Security Alliance's Health Information Management working group released a new report on Healthcare Big Data in the Cloud. The purpose of the report is to address privacy and security concerns related to processing, storing, and transmitting of patient data in the cloud. This paper examines the predictive analytics opportunities for big data in healthcare, and the privacy and security concerns that come with it. These issues are presented in each phase of the data lifecycle along with methods to mitigate privacy and security compliance concerns. You can learn more by downloading the report here+++^*[»] https://cloudsecurityalliance.org/artifacts/healthcare-big-data-in-the-cloud/ ===.
//[...]
<<<
__Liens :__
* Téléchargement du document ⇒ ''[[CloudSecurityAlliance.fr/go/k7lp/|https://CloudSecurityAlliance.fr/go/k7lp/]]'' /% https://cloudsecurityalliance.org/artifacts/healthcare-big-data-in-the-cloud/ %/
* Blog → ''[[CloudSecurityAlliance.fr/go/k7nb/|https://CloudSecurityAlliance.fr/go/k7nb/]]'' /% https://cloudsecurityalliance.org/blog/2020/07/23/healthcare-big-data-in-the-cloud-summary/ %/
!"//The Mobile App Testing Landscape//"
Publication du groupe de travail MAST (Mobile Application Security Testing)
!!Publication - 'Mobile Application Security Testing - Sum-Up & Landscape Overview'
> [>img(150px,auto)[iCSA/K7DPM.jpg]]//Users place a good deal of trust in mobile app stores' abilities to review, test, flag and block apps that exhibit undesirable behavior. However, even with the best expertise and resources touted by the most popular and established app stores, and the extensive experience gained from testing and reviewing large numbers of mobile apps, malware still manages to slip through their defenses from time to time to make the headlines. In 2016, with the aim to define a framework for secure mobile application development, achieving privacy and security by design, CSA's Mobile Application Security Testing (MAST) WG previously worked on and released a MAST whitepaper. Fast forward to 2020, in this summary paper, the WG strives to give readers an overview of the current MAST landscape, what the various mobile app stores are doing in terms of security review and testing of app submitted to them, popular app testing guides and tools.//
!!Blog - 'The Mobile App Testing Landscape'
Article publié le 20 juillet — Co-rédigé par Henry Hu, Co-Chair, MAST Working Group & CTO, Auriga Security, Inc. et Michael Roza, Member, MAST Working Group
<<<
[>img(150px,auto)[iCSA/K7KBT.jpg]]//Cloud computing accelerates the development and real-time use of applications, which drives personal productivity and business agility. However, with the proliferation of mobile apps and how it intertwines with both work and play, new security challenges arise which need to be addressed. This in turn, has led to a vibrant and growing mobile app testing market. According to Market Research Future Analysis+++^*[»] https://www.marketwatch.com/press-release/mobile-app-testing-services-market-2020-2026-global-leading-growth-drivers-em%C2%B5rging-audience-segments-industry-size-share-profits-and-regional-analysis-by-forecast-to-2026-2020-01-23 ===, the 'global mobile application testing services market reached USD 3.2 billion in 2018 and has been estimated to be valued at USD 13.6 billion by 2026 growing at 20.32 % CAGR during the forecast period 2019–2026.'
CSA's Mobile Application Security Testing (MAST) working group recently published a 'MAST - Landscape Overview' paper+++^*[»] https://cloudsecurityalliance.org/artifacts/mast-landscape-overview/ === that provides an overview of the MAST market, of which the key points are succinctly covered in this post.
[>img(500px,auto)[iCSA/K7KB1.png]]Back In 2016, this working group developed and released a paper with the aim to define a framework for secure mobile application development achieving privacy and security by design. The figure below summarizes the paper's key requirements, which references NIST Special Publication 800-163 (now superseded by SP 800-163 Rev 1) as the basis of consideration in determining classification levels for basic security vetting specifications.
!!Review and Testing of Apps by Major Mobile App Stores
A common practice among popular mobile app stores is that they do not publicize the types of security review and testing performed on applications submitted to them. Rather than a 'security by obscurity' mindset, the reason for non-disclosure is more likely to do with the number of new vulnerabilities discovered each day (leading to new tests), and that some of the vetting tools are machine-learning based and dynamic in nature.
The paper gives an overview of the review and vetting processes by major mobile app stores: Google Play Store, Apple App Store, Microsoft Store, Amazon AppStore, Samsung Galaxy Store, BlackBerry World and Huawei AppGallery.
!!App Testing Guides & Tools
Other than the MAST paper, there are also detailed testing guidelines from OWASP, and software tools from a variety of vendors to automate app security testing
* Guides
** OWASP Mobile Security Testing Guide (MSTG)+++^*[»] https://owasp.org/www-project-mobile-security-testing-guide/ === OWASP Mobile Application Security Verification Standard (MASVS)+++^*[»] https://mobile-security.gitbook.io/masvs/ ===
* Tools - Many of these tools are open-source, maintained by hundreds of volunteer security professionals, support both Android and iOS platforms, and generate reports about potential vulnerabilities with recommendations on how to fix them.
** Drozer+++^*[»] https://github.com/FSecureLABS/drozer/wiki ===, MobSF+++^*[»] https://mobsf.github.io/docs/#/ ===, QARK+++^*[»] https://github.com/linkedin/qark ===, Zed Attack Proxy+++^*[»] https://www.zaproxy.org/ ===
App developers typically tap multiple tools (e.g., static app security testing, dynamic app security testing, forensics analysis) to automate their security testing workflow to catch as many red flags as possible to improve their app's chances of passing the app stores' review and approval process.
!!A Temporary Pause
The MAST working group concluded that existing efforts by OWASP provide the industry with detailed guides and checklists to enhance the security posture of mobile apps, while there are a healthy number of open source tools available to conduct security testing on mobile apps. With no obvious and pertinent gaps in the mobile security testing landscape at the moment that the working group can help to address, the working group will be temporarily suspended, but continue to monitor potential security gaps that arise from the emergence of trends such as Beacon Technology, Wearables, and 5G/6G wireless.
//[...]
<<<
[>img(150px,auto)[iCSA/K7KB2.jpg]]__Liens :__
* Téléchargement du document ⇒ ''[[CloudSecurityAlliance.fr/go/k7kp/|https://CloudSecurityAlliance.fr/go/k7kp/]]'' /% https://cloudsecurityalliance.org/artifacts/mast-landscape-overview/ %/
* Blog → ''[[CloudSecurityAlliance.fr/go/k7kb/|https://CloudSecurityAlliance.fr/go/k7kb/]]'' /% https://cloudsecurityalliance.org/blog/2020/07/20/the-mobile-app-testing-landscape/ %/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #73|2020.07.19 - Newsletter Hebdomadaire #73]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #73|2020.07.19 - Weekly Newsletter - #73]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.07.19 - Newsletter Hebdomadaire #73]]>> |<<tiddler [[2020.07.19 - Weekly Newsletter - #73]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 13 au 19 juillet 2020
!!1 - Informations CSA - 13 au 19 juillet 2020
* Blog : ''Invalidation du Privacy Shield''+++^*[»] <<tiddler [[2020.07.16 - Blog : Invalidation du Privacy Shield !]]>>===
* Blog : 'Abusing Privilege Escalation in Salesforce Using APEX'+++^*[»] <<tiddler [[2020.07.16 - Blog : 'Abusing Privilege Escalation in Salesforce Using APEX']]>>===
* Conférence : ''Retour sur la conférence en ligne 'fwd:cloudsec 2020'''+++^*[»] <<tiddler [[2020.07.14 - Conférence : Retour sur la conférence en ligne 'fwd:cloudsec 2020']]>>===
* Publication : 'Hybrid Cloud and Its Associated Risks'+++^*[»] <<tiddler [[2020.07.13 - Publication : 'Hybrid Cloud and Its Associated Risks']]>>===
* Blog : 'Creating an Integrated Security System with the CSA STAR Program'+++^*[»] <<tiddler [[2020.07.13 - Blog : 'Creating an Integrated Security System with the CSA STAR Program']]>>===
* Appel à commentaires : Ajout 'ABS CCIG' à la CCM+++^*[»] <<tiddler [[2020.07.13 - Appel à commentaires : Ajout 'ABS CCIG' à la CCM]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 100 liens|2020.07.19 - Veille Hebdomadaire - 19 juillet]])
* __''À lire''__
** ''La Cour de justice de l'Union Européenne invalide le Privacy Shield''+++^*[»]
|2020.07.16|Cour de justice de l'Union Européenne|![[La Cour invalide la décision 2016/1250 relative à l'adéquation de la protection assurée par le bouclier de protection des données UE-États-Unis|https://curia.europa.eu/jcms/jcms/p1_3117870/en/]] (Arrêt [[en français (pdf)|https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091fr.pdf]] et [[en anglais|https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091en.pdf]]) |Privacy_Shield|
|2020.07.16|Francoise Gilbert| → [[European Court of Justice Decision Creates Havoc in Global Digital Exchanges: One Shot Down, One seriously Injured; 5,300 Stranded|https://www.francoisegilbert.com/?p=1497]]|Privacy_Shield|
|2020.07.16|//BH Consulting//| → [[Todays ECJ Privacy Shield ruling|https://bhconsulting.ie/todays-ecj-privacy-shield-ruling/]]|Privacy_Shield|
|2020.07.17|Garance Mathias| → [[Invalidation du Privacy Shield, que retenir ?|https://www.avocats-mathias.com/actualites/invalidation-du-privacy-shield-que-retenir]]|Privacy_Shield|
|2020.07.17|//Google Cloud//| → [[Google Cloud's Commitment to EU International Data Transfers and the CJEU Ruling|https://cloud.google.com/blog/products/identity-security/google-clouds-commitment-to-eu-international-data-transfers-and-the-cjeu-ruling]]|Privacy_Shield|
===
* __Alerts, Attacks and Threats__
** Alertes : Vulnérabilité Kubernetes (CVE-2020-8557), exploitation par les API Docker mal configurées, URL personnalisés dans Zoom+++^*[»]
|2020.07.16|//Alcide//|![[New Kubernetes Node Storage-based DoS Vulnerability (CVE-2020-8557)|https://blog.alcide.io/new-kubernetes-node-storage-based-dos-vulnerability-cve-2020-8557]] |K8s CVE-2020-8557|
|2020.07.15|//Aqua Security//|![[Threat Alert: Attacker Building Malicious Images Directly on Your Host|https://blog.aquasec.com/malicious-container-image-docker-container-host]] ([[docker-py|https://github.com/docker/docker-py]])|
|2020.07.15|Dark Reading| → [[New Attack Technique Uses Misconfigured Docker API|https://www.darkreading.com/attacks-breaches/new-attack-technique-uses-misconfigured-docker-api/d/d-id/1338366]]|Docker API Attack|
|2020.07.16|Container Journal| → [[Aqua Security Surfaces Threat to Container Hosts|https://containerjournal.com/topics/container-security/aqua-security-surfaces-threat-to-container-hosts/]]|Docker API Attack|
|2020.07.16|//Check Point//|[[Fixing the Zoom 'Vanity Clause' - Check Point and Zoom collaborate to fix Vanity URL issue|https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/]]|Zoom Flaw|
|2020.05.16|//Threatpost//| → [[Zoom Addresses Vanity URL Zero-Day|https://threatpost.com/zoom-vanity-url-zero-day/157510/]]|Zoom Flaw|
|2020.05.17|Security Week| → [[Zoom's Vanity URLs Could Have Been Abused for Phishing Attacks|https://www.securityweek.com/zooms-vanity-urls-could-have-been-abused-phishing-attacks]]|Zoom Flaw|
===
** Attaque : Ransomware contre Blackbaud+++^*[»]>
|2020.07.16|//Blackbaud//|![[Learn more about the Ransomware attack we recently stopped|https://www.blackbaud.com/securityincident]] |Ransomware|
|2020.07.17|ZDnet| → [[Cloud provider stopped ransomware attack but had to pay ransom demand anyway|https://www.zdnet.com/article/cloud-provider-stopped-ransomware-attack-but-had-to-pay-ransom-demand-anyway/]]|Ransomware|
|2020.07.17|The Register| → [[Cloud biz Blackbaud caved to ransomware gang's demands - then neglected to inform customers for two months|https://www.theregister.com/2020/07/17/blackbaud_paid_ransomware/]]|Ransomware|
===
** Exemples de menaces (Tripwire)+++^*[»]>
|2020.07.14|//Tripwire//|[[6 Cloud Security Threats Healthcare Companies May Face - With Solutions|https://www.tripwire.com/state-of-security/featured/6-cloud-security-threats-healthcare-companies-face-solutions/]]|Threats|
===
* __Pannes__
** Cloudflare+++^*[»]>
|2020.07.17|//Cloudflare//|[[Cloudflare outage on July 17, 2020|https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/]]|Outage Cloudflare|
|2020.07.17|Bleeping Computer| → [[Cloudflare outage takes down Discord, BleepingComputer, and other sites|https://www.bleepingcomputer.com/news/technology/cloudflare-outage-takes-down-discord-bleepingcomputer-and-other-sites/]]|Outage Cloudflare|
===
* __Divers__
** Autres veilles hebdomadaires Cloud et Sécurité : ''TL;DR Security'' et ''The Cloud Security Reading List''+++^*[»]
|2020.07.15|TL;DR Security|[[#43 - Continuous AppSec Scanning, Threat Modeling, Career Advice from Feynman|https://tldrsec.com/blog/tldr-sec-043/]] |Weekly_Newsletter|
|2020.07.19|Marco Lancini|[[The Cloud Security Reading List #46|https://cloudseclist.com/issues/issue-46/]] |Weekly_Newsletter|
===
** Podcast : 'Operational Technology vs. Information Technology'+++^*[»]
|2020.07.19|Cloud Security Podcast|[[Cloud Security in Operational Technology vs Information Technology world - Parul Kharub, CISSP|https://anchor.fm/cloudsecuritypodcast/episodes/Cloud-Security-in-Operational-Technology-vs-Information-Technology-world---Parul-Kharub--CISSP-egua8e]]|Podcast|
===
** AWS : Chiffrement de données //a posteriori//+++^*[»]
|2020.07.13|//Amazon AWS//|[[How to retroactively encrypt existing objects in Amazon S3 using S3 Inventory, Amazon Athena, and S3 Batch Operations|https://aws.amazon.com/blogs/security/how-to-retroactively-encrypt-existing-objects-in-amazon-s3-using-s3-inventory-amazon-athena-and-s3-batch-operations/]]|AWS Encryption|
===
** Azure : Amélioration de la protection du stockage, Ressources O365 (Varonis)+++^*[»]
|2020.07.17|//Varonis//|![[Office 365 Admin Resource Center|https://www.varonis.com/blog/office-365-admin/]] |O365|
|2020.07.13|//Microsoft Azure//|[[Azure Files support and new updates in advanced threat protection for Azure Storage|https://azure.microsoft.com/en-us/blog/azure-files-support-and-new-updates-in-advanced-threat-protection-for-azure-storage/]]|Azure Storage|
|2020.07.13|Bleeping Computer| → [[Microsoft extends security for Azure Storage file shares, data lakes|https://www.bleepingcomputer.com/news/security/microsoft-extends-security-for-azure-storage-file-shares-data-lakes/]]|Azure Storage|
===
** GCP : Conférence OnAir, Positionnement sur le //Confidential Computing//, nouvelle offre pour les entités gouvernementales+++^*[»]
|2020.07.17|//Google Cloud//|[[Everything you need to know about week 1 of Google Cloud Nest'20: OnAir|https://cloud.google.com/blog/topics/google-cloud-next/what-happened-week1-of-google-cloud-next20-onair/]]|GCP Conference|
|2020.07.16|//Google Cloud//|[[Complete list of announcements from Google Cloud Nest'20: OnAir|https://cloud.google.com/blog/topics/google-cloud-next/complete-list-of-announcements-from-google-cloud-next20-onair/]]|GCP Conference|
|2020.07.15|//Google Cloud//|[[Google Cloud Next '20: OnAir begins July 14, 2020|https://cloud.google.com/blog/topics/google-cloud-next/google-cloud-next20-onair-begins-july-14-2020/]]|GCP Conference|
|2020.07.14|Silicon Angle|[[Google debuts Confidential VMs that keep data encrypted while it's in use|https://siliconangle.com/2020/07/14/google-debuts-confidential-vms-keep-data-encrypted-use/]]|GCP Confidential_Computing|
|2020.07.14|Container Journal| → [[How to Secure Containers for Cybersecurity|https://containerjournal.com/topics/container-security/how-to-secure-containers-for-cybersecurity/]]|Containers|
|2020.07.14|//Google Cloud//|![[Introducing Google Cloud Confidential Computing with Confidential VMs|https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms/]] |GCP Confidential_Computing|
|2020.07.14|//Duo//| → [[Google Debuts Confidential VMs to Protect Cloud Data in Use|https://duo.com/decipher/google-debuts-confidential-vms-to-protect-cloud-data-in-use]]|GCP Confidential_Computing|
|2020.07.14|Dark Reading| → [[Google Cloud Unveils 'Confidential VMs' to Protect Data in Use|https://www.darkreading.com/cloud/google-cloud-unveils-confidential-vms-to-protect-data-in-use/d/d-id/1338347]]|GCP Confidential_Computing|
|2020.07.14|Security Week| → [[Google Cloud Unveils Confidential VMs Powered by AMD EPYC Processors|https://www.securityweek.com/google-cloud-unveils-confidential-vms-powered-amd-epyc-processors]]|GCP Confidential_Computing|
|2020.07.14|Silicon Angle| → [[Google debuts Confidential VMs that keep data encrypted while it's in use|https://siliconangle.com/2020/07/14/google-debuts-confidential-vms-keep-data-encrypted-use/]]|GCP Confidential_Computing|
|2020.07.15|Silicon.fr[img[iCSF/flag_fr.png]]| → [[Google Cloud ouvre la voie à l'informatique "confidentielle"|https://www.silicon.fr/google-cloud-informatique-confidentielle-343296.html]]|GCP Confidential_Computing|
|2020.07.16|Le MagIT[img[iCSF/flag_fr.png]]| → [[Confidential VM : Google Cloud veut chiffrer les machines virtuelles en temps réel|https://www.lemagit.fr/actualites/252486220/Confidential-VM-Google-Cloud-veut-chiffrer-les-machines-virtuelles-en-temps-reel]]|Confidential_Computing|
|2020.07.14|//Google Cloud//|![[Assured Workloads for Government: Compliance without compromise|https://cloud.google.com/blog/products/identity-security/assured-workloads-for-government-compliance-without-compromise/]]|Workloads Government|
|2020.07.16|Security Week| → [[Google Cloud Unveils New Service for Government Workloads|https://www.securityweek.com/google-cloud-unveils-new-service-government-workloads]]|Workloads Government|
|2020.07.14|Container Journal| → [[Compliance without compromise: Introducing Assured Workloads for Government|https://containerjournal.com/news/news-releases/compliance-without-compromise-introducing-assured-workloads-for-government/]]|Workloads Government|
===
** Containers : analyse de risques (Tripwire)+++^*[»]
|2020.07.13|//Tripwire//|[[5 Risks You Need to Remember When Securing Your Containers|https://www.tripwire.com/state-of-security/featured/5-risks-securing-containers/]]|Risks|
===
** Kubernetes : Bonnes pratiques de sécurité (Intezer), Nouveau cadre de sécurité (Portshift), Menaces et persistence (StackRox), Problématiques de sécurité (Sentinel One)+++^*[»]
|2020.07.15|//Intezer//|![[Intezer - Best Practices for Securing a Kubernetes Environment|https://www.intezer.com/container-security/best-practices-for-securing-a-kubernetes-environment/]] |K8s Best_Practices|
|2020.07.19|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 4 - Privilege Escalation|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-4-privilege-escalation/]] (4/9)|Kubernetes Threats|
|2020.07.14|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 3 - Persistence|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-3-persistence/]] (3/9) |Kubernetes Treats|
|2020.07.13|//Container Journal//|[[Portshift Unveils Security Framework for Kubernetes Environments|https://containerjournal.com/topics/container-security/portshift-unveils-security-framework-for-kubernetes-environments/]] |K8s Products|
|2020.07.16|//Sentinel One//|![[Kubernetes Security Challenges, Risks, and Attack Vectors|https://www.sentinelone.com/blog/kubernetes-security-challenges-risks-and-attack-vectors/]] |K8s|
===
** Outils: Canary Tokens (Pot de miel), Docker for Pentest, Kubebox+++^*[»]
|2020.07.17|0x00Sec|[[Canary Tokens - The Zero setup honeypot|https://0x00sec.org/t/canary-tokens-the-zero-setup-honeypot/22275/1]]|Honeypot|
|2020.07.18|KitPloit|[[Docker for Pentest - Image With The More Used Tools To Create A Pentest Environment Easily And Quickly|https://www.kitploit.com/2020/07/docker-for-pentest-image-with-more-used.html]]|Tools|
|2020.07.14|SecTechno|[[kubebox - Terminal and Web console for Kubernetes - SecTechno|https://sectechno.com/kubebox-terminal-and-web-console-for-kubernetes/]] |Tools|
===
** Insolite : recherce expert avec ''12 ans'' d'expérience sur Kubernetes+++^*[»]
|2020.07.13|The Register|[[IBM job ad calls for 12 years' experience with Kubernetes - which is six years old|https://www.theregister.com/2020/07/13/ibm_kubernetes_experience_job_ad/]] |Fun|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K7J/|https://CloudSecurityAlliance.fr/go/K7J/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - July 13th to 19th, 2020
!!1 - CSA News and Updates - July 13th to 19th, 2020
* Blog: ''Privacy Shield Invalidated''+++^*[»] <<tiddler [[2020.07.16 - Blog : Invalidation du Privacy Shield !]]>>===
* Blog: 'Abusing Privilege Escalation in Salesforce Using APEX'+++^*[»] <<tiddler [[2020.07.16 - Blog : 'Abusing Privilege Escalation in Salesforce Using APEX']]>>===
* Conférence: ''Feedback on the online 'fwd:cloudsec 2020' Conference''+++^*[»] <<tiddler [[2020.07.14 - Conférence : Retour sur la conférence en ligne 'fwd:cloudsec 2020']]>>===
* Publication: 'Hybrid Cloud and Its Associated Risks'+++^*[»] <<tiddler [[2020.07.13 - Publication : 'Hybrid Cloud and Its Associated Risks']]>>===
* Blog: 'Creating an Integrated Security System with the CSA STAR Program'+++^*[»] <<tiddler [[2020.07.13 - Blog : 'Creating an Integrated Security System with the CSA STAR Program']]>>===
* Peer Review: Ajout 'ABS CCIG' à la CCM+++^*[»] <<tiddler [[2020.07.13 - Appel à commentaires : Ajout 'ABS CCIG' à la CCM]]>>===
!!2 - Cloud and Security News Watch ([[over 100 links|2020.07.19 - Veille Hebdomadaire - 19 juillet]])
* __''Must read''__
** ''Privacy Shield Invalidated by the European Court of Justice''+++^*[»]
|2020.07.16|Cour de justice de l'Union Européenne|![[La Cour invalide la décision 2016/1250 relative à l'adéquation de la protection assurée par le bouclier de protection des données UE-États-Unis|https://curia.europa.eu/jcms/jcms/p1_3117870/en/]] (Arrêt [[en français (pdf)|https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091fr.pdf]] et [[en anglais|https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091en.pdf]]) |Privacy_Shield|
|2020.07.16|Francoise Gilbert| → [[European Court of Justice Decision Creates Havoc in Global Digital Exchanges: One Shot Down, One seriously Injured; 5,300 Stranded|https://www.francoisegilbert.com/?p=1497]]|Privacy_Shield|
|2020.07.16|//BH Consulting//| → [[Todays ECJ Privacy Shield ruling|https://bhconsulting.ie/todays-ecj-privacy-shield-ruling/]]|Privacy_Shield|
|2020.07.17|Garance Mathias| → [[Invalidation du Privacy Shield, que retenir ?|https://www.avocats-mathias.com/actualites/invalidation-du-privacy-shield-que-retenir]]|Privacy_Shield|
|2020.07.17|//Google Cloud//| → [[Google Cloud's Commitment to EU International Data Transfers and the CJEU Ruling|https://cloud.google.com/blog/products/identity-security/google-clouds-commitment-to-eu-international-data-transfers-and-the-cjeu-ruling]]|Privacy_Shield|
===
* __Alerts, Attacks and Threats__
** Alerts: Kubernetes Vulnerability (CVE-2020-8557), New Attack Technique Uses Misconfigured Docker API, Zoom Vanity URL issue+++^*[»]
|2020.07.16|//Alcide//|![[New Kubernetes Node Storage-based DoS Vulnerability (CVE-2020-8557)|https://blog.alcide.io/new-kubernetes-node-storage-based-dos-vulnerability-cve-2020-8557]] |K8s CVE-2020-8557|
|2020.07.15|//Aqua Security//|![[Threat Alert: Attacker Building Malicious Images Directly on Your Host|https://blog.aquasec.com/malicious-container-image-docker-container-host]] ([[docker-py|https://github.com/docker/docker-py]])|
|2020.07.15|Dark Reading| → [[New Attack Technique Uses Misconfigured Docker API|https://www.darkreading.com/attacks-breaches/new-attack-technique-uses-misconfigured-docker-api/d/d-id/1338366]]|Docker API Attack|
|2020.07.16|Container Journal| → [[Aqua Security Surfaces Threat to Container Hosts|https://containerjournal.com/topics/container-security/aqua-security-surfaces-threat-to-container-hosts/]]|Docker API Attack|
|2020.07.16|//Check Point//|[[Fixing the Zoom 'Vanity Clause' - Check Point and Zoom collaborate to fix Vanity URL issue|https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/]]|Zoom Flaw|
|2020.05.16|//Threatpost//| → [[Zoom Addresses Vanity URL Zero-Day|https://threatpost.com/zoom-vanity-url-zero-day/157510/]]|Zoom Flaw|
|2020.05.17|Security Week| → [[Zoom's Vanity URLs Could Have Been Abused for Phishing Attacks|https://www.securityweek.com/zooms-vanity-urls-could-have-been-abused-phishing-attacks]]|Zoom Flaw|
===
** __Attacks__: Ransomware attack against Blackbaud+++^*[»]>
|2020.07.16|//Blackbaud//|![[Learn more about the Ransomware attack we recently stopped|https://www.blackbaud.com/securityincident]] |Ransomware|
|2020.07.17|ZDnet| → [[Cloud provider stopped ransomware attack but had to pay ransom demand anyway|https://www.zdnet.com/article/cloud-provider-stopped-ransomware-attack-but-had-to-pay-ransom-demand-anyway/]]|Ransomware|
|2020.07.17|The Register| → [[Cloud biz Blackbaud caved to ransomware gang's demands - then neglected to inform customers for two months|https://www.theregister.com/2020/07/17/blackbaud_paid_ransomware/]]|Ransomware|
===
** Some Cloud Threats(Tripwire)+++^*[»]>
|2020.07.14|//Tripwire//|[[6 Cloud Security Threats Healthcare Companies May Face - With Solutions|https://www.tripwire.com/state-of-security/featured/6-cloud-security-threats-healthcare-companies-face-solutions/]] |Threats|
===
* __Outages__
** Cloudflare+++^*[»]>
|2020.07.17|//Cloudflare//|[[Cloudflare outage on July 17, 2020|https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/]]|Outage Cloudflare|
|2020.07.17|Bleeping Computer| → [[Cloudflare outage takes down Discord, BleepingComputer, and other sites|https://www.bleepingcomputer.com/news/technology/cloudflare-outage-takes-down-discord-bleepingcomputer-and-other-sites/]]|Outage Cloudflare|
===
* __Miscellaneous__
** Additional relevant 'Cloud and Security' Weekly Watch: ''TL;DR Security'' and ''The Cloud Security Reading List''+++^*[»]
|2020.07.15|TL;DR Security|[[#43 - Continuous AppSec Scanning, Threat Modeling, Career Advice from Feynman|https://tldrsec.com/blog/tldr-sec-043/]] |Weekly_Newsletter|
|2020.07.19|Marco Lancini|[[The Cloud Security Reading List #46|https://cloudseclist.com/issues/issue-46/]] |Weekly_Newsletter|
===
** Podcast: 'Operational Technology vs. Information Technology'+++^*[»]
|2020.07.19|Cloud Security Podcast|[[Cloud Security in Operational Technology vs Information Technology world - Parul Kharub, CISSP|https://anchor.fm/cloudsecuritypodcast/episodes/Cloud-Security-in-Operational-Technology-vs-Information-Technology-world---Parul-Kharub--CISSP-egua8e]]|Podcast|
===
** AWS: Retroactive encryption in S3+++^*[»]
|2020.07.13|//Amazon AWS//|[[How to retroactively encrypt existing objects in Amazon S3 using S3 Inventory, Amazon Athena, and S3 Batch Operations|https://aws.amazon.com/blogs/security/how-to-retroactively-encrypt-existing-objects-in-amazon-s3-using-s3-inventory-amazon-athena-and-s3-batch-operations/]] |AWS Encryption|
===
** Azure: Updates in protection for Azure Storage, O365 Admin Resources (Varonis)+++^*[»]
|2020.07.17|//Varonis//|![[Office 365 Admin Resource Center|https://www.varonis.com/blog/office-365-admin/]] |O365|
|2020.07.13|//Microsoft Azure//|[[Azure Files support and new updates in advanced threat protection for Azure Storage|https://azure.microsoft.com/en-us/blog/azure-files-support-and-new-updates-in-advanced-threat-protection-for-azure-storage/]]|Azure Storage|
|2020.07.13|Bleeping Computer| → [[Microsoft extends security for Azure Storage file shares, data lakes|https://www.bleepingcomputer.com/news/security/microsoft-extends-security-for-azure-storage-file-shares-data-lakes/]]|Azure Storage|
===
** GCP: OnAir conference, Confidential VMs, Assured Workloads for Government+++^*[»]
|2020.07.17|//Google Cloud//|[[Everything you need to know about week 1 of Google Cloud Nest'20: OnAir|https://cloud.google.com/blog/topics/google-cloud-next/what-happened-week1-of-google-cloud-next20-onair/]]|GCP Conference|
|2020.07.16|//Google Cloud//|[[Complete list of announcements from Google Cloud Nest'20: OnAir|https://cloud.google.com/blog/topics/google-cloud-next/complete-list-of-announcements-from-google-cloud-next20-onair/]]|GCP Conference|
|2020.07.15|//Google Cloud//|[[Google Cloud Next '20: OnAir begins July 14, 2020|https://cloud.google.com/blog/topics/google-cloud-next/google-cloud-next20-onair-begins-july-14-2020/]]|GCP Conference|
|2020.07.14|Silicon Angle|[[Google debuts Confidential VMs that keep data encrypted while it's in use|https://siliconangle.com/2020/07/14/google-debuts-confidential-vms-keep-data-encrypted-use/]] |GCP Confidential_Computing|
|2020.07.14|Container Journal| → [[How to Secure Containers for Cybersecurity|https://containerjournal.com/topics/container-security/how-to-secure-containers-for-cybersecurity/]] |Containers|
|2020.07.14|//Google Cloud//|![[Introducing Google Cloud Confidential Computing with Confidential VMs|https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms/]] |GCP Confidential_Computing|
|2020.07.14|//Duo//| → [[Google Debuts Confidential VMs to Protect Cloud Data in Use|https://duo.com/decipher/google-debuts-confidential-vms-to-protect-cloud-data-in-use]] |GCP Confidential_Computing|
|2020.07.14|Dark Reading| → [[Google Cloud Unveils 'Confidential VMs' to Protect Data in Use|https://www.darkreading.com/cloud/google-cloud-unveils-confidential-vms-to-protect-data-in-use/d/d-id/1338347]] |GCP Confidential_Computing|
|2020.07.14|Security Week| → [[Google Cloud Unveils Confidential VMs Powered by AMD EPYC Processors|https://www.securityweek.com/google-cloud-unveils-confidential-vms-powered-amd-epyc-processors]] |GCP Confidential_Computing|
|2020.07.14|Silicon Angle| → [[Google debuts Confidential VMs that keep data encrypted while it's in use|https://siliconangle.com/2020/07/14/google-debuts-confidential-vms-keep-data-encrypted-use/]] |GCP Confidential_Computing|
|2020.07.15|Silicon.fr[img[iCSF/flag_fr.png]]| → [[Google Cloud ouvre la voie à l'informatique "confidentielle"|https://www.silicon.fr/google-cloud-informatique-confidentielle-343296.html]] |GCP Confidential_Computing|
|2020.07.16|Le MagIT[img[iCSF/flag_fr.png]]| → [[Confidential VM : Google Cloud veut chiffrer les machines virtuelles en temps réel|https://www.lemagit.fr/actualites/252486220/Confidential-VM-Google-Cloud-veut-chiffrer-les-machines-virtuelles-en-temps-reel]] |Confidential_Computing|
|2020.07.14|//Google Cloud//|![[Assured Workloads for Government: Compliance without compromise|https://cloud.google.com/blog/products/identity-security/assured-workloads-for-government-compliance-without-compromise/]]|Workloads Government|
|2020.07.16|Security Week| → [[Google Cloud Unveils New Service for Government Workloads|https://www.securityweek.com/google-cloud-unveils-new-service-government-workloads]]|Workloads Government|
|2020.07.14|Container Journal| → [[Compliance without compromise: Introducing Assured Workloads for Government|https://containerjournal.com/news/news-releases/compliance-without-compromise-introducing-assured-workloads-for-government/]]|Workloads Government|
===
** Containers: Risks analysis (Tripwire)+++^*[»]
|2020.07.13|//Tripwire//|[[5 Risks You Need to Remember When Securing Your Containers|https://www.tripwire.com/state-of-security/featured/5-risks-securing-containers/]] |Risks|
===
** Kubernetes: Best Practices for Securing (Intezer), New Security Framework (Portshift), Threats persistence (StackRox), Problématiques de sécurité (Sentinel One)+++^*[»]
|2020.07.15|//Intezer//|![[Intezer - Best Practices for Securing a Kubernetes Environment|https://www.intezer.com/container-security/best-practices-for-securing-a-kubernetes-environment/]] |K8s Best_Practices|
|2020.07.19|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 4 - Privilege Escalation|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-4-privilege-escalation/]] (4/9)|Kubernetes Threats|
|2020.07.14|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 3 - Persistence|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-3-persistence/]] (3/9) |Kubernetes Treats|
|2020.07.13|//Container Journal//|[[Portshift Unveils Security Framework for Kubernetes Environments|https://containerjournal.com/topics/container-security/portshift-unveils-security-framework-for-kubernetes-environments/]] |K8s Products|
|2020.07.16|//Sentinel One//|![[Kubernetes Security Challenges, Risks, and Attack Vectors|https://www.sentinelone.com/blog/kubernetes-security-challenges-risks-and-attack-vectors/]] |K8s|
===
** Tools: Canary Tokens (Honeypot), Docker for Pentest, Kubebox+++^*[»]
|2020.07.17|0x00Sec|[[Canary Tokens - The Zero setup honeypot|https://0x00sec.org/t/canary-tokens-the-zero-setup-honeypot/22275/1]]|Honeypot|
|2020.07.18|KitPloit|[[Docker for Pentest - Image With The More Used Tools To Create A Pentest Environment Easily And Quickly|https://www.kitploit.com/2020/07/docker-for-pentest-image-with-more-used.html]]|Tools|
|2020.07.14|SecTechno|[[kubebox - Terminal and Web console for Kubernetes - SecTechno|https://sectechno.com/kubebox-terminal-and-web-console-for-kubernetes/]] |Tools|
===
** Oddities: looking for an expert with ''12 years'' experience with Kubernetes+++^*[»]
|2020.07.13|The Register|[[IBM job ad calls for 12 years' experience with Kubernetes - which is six years old|https://www.theregister.com/2020/07/13/ibm_kubernetes_experience_job_ad/]] |Fun|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K7J/|https://CloudSecurityAlliance.fr/go/K7J/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 19 juillet 2020
|!Juillet 2020|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.07.19|
|2020.07.19|Marco Lancini|[[The Cloud Security Reading List #46|https://cloudseclist.com/issues/issue-46/]] |Weekly_Newsletter|
|2020.07.19|Cloud Security Podcast|[[Cloud Security in Operational Technology vs Information Technology world - Parul Kharub, CISSP|https://anchor.fm/cloudsecuritypodcast/episodes/Cloud-Security-in-Operational-Technology-vs-Information-Technology-world---Parul-Kharub--CISSP-egua8e]]|Podcast|
|2020.07.19|Andrew Brown|[[CloudWatch Alarm - Anatomy of an Alarm|https://twitter.com/andrewbrown/status/1284672904878346240]]|AWS Alarms|
|2020.07.19|//Tripwire//|[[Top 5 Cybersecurity Risks with Cloud Migration|https://www.tripwire.com/state-of-security/featured/top-5-cybersecurity-risks-cloud-migration/]]|Migration Risks|
|2020.07.19|//Tripwire//|[[Cloud Account Security - Are You Ready To Automate?|https://www.tripwire.com/state-of-security/featured/ready-automate-cloud-account-security/]]|Accounts Automation|
|2020.07.19|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 4 - Privilege Escalation|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-4-privilege-escalation/]] (4/9)|Kubernetes Threats|
|2020.07.19|//Alcide//|![[New Kubernetes API Server Vulnerability Enables Privileges Escalation (CVE-2020-8559)|https://blog.alcide.io/new-kubernetes-api-server-vulnerability-enables-privileges-escalation-cve-2020-8559]] |K8s CVE-2020-8559|
|>|>|>|!2020.07.18|
|2020.07.18|KitPloit|[[Docker for Pentest - Image With The More Used Tools To Create A Pentest Environment Easily And Quickly|https://www.kitploit.com/2020/07/docker-for-pentest-image-with-more-used.html]]|Tools|
|2020.07.18|//Google Cloud//|[[How businesses can transform digitally with Google Cloud|https://cloud.google.com/blog/topics/inside-google-cloud/how-businesses-can-transform-digitally-with-google-cloud/]]|GCP Conference|
|2020.07.18|n0secure.org|[[K3S/Velero|https://www.n0secure.org/2020/07/k3s-velero-a-long-way-to-devsecops-episode-6.html]] |DevSecOps|
|>|>|>|!2020.07.17|
|2020.07.17|Informatique News[>img[iCSF/flag_fr.png]]|[[Alsid renforce sa solution SaaS de sécurisation de l'Active Directory|https://www.informatiquenews.fr/alsid-renforce-sa-solution-saas-de-securisation-de-lactive-directory-71913]] |Azure AD Products|
|2020.07.17|//Cloudflare//|[[Cloudflare outage on July 17, 2020|https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/]]|Outage Cloudflare|
|2020.07.17|Bleeping Computer| → [[Cloudflare outage takes down Discord, BleepingComputer, and other sites|https://www.bleepingcomputer.com/news/technology/cloudflare-outage-takes-down-discord-bleepingcomputer-and-other-sites/]]|Outage Cloudflare|
|2020.07.17|Info Security Mag|[[Cloud Configuration Error Exposes Over 260,000 Actors|https://www.infosecurity-magazine.com/news/cloud-configuration-error-exposes/]]|Misconfiguration|
|2020.07.17|BetaNews|[[Why DevOps teams need to take container security seriously [Q&A]|https://betanews.com/2020/07/17/devops-container-security-q7a/]] |Containers DevSecOps|
|2020.07.17|SecTechno|[[CloudMapper - Analyze your Amazon Web Services (AWS)|https://sectechno.com/cloudmapper-analyze-your-amazon-web-services-aws/]]|Tools AWS|
|2020.07.17|0x00Sec|[[Canary Tokens - The Zero setup honeypot|https://0x00sec.org/t/canary-tokens-the-zero-setup-honeypot/22275/1]]|Honeypot|
|2020.07.17|//Google Cloud//|[[3 business continuity challenges SAP customers face, and how Google Cloud can help|https://cloud.google.com/blog/products/sap-google-cloud/business-continuity-challenges-sap-customers-face-and-how-google-cloud-can-help/]] |GCP SAP|
|2020.07.17|//Google Cloud//|[[Everything you need to know about week 1 of Google Cloud Nest'20: OnAir|https://cloud.google.com/blog/topics/google-cloud-next/what-happened-week1-of-google-cloud-next20-onair/]]|GCP Conference|
|2020.07.17|GovLoop|[[Protecting Data in the Cloud Era|https://www.govloop.com/moving-forward-with-data-protection-at-your-agency/]] |Data_Protection|
|2020.07.17|//Security Intelligence//|[[Mitigating Container Risk Requires a Comprehensive Approach|https://securityintelligence.com/posts/mitigating-containers-risk-requires-comprehensive-approach/]] |containers|
|2020.07.17|//Varonis//|![[Office 365 Admin Resource Center|https://www.varonis.com/blog/office-365-admin/]] |O365|
|2020.07.17|BetaNews|[[The questions to ask to avoid cloud trade-offs|https://betanews.com/2020/07/17/avoid-cloud-trade-offs/]]|Misc|
|2020.05.18|//Iland//| → [[The questions to ask to avoid cloud trade-offs|https://blog.iland.com/cloud/the-questions-to-ask-to-avoid-cloud-trade-offs/]]|Misc|
|2020.07.17|//Praetorian//|[[Leveraging DevSecOps Practices to Secure Red Team Infrastructure|https://www.praetorian.com/blog/leveraging-devsecops-practices-to-manage-red-team-infrastructure]]|DevSecOps|
|>|>|>|!2020.07.16|
|2020.07.16|CLUSIF[>img[iCSF/flag_fr.png]]|[[Sécurité du Cloud : Panorama des référentiels|https://clusif.fr/publications/securite-du-cloud-panorama-des-referentiels/]] |Report|
|2020.07.16|Cour de justice de l'Union Européenne|![[La Cour invalide la décision 2016/1250 relative à l'adéquation de la protection assurée par le bouclier de protection des données UE-États-Unis|https://curia.europa.eu/jcms/jcms/p1_3117870/en/]] (Arrêt [[en français (pdf)|https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091fr.pdf]] et [[en anglais|https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091en.pdf]]) |Privacy_Shield|
|2020.07.16|Francoise Gilbert| → [[European Court of Justice Decision Creates Havoc in Global Digital Exchanges: One Shot Down, One seriously Injured; 5,300 Stranded|https://www.francoisegilbert.com/?p=1497]]|Privacy_Shield|
|2020.07.16|Dark Reading|[[EU Court Ruling Means New Global Protections for EU Customer Data|https://www.darkreading.com/endpoint/privacy/eu-court-ruling-means-new-global-protections-for-eu-customer-data/d/d-id/1338374]]|Privacy_Shield|
|2020.07.16|//BH Consulting//| → [[Todays ECJ Privacy Shield ruling|https://bhconsulting.ie/todays-ecj-privacy-shield-ruling/]]|Privacy_Shield|
|2020.07.17|Garance Mathias| → [[Invalidation du Privacy Shield, que retenir ?|https://www.avocats-mathias.com/actualites/invalidation-du-privacy-shield-que-retenir]]|Privacy_Shield|
|2020.07.17|//Google Cloud//| → [[Google Cloud's Commitment to EU International Data Transfers and the CJEU Ruling|https://cloud.google.com/blog/products/identity-security/google-clouds-commitment-to-eu-international-data-transfers-and-the-cjeu-ruling]]|Privacy_Shield|
|2020.07.16|MSSP Alert|[[Educating Clients about O365 and G Suite Cloud Data Loss |https://www.msspalert.com/cybersecurity-guests/educating-clients-about-o365-and-g-suite-cloud-data-loss/]] |O365 GCP Data_Loss|
|2020.07.16|Thomas Naunheim|[[Azure AD B2B: Security considerations to protect external (privileged) identities|https://www.cloud-architekt.net/azuread-b2b-security-considerations/]] |AzureAD Indentity|
|2020.07.16|GovLoop|[[Why Zero Trust Today?|https://www.govloop.com/why-zero-trust-today/]] |Zero_Trust|
|2020.07.16|//TechBeacon//|[[A container security checklist: 5 key questions to answer|https://techbeacon.com/security/container-security-checklist-5-key-questions-answer]]|Containers|
|2020.07.16|//Check Point//|[[Fixing the Zoom 'Vanity Clause' - Check Point and Zoom collaborate to fix Vanity URL issue|https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/]]|Zoom Flaw|
|2020.05.16|//Threatpost//| → [[Zoom Addresses Vanity URL Zero-Day|https://threatpost.com/zoom-vanity-url-zero-day/157510/]]|Zoom Flaw|
|2020.05.17|GBHackers on security| → [[A New Zoom URL Flaw Let Hackers Mimic Organization's Invitation Link|https://gbhackers.com/zoom-url-flaw/]]|Zoom Flaw|
|2020.05.17|Security Week| → [[Zoom's Vanity URLs Could Have Been Abused for Phishing Attacks|https://www.securityweek.com/zooms-vanity-urls-could-have-been-abused-phishing-attacks]]|Zoom Flaw|
|2020.07.16|//Blackbaud//|![[Learn more about the Ransomware attack we recently stopped|https://www.blackbaud.com/securityincident]] |Ransomware|
|2020.07.17|ZDnet| → [[Cloud provider stopped ransomware attack but had to pay ransom demand anyway|https://www.zdnet.com/article/cloud-provider-stopped-ransomware-attack-but-had-to-pay-ransom-demand-anyway/]]|Ransomware|
|2020.07.17|The Register| → [[Cloud biz Blackbaud caved to ransomware gang's demands - then neglected to inform customers for two months|https://www.theregister.com/2020/07/17/blackbaud_paid_ransomware/]]|Ransomware|
|2020.07.20|Security Week| → [[Cloud Company Blackbaud Pays Ransomware Operators to Avoid Data Leak|https://www.securityweek.com/cloud-company-blackbaud-pays-ransomware-operators-avoid-data-leak]]|Ransomware|
|2020.07.16|//Google Cloud//|[[Complete list of announcements from Google Cloud Nest'20: OnAir|https://cloud.google.com/blog/topics/google-cloud-next/complete-list-of-announcements-from-google-cloud-next20-onair/]]|GCP Conference|
|2020.07.16|//Padok//|[[How to simplify complex authentication with AWS profiles?|https://www.padok.fr/en/blog/authentication-aws-profiles]] |AWS Profiles|
|2020.07.16|//Radware//|[[Why You Should Reconsider DDoS Mitigation from Public Cloud Providers|https://blog.radware.com/security/ddosattacks/2020/07/why-you-should-reconsider-ddos-mitigation-from-public-cloud-providers/]] |DDoS|
|2020.07.16|//Microsoft Azure//|[[Running SD-WAN virtual appliances natively in Azure Virtual WAN|https://azure.microsoft.com/blog/running-sdwan-virtual-appliances-natively-in-azure-virtual-wan/]] |Azure SD-WAN|
|2020.07.16|//Amazon AWS//|[[How to use Amazon AppStream 2.0 to reduce your bastion host attack surface|https://aws.amazon.com/blogs/security/how-to-use-amazon-appstream-2-0-to-reduce-your-bastion-host-attack-surface/]] |Bastion Attack_surface|
|2020.07.16|//Amazon AWS//|[[Learn and use 13 AWS security tools to implement SEC recommended protection of stored customer data in the cloud|https://aws.amazon.com/blogs/security/learn-and-use-13-aws-security-tools-to-implement-sec-recommended-protection-stored-customer-data-cloud/]] |AWS SEC Tools|
|2020.07.16|//Sentinel One//|![[Kubernetes Security Challenges, Risks, and Attack Vectors|https://www.sentinelone.com/blog/kubernetes-security-challenges-risks-and-attack-vectors/]] |K8s|
|2020.07.16|//Alcide//|![[New Kubernetes Node Storage-based DoS Vulnerability (CVE-2020-8557)|https://blog.alcide.io/new-kubernetes-node-storage-based-dos-vulnerability-cve-2020-8557]] |K8s CVE-2020-8557|
|2020.07.16|//AppOmni//|[[Whitepaper - Saas Security Primer|https://appomni.com/saas-security-primer-white-paper/]]|SaaS Whitepaper|
|2020.07.16|//Dark Trace//|[[Darktrace email finds: Microsoft Teams impersonation|https://www.darktrace.com/en/blog/darktrace-email-finds-microsoft-teams-impersonation/]]|Teams Attacks|
|2020.07.16|//DZone//|[[When Malware Abused Docker|https://dzone.com/articles/when-malware-abused-docker]]|Docker Malware|
|2020.01.04|//AppFleet//| → [[Automatically Scan Your Docker Images for Vulnerabilities With AWS ECR|https://appfleet.com/blog/automatic-vulnerability-scanning-for/]]|Docker Malware|
|2020.07.16|//CipherCloud//|[[CipherCloud Chronicles #2: The story of CISO and the breached multi-clouds|https://www.ciphercloud.com/ciphercloud-chronicles-2-story-of-ciso-and-the-breached-clouds/]]|Awareness|
|2020.07.16|//Banzai Cloud//|[[Introduction to Istio access control|https://banzaicloud.com/blog/istio-authorization-policies/]]|Istio Products|
|2020.07.16|//DataBricks//|![[How to Use the Bucket Brigade to Secure Your Public AWS S3 Buckets|https://databricks.com/blog/2020/07/16/bucket-brigade-securing-public-s3-buckets.html]] |Aws_S3|
|2020.07.16|//ArmorBlox//|[[Blox Tales #8: Amazon Credential Phishing|https://www.armorblox.com/blog/blox-tales-8-amazon-credential-phishing/]]|Phishing Amazon|
|>|>|>|!2020.07.15|
|2020.07.15|TL;DR Security|[[#43 - Continuous AppSec Scanning, Threat Modeling, Career Advice from Feynman|https://tldrsec.com/blog/tldr-sec-043/]] |Weekly_Newsletter|
|2020.07.15|Jan Harrie|![[Container Breakouts - Part 1: Access to root directory of the Host|https://blog.nody.cc/posts/container-breakouts-part1/]] (1/3) |Containers|
|2020.07.15|Thomas Naunheim|[[Cloud Identity Summit 2020 goes virtual…and global!|https://www.cloud-architekt.net/cloud-identity-summit-goes-virtual/]] |Identity|
|2020.07.15|CIO Dive|[[Why cloud needs a new approach to cybersecurity|https://www.cio.com/article/3563343/why-cloud-needs-a-new-approach-to-cybersecurity.html]]|Misc|
|2020.07.15|//Aqua Security//|![[Threat Alert: Attacker Building Malicious Images Directly on Your Host|https://blog.aquasec.com/malicious-container-image-docker-container-host]] ([[docker-py|https://github.com/docker/docker-py]])|
|2020.07.15|Dark Reading| → [[New Attack Technique Uses Misconfigured Docker API|https://www.darkreading.com/attacks-breaches/new-attack-technique-uses-misconfigured-docker-api/d/d-id/1338366]]|Docker API Attack|
|2020.07.16|Container Journal| → [[Aqua Security Surfaces Threat to Container Hosts|https://containerjournal.com/topics/container-security/aqua-security-surfaces-threat-to-container-hosts/]]|Docker API Attack|
|2020.07.15|//CloudPassage//|[[2020 AWS Cloud Security Report|https://www.cloudpassage.com/lp/2020-aws-cloud-security-report/]]|Report|
|2020.07.15|//Cloud Management Insider//|[[AWS CloudTrail - Explored!|https://www.cloudmanagementinsider.com/aws-cloudtrail-explored/]] |AWS CloudTrail|
|2020.07.15|//Intezer//|![[Intezer - Best Practices for Securing a Kubernetes Environment|https://www.intezer.com/container-security/best-practices-for-securing-a-kubernetes-environment/]] |K8s Best_Practices|
|2020.07.15|//Alcide//|[[Ensuring In-flight Kubernetes Security|https://blog.alcide.io/ensuring-in-flight-kubernetes-security]] |K8s|
|2020.07.15|//AT&T//|[[Security as a Service explained|https://cybersecurity.att.com/blogs/security-essentials/security-as-a-service-explained]] |SaaS|
|2020.07.14|//Tripwire//|[[6 Cloud Security Threats Healthcare Companies May Face - With Solutions|https://www.tripwire.com/state-of-security/featured/6-cloud-security-threats-healthcare-companies-face-solutions/]] |Threats|
|2020.07.15|//Microsoft//|[[Prevent and detect more identity-based attacks with Azure Active Directory twitter|https://www.microsoft.com/security/blog/2020/07/15/prevent-identity-attacks-azure-active-directory/]] |AzureAD Identity Attacks|
|2020.07.15|//Amazon AWS//|[[OSPAR 2020 report now available with 105 services in scope|https://aws.amazon.com/blogs/security/ospar-2020-report-now-available-with-105-services-in-scope/]] |Report AWS|
|>|>|>|!2020.07.14|
|2020.07.16|Le MagIT[>img[iCSF/flag_fr.png]]|[[Confidential VM : Google Cloud veut chiffrer les machines virtuelles en temps réel|https://www.lemagit.fr/actualites/252486220/Confidential-VM-Google-Cloud-veut-chiffrer-les-machines-virtuelles-en-temps-reel]] |Confidential_Computing|
|2020.07.14|CircleID|![[DNS: An Essential Component of Cloud Computing|http://www.circleid.com/posts/20200714-dns-an-essential-component-of-cloud-computing/]] |!DNS|
|2020.07.14|SecTechno|[[kubebox - Terminal and Web console for Kubernetes - SecTechno|https://sectechno.com/kubebox-terminal-and-web-console-for-kubernetes/]] |Tools|
|2020.07.14|Security Week|[[Cloud Application Security Firm Traceable Emerges From Stealth Mode|https://www.securityweek.com/cloud-application-security-firm-traceable-emerges-stealth-mode]] |Market|
|2020.07.14|Dark Reading|[[Google Cloud Unveils 'Confidential VMs' to Protect Data in Use|https://www.darkreading.com/cloud/google-cloud-unveils-confidential-vms-to-protect-data-in-use/d/d-id/1338347]] |GCP Confidential_Computing|
|2020.07.14|Security Week|[[Google Cloud Unveils Confidential VMs Powered by AMD EPYC Processors|https://www.securityweek.com/google-cloud-unveils-confidential-vms-powered-amd-epyc-processors]] |GCP Confidential_Computing|
|2020.07.14|Security Boulevard|[[Why Your Cloud Apps Deserve Better Data Protection|https://securityboulevard.com/2020/07/why-your-cloud-apps-deserve-better-data-protection/]] |Data_Protection|
|2020.07.14|Container Journal| → [[How to Secure Containers for Cybersecurity|https://containerjournal.com/topics/container-security/how-to-secure-containers-for-cybersecurity/]] |Containers|
|2020.07.14|Dark Reading|[[DevSecOps Requires a Different Approach to Security|https://www.darkreading.com/application-security/devsecops-requires-a-different-approach-to-security/d/d-id/1338353]] ||
|2020.07.14|//Palo Alo networks//|[[Join the Adventures of the Cloud Defenders|https://blog.paloaltonetworks.com/2020/07/cloud-defenders-adventure/]]|Awareness|
|2020.07.14|Container Journal|[[Thycotic Extends Secrets Management Reach to Kubernetes|https://containerjournal.com/topics/container-security/thycotic-extends-secrets-management-reach-to-kubernetes/]] |K8s|
|2020.07.14|BetaNews|[[New security platform traces end-to-end cloud app activity|https://betanews.com/2020/07/14/cloud-app-activity-tracing/]] |!TBD|
|2020.07.14|//StackRox//|[[Protecting Against Kubernetes Threats: Chapter 3 - Persistence|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-3-persistence/]] (3/9) |Kubernetes Treats|
|2020.07.14|//Palo Alto Networks//|[[Bringing High-Fidelity Threat Intelligence to Prisma Cloud|https://blog.paloaltonetworks.com/2020/07/cloud-autofocus-prisma-integration/]] |Visma Products|
|2020.07.14|//Google Cloud//|![[Introducing Google Cloud Confidential Computing with Confidential VMs|https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-confidential-computing-with-confidential-vms/]] |GCP Confidential_Computing|
|2020.07.14|//Duo//| → [[Google Debuts Confidential VMs to Protect Cloud Data in Use|https://duo.com/decipher/google-debuts-confidential-vms-to-protect-cloud-data-in-use]] |GCP Confidential_Computing|
|2020.07.14|Dark Reading| → [[Google Cloud Unveils 'Confidential VMs' to Protect Data in Use|https://www.darkreading.com/cloud/google-cloud-unveils-confidential-vms-to-protect-data-in-use/d/d-id/1338347]] |GCP Confidential_Computing|
|2020.07.14|Security Week| → [[Google Cloud Unveils Confidential VMs Powered by AMD EPYC Processors|https://www.securityweek.com/google-cloud-unveils-confidential-vms-powered-amd-epyc-processors]] |GCP Confidential_Computing|
|2020.07.14|Silicon Angle| → [[Google debuts Confidential VMs that keep data encrypted while it's in use|https://siliconangle.com/2020/07/14/google-debuts-confidential-vms-keep-data-encrypted-use/]] |GCP Confidential_Computing|
|2020.07.15|Silicon.fr[img[iCSF/flag_fr.png]]| → [[Google Cloud ouvre la voie à l'informatique "confidentielle"|https://www.silicon.fr/google-cloud-informatique-confidentielle-343296.html]] |GCP Confidential_Computing|
|2020.07.16|Le MagIT[img[iCSF/flag_fr.png]]| → [[Confidential VM : Google Cloud veut chiffrer les machines virtuelles en temps réel|https://www.lemagit.fr/actualites/252486220/Confidential-VM-Google-Cloud-veut-chiffrer-les-machines-virtuelles-en-temps-reel]] |Confidential_Computing|
|2020.07.14|//Google Cloud//|![[Assured Workloads for Government: Compliance without compromise|https://cloud.google.com/blog/products/identity-security/assured-workloads-for-government-compliance-without-compromise/]]|Workloads Government|
|2020.07.16|Security Week| → [[Google Cloud Unveils New Service for Government Workloads|https://www.securityweek.com/google-cloud-unveils-new-service-government-workloads]]|Workloads Government|
|2020.07.14|Container Journal| → [[Compliance without compromise: Introducing Assured Workloads for Government|https://containerjournal.com/news/news-releases/compliance-without-compromise-introducing-assured-workloads-for-government/]]|Workloads Government|
|2020.07.14|//CCSI//|[[How to Stop Data Breaches of Your Cloud Data|https://www.ccsinet.com/blog/data-breaches-cloud-data/]]|Data_Breach|
|2020.07.14|//Oracle Cloud//|[[Quick Tip #1 - Accessing your Identity Cloud Service friendly URL|https://blogs.oracle.com/cloudsecurity/accessing-your-identity-cloud-service-friendly-url-v2]] (1)|OracleCloud Tips|
|2020.07.14|//Verisign//|[[DNS: An Essential Component of Cloud Computing|https://blog.verisign.com/domain-names/dns-an-essential-component-of-cloud-computing/]]|!DNS|
|2020.07.14|//SpecterOps//|[[https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30]]|!|
|>|>|>|!2020.07.13|
|2020.07.13|The Register|[[IBM job ad calls for 12 years' experience with Kubernetes - which is six years old|https://www.theregister.com/2020/07/13/ibm_kubernetes_experience_job_ad/]] |Fun|
|2020.07.13|Bleeping Computer|[[Microsoft Office 365 will add support for disposable emails|https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-will-add-support-for-disposable-emails/]] |0365|
|2020.07.13|Dark Reading|[[Zero-Trust Efforts Rise with the Tide of Remote Working|https://www.darkreading.com/perimeter/zero-trust-efforts-rise-with-the-tide-of-remote-working/d/d-id/1338343]] |Reports|
|2020.07.13|//DZone//|[[Automatically Scan Your Docker Images for Vulnerabilities With AWS ECR|https://dzone.com/articles/automatically-scan-your-docker-images-for-vulnerab]]|AWS Docker Scans|
|2020.01.04|//AppFleet//| → [[Automatically Scan Your Docker Images for Vulnerabilities With AWS ECR|https://appfleet.com/blog/automatic-vulnerability-scanning-for/]]|AWS Docker Scans|
|2020.07.13|//Security Intelligence//!|[[Six Ways to Solve Challenges in Securing Data in a Multicloud Environment|https://securityintelligence.com/posts/overcoming-data-security-challenges-hybrid-multicloud-world/]] |Multi_Cloud|
|2020.07.13|//Check Point//|[[Top 4 Reasons Why Serverless Is Secure|https://blog.checkpoint.com/2020/07/13/top-4-reasons-why-serverless-is-secure/]]|Serverless|
|2020.07.13|//Container Journal//|[[Portshift Unveils Security Framework for Kubernetes Environments|https://containerjournal.com/topics/container-security/portshift-unveils-security-framework-for-kubernetes-environments/]] |K8s Products|
|2020.07.13|//Tripwire//|[[5 Risks You Need to Remember When Securing Your Containers|https://www.tripwire.com/state-of-security/featured/5-risks-securing-containers/]] |Risks|
|2020.07.13|//Amazon AWS//|[[How to retroactively encrypt existing objects in Amazon S3 using S3 Inventory, Amazon Athena, and S3 Batch Operations|https://aws.amazon.com/blogs/security/how-to-retroactively-encrypt-existing-objects-in-amazon-s3-using-s3-inventory-amazon-athena-and-s3-batch-operations/]] |AWS Encryption|
|2020.07.15|//Google Cloud//|[[Google Cloud Next '20: OnAir begins July 14, 2020|https://cloud.google.com/blog/topics/google-cloud-next/google-cloud-next20-onair-begins-july-14-2020/]]|GCP Conference|
|2020.07.13|//Microsoft Azure//|[[Azure Files support and new updates in advanced threat protection for Azure Storage|https://azure.microsoft.com/en-us/blog/azure-files-support-and-new-updates-in-advanced-threat-protection-for-azure-storage/]]|Azure Storage|
|2020.07.13|Bleeping Computer| → [[Microsoft extends security for Azure Storage file shares, data lakes|https://www.bleepingcomputer.com/news/security/microsoft-extends-security-for-azure-storage-file-shares-data-lakes/]]|Azure Storage|
|2020.07.13|//Anchore//|[[Anchore and Azure DevOps: Part 2|https://anchore.com/blog/anchore-azure-devops-part-2/]] (2/2)|Azure DevOps|
|2020.07.13|The Register|[[IBM job ad calls for 12 years' experience with Kubernetes - which is six years old|https://www.theregister.com/2020/07/13/ibm_kubernetes_experience_job_ad/]]|Jobs Kubernetes Fun|
|2020.07.13|//CloudSecurityPass//|[[CCSK - summer 2020|https://cloudsecuritypass.com/ccsk/ccsk-summer-2020/]]|CCSK Training|
|2020.07.13|//Office 365 Blog//|[[Unnoticed sidekick: Getting access to cloud as an on-prem admin|https://o365blog.com/post/on-prem_admin/]] (5/5)|AzureAD Kill_Chain|
<<tiddler [[arOund0C]]>>
!"//EU Court of Justice Decision - Privacy Shield Invalidated; Standard Clauses Challenged??//"
Article publié le 16 juillet 2020 — Rédigé par Francoise Gilbert, CEO, DataMinding, Inc.
<<<
[>img(200px,auto)[iCSA/K7GBE.jpg]]//!!European Court of Justice Schrems 2 Decision Creates Havoc in Global Digital Exchanges: Significant Challenges to Privacy Shield and Standard Contractual Clauses Users
For months, the global digital trade community has been awaiting the decision of the European Court of Justice (CJEU) in the "Schrems 2" case, a case that focused on conditions for the transfer of personal data from the European Union to the United States. The details of the original complaint that was filed initially against Facebook by Maximillian Schrems have become almost irrelevant because the decision affects countless organizations located throughout the world. The major question was whether standard contractual clauses (SCC) used as a means of establishing "adequate protection" of personal data transferred from data exporters located in the European Union or European Economic Area did in fact result in that expected "adequate protection". The CJEU decision is comprised of two elements:
* The EU-US Privacy Shield is invalidated
* The Standard Contractual Clauses Controller to Processor are upheld, but they are facing major challenges and hurdles
''In its decision published on July 16, the Court of Justice of the European Union looked at both the EU-US Privacy Shield and the SCCs. It invalidated the Privacy Shield, thereby destroying the virtual bridge that allowed 5,378 US based organizations that have certified to Privacy Shield to conduct business with entities located in the European Union and European Economic Area''. It preserved, but created significant challenges to the SCC (Controller to Processor) ecosystem by creating new constraints and obstacles, to the countless organizations located both in the US and abroad, in their global digital trade with their European Partners.
!!The Basic Premise
The premise of the decision is that currently the US national security, public interest and law enforcement laws, have primacy over the fundamental rights of persons whose personal data are transferred to the US. They do not take into account the principles of proportionality and are not limited to collecting only that data which is necessary. In addition, according to the EUCJ decision, US law does not grant data subjects actionable rights before the courts against US authorities.
!!EU-US Privacy Shield Invalidation
The EUCJ determined that the protection provided to personal data in the United States is inadequate to meet the level of protection of privacy and privacy rights guaranteed in the EU by the GDPR and the EU Charter of Fundamental rights.
According to the decision, the US surveillance programs are not limited to what is strictly necessary, and the United States does not grant data subject actional rights against the US authorities. Further, the Ombudsperson program does not provide data subjects with any cause of action before a body that offers guarantees substantially equivalent to those required by EU law. Therefore, the EU-US Privacy Shield is no longer a legal instrument for the transfer of personal data from the EU to the US.
The immediate consequence of the invalidation of the EU-US Privacy Shield is that more than 5,000 US organizations, and their trading partners throughout the European Union and the European Economic Area are left stranded with no way out. The invalidation declared by the EUCJ take immediate effect. These transfers must cease. This is likely to prove a catastrophic hurdle for many companies already weakened by the Covid pandemic.
!!Standard Contractual Clauses
The Standard Contractual Clauses for the transfer of personal data to processors established in third countries remain valid. However, the Court found that, before a transfer of data may occur, there must be a prior assessment of the context of each individual transfer, that evaluates the laws of the country where the recipient is based, the nature of the data to be transferred, the privacy risks to such data, and any additional safeguards adopted by the parties to ensure that the data will receive adequate protection, as defined under EU Law. Further, the data importer is required to inform the data exporter of any inability to comply with the standard data protection clauses. If such protection is lacking the parties are obligated to suspend the transfer, or terminate the contract. Thus, while the SCC (controller-to-processor) remain valid, their continued validity is subject to an additional step: the obligation to conduct the equivalent of a data protection impact assessment to ensure that the adequate protection is and will be provided.
!!What's Next?
* Organizations that exchange or have access to personal data of residents of the EU or EEA should promptly ''assess the mechanisms currently in place to ensure the legality of their transfer of personal data outside the European Union.''
* If the organization has relied only on the EU-US Privacy Shield as a mechanism to ensure the legality of its personal data transfers, it should ''immediately halt the transfer of personal data out of the EU''. It should evaluate alternative means, most likely in the form of Standard Contractual Clauses. For transfers that cannot be covered by SCCs, derogations under Article 49 of the GDPR might apply.
* If the organization - whether located in the United States, or anywhere in the world - has already in place SCC, the EUCJ decision adds a significant hurdle in the form of a requirement for a prior evaluation of the protection to be offered to individuals.
* As always, ensure that these decisions and analysis are adequately documented, and proper records kept.
* Remember to ensure integration and consistency with existing documents such as the organization's privacy policy or its records of processing activities.
* Stay informed of the developments in the next few days. It is expected that EU/EEA member state data supervisory authorities will publish useful guidance on how to react to the decision. Some have already published comments and provided guidance.
//[...]
<<<
__Liens :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k7gq/|https://CloudSecurityAlliance.fr/go/k7gq/]]''
* Article sur le site de Francoise Gilbert ⇒ ''[[CloudSecurityAlliance.fr/go/k7gz/|https://CloudSecurityAlliance.fr/go/k7gz/]]''
* [>img[iCSF/CoJotEU.png]]Jugement de la Cour de justice de l'Union Européenne :
** Communiqué de Presse n° 91/20 du 16 juillet 2020
** Arrêt dans l'affaire C-311/18 Data Protection Commissioner/Maximillian Schrems et Facebook Ireland
** La Cour invalide la décision 2016/1250 relative à l'adéquation de la protection assurée par le bouclier de protection des données UE-États-Unis
*** version {{arOund{FRA}}} ⇒ https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091fr.pdf
*** version {{arOund{ENG}}} ⇒ https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091en.pdf
!"//Abusing Privilege Escalation in Salesforce Using APEX//"
Article publié le 16 juillet 2020 — Rédigé par Nitay Bachrach, Senior Security Researcher, Polyrize
<<<
[>img(200px,auto)[iCSA/K7GBA.jpg]]//This article describes in detail a Salesforce privilege escalation scenario whereby a malicious insider exploits 'Author Apex' permission to take over an organization's Salesforce account and all data within it. The user abuses the fact that some APEX code can be executed in 'System Mode' context, which bypasses their standard limited permissions and enables them to grant themselves admin-level or privileged access without being an admin or privileged user.
Privilege escalation techniques for IaaS (like AWS or GCP) have been well-known for a while (like this one+++^*[»] https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/ ===, this one+++^*[»] https://www.praetorian.com/blog/privilege-escalation-in-aws-with-passrole-attacks ===, and these ones+++^*[»] https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/ ===). However, SaaS privilege escalation constitutes a new class of exploit that has emerged and is often overlooked by security teams. However, since the potential damage to a company's business continuity, finances, and reputation is so substantial, preventing privilege escalation then, is critical to securing cloud environments and the business critical data stored and shared within them.
!!What is Privilege Escalation?
Privilege escalation is the process of exploiting a programming flaw or configuration error in an application to gain elevated access to resources that should normally be unavailable to the exploiting user. By exploiting their existing permissions to obtain more powerful ones, malicious users can then abuse their newly acquired admin privileges to hijack the account, exfiltrate data or encrypt it for ransom.
Preventing privilege escalation then, is critical to securing cloud environments and the business critical data stored and shared within them. Both user-to-super and privileged-to-super escalations pose a significant threat since they significantly increase the number of potential super-admins, and the higher the number of super-admins, the wider the attack surface.
!!Salesforce Permissions 101
Salesforce has a complex multi-layered security model. The first layer consists of permission sets and profiles. On top of this layer come other kinds of access control mechanisms, such as organization-wide defaults, roles, and shares, that can control the user's access in a more granular manner. The privilege escalation described in this article abuses the permission set mechanism.
Profiles and permissions sets determine many capabilities, including:
* Reading, modifying, and deleting Salesforce objects, such as Accounts
* Accessing and running reports
* Customizing the Salesforce environment
* Administering different aspects of Salesforce
* Bypassing sharing rules, such as "view all" permissions or even modifying all data.
* Authoring APEX
!!What is APEX?
APEX is a powerful tool that lets Salesforce users customize and adjust their Salesforce environment. It's a Java-like proprietary programming language that can interact with almost anything in Salesforce.
APEX can be used in order to customize pages, create APIs (using APEXREST), and different data controls. Just like in most modern SQL databases, one can register APEX functions to be executed after or before commits, or in Salesforce's case, sObjects. These APEX functions are known as APEX Triggers.
It's possible to register triggers on many actions for most objects, this includes accounts, cases, opportunities, leads, users, profiles, and so on. The code can be set to trigger before and/or after 'create', 'update', and 'delete' actions.
Another important aspect of APEX is execution context. APEX code can be executed in either 'System Mode' or 'user mode':
* User mode - The execution is limited by the user's permissions.
* 'System Mode' - The execution is not limited by the user's permissions.
Triggers, like many other APEX pieces, run in 'System Mode'. This can be used among other things to create different constraints that are not affected by the active user's permissions or to enforce default values that the user cannot otherwise control. This behavior can be exploited by attackers in order to escalate privileges.
!!APEX Privilege Escalation Walkthrough
Any user in Salesforce can update some details about themselves. This means any user can invoke a user update trigger, a fact that makes it the perfect trigger for privilege escalation.
The execution flow goes as follow:
* Registering the trigger
* Executing the trigger
* Granting admin privileges
* Abusing admin rights
//[...]//
!!Mitigation Steps You Can Take
* Treat 'Author Apex' as a super-admin right, and keep the number of such users at a minimum. Revoke the privilege from users once it's no longer needed. You can use this Polyrize utility+++^*[»] https://github.com/polyrize/sf-apex-pe-scanner === to find users who are capable of privilege escalation using APEX.
* Make sure to keep track of all users' permissions and privileges.
* Keep track of APEX classes and triggers in your organization.
* Review the code and make sure that developers inform the security team of updates.
//
<<<
__Liens :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k7gb/|https://CloudSecurityAlliance.fr/go/k7gb/]]''
/% https://cloudsecurityalliance.org/blog/2020/07/16/abusing-privilege-escalation-in-salesforce-using-apex/ %/
!"//fwd:cloudsec 2020//"
[>img(250px,auto)[iCSF/K6TCF.png]]La conférence ''fwd:cloudsec 2020''+++^*[»] https://fwdcloudsec.org/ === s'est déroulée en ligne le 29 juin 2002 en 3 parties.
Les présentations sont maintenant disponibles sur la chaine YouTube ''fwd:cloudsec''+++^*[»] https://www.youtube.com/playlist?list=PLCPCP1pNWD7OBQvDY7vLCFhxWxok9DITl ===
Elle se présente de la façon suivante :
> //fwd:cloudsec is a new, non-profit, conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.//
''fwd:cloudsec 2020'' était organisée par ''Scott Piper'', Joel Thompson, ''Aaron Zollman'', Anna McAbee, Jerin Saji, et Andres Riancho.
En complément, 2 autres personnes participaient du Comité de Programme : Kat Sweet et ''Chris Farris''.
^^(Les heures indiquées ci-dessous sont dans la zone EDT, soit 6 heures de moins par rapport à la France)^^
!!!Session du matin - "''//BUILDER//"
* 10:00 - 10:15 - Kickoff / Welcome - [[vidéo|https://youtu.be/Jk0AcxJGIVc]]
* 10:15 - 11:00 - "What I wished someone told me before going multi-account" by Brandon Sherman - [[vidéo|https://youtu.be/_JGXdOyVugg]]
* 11:00 - 11:30 - "Limiting Blast Radius" by Automating IAM Policies using Policy Sentry" by Kinnaird McQuade - [[vidéo|https://youtu.be/r6WgfxmMGOU]]
* 11:30 - 12:00 - "Janus: A Multi-Party Authorization Framework for Accessing Critical Cloud Resources" by Abhinav Srivastava - [[vidéo|https://youtu.be/4I-zyqYoebw]]
* 12:00 - 12:30 - "Security Onion Approach Towards IAM Roles" by Narayan Gowraj - [[vidéo|https://youtu.be/ph_sopC5_O4]]
* 12:30 - 1:00 - "''Building Cloud Security Automation at Scale''" by ''Rich Mogull'' - [[vidéo|https://youtu.be/-BjCREhT9O8]]
!!!Session de début d'après-midi - "//ATTACK & DEFEND//"
* 1:30 - 2:00 - "The Usual Suspects: A Look at Threat Actors Targeting the Cloud and their Battle for Superiority" by James Condon - [[vidéo|https://youtu.be/-NvAROE9AX4]]
* 2:00 - 2:30 - "All Your Trust Are Belong to Us" by Kesten Broughton - [[vidéo|https://youtu.be/c6Lv02JBVs0]]
* 2:30 - 3:00 - "Automating disk and memory evidence collection in AWS" by Ryan Tick and Vaishnav Murthy - [[vidéo|https://youtu.be/lMXhL6IWZgk]]
* 3:00 - 3:30 - "Automating Attack Simulation in the Cloud" by Nick Jones - [[vidéo|https://youtu.be/c-LEe8chhB4]]
* 3:30 - 4:00 - "GCP Primitive Roles, An indictment" by Kat Traxler - [[vidéo|https://youtu.be/YGT_AmCA-eA]]
!!!Session de fin d'après-midi - "//MULTI-CLOUD AND GOVERNANCE//"
* 4:30 - 5:00 - "It's Time to Rethink the Shared Security Responsibility Model" by Matthew Fuller - [[vidéo|https://youtu.be/lAgw3P2YKrg]]
* 5:00 - 5:30 - "Centralizing Identity across AWS, Azure and GCP" by Paul Schwarzenberger - [[vidéo|https://youtu.be/lNPQw_pBLRQ]]
* 5:30 - 6:00 - "Kubernetes from an Attacker's Perspective" by Abhisek Datta - [[vidéo|https://youtu.be/aloi74MH4zk]]
* 6:00 - 6:30 - "Winning in the Dark: Defending Serverless Infrastructure" by Eric Johnson - [[vidéo|https://youtu.be/5erD8yA6jjw]]
* 6:30 - 7:00 - "Creating the AWS Account Controller - "Your rules don't apply to me"" by Ian Mckay - [[vidéo|https://youtu.be/HVpOMtE01kw]]
__Liens :__
* Le site de la conférence → ''https://fwdcloudsec.org/''
* Les présentations → sur ''[[YouTube|https://www.youtube.com/playlist?list=PLCPCP1pNWD7OBQvDY7vLCFhxWxok9DITl]]''<<tiddler [[arOund0C]]>>
!"//CCM Addendum (ABS CCIG)//" et "//CCM Gap Analysis Report (ABS CCIG)//"
La date limite pour transmettre les commentaires est le 14 août 2020.
!!!"CCM Addendum (ABS CCIG)"
> //The CCM Addendum (mapping with Association of Banks in Singapore Cloud Computing Implementation Guide 2.9) is a companion piece with the Gap Analysis Report. The peer review for both documents are intended to be done in parallel. To review the Gap Analysis Report, follow this link+++^*[»] https://cloudsecurityalliance.org/artifacts/ccm-addendum-abs-ccig-gap-analysis-report ===.The financial services industry is one of most important and regulated sectors in any market. It is typically bounded by a multitude of regulations that financial institutions (FIs) need to comply with. It is both daunting and challenging, yet a necessary task for conscientious FIs to review these available regulations / guidelines / frameworks / best practices, comply with mandatory regulations, and make decisions about which best practices and recommendations to take heed of, in order to reduce their overall risk exposure and keep up with the industry's progress. This mammoth task gets exponentially difficult for FIs operating beyond a single country or regulatory space, especially when relevant regulations and frameworks are constantly evolving. Because of this complex landscape, mapping of frameworks is a useful and popular tool for FIs looking to seek compliance to multiple standards and best practices. In this exercise, the Working Group mapped the Association of Banks in Singapore (ABS) Cloud Computing Implementation Guide (CCIG) 2.0 to CSA's Cloud Controls Matrix 3.0.1, and summarized the mapping results in the accompanying Gap Analysis Report. Singapore FIs who are already in line with ABS CCIG 2.0 will benefit through being able to easily identify and fulfil additional controls (gaps) on top of the ABS CCIG 2.0 to achieve adherence to other targeted frameworks within CCM, which is useful when expanding to other markets.//
!!!"CCM Gap Analysis Report (ABS CCIG)"
> //The Gap Analysis Report is a companion piece with the CCM Addendum (mapping with Association of Banks in Singapore Cloud Computing Implementation Guide 2.9). The peer review for both documents are intended to be done in parallel. To review the CCM Addendum, follow this link+++^*[»] https://cloudsecurityalliance.org/artifacts/ccm-addendum-abs-ccig ===. The financial services industry is one of most important and regulated sectors in any market. It is typically bounded by a multitude of regulations that financial institutions (FIs) need to comply with. It is both daunting and challenging, yet a necessary task for conscientious FIs to review these available regulations / guidelines / frameworks / best practices, comply with mandatory regulations, and make decisions about which best practices and recommendations to take heed of, in order to reduce their overall risk exposure and keep up with the industry's progress. This mammoth task gets exponentially difficult for FIs operating beyond a single country or regulatory space, especially when relevant regulations and frameworks are constantly evolving. Because of this complex landscape, mapping of frameworks is a useful and popular tool for FIs looking to seek compliance to multiple standards and best practices. In this exercise, the Working Group mapped the Association of Banks in Singapore (ABS) Cloud Computing Implementation Guide (CCIG) 2.0 to CSA's Cloud Controls Matrix 3.0.1, and summarized the mapping results in the accompanying Gap Analysis Report. Singapore FIs who are already in line with ABS CCIG 2.0 will benefit through being able to easily identify and fulfil additional controls (gaps) on top of the ABS CCIG 2.0 to achieve adherence to other targeted frameworks within CCM, which is useful when expanding to other markets.//
* Téléchargement (après inscription) :
** "//CCM Addendum (ABS CCIG)//" → ''[[CloudSecurityAlliance.fr/go/k7d1/|https://CloudSecurityAlliance.fr/go/k7d1/]]''
** "//CCM Gap Analysis Report (ABS CCIG)//" → ''[[CloudSecurityAlliance.fr/go/k7d2/|https://CloudSecurityAlliance.fr/go/k7d2/]]''
!"//Creating an Integrated Security System with the CSA STAR Program//"
Article publié le 13 juillet 2020 — Rédigé par John DiMaria, Assurance Investigatory Fellow, CSA
<<<
[>img(200px,auto)[iCSA/K7DBC.png]]//'The more complex systems become, the less secure they are, even though security technologies improve. There are many reasons for this, but it can all be traced back to the problem of complexity. Why? Because we give a lot of attention to technology, and we have increased silos of a plethora of regulations and standards. Therefore, we become fragmented and too complexed.
In this blog, I'll be discussing ways to address this problem by leveraging frameworks and systems that map to multiple certifications and industry standards. In particular, I'll be discussing how the CSA STAR program fits in with other certification schemes and how you can leverage it to help reduce complexity.
"The adversary works in the world of the stack, and that complexity is where they thrive" — Ron Ross, Senior Scientist and Fellow at NIST
!!!Indicators of Complex Systems
Complexed systems create more security risk because they:
* Have more independent processes, interfaces and interactions.
* Have more interfaces and interactions and create more security risks.
* Are harder to monitor and have visibility into, which creates untested, and unaudited portions.
* Are harder to develop and implement securely.
* Are harder for employees and stakeholders to understand and be trained in.
Cloud service providers are forced to comply with a plethora of standards, frameworks and regulations. This causes complexity and compliance fatigue, along with increased risk and resource allocation issues. Many of the controls across these platforms are similar and cross over, but because they are individual requirements, many organizations manage them in silos. This causes confusion as interpretation issues become a huge debate.
!!!Business benefits of integrating your security systems
An integrated security system helps alleviate some of the challenges listed above by enabling organizations to align their processes and procedures into one complete framework that can help to deliver their objectives effectively and efficiently.
The system integrates all components of a governance, risk and compliance program into one coherent system linking boundaries between processes and creating seamless connections between its requirements and internal controls.
By using a single system for the ongoing management of risks and compliance, greater visibility into regulatory, legal, and information security obligations can be achieved., It also makes it easier to identify overlapping requirements which enables controls to be better designed and implemented. Ultimately this all results in better assurance being provided to the organization.
CSA best practices play an important guidance role in the creation of such a system and supports setting the objectives, monitoring the performance and ensuring metrics are aligning your operations to top management strategic thinking.
!!!Why integrated security systems?
* Improve consistency within the organization[>img(350px,auto)[iCSA/K7DB1.png]]
* Avoid duplication and gain cost savings
* Clarify allocation of responsibility
* Focus the organization onto business goals
* Absorb informal systems into formal systems
* Optimize staff training and development
!!!Using CSA STAR to integrate your security systems
[>img(400px,auto)[iCSA/K7DB3.png]][>img(250px,auto)[iCSA/K7DB2.png]]Since it maps to multiple standards and regulations, the CSA STAR Program can be leveraged as an organization's integrated security system.
The STAR Program is based on three pillars that allow this integration:
* Technical standard and best practices
* A Certification framework
* A public repository and database
Each of the STAR pillars offer organizations tools to establish and maintain an effective and efficient cloud security and privacy governance and compliance posture.
The STAR Program is facilitated by the Cloud Control Matrix (CCM). The CCM has 16 domains and 133 controls (Figure 2). These cover a range of areas from the application, data center, and mobile security through to security incident, supply chain and threat management. These domains are then backed by 133 individual controls within the CCM that are mapped to over 40 different frameworks and regulatory requirements.
{{floatC{[img(600px,auto)[iCSA/K7DB4.png]]}}}
With the CCM mapping to multiple standards and regulations, it will support meeting the strategic direction of the organization by supporting and weaving all the main functions together as one fabric that covers the business. Not only increasing security but making the business more resilient as well.
!!!How STAR can facilitate an integrated security system in your organization
Below is an illustration of how common requirements of multiple systems standards/specifications can be integrated into one common system.
{{floatC{[img(500px,auto)[iCSA/K7DB5.png]]}}}
By using the ISO approach shown above of addressing the High-Level Structure (HLS) you will be able to:
* Map the context of the organization; identifying all the inputs and outputs as well as interested parties (both internal and external).
* Fully understand the context of the organization and introduce planning activities that will address the risks and opportunities of the business that can interfere with the expected output of the business and build the mitigation strategy into the day-to-day planning and operational process.
* Ensure that sufficient and appropriate resources are available. Appropriateness is often determined through competency analysis.
* Harden operational functions by deploying the functions developed during the planning process.
* Evaluate performance and effectiveness at consistent planned intervals. Internal audits and management reviews are key methods of reviewing the performance of the security system and tools for its continual improvement.
* Use the results to continuously improve the organization and its processes.
[>img(400px,auto)[iCSA/K7DB6.png]]By integrating multiple frameworks into one holistic one you can understand both the gaps into your internal control systems and the areas of overlap, and therefore avoid unmitigated risks, on the one hand, and duplication of efforts on the other. The latter is achieved by focusing only on covering the gaps in the process and controls addressing the areas of intersection between the CCM and any other security framework used in the internal control system.
!!!Things to consider prior to kicking off your project plan
* Perform a gap analysis of your cloud security using the CSA CAIQ
* Set clear objectives for integration and expected ROI
* Determine the extent to which integration should occur (scope)
* Consider the cultural landscape within your company
* Analyze the need for training based off of the levels of competence necessary
** Evaluate your training needs to get started
** Re-evaluate based on the gaps you've identified
** This will help embed the knowledge
* Keep in mind legal and other regulatory requirements along with internal requirements
!!!What do you need to do next?
# Set up a project team to manage the implementation
# Communicate the project across the whole organization
# Create an implementation plan and monitor progress
# Take a fresh look at your total business
# Highlight the changes as opportunities for improvement
# Make changes to your documentation to reflect the new structure (as necessary)
# Implement the new requirements on leadership, risk and context of the organization
# Review the effectiveness of your current control set.
# Carry out an impact assessment
# Start measuring ROI
!!!Do things Differently through Visibility - Insight - Action
Experience teaches that the more successful businesses embed best practices holistically across the entire organization, not just in one specific area. Products and services today must meet a diverse spectrum of certification and compliance requirements.
Developing a consistent framework of repeatable processes and procedures allows the organization to comply, grow, and protect the operation.
Instituting a company-wide strategy breaks down long-established silos separating departments and divisions, and, for many organizations, can represent a significant change to corporate culture.//
<<<
__Liens :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k7db/|https://CloudSecurityAlliance.fr/go/k7db/]]''
!"//Hybrid Cloud and Its Associated Risks//"
[>img(150px,auto)[iCSA/K7DPH.png]]Résultat d'un sondage CSA sur l'évolution du CASB clos le 20 avril+++^*[»] <<tiddler [[2020.03.09 - Sondage sur la technologie CASB]]>>=== et publié le 5 juillet 2020.
!!Publication - Hybrid Cloud and Its Associated Risks
> //Cloud computing is flourishing. Hybrid clouds, especially, have been gaining more traction as cloud customers increasingly understand that using public clouds or private clouds alone poses certain limitations. Hybrid cloud is often the starting point for organizations to get started on the cloud journey and this document aims to describe the concept and value of hybrid clouds, highlight key application scenarios and point out security risks in the hybrid cloud.//
!!Blog - Understanding Common Risks in Hybrid Clouds
Article publié le 14 juillet — Co-rédigé par ZOU Feng, Co-Chair, Hybrid Cloud Security WG & Director of Cloud Security Planning and Compliance, Huawei; par Narudom ROONGSIRIWONG, Co-Chair, Hybrid Cloud Security WG & SVP and Head of IT Security, Kiatnakin Bank; et par GENG Tao, Senior Engineer of Cloud Security Planning and Compliance, Huawei
<<<
//Hybrid clouds offer organizations with the best of both private and public cloud worlds, bringing the promises of flexibility, agility, cost efficiency, performance and choice.
Some organizations tap into hybrid cloud to keep sensitive or critical data on-premise while enjoying the immense scalability that public clouds accord. Others view it as an effective way to embrace the benefits of the public cloud without disrupting core legacy services. Thus, it is not surprising that hybrid is often the architecture of chice for organizations in their cloud journeys. IDC reported that in 2019, 52% of enterprises already have hybrid cloud infrastructures in place, while Gartner forecasts that by this year, 90% of organizations will adopt hybrid cloud infrastructure management capabilities and services.
While hybrid cloud has many benefits, interconnecting two or more disparate cloud infrastructures will undoubtedly increase:
* Complexities in terms of risks (e.g. larger attack surface)
* The challenge to consistently apply and maintain cloud security and compliance controls
* The challenge of delivering consistent service levels
The Hybrid Cloud Security Working Group recently released the "''Hybrid Cloud and its Associated Risks''"+++^*[»] https://cloudsecurityalliance.org/artifacts/hybrid-clouds-and-its-associated-risks/ === paper, elaborating on the common risks, threats and vulnerabilities that should be understood when adopting hybrid cloud, some of which are briefly mentioned in the following:
# Data leakage. The private and public clouds in a hybrid setup are usually connected through the open internet. As such, there is a risk of data leakage due to human errors, compromised endpoints (e.g., lost smartphones), man-in-the-middle attacks, etc. Data leakage could also occur if APIs for cloud management are not properly implemented and secured.
# Compliance risks. Achieving and maintaining consistent compliance is a huge challenge in hybrid clouds. Because data flows between the public and private cloud components, it increases the difficulty of maintaining and complying with governance frameworks across disparate infrastructures, especially when they are provisioned by multiple service providers whose compliance capabilities are different.
# Gaps in security controls. There could be misalignments or inconsistencies in security controls implemented across hybrid cloud setups. Often, public clouds are held to and have a higher level of security control maturity than private clouds. For example, some private cloud infrastructures may not be as conscientiously patched to the same levels as public clouds.
# Misaligned service level agreements (SLAs). Private clouds may have SLAs that are not as clear/stringent as those imposed when using public clouds. Different CSPs could also provide SLAs that might be different. It can then be challenging to align varying SLAs to deliver an overarching end-to-end service-oriented SLA for end users.
# Comprehensiveness of security risk assessment. Risk assessment is a challenge when evaluating hybrid cloud setups. It may be conducted separately for the private and public clouds rather than evaluated comprehensively as a whole. As such, maintaining a consistent compliance posture or obtaining an overall compliance picture of the hybrid cloud can be difficult.
# Poor / no encryption. While the clouds in a hybrid architecture are usually subjected to regular data protection risks on an individual basis, the hybrid cloud as a whole faces higher risks due to the transit of data from one cloud environment to another. It is at the interconnection interfaces and pipes that data is most susceptible to theft or alteration if robust encryption is not employed.
# Network connectivity breaks. Network connectivity between clouds in a hybrid cloud architecture is crucial for upholding SLAs. There could be single points of failure in the overall network architecture that may lead to widespread disruption of cloud services. For example, if backbone routing nodes lack redundancy, a single faulty backbone router is sufficient to cause an outage in the entire hybrid cloud.
# Decentralized identify & credential management. The lack of a centralized and unified identity management solution may cause account information inconsistency between clouds, resulting in discontinuous log audits and failures to trace resource misuse.
//[...]
<<<
__Liens :__
* Téléchargement du document (après inscription) → ''[[CloudSecurityAlliance.fr/go/k7dp/|https://CloudSecurityAlliance.fr/go/k7dp/]]''
* Blog → ''[[CloudSecurityAlliance.fr/go/k7eb/|https://CloudSecurityAlliance.fr/go/k7eb/]]''
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #72|2020.07.12 - Newsletter Hebdomadaire #72]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #72|2020.07.12 - Weekly Newsletter - #72]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.07.12 - Newsletter Hebdomadaire #72]]>> |<<tiddler [[2020.07.12 - Weekly Newsletter - #72]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 6 au 12 juillet 2020
!!1 - Informations CSA - 6 au 12 juillet 2020
* Blog : ''Recommandations de la FTC pour la sécurisation du Cloud''+++^*[»] <<tiddler [[2020.07.06 - Blog : Commentaires sur les recommandations de la FTC pour la sécurisation du Cloud]]>>===
* Blog : Maturité en vue pour les cryptomonnaies, les ressources virtuelles, et la Blockchain+++^*[»] <<tiddler [[2020.07.10 - Blog : Maturité en vue pour les cryptomonnaies, les ressources virtuelles, et la Blockchain]]>>===
* Publication : ''Automatisation de la Sécurité'' (les 6 piliers du DevSecOps)+++^*[»] <<tiddler [[2020.07.07 - Publication : les 6 piliers du DevSecOps : Automatisation de la Sécurité]]>>===
* Agenda du 'CSA CloudCon 2020'+++^*[»] <<tiddler [[2020.07.06 - Actu : Agenda du 'CSA CloudCon 2020']]>>===
* Blog : Le Federal Summmit (1/2)+++^*[»] <<tiddler [[2020.07.09 - Blog : Le Federal Summmit (1/2)]]>>===
* Appel à commentaires 'Key Management when using Cloud Services'+++^*[»] <<tiddler [[2020.07.10 - Appel à commentaires 'Key Management when using Cloud Services']]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 90 liens|2020.07.12 - Veille Hebdomadaire - 12 juillet]])
* Alerts
** AWS-2020-002: Container Networking Security Issue (CVE-2020-8558)+++^*[»]
|2020.07.09|//Amazon AWS//|![[Latest Bulletins - Amazon Web Services (AWS)|https://aws.amazon.com/security/security-bulletins/AWS-2020-002/]] |Alert AWS Kubernetes CVE-2020-8558|
|2020.07.10|//Alcide//| → [[New Kubernetes Node Vulnerability (CVE-2020-8558) bypasses localhost boundary|https://blog.alcide.io/new-kubernetes-node-vulnerability-cve-2020-8558-bypasses-localhost-boundary]]|K8s Vulnerability CVE-2020-8558|
===
* __Attaques__
** APT contre Office 365, Phishing utilisant Zoom, ou OAuth+++^*[»]
|2020.08.06|//Mandiant//|!"[[My Cloud is APT's Cloud: Investigating and Defending Office 365|https://www.blackhat.com/us-20/briefings/schedule/index.html#my-cloud-is-apts-cloud-investigating-and-defending-office--20982]]" presentation at BlackHat on August 6th |O365 Attacks|
|2020.07.08|Dark Reading| → [[How Advanced Attackers Take Aim at Office 365|https://www.darkreading.com/threat-intelligence/how-advanced-attackers-take-aim-at-office-365/d/d-id/1338301]] |O365 Attacks|
|2020.07.08|//Abnormal Security//|![[Abnormal Attack Stories: Spoofed Zoom Attack|https://abnormalsecurity.com/blog/abnormal-attack-stories-spoofed-zoom-attack/]] |Phishing O365|
|2020.07.09|Bleeping Computer| → [[Persuasive Office 365 phishing uses fake Zoom suspension alerts|https://www.bleepingcomputer.com/news/security/persuasive-office-365-phishing-uses-fake-zoom-suspension-alerts/]]|Phishing O365|
|2020.07.08|//Microsoft//|![[Protecting your remote workforce from application-based attacks like consent phishing |https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/]] |OAuth Attacks|
|2020.07.08|Bleeping Computer| → [[Microsoft warns of Office 365 phishing via malicious OAuth apps|https://www.bleepingcomputer.com/news/security/microsoft-warns-of-office-365-phishing-via-malicious-oauth-apps/]]|OAuth Attacks|
|2020.07.09|//Threatpost//| → [[Microsoft Warns on OAuth Attacks Against Cloud App Users|https://threatpost.com/microsoft-warns-oauth-attacks-cloud-app/157331/]]|OAuth Attacks|
===
** Action en justice contre des attaques visant O365+++^*[»]
|2020.07.08|Ars Technica|[[Microsoft neuters Office 365 account attacks that used clever ruse|https://arstechnica.com/information-technology/2020/07/microsoft-neuters-office-356-account-attacks-that-used-clever-ruse/]]|O365 Attacks|
|2020.07.01|//Microsoft//| → [[Microsoft v. John Does (Civil Action 120cv730 EDVA) Temporary Restraining Order|https://noticeofpleadings.com/COVID-19-Bonus-Phishing/files/Court%20Orders/Microsoft%20v.%20John%20Does%20(Civil%20Action%20120cv730%20EDVA)%20Temporary%20Restraining%20Order.pdf
===
** Vieux enregistrements DNS+++^*[»]
|2020.07.07|//Sophos//|[[Company web names hijacked via outdated cloud DNS records|https://nakedsecurity.sophos.com/2020/07/07/company-web-names-hijacked-via-outdated-cloud-dns-records/]]|!DNS Hijacking|
===
* __Rapports et études__
** "The State Of Cloud Security 2020" (Sophos), "2020 UK Veritas Databerg Report", "2020 State of SecOps and Automation Report" (Sumo Logic)+++^*[»]
|2020.07.10|//Veritas//|![[2020 UK Veritas Databerg Report|https://www.veritas.com/en/uk/form/whitepaper/the-uk-2020-databerg-report]]|Report Databerg|
|2020.07.10|InfoSecurity Mag| → [[Cloud Adoption Held Back by Data Loss and Compliance Fears|https://www.infosecurity-magazine.com/news/cloud-adoption-held-back-data-loss/]]|Report Data_Loss|
|2020.07.07|//Sophos//|![[The State Of Cloud Security 2020|https://secure2.sophos.com/en-us/content/state-of-cloud-security.aspx]] ([[rapport|https://secure2.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-the-state-of-cloud-security-2020-wp.pdf]]) |Report Sophos|
|2020.07.09|MSSP Alert| → [[Public Cloud Cybersecurity and Cyberattacks: Research Findings|https://www.msspalert.com/cybersecurity-research/public-cloud-cyberattack-trends/]]|Report Sophos|
|2020.07.09|Redmond Channel| → [[Survey: Public Cloud Security Incidents Becoming Commonplace|https://rcpmag.com/blogs/scott-bekker/2020/07/survey-public-cloud-security.aspx]]|Report|
|2020.07.10|CIO Dive| → [[Everyone is struggling with cloud security|https://www.ciodive.com/news/cloud-security-malware-misconfiguration-sophos/581371/]]|Report Sophos|
|2020.07.09|//Sumo Logic//|[[The automation hype is real for SOC teams: unpacking the Dimensional Research "2020 State of SecOps and Automation" report|https://www.sumologic.com/blog/2020-state-of-secops-automation-report/]]|Report SecOps|
|2020.07.09|TechRepublic| → [[Cloud environments are making the security alert overload problem worse|https://www.techrepublic.com/article/cloud-environments-are-making-the-security-alert-overload-problem-worse/]]|Report SecOps|
|2020.06.26|//Sumo Logic//| → [[2020 State of SecOps and Automation Report|https://www.sumologic.com/brief/state-of-secops/]]|Report SecOps|
===
* __Acquisitions__
** Rancher par SUSE+++^*[»]
|2020.07.08|//Rancher//|[[SUSE Enters Into Definitive Agreement to Acquire Rancher Labs|https://rancher.com/blog/2020/suse-to-acquire-rancher/]]|Acquisition|
|2020.07.10|Container Journal| → [[SUSE to Acquire Rancher Labs|https://containerjournal.com/news/news-releases/suse-to-acquire-rancher-labs/]]|Acquisition|
|2020.07.10|Silicon[img[iCSF/flag_fr.png]]| → [[Rancher Labs se vend à SUSE : mariage de raison dans la sphère Kubernetes|https://www.silicon.fr/rancher-labs-suse-kubernetes-343153.html]]|Acquisition|
|2020.07.10|Informatique News[img[iCSF/flag_fr.png]]| → [[SUSE acquiert Rancher Labs|https://www.informatiquenews.fr/suse-acquiert-rancher-labs-71823]]|Acquisition|
===
* __Divers__
** Autres veilles hebdomadaires Cloud et Sécurité : ''TL;DR Security'' et ''The Cloud Security Reading List''+++^*[»]
|2020.07.08|TL;DR Security|[[#42 - Towards Trusted Sensing, Root Causes of Procrastination|https://tldrsec.com/blog/tldr-sec-042/]] |Weekly_Newsletter|
|2020.07.12|Marco Lancini|[[The Cloud Security Reading List #45|https://cloudseclist.com/issues/issue-45/]] |Weekly_Newsletter|
===
** Sécurisation des workloads : Intezer et Checkpoint+++^*[»]
|2020.07.07|//Check Point//|[[How to Secure Cloud Workloads in Healthcare|https://blog.checkpoint.com/2020/07/07/healthcare-workload-security/]]|Workloads|
|2020.07.09|//Intezer//|![[A Comparison of Cloud Workload Protection Strategies|https://www.intezer.com/blog/cloud-workload-protection/a-comparison-of-cloud-workload-protection-strategies/]]|Workloads|
===
** AWS : Architecture, Réduction des erreurs de configuration, Erreurs courantes et corrections, Cas d'usage de AWS Secrets Manager et quelques fondamentaux sécurité+++^*[»]
|2020.07.09|//Amazon AWS//|![[Updates to the security pillar of the AWS Well-Architected Framework|https://aws.amazon.com/blogs/security/updates-to-security-pillar-aws-well-architected-framework/]]|AWS Framework|
|2020.07.06|Matt Fuller|![[27 Things AWS Can Do to Reduce Cloud Security Misconfigurations|https://medium.com/@matthewdf10/27-things-aws-can-do-to-reduce-cloud-security-misconfigurations-f3ed06d6aba8]] |AWS Misconfigurations|
|2020.07.12|//Centilytics//|[[Most common AWS security mistakes and how to mitigate them|https://blogs.centilytics.com/common-aws-security-mistakes-and-their-resolutions/]]|AWS Misconfiguration|
|2020.07.10|//AWS//|[[Identify, arrange, and manage secrets easily using enhanced search in AWS Secrets Manager|https://aws.amazon.com/blogs/security/identify-arrange-manage-secrets-easily-using-enhanced-search-in-aws-secrets-manager/]]|AWS Secrets_Management|
|2020.07.10|//AWS//|[[How to use resource-based policies in the AWS Secrets Manager console to securely access secrets across AWS accounts|https://aws.amazon.com/blogs/security/how-to-use-resource-based-policies-aws-secrets-manager-console-to-securely-access-secrets-aws-accounts/]]|AWS Secrets_Management|
|2020.07.07|//RiskRecon//|[[Understanding AWS Core Security Essentials|https://blog.riskrecon.com/understanding-aws-security-essentials]]|AWS|
===
** Azure : Cas d'usage de ATP et de Sentinel, Gouvernance+++^*[»]
|2020.07.10|//Microsoft//|[[Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents|https://www.microsoft.com/security/blog/2020/07/09/inside-microsoft-threat-protection-correlating-and-consolidating-attacks-into-incidents/]]|Incidents|
|2020.07.10|//Microsoft//|[[Making Azure Sentinel work for you|https://www.microsoft.com/security/blog/2020/07/09/making-azure-sentinel-work/]]|Azure_Sentinel|
|2020.07.08|Nino Crudele|[[Azure Governance and security for Enterprise integration under the hood|https://ninocrudele.com/azure-governance-and-security-for-enterprise-integration-under-the-hood]] |Azure Governance|
===
** GCP : Abandon du projet de région isolée en Chine+++^*[»]
|2020.07.08|Bloomberg|[[Google Scrapped Cloud Initiative in China, Other Markets|https://www.bloomberg.com/news/articles/2020-07-08/google-scrapped-cloud-initiative-in-china-sensitive-markets]]|GCP China|
|2020.07.09|ZDNet| → [[Google abandons Isolated Region cloud services project in China|https://www.zdnet.com/article/google-abandons-plans-to-provide-cloud-services-in-china/]]|GCP China|
===
** Kubernetes : Bonnes pratiques d'alertes+++^*[»]
|2020.07.09|//Sysdig//|[[Best practices for alerting on Kubernetes|https://sysdig.com/blog/alerting-kubernetes/]]|K8s Alerting|
===
** Outils: FRETA (forensique Linux), Permission Manager pour Kubernetes+++^*[»]
|2020.07.06|//Microsoft//|![[Toward trusted sensing for the cloud: Introducing Project Freta |https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/]] ([[documentation|https://docs.microsoft.com/security/research/project-freta]])|Tools Forensics|
|2020.07.07|//Microsoft//| → [[Introducing Project Freta|https://docs.microsoft.com/en-us/security/research/project-freta/]]|Tools Forensics|
|2020.07.07|The Register| → [[Fret not, Linux fans, Microsoft's Project Freta is here to peer deep into your memory... to spot malware|https://www.theregister.com/2020/07/07/project_freta/]]|Tools Forensics|
|2020.07.08|BetaNews| → [[Microsoft launches Project Freta to detect malware in Linux kernels|https://betanews.com/2020/07/08/microsoft-project-freta-cloud-linux-malware/]]|Tools Forensics|
|2020.07.08|Silicon[img[iCSF/flag_fr.png]]| → [[Project Freta : Microsoft envisage l'avenir de la sécurité cloud|https://www.silicon.fr/project-freta-microsoft-securite-cloud-343086.html]]|Tools Forensics|
|2020.07.07|SecTechno|[[Permission Manager - Kubernetes RBAC Framework|https://sectechno.com/permission-manager-kubernetes-rbac-framework/]]|Tools Kubernetes|
===
!!3 - Lien Direct
|!⇒ [[CloudSecurityAlliance.fr/go/K7C/|https://CloudSecurityAlliance.fr/go/K7C/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - July 6th to 12th, 2020
!!1 - CSA News and Updates - July 6th to 12th, 2020
* Blog: ''FTC Guidance - Six Steps Toward More Secure Cloud Computing''+++^*[»] <<tiddler [[2020.07.06 - Blog : Commentaires sur les recommandations de la FTC pour la sécurisation du Cloud]]>>===
* Blog: Cryptocurrencies, Digital assets, Tokens and Blockchain maturity is coming soon+++^*[»] <<tiddler [[2020.07.10 - Blog : Maturité en vue pour les cryptomonnaies, les ressources virtuelles, et la Blockchain]]>>===
* Publication: ''The Six Pillars of DevSecOps: Automation''+++^*[»] <<tiddler [[2020.07.07 - Publication : les 6 piliers du DevSecOps : Automatisation de la Sécurité]]>>===
* 'CSA CloudCon 2020' Agenda+++^*[»] <<tiddler [[2020.07.06 - Actu : Agenda du 'CSA CloudCon 2020']]>>===
* Blog: Night of the Living Cloud (aka CSA Federal Summit) (1/2)+++^*[»] <<tiddler [[2020.07.09 - Blog : Le Federal Summmit (1/2)]]>>===
* Peer Review: 'Key Management when using Cloud Services' document+++^*[»] <<tiddler [[2020.07.10 - Appel à commentaires 'Key Management when using Cloud Services']]>>===
!!2 - Cloud and Security News Watch ([[over 90 links|2020.07.12 - Veille Hebdomadaire - 12 juillet]])
* Alerts
** AWS-2020-002: Container Networking Security Issue (CVE-2020-8558)+++^*[»]
|2020.07.09|//Amazon AWS//|![[Latest Bulletins - Amazon Web Services (AWS)|https://aws.amazon.com/security/security-bulletins/AWS-2020-002/]] |Alert AWS Kubernetes CVE-2020-8558|
|2020.07.10|//Alcide//| → [[New Kubernetes Node Vulnerability (CVE-2020-8558) bypasses localhost boundary|https://blog.alcide.io/new-kubernetes-node-vulnerability-cve-2020-8558-bypasses-localhost-boundary]]|K8s Vulnerability CVE-2020-8558|
===
* __Attacks__
** APT aim at Office 365, Zoom-based, and OAuth-based phishing+++^*[»]
|2020.08.06|//Mandiant//|!"[[My Cloud is APT's Cloud: Investigating and Defending Office 365|https://www.blackhat.com/us-20/briefings/schedule/index.html#my-cloud-is-apts-cloud-investigating-and-defending-office--20982]]" presentation at BlackHat on August 6th |O365 Attacks|
|2020.07.08|Dark Reading| → [[How Advanced Attackers Take Aim at Office 365|https://www.darkreading.com/threat-intelligence/how-advanced-attackers-take-aim-at-office-365/d/d-id/1338301]] |O365 Attacks|
|2020.07.08|//Abnormal Security//|![[Abnormal Attack Stories: Spoofed Zoom Attack|https://abnormalsecurity.com/blog/abnormal-attack-stories-spoofed-zoom-attack/]] |Phishing O365|
|2020.07.09|Bleeping Computer| → [[Persuasive Office 365 phishing uses fake Zoom suspension alerts|https://www.bleepingcomputer.com/news/security/persuasive-office-365-phishing-uses-fake-zoom-suspension-alerts/]]|Phishing O365|
|2020.07.08|//Microsoft//|![[Protecting your remote workforce from application-based attacks like consent phishing |https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/]] |OAuth Attacks|
|2020.07.08|Bleeping Computer| → [[Microsoft warns of Office 365 phishing via malicious OAuth apps|https://www.bleepingcomputer.com/news/security/microsoft-warns-of-office-365-phishing-via-malicious-oauth-apps/]]|OAuth Attacks|
|2020.07.09|//Threatpost//| → [[Microsoft Warns on OAuth Attacks Against Cloud App Users|https://threatpost.com/microsoft-warns-oauth-attacks-cloud-app/157331/]]|OAuth Attacks|
===
** Court Order to Prevent Further O365 Attacks+++^*[»]
|2020.07.08|Ars Technica|[[Microsoft neuters Office 365 account attacks that used clever ruse|https://arstechnica.com/information-technology/2020/07/microsoft-neuters-office-356-account-attacks-that-used-clever-ruse/]]|O365 Attacks|
|2020.07.01|//Microsoft//| → [[Microsoft v. John Does (Civil Action 120cv730 EDVA) Temporary Restraining Order|https://noticeofpleadings.com/COVID-19-Bonus-Phishing/files/Court%20Orders/Microsoft%20v.%20John%20Does%20(Civil%20Action%20120cv730%20EDVA)%20Temporary%20Restraining%20Order.pdf
===
** Outdated Cloud DNS records+++^*[»]
|2020.07.07|//Sophos//|[[Company web names hijacked via outdated cloud DNS records|https://nakedsecurity.sophos.com/2020/07/07/company-web-names-hijacked-via-outdated-cloud-dns-records/]]|!DNS Hijacking|
===
* __Reports and Surveys__
** "The State Of Cloud Security 2020" (Sophos), "2020 UK Veritas Databerg Report", "2020 State of SecOps and Automation Report" (Sumo Logic)+++^*[»]
|2020.07.10|//Veritas//|![[2020 UK Veritas Databerg Report|https://www.veritas.com/en/uk/form/whitepaper/the-uk-2020-databerg-report]]|Report Databerg|
|2020.07.10|InfoSecurity Mag| → [[Cloud Adoption Held Back by Data Loss and Compliance Fears|https://www.infosecurity-magazine.com/news/cloud-adoption-held-back-data-loss/]]|Report Data_Loss|
|2020.07.07|//Sophos//|![[The State Of Cloud Security 2020|https://secure2.sophos.com/en-us/content/state-of-cloud-security.aspx]] ([[rapport|https://secure2.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-the-state-of-cloud-security-2020-wp.pdf]]) |Report Sophos|
|2020.07.09|MSSP Alert| → [[Public Cloud Cybersecurity and Cyberattacks: Research Findings|https://www.msspalert.com/cybersecurity-research/public-cloud-cyberattack-trends/]]|Report Sophos|
|2020.07.09|Redmond Channel| → [[Survey: Public Cloud Security Incidents Becoming Commonplace|https://rcpmag.com/blogs/scott-bekker/2020/07/survey-public-cloud-security.aspx]]|Report|
|2020.07.10|CIO Dive| → [[Everyone is struggling with cloud security|https://www.ciodive.com/news/cloud-security-malware-misconfiguration-sophos/581371/]]|Report Sophos|
|2020.07.09|//Sumo Logic//|[[The automation hype is real for SOC teams: unpacking the Dimensional Research "2020 State of SecOps and Automation" report|https://www.sumologic.com/blog/2020-state-of-secops-automation-report/]]|Report SecOps|
|2020.07.09|TechRepublic| → [[Cloud environments are making the security alert overload problem worse|https://www.techrepublic.com/article/cloud-environments-are-making-the-security-alert-overload-problem-worse/]]|Report SecOps|
|2020.06.26|//Sumo Logic//| → [[2020 State of SecOps and Automation Report|https://www.sumologic.com/brief/state-of-secops/]]|Report SecOps|
===
* __Acquisitions__
** Rancher by SUSE+++^*[»]
|2020.07.08|//Rancher//|[[SUSE Enters Into Definitive Agreement to Acquire Rancher Labs|https://rancher.com/blog/2020/suse-to-acquire-rancher/]]|Acquisition|
|2020.07.10|Container Journal| → [[SUSE to Acquire Rancher Labs|https://containerjournal.com/news/news-releases/suse-to-acquire-rancher-labs/]]|Acquisition|
|2020.07.10|Silicon[img[iCSF/flag_fr.png]]| → [[Rancher Labs se vend à SUSE : mariage de raison dans la sphère Kubernetes|https://www.silicon.fr/rancher-labs-suse-kubernetes-343153.html]]|Acquisition|
|2020.07.10|Informatique News[img[iCSF/flag_fr.png]]| → [[SUSE acquiert Rancher Labs|https://www.informatiquenews.fr/suse-acquiert-rancher-labs-71823]]|Acquisition|
===
* __Miscellaneous__
** Additional relevant 'Cloud and Security' Weekly Watch: ''TL;DR Security'' and ''The Cloud Security Reading List''+++^*[»]
|2020.07.08|TL;DR Security|[[#42 - Towards Trusted Sensing, Root Causes of Procrastination|https://tldrsec.com/blog/tldr-sec-042/]] |Weekly_Newsletter|
|2020.07.12|Marco Lancini|[[The Cloud Security Reading List #45|https://cloudseclist.com/issues/issue-45/]] |Weekly_Newsletter|
===
** Workloads Security Strategies: Intezer and Checkpoint+++^*[»]
|2020.07.07|//Check Point//|[[How to Secure Cloud Workloads in Healthcare|https://blog.checkpoint.com/2020/07/07/healthcare-workload-security/]]|Workloads|
|2020.07.09|//Intezer//|![[A Comparison of Cloud Workload Protection Strategies|https://www.intezer.com/blog/cloud-workload-protection/a-comparison-of-cloud-workload-protection-strategies/]]|Workloads|
===
** AWS: Architecture, Reduce Cloud Security Misconfigurations with AWS, Common Errors and Mitigation, AWS Secrets Manager usage, and Core Security Essentials+++^*[»]
|2020.07.09|//Amazon AWS//|![[Updates to the security pillar of the AWS Well-Architected Framework|https://aws.amazon.com/blogs/security/updates-to-security-pillar-aws-well-architected-framework/]]|AWS Framework|
|2020.07.06|Matt Fuller|![[27 Things AWS Can Do to Reduce Cloud Security Misconfigurations|https://medium.com/@matthewdf10/27-things-aws-can-do-to-reduce-cloud-security-misconfigurations-f3ed06d6aba8]] |AWS Misconfigurations|
|2020.07.12|//Centilytics//|[[Most common AWS security mistakes and how to mitigate them|https://blogs.centilytics.com/common-aws-security-mistakes-and-their-resolutions/]]|AWS Misconfiguration|
|2020.07.10|//AWS//|[[Identify, arrange, and manage secrets easily using enhanced search in AWS Secrets Manager|https://aws.amazon.com/blogs/security/identify-arrange-manage-secrets-easily-using-enhanced-search-in-aws-secrets-manager/]]|AWS Secrets_Management|
|2020.07.10|//AWS//|[[How to use resource-based policies in the AWS Secrets Manager console to securely access secrets across AWS accounts|https://aws.amazon.com/blogs/security/how-to-use-resource-based-policies-aws-secrets-manager-console-to-securely-access-secrets-aws-accounts/]]|AWS Secrets_Management|
|2020.07.07|//RiskRecon//|[[Understanding AWS Core Security Essentials|https://blog.riskrecon.com/understanding-aws-security-essentials]]|AWS|
===
** Azure: use Cases for ATP, and for Sentinel, Governance+++^*[»]
|2020.07.10|//Microsoft//|[[Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents|https://www.microsoft.com/security/blog/2020/07/09/inside-microsoft-threat-protection-correlating-and-consolidating-attacks-into-incidents/]]|Incidents|
|2020.07.10|//Microsoft//|[[Making Azure Sentinel work for you|https://www.microsoft.com/security/blog/2020/07/09/making-azure-sentinel-work/]]|Azure_Sentinel|
|2020.07.08|Nino Crudele|[[Azure Governance and security for Enterprise integration under the hood|https://ninocrudele.com/azure-governance-and-security-for-enterprise-integration-under-the-hood]] |Azure Governance|
===
** GCP: Chinese Isolated Region Initiative stopped+++^*[»]
|2020.07.08|Bloomberg|[[Google Scrapped Cloud Initiative in China, Other Markets|https://www.bloomberg.com/news/articles/2020-07-08/google-scrapped-cloud-initiative-in-china-sensitive-markets]]|GCP China|
|2020.07.09|ZDNet| → [[Google abandons Isolated Region cloud services project in China|https://www.zdnet.com/article/google-abandons-plans-to-provide-cloud-services-in-china/]]|GCP China|
===
** Kubernetes: Best practices for alerting+++^*[»]
|2020.07.09|//Sysdig//|[[Best practices for alerting on Kubernetes|https://sysdig.com/blog/alerting-kubernetes/]]|K8s Alerting|
===
** Tools: FRETA (Linux forensics), Permission Manager for Kubernetes+++^*[»]
|2020.07.06|//Microsoft//|![[Toward trusted sensing for the cloud: Introducing Project Freta |https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/]] ([[documentation|https://docs.microsoft.com/security/research/project-freta]])|Tools Forensics|
|2020.07.07|//Microsoft//| → [[Introducing Project Freta|https://docs.microsoft.com/en-us/security/research/project-freta/]]|Tools Forensics|
|2020.07.07|The Register| → [[Fret not, Linux fans, Microsoft's Project Freta is here to peer deep into your memory... to spot malware|https://www.theregister.com/2020/07/07/project_freta/]]|Tools Forensics|
|2020.07.08|BetaNews| → [[Microsoft launches Project Freta to detect malware in Linux kernels|https://betanews.com/2020/07/08/microsoft-project-freta-cloud-linux-malware/]]|Tools Forensics|
|2020.07.08|Silicon[img[iCSF/flag_fr.png]]| → [[Project Freta : Microsoft envisage l'avenir de la sécurité cloud|https://www.silicon.fr/project-freta-microsoft-securite-cloud-343086.html]]|Tools Forensics|
|2020.07.07|SecTechno|[[Permission Manager - Kubernetes RBAC Framework|https://sectechno.com/permission-manager-kubernetes-rbac-framework/]]|Tools Kubernetes|
===
!!3 - Agenda
* Now obsolete
!!4 - Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/K7C/|https://CloudSecurityAlliance.fr/go/K7C/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 12 juillet 2020
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.07.12|
|2020.07.12|Marco Lancini|[[The Cloud Security Reading List #45|https://cloudseclist.com/issues/issue-45/]] |Weekly_Newsletter|
|2020.07.12|//Centilytics//|[[Most common AWS security mistakes and how to mitigate them|https://blogs.centilytics.com/common-aws-security-mistakes-and-their-resolutions/]]|AWS Misconfiguration|
|>|>|>|!2020.07.11|
|2020.07.11|//SyxSense//|[[Hijacking Vulnerability Discovered in OneDrive|https://www.syxsense.com/onedrive-vulnerability]]|OneDrive Flaw|
|>|>|>|!2020.07.10|
|2020.07.10|UK Authority|[[Manchester University create cloud procurement framework|https://www.ukauthority.com/articles/manchester-university-create-cloud-procurement-framework/]]|Procurement Framework|
|2020.07.10|Help Net Security|[[An effective cloud security posture begins with these three steps|https://www.helpnetsecurity.com/2020/07/10/effective-cloud-security-posture/]]|Posture|
|2020.07.10|JD Supra Law|[[Privacy Tip #243 - Misconfigured Cloud Exposes Millions of Records of Eleven Dating Sites|https://www.jdsupra.com/legalnews/privacy-tip-243-misconfigured-cloud-29489/]]|Data_Leak|
|2020.07.10|Federal News Network|[[Understanding why taking a multi-cloud approach ensures current, future agility, scalability|https://federalnewsnetwork.com/it-innovation-insider/2020/07/understanding-why-taking-a-multi-cloud-approach-ensures-current-future-agility-scalability/]]|Multi-Cloud|
|2020.07.10|DZone|[[Kubernetes Authentication|https://dzone.com/articles/kubernetes-authentication]]|K8s Authentication|
|2020.03.15|AppFleet| → [[Kubernetes Authentication|https://appfleet.com/blog/kubernetes-authentication/]]|K8s Authentication|
|2020.07.10|Computer Business Review|[[Four Container Management Considerations|https://www.cbronline.com/opinion/container-management-considerations]]|Containers|
|2020.07.10|//AWS//|[[Identify, arrange, and manage secrets easily using enhanced search in AWS Secrets Manager|https://aws.amazon.com/blogs/security/identify-arrange-manage-secrets-easily-using-enhanced-search-in-aws-secrets-manager/]]|AWS Secrets_Management|
|2020.07.10|//AWS//|[[How to use resource-based policies in the AWS Secrets Manager console to securely access secrets across AWS accounts|https://aws.amazon.com/blogs/security/how-to-use-resource-based-policies-aws-secrets-manager-console-to-securely-access-secrets-aws-accounts/]]|AWS Secrets_Management|
|2020.07.10|//Microsoft//|[[Cluster configuration in Azure Kubernetes Services (AKS) - Azure Kubernetes Service|https://docs.microsoft.com/en-us/azure/aks/cluster-configuration]]|Azure_AKS|
|2020.07.10|//Microsoft//|[[Configure an AKS cluster|https://docs.microsoft.com/en-us/azure/aks/cluster-configuration]]|Azure_AKS|
|2020.07.10|//Microsoft//|[[Azure AD Mailbag: Managing and reviewing exception lists more rigorously with access reviews|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-mailbag-managing-and-reviewing-exception-lists-more/ba-p/1257347]]|AzureAD|
|2020.07.10|//Veritas//|![[2020 UK Veritas Databerg Report|https://www.veritas.com/en/uk/form/whitepaper/the-uk-2020-databerg-report]]|Report Databerg|
|2020.07.10|InfoSecurity Mag| → [[Cloud Adoption Held Back by Data Loss and Compliance Fears|https://www.infosecurity-magazine.com/news/cloud-adoption-held-back-data-loss/]]|Report Data_Loss|
|2020.07.10|//Cloudonaut//|[[Resilient event-driven Serverless architectures: Isolate your dependencies|https://cloudonaut.io/resilient-event-driven-serverless-architectures-isolate-your-dependencies/]]|Serverless Resilience|
|2020.07.10|//Menlo Security//|[[Mitigating Threats Associated with Downloading Files in Native File Format|https://www.menlosecurity.com/blog/mitigating-threats-associated-with-downloading-files-in-native-file-format]]|Threats|
|2020.07.10|//Compare the Cloud//|[[Adapting your data protection measures for the cloud|https://www.comparethecloud.net/articles/adapting-your-data-protection-measures-for-the-cloud/]]|Protection|
|>|>|>|!2020.07.09|
|2020.07.09|//Security Intelligence//|[[Overcoming Data Security Challenges in a Hybrid, Multicloud World|https://securityintelligence.com/posts/overcoming-data-security-challenges-hybrid-multicloud-world/]]|Multi-Cloud|
|2020.07.09|//AlgoSec//|[[Ending the Cloud Security Blame Game|http://www.infosecisland.com/blogview/25262-Ending-the-Cloud-Security-Blame-Game.html]]|Shared_Responsibility|
|2020.07.09|//Divvy Cloud//|[[The Net Effect: Why Cloud IAM Is So Difficult|https://divvycloud.com/why-cloud-iam-is-difficult/]]|IAM|
|2020.07.09|//Sysdig//|[[Best practices for alerting on Kubernetes|https://sysdig.com/blog/alerting-kubernetes/]]|K8s Alerting|
|2020.07.09|//Sysdig//|[[Monitoring Kubernetes in Production|https://sysdig.com/blog/monitoring-kubernetes/]]|K8s Monitoring|
|2020.07.09|//Sumo Logic//|[[The automation hype is real for SOC teams: unpacking the Dimensional Research "2020 State of SecOps and Automation" report|https://www.sumologic.com/blog/2020-state-of-secops-automation-report/]]|Report SecOps|
|2020.07.09|TechRepublic| → [[Cloud environments are making the security alert overload problem worse|https://www.techrepublic.com/article/cloud-environments-are-making-the-security-alert-overload-problem-worse/]]|Report SecOps|
|2020.06.26|//Sumo Logic//| → [[2020 State of SecOps and Automation Report|https://www.sumologic.com/brief/state-of-secops/]]|Report SecOps|
|2020.07.09|//Intezer//|![[A Comparison of Cloud Workload Protection Strategies|https://www.intezer.com/blog/cloud-workload-protection/a-comparison-of-cloud-workload-protection-strategies/]]|Workloads|
|2020.07.09|//Caylent//|[[AWS EKS: Fine-Grained IAM Roles for Service Accounts (IRSA)|https://caylent.com/aws-eks-fine-grained-iam-roles-for-service-accounts-irsa]]|AWS IAM|
|2020.07.09|//NeuVector//|[[NetMotion surveys industry experts on remote access, COVID-19, and the future of VPN & SDP|https://www.netmotionsoftware.com/blog/mobility/vpn-sdp-remote-access-survey]] |report|
|2020.07.09|//Nirmata//|[[How to Overcome the Day 2 Kubernetes Skills Gap|https://nirmata.com/2020/07/09/how-to-overcome-the-day-2-kubernetes-skills-gap/]]|K8s Skills|
|2020.07.09|//Amazon AWS//|![[Latest Bulletins - Amazon Web Services (AWS)|https://aws.amazon.com/security/security-bulletins/AWS-2020-002/]] |Alert AWS Kubernetes CVE-2020-8558|
|2020.07.10|//Alcide//| → [[New Kubernetes Node Vulnerability (CVE-2020-8558) bypasses localhost boundary|https://blog.alcide.io/new-kubernetes-node-vulnerability-cve-2020-8558-bypasses-localhost-boundary]]|K8s Vulnerability CVE-2020-8558|
|2020.07.09|//Amazon AWS//|![[Updates to the security pillar of the AWS Well-Architected Framework|https://aws.amazon.com/blogs/security/updates-to-security-pillar-aws-well-architected-framework/]]|AWS Framework|
|2020.07.10|//Microsoft//|[[Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidents|https://www.microsoft.com/security/blog/2020/07/09/inside-microsoft-threat-protection-correlating-and-consolidating-attacks-into-incidents/]]|Incidents|
|2020.07.10|//Microsoft Azure//|[[Making Azure Sentinel work for you|https://www.microsoft.com/security/blog/2020/07/09/making-azure-sentinel-work/]]|Azure_Sentinel|
|2020.07.09|//Google Cloud//|![[New gcloud cheat sheet available as free printable download|https://cloud.google.com/blog/products/management-tools/new-gcloud-cheat-sheet-available]] |GCP|
|2020.07.09|//Google Cloud//| → [[The gcloud command-line tool cheat sheet|https://cloud.google.com/sdk/docs/cheatsheet]]|GCP|
|2020.07.09|//Google GCP//|[[How can Google Cloud help with security of your apps?|https://medium.com/google-cloud/how-can-google-cloud-help-with-security-of-your-apps-8f5692f56177]]|Comics Apps|
|>|>|>|!2020.07.08|
|2020.07.08|TL;DR Security|[[#42 - Towards Trusted Sensing, Root Causes of Procrastination|https://tldrsec.com/blog/tldr-sec-042/]] |Weekly_Newsletter|
|2020.07.08|Bloomberg|[[Google Scrapped Cloud Initiative in China, Other Markets|https://www.bloomberg.com/news/articles/2020-07-08/google-scrapped-cloud-initiative-in-china-sensitive-markets]]|GCP China|
|2020.07.09|ZDNet| → [[Google abandons Isolated Region cloud services project in China|https://www.zdnet.com/article/google-abandons-plans-to-provide-cloud-services-in-china/]]|GCP China|
|2020.07.08|IT Next|[[Restricting Flux permissions|https://itnext.io/restricting-flux-permissions-1f79372c77b5]] |Flux RBAC|
|2020.07.08|Nino Crudele|[[Azure Governance and security for Enterprise integration under the hood|https://ninocrudele.com/azure-governance-and-security-for-enterprise-integration-under-the-hood]] |Azure Governance|
|2020.07.08|Ars Technica|[[Microsoft neuters Office 365 account attacks that used clever ruse|https://arstechnica.com/information-technology/2020/07/microsoft-neuters-office-356-account-attacks-that-used-clever-ruse/]]|O365 Attacks|
|2020.07.08|GitHub|[[Introducing the GitHub Availability Report|https://github.blog/2020-07-08-introducing-the-github-availability-report/]]|GitHub Monthly_Report|
|2020.07.08|//Microsoft Azure//|![[Azure Sentinel Best Practices|https://www.microsoft.com/security/blog/wp-content/uploads/2020/07/Azure-Sentinel-whitepaper.pdf]] |Azure_Sentinel Best_Practices|
|2020.07.08|//InfoSec Island//|[[Ending the Cloud Security Blame Game|http://www.infosecisland.com/blogview/25262-Ending-the-Cloud-Security-Blame-Game.html]]|Shared_Responsibility Exposure|
|2020.07.01|//Microsoft//| → [[Microsoft v. John Does (Civil Action 120cv730 EDVA) Temporary Restraining Order|https://noticeofpleadings.com/COVID-19-Bonus-Phishing/files/Court%20Orders/Microsoft%20v.%20John%20Does%20(Civil%20Action%20120cv730%20EDVA)%20Temporary%20Restraining%20Order.pdf]] (format pdf)|
|2020.07.08|//Abnormal Security//|![[Abnormal Attack Stories: Spoofed Zoom Attack|https://abnormalsecurity.com/blog/abnormal-attack-stories-spoofed-zoom-attack/]] |Phishing O365|
|2020.07.09|Bleeping Computer| → [[Persuasive Office 365 phishing uses fake Zoom suspension alerts|https://www.bleepingcomputer.com/news/security/persuasive-office-365-phishing-uses-fake-zoom-suspension-alerts/]]|Phishing O365|
|2020.07.08|//Microsoft//|![[Protecting your remote workforce from application-based attacks like consent phishing |https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/]] |OAuth Attacks|
|2020.07.08|Bleeping Computer| → [[Microsoft warns of Office 365 phishing via malicious OAuth apps|https://www.bleepingcomputer.com/news/security/microsoft-warns-of-office-365-phishing-via-malicious-oauth-apps/]]|OAuth Attacks|
|2020.07.09|//Threatpost//| → [[Microsoft Warns on OAuth Attacks Against Cloud App Users|https://threatpost.com/microsoft-warns-oauth-attacks-cloud-app/157331/]]|OAuth Attacks|
|2020.07.08|//Rancher//|[[SUSE Enters Into Definitive Agreement to Acquire Rancher Labs|https://rancher.com/blog/2020/suse-to-acquire-rancher/]]|Acquisition|
|2020.07.10|Container Journal| → [[SUSE to Acquire Rancher Labs|https://containerjournal.com/news/news-releases/suse-to-acquire-rancher-labs/]]|Acquisition|
|2020.07.10|Silicon[img[iCSF/flag_fr.png]]| → [[Rancher Labs se vend à SUSE : mariage de raison dans la sphère Kubernetes|https://www.silicon.fr/rancher-labs-suse-kubernetes-343153.html]]|Acquisition|
|2020.07.10|Informatique News[img[iCSF/flag_fr.png]]| → [[SUSE acquiert Rancher Labs|https://www.informatiquenews.fr/suse-acquiert-rancher-labs-71823]]|Acquisition|
|2020.07.30|Le Mag IT[img[iCSF/flag_fr.png]]| → [[Suse s'aligne sur Kubernetes avec le rachat de Rancher Labs|https://www.lemagit.fr/actualites/252486943/Suse-saligne-sur-Kubernetes-avec-le-rachat-de-Rancher-Labs]]|Acquisition|
|2020.07.08|//Cloud Management Insider//|[[Is Amazon RDS Availability On Outposts An Ideal Step Towards Hybrid Cloud?|https://www.cloudmanagementinsider.com/is-amazon-rds-availability-on-outposts-an-ideal-step-towards-hybrid-cloud/]]|AWS Availability|
|2020.07.08|//Rapid7//|[[Seeing Value From Day One: What You Need to Know About Cloud SIEM Deployment and Configuration|https://blog.rapid7.com/2020/07/08/seeing-value-from-day-one-what-you-need-to-know-about-cloud-siem-deployment-and-configuration/]]|SIEM|
|2020.07.08|//TrendMicro//|[[Cloud Security Is Simple, Absolutely Simple|https://blog.trendmicro.com/cloud-security-is-simple/]] ([[vidéo|https://youtu.be/Dh8PvMd__RU]])|Context|
|>|>|>|!2020.07.07|
|2020.07.07|SecureCloudBlog|[[PoC part 0 - Integrating Azure Security Center Alerts with MS Teams!|https://securecloud.blog/2020/07/07/poc-part-0-integrating-azure-security-center-alerts-with-ms-teams/]] (1/2)|Azure Security_Center Teams|
|2020.07.07|Michael Whiteman|[[Reducing Our Attack Surface with AppSec Platform|https://medium.com/ww-tech-blog/reducing-our-attack-surface-with-appsec-platform-4b6717a16709]] |Attack_Surface|
|2020.07.07|SecTechno|[[Permission Manager - Kubernetes RBAC Framework|https://sectechno.com/permission-manager-kubernetes-rbac-framework/]]|Tools Kubernetes|
|2020.07.07|Cloud Tweaks|[[7 Security and Compliance Considerations for Cloud-Based Business Applications|https://cloudtweaks.com/2020/07/7-security-compliance-business-applications/]]|Compliance|
|2020.07.07|//DZone//|[[How to Create Your Own Kubernetes Custom Resources|https://dzone.com/articles/how-to-create-your-own-kubernetes-custom-resources]]|K8s|
|2020.06.11|//Caylent//| → [[How to Create Your Own Kubernetes Custom Resources|https://caylent.com/how-to-create-your-own-kubernetes-custom-resources]]|K8s|
|2020.07.07|//Sophos//|![[The State Of Cloud Security 2020|https://secure2.sophos.com/en-us/content/state-of-cloud-security.aspx]] ([[rapport|https://secure2.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-the-state-of-cloud-security-2020-wp.pdf]]) |Report Sophos|
|2020.07.09|Solutions Review| → [[Sophos: Seven in 10 Organizations Experienced a Cloud Security Incident|https://solutionsreview.com/cloud-platforms/sophos-seven-in-10-organizations-experienced-a-cloud-security-incident/]]|Report Sophos|
|2020.07.09|MSSP Alert| → [[Public Cloud Cybersecurity and Cyberattacks: Research Findings|https://www.msspalert.com/cybersecurity-research/public-cloud-cyberattack-trends/]]|Report Sophos|
|2020.07.09|Redmond Channel| → [[Survey: Public Cloud Security Incidents Becoming Commonplace|https://rcpmag.com/blogs/scott-bekker/2020/07/survey-public-cloud-security.aspx]]|Report|
|2020.07.10|ZDNet| → [[Majority of firms concerned about public cloud security, most have suffered breach|https://www.zdnet.com/article/majority-of-firms-concerned-about-public-cloud-security-most-have-suffered-breach/]]|Report Sophos|
|2020.07.10|CIO Dive| → [[Everyone is struggling with cloud security|https://www.ciodive.com/news/cloud-security-malware-misconfiguration-sophos/581371/]]|Report Sophos|
|2020.07.07|//Microsoft//|[[Secure pods with Azure Policy in Azure Kubernetes Service (AKS)|https://docs.microsoft.com/en-gb/azure/aks/use-pod-security-on-azure-policy]] |Azure Policy|
|2020.07.07|//Security Intelligence//|[[Fix Shadow IT In Your Organization|https://securityintelligence.com/articles/how-to-fix-shadow-it/]]|Shadow_IT|
|2020.07.07|//Check Point//|[[How to Secure Cloud Workloads in Healthcare|https://blog.checkpoint.com/2020/07/07/healthcare-workload-security/]]|Workloads|
|2020.07.07|//Elastic Security//|[[Kubernetes observability tutorial: Metrics collection and analysis|https://www.elastic.co/blog/kubernetes-observability-tutorial-k8s-metrics-collection-and-analysis]] |K8s|
|2020.07.07|//Amazon AWS//|[[New PCI DSS on AWS Compliance Guide provides essential information for implementing compliant applications|https://aws.amazon.com/blogs/security/new-pci-dss-on-aws-compliance-guide-provides-essential-information-for-implementing-compliant-applications/]] |AWS PCI-DSS Compliance|
|2020.07.07|//CloudVector//|![[API Security Checklist: Part 3|https://www.cloudvector.com/api-security-checklist-part-3/]] (3/3) |APIs|
|2020.07.07|//Sophos//|[[Company web names hijacked via outdated cloud DNS records|https://nakedsecurity.sophos.com/2020/07/07/company-web-names-hijacked-via-outdated-cloud-dns-records/]]|!DNS Hijacking|
|2020.07.07|//Opiv//|[[Cloud Security Requires a New Mindset|https://www.optiv.com/explore-optiv-insights/blog/cloud-security-requires-new-mindset]]|Context|
|2020.07.07|//Microsoft//|[[New study shows customers save time, resources and improve security with Microsoft Cloud App Security |https://www.microsoft.com/security/blog/2020/07/07/new-study-customers-save-time-resources-improve-security-microsoft-cloud-app-security/]]|Report|
||//Forrester//| → [[The Total Economic Impact™ Of Microsoft Cloud App Security|https://tools.totaleconomicimpact.com/go/microsoft/CloudAppSecurity/]] ([[rapport "Forrester Consulting Total Economic Impact™ (TEI) Study"|https://tools.totaleconomicimpact.com/go/Microsoft/CloudAppSecurity/docs/TEI_of_Microsoft_Cloud_App_Security.pdf]])|Report|
|2020.07.07|//Google Cloud//|[[Enhancing multi-cloud data governance on Google Cloud|https://cloud.google.com/blog/products/data-analytics/cloud-data-governance-collibra]]|Governance|
|2020.07.07|//RiskRecon//|[[Understanding AWS Core Security Essentials|https://blog.riskrecon.com/understanding-aws-security-essentials]]|AWS|
|>|>|>|!2020.07.06|
|2020.07.06|Zataz[>img[iCSF/flag_fr.png]]|[[Fuite de données massive dans le cloud… ni vue, ni connue !|https://www.zataz.com/fuite-de-donnees-massive-dans-le-cloud-ni-vue-ni-connue/]]|Data_Leak|
|2020.07.06|Matt Fuller|![[27 Things AWS Can Do to Reduce Cloud Security Misconfigurations|https://medium.com/@matthewdf10/27-things-aws-can-do-to-reduce-cloud-security-misconfigurations-f3ed06d6aba8]] |AWS Misconfigurations|
|2020.07.06|Solutions Review|[[Six Common Cloud Security Myths Debunked and Explained|https://solutionsreview.com/cloud-platforms/six-common-cloud-security-myths-debunked-and-explained/]]|Myths|
|2020.07.06|//Thibault Joubert//[>img[iCSF/flag_fr.png]]|[[Comment migrer son environnement de travail sereinement vers Office 365|https://www.linkedin.com/pulse/comment-migrer-son-environnement-de-travail-vers-office-joubert/]]|O365 Migration|
|2020.08.06|//Mandiant//|!"[[My Cloud is APT's Cloud: Investigating and Defending Office 365|https://www.blackhat.com/us-20/briefings/schedule/index.html#my-cloud-is-apts-cloud-investigating-and-defending-office--20982]]" presentation at BlackHat on August 6th |O365 Attacks|
|2020.07.08|Dark Reading| → [[How Advanced Attackers Take Aim at Office 365|https://www.darkreading.com/threat-intelligence/how-advanced-attackers-take-aim-at-office-365/d/d-id/1338301]] |O365 Attacks|
|2020.07.12|E Hacking News| → [[Microsoft Office 365 Users Targeted By a New Phishing Campaign Using Fake Zoom Notifications|https://www.ehackingnews.com/2020/07/microsoft-office-365-users-targeted-by.html]]|Phishing O365|
|2020.07.06|//Microsoft//|![[Toward trusted sensing for the cloud: Introducing Project Freta |https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/]] ([[documentation|https://docs.microsoft.com/security/research/project-freta]])|Tools Forensics|
|2020.07.07|//Microsoft//| → [[Introducing Project Freta|https://docs.microsoft.com/en-us/security/research/project-freta/]]|Tools Forensics|
|2020.07.07|GBHackers on Security| → [[Project Freta - New Free Microsoft Forensic Tool to Detect Malware & Rootkits in Linux Systems|https://gbhackers.com/project-freta/]]|Tools Forensics|
|2020.07.07|ZDnet| → [[Microsoft's Project Freta: This new free service spots rootkits lurking in cloud VMs|https://www.zdnet.com/article/microsofts-project-freta-this-new-free-service-spots-rootkits-lurking-in-cloud-vms/]]|Tools Forensics|
|2020.07.07|The Hacker News| → [[Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service|https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html]]|Tools Forensics|
|2020.07.07|The Register| → [[Fret not, Linux fans, Microsoft's Project Freta is here to peer deep into your memory... to spot malware|https://www.theregister.com/2020/07/07/project_freta/]]|Tools Forensics|
|2020.07.08|BetaNews| → [[Microsoft launches Project Freta to detect malware in Linux kernels|https://betanews.com/2020/07/08/microsoft-project-freta-cloud-linux-malware/]]|Tools Forensics|
|2020.07.08|Silicon[img[iCSF/flag_fr.png]]| → [[Project Freta : Microsoft envisage l'avenir de la sécurité cloud|https://www.silicon.fr/project-freta-microsoft-securite-cloud-343086.html]]|Tools Forensics|
|2020.07.06|//Amazon AWS//|[[How to use G Suite as an external identity provider for AWS SSO|https://aws.amazon.com/blogs/security/how-to-use-g-suite-as-external-identity-provider-aws-sso/]] |AWS SSO|
|2020.07.06|//Microsoft//|[[Implement a secure hybrid network - Azure Architecture Center|https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/secure-vnet-hybrid]] |Implementing a secure hybrid network architecture in Azure|
<<tiddler [[arOund0C]]>>
!"//Cryptocurrencies, Digital assets, Tokens and Blockchain maturity is coming soon//"
Article publié le 10 juillet 2020 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA
{{ss2col{
<<<
[>img(200px,auto)[iCSA/K7ABC.jpg]]//''Tautology - a statement that is true by necessity or by virtue of its logical form.''
Blockchains are going to rapidly gain maturity because people are using blockchains, because they are rapidly gaining maturity. Essentially we're at the inflection point of the S curve of adoption here. Let's talk about Central Bank Digital Currencies (CBDC), I think we can all agree that countries officially adopting blockchain technology for their currencies would be the ultimate proof they have arrived. Currently several dozen countries are looking at CBDC's with several in various stages of development. Interesting the majority of countries are still opposed to actually launching a CBDC… until they have to, to quote the Bank of Canada:
The Bank currently has no plans to launch a CBDC. Rather, the Bank will build the capacity to issue a general purpose, cash-like CBDC should the need to implement one arise. Because it will take several years to build this capacity, the Bank cannot wait until the need is evident before launching preparatory work. Preparing in advance is critical. At the same time, the Bank is preparing for a range of other possible changes to money and payments in Canada as innovation continues. +++[»]> https://www.bankofcanada.ca/2020/02/contingency-planning-central-bank-digital-currency/ ===
In other words it's a classic "we're not going to do it, until we have to, but we're going to prepare, since it looks like we will have to do it soon because of market forces, or because someone else might do it and we don't want to be stuck with theirs."
Essentially we're entering a Mexican standoff style situation, but with the added bonus of having a LOT of organizations that do actually want to pull the trigger first and legitimately have the capability to, for example Libra. As such it's pretty clear that we need maturity in the space because whether we like it or not we're going to be getting CBDC's soon (my expectation is 1-5 years for a few countries followed globally by 5-10 years, some countries will drag their feet).//
[...]
<<<
}}}
__Liens :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k7ab/|https://CloudSecurityAlliance.fr/go/k7ab/]]''
!"//Key Management when using Cloud Services//"
La date limite pour transmettre les commentaires est le 9 août 2020.
> //The purpose of this document is to provide guidance for using Key Management Systems (KMS) with cloud services, whether the key management system is native to a cloud platform, external, self-operated, or yet another cloud service. Recommendations will be given to aid in determining which forms of key management systems are appropriate for different use cases. //
__Lien :__
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/k7ad/|https://CloudSecurityAlliance.fr/go/k7ad/]]'' /%
https://cloudsecurityalliance.org/artifacts/key-management-when-using-cloud-services/
%/
!"//Night of the Living Cloud (aka CSA Federal Summit) Part 1 of 2//"
Article publié le 09 juillet 2020 — Rédigé par Jim Reavis, Co-founder and Chief Executive Officer, CSA
{{ss2col{
<<<
[>img(150px,auto)[iCSA/K79BN.jpg]]//If you want to get a feel for what the zombie apocalypse might be like, I highly recommend taking a business trip right now. It provides a surreal experience without the hassle of someone trying to eat your brains. It was thus for me as I traveled across the country to attend the Cloud Security Alliance Federal Summit.
The journey started with an uneventful flight from Seattle to Washington Dulles. The flight arrived four hours later than planned and arrived at a different airport as airlines are canceling flights and consolidating their passengers. This resulted in a flight that was reasonably full, except that middle seats were not being sold. The hotel was in Crystal City, which is right next to the Washington Reagan airport, my original destination. No problem there, my Uber driver apparently negotiated a private stretch of freeway as the drive from Dulles was accomplished in record time for my 30 years traveling to the capitol. As I checked into the Hyatt Regency and walked around the neighborhood, I had this uneasy feeling that something was wrong. Ah yes, no people! The area was desolate and the occasional lifeform existing behind a mask had a clear look of terror in their eyes as they demanded some social distance. This pandemic is a misanthrope's dream!
Our event went off without a hitch, if by "without a hitch" you mean "no attendees". There were actually a few people in the crowd, myself included, and they were treated to a tour de force of cybersecurity experts. We will be looking to repurpose the content to a larger audience soon, but what follows is a summary and links where available to the morning presentations. Next week we will cover the afternoon presentations.
The first speech was from Glenn Gerstell, Senior Adviser at the Center for Strategic & International Studies, and former NSA General Counsel. The title was "''Coming Up Next: More Regulation In Response to the Onrush of Technology''", and I think the best way to describe the speech was that Glenn was wrestling with how we recast our regulatory and national security strategy in light of the rapid growth of the tech sector and its ability to surveil, influence citizens and amass unprecedented stores of information. The conclusion is that change must occur to recognize a new relationship between the public and private sector, but it is critical to have thoughtful policy discussions now. I asked Glenn if he thought major cloud providers must be classified as critical infrastructure. He agreed they were critical, but in keeping with his overall speech theme, he advocates a balance between looking at old laws being updated and applying existing regulations to new technology environments.
The second presentation was our own Jerry Archer, CSO at Sallie Mae, titled "''Implementing a Work from Home Security Strategy''". This presentation+++^*[»] https://cloudsecurityalliance.org/artifacts/implementing-a-work-from-home-security-strategy/ === is worth going through several times. Even though the content is only four slides, Jerry packed it with lessons learned and new considerations for WFH. Sallie Mae had a comprehensive pandemic contingency plan going into the COVID-19 response and they probably came out of it better than most, but there is still a lot of ongoing tuning. One quandary Jerry mentioned was trying to understand if a remote worker actually still works for your company and didn't quit weeks ago without telling you.
Next, Zach Baldwin from GSA provided an update on FedRAMP via recorded video+++^*[»] https://www.brighttalk.com/webcast/10415/422428 ===. The FY2020 goals of increased simplicity, improved automation, FedRAMP marketplace growth and improved community education were covered. OSCAL (Open Security Controls Assessment Language), development led by Dr. Michaela Iorga at NIST is the centerpiece of the automation initiatives.
After GSA, CSA board member and TruStar chairman Paul Kurtz presented "''Latest Trends in Intelligence Management''". Paul made the very good point that we don't have a very good definition of intelligence for cybersecurity and proffered one of his own, "''The capacity of organizations to normalize, transform and automatically extract actionable insight and context from security tools and sources to expedite detection and response''". You can access Paul's presentation here+++^*[»] https://cloudsecurityalliance.org/artifacts/latest-trends-in-intelligence-management/ ===.
I took the last spot before lunch and gave a presentation titled "''Cloud Resilience: Tested by Pandemic''". It contained some content you may have seen me discuss previously, basically outlining how cloud systems by and large worked as advertised during the shift to work from home and the cleanup underway to lock down security vulnerabilities created by the rapid shift to WFH. I also added some new content about the revised upward forecast in cloud security services and speculation that corporate data centers may be decommissioned two years earlier than predicted due to cloud. I also discussed some of my fears about a worse than expected economic recovery directly impacting cybersecurity and our ability to combat breaches. Check it out here+++^*[»] https://cloudsecurityalliance.org/artifacts/cloud-resilience-tested-by-pandemic/ ===
I will summarize the afternoon presentations next week. In addition to the great content presented at the summit, we learned a lot about the logistics and best practices for conducting in person events in the near future. Configuring rooms for maximum social distancing, contactless food and beverage, ambient temperature sensors and hyper sanitization are the new norms. We will be interviewing all attendees at the 14 day point after the summit and will let you know if we all remain healthy.//
<<<
}}}
__Liens :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k79b/|https://CloudSecurityAlliance.fr/go/k79b/]]''
Cette nouvelle publication a fait l'objet d'une large communication de la CSA
!!!Publication - "The Six Pillars of DevSecOps: Automation"
<<<
[>img(200px,auto)[iCSA/K76PT.jpg]]//Automation is a critical component of DevSecOps because it enables process efficiency, allowing developers, infrastructure, and information security teams to focus on delivering value rather than repeating manual efforts and errors with complex deliverables. This paper focuses on a risk-based security automation approach that strings automated security actions throughout the continuous software development deployment cycle.//
<<<
!!!Annonce - "Cloud Security Alliance Publishes New Paper, The Six Pillars of DevSecOps: Automation"
<<<
''Document provides practical advice for integrating automated security into software development lifecycle''
//The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today the release of The Six Pillars of DevSecOps: Automation. Produced by CSA's DevSecOps Working Group+++^*[»] https://cloudsecurityalliance.org/research/working-groups/devsecops/ === in collaboration with SAFECode+++^*[»]
http://safecode.org/ ===, the document provides a holistic framework for facilitating security automation within DevSecOps and best practices for automating those security controls, as well as clarification of common misconceptions surrounding DevSecOps security testing.
"The complexity of cloud infrastructure today means that small code changes can have disproportionate impact downstream. Therefore, it's critical that security checks be integrated and monitored throughout the software development and deployment lifecycle, all the way from design to implementation, testing, and release," said Souheil Moghnie, SAFECode Board member and one of the paper's lead authors.
The necessity of security automation, security test automation techniques, and the mechanisms to achieve it are integral components of a comprehensive risk-based security automation approach - all of which can be achieved using a security-enabled delivery pipeline and the controls within it, as the paper explains.
The document provides insight into:
* The types of triggers and checkpoints that should occur in the delivery pipeline
* The strategy of shifting security left while accelerating right
* How to prioritize and balance resources in conjunction with deliverability
* Risk factors that occur throughout the delivery pipeline and how automation can be introduced to mitigate them
* Automation best practices that extend beyond DevSecOps
"It's vital that today's DevOps teams be agile, able to address user requirements dynamically, release features incrementally, and deliver at a faster pace than their predecessors and do it all without sacrificing security. Security controls can't be successfully integrated without automated security capabilities that allow for timely and meaningful feedback. By adopting even modest automated security capabilities entire classes of risk can potentially be eliminated," said Sean Heide, Research Analyst Cloud Security Alliance.//
[...]
<<<
!!!Blog - "New Paper Offers Practical Guidance on Automating Security in DevSecOps"
Article publié le 7 juillet 2020 — Rédigé par Souheil Moghnie, NortonLifeLock
<<<
[>img(200px,auto)[iCSA/K77BN.png]]//Today, SAFECode is excited to join the Cloud Security Alliance in sharing a new report offering practical guidance on integrating security automation into the software development lifecycle. The paper, The Six Pillars of DevSecOps: Automation, was developed in collaboration with the Cloud Security Alliance as part of a larger project around identifying best practices to support the secure implementation of DevOps, commonly referred to as DevSecOps.
Automation is particularly important in a DevSecOps environment because it creates the process efficiency needed to enable developers, infrastructure, and security teams to focus less on repetitive security tasks and more on delivering value. Application, host, and container vulnerability scanning as well as monitoring are all examples of security activities that can and should be automated. In essence, the paper explains how DevSecOps can "shift-left and accelerate right."
Today's paper focuses on cloud-based security automation for DevOps but can certainly be useful for non-cloud based software as well. The main goal is to enable a fast, reciprocal flow of information to DevOps teams so that they can create and validate secure code by design. This approach helps avoid making security an afterthought, and sheds some light on how to weave in security in every step of the release pipeline. All of the guidance shared in the paper is based on the real-world experiences of the authors and contributors. Topics covered include:
* Common impediments to automation and suggested mitigation techniques
* Common misconceptions about security testing in DevSecOps environments and practical testing how-tos
* An overview of a risk-based release pipeline and how automation can be addressed at each stage, as well as a discussion of several best practices that are applicable to DevSecOps regardless of the software development stage
* Practical advice around streamlining some of the most daunting topics to automate in DevSecOps such as threat modeling, proper crypto handling, and security control assessments
[...]
In the meantime, those interested in our DevSecOps work can also check out our recent paper that takes an in-depth look at how to build and maintain a security-supportive culture.//
<<<
__Liens :__
* Publication → ''[[CloudSecurityAlliance.fr/go/k77p/|https://CloudSecurityAlliance.fr/go/k77p/]]''
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/k77a/|https://CloudSecurityAlliance.fr/go/k77a/]]''
* Article de blog ⇒ ''[[CloudSecurityAlliance.fr/go/k77b/|https://CloudSecurityAlliance.fr/go/k77b/]]''
!//FTC Guidance - Six Steps Toward More Secure Cloud Computing//
[>img(150px,auto)[iCSA/K76BF.jpg]]Article publié le 6 juillet 2020 sur le blog de la CSA, après l'avoir été le 28 juin 2020 sur le site de Francoise Gilbert. Il a déjà été mentionné dans notre veille, mais il est repris ici compte-tenu de son intérêt.
<<<
The June 15, 2020 FTC Blogpost, titled Six Steps Towards More Secure Cloud Computing provides a concise, valuable checklist for businesses that use or intend to use cloud services, so that they make their use of cloud services safer. The document is a reminder of the basic golden rules concerning data security when using a third-party service provider.
!!!1. Security is your responsibility.
First and foremost: ''Keep in mind that if it's your data, it's ultimately your responsibility.''
Using cloud service providers (CSP) to store or process your data does not mean you can also outsource security. Throughout the lifecycle of data in your company's possession, security remains your responsibility.
Even if you rely substantially on your CSP's security tools, you must have a written data security program that lays out your company's process for securing your customer's information, and that ensures that people on your staff remain knowledgeable about maintaining, monitoring, testing, and updating that program. You should train your staff on their obligations under that data security program, so that they perform fully and correctly the tasks set forth in your security program. You must also review your cloud contracts carefully to ensure they spell out your expectations and clearly establish who is primarily in charge of what.
!!!2. Take regular inventories of what you store in the cloud and how it is protected.
You cannot use your data if you don't know you have it, and where to find it. This is why you need an "inventory" or a "data map". Numerous CSPs offer tools such as dashboards or management consoles.
You cannot keep your data safe if you don't know the security configurations and access rights that are attached to this data, and you ensure that they remain consistent with the sensitivity of the data you have stored. As you add data that may require more protection, re-evaluate your security settings and update them accordingly.
Actively test for misconfigurations or other security failings that could compromise your data. Maintain robust log files so you can continuously monitor your cloud repositories.
!!!3. don't store data that is not necessary.
There is a tendency to keep as much data as possible because cloud storage is usually less expensive than other storage methods. Anyone will attempt to convince you that they "need" to keep this data because they might need it for a future project. There are several problems with this.
* From a practical standpoint, except for archives, in most cases, old data is useless. It might be obsolete, incomplete, or unreadable.
* From a legal standpoint, retaining personal data when it is no longer needed could violate applicable laws. Numerous privacy or data protection laws on all continents require that personal data be kept no longer than necessary for the purpose for which the data was originally collected.
* From a contractual standpoint, it might violate contractual promises your business made to dispose of data at the end of a project, or on the occurrence of a triggering event.
* From a security standpoint, the more data you keep, the greater the probability that someone will want to steal it, misuse it, damage it, etc.
As you conduct a data inventory, be ruthless. Dispose of all data that is not necessary, and do so securely.
!!!4. Take advantage of the security features offered by the cloud service provider.
Most cloud service providers offer detailed guidance about their security controls and how to set up their services in a more secure fashion. Users should do their best to understand the options and configure those settings in the way best suited to their own operations.
* Understand the nature of the data that will be stored, processed, or used in the cloud.
* Evaluate the risk to this data: Is the data sensitive? Is it needed? Who should have or not have access to it?
* What means should be used to protect against the risks of unauthorized access to the data while it is held in the cloud?
!!!5. Make good use of encryption.
There are numerous benefits to encryption, assuming of course that it is conducted properly, and in accordance with up-to-date techniques. If you must retain certain data, but that data is seldom accessed, consider encrypting it. If data contains sensitive information, consider encrypting it, as well. The more data is encrypted, the less chances it has to be stolen, modified or misused.
!!!6. Stay alert: pay attention to credible warnings.
Some cloud providers offer automated tools to remind users about cloud repositories that are open to the Internet. Others may contact users with warnings to that effect. Security researchers may contact businesses when they find exposed data online. If you receive one of these warnings, pay attention. Investigate your cloud repositories and recheck your security settings.
!!!
|ssTablN0L|k
|[img(150px,auto)[iCSF/FrancoiseGilbert.jpg]]|!|Most cloud service providers have better resources than their customers to provide an adequate level of security. However, purchasing a subscription for cloud services is not equivalent to transferring all responsibilities to a third party. The overall responsibility for the data remains in the hands of the data custodian. Cloud customers remain primary responsible for the data that they have collected from their own clients, visitors, or users, which often constitutes their most valuable assets. The FTC blog post should serve as a reminder of the duties and obligations that are vested on those who collect and use data. They must understand the nature of the data they collect, limit their collection and retention to only the data they need, use security measures and controls that are adapted to the data, train their personnel and suppliers on the ways to better protect this data, and stay alert and look for clues of potential vulnerabilities.|
| Françoise Gilbert |~|~|
<<<
__Liens :__
* Sur le Blog de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k76x/|https://CloudSecurityAlliance.fr/go/k76x/]]''
* Sur le site de Francoise Gilbert ⇒ ''[[CloudSecurityAlliance.fr/go/k76z/|https://CloudSecurityAlliance.fr/go/k76z/]]''
* "Six steps toward more secure cloud computing" → [[sur le site de la FTC|https://www.ftc.gov/news-events/blogs/business-blog/2020/06/six-steps-toward-more-secure-cloud-computing]]
!Agenda du 'CSA CloudCon 2020'
[>img(200px,auto)[iCSA/202008US-GrandRapids.png]]La ''CSA CloudCon 2020'' se déroulera à distance les 19 et 20 août 2020 à Grand Rapids, dans le Michigan.
Encore une occasion d'assister à une conférence de la CSA aux États-Unis !
Les sessions sont les suivantes (conversion faite aux heures françaises) :
* __Mercredi 19 août 2020__
** 15h00 - 15h50 : Session inaugurale "Tales From the Cyber War Trenches" par Jim Kuiphof, Spectrum Health
** 16:00 - 16:45 : "Measuring Risk in 2020 - The Enterprise of Things Security Report" par Ellen Sundra, Forescout
** 16:50 - 17:35 : "Security and Compliance Issues with Cloud Providers" par Jeremy Snyder
** 17:40 - 18:25 : "The Path To Identity Maturity" par Jerod Brennen
** 18:30 - 19:30 : Open Discussion / Community Forum
* __Jeudi 20 août 2020__[>img(200px,auto)[iCSA/202008US-GrandRapids.jpg]]
** 15:00 - 9:50 : Session inaugurale "Security Done Right" par Tony Grey, Hagerty Insurance
** 16:00 - 16:45 : "WAF are you talking about?" par Phillip Maddux
** 16:50 - 17:35 : "EndPoints Are Everywhere, A CASB Journey" par William Houcheime
** 17:40 - 18:25 : "Defense on a Budget: Free Security Tips and Tricks - Cloud Edition" par Robert Wagner
** 18:30 - Conclusion
__Liens :__
* site de la conférence ⇒ [[CloudConGR.org|https://cloudcongr.org/]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #71|2020.07.05 - Newsletter Hebdomadaire #71]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #71|2020.07.05 - Weekly Newsletter - #71]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.07.05 - Newsletter Hebdomadaire #71]]>> |<<tiddler [[2020.07.05 - Weekly Newsletter - #71]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 29 juin au 5 juillet 2020
!!1 - Informations CSA - 29 juin au 5 juillet 2020
* Coopération entre la CSA et l'ISSA+++^*[»] <<tiddler [[2020.07.01 - Actu : Coopération entre la CSA et l'ISSA]]>>===
* Appels à commentaires :
** 'Top Threats to Cloud Computing: Egregious Eleven Deep Dive'+++^*[»] <<tiddler [[2020.06.29 - Appel à commentaires 'Top Threats to Cloud Computing: Egregious Eleven Deep Dive']]>>===
** 'Cloud OS Security Specification v2.0'+++^*[»] <<tiddler [[2020.07.02 - Appel à commentaires 'Cloud OS Security Specification v2.0']]>>===
* Appel à contribution pour le Congrès EMEA de la CSA+++^*[»] <<tiddler [[2020.06.11 - Appel à contribution pour le Congrès EMEA de la CSA]]>>===
!!2 - Veille Web Cloud et Sécurité ([[plus de 100 liens|2020.07.05 - Veille Hebdomadaire - 5 juillet]])
* ''À lire''
** ''Modélisation de la menace pour Kubernetes''+++^*[»]
|2020.06.30|Marco Lancini|![[The Current State of Kubernetes Threat Modelling|https://www.marcolancini.it/2020/blog-kubernetes-threat-modelling/]] |K8s Threats|
===
** ''Conférence fwd:cloudsec 2020''+++^*[»]
|2020.06.29|fwd:cloudsec|![[Conférence fwd:cloudsec 2020|https://fwdcloudsec.org/]] et [[enregistrements vidéo|https://www.youtube.com/playlist?list=PLCPCP1pNWD7OBQvDY7vLCFhxWxok9DITl]] |Conference|
===
* __Attaques__ et vulnérabilités : Cryptojacking et Kubernetes, Azure DevOps, Buckets S3+++^*[»]
|2020.07.01|//StackRox//|[[Cryptojacking Attacks In Kubernetes How To Stop Them|https://www.stackrox.com/post/2020/07/cryptojacking-attacks-in-kubernetes-how-to-stop-them/]]|K8s Cryptojacking|
|2020.06.29|GBHackers on Security|[[Hackers Abusing Docker Hub Account to Mine Monero Cryptocurrency|https://gbhackers.com/docker-hub-account/]]|Docker Cryptomining|
|2020.07.02|Harsh Bothra|[[Misconfigured S3 Bucket Access Controls to Critical Vulnerability|https://medium.com/bugbountywriteup/s3-bucket-misconfigured-access-controls-to-critical-vulnerability-6b535e3df9a5]]||
|2020.07.01|//Assetnote//|![[Taking over Azure DevOps Accounts with 1 Click|https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/]] |Flaw|
|2020.07.02|The Daily Swig| → [[Azure DevOps account takeover hack earns $3,000 bug bounty|https://portswigger.net/daily-swig/azure-devops-account-takeover-hack-earns-3-000-bug-bounty]]|Azure Vulnerability DNS|
===
* __Menaces__ et stratégies d'attaques : Marco Lancini, //StackRox// et //Fugue//+++^*[»]
|2020.06.30|Marco Lancini|![[The Current State of Kubernetes Threat Modelling|https://www.marcolancini.it/2020/blog-kubernetes-threat-modelling/]] |K8s Threats|
|2020.07.02|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 2 - Execution|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-2-execution/]] (2/9) |Kubernetes Threats|
|2020.06.30|//Fugue//|[[How hackers changed strategy with cloud|https://www.fugue.co/blog/how-hackers-changed-strategy-with-cloud]]|Threats|
===
* __Pannes__ : GCP+++^*[»]
|2020.06.29|The Register|[[Google Cloud partially evaporates for hours amid power supply failure: Two US East Coast zones rattled|https://www.theregister.com/2020/06/29/google_cloud_outage/]]|Outage GCP|
===
* __Rapports et études__ : Menaces Informatiques et Pratiques de Sécurité 2020 (CLUSIF), IBM, O'Reilly et Venafi+++^*[»]
|2020.07.02|CLUSIF[>img[iCSF/flag_fr.png]]|Études MISP 2020 - Entreprises : [[restitution|https://clusif.fr/publications/restitution-mips-2020-collectivites-territoriales/]] ([[vidéo|https://www.youtube.com/watch?v=Jcl9HdHf8ig]]) et [[rapport|https://clusif.fr/publications/etudes-menaces-informatiques-et-pratiques-de-securite-entreprises-edition-2020-mips-2020/]] ([[pdf|https://clusif.fr/content/uploads/2020/06/CLUSIF-MIPS-2020-Rapport-Entreprises.pdf]])|Report CLUSIF MIPS|
|2020.07.01|CLUSIF[>img[iCSF/flag_fr.png]]|Études MISP 2020 - Collectivités territoriales : [[restitution|https://clusif.fr/publications/restitution-mips-2020-collectivites-territoriales/]] ([[vidéo|https://www.youtube.com/watch?v=Yy9phYBOwBw]]) et [[rapport|https://clusif.fr/publications/etudes-menaces-informatiques-et-pratiques-de-securite-collectivites-territoriales-edition-2020-mips-2020]] ([[pdf|https://clusif.fr/content/uploads/2020/07/CLUSIF-MIPS-2020-Rapport-CoTer.pdf]])|Report CLUSIF MIPS|
|2020.06.30|//IBM//|[[IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue|https://newsroom.ibm.com/2020-06-30-IBM-Study-Security-Response-Planning-on-the-Rise-But-Containing-Attacks-Remains-an-Issue]]|Report Incident_Response Resilience|
|2020.06.30|//IBM//| → rapport "[[Cyber Resilient Organization Report|https://c212.net/c/link/?t=0&l=en&o=2844593-1&h=1328320830&u=https%3A%2F%2Fwww.ibm.com%2Faccount%2Freg%2Fus-en%2Fsignup%3Fformid%3Durx-45839&a=https%3A%2F%2Fwww.ibm.com%2Faccount%2Freg%2Fus-en%2Fsignup%3Fformid%3Durx-45839]]" et [[Webcast le 23 juillet|https://event.on24.com/wcc/r/2448121/9297B87DE7A378D816846835989BD762]]|Report Incident_Response Resilience|
|2020.07.02|//NeuVector//|[[O'Reilly survey shows cloud adoption and security concerns are rising|https://neuvector.com/cloud-security/cloud-adoption/]]|Report|
|2020.06.30|//Venafi//|[[Venafi Study: 75% of Global CIOs Say TLS Certificates Are Top Concern |https://www.venafi.com/news-center/press-release/venafi-study-75-global-cios-say-tls-certificates-are-top-concern]]|Report Venafi|
===
* __Acquisitions__ : Datrium par VMware+++^*[»]
|2020.07.01|//VMware//|[[Breaking: VMware Announces Intent to Acquire Datrium to Provide Disaster Recovery-as-a-Service for Hybrid Cloud Environments|https://blogs.vmware.com/virtualblocks/2020/07/01/vmware-draas]]|Acquisition|
|2020.07.01|//Datrium//| → [[Datrium to Be Acquired by VMware|https://www.datrium.com/blog/datrium-acquired-by-vmware/]]|Acquisition|
|2020.07.02|Silicon.fr[img[iCSF/flag_fr.png]]| → [[DRaaS : VMware s'offre le service de reprise après sinistre Datrium|https://www.silicon.fr/draas-vmware-datrium-342624.html]]|Acquisition|
|2020.07.02|The Register| → [[Not such a DRaaS-tic action, buying into cloud-based disaster recovery in times like these: VMware to swallow Datrium|https://www.theregister.com/2020/07/02/vmware_datrium/]]|Acquisition|
===
* __Divers__ :
** Autres veilles hebdomadaires Cloud et Sécurité : ''TL;DR Security'' et ''The Cloud Security Reading List''+++^*[»]
|2020.07.01|TL;DR Security|[[#41 - Threat Modeling Kubernetes, Secret Scanner Benchmark, OWASP Software Component Verification Standard|https://tldrsec.com/blog/tldr-sec-041/]] |Weekly_Newsletter|
|2020.07.05|Marco Lancini|[[The Cloud Security Reading List #44|https://cloudseclist.com/issues/issue-44/]] |Weekly_Newsletter|
===
** Podcasts : 'Cloud Security Podcast' et 'GCP Podcast'+++^*[»]
|2020.07.05|Cloud Security Podcast|[[How to do Google Cloud Security Well - The 2020 Edition - Darpan Shah by Cloud Security Podcast • A podcast on Anchor|https://anchor.fm/cloudsecuritypodcast/episodes/How-to-do-Google-Cloud-Security-Well---The-2020-Edition---Darpan-Shah-egaks3]]|Podcast|
|2020.07.01|//Google Cloud Platform Podcast//|[[Cloud Audit Logging with Philip O'Toole and Oscar Guerrero|https://www.gcppodcast.com/post/episode-225-cloud-audit-logging-with-philip-otoole-and-oscar-guerrero/]]|Podcast Audit|
===
** Bonnes Pratiques Kubernetes : Emanuel Evans et CNCF+++^*[»]
|2020.07.05|Emanuel Evans|![[Minimum Viable Kubernetes|https://eevans.co/blog/minimum-viable-kubernetes/]] (1/3) |K8s|
|2020.06.30|Cloud Native Computing Foundation|![[Kubernetes Best Practices for Monitoring and Alerts|https://www.cncf.io/blog/2020/06/30/kubernetes-best-practices-for-monitoring-and-alerts/]] |K8s Monitoring|
===
** Droit américain et cloud computing : Outscale+++^*[»]
|2020.07.01|Le MagIT[>img[iCSF/flag_fr.png]]|[[Droit américain et cloud computing : "Nous sommes extrêmement naïfs" (Outscale)|https://www.lemagit.fr/tribune/Droit-americain-et-cloud-computing-Nous-sommes-extremement-naifs-Outscale]]|Legal|
===
** Certification ISO/IEC 27701 pour GCP+++^*[»]
|2020.06.30|//Google Cloud//|[[Reinforcing our commitment to privacy with accredited ISO/IEC 27701 certification|https://cloud.google.com/blog/products/identity-security/google-cloud-certified-as-a-data-processor]]|GCP Compliance ISO_27701|
===
** Outils: kube-applier, App2Container, référentiel de règles de détection+++^*[»]
|2020.07.02|SecTechno|[[kube-applier - Automated Deployment for Kubernetes - SecTechno|https://sectechno.com/kube-applier-automated-deployment-for-kubernetes/]]|Tools|
|2020.07.01|//Amazon AWS//|![[AWS releases App2Container tool for containerizing applications|https://siliconangle.com/2020/07/01/aws-releases-app2container-tool-containerizing-applications/]] |AWS Tools|
|2020.06.30|//Elastic Security//|[[Elastic Security opens public detection rules repo|https://www.elastic.co/blog/elastic-security-opens-public-detection-rules-repo]] et [[projet sur GitHub|https://github.com/elastic/detection-rules]]|Detection|
===
** Réflexions sur la sécurité des données AzureAD+++^*[»]
|2020.07.02|Roger Halbheer|[[Azure Active Directory Data Security Considerations|https://www.halbheer.ch/security/2020/07/02/azure-active-directory-data-security-considerations/]]|azureAD|
===
!!3 - Lien Direct
|!⇒ [[CloudSecurityAlliance.fr/go/K75/|https://CloudSecurityAlliance.fr/go/K75/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - June 29th to July 5th, 2020[>img[iCSF/inEnglish.png]]
!!1 - CSA News and Updates - June 29th to July 5th, 2020
* New partnership between CSA and ISSA+++^*[»] <<tiddler [[2020.07.01 - Actu : Coopération entre la CSA et l'ISSA]]>>===
* Call for Comments:
** 'Top Threats to Cloud Computing: Egregious Eleven Deep Dive'+++^*[»] <<tiddler [[2020.06.29 - Appel à commentaires 'Top Threats to Cloud Computing: Egregious Eleven Deep Dive']]>>===
** 'Cloud OS Security Specification v2.0'+++^*[»] <<tiddler [[2020.07.02 - Appel à commentaires 'Cloud OS Security Specification v2.0']]>>===
* Call for Papers for CSA EMEA Congress 2020+++^*[»] <<tiddler [[2020.06.11 - Appel à contribution pour le Congrès EMEA de la CSA]]>>===
!!2 - Cloud and Security News Watch ([[over 100 links|2020.07.05 - Veille Hebdomadaire - 5 juillet]])
* __''Must read''__
** Current State of Kubernetes Threat Modelling+++^*[»]
|2020.06.30|Marco Lancini|![[The Current State of Kubernetes Threat Modelling|https://www.marcolancini.it/2020/blog-kubernetes-threat-modelling/]] |K8s Threats|
===
** 'fwd:cloudsec 2020' Conference+++^*[»]
|2020.06.29|fwd:cloudsec|![[Conférence fwd:cloudsec 2020|https://fwdcloudsec.org/]] et [[enregistrements vidéo|https://www.youtube.com/playlist?list=PLCPCP1pNWD7OBQvDY7vLCFhxWxok9DITl]] |Conference|
===
* __Attacks__, Threats and Vulnerabilities: Cryptojacking and Kubernetes, Azure DevOps, Buckets S3+++^*[»]
|2020.07.01|//StackRox//|[[Cryptojacking Attacks In Kubernetes How To Stop Them|https://www.stackrox.com/post/2020/07/cryptojacking-attacks-in-kubernetes-how-to-stop-them/]]|K8s Cryptojacking|
|2020.06.29|GBHackers on Security|[[Hackers Abusing Docker Hub Account to Mine Monero Cryptocurrency|https://gbhackers.com/docker-hub-account/]]|Docker Cryptomining|
|2020.07.02|Harsh Bothra|[[Misconfigured S3 Bucket Access Controls to Critical Vulnerability|https://medium.com/bugbountywriteup/s3-bucket-misconfigured-access-controls-to-critical-vulnerability-6b535e3df9a5]]||
|2020.07.01|//Assetnote//|![[Taking over Azure DevOps Accounts with 1 Click|https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/]] |Flaw|
|2020.07.02|The Daily Swig| → [[Azure DevOps account takeover hack earns $3,000 bug bounty|https://portswigger.net/daily-swig/azure-devops-account-takeover-hack-earns-3-000-bug-bounty]]|Azure Vulnerability DNS|
===
* Threats and attacks Strategies: Marco Lancini, //StackRox// and //Fugue//+++^*[»]
|2020.06.30|Marco Lancini|![[The Current State of Kubernetes Threat Modelling|https://www.marcolancini.it/2020/blog-kubernetes-threat-modelling/]] |K8s Threats|
|2020.07.02|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 2 - Execution|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-2-execution/]] (2/9) |Kubernetes Threats|
|2020.06.30|//Fugue//|[[How hackers changed strategy with cloud|https://www.fugue.co/blog/how-hackers-changed-strategy-with-cloud]]|Threats|
===
* __Outages__: GCP+++^*[»]
|2020.06.29|The Register|[[Google Cloud partially evaporates for hours amid power supply failure: Two US East Coast zones rattled|https://www.theregister.com/2020/06/29/google_cloud_outage/]]|Outage GCP|
===
* __Reports and Surveys__: IT Threats and Security Usages (MIPS) 2020 (CLUSIF), IBM, O'Reilly and Venafi+++^*[»]
|2020.07.02|CLUSIF[>img[iCSF/flag_fr.png]]|Études MISP 2020 - Entreprises : [[restitution|https://clusif.fr/publications/restitution-mips-2020-collectivites-territoriales/]] ([[vidéo|https://www.youtube.com/watch?v=Jcl9HdHf8ig]]) et [[rapport|https://clusif.fr/publications/etudes-menaces-informatiques-et-pratiques-de-securite-entreprises-edition-2020-mips-2020/]] ([[pdf|https://clusif.fr/content/uploads/2020/06/CLUSIF-MIPS-2020-Rapport-Entreprises.pdf]])|Report CLUSIF MIPS|
|2020.07.01|CLUSIF[>img[iCSF/flag_fr.png]]|Études MISP 2020 - Collectivités territoriales : [[restitution|https://clusif.fr/publications/restitution-mips-2020-collectivites-territoriales/]] ([[vidéo|https://www.youtube.com/watch?v=Yy9phYBOwBw]]) et [[rapport|https://clusif.fr/publications/etudes-menaces-informatiques-et-pratiques-de-securite-collectivites-territoriales-edition-2020-mips-2020]] ([[pdf|https://clusif.fr/content/uploads/2020/07/CLUSIF-MIPS-2020-Rapport-CoTer.pdf]])|Report CLUSIF MIPS|
|2020.06.30|//IBM//|[[IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue|https://newsroom.ibm.com/2020-06-30-IBM-Study-Security-Response-Planning-on-the-Rise-But-Containing-Attacks-Remains-an-Issue]]|Report Incident_Response Resilience|
|2020.06.30|//IBM//| → rapport "[[Cyber Resilient Organization Report|https://c212.net/c/link/?t=0&l=en&o=2844593-1&h=1328320830&u=https%3A%2F%2Fwww.ibm.com%2Faccount%2Freg%2Fus-en%2Fsignup%3Fformid%3Durx-45839&a=https%3A%2F%2Fwww.ibm.com%2Faccount%2Freg%2Fus-en%2Fsignup%3Fformid%3Durx-45839]]" et [[Webcast le 23 juillet|https://event.on24.com/wcc/r/2448121/9297B87DE7A378D816846835989BD762]]|Report Incident_Response Resilience|
|2020.07.02|//NeuVector//|[[O'Reilly survey shows cloud adoption and security concerns are rising|https://neuvector.com/cloud-security/cloud-adoption/]]|Report|
|2020.06.30|//Venafi//|[[Venafi Study: 75% of Global CIOs Say TLS Certificates Are Top Concern |https://www.venafi.com/news-center/press-release/venafi-study-75-global-cios-say-tls-certificates-are-top-concern]]|Report Venafi|
===
* __Acquisitions__: Datrium by VMware+++^*[»]
|2020.07.01|//VMware//|[[Breaking: VMware Announces Intent to Acquire Datrium to Provide Disaster Recovery-as-a-Service for Hybrid Cloud Environments|https://blogs.vmware.com/virtualblocks/2020/07/01/vmware-draas]]|Acquisition|
|2020.07.01|//Datrium//| → [[Datrium to Be Acquired by VMware|https://www.datrium.com/blog/datrium-acquired-by-vmware/]]|Acquisition|
|2020.07.02|Silicon.fr[img[iCSF/flag_fr.png]]| → [[DRaaS : VMware s'offre le service de reprise après sinistre Datrium|https://www.silicon.fr/draas-vmware-datrium-342624.html]]|Acquisition|
|2020.07.02|The Register| → [[Not such a DRaaS-tic action, buying into cloud-based disaster recovery in times like these: VMware to swallow Datrium|https://www.theregister.com/2020/07/02/vmware_datrium/]]|Acquisition|
===
* __Miscellaneous__
** Additional relevant 'Cloud and Security' Weekly Watch: ''TL;DR Security'' and ''The Cloud Security Reading List''+++^*[»]
|2020.07.01|TL;DR Security|[[#41 - Threat Modeling Kubernetes, Secret Scanner Benchmark, OWASP Software Component Verification Standard|https://tldrsec.com/blog/tldr-sec-041/]] |Weekly_Newsletter|
|2020.07.05|Marco Lancini|[[The Cloud Security Reading List #44|https://cloudseclist.com/issues/issue-44/]] |Weekly_Newsletter|
===
** Podcasts: 'Cloud Security Podcast' and 'GCP Podcast'+++^*[»]
|2020.07.05|Cloud Security Podcast|[[How to do Google Cloud Security Well - The 2020 Edition - Darpan Shah by Cloud Security Podcast • A podcast on Anchor|https://anchor.fm/cloudsecuritypodcast/episodes/How-to-do-Google-Cloud-Security-Well---The-2020-Edition---Darpan-Shah-egaks3]]|Podcast|
|2020.07.01|//Google Cloud Platform Podcast//|[[Cloud Audit Logging with Philip O'Toole and Oscar Guerrero|https://www.gcppodcast.com/post/episode-225-cloud-audit-logging-with-philip-otoole-and-oscar-guerrero/]]|Podcast Audit|
===
** Kubernetes Best Practices: Emanuel Evans and CNCF+++^*[»]
|2020.07.05|Emanuel Evans|![[Minimum Viable Kubernetes|https://eevans.co/blog/minimum-viable-kubernetes/]] (1/3) |K8s|
|2020.06.30|Cloud Native Computing Foundation|![[Kubernetes Best Practices for Monitoring and Alerts|https://www.cncf.io/blog/2020/06/30/kubernetes-best-practices-for-monitoring-and-alerts/]] |K8s Monitoring|
===
** American Law and Cloud Computing+++^*[»]
|2020.07.01|Le MagIT[>img[iCSF/flag_fr.png]]|[[Droit américain et cloud computing : "Nous sommes extrêmement naïfs" (Outscale)|https://www.lemagit.fr/tribune/Droit-americain-et-cloud-computing-Nous-sommes-extremement-naifs-Outscale]]|Legal|
===
** GCP ISO/IEC 27701 certification+++^*[»]
|2020.06.30|//Google Cloud//|[[Reinforcing our commitment to privacy with accredited ISO/IEC 27701 certification|https://cloud.google.com/blog/products/identity-security/google-cloud-certified-as-a-data-processor]]|GCP Compliance ISO_27701|
===
** Tools: kube-applier, App2Container, Detection rules repository+++^*[»]
|2020.07.02|SecTechno|[[kube-applier - Automated Deployment for Kubernetes - SecTechno|https://sectechno.com/kube-applier-automated-deployment-for-kubernetes/]]|Tools|
|2020.07.01|//Amazon AWS//|![[AWS releases App2Container tool for containerizing applications|https://siliconangle.com/2020/07/01/aws-releases-app2container-tool-containerizing-applications/]] |AWS Tools|
|2020.06.30|//Elastic Security//|[[Elastic Security opens public detection rules repo|https://www.elastic.co/blog/elastic-security-opens-public-detection-rules-repo]] et [[projet sur GitHub|https://github.com/elastic/detection-rules]]|Detection|
===
** AzureAD Data Security Considerations+++^*[»]
|2020.07.02|Roger Halbheer|[[Azure Active Directory Data Security Considerations|https://www.halbheer.ch/security/2020/07/02/azure-active-directory-data-security-considerations/]]|azureAD|
===
!!3 - Agenda
* Now obsolete
!!4 - Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/K75/|https://CloudSecurityAlliance.fr/go/K75/]] |
<<tiddler [[arOund0C]]>>
!!Veille Hebdomadaire - 5 juillet 2020
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.07.05|
|2020.07.05|Marco Lancini|[[The Cloud Security Reading List #44|https://cloudseclist.com/issues/issue-44/]] |Weekly_Newsletter|
|2020.07.05|Cloud Security Podcast|[[How to do Google Cloud Security Well - The 2020 Edition - Darpan Shah by Cloud Security Podcast • A podcast on Anchor|https://anchor.fm/cloudsecuritypodcast/episodes/How-to-do-Google-Cloud-Security-Well---The-2020-Edition---Darpan-Shah-egaks3]]|Podcast|
|2020.07.05|Emanuel Evans|![[Minimum Viable Kubernetes|https://eevans.co/blog/minimum-viable-kubernetes/]] (1/3)|K8s|
|2020.07.05|Open Source DFIR|![[Incident Response in the Cloud|https://osdfir.blogspot.com/2020/07/incident-response-in-cloud.html]] |Incident_Response|
|2020.07.05|Luminous Men|![[AWS Lambda abuse|https://luminousmen.com/post/aws-lambda-abuse]] |AWS_Lambda Abuse Mitigation|
|>|>|>|!2020.07.04|
|2020.07.04|Security and Cloud 24/7|![[Top Six Cloud Myths Debunked|https://security-24-7.com/top-six-cloud-myths-debunked/]] |Myths|
|>|>|>|!2020.07.03|
|2020.07.03|IT Pro[>img[iCSF/flag_fr.png]]|[[Azure BluePrint, orchestration et conformité|https://www.itpro.fr/azure-blueprint-orchestration-et-conformite/]]|Azure Strategy|
|2020.07.03|//Federal News Network//|[[NARA gets ahead of legacy digital records with preservation framework|https://federalnewsnetwork.com/it-modernization/2020/07/nara-gets-ahead-of-legacy-digital-records-with-preservation-framework/]]|archiving|
|2020.07.02|VMblog|[[FaaS - Why do companies have their own serverless functions?|https://vmblog.com/archive/2020/07/02/faas-why-do-companies-have-their-own-serverless-functions.aspx]]|Misc //Thundra//|
|2020.07.02|VMblog|[[Adoption of Cloud-based Security Tools Accelerates as Organizations Support Remote Workforces during COVID-19, According to Survey from Exabeam|https://vmblog.com/archive/2020/07/02/adoption-of-cloud-based-security-tools-accelerates-as-organizations-support-remote-workforces-during-covid-19-according-to-survey-from-exabeam.aspx]]|Report Exabeam|
|2020.07.02|SecTechno|[[kube-applier - Automated Deployment for Kubernetes - SecTechno|https://sectechno.com/kube-applier-automated-deployment-for-kubernetes/]]|Tools|
|2020.07.02|Harsh Bothra|[[Misconfigured S3 Bucket Access Controls to Critical Vulnerability|https://medium.com/bugbountywriteup/s3-bucket-misconfigured-access-controls-to-critical-vulnerability-6b535e3df9a5]]||
|2020.07.02|Roger Halbheer|[[Azure Active Directory Data Security Considerations|https://www.halbheer.ch/security/2020/07/02/azure-active-directory-data-security-considerations/]]|azureAD|
|2020.07.02|Fool|[[Four Cybersecurity Disruptors Are Forming an Alliance: What It Means for Their Stocks|https://www.fool.com/investing/2020/07/02/four-cybersecurity-disruptors-are-forming-an-allia.aspx]]|Market|
|2020.07.02|SANS@MIC Talk|[[Defending Lift and Shift Cloud Applications|https://www.youtube.com/watch?v=ba47zIcaHig]] (vidéo)|Misc|
|2020.07.02|//Cisco//|[[Get a compliant "Cloud Smart" approach to security with Stealthwatch Cloud|https://blogs.cisco.com/security/a-few-key-questions-about-the-public-sector-cloud-smart-approach-why-stealthwatch-cloud-fits-the-bill]]||
|2020.07.02|//Caylent//|[[10 Steps to Optimizing DevOps and Security|https://caylent.com/10-steps-to-optimizing-devops-and-security]]|DevSecOps|
|2020.07.01|Datacenter Mag.|[[Comment le Backup as a Service est devenu indispensable|https://datacenter-magazine.fr/comment-le-backup-as-a-service-est-devenu-indispensable/]]|BaaS|
|2020.07.01|//Google Cloud Platform Podcast//|[[Cloud Audit Logging with Philip O'Toole and Oscar Guerrero|https://www.gcppodcast.com/post/episode-225-cloud-audit-logging-with-philip-otoole-and-oscar-guerrero/]]|Podcast Audit|
|2020.07.01|Cloudonaut|[[Containers vs. Serverless: Thoughts About Your Cloud Strategy|https://cloudonaut.io/containers-vs-serverless-cloud-strategy/]]|Containers Serverless|
|2020.07.01|//Palo Alto Networks//|[[Cloud Native Security: Intention vs. Practice|https://blog.paloaltonetworks.com/2020/07/cloud-native-security-intention-practice/]]|Cloud_Native|
|2020.07.01|!//Checkpoint//|[[5 Reasons to Re-Evaluate your Cloud Email Security|https://blog.checkpoint.com/2020/07/01/5-reasons-to-re-evaluate-your-cloud-email-security/]]|Emails|
|2020.07.01|//StackRox//|[[Cryptojacking Attacks In Kubernetes How To Stop Them|https://www.stackrox.com/post/2020/07/cryptojacking-attacks-in-kubernetes-how-to-stop-them/]]|K8s Cryptojacking|
|2020.07.01|//CCSI//|[[Data Loss Protection for the Hybrid Cloud|https://www.ccsinet.com/blog/data-loss-protection-cloud/]]|Data_Loss|
|>|>|>|!2020.07.02|
|2020.07.02|CLUSIF[>img[iCSF/flag_fr.png]]|Études MISP 2020 - Entreprises : [[restitution|https://clusif.fr/publications/restitution-mips-2020-collectivites-territoriales/]] ([[vidéo|https://www.youtube.com/watch?v=Jcl9HdHf8ig]]) et [[rapport|https://clusif.fr/publications/etudes-menaces-informatiques-et-pratiques-de-securite-entreprises-edition-2020-mips-2020/]] ([[pdf|https://clusif.fr/content/uploads/2020/06/CLUSIF-MIPS-2020-Rapport-Entreprises.pdf]])|Report CLUSIF MIPS|
|2020.07.02|Help Net Security (//Fortanix//)|[[Using confidential computing to protect Function-as-a-Service data|https://www.helpnetsecurity.com/2020/07/02/function-as-a-service/]]|confidential_Computing|
|2020.07.02|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 2 - Execution|https://www.stackrox.com/post/2020/07/protecting-against-kubernetes-threats-chapter-2-execution/]] (2/9) |Kubernetes Threats|
|2020.07.02|//Oracle Cloud//|[[Enable Secure Access to Remote Workforce using Oracle Cloud Infrastructure|https://blogs.oracle.com/cloudsecurity/enable-secure-access-to-remote-workforce-using-oracle-cloud-infrastructure]]|Oracle Remote_Working|
|2020.07.02|//Alibaba_Cloud//|[[The Trend of Using Blockchain Technology for Cloud Storage|https://medium.com/@Alibaba_Cloud/how-can-blockchain-technology-improve-cloud-storage-360226b3d3df]]|Blockchain Storage|
|2020.07.02|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud public : ce que Gartner dit des MSP leaders|https://www.silicon.fr/cloud-public-ce-que-gartner-dit-des-msp-leaders-342648.html]]|Gartner|
|2020.07.02|//NeuVector//|[[O'Reilly survey shows cloud adoption and security concerns are rising|https://neuvector.com/cloud-security/cloud-adoption/]]|Report|
|2020.07.02|//FireEye//|[[Cloud Security: Separating Fact From Fiction|http://www.fireeye.com/blog/executive-perspective/2020/06/cloud-security-separating-fact-from-fiction.html]]|Misc|
|2020.07.02|//Amazon AWS//|[[Monitoring AWS Certificate Manager Private CA with AWS Security Hub|https://aws.amazon.com/blogs/security/monitoring-aws-certificate-manager-private-ca-with-aws-security-hub/]]|AWS Certificates|
|2020.07.02|//Caylent//|[[10 Steps to Optimizing DevOps and Security|https://caylent.com/10-steps-to-optimizing-devops-and-security]]|DevSecOps|
|2020.07.02|//FireEye//|[[Cloud Security: Separating Fact From Fiction|https://www.fireeye.com/blog/executive-perspective/2020/06/cloud-security-separating-fact-from-fiction.html]] |Facts Myths|
|2020.07.02|//Oracle Cloud//|[[Secure Cloud Computing with the Center for Internet Security|https://blogs.oracle.com/cloud-infrastructure/secure-cloud-computing-with-the-center-for-internet-security]]|Compliance Hardening|
|>|>|>|!2020.07.01|
|2020.07.01|CLUSIF[>img[iCSF/flag_fr.png]]|Études MISP 2020 - Collectivités territoriales : [[restitution|https://clusif.fr/publications/restitution-mips-2020-collectivites-territoriales/]] ([[vidéo|https://www.youtube.com/watch?v=Yy9phYBOwBw]]) et [[rapport|https://clusif.fr/publications/etudes-menaces-informatiques-et-pratiques-de-securite-collectivites-territoriales-edition-2020-mips-2020]] ([[pdf|https://clusif.fr/content/uploads/2020/07/CLUSIF-MIPS-2020-Rapport-CoTer.pdf]])|Report CLUSIF MIPS|
|2020.07.01|Le MagIT[>img[iCSF/flag_fr.png]]|[[Droit américain et cloud computing : "Nous sommes extrêmement naïfs" (Outscale)|https://www.lemagit.fr/tribune/Droit-americain-et-cloud-computing-Nous-sommes-extremement-naifs-Outscale]]|Legal|
|2020.07.01|TL;DR Security|[[#41 - Threat Modeling Kubernetes, Secret Scanner Benchmark, OWASP Software Component Verification Standard|https://tldrsec.com/blog/tldr-sec-041/]] |Weekly_Newsletter|
|2020.07.01|Silicon Angle|[[VMware swoops in to buy disaster recovery firm Datrium|https://siliconangle.com/2020/07/01/vmware-swoops-buy-disaster-recovery-firm-datrium/]]|Acquisition|
|2020.07.01|Marteen Goet|[[Threat hunting in the cloud|https://github.com/maartengoet/presentations/blob/master/2020_07_cloud_meetup_london_azure_sentinel_aws.pdf]] (pdf) |Azure_Sentinel Threat_Hunting|
|2020.07.01|IoT Now|[[Spike in use of cloud-based security to protect corporate data|https://ipv6.net/news/spike-in-use-of-cloud-based-security-to-protect-corporate-data/]]|Misc|
|2020.07.01|Dark Reading|[[Businesses Invest in Cloud Security Tools Despite Concerns^M|https://www.darkreading.com/cloud/businesses-invest-in-cloud-security-tools-despite-concerns/d/d-id/1338263]]|Market|
|2020.07.01|DZone|[[How to Use EFS With AWS Lambda|https://dzone.com/articles/how-to-use-efs-with-aws-lambda]]|AWS EFS|
|2020.07.01|BetaNews|[[Remote working boosts move to cloud-based security|https://betanews.com/2020/07/01/remote-working-cloud-security/]]|Remote_Working|
|2020.07.01|CCSI|[[Data Loss Protection for the Hybrid Cloud|https://www.ccsinet.com/blog/data-loss-protection-cloud/]]|DLP|
|2020.07.01|//Assetnote//|![[Taking over Azure DevOps Accounts with 1 Click|https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/]] |Flaw|
|2020.07.02|The Daily Swig| → [[Azure DevOps account takeover hack earns $3,000 bug bounty|https://portswigger.net/daily-swig/azure-devops-account-takeover-hack-earns-3-000-bug-bounty]]|Azure Vulnerability DNS|
|2020.07.01|//VMware//|[[Breaking: VMware Announces Intent to Acquire Datrium to Provide Disaster Recovery-as-a-Service for Hybrid Cloud Environments|https://blogs.vmware.com/virtualblocks/2020/07/01/vmware-draas]]|Acquisition|
|2020.07.01|//Datrium//| → [[Datrium to Be Acquired by VMware|https://www.datrium.com/blog/datrium-acquired-by-vmware/]]|Acquisition|
|2020.07.02|Silicon.fr[img[iCSF/flag_fr.png]]| → [[DRaaS : VMware s'offre le service de reprise après sinistre Datrium|https://www.silicon.fr/draas-vmware-datrium-342624.html]]|Acquisition|
|2020.07.02|//Cloud Management Insider//| → [[Datrium to Be Acquired by VMware|https://www.cloudmanagementinsider.com/datrium-to-be-acquired-by-vmware/]]|Acquisition|
|2020.07.02|The Register| → [[Not such a DRaaS-tic action, buying into cloud-based disaster recovery in times like these: VMware to swallow Datrium|https://www.theregister.com/2020/07/02/vmware_datrium/]]|Acquisition|
|2020.07.02|//Cloud Management Insider//| → [[Datrium to Be Acquired by VMware|https://www.cloudmanagementinsider.com/datrium-to-be-acquired-by-vmware/]]|Acquisition|
|2020.07.01|//Pivot Point Security//| → [[70% of Web Apps Have Open Source Security Flaws - Here's How to Fix Yours|https://www.pivotpointsecurity.com/blog/70-of-web-apps-have-open-source-security-flaws-heres-how-to-fix-yours/]]|Reports Flaws|
|2020.07.01|//Omdia//|[[Application-Based Micro-Segmentation, Reimagined for the Hybrid Cloud World|https://blogs.cisco.com/security/application-based-micro-segmentation-reimagined-for-the-hybrid-cloud-world]]|Hybrid_Cloud|
|2020.07.01|//AppDynamics//|[[Starting Out Strong with Hybrid Cloud Monitoring|https://www.appdynamics.com/blog/news/getting-started-hybrid-cloud-monitoring/]]|Monitoring|
|2020.07.01|//Spanning//|[[Spanning Release Notes: Error Only Email - Spanning Backup for Office 365|https://spanning.com/blog/spanning-release-notes-office-365-backup-error-only-email/]]|O365 Backups|
|2020.07.01|//Wunderwuzzi//|[[Blast from the past: Cross Site Scripting on the AWS Console|https://embracethered.com/blog/posts/2020/aws-xss-cross-site-scripting-vulnerability/]]|AWS XSS_Flaw|
|2020.07.01|//Amazon AWS//|![[AWS releases App2Container tool for containerizing applications|https://siliconangle.com/2020/07/01/aws-releases-app2container-tool-containerizing-applications/]] |AWS Tools|
|2020.07.01|//Google Cloud//|[[How Cloud DLP can help with compliance, security, and privacy|https://cloud.google.com/blog/products/identity-security/how-cloud-dlp-can-help-with-compliance-security-and-privacy/]]|Compliance DLP|
|2020.07.01|//Google Cloud Platform Podcast//|[[Cloud Audit Logging with Philip O'Toole and Oscar Guerrero|https://www.gcppodcast.com/post/episode-225-cloud-audit-logging-with-philip-otoole-and-oscar-guerrero/]] |Podcast Audit|
|2020.07.01|//Microsoft Azure//|[[Azure Active Directory Data Security Considerations|https://azure.microsoft.com/en-us/resources/azure-active-directory-data-security-considerations/]]|AzureAD|
|>|>|>| |
|!Juin|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.06.30|
|2020.06.30|!Marco Lancini |![[The Current State of Kubernetes Threat Modelling|https://www.marcolancini.it/2020/blog-kubernetes-threat-modelling/]] |K8s Threats|
|2020.06.30|Help Net Security|[[Cloud IT infrastructure spending grows, non-cloud investments plunge|https://www.helpnetsecurity.com/2020/06/30/non-cloud-investments-plunge/]]|Market|
|2020.07.01|BetaNews|[[Remote working boosts move to cloud-based security|https://betanews.com/2020/07/01/remote-working-cloud-security/]]|Remote_Working|
|2020.06.30|Computer Weekly|[[Security Think Tank: 'Shift left' to secure containers|https://www.computerweekly.com/opinion/Security-Think-Tank-Shift-left-to-secure-containers]]|Containers|
|2020.06.30|CloudTweaks|[[Enterprises Are Moving Mission-Critical Information To The Cloud|https://cloudtweaks.com/2020/06/enterprises-moving-mission-critical-information/]]|Report CSA|
|2020.06.30|Cloud Native Computing Foundation|![[Kubernetes Best Practices for Monitoring and Alerts|https://www.cncf.io/blog/2020/06/30/kubernetes-best-practices-for-monitoring-and-alerts/]] |K8s Monitoring|
|2020.06.30|Cloud Academy|[[Can the Cloud be Trusted with Your Business Data?|https://cloudacademy.com/blog/can-the-cloud-be-trusted-with-your-business-data/]]|Trust|
|2020.06.30|Silicon Angle|[[US Navy's largest migration to AWS GovCloud adds security and analytics benefits|https://siliconangle.com/2020/06/30/us-navys-largest-migration-to-aws-govcloud-adds-security-and-analytics-benefits-awspssummit/]]|Misc|
|2020.06.30|DZone|[[Single-Tenant vs Multi-Tenant: SaaS Architecture|https://dzone.com/articles/single-tenant-vs-multi-tenant-saas-architecture]]|SaaS Architecture|
|2020.06.30|//Google Cloud//|[[Reinforcing our commitment to privacy with accredited ISO/IEC 27701 certification|https://cloud.google.com/blog/products/identity-security/google-cloud-certified-as-a-data-processor]]|GCP Compliance ISO_27701|
|2020.06.30|//Amazon AWS//|[[Code signing using AWS Certificate Manager Private CA and AWS Key Management Service asymmetric keys|https://aws.amazon.com/blogs/security/code-signing-aws-certificate-manager-private-ca-aws-key-management-service-asymmetric-keys/]]|AWS Certificates Key_Management|
|2020.06.30|//Venafi//|[[Venafi Study: 75% of Global CIOs Say TLS Certificates Are Top Concern |https://www.venafi.com/news-center/press-release/venafi-study-75-global-cios-say-tls-certificates-are-top-concern]]|Report Venafi|
|2020.07.01|Info Security Mag| → [[CIOs Raise the Alarm Over TLS Cert Security Risks|https://www.infosecurity-magazine.com/news/cios-raise-the-alarm-over-tls-cert/]]|Report Venafi|
|2020.06.30|//Elastic Security//|[[Elastic Security opens public detection rules repo|https://www.elastic.co/blog/elastic-security-opens-public-detection-rules-repo]] et [[projet sur GitHub|https://github.com/elastic/detection-rules]]|Detection|
|2020.06.30|//Rapid7//|[[The Power of Macro Authentication in Application Security|https://blog.rapid7.com/2020/06/30/unlocking-the-power-of-macro-authentication-in-application-security-part-two/]]|Authentication (2/3)|
|2020.06.30|//Radware//|[[4 Tips for Securing Your Public Cloud for Remote Work|https://blog.radware.com/security/cloudsecurity/2020/06/4-tips-for-securing-your-public-cloud-for-remote-work/]]|Remote_Working|
|2020.06.30|//Palo Alto Networks//|[[5 Reasons Why You Should Consider Cloud-delivered Managed Security|https://blog.paloaltonetworks.com/2020/06/cloud-delivered-managed-security/]]|Managed_Services|
|2020.06.30|//Kindite//|[[The Gap Between HSM Security and Cloud Environment Needs|https://blog.kindite.com/the-gap-between-hsm-security-and-cloud-environment-needs]]|HSM|
|2020.06.30|//Fugue//|[[How hackers changed strategy with cloud|https://www.fugue.co/blog/how-hackers-changed-strategy-with-cloud]]|Threats|
|2020.06.30|//Cloud Vector//|[[APIs - Underpinning Modern Technologies to Popular Data Breaches|https://www.cloudvector.com/apis-underpinning-modern-technologies-to-popular-data-breaches/]]|APIs|
|2020.06.30|//Awake Security//|[[SaaS Security Begins In the Browser: Why The Largest Chrome-Based Surveillance Campaign Undermines That|https://awakesecurity.com/blog/saas-security-begins-in-the-browser-why-the-largest-chrome-based-surveillance-campaign-undermines-that/]]|SaaS|
|2020.06.30|VMblog|[[Tripwire Configuration Manager SaaS Solution Delivers Enhanced Cloud Security|https://vmblog.com/archive/2020/06/30/tripwire-configuration-manager-saas-solution-delivers-enhanced-cloud-security.aspx]]|Products|
|2020.06.30|VMblog|[[Yellowbrick Makes Cloud Disaster Recovery Service, New Features Generally Available|https://vmblog.com/archive/2020/06/30/yellowbrick-makes-cloud-disaster-recovery-service-new-features-generally-available.aspx]]|Produts DRP|
|2020.06.30|//IBM//|[[IBM Study: Security Response Planning on the Rise, But Containing Attacks Remains an Issue|https://newsroom.ibm.com/2020-06-30-IBM-Study-Security-Response-Planning-on-the-Rise-But-Containing-Attacks-Remains-an-Issue]]|Report Incident_Response Resilience|
|2020.06.30|//IBM//| → rapport "[[Cyber Resilient Organization Report|https://c212.net/c/link/?t=0&l=en&o=2844593-1&h=1328320830&u=https%3A%2F%2Fwww.ibm.com%2Faccount%2Freg%2Fus-en%2Fsignup%3Fformid%3Durx-45839&a=https%3A%2F%2Fwww.ibm.com%2Faccount%2Freg%2Fus-en%2Fsignup%3Fformid%3Durx-45839]]" et [[Webcast le 23 juillet|https://event.on24.com/wcc/r/2448121/9297B87DE7A378D816846835989BD762]]|Report Incident_Response Resilience|
|2020.07.01|MSSP Alert|[[ → [[Incident Response Playbooks for Cyberattacks: Got One?|https://www.msspalert.com/cybersecurity-research/incident-response-playbooks-ibm-findings/]]|Report Incident_Response Resilience|
|2020.06.30|//Anchore//|[[Anchore and Azure DevOps: Part 1|https://anchore.com/blog/anchore-azure-devops/]] (1/2)|Azure DevOps|
|2020.06.30|//Sysdig//|[[File Integrity Monitoring: Detecting suspicious file activity inside a container|https://sysdig.com/blog/file-integrity-monitoring/]]|Container Integrity|
|2020.06.30|//Praetorian//|[[Cloud Security and Architecture: The 8 Pillars|https://www.praetorian.com/blog/cloud-security-and-architecture-the-8-pillars]]|Architecture|
|2020.06.30|//Google Cloud//|[[Google Cloud received accredited ISO/IEC 27701 certification as a data processor|https://cloud.google.com/blog/products/identity-security/google-cloud-certified-as-a-data-processor/]]|GCP Privacy|
|2020.06.30|//Oracle Cloud//|[[A SIEM does much more than detect security incidents|https://blogs.oracle.com/cloudsecurity/a-siem-does-much-more-than-detect-security-incidents]]|DevSecOps SIEM|
|2020.06.30|//Alibaba Cloud//|[[Best Practices of Kubernetes Log Collection|https://www.alibabacloud.com/blog/best-practices-of-kubernetes-log-collection_596356]]|Best_Practices Kubernetes Logging|
|2020.06.30|//Alibaba//|[[New CNCF Sandbox Projects|https://www.alibabacloud.com/blog/new-cncf-sandbox-projects_596359]]|CNCF Sandbox|
|>|>|>|!2020.06.29|
|2020.06.29|ETSI|![[ETSI EN 303 645 V2.1.1 - CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements|https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf]]|Norm IoT|
|2020.06.29|fwd:cloudsec|![[Conférence fwd:cloudsec 2020|https://fwdcloudsec.org/]] et [[enregistrements vidéo|https://www.youtube.com/playlist?list=PLCPCP1pNWD7OBQvDY7vLCFhxWxok9DITl]] |Conference|
|2020.06.29|Dark Reading|[[Introducing 'Secure Access Service Edge'|https://www.darkreading.com/omdia/introducing-secure-access-service-edge/a/d-id/1338168]]|SASE|
|2020.06.29|Computer Weekly|[[Making the case for cloud-based security|https://www.computerweekly.com/news/252485322/Making-the-case-for-cloud-based-security]]|Misc|
|2020.06.29|GBHackers on Security|[[Hackers Abusing Docker Hub Account to Mine Monero Cryptocurrency|https://gbhackers.com/docker-hub-account/]]|Docker Cryptomining|
|2020.06.29|Silicon Angle|[[Data belonging to 1M students exposed by online study service OneClass|https://siliconangle.com/2020/06/29/data-belonging-1m-students-exposed-online-study-service-oneclass/]]|Data_Leak|
|2020.06.29|The Register|[[Google Cloud partially evaporates for hours amid power supply failure: Two US East Coast zones rattled|https://www.theregister.com/2020/06/29/google_cloud_outage/]]|Outage GCP|
|2020.06.29|The Register|[[UKCloud latest to sign Memorandum of Understanding with UK.gov ahead of cloud mega framework|https://www.theregister.com/2020/06/29/ukcloud_latest_to_sign_memorandum/]]|Market|
|2020.06.29|SecureWorks|[[Preparing for Post-Intrusion Ransomware|https://www.secureworks.com/blog/preparing-for-post-intrusion-ransomware]]|Ransomware Lateral_Movement|
|2020.06.29|DevOps|[[How to Overcome Challenges With AWS Lambda Logging|https://devops.com/how-to-overcome-challenges-with-aws-lambda-logging/]]|AWS Logging|
|2020.06.29|Cyber Defense Mag.|[[Security in A Multi-Cloud Environment|https://www.cyberdefensemagazine.com/security-in-a-multi-cloud-environment/]]|Multi-Cloud|
|2020.06.29|Computer Weekly|[[Making the case for cloud-based security|https://www.computerweekly.com/news/252485322/Making-the-case-for-cloud-based-security]] |Misc|
|2020.06.29|//Check Point//|[[Automating Cloud Native Security, at the Speed of DevOps|https://blog.checkpoint.com/2020/06/29/with-developers-moving-fast-devsec-needs-automation-to-keep-up-with-application-security/]]|Cloud_Native DecSecOps|
|2020.06.29|//Centilytics//|[[How to assess your cloud infrastructure with in-house audit checklist?|https://blogs.centilytics.com/how-to-assess-your-cloud-infrastructure-with-in-house-audit-checklist/]]|Audits|
|2020.06.29|//SecureWorks//|[[Preparing for Post-Intrusion Ransomware|https://www.secureworks.com/blog/preparing-for-post-intrusion-ransomware]]|Ransomware|
|2020.06.29|//Amazon AWS//|[[How to build a CI/CD pipeline for container vulnerability scanning with Trivy and AWS Security Hub|https://aws.amazon.com/blogs/security/how-to-build-ci-cd-pipeline-container-vulnerability-scanning-trivy-and-aws-security-hub/]]|Container|
|2020.06.29|//Amazon AWS//|[[How to build a CI/CD pipeline for container vulnerability scanning with Trivy and AWS Security Hub|https://aws.amazon.com/blogs/security/how-to-build-ci-cd-pipeline-container-vulnerability-scanning-trivy-and-aws-security-hub/]]|AWS CI/CD Containers Flaws|
|2020.06.29|//Google Cloud//|[[A guide to setting up monitoring for object creation in Cloud Storage|https://cloud.google.com/blog/products/storage-data-transfer/guide-to-setting-up-monitoring-for-object-creation-in-cloud-storage]]|GCP Monitoring Storage|
|2020.06.29|//Google Cloud//|[[Monitor and alert on new files in cloud storage|https://cloud.google.com/blog/products/storage-data-transfer/guide-to-setting-up-monitoring-for-object-creation-in-cloud-storage/]]|Storage Monitoring|
<<tiddler [[arOund0C]]>>
!"//Evolution of CASB Survey Report//"
[>img(150px,auto)[iCSA/K75PE.png]]Résultat d'un sondage CSA sur l'évolution du CASB clos le 20 avril+++^*[»] <<tiddler [[2020.03.09 - Sondage sur la technologie CASB]]>>=== et publié le 5 juillet 2020.
{{ss2col{
> //The study on CASB, which queried more than 200 IT and security professionals from a variety of organization sizes and locations, examined the expectations, technical implementations, and challenges of using cloud security access brokers (CASB). The study examined unrealized gaps between the rate of implementation or operation and the effective use of the capabilities within the enterprise, demonstrating a considerable misalignment between the technology solutions that fit in the CASB market and its perceived strengths. Some of the focuses in this report include: * The visibility of cloud services used within an organization that expands to the growing list of users and devices that are accessing these services * Access controls and policies that can be automated across sanctioned and unsanctioned cloud applications. * Bringing cloud services to meet regulatory and unique customer compliance requirements. * Data protection controls and user behavior analysis that operate in complex multi-cloud environments//
}}}__Lien :__
* Téléchargement du document (après inscription) → ''[[CloudSecurityAlliance.fr/go/k75p/|https://CloudSecurityAlliance.fr/go/k75p/]]''
!"//Cloud OS Security Specification v2.0//"
La date limite pour transmettre les commentaires est le 28 juillet 2020.
> //Currently, most of the standards related to cloud computing security focus on information security management systems (ISMS), and corresponding certifications only concentrate on cloud services rather than specific cloud components. There is a lack of internationally recognized technical security specifications and certifications for cloud components such as the cloud operating system (OS). CSA believes the guidance provided in this paper will be useful to help regulate security requirements for the cloud OS to prevent security threats and improve security capabilities of cloud OS products. CSA's Cloud Component Specifications Working Group first published the Cloud OS Security Specification v1 in July 2019. Some of the key changes and updates made in this revised version are: * Adjusted document structure to be more in line with logical architecture. Corresponding contents in version 1 are also moved / combined / removed according to the structure adjustment. * New requirements added in view of cloud security technology developments, including micro segmentation, hardware-based encryption, VM High availability, backup & recovery capability, key management service, cloud bastion host. * Several requirements are improved and revised to be more precise and instructive, such as the processing / saving of sensitive information, identity management and log functions.//
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/k72d/|https://CloudSecurityAlliance.fr/go/k72d/]]'' /%
https://docs.google.com/document/d/103LYX3FlL1T_WCDWH59ClDaCHp8SqBERDsxme8gn63I/edit?usp=sharing
%/
!"//Cloud Security Alliance and International Systems Security Association Form New Partnership to Advance the Cybersecurity Profession//"
[>img(300px,auto)[iCSF/ISSA.png]]//La Cloud Security Alliance (CSA) et l'International Systems Security Association (ISSA) - une organisation à but non lucratif pour la communauté des cyber professionnels, qui soutient l'évolution des carrières et promeut une cybersécurité efficace au niveau mondial - ont annoncé aujourd'hui que les deux parties ont signé un protocole d'accord pour collaborer sur diverses initiatives dans le but de soutenir et de renforcer la profession de cybersécurité.
"Notre partenariat avec l'ISSA constitue pour les deux organisations une excellente occasion de collaborer et de mettre à profit nos forces et nos compétences particulières au profit des professionnels de la cybersécurité et du Cloud Computing", a déclaré Jim Reavis, co-fondateur et directeur général de la Cloud Security Alliance. "Notre vision mutuelle se traduira par des possibilités accrues en matière de recherche et de développement professionnel pour toutes les entités concernées".
"Nous sommes ravis de nous lancer dans un partenariat avec la CSA qui soutiendra les professionnels de la cybersécurité et la communauté de la cybersécurité dans son ensemble", a déclaré Candy Alexander, directrice du président de l'ISSA International. "Nous prévoyons de consacrer nos ressources pour mener des recherches capitales pour les deux parties et de partager notre expertise en matière de sécurité avec les groupes de travail de la CSA".
Dans le cadre de cette nouvelle relation, la CSA et l'ISSA soutiendront mutuellement leurs initiatives et leurs réunions, notamment dans un certain nombre de domaines clés :{{ss2col{
* Participation de l'ISSA au programme du "Certificate of Cloud Auditing Knowledge" (CCAK) de la CSA.
* Le partage et la mise en concordance des contenus éducatifs mis au point en utilisant le "Cyber Security Career Lifecycle"+++*[»]> https://www.issa.org/cyber-security-career-lifecycle/ === de l'ISSA comme cadre
* Partage des résultats de l'enquête mondiale annuelle de l'ISSA/ESG
* Offres spéciales pour les membres de l'ISSA afin d'obtenir le "Certificate of Cloud Security Knowledge" (CCSK)
* Promotion des groupes de travail du CSA auprès des chapitres de l'ISSA et de l'ensemble de ses membres
* Participation à la conférence SECtember de la CSA, du 14 au 18 septembre 2020 à Seattle.
* Utilisation des groupes thématiques de l'ISSA pour soutenir les groupes de travail du CSA, en fonction des besoins
}}}//
__Lien vers les communiqués de presse :__
* CSA ⇒ https://cloudsecurityalliance.org/press-releases/2020/06/30/cloud-security-alliance-and-international-systems-security-association-form-new-partnership-to-advance-the-cybersecurity-profession/ /% ''[[CloudSecurityAlliance.fr/go/k71c/|https://CloudSecurityAlliance.fr/go/71c/]]'' %/
* ISSA ⇒ https://www.issa.org/cloud-security-alliance-and-international-systems-security-association-form-new-partnership-to-advance-the-cybersecurity-profession/
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202006>>
<<tiddler fAll2Tabs10 with: VeilleM","_202006>>
Aucune alerte notable en Juin 2020
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Juin 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202006>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Juin 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Juin 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202006'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202006'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Juin 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202006'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Juin 2020]]>>
!//United States–Mexico–Canada Agreement: Digital Trade Provisions: NAFTA 2.0 meets the Internet//
[>img(150px,auto)[iCSA/K6UBU.jpg]]^^Article publié sur le blog de la CSA le 30 juin 2020 par Françoise Gilbert.
* Lien ⇒ https://cloudsecurityalliance.org/blog/2020/06/30/united-states-mexico-canada-agreement-digital-trade-provisions-nafta-2-0-meets-the-internet/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Security Alliance and International Systems Security Association Form New Partnership to Advance the Cybersecurity Profession//
^^Communiqué de presse de la CSA du 30 juin 2020.
* Lien ⇒ https://cloudsecurityalliance.org/press-releases/2020/06/30/cloud-security-alliance-and-international-systems-security-association-form-new-partnership-to-advance-the-cybersecurity-profession/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//CSA Announces Availability of Key Cloud Security Assessment and Guidance Documents in 10 Additional Languages//
^^Communiqué de presse de la CSA du 23 juin 2020.
* Lien ⇒ https://cloudsecurityalliance.org/press-releases/2020/06/23/cloud-security-alliance-announces-availability-of-key-cloud-security-assessment-and-guidance-documents-in-10-additional-languages/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Security Alliance Announces PT Mitra Integrasi Informatika as an Authorized CCSK Training Partner//
^^Communiqué de presse de la CSA du 23 juin 2020.
* Lien ⇒ https://cloudsecurityalliance.org/press-releases/2020/06/23/cloud-security-alliance-announces-pt-mitra-integrasi-informatika-as-an-authorized-ccsk-training-partner/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//How to secure cloud-based collaboration, emails, and messaging apps//
[>img(150px,auto)[iCSA/K6NBH.jpg]]^^Article publié le 23 juin 2020 sur le blog de la CSA, après l'avoir été le 16 juin 2020 sur le site de CipherCloud
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k6nx/|https://CloudSecurityAlliance.fr/go/k6nx/]]''
* Site CipherCloud ⇒ ''[[CloudSecurityAlliance.fr/go/k6nz/|https://CloudSecurityAlliance.fr/go/k6nz/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//3 Big Amazon S3 Vulnerabilities You May Be Missing//
[>img(150px,auto)[iCSA/K6IB3.jpg]]^^Article publié le 18 juin 2020 sur le blog de la CSA, après l'avoir été le 21 mai 2020 sur le site de Fugue.
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k6ix/|https://CloudSecurityAlliance.fr/go/k6ix/]]''
* Site Fugue ⇒ ''[[CloudSecurityAlliance.fr/go/k6iz/|https://CloudSecurityAlliance.fr/go/k6iz/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Detect and Track Threats Through UEBA and Incident Governance//
[>img(150px,auto)[iCSA/K6GBF.jpg]]^^Article publié le 16 juin 2020 sur le blog de la CSA, après l'avoir été le 2 juin 2020 sur le site de CipherCloud
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k6gx/|https://CloudSecurityAlliance.fr/go/k6gx/]]''
* Site CipherCloud ⇒ ''[[CloudSecurityAlliance.fr/go/k6gz/|https://CloudSecurityAlliance.fr/go/k6gz/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Enterprise Architecture Working Group Charter//
^^Appel à commentaires publié le 14 juin 2020 et ouvert jusqu'au 13 juillet 2020.
<<<
//The Enterprise Architecture Working Group (EAWG) helps cloud customers and providers develop industry-recommended, secure and interoperable identity, access and compliance management configurations and practices. The working group developed cloud reference architecture, the CSA Enterprise Architecture (formerly the TCI), overlays cloud platforms and solutions on existing common enterprise architectures hardened with security criteria and industry mappings from the CSA Cloud Controls Matrix. The EAWG will further develop additional reference models and education on categories of cloud solutions and related technologies for the secure configuration and adoption of emerging technologies in a vendor-neutral manner, inclusive of all CSA members and affiliates who wish to participate. This charter lays out the scope, responsibilities, and roadmap for the EAWG. We welcome all feedback and comments during this open review period.//
<<<
__Liens :__
* Document ⇒ https://cloudsecurityalliance.org/artifacts/enterprise-architecture-charter/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//The Octopus Scanner Malware: Attacking the open source supply chain//
[>img(150px,auto)[iCSA/K6ABT.jpg]]^^Article publié le 10 juin 2020 sur le blog de la CSA, après l'avoir été le 28 mai 2020 sur le site GitHub
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/06/10/the-octopus-scanner-malware-attacking-the-open-source-supply-chain/ /% ''[[CloudSecurityAlliance.fr/go/k6ax/|https://CloudSecurityAlliance.fr/go/k6ax/]]'' %/
* Site GitHub ⇒ https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain/ /% ''[[CloudSecurityAlliance.fr/go/k6az/|https://CloudSecurityAlliance.fr/go/k6az/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//New Data Protection Law Enacted in Dubai Emirate//
[>img(150px,auto)[iCSA/K68BN.jpg]]^^Article publié le 8 juin 2020 sur le blog de la CSA par Francoise Gilbert, Cybersecurity & Privacy Expert, Cloud Security Alliance
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/blog/2020/06/08/new-data-protection-law-enacted-in-dubai-emirate/ /% ''[[CloudSecurityAlliance.fr/go/k68b/|https://CloudSecurityAlliance.fr/go/k68b/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Cloud Security Alliance Announces KORNERSTONE as Authorized CCSK Training Partner//
^^Communiqué de presse de la CSA du 8 juin 2020.
* Lien ⇒ https://cloudsecurityalliance.org/press-releases/2020/06/08/cloud-security-alliance-announces-kornerstone-as-authorized-ccsk-training-partner/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//General James Mattis, Secretary of Defense (2017-2018), to Headline CSA's SECtember Premier Event//
^^Communiqué de presse de la CSA du 4 juin 2020.
* Lien ⇒ https://cloudsecurityalliance.org/press-releases/2020/06/04/general-james-mattis-secretary-of-defense-2017-2018-to-headline-cloud-security-alliance-s-sectember-premier-event/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//CSA Partners with Digital Economy Promotion Agency in National Support Initiative for Learning During COVID-19//
^^Communiqué de presse de la CSA du 3 juin 2020.
* Lien ⇒ https://cloudsecurityalliance.org/press-releases/2020/06/03/cloud-security-alliance-partners-with-digital-economy-promotion-agency-in-national-support-initiative-for-learning-during-covid-19/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//Detect and Track Threats Through UEBA and Incident Governance//
[>img(150px,auto)[iCSA/K62BD.jpg]]^^Article publié le 2 juin 2020 sur le blog de la CSA, après l'avoir été le 18 mai 2020 sur le site de CipherCloud
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/articles/detect-and-track-threats-through-ueba-and-incident-governance/ /% ''[[CloudSecurityAlliance.fr/go/k62x/|https://CloudSecurityAlliance.fr/go/k62x/]]'' %/
* Site CipherCloud ⇒ https://www.ciphercloud.com/detect-and-track-threats-through-ueba-and-insights-investigate/ /% ''[[CloudSecurityAlliance.fr/go/k62z/|https://CloudSecurityAlliance.fr/go/k62z/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!//CSA Announces Availability of Key Cloud Security Assessment and Guidance Documents in 10 Additional Languages//
^^Communiqué de presse de la CSA du 1er juin 2020. /% https://cloudsecurityalliance.org/press-releases/2020/06/01/cloud-security-alliance-announces-availability-of-key-cloud-security-assessment-and-guidance-documents-in-10-additional-languages/ %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Top Threats to Cloud Computing: Egregious Eleven Deep Dive//"
La date limite pour transmettre les commentaires est le 19 juillet 2020.
> //The purpose of the report is to provide organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among security experts in CSA community about the most significant security issues in the cloud.//
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/k6td/|https://CloudSecurityAlliance.fr/go/k6td/]]'' /%
https://docs.google.com/document/d/103LYX3FlL1T_WCDWH59ClDaCHp8SqBERDsxme8gn63I/edit?usp=sharing
%/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #70|2020.06.28 - Newsletter Hebdomadaire #70]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #70|2020.06.28 - Weekly Newsletter - #70]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.06.28 - Newsletter Hebdomadaire #70]]>> |<<tiddler [[2020.06.28 - Weekly Newsletter - #70]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 22 au 28 juin 2020
!!1 - Informations CSA - 22 au 28 juin 2020
* Agenda du "CSA Federal Summit 2020" virtuel, les 5 mercredi de juillet+++*[»]> <<tiddler [[2020.06.27 - Agenda du 'CSA Federal Summit 2020']]>>===
* Vidéos d'aide à la préparation du CCSK+++*[»]> <<tiddler [[2020.06.24 - Vidéos d'aide à la préparation du CCSK]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.06.28 - Veille Hebdomadaire - 28 juin]] avec plus de 70 liens
* __''À lire''__
** Point de vue de Francoise Gilbert sur les recommandations de la FTC pour la sécurisation du Cloud+++*[»]
|2020.06.28|Francoise Gilbert|![[FTC Guidance - Six Steps Towards More Secure Cloud Computing|https://www.francoisegilbert.com/?p=1491]] |FTC Recommendations|
|2020.06.15|FTC| → [[Six steps toward more secure cloud computing|https://www.ftc.gov/news-events/blogs/business-blog/2020/06/six-steps-toward-more-secure-cloud-computing]]|FTC Recommendations|
===
* __Attaques__
** L'attaque SYLKin contourne les mécanismes de sécurité de Microsoft+++*[»]
|2020.06.25|//Avanan//|[[SYLKin Attack: New Malicious .slk files are bypassing Microsoft 365 Security, Risking 200M+ Users|https://www.avanan.com/blog/sylkin-attack-bypassing-microsoft-365-security-risking-users]]|M365 Attack|
===
** Docker: cible de botnets et de cryptomineurs+++*[»]
|2020.06.22|//TrendMicro//|[[XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers|https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/]]|Malware Docker|
|2020.06.23|Security Week| → [[XORDDoS, Kaiji DDoS Botnets Target Docker Servers|https://www.securityweek.com/xorddos-kaiji-ddos-botnets-target-docker-servers]]|Malware Docker|
|2020.06.26|//Aqua Security//|[[Threat Alert: DzMLT has Hidden Cryptominers in Container Images|https://blog.aquasec.com/container-vulnerability-dzmlt-dynamic-container-analysis]]|Container Flaw|
|2020.06.25|//Palo Alto Networks//|![[Attackers Cryptojacking Docker Images to Mine for Monero|https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/]] |Docker Cryptojacking|
|2020.06.26|Container Journal| → [[Docker Hub Distributing Cryptomining Malware?|https://containerjournal.com/topics/container-security/docker-hub-distributing-cryptomining-malware/]]|Cryptomining Docker|
|2020.06.29|GBHackers on Security| → [[Hackers Abusing Docker Hub Account to Mine Monero Cryptocurrency|https://gbhackers.com/docker-hub-account/]]|Cryptomining Docker|
===
** Akamai repousse le plus gros DDoS enregistré à ce jour+++*[»]
|2020.06.25|//Akamai//|[[Largest Ever Recorded Packet Per Second-Based DDoS Attack Mitigated by Akamai|https://blogs.akamai.com/2020/06/largest-ever-recorded-packet-per-secondbased-ddos-attack-mitigated-by-akamai.html]]|Attacks DDoS|
|2020.06.25|Bleeping Computer| → [[European bank suffers biggest PPS DDoS attack, new botnet suspected|https://www.bleepingcomputer.com/news/security/european-bank-suffers-biggest-pps-ddos-attack-new-botnet-suspected/]]|Attacks DDoS|
|2020.06.25|//The SSL Store//| → [[The Largest DDoS Attack in history just happened... and it didn't work|https://www.thesslstore.com/blog/largest-ddos-attack-in-history/]]|Attacks DDoS|
===
* Études
** ''The State Of Cloud Native Security'' par Palo Alto Networks+++*[»]
|2020.06.24|//Palo Alto Networks//|![[Mapping the Cloud Native Security Genome|https://blog.paloaltonetworks.com/2020/06/cloud-native-security-genome/]] |Report|
|2020.06.24|//Palo Alto Networks//| → [[The State Of Cloud Native Security|https://www.paloaltonetworks.com/state-of-cloud-native-security]]|Report|
===
* __Acquisitions__
** ''CyberX'' par ''Microsoft''+++*[»]
|2020.06.22|//Microsoft//|[[Microsoft acquires CyberX to accelerate and secure customers' IoT deployments|https://www.microsoft.com/security/blog/2020/06/22/microsoft-acquires-cyberx-accelerate-customers-iot-deployments/]] ([[détails|https://blogs.microsoft.com/?p=52559045]])|Acquisitions|
|2020.06.22|//CyberX//| → [[Microsoft Acquires CyberX|https://cyberx-labs.com/blog/microsoft-acquires-cyberx/]] ([[détails|https://cyberx-labs.com/press-releases/microsoft/]])|Acquisitions|
|2020.06.22|Security Week| → [[Microsoft Acquires Industrial Cybersecurity Company CyberX|https://www.securityweek.com/microsoft-acquires-industrial-cybersecurity-company-cyberx]]|Acquisitions|
|2020.06.22|MSSP Alert| → [[Microsoft Acquires CyberX; Azure Cloud Gains IoT Security Services|https://www.msspalert.com/investments/microsoft-acquires-cyberx/]]|Acquisitions|
|2020.06.22|Redmond Channel| → [[Microsoft's CyberX Acquisition Boosts Security of Azure IoT Lineup|https://rcpmag.com/articles/2020/06/22/microsoft-cyberx-acquisition.aspx]]|Acquisition|
===
* __Divers__
** Podcast : Comment devenir un ingénieur "Cloud et Sécurité" en 2020+++*[»]>
|2020.06.28|Cloud Security Podcast|![[How To Become A Cloud Security Engineer in 2020 - Including Top Certifications|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-BECOME-A-CLOUD-SECURITY-ENGINEER-in-2020--Including-Top-Certifications-eg1cek]] ([[transcription|https://www.cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-become-a-cloud-security-engineer]]) |Podcast|
===
** API : checklist de sécurité+++*[»]
|2020.06.26|//Cloud Management Insider//|[[How APIs Are Simplifying The Cloud Environment?|https://www.cloudmanagementinsider.com/how-apis-are-simplifying-the-cloud-environment/]]|APIs|
|2020.06.23|//Cloud Vector//|[[API Security Checklist: Part 2|https://www.cloudvector.com/api-security-checklist-part-2/]] (2/2)|APIs|
|2020.05.12|//Cloud Vector//| → [[API Security Checklist: Secure API Design|https://www.cloudvector.com/api-security-checklist-secure-api-design/]] (1/2)|APIs|
===
** Stockage dans le Cloud et forensique+++*[»]
|2020.06.23|SANS DFIR|![[Cloud Storage Forensics Endpoint Evidence|https://www.youtube.com/watch?v=vgmKUGuMi7c]] (66 min.) |Forensics Video|
===
** Azure: comment est géré Azure.com; avantages et inconvénients de la gouvernance et des outils; Azure Security Center; SIEM+++*[»]
|2020.06.24|//Microsoft//|[[Feeling fatigued? Cloud-based SIEM relieves security team burnout - Microsoft Security|https://www.microsoft.com/security/blog/2020/06/24/cloud-based-siem-security-team-burnout/]]|SIEM|
|2020.06.24|//Microsoft Azure//|![[Azure.com operates on Azure part 1: Design principles and best practices|https://azure.microsoft.com/blog/azurecom-operates-on-azure-part-1-design-principles-and-best-practices/]] (1/2) |Azure Design|
|2020.06.24|//Microsoft Azure//|![[How Azure.com operates on Azure part 2: Technology and architecture|https://azure.microsoft.com/blog/how-azurecom-operates-on-azure-part-2-technology-and-architecture/]] (2/2) |Azure Architecture|
|2020.06.24|//Microsoft Azure//|[[Deploy to Azure Container Instances with Docker Desktop|https://azure.microsoft.com/blog/deploy-to-azure-container-instances-with-docker-desktop/]]|Azure Docker|
|2020.06.24|//Microsoft Azure//|[[Stay ahead of attacks with Azure Security Center|https://azure.microsoft.com/blog/stay-ahead-of-attacks-with-azure-security-center/]] ([[inscription|https://info.microsoft.com/Stay-Ahead-of-Attacks-with-Azure-Security-Center-Registration.html?ocid=AID3011167_QSG_BLOG_411853]])|Azure Products Webinar|
|2020.06.23|Nino Crudele|[[Azure Governance and Tools - Pros and Cons|https://ninocrudele.com/azure-governance-and-tools-pros-and-cons]]|Azure Governance|
===
** AWS: modèle d'accreditation+++*[»]
|2020.06.22|//AWS//|[[Accreditation models for secure cloud adoption|https://aws.amazon.com/blogs/security/accreditation-models-for-secure-cloud-adoption/]] ([[pdf|https://d1.awsstatic.com/whitepapers/accreditation-models-for-secure-cloud-adoption.pdf]])|Accreditation|
===
** GCP: automatiser la réponse à un événement+++*[»]
|2020.06.24|//Google Cloud//|[[Automate your response to a Cloud Logging event|https://cloud.google.com/blog/products/management-tools/automate-your-response-to-a-cloud-logging-event/]]|Logging|
===
** Kubernetes: bonnes practices; menaces+++*[»]
|2020.06.25|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 1 - Initial Access|https://www.stackrox.com/post/2020/06/protecting-against-kubernetes-threats-chapter-1-initial-access/]] (1/9) |Kubernetes Threats|
|2020.06.24|DZone|[[Kubernetes Security: don't Forget These Best Practices|https://dzone.com/articles/kubernetes-security-dont-forget-these-best-practic]]|K8s Best_Practices|
===
** Sécurité des données et SaaS (3/4)+++*[»]
|2020.06.22|//Securosis//|![[Data Security in the SaaS Age: Thinking Small|https://securosis.com/blog/data-security-in-the-saas-age-thinking-small]] (3/4) |SaaS|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K6S/|https://CloudSecurityAlliance.fr/go/K6S/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - June 22nd to 28th, 2020[>img[iCSF/inEnglish.png]]
!!1 - CSA News and Updates - June 22nd to 28th, 2020
* Virtual 'CSA Federal Summit 2020' agenda - all 5 Wednesdays in July+++*[»]> <<tiddler [[2020.06.27 - Agenda du 'CSA Federal Summit 2020']]>>===
* Complementary videos to prepare for the CCSK exam+++*[»]> <<tiddler [[2020.06.24 - Vidéos d'aide à la préparation du CCSK]]>>===
!!2 - Cloud and Security News Watch
[[Over 70 links|2020.06.28 - Veille Hebdomadaire - 28 juin]]
* __''Must read''__
** Francoise Gilbert's comments on the FTC Guidance towards more secure Cloud Computing+++*[»]
|2020.06.28|Francoise Gilbert|![[FTC Guidance - Six Steps Towards More Secure Cloud Computing|https://www.francoisegilbert.com/?p=1491]] |FTC Recommendations|
|2020.06.15|FTC| → [[Six steps toward more secure cloud computing|https://www.ftc.gov/news-events/blogs/business-blog/2020/06/six-steps-toward-more-secure-cloud-computing]]|FTC Recommendations|
===
* __Attacks__
** SYLKin attack bypasses Microsoft 365 Security+++*[»]
|2020.06.25|//Avanan//|[[SYLKin Attack: New Malicious .slk files are bypassing Microsoft 365 Security, Risking 200M+ Users|https://www.avanan.com/blog/sylkin-attack-bypassing-microsoft-365-security-risking-users]]|M365 Attack|
===
** Docker: Botnet malware variants; Cryptominers+++*[»]
|2020.06.22|//TrendMicro//|[[XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers|https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/]]|Malware Docker|
|2020.06.23|Security Week| → [[XORDDoS, Kaiji DDoS Botnets Target Docker Servers|https://www.securityweek.com/xorddos-kaiji-ddos-botnets-target-docker-servers]]|Malware Docker|
|2020.06.26|//Aqua Security//|[[Threat Alert: DzMLT has Hidden Cryptominers in Container Images|https://blog.aquasec.com/container-vulnerability-dzmlt-dynamic-container-analysis]]|Container Flaw|
|2020.06.25|//Palo Alto Networks//|![[Attackers Cryptojacking Docker Images to Mine for Monero|https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/]] |Docker Cryptojacking|
|2020.06.26|Container Journal| → [[Docker Hub Distributing Cryptomining Malware?|https://containerjournal.com/topics/container-security/docker-hub-distributing-cryptomining-malware/]]|Cryptomining Docker|
|2020.06.29|GBHackers on Security| → [[Hackers Abusing Docker Hub Account to Mine Monero Cryptocurrency|https://gbhackers.com/docker-hub-account/]]|Cryptomining Docker|
===
** Akamai mitigates the largest DDoS attack so far+++*[»]
|2020.06.25|//Akamai//|[[Largest Ever Recorded Packet Per Second-Based DDoS Attack Mitigated by Akamai|https://blogs.akamai.com/2020/06/largest-ever-recorded-packet-per-secondbased-ddos-attack-mitigated-by-akamai.html]]|Attacks DDoS|
|2020.06.25|Bleeping Computer| → [[European bank suffers biggest PPS DDoS attack, new botnet suspected|https://www.bleepingcomputer.com/news/security/european-bank-suffers-biggest-pps-ddos-attack-new-botnet-suspected/]]|Attacks DDoS|
|2020.06.25|//The SSL Store//| → [[The Largest DDoS Attack in history just happened... and it didn't work|https://www.thesslstore.com/blog/largest-ddos-attack-in-history/]]|Attacks DDoS|
===
* __Reports and Surveys__
** ''The State Of Cloud Native Security'' by Palo Alto Networks+++*[»]
|2020.06.24|//Palo Alto Networks//|![[Mapping the Cloud Native Security Genome|https://blog.paloaltonetworks.com/2020/06/cloud-native-security-genome/]] |Report|
|2020.06.24|//Palo Alto Networks//| → [[The State Of Cloud Native Security|https://www.paloaltonetworks.com/state-of-cloud-native-security]]|Report|
===
* __Acquisitions__
** ''CyberX'' by ''Microsoft''+++*[»]
|2020.06.22|//Microsoft//|[[Microsoft acquires CyberX to accelerate and secure customers' IoT deployments|https://www.microsoft.com/security/blog/2020/06/22/microsoft-acquires-cyberx-accelerate-customers-iot-deployments/]] ([[détails|https://blogs.microsoft.com/?p=52559045]])|Acquisitions|
|2020.06.22|//CyberX//| → [[Microsoft Acquires CyberX|https://cyberx-labs.com/blog/microsoft-acquires-cyberx/]] ([[détails|https://cyberx-labs.com/press-releases/microsoft/]])|Acquisitions|
|2020.06.22|Security Week| → [[Microsoft Acquires Industrial Cybersecurity Company CyberX|https://www.securityweek.com/microsoft-acquires-industrial-cybersecurity-company-cyberx]]|Acquisitions|
|2020.06.22|MSSP Alert| → [[Microsoft Acquires CyberX; Azure Cloud Gains IoT Security Services|https://www.msspalert.com/investments/microsoft-acquires-cyberx/]]|Acquisitions|
|2020.06.22|Redmond Channel| → [[Microsoft's CyberX Acquisition Boosts Security of Azure IoT Lineup|https://rcpmag.com/articles/2020/06/22/microsoft-cyberx-acquisition.aspx]]|Acquisition|
===
* __Miscellaneous__
** Podcast: How To Become A Cloud Security Engineer in 2020+++*[»]>
|2020.06.28|Cloud Security Podcast|![[How To Become A Cloud Security Engineer in 2020 - Including Top Certifications|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-BECOME-A-CLOUD-SECURITY-ENGINEER-in-2020--Including-Top-Certifications-eg1cek]] ([[transcription|https://www.cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-become-a-cloud-security-engineer]]) |Podcast|
===
** API Security Checklist+++*[»]
|2020.06.26|//Cloud Management Insider//|[[How APIs Are Simplifying The Cloud Environment?|https://www.cloudmanagementinsider.com/how-apis-are-simplifying-the-cloud-environment/]]|APIs|
|2020.06.23|//Cloud Vector//|[[API Security Checklist: Part 2|https://www.cloudvector.com/api-security-checklist-part-2/]] (2/2)|APIs|
|2020.05.12|//Cloud Vector//| → [[API Security Checklist: Secure API Design|https://www.cloudvector.com/api-security-checklist-secure-api-design/]] (1/2)|APIs|
===
** Cloud Storage Forensics Endpoint Evidence+++*[»]
|2020.06.23|SANS DFIR|![[Cloud Storage Forensics Endpoint Evidence|https://www.youtube.com/watch?v=vgmKUGuMi7c]] (66 min.) |Forensics Video|
===
** Azure: How Azure.com operates on Azure; Pros and Cons of Governance and Tools; Azure Security Center; SIEM+++*[»]
|2020.06.24|//Microsoft//|[[Feeling fatigued? Cloud-based SIEM relieves security team burnout - Microsoft Security|https://www.microsoft.com/security/blog/2020/06/24/cloud-based-siem-security-team-burnout/]]|SIEM|
|2020.06.24|//Microsoft Azure//|![[Azure.com operates on Azure part 1: Design principles and best practices|https://azure.microsoft.com/blog/azurecom-operates-on-azure-part-1-design-principles-and-best-practices/]] (1/2) |Azure Design|
|2020.06.24|//Microsoft Azure//|![[How Azure.com operates on Azure part 2: Technology and architecture|https://azure.microsoft.com/blog/how-azurecom-operates-on-azure-part-2-technology-and-architecture/]] (2/2) |Azure Architecture|
|2020.06.24|//Microsoft Azure//|[[Deploy to Azure Container Instances with Docker Desktop|https://azure.microsoft.com/blog/deploy-to-azure-container-instances-with-docker-desktop/]]|Azure Docker|
|2020.06.24|//Microsoft Azure//|[[Stay ahead of attacks with Azure Security Center|https://azure.microsoft.com/blog/stay-ahead-of-attacks-with-azure-security-center/]] ([[inscription|https://info.microsoft.com/Stay-Ahead-of-Attacks-with-Azure-Security-Center-Registration.html?ocid=AID3011167_QSG_BLOG_411853]])|Azure Products Webinar|
|2020.06.23|Nino Crudele|[[Azure Governance and Tools - Pros and Cons|https://ninocrudele.com/azure-governance-and-tools-pros-and-cons]]|Azure Governance|
===
** AWS: Accreditation models+++*[»]
|2020.06.22|//AWS//|[[Accreditation models for secure cloud adoption|https://aws.amazon.com/blogs/security/accreditation-models-for-secure-cloud-adoption/]] ([[pdf|https://d1.awsstatic.com/whitepapers/accreditation-models-for-secure-cloud-adoption.pdf]])|Accreditation|
===
** GCP: Automate your response to a Cloud Logging event+++*[»]
|2020.06.24|//Google Cloud//|[[Automate your response to a Cloud Logging event|https://cloud.google.com/blog/products/management-tools/automate-your-response-to-a-cloud-logging-event/]]|Logging|
===
** Kubernetes: Best practices; Threats+++*[»]
|2020.06.25|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 1 - Initial Access|https://www.stackrox.com/post/2020/06/protecting-against-kubernetes-threats-chapter-1-initial-access/]] (1/9) |Kubernetes Threats|
|2020.06.24|DZone|[[Kubernetes Security: don't Forget These Best Practices|https://dzone.com/articles/kubernetes-security-dont-forget-these-best-practic]]|K8s Best_Practices|
===
** Data Security in the SaaS Age (3/4)+++*[»]
|2020.06.22|//Securosis//|![[Data Security in the SaaS Age: Thinking Small|https://securosis.com/blog/data-security-in-the-saas-age-thinking-small]] (3/4) |SaaS|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K6S/|https://CloudSecurityAlliance.fr/go/K6S/]] |
<<tiddler [[arOund0C]]>>
|!Juin|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.06.28|
|2020.06.28|Marco Lancini|[[The Cloud Security Reading List #43|https://cloudseclist.com/issues/issue-43/]] |Weekly_Newsletter|
|2020.06.28|Francoise Gilbert|![[FTC Guidance - Six Steps Towards More Secure Cloud Computing|https://www.francoisegilbert.com/?p=1491]] |FTC Recommendations|
|2020.06.15|FTC| → [[Six steps toward more secure cloud computing|https://www.ftc.gov/news-events/blogs/business-blog/2020/06/six-steps-toward-more-secure-cloud-computing]]|FTC Recommendations|
|2020.06.28|Cloud Security Podcast|![[How To Become A Cloud Security Engineer in 2020 - Including Top Certifications|https://anchor.fm/cloudsecuritypodcast/episodes/HOW-TO-BECOME-A-CLOUD-SECURITY-ENGINEER-in-2020--Including-Top-Certifications-eg1cek]] ([[transcription|https://www.cloudsecuritypodcast.tv/listen-to-the-episodes/how-to-become-a-cloud-security-engineer]]) |Podcast|
|2020.06.28|Keith Rozario|[[Access Keys in AWS Lambda Functions|https://www.keithrozario.com/2020/06/access-keys-in-aws-lambda.html]]|AWS IAM|
|>|>|>|!2020.06.27|
|2020.06.27|Jan Harrie|[[Verify your Kubernetes Cluster Network Policies: From Faith to Proof|https://blog.nody.cc/posts/2020-06-kubernetes-network-policy-verification/]] |K8s Policies|
|2020.06.27|//Prosica//[>img[iCSF/flag_fr.png]]|[[Certifications Cloud (vidéo)|https://youtu.be/ndbLnjx1BE4]]|Certifications|
|>|>|>|!2020.06.26|
|2020.06.26|International Electrotechnical Commission (IEC)|[[ISO/IEC TR 23951:2020: Information technology - Cloud computing - Guidance for using the cloud SLA metric model|https://webstore.iec.ch/publication/67267]] ([[table des matières (pdf)|https://webstore.iec.ch/preview/info_isoiectr23951%7Bed1.0%7Den.pdf]])|Norm|
|2020.06.26|VPN Mentor|[[Report: Domestic Abuse Prevention App Exposes Victims in Massive Data Breach|https://www.vpnmentor.com/blog/report-aspire-news-app-breach/]]|Data_Breach AWS_S3|
|2020.06.26|CSO Online|[[How do you secure the cloud? New data points a way|https://www.csoonline.com/article/3221388/how-do-you-secure-the-cloud-new-data-points-a-way.html]]|Reports|
|2020.06.26|SANS@MIC Talk|[[SEC510: Multicloud Security Assessment and Defense|https://www.youtube.com/watch?v=RlmXJXGO-GE]] (vidéo)|Training|
|2020.06.26|//Cloud Management Insider//|[[How APIs Are Simplifying The Cloud Environment?|https://www.cloudmanagementinsider.com/how-apis-are-simplifying-the-cloud-environment/]]|APIs|
|2020.06.26|//Aqua Security//|[[Threat Alert: DzMLT has Hidden Cryptominers in Container Images|https://blog.aquasec.com/container-vulnerability-dzmlt-dynamic-container-analysis]]|Container Flaw|
|2020.06.26|//Alcide//|[[Kubernetes, OPA Gatekeeper, Alcide and Your Cluster Security|https://blog.alcide.io/kubernetes-opa-gatekeeper-alcide-and-your-cluster-security]]|Products|
|2020.06.26|//Sumo Logic//|[[2020 State of SecOps and Automation Report|https://www.sumologic.com/brief/state-of-secops/]]|Report SecOps|
|2020.06.26|//NeuVector//|[[What is a software defined perimeter (SDP) and how is it different from zero trust network access (ZTNA)?|https://www.netmotionsoftware.com/blog/mobility/what-is-a-software-defined-perimeter-sdp-and-how-is-it-different-from-zero-trust-network-access-ztna]]|SDP Zero_Trust|
|>|>|>|!2020.06.25|
|2020.06.25|John Kinsella|[[What Modern CI/CD Should Look Like|https://theresnomon.co/what-modern-ci-cd-should-look-like-e6f50594c2d2?gi=28e41c2a1902]]|CI/CD AWS Azure GCP|
|2020.06.25|GEANT|[[Top Six Cloud Myths Debunked|https://clouds.geant.org/resources/cloud-architecture/top-six-cloud-myths-debunked/]]|Myths|
|2020.06.25|Gartner|[[Gartner Forecasts Strong Revenue Growth for Global Container Management Software and Services Through 2024|https://www.gartner.com/en/newsroom/press-releases/2020-06-25-gartner-forecasts-strong-revenue-growth-for-global-co]]|Gartner containers Market|
|2020.06.25|Gartner| → [[Forecast Analysis: Container Management (Software and Services), Worldwide|https://www.gartner.com/document/3985796]] (rapport payant)|Gartner containers Market|
|2020.06.25|Silicon Angle| → [[Gartner says container adoption will grow rapidly, but it won't be that profitable|https://siliconangle.com/2020/06/25/gartner-says-container-adoption-will-grow-rapidly-wont-profitable/]]|Gartner containers Market|
|2020.06.25|CBR Online|[[IBM Cloud Outage: Another Wobble Raises Resilience Concerns|https://www.cbronline.com/news/ibm-cloud-issues-redux]]|Outage|
|2020.06.25|//Akamai//|[[Largest Ever Recorded Packet Per Second-Based DDoS Attack Mitigated by Akamai|https://blogs.akamai.com/2020/06/largest-ever-recorded-packet-per-secondbased-ddos-attack-mitigated-by-akamai.html]]|Attacks DDoS|
|2020.06.25|Bleeping Computer| → [[European bank suffers biggest PPS DDoS attack, new botnet suspected|https://www.bleepingcomputer.com/news/security/european-bank-suffers-biggest-pps-ddos-attack-new-botnet-suspected/]]|Attacks DDoS|
|2020.06.25|Security Week| → [[Akamai Mitigates Record 809 MPPS DDoS Attack|https://www.securityweek.com/akamai-mitigates-record-809-mpps-ddos-attack]]|DDoS|
|2020.06.25|//The SSL Store//| → [[The Largest DDoS Attack in history just happened... and it didn't work|https://www.thesslstore.com/blog/largest-ddos-attack-in-history/]]|Attacks DDoS|
|2020.06.25|//Palo Alto Networks//|![[Attackers Cryptojacking Docker Images to Mine for Monero|https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/]] |Docker Cryptojacking|
|2020.06.26|Container Journal| → [[Docker Hub Distributing Cryptomining Malware?|https://containerjournal.com/topics/container-security/docker-hub-distributing-cryptomining-malware/]]|Cryptomining Docker|
|2020.06.29|GBHackers on Security| → [[Hackers Abusing Docker Hub Account to Mine Monero Cryptocurrency|https://gbhackers.com/docker-hub-account/]]|Cryptomining Docker|
|2020.06.25|//Avanan//|[[SYLKin Attack: New Malicious .slk files are bypassing Microsoft 365 Security, Risking 200M+ Users|https://www.avanan.com/blog/sylkin-attack-bypassing-microsoft-365-security-risking-users]]|M365 Attack|
|2020.06.25|//Kaspersky//|[[How to secure DevOps|https://www.kaspersky.com/blog/devops-security-hybrid/36021/]]|DevSecOps|
|2020.06.25|//Expel//|[[So you've got a multi-cloud strategy; here's how to navigate four common security challenges posts|https://expel.io/blog/multi-cloud-strategy-four-security-challenges/]]|Challenges|
|2020.06.25|//AT&T//|[[SD-WAN security explained|https://cybersecurity.att.com/blogs/security-essentials/sd-wan-security-explained]]|SD-WAN|
|2020.06.25|//StackRox//|![[Protecting Against Kubernetes Threats: Chapter 1 - Initial Access|https://www.stackrox.com/post/2020/06/protecting-against-kubernetes-threats-chapter-1-initial-access/]] (1/9) |Kubernetes Threats|
|2020.06.25|//LogRhythm//|[[SOAR: The Answer to the Cybersecurity Skills Gap and a Future in the Cloud|https://logrhythm.com/in-the-news/soar-the-answer-to-the-cybersecurity-skills-gap-and-a-future-in-the-cloud/]]|SOAR|
|2020.06.25|//TrendMicro//|[[8 Cloud Myths Debunked|https://blog.trendmicro.com/8-cloud-myths-debunked/]] (infographie)|Myths|
|2020.06.25|//Microsoft Azure//|[[Announcing Azure Service Operator for Kubernetes|https://cloudblogs.microsoft.com/opensource/2020/06/25/announcing-azure-service-operator-kubernetes/]]|Azure Kubernetes|
|2020.06.25|//Microsoft Azure//| → [[Service Operator for Kubernetes|http://aka.ms/azure-service-operator]] et [[code du projet sur GitHub|http://aka.ms/azure-service-operator]]|Azure Kubernetes|
|2020.06.25|//Cofence//|[["You're Invited!" to Phishing Links Inside .ics Calendar Attachments|https://cofense.com/youre-invited-phishing-links-inside-ics-calendar-attachments/]]|M365 Phihsing|
|2020.06.25|//Google Cloud//|[[Overview of logs exports|https://cloud.google.com/logging/docs/export]]|GCP Logging|
|2020.06.25|//PureID//|[[Making AWS Console Passwordless|https://www.pureid.io/making-aws-console-passwordless/]]|Products AWS SAML|
|2020.06.25|//Magalix//|[[How To Enforce Kubernetes Network Security Policies Using OPA|https://www.magalix.com/blog/how-to-enforce-kubernetes-network-security-policies-using-opa]]|K8s Policies OPA|
|>|>|>|!2020.06.24|
|2020.06.24|//Lexing//[>img[iCSF/flag_fr.png]]|![[Gaia-X : les lignes directrices du cloud souverain européen dévoilées|https://www.alain-bensoussan.com/avocats/gaia-x-les-lignes-directrices-du-cloud-souverain-europeen-devoilees/2020/06/24/]] |GAIA-X Europe|
|2020.06.24|Journal du Net[>img[iCSF/flag_fr.png]]|[[Cloud privé : OVHCloud sacré leader en Europe devant Atos et Orange |https://www.journaldunet.com/web-tech/cloud/1492369-cloud-prive-ovhcloud-sacre-leader-en-europe-devant-atos-et-orange/]]|Market_Shares France|
|2020.06.24|TL;DR Security|[[#40 - Uber's Continuous AWS Monitoring, AWS's Hands-off Deployments, Auto-remove Unneeded Feature Flags|https://tldrsec.com/blog/tldr-sec-040/]] |Weekly_Newsletter|
|2020.06.24|IIROC|[[Cybersecurity - Cloud Services and Application Programming Interfaces (pdf)|https://www.iiroc.ca/Documents/2020/f250c326-e158-4576-b9e5-2928f4e09d41_en.pdf]]|Awareness|
|2020.06.24|NCSC UK|[[Why cloud first is not a security problem|https://www.ncsc.gov.uk/blog-post/why-cloud-first-is-not-a-security-problem]]|Misc|
|2020.06.24|TL;DR Sec|[[How Uber Continuously Monitors the Security of its AWS Environment|https://tldrsec.com/blog/uber-aws-continuous-monitoring/]] références [[1|https://medium.com/@ubersecurity/part-1-aws-continuous-monitoring-f39f81ea6801]] et [[2|https://medium.com/@ubersecurity/part-2-aws-monitoring-case-studies-9fbc613aff28]]|AWS Monitoring|
|2020.06.24|DZone|[[Kubernetes Security: don't Forget These Best Practices|https://dzone.com/articles/kubernetes-security-dont-forget-these-best-practic]]|K8s Best_Practices|
|2020.06.24|DZone|[[A Modern Approach to Cloud Security|https://dzone.com/articles/a-modern-approach-to-cloud-security]]|Misc|
|2020.06.24|BetaNews|[[New application security analyzer helps prevent breaches across cloud services|https://betanews.com/2020/06/24/application-security-analyzer/]]|Products|
|2020.06.24|Thomas Naunheim|[[Security considerations of Azure EA management and potential privilege escalation|https://www.cloud-architekt.net/azure-ea-management-security-considerations/]]|Azure Analysis|
|2020.06.24|E Hacking News|[[Experts discovered phishing emails in Office 365 accounts|https://www.ehackingnews.com/2020/06/experts-discovered-phishing-emails-in.html]]|O365 Phishing|
|2020.06.25|A Cloud Guru|![[Fixing 5 Common AWS IAM Errors|https://info.acloud.guru/resources/fixing-5-common-aws-iam-errors]] |AWS IAM|
|2020.06.24|TechTarget|[[How Azure, AWS, Google handle data destruction in the cloud|https://searchcloudsecurity.techtarget.com/feature/How-Azure-AWS-Google-handle-data-destruction-in-the-cloud]] |Data_Destruction|
|2020.06.24|//Security Intelligence//|[[Visibility and Threat Detection in a Remote Working World|https://securityintelligence.com/posts/visibility-threat-detection-remote-work/]]|Remote_Working Detection|
|2020.06.24|//Security Intelligence//|[[Three Approaches to Cybersecurity Planning for Post-Pandemic Cloud Adoption|https://securityintelligence.com/posts/cybersecurity-planning-post-pandemic-cloud-adoption/]]|Misc|
|2020.06.24|//Palo Alto Networks//|![[Mapping the Cloud Native Security Genome|https://blog.paloaltonetworks.com/2020/06/cloud-native-security-genome/]] |Report|
|2020.06.24|//Palo Alto Networks//| → [[The State Of Cloud Native Security|https://www.paloaltonetworks.com/state-of-cloud-native-security]]|Report|
|2020.06.24|//Microsoft//|[[Feeling fatigued? Cloud-based SIEM relieves security team burnout - Microsoft Security|https://www.microsoft.com/security/blog/2020/06/24/cloud-based-siem-security-team-burnout/]]|SIEM|
|2020.06.24|//Microsoft Azure//|![[Azure.com operates on Azure part 1: Design principles and best practices|https://azure.microsoft.com/blog/azurecom-operates-on-azure-part-1-design-principles-and-best-practices/]] (1/2) |Azure Design|
|2020.06.24|//Microsoft Azure//|![[How Azure.com operates on Azure part 2: Technology and architecture|https://azure.microsoft.com/blog/how-azurecom-operates-on-azure-part-2-technology-and-architecture/]] (2/2) |Azure Architecture|
|2020.06.24|//Microsoft Azure//|[[Deploy to Azure Container Instances with Docker Desktop|https://azure.microsoft.com/blog/deploy-to-azure-container-instances-with-docker-desktop/]]|Azure Docker|
|2020.06.24|//Microsoft Azure//|[[Stay ahead of attacks with Azure Security Center|https://azure.microsoft.com/blog/stay-ahead-of-attacks-with-azure-security-center/]] ([[inscription|https://info.microsoft.com/Stay-Ahead-of-Attacks-with-Azure-Security-Center-Registration.html?ocid=AID3011167_QSG_BLOG_411853]])|Azure Products Webinar|
|2020.06.24|//Google Cloud//|[[Automate your response to a Cloud Logging event|https://cloud.google.com/blog/products/management-tools/automate-your-response-to-a-cloud-logging-event/]]|Logging|
|2020.06.24|//Google Cloud//|[[Detecting and responding to Cloud Logging events in real-time|https://cloud.google.com/blog/products/management-tools/automate-your-response-to-a-cloud-logging-event]]|GCP Logging|
|2020.06.24|//Google Cloud//|[[Google Cloud services that are in scope for Google Cloud Platform's ISO/IEC 27701 certification|https://cloud.google.com/security/compliance/iso-27701]]|GCP Compliance ISO_27701|
|2020.06.24|//Amazon AWS//|[[What is a cyber range and how do you build one on AWS?|https://aws.amazon.com/blogs/security/what-is-cyber-range-how-do-you-build-one-aws/]]|Exercise|
|2020.06.24|//Cloudonaut//|[[Containers vs. Serverless: Thoughts About Your Cloud Strategy|https://cloudonaut.io/containers-vs-serverless-cloud-strategy/]]|Containers Serverless|
|2020.06.26|//Baker Tilly//|![[Developing and implementing an effective breach response plan|https://www.bakertilly.com/insights/developing-and-implementing-an-effective-breach-response-plan/]] |Breach Response_Plan|
|2020.06.24|//Security Intelligence//|[[Three Approaches to Cybersecurity Planning for Post-Pandemic Cloud Adoption|https://securityintelligence.com/posts/cybersecurity-planning-post-pandemic-cloud-adoption/]]||
|2020.06.24|//Amazon AWS//|[[Managing backups at scale in your AWS Organizations using AWS Backup|https://aws.amazon.com/blogs/storage/managing-backups-at-scale-in-your-aws-organizations-using-aws-backup/]]||
|>|>|>|!2020.06.23|
|2020.06.23|ZDnet[>img[iCSF/flag_fr.png]]|[[Health Data Hub : Azure aura de la concurrence|https://www.zdnet.fr/actualites/health-data-hub-azure-aura-de-la-concurrence-39905613.htm]]|Healthcare France|
|2020.06.23|SANS DFIR|![[Cloud Storage Forensics Endpoint Evidence|https://www.youtube.com/watch?v=vgmKUGuMi7c]] (66 min.) |Forensics Video|
|2020.06.23|Nino Crudele|[[Azure Governance and Tools - Pros and Cons|https://ninocrudele.com/azure-governance-and-tools-pros-and-cons]]|Azure Governance|
|2020.06.23|MSP Alliance|[[Negotiating Public Cloud Agreements|https://mspalliance.com/negotiating-public-cloud-agreements/]]|SLAs|
|2020.06.23|YoKo Kho|[[From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration|https://medium.com/bugbountywriteup/from-recon-to-bypassing-mfa-implementation-in-owa-by-using-ews-misconfiguration-b6a3518b0a63]]|Attack Analysis EWS MFA|
|2020.06.23|Computer Weekly|[[How to apply zero-trust models to container security|https://www.computerweekly.com/feature/How-to-apply-zero-trust-models-to-container-security]]|Containers Zero_Trust|
|2020.06.23|Computer Weekly|[[Gartner: Are the real cloud wars about to begin?|https://www.computerweekly.com/opinion/Gartner-Are-the-real-cloud-wars-about-to-begin]]|Misc|
|2020.06.23|IT Next|[[Implementing LDAP authentication for Kubernetes - ITNEXT|https://itnext.io/implementing-ldap-authentication-for-kubernetes-732178ec2155]]|K8s LDAP|
|2020.06.23|//Microsoft Azure//|[[Azure Container Registry: Securing container workflows|https://azure.microsoft.com/blog/azure-container-registry-securing-container-workflows/]]|Azure_Container_Registry|
|2020.06.23|//FireEye//|[[Clouds Are Secure, Are You Using Them Securely?|http://www.fireeye.com/blog/executive-perspective/2020/06/clouds-are-secure-are-you-using-them-securely.html]]|Misc|
|2020.06.23|//Symantec//|[[Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sodinokibi-ransomware-cobalt-strike-pos]]|Ransomware|
|2020.06.26|CBR Online| →[[This Ransomware Campaign is Being Orchestrated from the Cloud|https://www.cbronline.com/news/ransomware-cloudfront]] ([[IOC|https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sodinokibi-ransomware-cobalt-strike-pos]])|Ransomware|
|2020.06.23|//Cloud Vector//|[[API Security Checklist: Part 2|https://www.cloudvector.com/api-security-checklist-part-2/]] (2/2)|APIs|
|2020.05.12|//Cloud Vector//| → [[API Security Checklist: Secure API Design|https://www.cloudvector.com/api-security-checklist-secure-api-design/]] (1/2)|APIs|
|2020.06.23|//Veracode//|[[Making a Case for the Cloud: Customers Give Their Honest Feedback of SaaS-Based AppSec|https://www.veracode.com/blog/managing-appsec/making-case-cloud-customers-give-their-honest-feedback-saas-based-appsec]]|SaaS|
|>|>|>|!2020.06.22|
|2020.06.22|TechBeacon|[[Cloud misconfigurations and security: 5 ways to avoid your next fail|https://techbeacon.com/security/cloud-misconfigurations-security-5-ways-avoid-your-next-fail]]|Misconfigurations|
|2020.06.22|Cado Security|[[Introducing Cado Cloud Collector - A free tool to forensically image AWS EC2 Instances|https://medium.com/@cloudyforensics/introducing-cado-cloud-collector-a-free-tool-to-forensically-image-aws-ec2-instances-ec831dd00ed7]]|Forensics AWS Tools|
|2020.06.22|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Health Data Hub : le Conseil d'Etat confirme le choix de Microsoft Azure|https://www.silicon.fr/health-data-hub-le-conseil-detat-confirme-le-choix-de-microsoft-azure-341736.html]]|Healthcare France|
|2020.06.22|Dark Reading|![[Cloud Threats and Priorities as We Head Into the Second Half of 2020|https://www.darkreading.com/cloud/cloud-threats-and-priorities-as-we-head-into-the-second-half-of-2020/d/d-id/1338108]] |Threats Context|
|2020.06.22|//AWS//|[[Accreditation models for secure cloud adoption|https://aws.amazon.com/blogs/security/accreditation-models-for-secure-cloud-adoption/]] ([[pdf|https://d1.awsstatic.com/whitepapers/accreditation-models-for-secure-cloud-adoption.pdf]])|Accreditation|
|2020.06.22|//Microsoft//|[[Microsoft acquires CyberX to accelerate and secure customers' IoT deployments|https://www.microsoft.com/security/blog/2020/06/22/microsoft-acquires-cyberx-accelerate-customers-iot-deployments/]] ([[détails|https://blogs.microsoft.com/?p=52559045]])|Acquisitions|
|2020.06.22|//CyberX//| → [[Microsoft Acquires CyberX|https://cyberx-labs.com/blog/microsoft-acquires-cyberx/]] ([[détails|https://cyberx-labs.com/press-releases/microsoft/]])|Acquisitions|
|2020.06.22|Security Week| → [[Microsoft Acquires Industrial Cybersecurity Company CyberX|https://www.securityweek.com/microsoft-acquires-industrial-cybersecurity-company-cyberx]]|Acquisitions|
|2020.06.22|MSSP Alert| → [[Microsoft Acquires CyberX; Azure Cloud Gains IoT Security Services|https://www.msspalert.com/investments/microsoft-acquires-cyberx/]]|Acquisitions|
|2020.06.22|Redmond Channel| → [[Microsoft's CyberX Acquisition Boosts Security of Azure IoT Lineup|https://rcpmag.com/articles/2020/06/22/microsoft-cyberx-acquisition.aspx]]|Acquisition|
|2020.06.22|//Microsoft Azure//|[[Rapid recovery planning for IT service providers|https://azure.microsoft.com/en-us/blog/rapid-recovery-planning-for-it-service-providers/]]|Recovery|
|2020.06.22|//TrendMicro//|[[XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers|https://blog.trendmicro.com/trendlabs-security-intelligence/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers/]]|Malware Docker|
|2020.06.23|Security Week| → [[XORDDoS, Kaiji DDoS Botnets Target Docker Servers|https://www.securityweek.com/xorddos-kaiji-ddos-botnets-target-docker-servers]]||
|2020.06.22|//Securosis//|![[Data Security in the SaaS Age: Thinking Small|https://securosis.com/blog/data-security-in-the-saas-age-thinking-small]] (3/4) |SaaS|
|2020.06.22|//Duo Security//|[[Password Spraying Leads to Compromise of Cloud Identities|https://duo.com/decipher/password-spraying-leads-to-compromise-of-cloud-identities]]|O365 Attacks|
|2020.06.22|//TrendMicro//|[[Knowing your shared security responsibility in Microsoft Azure and avoiding misconfigurations|https://blog.trendmicro.com/azure-avoiding-misconfigurations/]]|Azure Misconfigurations|
|2020.06.22|//Google Cloud//|![[How to use Pub/Sub as a Cloud Monitoring notification channel|https://cloud.google.com/blog/products/management-tools/how-to-use-pubsub-as-a-cloud-monitoring-notification-channel]] |GCP Notification|
|2020.06.22|//Amazon AWS//|[[Accreditation models for secure cloud adoption|https://aws.amazon.com/blogs/security/accreditation-models-for-secure-cloud-adoption/]]|AWS Accreditation|
<<tiddler [[arOund0C]]>>
!Agenda du 'CSA Federal Summit 2020'
[>img(300px,auto)[iCSA/FedSum20.png]]Le ''CSA Federal Summit'' n'aura pas lieu sous la forme prévue cette année, mais en webcast en ligne. L'occasion pour tous de suivre cette conférence.
Les sessions seront diffusées en direct sur le site Brightalk plusieurs mercredis du 1er juillet au 19 août 2020, de 19h à 20h (sauf le 22 juillet : de 20h15 à 21h).
Elles seront ensuite aceesibles depuis le site de Brightalk.
!!1er juillet 2020 à 19h : "Reducing Compliance Costs with DevSecOps Principles in the Hybrid Cloud"
* [>img(200px,auto)[iCSA/K71CF.png]]Intervenant : Daniel Domkowski, Software Delivery Specialist - Red Hat
* Inscription ⇒ [[ici|https://www.brighttalk.com/webcast/10415/419080]]
> //58% of organizations are now viewing security compliance requirements and costs as a barrier to entering new markets. Their only choice is to reinvent their approach to compliance. While the vast majority of enterprises are turning to the public cloud to simplify innovation, 93% are invested in more than one cloud. Considering security models and controls vary widely across public providers, and even more so between the cloud and on-premise environments, the most cost effective approach to compliance is one based on principles and behaviors that are cloud and environment agnostic. Enter DevSecOps in the Hybrid Cloud.//
!!8 juillet 2020 à 19h : "2020 State of Federal Cloud Security: A Practitioner's Perspective"
* [>img(200px,auto)[iCSA/K78CF.png]]Intervenant : Dr. Mari Spina, Principal Cyber Security Engineer - The MITRE Corporation
* Inscription ⇒ [[ici|https://www.brighttalk.com/webcast/10415/421145]]
> //Understanding threats and shared responsibility that all Federal agencies have is key to building confidence in security. How has the government and Industry addressed these challenges and are they making progress? Dr. Spina will build on her assessment from the 2018 and 2019 Federal Summits and talk about success areas and challenges.//
!!15 juillet 2020 à 19h : "Update on FedRAMP"
* [>img(200px,auto)[iCSA/K7FCF.png]]Intervenant : Zach Baldwin, FedRAMP Program Manager for Strategy, Innovation, and Technology - General Services Administration, et une introduction par John Yeoh, Global VP of Research for CSA
* Inscription ⇒ [[ici|https://www.brighttalk.com/webcast/10415/422428]]
> //Mr. Baldwin will define and discuss several new initiatives that FedRAMP is working on in response to feedback for their users including: Open Security Controls Assessment Language (OSCAL), Threat-based Risk Profiling, and Agency Liaison Program. These initiatives are all interrelated and designed to simplify the FedRAMP process, grow the cloud security marketplace and provide guidance to CSPs.//
!!22 juillet 2020 de 20h15 à 21h : "The Resurgence of Cloud"
* [>img(200px,auto)[iCSA/K7MCF.png]]Intervenant : David Cass, Vice President Cyber & IT Risk - Federal Reserve Bank of New York Supervision Group
* Inscription ⇒ [[ici|https://www.brighttalk.com/webcast/10415/421058]]
> {{arOund{FRA}}} //Le Cloud a connu un mouvement de balancier technologique typique de la plupart des technologies innovantes.
Les organisations ont commencé avec le modèle "tout en nuage" pour ensuite prendre du recul et adopter une approche plus modérée. Pourtant, le Cloud continue de prospérer. Sujets abordés :
* Pourquoi les organisations ont-elles des difficultés avec le Cloud ?
* L'importance de la stratégie
* L'impact sur la sécurité, les risques et les programmes de conformité
* L'impact sur les processus et les opérations commerciales.//
> {{arOund{ENG}}} //Cloud has seen the typical technology pendulum swing experienced by most innovative technologies.
Organizations started with the all-in cloud-first model only to have to later step back and take a more moderate approach. Yet cloud continues to thrive. I will discuss:
* Why do organizations struggle with cloud?
* The importance of strategy
* The impact on security, risk and compliance programs
* The impact on business process and operations//
!!29 juillet 2020 à 19h : "Transitioning, Enhancing, and Innovating in the Cloud"
* [>img(200px,auto)[iCSA/K7UCF.png]]Intervenant : John Yeoh, Global Vice President of Research, Cloud Security Alliance
* Inscription ⇒ [[ici|https://www.brighttalk.com/webcast/10415/427982]]
> {{arOund{FRA}}} //Où que vous soyez dans votre parcours vers le nuage, les recherches de la CSA sont disponibles pour aider les organisations à évoluer vers le Cloud, à améliorer la sécurité dans le Cloud et à innover à partir du Cloud grâce à leurs recherches et initiatives reposant sur le consensus. Au cours de cette session, John Yeoh fait le lien entre les dernières recherches du secteur pour offrir des conseils et des idées applicables aux organisations des secteurs privé et public qui utilisent le Cloud pour leur sécurité. Découvrez comment utiliser les ressources qui utilisent les cadres de contrôle de la sécurité dans le Cloud, les rapports sur les principales menaces, et bien plus encore.//
> {{arOund{ENG}}} //Wherever you are in your cloud journey, CSA research is available to help organizations transition to the cloud, enhance security in the cloud, and innovate from the cloud through their consensus-driven research and initiatives. In this session, John Yeoh connects the latest industry research for guidance and insight that is applicable to organizations across multiple cloud security positions from the private and the public sectors. Learn how to utilize resources that leverage cloud security controls frameworks, top threats reports, and more.//
!!19 août 2020 à 19h : "Security Automation Simplified with Open Security Controls Assessment Language"
* [>img(200px,auto)[iCSA/K8JCF.jpg]]Intervenant : ''Dr. Michaela Iorga'', Senior Security Technical Lead for Cloud Computing, National Institute of Standards and Technology (NIST)
* Inscription ⇒ [[ici|https://www.brighttalk.com/webcast/10415/430301]]
> //Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. Additionally, the proliferation of containers and service mesh technologies employed in cloud ecosystems for enhanced portability and security, compels organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. NIST's Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions. Imagine a future where security documentation builds itself, and security management tools from different vendors integrate seamlessly. Security practitioners will spend less time on security documentation, assessments, and adjudication, yet the results of those activities will be more accurate and more easily monitored. OSCAL enables this and more.//
[img(25%,1px)[iCSF/BluePixel.gif]]
__Liens :__
* site de la conférence ⇒ [[cvent.me/bV5Mlr|https://cvent.me/bV5Mlr]]
* site Brightalk pour suivre les présentations ⇒ [["federal-summit-series" sur Brighttalk.com|https://www.brighttalk.com/search/?q=federal-summit-series]]
[>img(200px,auto)[iCSA/K4CCCSK.png]]Le Chapitre ''SoCal/LA'' (South California / Los Angeles) de la [[Cloud Security Alliance]] a organisé en mai et juin 2020 des cours d'aide à la préparation au [[CCSK]].
Animés par Victor Monga+++*[»]> https://linkedin.com/in/victorvirtual === et Aneel Dadlani+++*[»]> https://linkedin.com/in/adadani ===, ils se sont déroulés sur 6 semaines et ont été enregistrés. Ils sont disponibles sur YouTube sous la forme de 6 vidéos d'une durée totale de 3h30.
Ces vidéos d'aide ne se substituent pas au suivi d'une formation officielle, mais peuvent compléter le travail personnel d'apprentissage et de préparation de l'examen CCSK.
En complément, on trouve aussi sur YouTube quelques exemples de questions posées lors d'examens CCSK passés, comme sur la chaine de SkillCertPro (10 questions).
|!Dates|!Sources|!Titres et Liens|!Tags|
|2020.05.01|CSA SoCal/LA Chapter|[[Module 1 (24 min.)|https://www.youtube.com/watch?v=4W0GmeRrbfk]]|CCSK|
|2020.05.08|CSA SoCal/LA Chapter|[[Module 2 (19 min.)|https://www.youtube.com/watch?v=oLLijwmK534]]|CCSK|
|2020.05.15|CSA SoCal/LA Chapter|[[Module 3 (22 min.)|https://www.youtube.com/watch?v=nC6n4Dc6RyA]]|CCSK|
|2020.05.22|CSA SoCal/LA Chapter|[[Module 4 (39 min.)|https://www.youtube.com/watch?v=KYso_pEUFoc]]|CCSK|
|2020.05.29|CSA SoCal/LA Chapter|[[Module 5 (63 min.)|https://www.youtube.com/watch?v=JVUawvo-eCI]]|CCSK|
|2020.06.05|CSA SoCal/LA Chapter|[[Module 6 (43 min.)|https://www.youtube.com/watch?v=VTge8e3ryiM]]|CCSK|
|2020.04.26|SkillCertPro|[[10 sample CCSK questions|https://www.youtube.com/watch?v=HGoZXsc-tXs]]|CCSK|
<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #69|2020.06.21 - Newsletter Hebdomadaire #69]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #69|2020.06.21 - Weekly Newsletter - #69]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.06.21 - Newsletter Hebdomadaire #69]]>> |<<tiddler [[2020.06.21 - Weekly Newsletter - #69]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 15 au 21 juin 2020
!!1 - Informations CSA - 15 au 21 juin 2020
* Appel à commentaires CSA : 'Critical Controls Implementation for SAP, Part 2'+++*[»]> <<tiddler [[2020.06.18 - Appel à commentaires 'Critical Controls Implementation for SAP, Part 2']]>>===
* Publication CSA : 'Telehealth Data in the Cloud'+++*[»]> <<tiddler [[2020.06.16 - Publication : 'Telehealth Data in the Cloud']]>>===
* Actualité : Appel à contribution pour le Congrès EMEA de la CSA+++*[»]> <<tiddler [[2020.06.11 - Appel à contribution pour le Congrès EMEA de la CSA]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.06.21 - Veille Hebdomadaire - 21 juin]] avec plus de 110 liens
* __''À lire''__
** Le Cloud comme source d'attaques (Texas Tech University)+++*[»]
|2020.06.16|Texas Tech University|![[Cloud as an Attack Platform|https://arxiv.org/pdf/2006.07914.pdf]] (pdf) |Cloud_Abuse Attacker_Behavior|
|2020.06.16|Texas Tech University|![[Launching Stealth Attacks using Cloud|https://arxiv.org/pdf/2006.07908.pdf]] (pdf) |Cloud_Abuse Attacker_Behavior|
|2020.06.17|The Register| → [[Boffins find that over nine out of ten 'ethical' hackers are being a bit naughty when it comes to cloud services|https://www.theregister.com/2020/06/17/cloud_services_hacking/]]|Cloud_Abuse Attacker_Behavior|
===
** Analyse des vulnérabilités d'images Docker (Norwegian University of Science and Technology)+++*[»]
|2020.06.17|isBuzzNews|[[Vulnerability Analysis Of 2500 Docker Hub Images - Expert On Report|https://www.informationsecuritybuzz.com/expert-comments/vulnerability-analysis-of-2500-docker-hub-images-expert-on-report/]]|Report Docker|
|2020.06.12|NTNU|! → [[Vulnerability Analysis of 2500 Docker Hub Images|https://arxiv.org/pdf/2006.02932.pdf]]|Report Docker|
|2020.06.12|NTNU| → [[Docker image analyzing tools|https://github.com/katrinewi/Docker-image-analyzing-tools]]|Tools Docker|
===
** Localisation et conformité (Microsoft Azure)+++*[»]
|2020.06.18|//Microsoft Azure//|![[New Azure maps make identifying local compliance options easy|https://azure.microsoft.com/en-us/blog/new-azure-maps-make-identifying-local-compliance-options-easy/]] |Azure Compliance|
|2020.06.18|//Microsoft Azure//| → [[Azure Enables a World of Compliance|https://azure.microsoft.com/en-us/resources/azure-enables-a-world-of-compliance/]] ([[livre blanc|https://azure.microsoft.com/mediahandler/files/resourcefiles/azure-enables-a-world-of-compliance/Azure_Compliance_Maps.pdf]])|Azure Compliance|
|2020.06.18|//Microsoft Azure//| → [[Azure Global Compliance Map|https://azure.microsoft.com/en-us/resources/azure-global-compliance-map/]] ([[infographie|https://azure.microsoft.com/mediahandler/files/resourcefiles/azure-global-compliance-map/AzureComplianceInfographic.pdf]])|Azure Compliance|
|2020.06.18|//Microsoft Azure//|![[Making your data residency choices easier with Azure|https://azure.microsoft.com/blog/making-your-data-residency-choices-easier-with-azure/]] ([[document|https://aka.ms/AzureGlobalRegions]]) |Data_Residency|
|2020.06.12|//Microsoft Azure//| → [[Enabling Data Residency and Data Protection in Microsoft Azure Regions|https://azure.microsoft.com/en-us/resources/achieving-compliant-data-residency-and-security-with-azure/]] ([[pdf|https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Enabling_Data_Residency_and_Data_Protection_in_Microsoft_Azure_Regions.pdf]])|Data_Residency|
===
* __Attaques__
** Campagne de phishing Office 365+++*[»]
|2020.06.18|//Check Point//|![[Office 365 Phishing Campaign Exploits Samsung, Adobe and Oxford Servers|https://research.checkpoint.com/2020/phishing-campaign-exploits-samsung-adobe-and-oxford-servers/]] |O365 Phishing|
|2020.06.18|Bleeping Computer| → [[Hijacked Oxford server used by hackers for Office 365 phishing|https://www.bleepingcomputer.com/news/security/hijacked-oxford-server-used-by-hackers-for-office-365-phishing/]]|O365 Phishing|
|2020.06.18|Dark Reading| → [[O365 Phishing Campaign Leveraged Legit Domains|https://www.darkreading.com/attacks-breaches/o365-phishing-campaign-leveraged-legit-domains/d/d-id/1338124]]|O365 Phishing|
|2020.06.18|//Threatpost//| → [[Phishing Campaign Targeting Office 365, Exploits Brand Names|https://threatpost.com/phishing-campaign-targeting-office-365-exploits-brand-names/156698/]]|O365 Phishing|
===
** Guide de réponse aux incidents d'AWS (mise à jour)+++*[»]
|2020.06.18|//AWS//|![[AWS Security Incident Response Guide|https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf]] (pdf) |AWS Incident_Response|
===
** Cartographie d'attaque (Microsoft Threat Protection)+++*[»]
|2020.06.18|//Microsoft Azure//|![[Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint|https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/]] |Attacks Analysis|
===
* Fuites de données
** CasualX+++*[»]
|2020.06.15|vpnMentor|[[Niche Dating Apps Expose 100,000s of Users in Massive Data Breach|https://www.vpnmentor.com/blog/report-dating-apps-leak/]]|AWS Data_Leak|
|2020.06.15|Silicon Angle| → [[Niche dating app user data found exposed on misconfigured cloud instance|https://siliconangle.com/2020/06/15/niche-dating-app-user-data-found-exposed-misconfigured-cloud-instance/]]|AWS Data_Leak|
|2020.06.16|Office of Inadequate Security| → [[845GB of racy dating app records exposed to entire internet via leaky AWS buckets|https://www.databreaches.net/845gb-of-racy-dating-app-records-exposed-to-entire-internet-via-leaky-aws-buckets/]]|AWS Data_Leak|
|2020.06.18|Office of Inadequate Security| → [[Statement by CasualX in response to "false statements" by vpnMentor|https://www.databreaches.net/statement-by-casualx-in-response-to-false-statements-by-vpnmentor/]]|AWS Data_Leak|
===
* __Pannes__
** M365 et Azure+++*[»]
|2020.06.15|The Register|[[Microsoft 365 and Azure outage struck Australia and New Zealand just as business rocked up for a new week|https://www.theregister.com/2020/06/15/microsoft_365_outage_australia_new_zealand/]]|Outage M365|
===
* __Rapports et études__
** Investissements et dépenses en 2020 (Gartner)+++*[»]
|2020.06.17|//Gartner//|![[Gartner Forecasts Worldwide Security and Risk Management Spending Growth to Slow but Remain Positive in 2020|https://www.gartner.com/en/newsroom/press-releases/2020-06-17-gartner-forecasts-worldwide-security-and-risk-managem]] |Forecast Employment|
|2020.06.21|//BitDefender//| → [[Cloud Security Spending to Buoy the Security Market in 2020|https://businessinsights.bitdefender.com/cloud-security-spending-security-market]]|Market|
===
** Chiffrement Zoom de bout-en-bout (mise à jour)+++*[»]
|2020.06.17|//Zoom//|[[Zoom End-to-End Encryption Whitepaper v2|https://github.com/zoom/zoom-e2e-whitepaper/blob/master/CHANGELOG.md]] ([[whitepaper|https://github.com/zoom/zoom-e2e-whitepaper/blob/master/archive/zoom_e2e_v2.pdf]])|Zoom Encryption|
===
* __Acquisitions__
** Spanugo par IBM %%+++*[»]
|2020.06.16|Security Week| → [[IBM Acquires Cloud Security Company Spanugo|https://www.securityweek.com/ibm-acquires-cloud-security-company-spanugo]]|Acquisition|
|2020.06.15|Silicon Angle|[[IBM buys Spanugo to bolster its financial services public cloud|https://siliconangle.com/2020/06/15/ibm-buys-spanugo-bolster-financial-services-public-cloud/]]|Acquisition|
|2020.06.16|Silicon.fr[img[iCSF/flag_fr.png]]| → [[Cybersécurité : IBM s'offre la start-up Spanugo|https://www.silicon.fr/cybersecurite-ibm-spanugo-341383.html]]|Acquisition|
===
* __Divers__
** Semaine d'accès gratuit aux ressources de Cloud Academy+++*[»]
|2020.06.19|Cloud Academy|![[Kickstart Your Tech Training With a Free Week on Cloud Academy|https://cloudacademy.com/blog/kickstart-your-tech-training-with-a-free-week-on-cloud-academy/]] |Free_Training|
|~|~| → [[Training Library|https://cloudacademy.com/library/]]|Free_Training|
===
** Fiches d'aide aux tests d'intrusion dans le Cloud+++*[»]
|2020.06.21|Beau Bullock|[[Cloud Pentest Cheatsheets|https://github.com/dafthack/CloudPentestCheatsheets]] ([[pdf|https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Cloud%20Pentesting%20Cheatsheet.pdf]])|Pentest CheatSheets|
===
** Sécurité des données et SaaS (2/4)+++*[»]
|2020.06.15|//Securosis//|![[Data Security in the SaaS Age: Focus on What You Control|https://securosis.com/blog/data-security-in-the-saas-age-focus-on-what-you-control]] (2/4) |SaaS|
===
** Supervision dans AWS, dans Azure et détection dans GCP+++*[»]
|2020.06.15|Uber security|[[Part 1: AWS Continuous Monitoring|https://medium.com/@ubersecurity/part-1-aws-continuous-monitoring-f39f81ea6801]] (1/2)|AWS Monitoring|
|2020.06.15|Uber security|[[Part 2: AWS Monitoring Case Studies|https://medium.com/@ubersecurity/part-2-aws-monitoring-case-studies-9fbc613aff28]] (2/2)|AWS Monitoring|
|2020.06.18|Sami Lamppu|[[Monitor Elevate Access Activity In Azure|https://samilamppu.com/2020/06/18/monitor-elevated-global-admin-account-usage/]]|AzureAD|
|2020.06.17|//Google Cloud//|[[Setting up advanced network threat detection with Packet Mirroring|https://cloud.google.com/blog/products/networking/packet-mirroring-enables-better-network-monitoring-and-security]]|Networks Detection|
===
** Zero-Trust+++*[»]
|2020.06.16|//Cloud Management Insider//|[[Is It Really Beneficial To Implement A Cloud Security Model On Zero Trust?|https://www.cloudmanagementinsider.com/is-it-really-beneficial-to-implement-a-cloud-security-model-on-zero-trust/]]|Zero_Trust|
|2020.06.15|//Microsoft Azure//|[[Zero Trust - Part 1: Networking|https://www.microsoft.com/security/blog/2020/06/15/zero-trust-part-1-networking/]]|Zero_Trust|
===
** Outils: s'entrainer à trouver des vulnérabilités sur ''Kubernetes Goat'', Kube-Scan et Kube-Bench (Kubernetes), Tsunami (GCP), BOtB (containers), Panther (AWS)+++*[»]
|2020.06.15|Madhu Akula|[[Kubernetes Goat|https://github.com/madhuakula/kubernetes-goat]]|K8s Vulnerable_Design Challenge|
|2020.06.15|Madhu Akula| → [["Vulnerable by Design" Kubernetes Cluster|https://madhuakula.com/kubernetes-goat]]|K8s Vulnerable_Design Challenge|
|2020.06.19|SecTechno|[[Kube-Scan - Kubernetes Risk Assessment Tool - SecTechno|https://sectechno.com/kube-scan-kubernetes-risk-assessment-tool/]]|Tools Kubernetes|
|2020.06.20|SecTechno|[[Kube-Bench - CIS Kubernetes Benchmark Assessor|https://sectechno.com/kube-bench-cis-kubernetes-benchmark-assessor/]]|Tools|
|2020.06.18|//Google Cloud//|[[Tsunami: An extensible network scanning engine for detecting high severity vulnerabilities with high confidence|https://opensource.googleblog.com/2020/06/tsunami-extensible-network-scanning.html]]|Tools GCP|
|2020.06.15|SecTechno|[[BOtB - Container Analysis and Exploitation Tool - SecTechno|https://sectechno.com/botb-container-analysis-and-exploitation-tool/]]|Tools|
|2020.06.17|SecTechno|[[Panther - Detect Threats and Improve Cloud Security|https://sectechno.com/panther-better-data-leads-to-better-visibility/]]|Tools AWS|
===
** Gagner un crédit de 25$ avec l'AWS Summit+++*[»]
|2020.06.16|The Register|[[Psst. Hey kid, you want $50 in AWS credit? Great, you just need to fill out this form and sit through these web lectures|https://www.theregister.com/2020/06/16/aws_credit_virtual_summit_incentive/]]|AWS Free |
||//AWS//| → [[AWS Summit Online FAQ|https://aws.amazon.com/events/summits/online/emea/faqs/]]|AWS Free_Credits|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K6L/|https://CloudSecurityAlliance.fr/go/K6L/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - June 15th to 21st, 2020[>img[iCSF/inEnglish.png]]
!!1 - CSA News and Updates - June 15th to 21st, 2020
* CSA Call for comments: 'Critical Controls Implementation for SAP, Part 2'+++*[»]> <<tiddler [[2020.06.18 - Appel à commentaires 'Critical Controls Implementation for SAP, Part 2']]>>===
* CSA Publication 'Telehealth Data in the Cloud'+++*[»]> <<tiddler [[2020.06.16 - Publication : 'Telehealth Data in the Cloud']]>>===
* News : Call for Papers for CSA EMEA Congress 2020+++*[»]> <<tiddler [[2020.06.11 - Appel à contribution pour le Congrès EMEA de la CSA]]>>===
!!2 - Cloud and Security News Watch
[[Over 110 links|2020.06.21 - Veille Hebdomadaire - 21 juin]]
* __''Must read''__
** Cloud as a (Stealth) Attack Platform (Texas Tech University)+++*[»]
|2020.06.16|Texas Tech University|![[Cloud as an Attack Platform|https://arxiv.org/pdf/2006.07914.pdf]] (pdf) |Cloud_Abuse Attacker_Behavior|
|2020.06.16|Texas Tech University|![[Launching Stealth Attacks using Cloud|https://arxiv.org/pdf/2006.07908.pdf]] (pdf) |Cloud_Abuse Attacker_Behavior|
|2020.06.17|The Register| → [[Boffins find that over nine out of ten 'ethical' hackers are being a bit naughty when it comes to cloud services|https://www.theregister.com/2020/06/17/cloud_services_hacking/]]|Cloud_Abuse Attacker_Behavior|
===
** Vulnerability Analysis of Docker Hub Images (Norwegian U. of Science & Technology)+++*[»]
|2020.06.17|isBuzzNews|[[Vulnerability Analysis Of 2500 Docker Hub Images - Expert On Report|https://www.informationsecuritybuzz.com/expert-comments/vulnerability-analysis-of-2500-docker-hub-images-expert-on-report/]]|Report Docker|
|2020.06.12|NTNU|! → [[Vulnerability Analysis of 2500 Docker Hub Images|https://arxiv.org/pdf/2006.02932.pdf]]|Report Docker|
|2020.06.12|NTNU| → [[Docker image analyzing tools|https://github.com/katrinewi/Docker-image-analyzing-tools]]|Tools Docker|
===
** Azure Global and Local Compliance (Microsoft Azure)+++*[»]
|2020.06.18|//Microsoft Azure//|![[New Azure maps make identifying local compliance options easy|https://azure.microsoft.com/en-us/blog/new-azure-maps-make-identifying-local-compliance-options-easy/]] |Azure Compliance|
|2020.06.18|//Microsoft Azure//| → [[Azure Enables a World of Compliance|https://azure.microsoft.com/en-us/resources/azure-enables-a-world-of-compliance/]] ([[livre blanc|https://azure.microsoft.com/mediahandler/files/resourcefiles/azure-enables-a-world-of-compliance/Azure_Compliance_Maps.pdf]])|Azure Compliance|
|2020.06.18|//Microsoft Azure//| → [[Azure Global Compliance Map|https://azure.microsoft.com/en-us/resources/azure-global-compliance-map/]] ([[infographie|https://azure.microsoft.com/mediahandler/files/resourcefiles/azure-global-compliance-map/AzureComplianceInfographic.pdf]])|Azure Compliance|
|2020.06.18|//Microsoft Azure//|![[Making your data residency choices easier with Azure|https://azure.microsoft.com/blog/making-your-data-residency-choices-easier-with-azure/]] ([[document|https://aka.ms/AzureGlobalRegions]]) |Data_Residency|
|2020.06.12|//Microsoft Azure//| → [[Enabling Data Residency and Data Protection in Microsoft Azure Regions|https://azure.microsoft.com/en-us/resources/achieving-compliant-data-residency-and-security-with-azure/]] ([[pdf|https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Enabling_Data_Residency_and_Data_Protection_in_Microsoft_Azure_Regions.pdf]])|Data_Residency|
===
* __Attacks__
** Office 365 Phishing Campaign+++*[»]
|2020.06.18|//Check Point//|![[Office 365 Phishing Campaign Exploits Samsung, Adobe and Oxford Servers|https://research.checkpoint.com/2020/phishing-campaign-exploits-samsung-adobe-and-oxford-servers/]] |O365 Phishing|
|2020.06.18|Bleeping Computer| → [[Hijacked Oxford server used by hackers for Office 365 phishing|https://www.bleepingcomputer.com/news/security/hijacked-oxford-server-used-by-hackers-for-office-365-phishing/]]|O365 Phishing|
|2020.06.18|Dark Reading| → [[O365 Phishing Campaign Leveraged Legit Domains|https://www.darkreading.com/attacks-breaches/o365-phishing-campaign-leveraged-legit-domains/d/d-id/1338124]]|O365 Phishing|
|2020.06.18|//Threatpost//| → [[Phishing Campaign Targeting Office 365, Exploits Brand Names|https://threatpost.com/phishing-campaign-targeting-office-365-exploits-brand-names/156698/]]|O365 Phishing|
===
** AWS Security Incident Response Guide (update)+++*[»]
|2020.06.18|//AWS//|![[AWS Security Incident Response Guide|https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf]] (pdf) |AWS Incident_Response|
===
** Attack Chains Mapping (Microsoft Threat Protection)+++*[»]
|2020.06.18|//Microsoft Azure//|![[Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint|https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/]] |Attacks Analysis|
===
* Data Leaks
** CasulaX+++*[»]
|2020.06.15|vpnMentor|[[Niche Dating Apps Expose 100,000s of Users in Massive Data Breach|https://www.vpnmentor.com/blog/report-dating-apps-leak/]]|AWS Data_Leak|
|2020.06.15|Silicon Angle| → [[Niche dating app user data found exposed on misconfigured cloud instance|https://siliconangle.com/2020/06/15/niche-dating-app-user-data-found-exposed-misconfigured-cloud-instance/]]|AWS Data_Leak|
|2020.06.16|Office of Inadequate Security| → [[845GB of racy dating app records exposed to entire internet via leaky AWS buckets|https://www.databreaches.net/845gb-of-racy-dating-app-records-exposed-to-entire-internet-via-leaky-aws-buckets/]]|AWS Data_Leak|
|2020.06.18|Office of Inadequate Security| → [[Statement by CasualX in response to "false statements" by vpnMentor|https://www.databreaches.net/statement-by-casualx-in-response-to-false-statements-by-vpnmentor/]]|AWS Data_Leak|
===
* __Outages__
** M365 and Azure+++*[»]
|2020.06.15|The Register|[[Microsoft 365 and Azure outage struck Australia and New Zealand just as business rocked up for a new week|https://www.theregister.com/2020/06/15/microsoft_365_outage_australia_new_zealand/]]|Outage M365|
===
* __Reports and Surveys__
** Cloud and Security Spendings 2020 (Gartner)+++*[»]
|2020.06.17|//Gartner//|![[Gartner Forecasts Worldwide Security and Risk Management Spending Growth to Slow but Remain Positive in 2020|https://www.gartner.com/en/newsroom/press-releases/2020-06-17-gartner-forecasts-worldwide-security-and-risk-managem]] |Forecast Employment|
|2020.06.21|//BitDefender//| → [[Cloud Security Spending to Buoy the Security Market in 2020|https://businessinsights.bitdefender.com/cloud-security-spending-security-market]]|Market|
===
** Zoom End-to-End Encryption (update)+++*[»]
|2020.06.17|//Zoom//|[[Zoom End-to-End Encryption Whitepaper v2|https://github.com/zoom/zoom-e2e-whitepaper/blob/master/CHANGELOG.md]] ([[whitepaper|https://github.com/zoom/zoom-e2e-whitepaper/blob/master/archive/zoom_e2e_v2.pdf]])|Zoom Encryption|
===
* __Acquisitions__
** Spanugo by IBM+++*[»]
|2020.06.16|Security Week| → [[IBM Acquires Cloud Security Company Spanugo|https://www.securityweek.com/ibm-acquires-cloud-security-company-spanugo]]|Acquisition|
|2020.06.15|Silicon Angle|[[IBM buys Spanugo to bolster its financial services public cloud|https://siliconangle.com/2020/06/15/ibm-buys-spanugo-bolster-financial-services-public-cloud/]]|Acquisition|
|2020.06.16|Silicon.fr[img[iCSF/flag_fr.png]]| → [[Cybersécurité : IBM s'offre la start-up Spanugo|https://www.silicon.fr/cybersecurite-ibm-spanugo-341383.html]]|Acquisition|
===
* __Miscellaneous__
** Free Week on Cloud Academy+++*[»]
|2020.06.19|Cloud Academy|![[Kickstart Your Tech Training With a Free Week on Cloud Academy|https://cloudacademy.com/blog/kickstart-your-tech-training-with-a-free-week-on-cloud-academy/]] |Free_Training|
|~|~| → [[Training Library|https://cloudacademy.com/library/]]|Free_Training|
===
** Cloud Pentest Cheatsheets+++*[»]
|2020.06.21|Beau Bullock|[[Cloud Pentest Cheatsheets|https://github.com/dafthack/CloudPentestCheatsheets]] ([[pdf|https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Cloud%20Pentesting%20Cheatsheet.pdf]])|Pentest CheatSheets|
===
** Data Security in the SaaS Age (2/4)+++*[»]
|2020.06.15|//Securosis//|![[Data Security in the SaaS Age: Focus on What You Control|https://securosis.com/blog/data-security-in-the-saas-age-focus-on-what-you-control]] (2/4) |SaaS|
===
** Monitoring Case Studies in AWS, in Azure, and detection in GCP+++*[»]
|2020.06.15|Uber security|[[Part 1: AWS Continuous Monitoring|https://medium.com/@ubersecurity/part-1-aws-continuous-monitoring-f39f81ea6801]] (1/2)|AWS Monitoring|
|2020.06.15|Uber security|[[Part 2: AWS Monitoring Case Studies|https://medium.com/@ubersecurity/part-2-aws-monitoring-case-studies-9fbc613aff28]] (2/2)|AWS Monitoring|
|2020.06.18|Sami Lamppu|[[Monitor Elevate Access Activity In Azure|https://samilamppu.com/2020/06/18/monitor-elevated-global-admin-account-usage/]]|AzureAD|
|2020.06.17|//Google Cloud//|[[Setting up advanced network threat detection with Packet Mirroring|https://cloud.google.com/blog/products/networking/packet-mirroring-enables-better-network-monitoring-and-security]]|Networks Detection|
===
** Zero-Trust+++*[»]
|2020.06.16|//Cloud Management Insider//|[[Is It Really Beneficial To Implement A Cloud Security Model On Zero Trust?|https://www.cloudmanagementinsider.com/is-it-really-beneficial-to-implement-a-cloud-security-model-on-zero-trust/]]|Zero_Trust|
|2020.06.15|//Microsoft Azure//|[[Zero Trust - Part 1: Networking|https://www.microsoft.com/security/blog/2020/06/15/zero-trust-part-1-networking/]]|Zero_Trust|
===
** Tools: the "Vulnerable by Design" ''Kubernetes Goat'', Kube-Scan and Kube-Bench (Kubernetes), Tsunami (GCP), BOtB (containers), Panther (AWS)+++*[»]
|2020.06.15|Madhu Akula|[[Kubernetes Goat|https://github.com/madhuakula/kubernetes-goat]]|K8s Vulnerable_Design Challenge|
|2020.06.15|Madhu Akula| → [["Vulnerable by Design" Kubernetes Cluster|https://madhuakula.com/kubernetes-goat]]|K8s Vulnerable_Design Challenge|
|2020.06.19|SecTechno|[[Kube-Scan - Kubernetes Risk Assessment Tool - SecTechno|https://sectechno.com/kube-scan-kubernetes-risk-assessment-tool/]]|Tools Kubernetes|
|2020.06.20|SecTechno|[[Kube-Bench - CIS Kubernetes Benchmark Assessor|https://sectechno.com/kube-bench-cis-kubernetes-benchmark-assessor/]]|Tools|
|2020.06.18|//Google Cloud//|[[Tsunami: An extensible network scanning engine for detecting high severity vulnerabilities with high confidence|https://opensource.googleblog.com/2020/06/tsunami-extensible-network-scanning.html]]|Tools GCP|
|2020.06.15|SecTechno|[[BOtB - Container Analysis and Exploitation Tool - SecTechno|https://sectechno.com/botb-container-analysis-and-exploitation-tool/]]|Tools|
|2020.06.17|SecTechno|[[Panther - Detect Threats and Improve Cloud Security|https://sectechno.com/panther-better-data-leads-to-better-visibility/]]|Tools AWS|
===
** 25$ AWS credit at the AWS Summit+++*[»]
|2020.06.16|The Register|[[Psst. Hey kid, you want $50 in AWS credit? Great, you just need to fill out this form and sit through these web lectures|https://www.theregister.com/2020/06/16/aws_credit_virtual_summit_incentive/]]|AWS Free |
||//AWS//| → [[AWS Summit Online FAQ|https://aws.amazon.com/events/summits/online/emea/faqs/]]|AWS Free_Credits|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K6L/|https://CloudSecurityAlliance.fr/go/K6L/]] |
<<tiddler [[arOund0C]]>>
|!Juin|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.06.21|
|2020.06.21|Marco Lancini|[[The Cloud Security Reading List #42|https://cloudseclist.com/issues/issue-42/]]|Weekly_Newsletter|
|2020.06.21|Beau Bullock|[[Cloud Pentest Cheatsheets|https://github.com/dafthack/CloudPentestCheatsheets]] ([[pdf|https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Cloud%20Pentesting%20Cheatsheet.pdf]])|Pentest CheatSheets|
|2020.06.21|Rory McCune //NCC Group//|[[Container Vulnerability Scanning Fun|https://raesene.github.io/blog/2020/06/21/Container_Vulnerability_Scanning_Fun/]]|Container Vulnerability_Scans|
|2020.06.21|Arun Ramakani|[[Fitness Validation For Your Kubernetes Apps: Policy As Code|https://itnext.io/fitness-validation-for-your-kubernetes-apps-policy-as-code-7fad698e7dec?gi=7d1744204bb8]]|K8s PaC|
|>|>|>|!2020.06.20|
|2020.06.20|The Next Web|[[Understand how to move a system to the cloud and secure it with this CompTIA training|https://thenextweb.com/offers/2020/06/20/understand-how-to-move-a-system-to-the-cloud-and-secure-it-with-this-comptia-training/]]|Misc|
|2020.06.20|SecTechno|[[Kube-Bench - CIS Kubernetes Benchmark Assessor|https://sectechno.com/kube-bench-cis-kubernetes-benchmark-assessor/]]|Tools|
|2020.06.20|//JumpCloud//|[[Logging into a Windows System with a G Suite Password|https://jumpcloud.com/blog/logging-into-a-windows-system-with-a-g-suite-password]]|G_Suite Authentication|
|>|>|>|!2020.06.19|
|2020.06.19|Cloud Academy|![[Kickstart Your Tech Training With a Free Week on Cloud Academy|https://cloudacademy.com/blog/kickstart-your-tech-training-with-a-free-week-on-cloud-academy/]] |Free_Training|
|~|~| → [[Training Library|https://cloudacademy.com/library/]]|Free_Training|
|2020.06.19|Computer Weekly|[[Cloud flash storage: SSD options from AWS, Azure and GCP|https://www.computerweekly.com/feature/Cloud-flash-storage-SSD-options-from-AWS-Azure-and-GCP]]|Storage AWS AZure GCP|
|2020.06.19|SecTechno|[[Kube-Scan - Kubernetes Risk Assessment Tool - SecTechno|https://sectechno.com/kube-scan-kubernetes-risk-assessment-tool/]]|Tools Kubernetes|
|2020.06.19|Help Net Security|[[Armorblox, Box and Slack to stop targeted attacks and data loss across cloud office platforms|https://www.helpnetsecurity.com/2020/06/19/armorblox-box-slack/]]|Products|
|2020.06.19|Silicon Angle|[[These are the top 10 mistakes organizations make with their cloud strategies|https://siliconangle.com/2020/06/19/top-10-mistakes-organizations-make-cloud-strategies/]]|Best_Practices|
|2020.06.19|Dark Reading|[[5 Steps for Implementing Multicloud Identity|https://www.darkreading.com/cloud/5-steps-for-implementing-multicloud-identity/a/d-id/1338114]]|Multicloud IAM|
|2020.06.19|//Centilytics//|[[Top 5 Frequently Asked Questions (FAQs) about Azure Expert MSP Audit|https://blogs.centilytics.com/frequently-asked-questions-azure-expert-msp-audit/]]|Azure Audit|
|2020.06.19|//Amazon AWS//|[[Automating safe, hands-off deployments|https://aws.amazon.com/builders-library/automating-safe-hands-off-deployments/]]|Deployment|
|>|>|>|!2020.06.18|
|2020.06.18|Cloud Security Alliance|[[CSA Offers Guidance on Adhering to Privacy, Security Protocols for Telehealth Data in the Cloud|https://cloudsecurityalliance.org/press-releases/2020/06/18/cloud-security-alliance-offers-guidance-on-adhering-to-privacy-security-protocols-for-telehealth-data-in-the-cloud/]] ([[téléchargement|https://cloudsecurityalliance.org//artifacts/telehealth-data-in-the-cloud]])|Telehealth|
|2020.06.19|Dark Reading| → [[Cloud Security Alliance Offers Tips to Protect Telehealth Data|https://www.darkreading.com/cloud/cloud-security-alliance-offers-tips-to-protect-telehealth-data/d/d-id/1338136]]|CSA Tele_health|
|2020.06.19|Container Journal| → [[Cloud Security Alliance Offers Guidance on Adhering to Privacy, Security Protocols for Telehealth Data in the Cloud|https://containerjournal.com/news/news-releases/cloud-security-alliance-offers-guidance-on-adhering-to-privacy-security-protocols-for-telehealth-data-in-the-cloud/]]|CSA Tele_health|
|2020.06.19|//CyberSecurity Insiders//| → [[Cloud Security Alliance Offers Guidance on Adhering to Privacy, Security Protocols for Telehealth Data in the Cloud|https://www.cybersecurity-insiders.com/cloud-security-alliance-offers-guidance-on-adhering-to-privacy-security-protocols-for-telehealth-data-in-the-cloud/]]|CSA Tele_health|
|2020.06.19|Help Net Security| → [[Privacy and security concerns related to patient data in the cloud|https://www.helpnetsecurity.com/2020/06/22/patient-data-cloud/]]|CSA Tele_health|
|2020.06.18|jdSupra|[[Getting Cautious on Cloud Outsourcing: ESMA Consults on Proposed Guidelines|https://www.jdsupra.com/legalnews/getting-cautious-on-cloud-outsourcing-20292/]]|Outsourcing|
|2020.06.18|jdSupra|![[Making Plans for Something You Hope Never Happens: What's Your Continuity Plan?|https://www.jdsupra.com/legalnews/making-plans-for-something-you-hope-32069/]] |BCP SaaS|
|2020.06.18|Cyber Defense Mag.|[[Digital Healthcare: How Secure Is the Care Data?|https://www.cyberdefensemagazine.com/digital-healthcare/]]|Healthcae|
|2020.06.18|Cloud Essentials|[[Is dedicated backup essential for Microsoft 365?|https://www.cloudessentials.com/blog/is-third-party-backup-essential-microsoft365/]]|Backups|
|2020.06.18|BetaNews|[[New solution helps enterprises handle sensitive data|https://betanews.com/2020/06/18/enterprise-sensitive-data/]]|Products|
|2020.06.18|Sami Lamppu|[[Monitor Elevate Access Activity In Azure|https://samilamppu.com/2020/06/18/monitor-elevated-global-admin-account-usage/]]|AzureAD|
|2020.06.18|//Cloud Management Insider//|[[Why Kubernetes Governance Is Essential For Enterprises?|https://www.cloudmanagementinsider.com/why-kubernetes-governance-is-essential-for-enterprises/]]|K8s Governance|
|2020.06.18|Dark Reading|[[Back to Basics with Cloud Permissions Management|https://www.darkreading.com/cloud/back-to-basics-with-cloud-permissions-management/a/d-id/1338125]]|Misc|
|2020.06.18|A Cloud Guru|[[The Role of the Cloud in Preventing Data Breaches|https://info.acloud.guru/resources/the-role-of-the-cloud-in-preventing-data-breaches]]|Prevention|
|2020.06.18|//Microsoft Azure//|![[Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint|https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/]] |Attacks Analysis|
|2020.06.18|//Microsoft Azure//|![[New Azure maps make identifying local compliance options easy|https://azure.microsoft.com/en-us/blog/new-azure-maps-make-identifying-local-compliance-options-easy/]] |Azure Compliance|
|2020.06.18|//Microsoft Azure//| → [[Azure Enables a World of Compliance|https://azure.microsoft.com/en-us/resources/azure-enables-a-world-of-compliance/]] ([[livre blanc|https://azure.microsoft.com/mediahandler/files/resourcefiles/azure-enables-a-world-of-compliance/Azure_Compliance_Maps.pdf]])|Azure Compliance|
|2020.06.18|//Microsoft Azure//| → [[Azure Global Compliance Map|https://azure.microsoft.com/en-us/resources/azure-global-compliance-map/]] ([[infographie|https://azure.microsoft.com/mediahandler/files/resourcefiles/azure-global-compliance-map/AzureComplianceInfographic.pdf]])|Azure Compliance|
|2020.06.18|//Microsoft Azure//|![[Making your data residency choices easier with Azure|https://azure.microsoft.com/blog/making-your-data-residency-choices-easier-with-azure/]] ([[document|https://aka.ms/AzureGlobalRegions]]) |Data_Residency|
|2020.06.12|//Microsoft Azure//| → [[Enabling Data Residency and Data Protection in Microsoft Azure Regions|https://azure.microsoft.com/en-us/resources/achieving-compliant-data-residency-and-security-with-azure/]] ([[pdf|https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Enabling_Data_Residency_and_Data_Protection_in_Microsoft_Azure_Regions.pdf]])|Data_Residency|
|2020.06.18|//Microsoft Azure//| → [[Minimize disruption with cost-effective backup and disaster recovery solutions on Azure|https://azure.microsoft.com/en-us/blog/minimize-disruption-with-costeffective-backup-and-disaster-recovery-solutions-on-azure/]]|Azure BCP DRP|
|2020.06.18|//Microsoft Azure//|[[Barracuda and Microsoft: Securing applications in public cloud|https://www.microsoft.com/security/blog/2020/06/18/barracuda-microsoft-securing-applications-public-cloud/]]|AWS|
|2020.06.18|//Google Cloud//|[[Google Data Center Security: 6 Layers Deep|https://www.youtube.com/watch?v=kd33UVZhnAA]] (vidéo YouTube)|GCP Data_Center|
|2020.06.18|//Google Cloud//|[[Tsunami: An extensible network scanning engine for detecting high severity vulnerabilities with high confidence|https://opensource.googleblog.com/2020/06/tsunami-extensible-network-scanning.html]]|Tools GCP|
|2020.06.18|//Check Point//|![[Office 365 Phishing Campaign Exploits Samsung, Adobe and Oxford Servers|https://research.checkpoint.com/2020/phishing-campaign-exploits-samsung-adobe-and-oxford-servers/]] |O365 Phishing|
|2020.06.18|Bleeping Computer| → [[Hijacked Oxford server used by hackers for Office 365 phishing|https://www.bleepingcomputer.com/news/security/hijacked-oxford-server-used-by-hackers-for-office-365-phishing/]]|O365 Phishing|
|2020.06.18|Dark Reading| → [[O365 Phishing Campaign Leveraged Legit Domains|https://www.darkreading.com/attacks-breaches/o365-phishing-campaign-leveraged-legit-domains/d/d-id/1338124]]|O365 Phishing|
|2020.06.18|//Threatpost//| → [[Phishing Campaign Targeting Office 365, Exploits Brand Names|https://threatpost.com/phishing-campaign-targeting-office-365-exploits-brand-names/156698/]]|O365 Phishing|
|2020.06.24|//E Hacking News//| → [[Experts discovered phishing emails in Office 365 accounts|https://www.ehackingnews.com/2020/06/experts-discovered-phishing-emails-in.html]]|O365 Phishing|
|2020.06.18|//AWS//|![[AWS Security Incident Response Guide|https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf]] (pdf) |AWS Incident_Response|
|2020.06.18|//HashiCorp//|[[Encrypting Data while Preserving Formatting with the Vault Enterprise Transform Secrets Engine|https://www.hashicorp.com/blog/data-transformation-with-vault/]]|Vault Secrets|
|2020.06.18|//Tripwire//|[[Amazon Web Services Mitigated a 2.3 Tbps DDoS Attack|https://www.tripwire.com/state-of-security/security-data-protection/amazon-web-services-mitigated-a-2-3-tbps-ddos-attack/]]|
|2020.06.18|//Threatstack//|[[System Access and User Accountability in the Cloud|https://www.threatstack.com/blog/system-access-and-user-accountability-in-the-cloud]]|Accountability|
|2020.06.18|//Fugue//|[[Announcing the Cloud Security Masterclass Program to Educate on Cloud Misconfiguration Risk|https://www.fugue.co/blog/announcing-the-cloud-security-masterclass-program-to-educate-on-cloud-misconfiguration-risk]]|Training|
|2020.06.23|//Fugue//| → Webinaire [[Locking down the Security of AWS IAM|https://resources.fugue.co/locking-down-security-of-aws-iam]]|Webinar|
|2020.06.18|//Risk Recon//|[[New Toolkit for Assessing AWS Deployments and Operations|https://blog.riskrecon.com/new-toolkit-for-assessing-aws-deployments-and-operations]] ([[téléchargement|https://www.riskrecon.com/aws-assessment-toolkit]])|AWS Assessments|
|2020.06.19|//Park My Cloud//|[[Microsoft Azure VM Types Comparison|https://www.parkmycloud.com/blog/azure-vm-types/]]|Azure VM|
|2020.06.18|//CyberArk Conjur//|[[Secrets Management Overview For Developers & DevOps|https://www.conjur.org/blog/secrets-management-overview-for-developers-devops/]]|Secrets_Management|
|2020.06.18|//Amazon AWS//|[[Realize Policy-as-Code with AWS Cloud Development Kit through Open Policy Agent|https://aws.amazon.com/blogs/opensource/realize-policy-as-code-with-aws-cloud-development-kit-through-open-policy-agent/]]|AWS OPA|
|>|>|>|!2020.06.17|
|2020.06.17|TL;DR Security|[[#39 - Evidence Based Security, Web Security, and Program Analysis|https://tldrsec.com/blog/tldr-sec-039/]] |Weekly_Newsletter|
|2020.06.21|Marco Lancini|![[Building a Serverless Mailing List in AWS|https://www.marcolancini.it/2020/blog-serverless-mailing-list/]]|Implementation|
|2020.06.17|isBuzzNews|[[Vulnerability Analysis Of 2500 Docker Hub Images - Expert On Report|https://www.informationsecuritybuzz.com/expert-comments/vulnerability-analysis-of-2500-docker-hub-images-expert-on-report/]]|Report Docker|
|2020.06.12|NTNU|! → [[Vulnerability Analysis of 2500 Docker Hub Images|https://arxiv.org/pdf/2006.02932.pdf]]|Report Docker|
|2020.06.12|NTNU| → [[Docker image analyzing tools|https://github.com/katrinewi/Docker-image-analyzing-tools]]|Tools Docker|
|2020.06.17|SecTechno|[[Panther - Detect Threats and Improve Cloud Security|https://sectechno.com/panther-better-data-leads-to-better-visibility/]]|Tools AWS|
|2020.06.17|//Zoom//|[[Zoom End-to-End Encryption Whitepaper v2|https://github.com/zoom/zoom-e2e-whitepaper/blob/master/CHANGELOG.md]] ([[whitepaper|https://github.com/zoom/zoom-e2e-whitepaper/blob/master/archive/zoom_e2e_v2.pdf]])|Zoom Encryption|
|2020.06.17|//Zoom//|[[End-to-End Encryption Update|https://blog.zoom.us/end-to-end-encryption-update/]]|Zoom Encryption|
|2020.06.18|BetaNews| → [[Zoom relents and agrees to give free users end-to-end encryption|https://betanews.com/2020/06/18/free-zoom-end-to-end-encryption/]]|Zoom Encryption|
|2020.06.18|Dark Reading| → [[Zoom Changes Course on End-to-End Encryption|https://www.darkreading.com/application-security/zoom-changes-course-on-end-to-end-encryption/d/d-id/1338119]]|Zoom Encryption|
|2020.06.17|John Kinsella|[[Insecure by Default: Kubernetes CICD Reference Diagrams|https://theresnomon.co/insecure-by-default-kubernetes-cicd-reference-diagrams-bce31523d506]]|CI/CD|
|2020.06.17|//Gartner//|![[Gartner Forecasts Worldwide Security and Risk Management Spending Growth to Slow but Remain Positive in 2020|https://www.gartner.com/en/newsroom/press-releases/2020-06-17-gartner-forecasts-worldwide-security-and-risk-managem]] |Forecast Employment|
|2020.06.21|//BitDefender//| → [[Cloud Security Spending to Buoy the Security Market in 2020|https://businessinsights.bitdefender.com/cloud-security-spending-security-market]]|Market|
|2020.06.22|Silicon.fr[img[iCSF/flag_fr.png]]| → [[Cybersécurité : comment le Cloud peut sauver l'année 2020|https://www.silicon.fr/cybersecurite-cloud-annee-2020-341717.html]]|Market|
|2020.06.17|//Google Cloud//|[[Setting up advanced network threat detection with Packet Mirroring|https://cloud.google.com/blog/products/networking/packet-mirroring-enables-better-network-monitoring-and-security]]|Networks Detection|
|2020.06.17|//Intezer//|![[Intezer - Best Practices for Securing a Docker Runtime Environment|https://intezer.com/container-security/best-practices-for-securing-a-docker-runtime-environment/]] |Docker Best_Practices|
|2020.06.17|//Duo//|[[Unnamed Web Host Hit With DDoS Attack|https://duo.com/decipher/unnamed-web-host-hit-with-ddos-attack]]|Attacks|
|2020.06.17|//Compare The Cloud//|[[Oracle Database in the Cloud: Azure vs AWS vs Oracle|https://www.comparethecloud.net/articles/oracle-database-in-the-cloud-azure-vs-aws-vs-oracle/]]|Databases|
|2020.06.17|//Learn K8s//|[[Validating Kubernetes YAML for best practice and policies|https://learnk8s.io/validating-kubernetes-yaml]]|K8s YAML|
|2020.06.17|//Rapid7//|[[The Cybersecurity Practitioner's Introduction to the Cloud|https://blog.rapid7.com/2020/06/17/the-security-practitioners-intro-to-the-cloud-everything-you-ever-wanted-to-know-but-were-afraid-to-ask/]] |Best_Pratices|
|>|>|>|!2020.06.16|
|2020.06.16|Texas Tech University|![[Cloud as an Attack Platform|https://arxiv.org/pdf/2006.07914.pdf]] (pdf) |Cloud_Abuse Attacker_Behavior|
|2020.06.16|Texas Tech University|![[Launching Stealth Attacks using Cloud|https://arxiv.org/pdf/2006.07908.pdf]] (pdf) |Cloud_Abuse Attacker_Behavior|
|2020.06.17|The Register| → [[Boffins find that over nine out of ten 'ethical' hackers are being a bit naughty when it comes to cloud services|https://www.theregister.com/2020/06/17/cloud_services_hacking/]]|Cloud_Abuse Attacker_Behavior|
|2020.06.16|The Register|[[Psst. Hey kid, you want $50 in AWS credit? Great, you just need to fill out this form and sit through these web lectures|https://www.theregister.com/2020/06/16/aws_credit_virtual_summit_incentive/]]|AWS Free |
||//AWS//| → [[AWS Summit Online FAQ|https://aws.amazon.com/events/summits/online/emea/faqs/]]|AWS Free_Credits|
|2020.06.16|Dark Reading|[[Cisco Brings SecureX into Full Security Lineup to Cut Complexity|https://www.darkreading.com/cloud/cisco-brings-securex-into-full-security-lineup-to-cut-complexity/d/d-id/1338097]]|Cisco Products|
|2020.06.17|Silicon.fr[>img[iCSF/flag_fr.png]]|[[SecureX : Cisco ouvrira les vannes le 30 juin|https://www.silicon.fr/securex-cisco-30-juin-341411.html]]|Cisco Products|
|2020.06.16|Cyber Defense Mag.|[[New Expectations for the Network Perimeter|https://www.cyberdefensemagazine.com/new-expectations-for-the-network-perimeter/]]|Networks|
|2020.06.16|FAIR Institute|[[Microsoft Promotes FAIR™ Analysis for Cloud Security Risk|https://www.fairinstitute.org/blog/microsoft-promotes-fair-analysis-for-cloud-security-risk]]|Azure Risk_Analysis FAIR|
|2020.06.16|CISO Mag.|[[76.36% Believe Cloud Service Provider is Responsible for Security: CISO MAG Market Trends Report|https://www.cisomag.com/shared-responsibility-model/]] ([[document|https://aspen.eccouncil.org/Docs/CISOMAG/CISO-MAG-June2020-Preview.pdf]])|Survey|
|2020.06.16|CBR Online|[[Cyber AI for SaaS Security - Computer Business Review|https://www.cbronline.com/whitepapers/cyber-ai-for-saas-security/]]|SaaS|
|2020.06.16|//Cloud Management Insider//|[[Is It Really Beneficial To Implement A Cloud Security Model On Zero Trust?|https://www.cloudmanagementinsider.com/is-it-really-beneficial-to-implement-a-cloud-security-model-on-zero-trust/]]|Zero_Trust|
|2020.06.16|Health IT Security|[[Cloud Mitigation for Ransomware, as COVID-19 Spurs Cyberattacks|https://healthitsecurity.com/news/cloud-mitigation-for-ransomware-as-covid-19-spurs-cyberattacks]]|Ransomware|
|2020.06.16|//ThousandEyes//|The Internet Report [[Ep. 11: Excuse Me, Your BGP Is Leaking|https://blog.thousandeyes.com/internet-report-episode-11/]]|IBM_Cloud Outage|
|2020.06.16|//Dropbox//|![[New features help you manage work and home|https://blog.dropbox.com/topics/product-tips/new-dropbox-helps-manage-work-and-home]] |Dropbox Products|
|2020.06.16|CISO Mag.| → [[Dropbox Drops a Box of Security Surprises for its Premium Customers|https://www.cisomag.com/dropbox-new-security-features/]]|Dropbox Products|
|2020.06.17|TechRepublic| → [[Dropbox adds password manager, vault, and other security features|https://www.techrepublic.com/article/dropbox-adds-password-manager-vault-and-other-security-features/]]|Dropbox Products|
|2020.06.16|//Palo Alto Networks//|[[How to Create a DevSecOps Culture|https://blog.paloaltonetworks.com/2020/06/cloud-devsecops-culture/]]|DevSecOps|
|2020.06.16|//CyberSecurity Help//|[[Privilege escalation in Docker Desktop|https://www.cybersecurity-help.cz/vdb/SB2020061607]]|Docker Flaw|
|2020.06.16|//Compare The Cloud//|[[Security risks of increasingly popular cloud collaboration tools|https://www.comparethecloud.net/articles/security-risks-of-increasingly-popular-cloud-collaboration-tools/]]|Risks|
|2020.06.16|//Check Point//|[[Protecting Office 365 and G Suite in a Cyber Pandemic World|https://blog.checkpoint.com/2020/06/16/protecting-office-365-and-g-suite-in-a-cyber-pandemic-world/]]|O365 G-Suite|
|2020.06.15|//Palo Alto Networks//|[[Online Learning: Security and Connectivity for Teachers and Students|https://blog.paloaltonetworks.com/2020/06/network-online-learning/]]|Training|
|2020.06.16|//Kindite//|[[Advantages and Challenges of Confidential Computing for Cloud Data Protection|https://blog.kindite.com/advantages-and-challenges-of-confidential-computing-for-cloud-data-protection]]|Confidential_Computing|
|2020.06.16|//Kindite//|[[AWS KMS vs AWS CloudHSM|https://blog.kindite.com/aws-kms-vs-aws-cloudhsm]]|AWS KMS HSM|
|2020.06.16|//Fairwinds//|[[Identifying Kubernetes Config Security Threats: Pods Running as Root|https://www.cncf.io/blog/2020/06/16/identifying-kubernetes-config-security-threats-pods-running-as-root/]]|K8s Threats|
|2020.06.16|//Porschift//|[[Cloud Workload Protection Priorities Rise in 2020|https://vmblog.com/archive/2020/06/16/cloud-workload-protection-priorities-rise-in-2020.aspx]]|CWPP Workloads|
|2020.06.16|//Rapid7//|[[How to Unlock the Power of Macro Authentication|https://blog.rapid7.com/2020/06/16/unlocking-the-power-of-macro-authentication-part-one/]]|Authentication (1/3)|
|2020.06.16|//Microsoft Azure//|[[Stay ahead of multi-cloud attacks with Azure Security Center|https://www.microsoft.com/security/blog/2020/06/16/stay-ahead-multi-cloud-attacks-azure-security-center/]]|Azure Multi_Cloud|
|2020.06.16|//Google GCP//|[[Is my data safe in Cloud?|https://medium.com/google-cloud/is-my-data-safe-in-cloud-41608c1d1f89]]|Comics Data|
|>|>|>|!2020.06.15|
|2020.06.15|FTC|![[Six steps toward more secure cloud computing|https://www.ftc.gov/news-events/blogs/business-blog/2020/06/six-steps-toward-more-secure-cloud-computing]] |Recommendations|
|2020.06.15|vpnMentor|[[Niche Dating Apps Expose 100,000s of Users in Massive Data Breach|https://www.vpnmentor.com/blog/report-dating-apps-leak/]]|AWS Data_Leak|
|2020.06.15|Silicon Angle| → [[Niche dating app user data found exposed on misconfigured cloud instance|https://siliconangle.com/2020/06/15/niche-dating-app-user-data-found-exposed-misconfigured-cloud-instance/]]|AWS Data_Leak|
|2020.06.16|The Register| → [[845GB of racy dating app records exposed to entire internet via leaky AWS buckets|https://www.theregister.com/2020/06/16/dating_apps_aws_s3_leak/]]|AWS Data_Leak|
|2020.06.16|Office of Inadequate Security| → [[845GB of racy dating app records exposed to entire internet via leaky AWS buckets|https://www.databreaches.net/845gb-of-racy-dating-app-records-exposed-to-entire-internet-via-leaky-aws-buckets/]]|AWS Data_Leak|
|2020.06.18|Office of Inadequate Security| → [[Statement by CasualX in response to "false statements" by vpnMentor|https://www.databreaches.net/statement-by-casualx-in-response-to-false-statements-by-vpnmentor/]]|AWS Data_Leak|
|2020.06.15|Uber security|[[Part 1: AWS Continuous Monitoring|https://medium.com/@ubersecurity/part-1-aws-continuous-monitoring-f39f81ea6801]] (1/2)|AWS Monitoring|
|2020.06.15|Uber security|[[Part 2: AWS Monitoring Case Studies|https://medium.com/@ubersecurity/part-2-aws-monitoring-case-studies-9fbc613aff28]] (2/2)|AWS Monitoring|
|2020.06.15|The Register|[[Microsoft 365 and Azure outage struck Australia and New Zealand just as business rocked up for a new week|https://www.theregister.com/2020/06/15/microsoft_365_outage_australia_new_zealand/]]|Outage M365|
|2020.06.15|Solutions Review|[[Barracuda: SD-WAN Is the Deployment of Choice for Secure Cloud|https://solutionsreview.com/cloud-platforms/barracuda-sd-wan-is-the-deployment-of-choice-for-secure-cloud/]]|SD-WAN|
|2020.06.15|SecTechno|[[BOtB - Container Analysis and Exploitation Tool - SecTechno|https://sectechno.com/botb-container-analysis-and-exploitation-tool/]]|Tools|
|2020.06.15|Silicon Angle|[[IBM buys Spanugo to bolster its financial services public cloud|https://siliconangle.com/2020/06/15/ibm-buys-spanugo-bolster-financial-services-public-cloud/]]|Acquisition|
|2020.06.16|Silicon.fr[img[iCSF/flag_fr.png]]| → [[Cybersécurité : IBM s'offre la start-up Spanugo|https://www.silicon.fr/cybersecurite-ibm-spanugo-341383.html]]|Acquisition|
|2020.06.16|Security Week| → [[IBM Acquires Cloud Security Company Spanugo|https://www.securityweek.com/ibm-acquires-cloud-security-company-spanugo]]|Acquisition|
|2020.06.15|Madhu Akula|[[Kubernetes Goat|https://github.com/madhuakula/kubernetes-goat]]|K8s Vulnerable_Design Challenge|
|2020.06.15|Madhu Akula| → [["Vulnerable by Design" Kubernetes Cluster|https://madhuakula.com/kubernetes-goat]]|K8s Vulnerable_Design Challenge|
|2020.06.15|Madhu Akula|[[Dockerfile Security Checks using OPA Rego Policies with Conftest|https://blog.madhuakula.com/dockerfile-security-checks-using-opa-rego-policies-with-conftest-32ab2316172f]]|Docker Best_Practices|
|2020.06.15|//Microsoft Azure//|[[Zero Trust - Part 1: Networking|https://www.microsoft.com/security/blog/2020/06/15/zero-trust-part-1-networking/]]|Zero_Trust|
|2020.06.15|//Securosis//|![[Data Security in the SaaS Age: Focus on What You Control|https://securosis.com/blog/data-security-in-the-saas-age-focus-on-what-you-control]] (2/4) |SaaS|
|2020.06.15|//capsule8//|[[Can't Contain Ourselves - Container Escapes|https://capsule8.com/blog/cant-contain-ourselves-container-escapes/]]|Containers|
|2020.06.15|//Spanning//|[[Denial-of-Service (DoS) Attacks - Web-based Application Security, Part 7|https://spanning.com/blog/denial-of-service-attacks-web-based-application-security-part-7/]]|DDoS|
|2020.06.15|//Sophos//|[[Microsoft Azure users leave front door open for cryptomining crooks|https://nakedsecurity.sophos.com/2020/06/15/microsoft-azure-users-leave-front-door-open-for-cryptomining-crooks/]]|Azure Cryptomining|
|2020.06.15|//Fugue//|[[Fugue Sees 49% Spike in Cloud Security Product Usage Since Start of COVID-19 Crisis|https://www.fugue.co/blog/fugue-sees-49-spike-in-cloud-security-product-usage-since-start-of-covid-19-crisis]]|Products|
|2020.06.15|//Microsoft Azure//|[[Audit compliance of Azure container registries using Azure Policy|https://docs.microsoft.com/en-gb/azure/container-registry/container-registry-azure-policy]]|Azure Containers Audit|
<<tiddler [[arOund0C]]>>
!"//Critical Controls Implementation for SAP, Part 2//"
La date limite pour transmettre les commentaires est le 17 juillet 2020.
<<<
//SAP security documentation can be difficult to navigate and there are currently no frameworks that aligns with standard controls. This document aims to alleviate that problem by describing the implementation of the Top 20 Critical Controls for Cloud ERP Customer from a technology specific perspective, in this case SAP. SAP customers are extensively migrating to the cloud and will benefit from this document the most.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/k6ia/|https://CloudSecurityAlliance.fr/go/k6ia/]]''
!"//Cloud Security Alliance Offers Guidance on Adhering to Privacy, Security Protocols for Telehealth Data in the Cloud//"
[>img(150px,auto)[iCSA/K6GPT.jpg]]
<<<
//SEATTLE - June 18, 2020 - The Cloud Security Alliance [...] announced today the release of its newest report, ''Telehealth Data in the Cloud''.
Produced by the ''Health Information Management Working Group'', the paper examines the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud, including those within the context of edge computing for telehealth solutions.
In the wake of COVID-19, health delivery organizations (HDOs) have quickly increased their utilization of telehealth capabilities (i.e., remote patient monitoring (RPM) and telemedicine) to treat patients in their homes. These technology solutions allow for the delivery of patient treatment, comply with COVID-19 mitigation best practices, and reduce the risk of exposure for health care providers. Going forward, telehealth solutions - which introduce high levels of patient data over the Internet and in the cloud - can be used to remotely monitor and treat patients who have mild cases of the virus, as well as other health issues. However, this remote environment also comes with an array of privacy and security challenges.
"For health care systems, telehealth has emerged as a critical technology for safe and efficient communications between healthcare providers and patients, and accordingly, it's vital to review the end-to-end architecture of a telehealth delivery system," said Dr. Jim Angle, co-chair of CSA's Health Information Management Working Group. "A full analysis can help determine whether privacy and security vulnerabilities exist, what security controls are required for proper cybersecurity of the telehealth ecosystem, and if patient privacy protections are adequate."
With the increased use of telehealth in the cloud, HDOs must adequately and proactively address data, privacy, and security issues. The HDO cannot leave this up to the cloud service provider, as it is a shared responsibility. The HDO must understand regulatory requirements, as well as the technologies that support the system. Regulatory mandates may span multiple jurisdictions, and requirements may include both the GDPR and HIPAA. Armed with the right information, the HDO can implement and maintain a secure and robust telehealth program. Cloud Access Security Brokers, the paper notes, ensure HDOs understand what cloud connections are made and what data is sent to the cloud. //
<<<
__Liens :__
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/k6ga/|https://CloudSecurityAlliance.fr/go/k6ga/]]''
* Document ⇒ ''[[CloudSecurityAlliance.fr/go/k6gp/|https://CloudSecurityAlliance.fr/go/k6gp/]]''
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #68|2020.06.14 - Newsletter Hebdomadaire #68]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #68|2020.06.14 - Weekly Newsletter - #68]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.06.14 - Newsletter Hebdomadaire #68]]>> |<<tiddler [[2020.06.14 - Weekly Newsletter - #68]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 7 au 14 juin 2020
!!1 - Informations CSA - 7 au 14 juin 2020
* Actualité : Appel à contribution pour le Congrès EMEA de la CSA+++*[»]> <<tiddler [[2020.06.11 - Appel à contribution pour le Congrès EMEA de la CSA]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.06.14 - Veille Hebdomadaire - 14 juin]] avec plus de 90 liens
* __''À lire''__
** IBM ''2020 Cloud Security Landscape Report''+++*[»]
|2020.06.10|//IBM//|![[IBM: Security in the Cloud Remains Challenged by Complexity and Shadow IT|https://www.prnewswire.com/news-releases/ibm-security-in-the-cloud-remains-challenged-by-complexity-and-shadow-it-301073885.html]] |Report IBM|
|2020.06.10|//IBM//| → [[2020 Cloud Security Landscape Report|https://ibm.biz/cloudsecurityreport]]|Report IBM|
|2020.06.10|//Security Intelligence//| → [[How Threat Actors Are Adapting to the Cloud|https://securityintelligence.com/posts/how-threat-actors-are-adapting-to-the-cloud/]]|Attacks|
|2020.06.10|TechRepublic| → [[How to better defend your cloud-based environments against cyberattack|https://www.techrepublic.com/article/how-to-better-defend-your-cloud-based-environments-against-cyberattack/]]|Report IBM|
|2020.06.11|Help Net Security| → [[Top security risks for companies to address as cloud migration accelerates|https://www.helpnetsecurity.com/2020/06/11/cloud-migration-risks/]]|Report IBM|
|2020.06.12|MSSP Alert| → [[Cloud Service Providers and Security: IBM Research Findings|https://www.msspalert.com/cybersecurity-research/cloud-service-providers-ibm-findings/]]|Report IBM|
===
** SGAxe: "How SGX Fails in Practice"+++*[»]
|2020.06.12|SGAxe|![[SGAxe: How SGX Fails in Practice|https://sgaxe.com/]] ([[analyse|https://sgaxe.com/files/SGAxe.pdf]]) |SGX Enclave Intel Flaw|
|2020.06.12|SGAxe| → [[CacheOut: Leaking Data on Intel CPUs via Cache Evictions|https://sgaxe.com/files/CacheOut.pdf]] (pdf)|SGX Intel Flaw|
===
** Rapport du NCSC néerlandais sur les Clouds Publics+++*[»]
|2020.06.11|NCSC.NL|!Retour d'expériences du NCSC en matière d'utilisation des clouds (publics) [[en néerlandais|https://www.ncsc.nl/actueel/nieuws/2020/juni/11/clouddiensten]] ([[rapport en néerlandais|https://www.ncsc.nl/binaries/ncsc/documenten/rapporten/juni/ervaringsdocument/20/cloudervaringsdocument/Cloudervaringsdocument+NCSC.pdf]]) |Analysis|
===
* __Attaques__
** Attaque "Denial of Wallet" sur AWS+++*[»]
|2020.06.08|Summit Route|![[Denial of Wallet Attacks on AWS|https://summitroute.com/blog/2020/06/08/denial_of_wallet_attacks_on_aws/]] |AWS Attack_Analysis|
===
** Prestataires Cloud ciblés+++*[»]
|2020.06.09|//Crowdstrike//|![[Attackers Are Targeting Cloud Service Providers|https://www.crowdstrike.com/blog/crowdstrike-observes-increase-in-iaas-api-key-theft/]] |APIs|
===
** Mauvaises configurations de Buckets AWS S3+++*[»]
|2020.06.09|//RiskIQ//|![[Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code|https://www.riskiq.com/blog/labs/misconfigured-s3-buckets/]] |AWS_S3 Misconfiguration|
|2020.06.09|Infosecurity Mag|[[More S3 Buckets Compromised with Magecart and Malicious Redirector|https://www.infosecurity-magazine.com/news/s3-compromised-magecart-malicious/]]|AWS_S3 Malware|
|2020.06.11|infoRisk Today| → [[Unsecured AWS S3 Buckets Infected With Skimmer Code|https://www.inforisktoday.com/unsecured-aws-s3-buckets-infected-skimmer-code-a-14421]]|AWS_S3 Compromise|
===
** Mauvaises configurations de workloads Kubeflow+++*[»]
|2020.06.10|//Microsoft Azure//|[[Misconfigured Kubeflow workloads are a security risk|https://www.microsoft.com/security/blog/2020/06/10/misconfigured-kubeflow-workloads-are-a-security-risk/]]|KubeFlow Misconfiguration|
|2020.06.12|Dark Reading| → [[Cryptominers Found in Azure Kubernetes Containers|https://www.darkreading.com/attacks-breaches/cryptominers-found-in-azure-kubernetes-containers/d/d-id/1338083]]|KubeFlow Misconfiguration|
|2020.06.11|Security Week| → [[Microsoft Identifies Attack Targeting Kubeflow Environments|https://www.securityweek.com/microsoft-identifies-attack-targeting-kubeflow-environments]]|KubeFlow Misconfiguration|
===
** Campagnes de phishing en cours sur Office 365+++*[»]
|2020.06.10|Bleeping Computer|[[Office 365 phishing baits business owners with relief payments|https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-business-owners-with-relief-payments/]]|Phishing O365|
=== et AWS+++*[»]
|2020.06.11|//Cado Security//|[[An Ongoing AWS Phishing Campaign|https://www.cadosecurity.com/2020/06/11/an-ongoing-aws-phishing-campaign/]]|AWS Phishing Analysis|
===
** Campagnes de cryptominers contre des Kubernetes Clusters+++*[»]
|2020.06.11|//Threatpost//|[[Kubernetes Falls to Cryptomining via Machine-Learning Framework|https://threatpost.com/kubernetes-cryptomining-machine-learning-framework/156481/]]|K8s Cryptomining|
|2020.06.12|//CyberSecurity Help//| → [[New cryptomining campaign targets ML-focused Kubernetes clusters|https://www.cybersecurity-help.cz/blog/1305.html]]|K8s CryptoMining|
===
* __Pannes__
** IBM Cloud victime collatérale d'un incident BGP+++*[»]
|2020.06.09|//IBM//|[[IBM Cloud - June 9 Outage|https://cloud.ibm.com/status?query=IBM+Cloud+-+June+9+Outage%0D%0A%0D&selected=announcement]]|IBM Outage|
|2020.06.09|CRN| → [[Widespread Outage Hits IBM Cloud|https://www.crn.com/news/cloud/widespread-outage-hits-ibm-cloud]]|Outage IBM|
|2020.06.10|CRN| → [[IBM Blames Massive Cloud Outage On Third-Party Network Provider|https://www.crn.com/news/cloud/ibm-blames-massive-cloud-outage-on-third-party-network-provider]]|Outage IBM|
|2020.06.10|Silicon Angle| → [[IBM cloud outage brings down customer websites worldwide|https://siliconangle.com/2020/06/09/ibm-cloud-outage-leads-customer-websites-going-worldwide/]]|Outage IBM|
|2020.06.10|//Catchpoint//| → [[IBM Cloud experienced global outage on June 9|https://websee.com/verified-issues/5ee02acdfb5d6127c96b8ec8]]|Outage IBM|
|2020.06.10|CBR Online|[[IBM Blames "Incorrect Routing" by Third Party for Global Cloud Outage|https://www.cbronline.com/news/ibm-cloud-outage]]|Outage|
|2020.06.11|Bleeping Computer| → [[IBM Cloud global outage caused by "incorrect" BGP routing|https://www.bleepingcomputer.com/news/technology/ibm-cloud-global-outage-caused-by-incorrect-bgp-routing/]]|Outage IBM|
|2020.06.11|CRN (AU)| → [[IBM blames massive cloud outage on third-party network provider|https://www.crn.com.au/news/ibm-blames-massive-cloud-outage-on-third-party-network-provider-549138]]|Outage IBM|
===
* __Rapports et études__
** ENISA : remontées d'incidents des opératuers télécoms et de confiance+++*[»]
|2020.06.09|ENISA|![[Spotlight on incident reporting of telecom security and trust services|https://www.enisa.europa.eu/news/enisa-news/spotlight-on-incident-reporting-of-telecom-security-and-trust-services]] |Incidents Telcos Repository|
|2020.06.09|ENISA| → [[Cybersecurity Incident Report and Analysis System - Visual Analysis Tool|https://www.enisa.europa.eu/topics/incident-reporting/cybersecurity-incident-report-and-analysis-system-visual-analysis/visual-tool]]|Incidents Telcos Tools|
|2020.06.10|CBR Online| → [[New EU Data on Telco "Security" Issues Shows… Switchgear Failures and Power Outages|https://www.cbronline.com/news/telco-outages-enisa]]|Incidents Telcos|
===
** Comparitech : bases de données cibles d'attaques dans le cloud+++*[»]
|2020.06.10|//Comparitech//|![[We setup a honeypot to see how long for hackers find unsecured database|https://www.comparitech.com/blog/information-security/unsecured-database-honeypot/]] |Attacks Misconfiguration|
|2020.06.10|Dark Reading| → [[Misconfigured Databases Targeted Hours After Deployment|https://www.darkreading.com/cloud/misconfigured-databases-targeted-hours-after-deployment/d/d-id/1338052]]|Attacks Misconfiguration|
|2020.06.10|Security Week| → [[Misconfigured Public Cloud Databases Attacked Within Hours of Deployment|https://www.securityweek.com/misconfigured-public-cloud-databases-attacked-within-hours-deployment]]|Attacks Misconfiguration|
===
** RiskIQ : surface d'attaque+++*[»]
|2020.06.11|//RiskIQ//|![[New Data-Driven Research Shows 5 Areas Organizations are Most Vulnerable Outside the Firewall|https://www.riskiq.com/blog/external-threat-management/analysis-attack-surface/]] ([[rapport|https://www.riskiq.com/research/analysis-of-an-attack-surface/]]) |Report Attack_Surface|
|2020.06.11|Dark Reading| → [[Attack Surface Area Larger Than Most Businesses Believe|https://www.darkreading.com/perimeter/attack-surface-area-larger-than-most-businesses-believe/d/d-id/1338057]]|Report Attack_Surface|
===
** Cobalt.io : vulnérabilités le plus courantes lors des tests d'intrusion+++*[»]
|2020.06.09|//Cobalt.io//|[[Fourth Annual "The State of Pentesting" Finds Strong Relationship Between Security and Engineering, Accelerating Transition to DevSecOps|http://www.globenewswire.com/news-release/2020/06/09/2045649/0/en/Fourth-Annual-The-State-of-Pentesting-Finds-Strong-Relationship-Between-Security-and-Engineering-Accelerating-Transition-to-DevSecOps.html]] ([[rapport|https://resource.cobalt.io/the-state-of-pentesting-2020]])|Report PenTesting|
===
* __Acquisitions__
** Peach Tech et Fuzzit par GitLab+++*[»]
|2020.06.11|Security Week|[[GitLab Acquires Security Companies Peach Tech and Fuzzit|https://www.securityweek.com/gitlab-acquires-security-companies-peach-tech-and-fuzzit]]||
===
* __Divers__
** Évaluation du niveau de sécurité dans AWS+++*[»]
|2020.06.14|Chris Farris|[[Conducting a Cloud Assessment in AWS|https://www.chrisfarris.com/post/cloud-assessment/]]|AWS Assessment|
===
** Sécurité du stockage dans le Cloud+++*[»]
|2020.06.08|Computer Weekly|[[Cloud storage 101: NAS file storage on AWS, Azure and GCP|https://www.computerweekly.com/feature/Cloud-storage-101-NAS-file-storage-on-AWS-Azure-and-GCP]]|Storage|
|2020.06.08|//Google Cloud//|[[5 ways to enhance your cloud storage security and data protection|https://cloud.google.com/blog/products/storage-data-transfer/5-ways-to-enhance-your-cloud-storage-security-and-data-protection/]]|GCP Storage|
===
** la position de CIS sur le Shared Responsibility+++*[»]
|2020.06.09|//CISecurity//|![[Cloud Security and the Shared Responsibility Model|https://www.cisecurity.org/white-papers/cloud-security-and-the-shared-responsibility-model/]] |Shared_Responsibility|
===
** Certifications sécurité AWS+++*[»]
|2020.06.10|CRN (AU)|[[Ten tips for making the most of AWS security certifications|https://www.crn.com.au/news/ten-tips-for-making-the-most-of-aws-security-certifications-549074]]|AWS Certification|
===
** Honeypots sur AWS+++*[»]
|2020.06.10|Nino Crudele|[[How to test your Azure Security appliances - The honeypot strategy and how to install bWapp|https://ninocrudele.com/how-to-test-your-azure-security-appliances-the-honeypot-strategy-and-how-to-install-bwapp]]|Azure Honeypot|
===
** Outils: Dive+++*[»]
|2020.06.09|SecTechno|[[Dive - Tool for Exploring Each Layer in a Docker Image - SecTechno|https://sectechno.com/dive-tool-for-exploring-each-layer-in-a-docker-image/]]|Tools|
===
!!3 - Lien direct
!!|!⇒ [[CloudSecurityAlliance.fr/go/K6E/|https://CloudSecurityAlliance.fr/go/K6E/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - June 7th to 14th, 2020[>img[iCSF/inEnglish.png]]
!!1 - CSA News and Updates - June 7th to 14th, 2020
* News : Call for Papers for CSA EMEA Congress 2020+++*[»]> <<tiddler [[2020.06.11 - Appel à contribution pour le Congrès EMEA de la CSA]]>>===
!!2 - Cloud and Security News Watch
[[Over 90 links|2020.06.14 - Veille Hebdomadaire - 14 juin]]
* __''Must read''__
** IBM ''2020 Cloud Security Landscape Report''+++*[»]
|2020.06.10|//IBM//|![[IBM: Security in the Cloud Remains Challenged by Complexity and Shadow IT|https://www.prnewswire.com/news-releases/ibm-security-in-the-cloud-remains-challenged-by-complexity-and-shadow-it-301073885.html]] |Report IBM|
|2020.06.10|//IBM//| → [[2020 Cloud Security Landscape Report|https://ibm.biz/cloudsecurityreport]]|Report IBM|
|2020.06.10|//Security Intelligence//| → [[How Threat Actors Are Adapting to the Cloud|https://securityintelligence.com/posts/how-threat-actors-are-adapting-to-the-cloud/]]||
|2020.06.10|TechRepublic| → [[How to better defend your cloud-based environments against cyberattack|https://www.techrepublic.com/article/how-to-better-defend-your-cloud-based-environments-against-cyberattack/]]|Report IBM|
|2020.06.11|Help Net Security| → [[Top security risks for companies to address as cloud migration accelerates|https://www.helpnetsecurity.com/2020/06/11/cloud-migration-risks/]]|Report IBM|
|2020.06.12|MSSP Alert| → [[Cloud Service Providers and Security: IBM Research Findings|https://www.msspalert.com/cybersecurity-research/cloud-service-providers-ibm-findings/]]|Report IBM|
===
** SGAxe: How SGX Fails in Practice+++*[»]
|2020.06.12|SGAxe|![[SGAxe: How SGX Fails in Practice|https://sgaxe.com/]] ([[analyse|https://sgaxe.com/files/SGAxe.pdf]]) |SGX Enclave Intel Flaw|
|2020.06.12|SGAxe| → [[CacheOut: Leaking Data on Intel CPUs via Cache Evictions|https://sgaxe.com/files/CacheOut.pdf]] (pdf)|SGX Intel Flaw|
===
** NCSL.NL Report on Public Clouds (in Dutch)+++*[»]
|2020.06.11|NCSC.NL|!Retour d'expériences du NCSC en matière d'utilisation des clouds (publics) [[en néerlandais|https://www.ncsc.nl/actueel/nieuws/2020/juni/11/clouddiensten]] ([[rapport en néerlandais|https://www.ncsc.nl/binaries/ncsc/documenten/rapporten/juni/ervaringsdocument/20/cloudervaringsdocument/Cloudervaringsdocument+NCSC.pdf]]) |Analysis|
===
* __Attacks__
** Denial of Wallet Attacks on AWS+++*[»]
|2020.06.08|Summit Route|![[Denial of Wallet Attacks on AWS|https://summitroute.com/blog/2020/06/08/denial_of_wallet_attacks_on_aws/]] |AWS Attack_Analysis|
===
** CSP as targets+++*[»]
|2020.06.09|//Crowdstrike//|![[Attackers Are Targeting Cloud Service Providers|https://www.crowdstrike.com/blog/crowdstrike-observes-increase-in-iaas-api-key-theft/]] |APIs|
===
** Misconfigured AWS S3 Buckets+++*[»]
|2020.06.09|//RiskIQ//|![[Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code|https://www.riskiq.com/blog/labs/misconfigured-s3-buckets/]] |AWS_S3 Misconfiguration|
|2020.06.09|Infosecurity Mag|[[More S3 Buckets Compromised with Magecart and Malicious Redirector|https://www.infosecurity-magazine.com/news/s3-compromised-magecart-malicious/]]|AWS_S3 Malware|
|2020.06.11|infoRisk Today| → [[Unsecured AWS S3 Buckets Infected With Skimmer Code|https://www.inforisktoday.com/unsecured-aws-s3-buckets-infected-skimmer-code-a-14421]]|AWS_S3 Compromise|
===
** Misconfigured Kubeflow workloads+++*[»]
|2020.06.10|//Microsoft Azure//|[[Misconfigured Kubeflow workloads are a security risk|https://www.microsoft.com/security/blog/2020/06/10/misconfigured-kubeflow-workloads-are-a-security-risk/]]|KubeFlow Misconfiguration|
|2020.06.12|Dark Reading| → [[Cryptominers Found in Azure Kubernetes Containers|https://www.darkreading.com/attacks-breaches/cryptominers-found-in-azure-kubernetes-containers/d/d-id/1338083]]|KubeFlow Misconfiguration|
|2020.06.11|Security Week| → [[Microsoft Identifies Attack Targeting Kubeflow Environments|https://www.securityweek.com/microsoft-identifies-attack-targeting-kubeflow-environments]]|KubeFlow Misconfiguration|
===
** Ongoing Office 365+++*[»]
|2020.06.10|Bleeping Computer|[[Office 365 phishing baits business owners with relief payments|https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-business-owners-with-relief-payments/]]|Phishing O365|
=== and AWS+++*[»]>
|2020.06.11|//Cado Security//|[[An Ongoing AWS Phishing Campaign|https://www.cadosecurity.com/2020/06/11/an-ongoing-aws-phishing-campaign/]]|AWS Phishing Analysis|
=== Phishing Campaigns
** Cryptomining Campaign Targets Kubernetes Clusters+++*[»]
|2020.06.11|//Threatpost//|[[Kubernetes Falls to Cryptomining via Machine-Learning Framework|https://threatpost.com/kubernetes-cryptomining-machine-learning-framework/156481/]]|K8s Cryptomining|
|2020.06.12|//CyberSecurity Help//| → [[New cryptomining campaign targets ML-focused Kubernetes clusters|https://www.cybersecurity-help.cz/blog/1305.html]]||
===
* __Outages__
** IBM Cloud as a collateral damage of a BGP incident+++*[»]
|2020.06.09|//IBM//|[[IBM Cloud - June 9 Outage|https://cloud.ibm.com/status?query=IBM+Cloud+-+June+9+Outage%0D%0A%0D&selected=announcement]]|IBM Outage|
|2020.06.09|CRN| → [[Widespread Outage Hits IBM Cloud|https://www.crn.com/news/cloud/widespread-outage-hits-ibm-cloud]]|Outage IBM|
|2020.06.10|CRN| → [[IBM Blames Massive Cloud Outage On Third-Party Network Provider|https://www.crn.com/news/cloud/ibm-blames-massive-cloud-outage-on-third-party-network-provider]]|Outage IBM|
|2020.06.10|Silicon Angle| → [[IBM cloud outage brings down customer websites worldwide|https://siliconangle.com/2020/06/09/ibm-cloud-outage-leads-customer-websites-going-worldwide/]]|Outage IBM|
|2020.06.10|//Catchpoint//| → [[IBM Cloud experienced global outage on June 9|https://websee.com/verified-issues/5ee02acdfb5d6127c96b8ec8]]|Outage IBM|
|2020.06.10|CBR Online|[[IBM Blames "Incorrect Routing" by Third Party for Global Cloud Outage|https://www.cbronline.com/news/ibm-cloud-outage]]|Outage|
|2020.06.11|Bleeping Computer| → [[IBM Cloud global outage caused by "incorrect" BGP routing|https://www.bleepingcomputer.com/news/technology/ibm-cloud-global-outage-caused-by-incorrect-bgp-routing/]]|Outage IBM|
|2020.06.11|CRN (AU)| → [[IBM blames massive cloud outage on third-party network provider|https://www.crn.com.au/news/ibm-blames-massive-cloud-outage-on-third-party-network-provider-549138]]|Outage IBM|
===
* __Reports and Surveys__
** ENISA on incident reporting of telcos security and trust services+++*[»]
|2020.06.09|ENISA|![[Spotlight on incident reporting of telecom security and trust services|https://www.enisa.europa.eu/news/enisa-news/spotlight-on-incident-reporting-of-telecom-security-and-trust-services]] |Incidents Telcos Repository|
|2020.06.09|ENISA| → [[Cybersecurity Incident Report and Analysis System - Visual Analysis Tool|https://www.enisa.europa.eu/topics/incident-reporting/cybersecurity-incident-report-and-analysis-system-visual-analysis/visual-tool]]|Incidents Telcos Tools|
|2020.06.10|CBR Online| → [[New EU Data on Telco "Security" Issues Shows… Switchgear Failures and Power Outages|https://www.cbronline.com/news/telco-outages-enisa]]|Incidents Telcos|
===
** Comparitech on databases targeted by attacks+++*[»]
|2020.06.10|//Comparitech//|![[We setup a honeypot to see how long for hackers find unsecured database|https://www.comparitech.com/blog/information-security/unsecured-database-honeypot/]] |Attacks Misconfiguration|
|2020.06.10|Dark Reading| → [[Misconfigured Databases Targeted Hours After Deployment|https://www.darkreading.com/cloud/misconfigured-databases-targeted-hours-after-deployment/d/d-id/1338052]]|Attacks Misconfiguration|
|2020.06.10|Security Week| → [[Misconfigured Public Cloud Databases Attacked Within Hours of Deployment|https://www.securityweek.com/misconfigured-public-cloud-databases-attacked-within-hours-deployment]]|Attacks Misconfiguration|
===
** RiskIQ on Attack Surface+++*[»]
|2020.06.11|//RiskIQ//|![[New Data-Driven Research Shows 5 Areas Organizations are Most Vulnerable Outside the Firewall|https://www.riskiq.com/blog/external-threat-management/analysis-attack-surface/]] ([[rapport|https://www.riskiq.com/research/analysis-of-an-attack-surface/]]) |Report Attack_Surface|
|2020.06.11|Dark Reading| → [[Attack Surface Area Larger Than Most Businesses Believe|https://www.darkreading.com/perimeter/attack-surface-area-larger-than-most-businesses-believe/d/d-id/1338057]]|Report Attack_Surface|
===
** Cobalt.io : Most Common Vulnerabilities Found During Pentests+++*[»]
|2020.06.09|//Cobalt.io//|[[Fourth Annual "The State of Pentesting" Finds Strong Relationship Between Security and Engineering, Accelerating Transition to DevSecOps|http://www.globenewswire.com/news-release/2020/06/09/2045649/0/en/Fourth-Annual-The-State-of-Pentesting-Finds-Strong-Relationship-Between-Security-and-Engineering-Accelerating-Transition-to-DevSecOps.html]] ([[rapport|https://resource.cobalt.io/the-state-of-pentesting-2020]])|Report PenTesting|
===
* __Acquisitions__
** Peach Tech and Fuzzit by GitLab+++*[»]
|2020.06.11|Security Week|[[GitLab Acquires Security Companies Peach Tech and Fuzzit|https://www.securityweek.com/gitlab-acquires-security-companies-peach-tech-and-fuzzit]]||
===
* __Miscellaneous__
** Cloud Assessment in AWS+++*[»]
|2020.06.14|Chris Farris|[[Conducting a Cloud Assessment in AWS|https://www.chrisfarris.com/post/cloud-assessment/]]|AWS Assessment|
===
** Cloud Storage security+++*[»]
|2020.06.08|Computer Weekly|[[Cloud storage 101: NAS file storage on AWS, Azure and GCP|https://www.computerweekly.com/feature/Cloud-storage-101-NAS-file-storage-on-AWS-Azure-and-GCP]]|Storage|
|2020.06.08|//Google Cloud//|[[5 ways to enhance your cloud storage security and data protection|https://cloud.google.com/blog/products/storage-data-transfer/5-ways-to-enhance-your-cloud-storage-security-and-data-protection/]]|GCP Storage|
===
** CIS' view on Shared Responsibility+++*[»]
|2020.06.09|//CISecurity//|![[Cloud Security and the Shared Responsibility Model|https://www.cisecurity.org/white-papers/cloud-security-and-the-shared-responsibility-model/]] |Shared_Responsibility|
===
** AWS Security Certifications+++*[»]
|2020.06.10|CRN (AU)|[[Ten tips for making the most of AWS security certifications|https://www.crn.com.au/news/ten-tips-for-making-the-most-of-aws-security-certifications-549074]]|AWS Certification|
===
** Honeypots on AWS+++*[»]
|2020.06.10|Nino Crudele|[[How to test your Azure Security appliances - The honeypot strategy and how to install bWapp|https://ninocrudele.com/how-to-test-your-azure-security-appliances-the-honeypot-strategy-and-how-to-install-bwapp]]|Azure Honeypot|
===
** Tools: Dive+++*[»]
|2020.06.09|SecTechno|[[Dive - Tool for Exploring Each Layer in a Docker Image - SecTechno|https://sectechno.com/dive-tool-for-exploring-each-layer-in-a-docker-image/]]|Tools|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K6E/|https://CloudSecurityAlliance.fr/go/K6E/]] |
<<tiddler [[arOund0C]]>>
|!Juin|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.06.14|
|2020.06.14|Marco Lancini|[[The Cloud Security Reading List #41|https://cloudseclist.com/issues/issue-41/]]|Weekly_Newsletter|
|2020.06.14|Chris Farris|[[Conducting a Cloud Assessment in AWS|https://www.chrisfarris.com/post/cloud-assessment/]]|AWS Assessment|
|2020.06.14|Keith Rozario|[[Access Keys in AWS Lambda|https://www.keithrozario.com/2020/06/access-keys-in-aws-lambda.html]]|AWS|
|2020.06.14|Office 365 blog|![[AAD & M365 kill chain|https://o365blog.com/aadkillchain/]] (1/5) |AzureAD M365 KillChain|
|>|>|>|!2020.06.12|
|2020.06.12|SGAxe|![[SGAxe: How SGX Fails in Practice|https://sgaxe.com/]] ([[analyse|https://sgaxe.com/files/SGAxe.pdf]]) |SGX Enclave Intel Flaw|
|2020.06.12|SGAxe| → [[CacheOut: Leaking Data on Intel CPUs via Cache Evictions|https://sgaxe.com/files/CacheOut.pdf]] (pdf)|SGX Intel Flaw|
|2020.06.12|Open Source DFIR|[[Forensic Disk Copies in GCP & AWS|https://osdfir.blogspot.com/2020/06/forensic-disk-copies-in-gcp-aws.html]]|Forensics AWS GCP|
|2020.06.12|Bleeping Computer|[[Office 365 to offer more info on how it protects your email|https://www.bleepingcomputer.com/news/security/office-365-to-offer-more-info-on-how-it-protects-your-email/]]|0365 Azure_ATP|
|2020.06.12|//Microsoft Azure//|[[Enabling Data Residency and Data Protection in Microsoft Azure Regions|https://azure.microsoft.com/en-us/resources/achieving-compliant-data-residency-and-security-with-azure/]] ([[pdf|https://azure.microsoft.com/mediahandler/files/resourcefiles/achieving-compliant-data-residency-and-security-with-azure/Enabling_Data_Residency_and_Data_Protection_in_Microsoft_Azure_Regions.pdf]])|
|2020.06.12|//Cloud Management Insider//|[[Past, Present and Future of Quantum Computing and Cloud|https://www.cloudmanagementinsider.com/past-present-and-future-of-quantum-computing-and-cloud/]]|Quantum_Computing|
|2020.06.12|//Jump Cloud//|[[Can G Suite Serve as Your Domain Controller?|https://jumpcloud.com/blog/can-g-suite-serve-domain-controller]]|Directory-as-a-Service|
|2020.06.12|//Praetorian//|[[AWS IAM Assume Role Vulnerabilities Found in Many Top Vendors|https://www.praetorian.com/blog/aws-iam-assume-role-vulnerabilities]]|AWS IAM|
|>|>|>|!2020.06.11|
|2020.06.11|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Valoriser et moderniser des charges SAP dans le Cloud : contourner les 5 principaux écueils|https://www.silicon.fr/avis-expert/valoriser-et-moderniser-des-charges-sap-dans-le-cloud-contourner-les-5-principaux-ecueils]]|SAP|
|2020.06.11|NCSC.NL|!Retour d'expériences du NCSC en matière d'utilisation des clouds (publics) [[en néerlandais|https://www.ncsc.nl/actueel/nieuws/2020/juni/11/clouddiensten]] ([[rapport en néerlandais|https://www.ncsc.nl/binaries/ncsc/documenten/rapporten/juni/ervaringsdocument/20/cloudervaringsdocument/Cloudervaringsdocument+NCSC.pdf]]) |Analysis|
|2020.06.11|Security Week|[[GitLab Acquires Security Companies Peach Tech and Fuzzit|https://www.securityweek.com/gitlab-acquires-security-companies-peach-tech-and-fuzzit]]||
|2020.06.11|Help Net Security|[[5 keys to protecting OneDrive users|https://www.helpnetsecurity.com/2020/06/11/onedrive-security/]]|OneDrive|
|2020.06.11|NewtGov|[[3 Ways Agencies Can Improve Cloud Security and Performance|https://www.nextgov.com/ideas/2020/06/3-ways-agencies-can-improve-cloud-security-and-performance/165968/]]|Misc|
|2020.06.11|InfoQ|![[The Defense Department's Journey with DevSecOps|https://www.infoq.com/news/2020/06/defense-department-devsecops/]] |DevSecOps|
|2020.06.11|DZone|[[Utilizing AWS Backup To Improve Your Recovery Time|https://dzone.com/articles/utilizing-aws-backup-to-improve-your-recovery-time]]|AWS Backups|
|2020.06.11|//RiskIQ//|![[New Data-Driven Research Shows 5 Areas Organizations are Most Vulnerable Outside the Firewall|https://www.riskiq.com/blog/external-threat-management/analysis-attack-surface/]] ([[rapport|https://www.riskiq.com/research/analysis-of-an-attack-surface/]]) |Report Attack_Surface|
|2020.06.11|Dark Reading| → [[Attack Surface Area Larger Than Most Businesses Believe|https://www.darkreading.com/perimeter/attack-surface-area-larger-than-most-businesses-believe/d/d-id/1338057]]|Report Attack_Surface|
|2020.06.11|//AWS//|[[The importance of encryption and how AWS can help|https://aws.amazon.com/blogs/security/importance-of-encryption-and-how-aws-can-help/]]|AWS Encryption|
|2020.06.11|//Optiv//|[[Microsoft Defender ATP Telemetry: Viewing MITRE ATT&CK Context|https://www.optiv.com/blog/microsoft-defender-atp-telemetry-viewing-mitre-attck-context]] (1/3)|Azure_ATP Telemetry|
|2020.06.11|//Optiv//|[[Defender ATP Telemetry: Viewing MITRE ATT&CK Context|https://www.optiv.com/blog/microsoft-defender-atp-telemetry-azure-log-analytics-workspace]] (2/3)|Azure_ATP Telemetry|
|2020.06.11|//Optiv//|[[Microsoft Defender ATP Telemetry: Workbook Visualizations|https://www.optiv.com/explore-optiv-insights/blog/microsoft-defender-atp-telemetry-workbook-visualizations-part-3]] (3/3)|Azure_ATP Telemetry|
|2020.06.11|//Threatpost//|[[Kubernetes Falls to Cryptomining via Machine-Learning Framework|https://threatpost.com/kubernetes-cryptomining-machine-learning-framework/156481/]]|K8s Cryptomining|
|2020.06.12|//CyberSecurity Help//| → [[New cryptomining campaign targets ML-focused Kubernetes clusters|https://www.cybersecurity-help.cz/blog/1305.html]]||
|2020.06.11|//Cado Security//|[[An Ongoing AWS Phishing Campaign|https://www.cadosecurity.com/2020/06/11/an-ongoing-aws-phishing-campaign/]]|AWS Phishing Analysis|
|2020.06.11|//Microsoft//|[[What's new in Microsoft 365 Compliance and Risk Management |https://www.microsoft.com/security/blog/2020/06/11/whats-new-microsoft-365-compliance-risk-management/]]|M365 Compliance|
|2020.06.11|//Caylent//|[[How to Create Your Own Kubernetes Custom Resources|https://caylent.com/how-to-create-your-own-kubernetes-custom-resources]]|K8s|
|2020.06.11|Fairwinds|![[Common Kubernetes Config Security Threats|https://www.fairwinds.com/blog/kubernetes-config-security-threats]] |K8s Threats|
|>|>|>|!2020.06.10|
|2020.06.10|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Health Data Hub : le choix de Microsoft contesté devant le Conseil d'État|https://www.silicon.fr/health-data-hub-conseil-etat-341020.html]]|Health_Data_Hub France|
|2020.06.10|TL;DR Security|[[#38 - Threat Modeling for Devs, Attacking JWTs, On Accepting Ads|https://tldrsec.com/blog/tldr-sec-038/]] |Weekly_Newsletter|
|2020.06.10|Nino Crudele|[[How to test your Azure Security appliances - The honeypot strategy and how to install bWapp|https://ninocrudele.com/how-to-test-your-azure-security-appliances-the-honeypot-strategy-and-how-to-install-bwapp]]|Azure Honeypot|
|2020.06.10|Bleeping Computer|[[Office 365 phishing baits business owners with relief payments|https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-business-owners-with-relief-payments/]]|Phishing O365|
|2020.06.10|Cloud Academy|[[6 Ways to Prevent a Data Breach|https://cloudacademy.com/blog/ways-to-prevent-a-data-breach/]]|Data_Breach|
|2020.06.10|CRN (AU)|[[Ten tips for making the most of AWS security certifications|https://www.crn.com.au/news/ten-tips-for-making-the-most-of-aws-security-certifications-549074]]|AWS Certification|
|2020.06.10|Computer Weekly|[[Security Think Tank: Container security is evolving, so must CISOs|https://www.computerweekly.com/opinion/Security-Think-Tank-Container-security-is-evolving-so-must-CISOs]]|Containers|
|2020.06.10|GovLoop|[[Ransomware Readiness with Data Backup and Recovery|https://www.govloop.com/ransomware-readiness-with-data-backup-and-recovery/]]|Ransomware DRP|
|2020.06.10|Thomas Stringer|[[Azure Active Directory Service Principals and Permissions from the Azure CLI|https://trstringer.com/aad-sp-azure-cli/]]|AzureAD|
|2020.06.10|//IBM//|![[IBM: Security in the Cloud Remains Challenged by Complexity and Shadow IT|https://www.prnewswire.com/news-releases/ibm-security-in-the-cloud-remains-challenged-by-complexity-and-shadow-it-301073885.html]] |Report IBM|
|2020.06.10|//IBM//| → [[2020 Cloud Security Landscape Report|https://ibm.biz/cloudsecurityreport]]|Report IBM|
|2020.06.10|//Security Intelligence//| → [[How Threat Actors Are Adapting to the Cloud|https://securityintelligence.com/posts/how-threat-actors-are-adapting-to-the-cloud/]]||
|2020.06.10|TechRepublic| → [[How to better defend your cloud-based environments against cyberattack|https://www.techrepublic.com/article/how-to-better-defend-your-cloud-based-environments-against-cyberattack/]]|Report IBM|
|2020.06.11|Help Net Security| → [[Top security risks for companies to address as cloud migration accelerates|https://www.helpnetsecurity.com/2020/06/11/cloud-migration-risks/]]|Report IBM|
|2020.06.12|MSSP Alert| → [[Cloud Service Providers and Security: IBM Research Findings|https://www.msspalert.com/cybersecurity-research/cloud-service-providers-ibm-findings/]]|Report IBM|
|2020.06.10|//Efficient IP//|![[IDC 2020 Global DNS Threat Report|https://www.efficientip.com/resources/idc-dns-threat-report-2020/]] |Report EfficientIP|
|2020.06.10|Security Newspaper|![[Spoofing attack in Azure DevOps Servers using CVE-2020-1327|https://www.securitynewspaper.com/2020/06/10/spoofing-attack-in-azure-devops-servers-using-cve-2020-1327/]] |CVE-2020-1327 Attacks|
|2020.06.10|//Microsoft Azure//|[[Misconfigured Kubeflow workloads are a security risk|https://www.microsoft.com/security/blog/2020/06/10/misconfigured-kubeflow-workloads-are-a-security-risk/]]|KubeFlow Misconfiguration|
|2020.06.12|Dark Reading| → [[Cryptominers Found in Azure Kubernetes Containers|https://www.darkreading.com/attacks-breaches/cryptominers-found-in-azure-kubernetes-containers/d/d-id/1338083]]|KubeFlow Misconfiguration|
|2020.06.11|Security Week| → [[Microsoft Identifies Attack Targeting Kubeflow Environments|https://www.securityweek.com/microsoft-identifies-attack-targeting-kubeflow-environments]]|KubeFlow Misconfiguration|
|2020.06.10|//PR Newswire//|[[How a Breach and Attack Simulation Platform Can Improve Your Cloud Security|https://www.prnewswire.com/news-releases/how-a-breach-and-attack-simulation-platform-can-improve-your-cloud-security-301073759.html]]|Exercise Simulation|
|2020.06.10|//JumpCloud//|[[Using Azure AD to Authenticate to Systems|https://jumpcloud.com/blog/aad-to-auth-systems]]|AzureAD|
|2020.06.10|//Google Cloud//|[[New Google Cloud firewall features|https://cloud.google.com/blog/products/identity-security/new-google-cloud-firewall-features]]|GCP Firewalls|
|2020.06.10|//Google Cloud//|[[Building resilient systems to weather the unexpected|https://cloud.google.com/blog/products/management-tools/sre-principles-in-practice-for-business-continuity]]|GCP BCP|
|2020.06.10|//Comparitech//|![[We setup a honeypot to see how long for hackers find unsecured database|https://www.comparitech.com/blog/information-security/unsecured-database-honeypot/]] |Attacks Misconfiguration|
|2020.06.10|Dark Reading| → [[Misconfigured Databases Targeted Hours After Deployment|https://www.darkreading.com/cloud/misconfigured-databases-targeted-hours-after-deployment/d/d-id/1338052]]|Attacks Misconfiguration|
|2020.06.10|Security Week| → [[Misconfigured Public Cloud Databases Attacked Within Hours of Deployment|https://www.securityweek.com/misconfigured-public-cloud-databases-attacked-within-hours-deployment]]|Attacks Misconfiguration|
|2020.06.10|//Amazon AWS//|[[Tighten S3 permissions for your IAM users and roles using access history of S3 actions|https://aws.amazon.com/blogs/security/tighten-s3-permissions-iam-users-and-roles-using-access-history-s3-actions/]]|S3 IAM|
|2020.06.10|//Microsoft Azure//|[[The science behind Microsoft Threat Protection: Attack modeling for finding and stopping evasive ransomware|https://www.microsoft.com/security/blog/2020/06/10/the-science-behind-microsoft-threat-protection-attack-modeling-for-finding-and-stopping-evasive-ransomware/]]|Microsoft_ATP Ransomware K6x:|
|2020.06.10|//Oracle Cloud//|[[Troubleshooting User Access in Identity Cloud Service when using AD Bridge|https://blogs.oracle.com/cloudsecurity/troubleshooting-user-access-in-identity-cloud-service-when-using-ad-bridge]]|IAM AD_Bridge|
|2020.06.10|//SonaType//|[[Can Kubernetes Keep a Secret?|https://blog.sonatype.com/can-kubernetes-keep-a-secret]]|K8s Secrets_Management|
|2020.06.10|MSSP Alert|[[Siemplify Launches Cloud-Native SOAR for MSSPs|https://www.msspalert.com/cybersecurity-services-and-products/cloud/siemplify-soar-for-mssps/]]|Products|
|2020.06.10|//Check Point//|[[Security Think Tank: Container security is evolving, so must CISOs|https://blog.checkpoint.com/2020/06/10/creating-harmony-for-cloud-native-security/]]|Cloud_Native|
|2020.06.10|//AWS//|[[Azure Files enhances data protection capabilities|https://azure.microsoft.com/blog/azure-files-enhances-data-protection-capabilities/]]|Azure|
|2020.06.10|//LinkedIn//|[[Open sourcing Kube2Hadoop: Secure access to HDFS from Kubernetes|https://engineering.linkedin.com/blog/2020/open-sourcing-kube2hadoop]]|K8s|
|2020.06.10|//AWS//|[[Software Package Management with AWS CodeArtifact|https://aws.amazon.com/blogs/aws/software-package-management-with-aws-codeartifact/]]|AWS|
|2020.06.10|//Microsoft//|[[Misconfigured Kubeflow workloads are a security risk twitter|https://www.microsoft.com/security/blog/2020/06/10/misconfigured-kubeflow-workloads-are-a-security-risk/]]|Misconfigurations|
|>|>|>|!2020.06.09|
|2020.06.09|ENISA|![[Spotlight on incident reporting of telecom security and trust services|https://www.enisa.europa.eu/news/enisa-news/spotlight-on-incident-reporting-of-telecom-security-and-trust-services]] |Incidents Telcos Repository|
|2020.06.09|ENISA| → [[Cybersecurity Incident Report and Analysis System - Visual Analysis Tool|https://www.enisa.europa.eu/topics/incident-reporting/cybersecurity-incident-report-and-analysis-system-visual-analysis/visual-tool]]|Incidents Telcos Tools|
|2020.06.10|CBR Online| → [[New EU Data on Telco "Security" Issues Shows… Switchgear Failures and Power Outages|https://www.cbronline.com/news/telco-outages-enisa]]|Incidents Telcos|
|2020.06.09|SecTechno|[[Dive - Tool for Exploring Each Layer in a Docker Image - SecTechno|https://sectechno.com/dive-tool-for-exploring-each-layer-in-a-docker-image/]]|Tools|
|2020.06.09|Twitter - Random_Robbie|[[SSRF AWS Bypasses to access metadata endpoint|https://mobile.twitter.com/Random_Robbie/stats/1268186743657947137]]|AWS SSRF|
|2020.06.09|Infosecurity Mag|[[CSA Virtual Summit: Future of European Cloud Services Scheme Detailed|https://www.infosecurity-magazine.com/news/cloud-services-scheme/]]|Certification_Scheme CSA|
|2020.06.09|Infosecurity Mag|[[More S3 Buckets Compromised with Magecart and Malicious Redirector|https://www.infosecurity-magazine.com/news/s3-compromised-magecart-malicious/]]|AWS_S3 Malware|
|2020.06.11|infoRisk Today| → [[Unsecured AWS S3 Buckets Infected With Skimmer Code|https://www.inforisktoday.com/unsecured-aws-s3-buckets-infected-skimmer-code-a-14421]]|AWS_S3 Compromise|
|2020.06.09|Sami Lamppu|[[Microsoft 365 Security Solutions Available API's|https://samilamppu.com/2020/06/09/microsoft-365-security-solution-available-apis/]]|M365 APIs|
|2020.06.09|Sami Lamppu|[[Detect Potentially Suspicious Activity In Teams With Cloud App Security|https://samilamppu.com/2020/06/09/detect-potentially-suspicious-activity-in-teams-with-cloud-app-security/]]|Teams Detection|
|2020.06.09|Center for Internet Security|![[Shared Responsibility for Cloud Security: What You Need to Know|https://www.cisecurity.org/blog/shared-responsibility-cloud-security-what-you-need-to-know/]] |Shared_Responsibility|
|2020.06.09|//IBM//|[[IBM Cloud - June 9 Outage|https://cloud.ibm.com/status?query=IBM+Cloud+-+June+9+Outage%0D%0A%0D&selected=announcement]]|IBM Outage|
|2020.06.09|CRN| → [[Widespread Outage Hits IBM Cloud|https://www.crn.com/news/cloud/widespread-outage-hits-ibm-cloud]]|Outage IBM|
|2020.06.10|CRN| → [[IBM Blames Massive Cloud Outage On Third-Party Network Provider|https://www.crn.com/news/cloud/ibm-blames-massive-cloud-outage-on-third-party-network-provider]]|Outage IBM|
|2020.06.10|Silicon Angle| → [[IBM cloud outage brings down customer websites worldwide|https://siliconangle.com/2020/06/09/ibm-cloud-outage-leads-customer-websites-going-worldwide/]]|Outage IBM|
|2020.06.10|CBR Online|[[IBM Blames "Incorrect Routing" by Third Party for Global Cloud Outage|https://www.cbronline.com/news/ibm-cloud-outage]]|Outage|
|2020.06.11|Bleeping Computer| → [[IBM Cloud global outage caused by "incorrect" BGP routing|https://www.bleepingcomputer.com/news/technology/ibm-cloud-global-outage-caused-by-incorrect-bgp-routing/]]|Outage IBM|
|2020.06.11|CRN (AU)| → [[IBM blames massive cloud outage on third-party network provider|https://www.crn.com.au/news/ibm-blames-massive-cloud-outage-on-third-party-network-provider-549138]]|Outage IBM|
|2020.06.11|The Register| → [[IBM blames 'external' network provider, incorrect routing, traffic flood for its two-hour cloud outage|https://www.theregister.com/2020/06/11/ibm_cloud_outage_report/]]|Outage IBM|
|2020.06.09|CRN (AU]|[[12 Biggest Cloud Threats And Vulnerabilities In 2020|https://www.crn.com.au/news/12-biggest-cloud-threats-and-vulnerabilities-in-2020-549025]]|Threats Flaws|
|2020.06.09|DZone|[[Is the Future of Data Security in the Cloud is Programmable? Let's See How!|https://dzone.com/articles/is-the-future-of-data-security-in-the-cloud-is-pro-1]]|Misc.|
|2020.06.09|//RiskIQ//|![[Misconfigured Amazon S3 Buckets Continue to be a Launchpad for Malicious Code|https://www.riskiq.com/blog/labs/misconfigured-s3-buckets/]] |AWS_S3 Misconfiguration|
|2020.06.09|//AWS//|[[AWS achieves its first PCI 3DS attestation|https://aws.amazon.com/blogs/security/aws-achieves-first-pci-3ds-attestation/]]|AWS PCI|
|2020.06.09|//Google Cloud//|[[3 strategies to ensure business continuity using Anthos|https://cloud.google.com/blog/topics/anthos/3-strategies-to-ensure-business-continuity-using-anthos/]]|GCP Anthos BCP|
|2020.06.09|//Crowdstrike//|![[Attackers Are Targeting Cloud Service Providers|https://www.crowdstrike.com/blog/crowdstrike-observes-increase-in-iaas-api-key-theft/]] |APIs|
|2020.06.09|//CISecurity//|![[Cloud Security and the Shared Responsibility Model|https://www.cisecurity.org/white-papers/cloud-security-and-the-shared-responsibility-model/]] |Shared_Responsibility|
|2020.06.09|//Kublr//|[[Kubernetes RBAC 101: Overview|https://kublr.com/blog/kubernetes-rbac-101-overview/]] (1/3)|Kubernetes RBAC|
|2020.06.19|Cloud Native Computing Foundation| → [[Kubernetes RBAC 101: Overview|https://www.cncf.io/blog/2020/06/19/kubernetes-rbac-101-overview-2/]]|K8s RBAC|
|2020.06.09|//Rhino Security Labs//|[[GKE Kubelet TLS Bootstrap Privilege Escalation|https://rhinosecuritylabs.com/cloud-security/kubelet-tls-bootstrap-privilege-escalation/]]|K8s Flaw|
|2020.06.09|//Cobalt.io//|[[Fourth Annual "The State of Pentesting" Finds Strong Relationship Between Security and Engineering, Accelerating Transition to DevSecOps|http://www.globenewswire.com/news-release/2020/06/09/2045649/0/en/Fourth-Annual-The-State-of-Pentesting-Finds-Strong-Relationship-Between-Security-and-Engineering-Accelerating-Transition-to-DevSecOps.html]] ([[rapport|https://resource.cobalt.io/the-state-of-pentesting-2020]])|Report PenTesting|
|>|>|>|!2020.06.08|
|2020.06.08|Summit Route|![[Denial of Wallet Attacks on AWS|https://summitroute.com/blog/2020/06/08/denial_of_wallet_attacks_on_aws/]] |AWS Attack_Analysis|
|2020.06.08|Christophe Tafani-Dereeper|[[Automating the provisioning of Active Directory labs in Azure|https://blog.christophetd.fr/automating-the-provisioning-of-active-directory-labs-in-azure/]]|AzureAD Tools||
|2020.06.08|Bleeping Computer|[[New Avaddon Ransomware launches in massive smiley spam campaign|https://www.bleepingcomputer.com/news/security/new-avaddon-ransomware-launches-in-massive-smiley-spam-campaign/]]|Ransomware|
|2020.06.08|GovLoop|[[Simple Steps to Security in the Cloud|https://www.govloop.com/simple-steps-to-security-in-the-cloud/]] ([[guide|https://go.govloop.com/questions-about-cloud.html]])|Best_Practices|
|2020.06.08|CSO|[[A 10-point plan to vet SaaS provider security|https://www.csoonline.com/article/3546316/a-10-point-plan-to-vet-saas-provider-security.html]]|SaaS Assessment|
|2020.06.08|Computer Weekly|[[Cloud storage 101: NAS file storage on AWS, Azure and GCP|https://www.computerweekly.com/feature/Cloud-storage-101-NAS-file-storage-on-AWS-Azure-and-GCP]]|Storage|
|2020.06.08|ShellHacks|[[Docker: Run Command in Container - Exec Example|https://www.shellhacks.com/docker-run-command-in-container-exec-example/]]|Docker|
|2020.06.08|Hakin9 Mag|[[Git Scanner: A tool for targeting websites that have open .git repositories available in public|https://hakin9.org/git-scanner-a-tool-for-targeting-websites-that-have-open-git-repositories-available-in-public/]]||
|2020.06.08|DZone|[[Chaos Engineering - Simulate AZ Failures on AWS|https://dzone.com/articles/chaos-engineering-simulate-az-failures-on-aws]]|AWS Chaos_Engineering|
|2020.06.08|Daniel Neumann|[[Using Azure Policy for Kubernetes|https://www.danielstechblog.io/using-azure-policy-for-kubernetes/]]|Azure Kubernetes|
|2020.06.08|//Microsoft Azure//|[[Configure Azure Private Link for an Azure container registry|https://docs.microsoft.com/en-us/azure/container-registry/container-registry-private-link]]|Azure_Private_Link|
|2020.06.08|//Google Cloud//|[[5 ways to enhance your cloud storage security and data protection|https://cloud.google.com/blog/products/storage-data-transfer/5-ways-to-enhance-your-cloud-storage-security-and-data-protection/]]|GCP Storage|
|2020.06.08|//Oracle Cloud//|[[How to rapidly deploy and evaluate Oracle Identity and Access Management 12C PS4|https://blogs.oracle.com/cloudsecurity/how-to-rapidly-deploy-and-evaluate-oracle-identity-and-access-management-12c-ps4]]|OracleCloud IAM|
|2020.06.08|//Palo Alto Networks//|[[Rethinking Zero Trust Network Access for a Zero Trust Strategy|https://blog.paloaltonetworks.com/2020/06/network-zero-trust-strategy/]]|Zero_trust|
|2020.06.08|//Tripwire//|[[Using AWS Session Manager with Enhanced SSH and SCP Capability|https://www.tripwire.com/state-of-security/security-data-protection/cloud/aws-session-manager-enhanced-ssh-scp-capability/]]|AWS SSH|
|2020.06.08|//Cloud Management Insider//|[[5 Security Challenges for Containers and Their Remedies|https://www.cloudmanagementinsider.com/5-security-challenges-for-containers-and-their-remedies/]]|containers Challenges|
|2020.06.08|//Dark Trace//|[[How Darktrace's AI caught two Microsoft 365 account takeovers|https://www.darktrace.com/en/blog/how-darktraces-ai-caught-two-microsoft-365-account-takeovers/]]|O365 Compromise|
|>|!|>||
|2020.06.03|GAIA-X|![[GAIA-X - the European project kicks off the next phase |https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-the-european-project-kicks-of-the-next-phase.html]] |GAIA-X Europe|
|2020.06.08|Louis Naugès[img[iCSF/flag_fr.png]]| → [[GAIA-X : chronique d'un échec inéluctable|https://nauges.typepad.com/my_weblog/2020/06/gaia-x-chronique-dun-%C3%A9chec-in%C3%A9luctable.html]]|GAIA-X Europe|
|2020.06.08|L'Usine Nouvelle[img[iCSF/flag_fr.png]]| → [[A quoi ressemblera le projet d'infrastructure européenne des données Gaia-X ?|https://www.usinenouvelle.com/editorial/a-quoi-ressemblera-le-projet-d-infrastructure-europeenne-des-donnees-gaia-x.N972086]]|GAIA-X Europe|
|2020.06.08|IMT[img[iCSF/flag_fr.png]]| → [[Gaia-X : un réseau cloud européen interopérable et souverain|https://blogrecherche.wp.imt.fr/2020/06/04/gaia-x-un-reseau-cloud-europeen/]]|GAIA-X Europe|
|2020.06.08|IT Social[img[iCSF/flag_fr.png]]| → [[Gaia-X, le cloud souverain européen prend forme sous l'impulsion franco-allemande|https://itsocial.fr/enjeux-it/enjeux-strategie/enjeu-digital/gaia-x-le-cloud-souverain-europeen-prend-forme-sous-limpulsion-franco-allemande/]]|GAIA-X Europe|
|2020.06.08|DataNews[img[iCSF/flag_fr.png]]| → [[Le projet 'cloud' européen Gaia-X aura son siège en Belgique|https://datanews.levif.be/ict/actualite/le-projet-cloud-europeen-gaia-x-aura-son-siege-en-belgique/article-news-1297273.html?cookie_check=1592241144]]|GAIA-X Europe|
|2020.06.08|Techniques de l'Ingénieur[img[iCSF/flag_fr.png]]| → [[Cloud souverain : la mauvaise stratégie de l'Europe|https://www.techniques-ingenieur.fr/actualite/articles/cloud-souverain-la-mauvaise-strategie-de-leurope-80376/]]|GAIA-X Europe|
|2020.06.11|Le Mag IT[img[iCSF/flag_fr.png]]| → [[GAIA-X : le SeLoger.com du cloud européen|https://www.lemagit.fr/actualites/252484537/GAIA-X-le-SeLoger-du-Cloud-europeen]]|GAIA-X Europe|
|2020.06.18|Computer Weekly| → [[EU-backed bid to build data preservation cloud for European research community gathers pace|https://www.computerweekly.com/news/252484854/EU-backed-bid-to-build-data-preservation-cloud-for-European-research-community-gathers-pace]]|GAIA-X Europe|
|2020.06.22|Channel Futures| → [[Latest on GAIA-X Project: Will It Really Best AWS, Azure, Google?|https://www.channelfutures.com/cloud-2/latest-on-gaia-x-project-will-it-really-best-aws-azure-google]] |GAIA-X Europe|
<<tiddler [[arOund0C]]>>
!"//Cloud Security Alliance Issues Call for Papers for EMEA Congress 2020//"
L'appel à contribution est ouvert jusqu'au ''31 août 2020''. Les thèmes suggérés sont les suivants ://
<<<
''Papers examining new frontiers accelerating change in information security are sought''
Berlin, Germany - June 11, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced that the Call for Papers for CSA EMEA Congress 2020 is now open through August 31. This multi-day virtual event, to be held later this fall, will focus on information security, privacy, governance and compliance, and emerging technologies. Those interested in providing thought leadership on the research, development, practice, and requirements surrounding cloud security are encouraged to apply.
"This year's CSA EMEA Congress promises to spark discussion on sectors that are accelerating change in information security," said Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance. "Experts on everything from IoT to the Software-Defined Perimeter will be there to drive and facilitate the sharing of best practices and education opportunities for cloud security professionals eager to shape the direction of cloud security in the coming decade."
Cloud and cybersecurity experts are encouraged to provide vendor-neutral presentations, providing both educational and practical thought leadership on such topics as IoT, Quantum Computing, Dev Ops and Artificial Intelligence.
With training and educational opportunities for cloud security professionals, attendees representing both end-user and industry viewpoints will be able to experience a unique mixture of compelling presentations and topical discussions on topics essential to the cloud ecosystem, including: Zero Trust, the growing complexity of cloud certification, continuous assurance and compliance, the European Cloud and GDPR, DevOps and containerization, and AI-driven cloud security. In addition to Q&A sessions following certain presentations, attendees will be able to network virtually via Circle, a global community of CSA members and partners.
<<<
//__Agenda :__
* Ouverture de l'appel à contribution : 11 juin 2020
* Cloture de l'appel à contribution : 31 août 2020
* Retour aux soumissionaires : 14 septembre 2020
* Date de soumission de la première version de la présentation : 30 septembre
* Date de soumission de la version finale de la présentation : 12 octobre
__Liens :__
* l'annonce sur le site de la CSA → https://cloudsecurityalliance.org/press-releases/2020/06/11/cloud-security-alliance-issues-call-for-papers-for-emea-congress-2020/
* la présentation de la conférence sur le site Easychair ⇒ https://easychair.org/cfp/csaemea2020
* le page pour soumettre un sujet sur le site Easychair ⇒ https://easychair.org/conferences/?conf=csaemea2020 /% ''[[CloudSecurityAlliance.fr/go/k9ee/|https://CloudSecurityAlliance.fr/go/k9ee/]]'' %/
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #67|2020.06.07 - Newsletter Hebdomadaire #67]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #67|2020.06.07 - Weekly Newsletter - #67]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.06.07 - Newsletter Hebdomadaire #67]]>> |<<tiddler [[2020.06.07 - Weekly Newsletter - #67]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 1er au 7 juin 2020
!!1 - Informations CSA - 1er au 7 juin 2020
* Actualité : Vers un Cloud souverain européen avec GAIA-X ?+++*[»]> <<tiddler [[2020.06.05 - Vers un Cloud souverain européen avec GAIA-X ?]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.06.07 - Veille Hebdomadaire - 7 juin]] avec plus de 90 liens
* __''À lire''__
** Vers un Cloud souverain européen avec GAIA-X ?+++*[»]
|2020.06.03|GAIA-X|![[GAIA-X - the European project kicks off the next phase |https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-the-european-project-kicks-of-the-next-phase.html]] |GAIA-X Europe|
|2020.06.03|Les Echos[img[iCSF/flag_fr.png]]| → [[La France et l'Allemagne défendent un cloud souverain européen|https://www.lesechos.fr/tech-medias/hightech/le-cloud-europeen-franco-allemand-devoile-ses-services-numeriques-souverains-1208046]]|GAIA-X Europe|
|2020.06.03|NeoWin| → [[Gaia-X, Europe' competitor to Silicon Valley' cloud computing offerings, takes shape - Neowin|https://www.neowin.net/news/gaia-x-europes-competitor-to-silicon-valleys-cloud-computing-offerings-takes-shape]]|GAIA-X Europe|
|2020.06.04|//Silicon.fr[img[iCSF/flag_fr.png]]//| → [[GAIA-X ou la possibilité d'un Cloud franco-allemand|https://www.silicon.fr/gaia-x-ou-la-possibilite-dun-cloud-franco-allemand-340778.html]]|GAIA-X Europe|
|2020.06.04|//OVH Cloud//| → [[GAIA-X Catalogue search engine - under the hood |https://www.ovh.com/blog/gaia-x-catalogue-search-engine-under-the-hood/]]|GAIA-X Europe|
|2020.06.04|POLITICO| → [[Germany, France launch Gaia-X platform in bid for "tech sovereignty"|https://www.politico.eu/article/germany-france-gaia-x-cloud-platform-eu-tech-sovereignty/]]|GAIA-X Europe|
|2020.06.05|Informatique News[img[iCSF/flag_fr.png]]| → [[Gaia-X, la nouvelle initiative franco-allemande pour assurer une souveraineté sur les données européennes dans le cloud|https://www.informatiquenews.fr/gaia-x-la-nouvelle-initiative-franco-allemande-pour-assurer-une-souverainete-sur-les-donnees-europeennes-dans-le-cloud-70785]]|GAIA-X Europe|
|2020.06.05|EURACTIV| → [[Altmaier charts Gaia-X as the beginning of a "European data ecosystem"|https://www.euractiv.com/section/data-protection/news/altmaier-charts-gaia-x-as-the-beginning-of-a-european-data-ecosystem/]]|GAIA-X Europe|
|2020.06.05|CloudTweaks| → [[France, Germany back European cloud computing 'moonshot'|https://www.reuters.com/article/us-europe-tech/france-germany-back-european-cloud-computing-moonshot-idUSKBN23B26B]]|GAIA-X Europe|
|2020.06.05|Channel E2E| → [[Europe' Gaia-X Counters Amazon AWS, Microsoft Azure, Google Cloud|https://www.channele2e.com/channel-partners/csps/europes-gaia-x-counters-aws-azure-google-cloud/]]|GAIA-X Europe|
|2020.06.06|The Register| → [[Franco-German cloud framework floated to protect European's data from foreign tech firms slurpage|https://www.theregister.com/2020/06/06/eu_gaiax_cloud/]]|GAIA-X Europe|
===
** Vers un "//Great Firewall of Europe//" ?+++*[»]
|2020.06.05|CBR Online|![[European Policy Paper: "We Want a Chinese Firewall Too"|https://www.cbronline.com/news/european-firewall-proposal]] |Europe Policy|
===
** Annonce IBM sur le chiffrement homomorphique+++*[»]
|2020.06.04|//IBM//|![[IBM Releases Fully Homomorphic Encryption Toolkit for MacOS and iOS; Linux and Android Coming Soon|https://www.ibm.com/blogs/research/2020/06/ibm-releases-fully-homomorphic-encryption-toolkit-for-macos-and-ios-linux-and-android-coming-soon/]] |Homomorphic_Encryption|
|2020.06.05|//IBM//| → [[New Open Source Security Tools Let You Develop on Encrypted Data|https://developer.ibm.com/blogs/new-open-source-security-tools-let-you-develop-on-encrypted-data/]] (site [[Fully Homomorphic Encryption|https://www.research.ibm.com/labs/uk/fhe.html]])|Homomorphic_Encryption|
|2020.06.05|Security Week| → [[IBM Releases Open Source Toolkits for Processing Data While Encrypted|https://www.securityweek.com/ibm-releases-open-source-toolkits-processing-data-while-encrypted]]|Homomorphic_Encryption|
|2020.06.05|DevOps| → [[IBM Releases Fully Homomorphic Encryption Toolkit for MacOS and iOS; Linux and Android Coming Soon|https://devops.com/ibm-releases-fully-homomorphic-encryption-toolkit-for-macos-and-ios-linux-and-android-coming-soon/]]|Homomorphic_Encryption|
===
* __Attaques__ et pannes
** Phishing O365+++*[»]
|2020.06.03|Bleeping Computer|[[Office 365 phishing baits remote workers with fake VPN configs|https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-remote-workers-with-fake-vpn-configs/]]|O365 Phishing|
===
* __Rapports et études__
** Ermetic+++*[»]
|2020.06.03|//Ermetic//|[[Ermetic Reports Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months|https://ermetic.com/whats-new/ermetic-reports-nearly-80-of-companies-experienced-a-cloud-data-breach-in-past-18-months/]]|Report Ermetic|
|2020.06.03|Container Journal| → [[Ermetic Reports Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months|https://containerjournal.com/news/news-releases/ermetic-reports-nearly-80-of-companies-experienced-a-cloud-data-breach-in-past-18-months/]]|Report Ermetic|
|2020.06.03|Help Net Security| → [[Most companies suffered a cloud data breach in the past 18 months|https://www.helpnetsecurity.com/2020/06/03/cloud-data-breach/]]|Report Ermetic|
|2020.05.06|Security Week| → [[Cloud Security Company Ermetic Emerges From Stealth Mode|https://www.securityweek.com/microsoft-investigating-github-account-hacking-claims]]|Report Ermetic|
=== et OverOps+++*[»]
|2020.06.02|BusinessWire|![[Second Annual |DevOps Survey Reveals 70% of Engineering Teams Choose Application Quality Over Software Delivery Speed|https://www.businesswire.com/news/home/20200602005310/en/Annual-DevOps-Survey-Reveals-70-Engineering-Teams]] |Survey Quality|
|2020.06.02|//OverOps//| → [[State of Software Quality Report] How Organizations are Addressing the Speed vs. Quality Challenge in 2020|https://blog.overops.com/survey-2020-the-state-of-software-quality/]]|Survey Quality|
|2020.06.02|DevOps| → [[Who's Responsible for Security? Apparently, It Depends|https://devops.com/whos-responsible-for-security-apparently-it-depends/]]|Surey|
|2020.06.02|DevOps| → [[Survey Surfaces Tension Between Software Speed and Quality|https://devops.com/survey-surfaces-tension-between-software-speed-quality/]]|Survey Quality|
===
* __Acquisitions__
** ''Lastline'' par ''VMware''+++*[»]
|2020.06.04|Lastline|[[Lastline to be Acquired by VMware|https://www.lastline.com/blog/lastline-to-be-acquired-by-vmware/]]|Acquisition|
|2020.06.04|MSSP Alert| → [[VMware Acquires Lastline Network Detection and Response|https://www.msspalert.com/investments/vmware-acquires-lastline-network-detection-and-response/]]|Acquisition|
|2020.06.05|Security Week| → [[VMware to Acquire Network Security Company Lastline|https://www.securityweek.com/vmware-acquire-network-security-company-lastline]]|Acquisition|
|2020.06.05|TechRadar Pro| → [[VMware snaps up network security firm Lastline|http://www.techradar.com/news/vmware-snaps-up-network-security-firm-lastline]]|Acquisition|
===
** SovLabs par CloudBolt+++*[»]
|2020.06.04|DevOps|[[CloudBolt Acquires SovLabs to Advance Hybrid Cloud Strategy|https://devops.com/cloudbolt-acquires-sovlabs-to-advance-hybrid-cloud-strategy/]]|Acquisition|
===
** Spot par NetApp+++*[»]
|2020.06.05|DevOps|[[NetApp Acquires Spot to Rein in Cloud Costs|https://devops.com/netapp-acquires-spot-to-rein-in-cloud-costs/]]|Acquisition|
|2020.06.06|Israel Valley[img[iCSF/flag_fr.png]]| → [[L'américain Netapp rachète la start-up israélienne Spot pour réduire la facture cloud.|https://www.israelvalley.com/2020/06/lamericain-netapp-rachete-la-start-up-israelienne-spot-pour-reduire-la-facture-cloud/]]|Acquisition|
===
* Vulnérabilités
** Kubernetes : CVE-2020-10749+++*[»]
|2020.05.27|Kubernetes|[[IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements #91507|https://github.com/kubernetes/kubernetes/issues/91507]]|CVE-2020-10749 Kubernetes|
|2020.06.02|CBR Online| → [[Kubernetes Bug Leaves Default Clusters Vulnerable to Man-in-the-Middle Attacks|https://www.cbronline.com/news/kubernetes-bug]]|CVE-2020-10749 Kubernetes|
|2020.06.03|//Alcide//| → [[New Kubernetes Man-In-The-Middle (MiTM) Attack Leverages IPv6 Router Advertisements|https://blog.alcide.io/new-kubernetes-man-in-the-middle-mitm-attack-leverage-ipv6-router-advertisements]]|CVE-2020-10749 Kubernetes|
|2020.06.05|//StackRox//| → [[Mitigating CVE-2020-10749 in Kubernetes Environments|https://www.stackrox.com/post/2020/06/mitigating-kubernetes-cve-2020-10749/]]|CVE-2020-10749 Kubernetes|
=== et CVE-2020-8555+++*[»]
|2020.06.02|Medium - BreizhZeroDayHunters|[[When it's not only about a Kubernetes CVE…|https://medium.com/@BreizhZeroDayHunters/when-its-not-only-about-a-kubernetes-cve-8f6b448eafa8]]|CVE-2020–8555 Kubernetes|
===
** VMware Cloud Director+++*[»]
|2020.05.19|//VMware//|[[VMSA-2020-0010: VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)|https://www.vmware.com/security/advisories/VMSA-2020-0010.html]]|CVE-2020-3956|
|2020.06.04|GBHackers on Security| → [[A Bug VMware Cloud Director Let Hackers Compromise Corporate Servers|https://gbhackers.com/critical-vmware-cloud-director-bug/]]|CVE-2020-3956 VMware|
|2020.06.03|//Sophos//| → [[VMware flaw allows takeover of multiple private clouds|https://nakedsecurity.sophos.com/2020/06/03/vmware-flaw-allows-takeover-of-multiple-private-clouds/]]|CVE-2020-3956 VMware|
|2020.06.02|Help Net Security| → [[VMware Cloud Director vulnerability enables a full cloud infrastructure takeover|https://www.helpnetsecurity.com/2020/06/02/cve-2020-3956/]]|CVE-2020-3956 VMware|
|2020.06.02|Security Week| → [[VMware Cloud Director Vulnerability Has Major Impact for Cloud Providers|https://www.securityweek.com/vmware-cloud-director-vulnerability-has-major-impact-cloud-providers]]|CVE-2020-3956 VMware|
===
** Login dans GCP+++*[»]
|2020.06.04|//GitLab//|![[Privilege Escalation in Google Cloud Platform's OS Login|https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020]] |GCP Flaw|
===
* __Divers__
** Détection de pot de miel avec Azure Sentinel+++*[»]
|2020.06.07|Martin Rothe|[[Network IDS & Azure Sentinel|https://blog.rothe.uk/network-ids-azure-sentinel/]]|Azure_Sentinel|
|2020.06.06|Martin Rothe|[[Analyzing Honeypot Data with Azure Sentinel|https://blog.rothe.uk/analysing-honeypot-data/]]|Honeypot Azure_Sentinel|
===
** Comparatif des services Kubernetes+++*[»]
|2020.06.05|//IBM//, //Digital Ocean//, //Scaleway//|![[Kubernetes managed service|https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit]] |K8s Comparison|
===
** Zoom et le chiffrement+++*[»]
|2020.06.03|ZDnet|[[Zoom security: Here's how Germany got its wires crossed over video-chat privacy|https://www.zdnet.com/article/zoom-security-heres-how-germany-got-its-wires-crossed-over-video-chat-privacy/]]|Zoom|
|2020.06.03|Security Week|[[Zoom Not Offering End-to-End Encryption to Free Users to Help Law Enforcement|https://www.securityweek.com/zoom-not-offering-end-end-encryption-free-users-help-law-enforcement]]|Zoom Encryption|
|2020.06.03|CBR Online| → [[Zoom Wrestles Publicly with E2E Encryption Demons|https://www.cbronline.com/news/zoom-e2e-encryption]]|Zoom Encryption|
===
** Arrêt par IBM des VPC à base de Power+++*[»]
|2020.06.02|//IBM//|[[End of Service Announcement for Virtual Servers for VPC on POWER|https://www.ibm.com/cloud/blog/announcements/end-of-service-announcement-for-virtual-servers-for-vpc-on-power]]|IBM_Cloud Power|
|2020.06.04|The Register| → [[IBM to power down Power-powered virtual private cloud, GPU-accelerated options|https://www.theregister.com/2020/06/04/ibm_vpc_power_shutdown_notice/]]|IBM_Cloud Power|
===
** Sécurité des données et SaaS (1/4)+++*[»]
|2020.06.03|//Securosis//|![[Data Security in the SaaS Age: Rethinking Data Security|https://securosis.com/blog/data-security-in-the-saas-age-rethinking-data-security]] (1/4) |SaaS|
===
** Outils : Cloudsploit+++*[»]
|2020.06.05|SecTechno|[[CloudSploit - Cloud Security Configuration Checks - SecTechno|https://sectechno.com/cloudsploit-cloud-security-configuration-checks/]]|Tools|
=== et Cado Host+++*[»]
|2020.06.05|Medium - cloudyforensics|[[Introducing Cado Host - A free tool to collect forensic artefacts from compromised systems|https://medium.com/@cloudyforensics/introducing-cado-host-a-free-tool-to-collect-forensic-artefacts-from-compromised-systems-e2f93ff5a532]]|Tools|
===
** Complément sur la nouvelle région GCP en France+++*[»]
|2020.06.01|//Google Cloud//|![[Nouvelle région cloud en France|https://www.linkedin.com/posts/google-cloud_google-cloud-entend-soutenir-la-croissance-activity-6671666435900612608-cpke/]] |GCP France|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K67/|https://CloudSecurityAlliance.fr/go/K67/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - June 1st to 7th, 2020[>img[iCSF/inEnglish.png]]
!!1 - CSA News and Updates - June 1st to 7th, 2020
* News : the GAIA-X project in bid for a "European tech soverignty+++*[»]> <<tiddler [[2020.06.05 - Vers un Cloud souverain européen avec GAIA-X ?]]>>===
!!2 - Cloud and Security News Watch
[[Over 90 links|2020.06.07 - Veille Hebdomadaire - 7 juin]]
* __''Must read''__
** GAIA-X platform in bid for a "European tech soverignty"?+++*[»]
|2020.06.03|GAIA-X|![[GAIA-X - the European project kicks off the next phase |https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-the-european-project-kicks-of-the-next-phase.html]] |GAIA-X Europe|
|2020.06.03|Les Echos[img[iCSF/flag_fr.png]]| → [[La France et l'Allemagne défendent un cloud souverain européen|https://www.lesechos.fr/tech-medias/hightech/le-cloud-europeen-franco-allemand-devoile-ses-services-numeriques-souverains-1208046]]|GAIA-X Europe|
|2020.06.03|NeoWin| → [[Gaia-X, Europe' competitor to Silicon Valley' cloud computing offerings, takes shape - Neowin|https://www.neowin.net/news/gaia-x-europes-competitor-to-silicon-valleys-cloud-computing-offerings-takes-shape]]|GAIA-X Europe|
|2020.06.04|//Silicon.fr[img[iCSF/flag_fr.png]]//| → [[GAIA-X ou la possibilité d'un Cloud franco-allemand|https://www.silicon.fr/gaia-x-ou-la-possibilite-dun-cloud-franco-allemand-340778.html]]|GAIA-X Europe|
|2020.06.04|//OVH Cloud//| → [[GAIA-X Catalogue search engine - under the hood |https://www.ovh.com/blog/gaia-x-catalogue-search-engine-under-the-hood/]]|GAIA-X Europe|
|2020.06.04|POLITICO| → [[Germany, France launch Gaia-X platform in bid for "tech sovereignty"|https://www.politico.eu/article/germany-france-gaia-x-cloud-platform-eu-tech-sovereignty/]]|GAIA-X Europe|
|2020.06.05|Informatique News[img[iCSF/flag_fr.png]]| → [[Gaia-X, la nouvelle initiative franco-allemande pour assurer une souveraineté sur les données européennes dans le cloud|https://www.informatiquenews.fr/gaia-x-la-nouvelle-initiative-franco-allemande-pour-assurer-une-souverainete-sur-les-donnees-europeennes-dans-le-cloud-70785]]|GAIA-X Europe|
|2020.06.05|EURACTIV| → [[Altmaier charts Gaia-X as the beginning of a "European data ecosystem"|https://www.euractiv.com/section/data-protection/news/altmaier-charts-gaia-x-as-the-beginning-of-a-european-data-ecosystem/]]|GAIA-X Europe|
|2020.06.05|CloudTweaks| → [[France, Germany back European cloud computing 'moonshot'|https://www.reuters.com/article/us-europe-tech/france-germany-back-european-cloud-computing-moonshot-idUSKBN23B26B]]|GAIA-X Europe|
|2020.06.05|Channel E2E| → [[Europe' Gaia-X Counters Amazon AWS, Microsoft Azure, Google Cloud|https://www.channele2e.com/channel-partners/csps/europes-gaia-x-counters-aws-azure-google-cloud/]]|GAIA-X Europe|
|2020.06.06|The Register| → [[Franco-German cloud framework floated to protect European's data from foreign tech firms slurpage|https://www.theregister.com/2020/06/06/eu_gaiax_cloud/]]|GAIA-X Europe|
===
** Towards a "//Great Firewall of Europe//" ?+++*[»]
|2020.06.05|CBR Online|![[European Policy Paper: "We Want a Chinese Firewall Too"|https://www.cbronline.com/news/european-firewall-proposal]] |Europe Policy|
===
** IBM Releases Homomorphic Encryption Open Source Toolkits+++*[»]
|2020.06.05|IBM|![[New Open Source Security Tools Let You Develop on Encrypted Data|https://developer.ibm.com/blogs/new-open-source-security-tools-let-you-develop-on-encrypted-data/]] (site [[Fully Homomorphic Encryption|https://www.research.ibm.com/labs/uk/fhe.html]]) |Homomorphic_Encryption|
|2020.06.05|Security Week| → [[IBM Releases Open Source Toolkits for Processing Data While Encrypted|https://www.securityweek.com/ibm-releases-open-source-toolkits-processing-data-while-encrypted]]|Homomorphic_Encryption|
|2020.06.05|DevOps| → [[IBM Releases Fully Homomorphic Encryption Toolkit for MacOS and iOS; Linux and Android Coming Soon|https://devops.com/ibm-releases-fully-homomorphic-encryption-toolkit-for-macos-and-ios-linux-and-android-coming-soon/]]|Homomorphic_Encryption|
===
* __Attacks__
** Phishing O365+++*[»]
|2020.06.03|Bleeping Computer|[[Office 365 phishing baits remote workers with fake VPN configs|https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-remote-workers-with-fake-vpn-configs/]]|O365 Phishing|
===
* __Reports and Surveys__
** Ermetic+++*[»]
|2020.06.03|//Ermetic//|[[Ermetic Reports Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months|https://ermetic.com/whats-new/ermetic-reports-nearly-80-of-companies-experienced-a-cloud-data-breach-in-past-18-months/]]|Report Ermetic|
|2020.06.03|Container Journal| → [[Ermetic Reports Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months|https://containerjournal.com/news/news-releases/ermetic-reports-nearly-80-of-companies-experienced-a-cloud-data-breach-in-past-18-months/]]|Report Ermetic|
|2020.06.03|Help Net Security| → [[Most companies suffered a cloud data breach in the past 18 months|https://www.helpnetsecurity.com/2020/06/03/cloud-data-breach/]]|Report Ermetic|
|2020.05.06|Security Week| → [[Cloud Security Company Ermetic Emerges From Stealth Mode|https://www.securityweek.com/microsoft-investigating-github-account-hacking-claims]]|Report Ermetic|
=== and OverOps+++*[»]
|2020.06.02|BusinessWire|![[Second Annual |DevOps Survey Reveals 70% of Engineering Teams Choose Application Quality Over Software Delivery Speed|https://www.businesswire.com/news/home/20200602005310/en/Annual-DevOps-Survey-Reveals-70-Engineering-Teams]] |Survey Quality|
|2020.06.02|//OverOps//| → [[State of Software Quality Report] How Organizations are Addressing the Speed vs. Quality Challenge in 2020|https://blog.overops.com/survey-2020-the-state-of-software-quality/]]|Survey Quality|
|2020.06.02|DevOps| → [[Who's Responsible for Security? Apparently, It Depends|https://devops.com/whos-responsible-for-security-apparently-it-depends/]]|Surey|
|2020.06.02|DevOps| → [[Survey Surfaces Tension Between Software Speed and Quality|https://devops.com/survey-surfaces-tension-between-software-speed-quality/]]|Survey Quality|
===
* __Acquisitions__
** ''Lastline'' by ''VMware''+++*[»]
|2020.06.04|Lastline|[[Lastline to be Acquired by VMware|https://www.lastline.com/blog/lastline-to-be-acquired-by-vmware/]]|Acquisition|
|2020.06.04|MSSP Alert| → [[VMware Acquires Lastline Network Detection and Response|https://www.msspalert.com/investments/vmware-acquires-lastline-network-detection-and-response/]]|Acquisition|
|2020.06.05|Security Week| → [[VMware to Acquire Network Security Company Lastline|https://www.securityweek.com/vmware-acquire-network-security-company-lastline]]|Acquisition|
|2020.06.05|TechRadar Pro| → [[VMware snaps up network security firm Lastline|http://www.techradar.com/news/vmware-snaps-up-network-security-firm-lastline]]|Acquisition|
===
** SovLabs by CloudBolt+++*[»]
|2020.06.04|DevOps|[[CloudBolt Acquires SovLabs to Advance Hybrid Cloud Strategy|https://devops.com/cloudbolt-acquires-sovlabs-to-advance-hybrid-cloud-strategy/]]|Acquisition|
===
** Spot by NetApp+++*[»]
|2020.06.05|DevOps|[[NetApp Acquires Spot to Rein in Cloud Costs|https://devops.com/netapp-acquires-spot-to-rein-in-cloud-costs/]]|Acquisition|
|2020.06.06|Israel Valley[img[iCSF/flag_fr.png]]| → [[L'américain Netapp rachète la start-up israélienne Spot pour réduire la facture cloud.|https://www.israelvalley.com/2020/06/lamericain-netapp-rachete-la-start-up-israelienne-spot-pour-reduire-la-facture-cloud/]]|Acquisition|
===
* Vulnerabilities
** Kubernetes: CVE-2020-10749+++*[»]
|2020.05.27|Kubernetes|[[IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements #91507|https://github.com/kubernetes/kubernetes/issues/91507]]|CVE-2020-10749 Kubernetes|
|2020.06.02|CBR Online| → [[Kubernetes Bug Leaves Default Clusters Vulnerable to Man-in-the-Middle Attacks|https://www.cbronline.com/news/kubernetes-bug]]|CVE-2020-10749 Kubernetes|
|2020.06.03|//Alcide//| → [[New Kubernetes Man-In-The-Middle (MiTM) Attack Leverages IPv6 Router Advertisements|https://blog.alcide.io/new-kubernetes-man-in-the-middle-mitm-attack-leverage-ipv6-router-advertisements]]|CVE-2020-10749 Kubernetes|
|2020.06.05|//StackRox//| → [[Mitigating CVE-2020-10749 in Kubernetes Environments|https://www.stackrox.com/post/2020/06/mitigating-kubernetes-cve-2020-10749/]]|CVE-2020-10749 Kubernetes|
=== and CVE-2020-8555+++*[»]
|2020.06.02|Medium - BreizhZeroDayHunters|[[When it's not only about a Kubernetes CVE…|https://medium.com/@BreizhZeroDayHunters/when-its-not-only-about-a-kubernetes-cve-8f6b448eafa8]]|CVE-2020–8555 Kubernetes|
===
** VMware Cloud Director+++*[»]
|2020.05.19|//VMware//|[[VMSA-2020-0010: VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)|https://www.vmware.com/security/advisories/VMSA-2020-0010.html]]|CVE-2020-3956|
|2020.06.04|GBHackers on Security| → [[A Bug VMware Cloud Director Let Hackers Compromise Corporate Servers|https://gbhackers.com/critical-vmware-cloud-director-bug/]]|CVE-2020-3956 VMware|
|2020.06.03|//Sophos//| → [[VMware flaw allows takeover of multiple private clouds|https://nakedsecurity.sophos.com/2020/06/03/vmware-flaw-allows-takeover-of-multiple-private-clouds/]]|CVE-2020-3956 VMware|
|2020.06.02|Help Net Security| → [[VMware Cloud Director vulnerability enables a full cloud infrastructure takeover|https://www.helpnetsecurity.com/2020/06/02/cve-2020-3956/]]|CVE-2020-3956 VMware|
|2020.06.02|Security Week| → [[VMware Cloud Director Vulnerability Has Major Impact for Cloud Providers|https://www.securityweek.com/vmware-cloud-director-vulnerability-has-major-impact-cloud-providers]]|CVE-2020-3956 VMware|
===
** GCP's OS Login+++*[»]
|2020.06.04|//GitLab//|![[Privilege Escalation in Google Cloud Platform's OS Login|https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020]] |GCP Flaw|
===
* __Miscellaneous__
** Detection and Honeypots with Azure Sentinel+++*[»]
|2020.06.07|Martin Rothe|[[Network IDS & Azure Sentinel|https://blog.rothe.uk/network-ids-azure-sentinel/]]|Azure_Sentinel|
|2020.06.06|Martin Rothe|[[Analyzing Honeypot Data with Azure Sentinel|https://blog.rothe.uk/analysing-honeypot-data/]]|Honeypot Azure_Sentinel|
===
** Kubernetes managed services+++*[»]
|2020.06.05|//IBM//, //Digital Ocean//, //Scaleway//|![[Kubernetes managed service|https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit]] |K8s Comparison|
===
** Updates on Zoom encryption+++*[»]
|2020.06.03|ZDnet|[[Zoom security: Here's how Germany got its wires crossed over video-chat privacy|https://www.zdnet.com/article/zoom-security-heres-how-germany-got-its-wires-crossed-over-video-chat-privacy/]]|Zoom|
|2020.06.03|Security Week|[[Zoom Not Offering End-to-End Encryption to Free Users to Help Law Enforcement|https://www.securityweek.com/zoom-not-offering-end-end-encryption-free-users-help-law-enforcement]]|Zoom Encryption|
|2020.06.03|CBR Online| → [[Zoom Wrestles Publicly with E2E Encryption Demons|https://www.cbronline.com/news/zoom-e2e-encryption]]|Zoom Encryption|
===
** IBM powers down Power-powered VPCs+++*[»]
|2020.06.02|//IBM//|[[End of Service Announcement for Virtual Servers for VPC on POWER|https://www.ibm.com/cloud/blog/announcements/end-of-service-announcement-for-virtual-servers-for-vpc-on-power]]|IBM_Cloud Power|
|2020.06.04|The Register| → [[IBM to power down Power-powered virtual private cloud, GPU-accelerated options|https://www.theregister.com/2020/06/04/ibm_vpc_power_shutdown_notice/]]|IBM_Cloud Power|
===
** Data Security in the SaaS Age (1/4)+++*[»]
|2020.06.03|//Securosis//|![[Data Security in the SaaS Age: Rethinking Data Security|https://securosis.com/blog/data-security-in-the-saas-age-rethinking-data-security]] (1/4) |SaaS|
===
** Tools: Cloudsploit+++*[»]
|2020.06.05|SecTechno|[[CloudSploit - Cloud Security Configuration Checks - SecTechno|https://sectechno.com/cloudsploit-cloud-security-configuration-checks/]]|Tools|
=== and Cado Host+++*[»]
|2020.06.05|Medium - cloudyforensics|[[Introducing Cado Host - A free tool to collect forensic artefacts from compromised systems|https://medium.com/@cloudyforensics/introducing-cado-host-a-free-tool-to-collect-forensic-artefacts-from-compromised-systems-e2f93ff5a532]]|Tools|
===
** Updates on the future GCP region in France+++*[»]
|2020.06.01|//Google Cloud//|![[Nouvelle région cloud en France|https://www.linkedin.com/posts/google-cloud_google-cloud-entend-soutenir-la-croissance-activity-6671666435900612608-cpke/]] |GCP France|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K67/|https://CloudSecurityAlliance.fr/go/K67/]] |
<<tiddler [[arOund0C]]>>
|!Juin|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.06.07|
|2020.06.07|Marco Lancini|[[The Cloud Security Reading List #40|https://cloudseclist.com/issues/issue-40/]]|Weekly_Newsletter|
|2020.06.07|Martin Rothe|[[Network IDS & Azure Sentinel|https://blog.rothe.uk/network-ids-azure-sentinel/]]|Azure_Sentinel|
|2020.06.07|n0secure.org|[[K3S/Monitoring|https://www.n0secure.org/2020/06/k3s-monitoring-a-long-way-to-devsecops-episode-5.html]]|DevSecOps|
|>|>|>|!2020.06.06|
|2020.06.06|TechRadar Pro|[[Fake VPN messages used to lure Office 365 phishing victims|http://www.techradar.com/news/fake-vpn-messages-used-to-lure-office-365-phishing-victims]]|O365 Phishing|
|2020.06.06|Martin Rothe|[[Analyzing Honeypot Data with Azure Sentinel|https://blog.rothe.uk/analysing-honeypot-data/]]|Honeypot Azure_Sentinel|
|2020.06.06|n0secure.org|[[K3S/Wordpress|https://www.n0secure.org/2020/06/k3s-wordpress-a-long-way-to-devsecops-episode-4.html]]|DevSecOps|
|>|>|>|!2020.06.05|
|2020.06.05|IBM|![[New Open Source Security Tools Let You Develop on Encrypted Data|https://developer.ibm.com/blogs/new-open-source-security-tools-let-you-develop-on-encrypted-data/]] (site [[Fully Homomorphic Encryption|https://www.research.ibm.com/labs/uk/fhe.html]]) |Homomorphic_Encryption|
|2020.06.05|Security Week| → [[IBM Releases Open Source Toolkits for Processing Data While Encrypted|https://www.securityweek.com/ibm-releases-open-source-toolkits-processing-data-while-encrypted]]|Homomorphic_Encryption|
|2020.06.05|DevOps| → [[IBM Releases Fully Homomorphic Encryption Toolkit for MacOS and iOS; Linux and Android Coming Soon|https://devops.com/ibm-releases-fully-homomorphic-encryption-toolkit-for-macos-and-ios-linux-and-android-coming-soon/]]|Homomorphic_Encryption|
|2020.06.05|SecTechno|[[CloudSploit - Cloud Security Configuration Checks - SecTechno|https://sectechno.com/cloudsploit-cloud-security-configuration-checks/]]|Tools|
|2020.06.05|Medium - cloudyforensics|[[Introducing Cado Host - A free tool to collect forensic artefacts from compromised systems|https://medium.com/@cloudyforensics/introducing-cado-host-a-free-tool-to-collect-forensic-artefacts-from-compromised-systems-e2f93ff5a532]]|Tools|
|2020.06.05|Hakin9 Mag|[[Docker-OSX - Run Mac in a Docker container|https://hakin9.org/docker-osx-run-mac-in-a-docker-container/]]|Docker MacOS|
|2020.06.05|CBR Online|![[European Policy Paper: "We Want a Chinese Firewall Too"|https://www.cbronline.com/news/european-firewall-proposal]] |Europe Policy|
|2020.06.05|DevOps|[[NetApp Acquires Spot to Rein in Cloud Costs|https://devops.com/netapp-acquires-spot-to-rein-in-cloud-costs/]]|Acquisition|
|2020.06.06|Israel Valley[img[iCSF/flag_fr.png]]| → [[L'américain Netapp rachète la start-up israélienne Spot pour réduire la facture cloud.|https://www.israelvalley.com/2020/06/lamericain-netapp-rachete-la-start-up-israelienne-spot-pour-reduire-la-facture-cloud/]]|Acquisition|
|2020.06.05|//Akamai//|[[Innovation Driven by Operational Experience and Engineering Insight Deters NXNS Attacks|https://blogs.akamai.com/2020/06/innovation-driven-by-operational-experience-and-engineering-insight-deters-nxns-attacks.html]]|DNS_Attacks|
|2020.06.05|//IBM//, //Digital Ocean//, //Scaleway//|![[Kubernetes managed service|https://docs.google.com/spreadsheets/d/1RPpyDOLFmcgxMCpABDzrsBYWpPYCIBuvAoUQLwOGoQw/edit]] |K8s Comparison|
|2020.06.05|//Microsoft Azure//|![[Customize cluster egress with a User-Defined Route|https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype]] |Azure AKS|
|>|>|>|!2020.06.04|
|2020.06.04|Federal News Network|[[How the pandemic is a forcing function for the hybrid cloud evolution close|https://federalnewsnetwork.com/federal-insights/2020/06/how-the-pandemic-is-a-forcing-function-for-the-hybrid-cloud-evolution/]]|Hybrid_Cloud|
|2020.06.04|Security Week|[[SD-WAN Must Be Secure, Flexible, and Scale Across the Entire Enterprise|https://www.securityweek.com/sd-wan-must-be-secure-flexible-and-scale-across-entire-enterprise]]|SD-WAN|
|2020.06.04|Lastline|[[Lastline to be Acquired by VMware|https://www.lastline.com/blog/lastline-to-be-acquired-by-vmware/]]|Acquisition|
|2020.06.05|//Silicon.fr[img[iCSF/flag_fr.png]]//| → [[VMware acquiert Lastline, firme de sécurité réseau|https://www.silicon.fr/vmware-acquiert-lastline-340857.html]]|Acquisition|
|2020.06.05|Silicon.fr[img[iCSF/flag_fr.png]]| → [[VMware acquiert Lastline, firme de sécurité réseau|https://www.silicon.fr/vmware-acquiert-lastline-340857.html]]|Acquisition|
|2020.06.04|MSSP Alert| → [[VMware Acquires Lastline Network Detection and Response|https://www.msspalert.com/investments/vmware-acquires-lastline-network-detection-and-response/]]|Acquisition|
|2020.06.05|Security Week| → [[VMware to Acquire Network Security Company Lastline|https://www.securityweek.com/vmware-acquire-network-security-company-lastline]]|Acquisition|
|2020.06.05|TechRadar Pro| → [[VMware snaps up network security firm Lastline|http://www.techradar.com/news/vmware-snaps-up-network-security-firm-lastline]]|Acquisition|
|2020.06.04|The Daily Swig|[[Kubernetes security flaw also earns bug bounty from Microsoft|https://portswigger.net/daily-swig/kubernetes-security-flaw-also-earns-bug-bounty-from-microsoft]]|K8s Bug_Bounty|
|2020.06.04|DevOps|[[CloudBolt Acquires SovLabs to Advance Hybrid Cloud Strategy|https://devops.com/cloudbolt-acquires-sovlabs-to-advance-hybrid-cloud-strategy/]]|Acquisition|
|2020.06.04|BetaNews|[[Securing SaaS applications for a remote workforce|https://betanews.com/2020/06/04/saas-remote-work-security-qa/]]|SaaS Remote_Working|
|2020.06.04|//Security Intelligence//|[[How Zero Trust Will Change Your Security Design Approach|https://securityintelligence.com/posts/how-zero-trust-will-change-your-security-design-approach/]]|Zero_Trust|
|2020.06.04|//Padok//|[[Set up an SSH bastion on AWS with Terraform modules LOGO|https://www.padok.fr/en/blog/ssh-bastion-aws-terraform]]|AWS Bastion SSH|
|2020.06.04|//NeuVector//|[[How to Protect Secrets in Containers Using DPI and DLP|https://neuvector.com/cloud-security/protect-secrets-in-containers/]]|Containers Secrets_Management|
|2020.06.04|//Bit Defender//|[[Security Misconfigurations a Leading Cause of Cloud Data Breaches|https://businessinsights.bitdefender.com/security-misconfigurations-a-leading-cause-of-cloud-data-breaches]]|Misconfiguration|
|2020.06.04|//GitLab//|![[Privilege Escalation in Google Cloud Platform's OS Login|https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020]] |GCP Flaw|
|>|>|>|!2020.06.03|
|2020.06.03|GAIA-X|![[GAIA-X - the European project kicks off the next phase |https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-the-european-project-kicks-of-the-next-phase.html]] |GAIA-X Europe|
|2020.06.03|Les Echos[img[iCSF/flag_fr.png]]| → [[La France et l'Allemagne défendent un cloud souverain européen|https://www.lesechos.fr/tech-medias/hightech/le-cloud-europeen-franco-allemand-devoile-ses-services-numeriques-souverains-1208046]]|GAIA-X Europe|
|2020.06.03|NeoWin| → [[Gaia-X, Europe' competitor to Silicon Valley' cloud computing offerings, takes shape - Neowin|https://www.neowin.net/news/gaia-x-europes-competitor-to-silicon-valleys-cloud-computing-offerings-takes-shape]]|GAIA-X Europe|
|2020.06.04|//Silicon.fr[img[iCSF/flag_fr.png]]//| → [[GAIA-X ou la possibilité d'un Cloud franco-allemand|https://www.silicon.fr/gaia-x-ou-la-possibilite-dun-cloud-franco-allemand-340778.html]]|GAIA-X Europe|
|2020.06.04|//OVH Cloud//| → [[GAIA-X Catalogue search engine - under the hood |https://www.ovh.com/blog/gaia-x-catalogue-search-engine-under-the-hood/]]|GAIA-X Europe|
|2020.06.04|POLITICO| → [[Germany, France launch Gaia-X platform in bid for "tech sovereignty"|https://www.politico.eu/article/germany-france-gaia-x-cloud-platform-eu-tech-sovereignty/]]|GAIA-X Europe|
|2020.06.05|Informatique News[img[iCSF/flag_fr.png]]| → [[Gaia-X, la nouvelle initiative franco-allemande pour assurer une souveraineté sur les données européennes dans le cloud|https://www.informatiquenews.fr/gaia-x-la-nouvelle-initiative-franco-allemande-pour-assurer-une-souverainete-sur-les-donnees-europeennes-dans-le-cloud-70785]]|GAIA-X Europe|
|2020.06.05|EURACTIV| → [[Altmaier charts Gaia-X as the beginning of a "European data ecosystem"|https://www.euractiv.com/section/data-protection/news/altmaier-charts-gaia-x-as-the-beginning-of-a-european-data-ecosystem/]]|GAIA-X Europe|
|2020.06.05|Journal du Geek| → [[Qu'est-ce que Gaia-X, le soi-disant "cloud européen" ?|https://www.journaldugeek.com/2020/06/05/gaia-x-cloud-europeen-bonne-idee/]]||
|2020.06.05|CloudTweaks| → [[France, Germany back European cloud computing 'moonshot'|https://www.reuters.com/article/us-europe-tech/france-germany-back-european-cloud-computing-moonshot-idUSKBN23B26B]]|GAIA-X Europe|
|2020.06.05|Channel E2E| → [[Europe' Gaia-X Counters Amazon AWS, Microsoft Azure, Google Cloud|https://www.channele2e.com/channel-partners/csps/europes-gaia-x-counters-aws-azure-google-cloud/]]|GAIA-X Europe|
|2020.06.05|ZDnet| → [[Gaia-X : le couple franco-allemand officialise son projet de Cloud souverain européen|https://www.zdnet.fr/actualites/gaia-x-le-couple-franco-allemand-officialise-son-projet-de-cloud-souverain-europeen-39904699.htm]]|GAIA-X Europe|
|2020.06.06|The Register| → [[Franco-German cloud framework floated to protect European's data from foreign tech firms slurpage|https://www.theregister.com/2020/06/06/eu_gaiax_cloud/]]|GAIA-X Europe|
|2020.06.08|//Silicon.fr[img[iCSF/flag_fr.png]]//| → [[GAIA-X : le catalogue de services s'affiche en prototype|https://www.silicon.fr/gaia-x-catalogue-services-prototype-340879.html]]|GAIA-X Europe|
|2020.06.03|TL;DR Security|[[#37 - Kubernetes, SAST Snark, and Malware Targeting Open Source Supply Chain|https://tldrsec.com/blog/tldr-sec-037/]] |Weekly_Newsletter|
|2020.06.03|Bleeping Computer|[[Office 365 phishing baits remote workers with fake VPN configs|https://www.bleepingcomputer.com/news/security/office-365-phishing-baits-remote-workers-with-fake-vpn-configs/]]|O365 Phishing|
|2020.06.03|ZDnet|[[Zoom security: Here's how Germany got its wires crossed over video-chat privacy|https://www.zdnet.com/article/zoom-security-heres-how-germany-got-its-wires-crossed-over-video-chat-privacy/]]|Zoom|
|2020.06.03|Security Week|[[Zoom Not Offering End-to-End Encryption to Free Users to Help Law Enforcement|https://www.securityweek.com/zoom-not-offering-end-end-encryption-free-users-help-law-enforcement]]|Zoom Encryption|
|2020.06.03|CBR Online| → [[Zoom Wrestles Publicly with E2E Encryption Demons|https://www.cbronline.com/news/zoom-e2e-encryption]]|Zoom Encryption|
|2020.06.03|//Google Cloud//|[[Finding your GKE logs|https://cloud.google.com/blog/products/management-tools/finding-your-gke-logs]]|GCP Logging|
|2020.06.03|//Forcepoint//|[[3 Tips to Protect Data in a Multi-cloud Environment|https://www.forcepoint.com/blog/insights/3-tips-protect-multi-cloud]]|Multi_Cloud|
|2020.06.03|//Ermetic//|[[Ermetic Reports Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months|https://ermetic.com/whats-new/ermetic-reports-nearly-80-of-companies-experienced-a-cloud-data-breach-in-past-18-months/]]|Report Ermetic|
|2020.06.03|Container Journal| → [[Ermetic Reports Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months|https://containerjournal.com/news/news-releases/ermetic-reports-nearly-80-of-companies-experienced-a-cloud-data-breach-in-past-18-months/]]|Report Ermetic|
|2020.06.03|Solutions Review| → [[Ermetic: 4 in 5 Companies Experienced a Cloud Data Breach in the Past 18 Months|https://solutionsreview.com/cloud-platforms/ermetic-4-in-5-companies-experienced-a-cloud-data-breach-in-the-past-18-months/]]|Report Ermetic|
|2020.06.03|Help Net Security| → [[Most companies suffered a cloud data breach in the past 18 months|https://www.helpnetsecurity.com/2020/06/03/cloud-data-breach/]]|Report Ermetic|
|2020.06.03|BetaNews| → [[Almost 80 percent of companies have had a cloud data breach in the past 18 months|https://betanews.com/2020/06/03/companies-cloud-data-breach/]]|Report Ermetic|
|2020.05.06|Security Week| → [[Cloud Security Company Ermetic Emerges From Stealth Mode|https://www.securityweek.com/microsoft-investigating-github-account-hacking-claims]]|Report Ermetic|
|2020.06.03|//Imperva//|[[Is Your AWS Data Secure and Compliant? Cloud Database Visibility in Minutes|https://www.imperva.com/blog/is-your-aws-data-secure-and-compliant-cloud-database-visibility-in-minutes/]]|AWS Compliance|
|2020.06.03|//Securosis//|![[Data Security in the SaaS Age: Rethinking Data Security|https://securosis.com/blog/data-security-in-the-saas-age-rethinking-data-security]] (1/4) |SaaS|
|2020.06.03|//Security Intelligence//|[[It's Time to Take a Fresh Look at Zero Trust|https://securityintelligence.com/articles/its-time-to-take-a-fresh-look-at-zero-trust/]]|Zero_Trust|
|2020.06.03|//Amazon AWS//|[[Tighten S3 permissions for your IAM users and roles using access history of S3 actions|https://aws.amazon.com/about-aws/whats-new/2020/06/tighten-s3-permissions-iam-users-roles-access-history-s3-actions/]]|AWS S3 IAM|
|2020.06.03|//Amazon AWS//|[[AWS Systems Manager Explorer now adds support for a delegated administrator account to view operational data across multiple accounts and regions|https://aws.amazon.com/about-aws/whats-new/2020/06/aws-systems-manager-explorer-now-adds-support-for-a-delegated-administrator-account-to-view-operational-data-across-multiple-accounts-and-regions/]]|AWS Administration|
|2020.06.03|//ForgeRock//|[[ForgeRock Consumer Identity Breach Report: U.S. Breaches Cost Over $1.8 Trillion; More Than 7.8 Billion Records Exposed Over Last Two Years|https://www.globenewswire.com/news-release/2020/06/03/2042963/0/en/ForgeRock-Consumer-Identity-Breach-Report-U-S-Breaches-Cost-Over-1-8-Trillion-More-Than-7-8-Billion-Records-Exposed-Over-Last-Two-Years.html]]|Report|
|>|>|>|!2020.06.02|
|2020.06.02|Medium - BreizhZeroDayHunters|[[When it's not only about a Kubernetes CVE…|https://medium.com/@BreizhZeroDayHunters/when-its-not-only-about-a-kubernetes-cve-8f6b448eafa8]]|CVE-2020–8555 Kubernetes|
|2020.06.02|BusinessWire|![[Second Annual |DevOps Survey Reveals 70% of Engineering Teams Choose Application Quality Over Software Delivery Speed|https://www.businesswire.com/news/home/20200602005310/en/Annual-DevOps-Survey-Reveals-70-Engineering-Teams]] |Survey Quality|
|2020.06.02|//OverOps//| → [[State of Software Quality Report] How Organizations are Addressing the Speed vs. Quality Challenge in 2020|https://blog.overops.com/survey-2020-the-state-of-software-quality/]]|Survey Quality|
|2020.06.02|DevOps| → [[Who's Responsible for Security? Apparently, It Depends|https://devops.com/whos-responsible-for-security-apparently-it-depends/]]|Surey|
|2020.06.02|DevOps| → [[Survey Surfaces Tension Between Software Speed and Quality|https://devops.com/survey-surfaces-tension-between-software-speed-quality/]]|Survey Quality|
|2020.06.02|Container Journal|[[Container Orchestration: Avoiding Errors and Misconfigurations|https://containerjournal.com/topics/container-management/container-orchestration-avoiding-errors-and-misconfigurations/]]|ocntainers Misconfiguration:|
|2020.06.02|//Pivot Point Security//|[[Concerned about the security of your Cloud Services? Demand CREST|https://www.pivotpointsecurity.com/blog/concerned-about-the-security-of-your-cloud-services-demand-crest/]]|Assessment|
|2020.06.02|//Intezer//|[[Intezer - Building a Robust App Control Strategy for your Cloud Workloads|https://www.intezer.com/blog/cloud-security/building-a-robust-app-control-strategy-for-your-cloud-workloads/]]|Workloads|
|2020.06.02|//IBM//|[[End of Service Announcement for Virtual Servers for VPC on POWER|https://www.ibm.com/cloud/blog/announcements/end-of-service-announcement-for-virtual-servers-for-vpc-on-power]]|IBM_Cloud Power|
|2020.06.04|The Register| → [[IBM to power down Power-powered virtual private cloud, GPU-accelerated options|https://www.theregister.com/2020/06/04/ibm_vpc_power_shutdown_notice/]]|IBM_Cloud Power|
|2020.06.02|//Exabeam//|[[Kubernetes Security Monitoring: How to Gain Visibility and Prevent Breaches|https://www.exabeam.com/information-security/kubernetes-security-monitoring/]]|K8s Monitoring|
|>|>|>|!2020.06.01|
|2020.06.01|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Les services cloud de collaboration explosent, les attaques aussi|https://www.lemondeinformatique.fr/actualites/lire-les-services-cloud-de-collaboration-explosent-les-attaques-aussi-79230.html]]|Report McAfee|
|2020.06.01|Health IT Security|[[Remote Attacks on Cloud Service Targets Rose 630% Amid COVID-19|https://healthitsecurity.com/news/remote-attacks-on-cloud-service-targets-rose-630-amid-covid-19]]|Report McAfee|
|2020.06.01|Dark Reading|[[Strengthening Secure Information Sharing Through Technology & Standards|https://www.darkreading.com/threat-intelligence/strengthening-secure-information-sharing-through-technology-and-standards/a/d-id/1337963]]|Information_Sharing|
|2020.06.01|Bleeping Computer|[[Joomla data breach leaks 2,700 user records via exposed backups|https://www.bleepingcomputer.com/news/security/joomla-data-breach-leaks-2-700-user-records-via-exposed-backups/]]|Joomla dataLeak AWS|
|2020.06.03|//Threatpost//| → [[Joomla Resources Directory Users Exposed in Leaky AWS Bucket|https://threatpost.com/joomla-resources-directory-exposed-aws-bucket/156231/]]|AWS Bucket Data_Leak|
|2020.06.01|//Google Cloud//|![[Nouvelle région cloud en France|https://www.linkedin.com/posts/google-cloud_google-cloud-entend-soutenir-la-croissance-activity-6671666435900612608-cpke/]] |GCP France|
|2020.06.01|//Amazon AWS//|![[How to perform automated incident response in a multi-account environment|https://aws.amazon.com/blogs/security/how-to-perform-automated-incident-response-multi-account-environment/]] |Incident Response|
|>|!|>||
|>|>|>|2020.05.27 (suite)|
|2020.05.27|Kubernetes|[[IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements #91507|https://github.com/kubernetes/kubernetes/issues/91507]]|CVE-2020-10749 Kubernetes|
|2020.06.02|CBR Online| → [[Kubernetes Bug Leaves Default Clusters Vulnerable to Man-in-the-Middle Attacks|https://www.cbronline.com/news/kubernetes-bug]]|CVE-2020-10749 Kubernetes|
|2020.06.03|//Alcide//| → [[New Kubernetes Man-In-The-Middle (MiTM) Attack Leverages IPv6 Router Advertisements|https://blog.alcide.io/new-kubernetes-man-in-the-middle-mitm-attack-leverage-ipv6-router-advertisements]]|CVE-2020-10749 Kubernetes|
|2020.06.05|//StackRox//| → [[Mitigating CVE-2020-10749 in Kubernetes Environments|https://www.stackrox.com/post/2020/06/mitigating-kubernetes-cve-2020-10749/]]|CVE-2020-10749 Kubernetes|
|>|>|>|2020.05.19 (suite)|
|2020.05.19|//VMware//|[[VMSA-2020-0010: VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)|https://www.vmware.com/security/advisories/VMSA-2020-0010.html]]|CVE-2020-3956|
|2020.06.04|GBHackers on Security| → [[A Bug VMware Cloud Director Let Hackers Compromise Corporate Servers|https://gbhackers.com/critical-vmware-cloud-director-bug/]]|CVE-2020-3956 VMware|
|2020.06.03|//Sophos//| → [[VMware flaw allows takeover of multiple private clouds|https://nakedsecurity.sophos.com/2020/06/03/vmware-flaw-allows-takeover-of-multiple-private-clouds/]]|CVE-2020-3956 VMware|
|2020.06.02|Help Net Security| → [[VMware Cloud Director vulnerability enables a full cloud infrastructure takeover|https://www.helpnetsecurity.com/2020/06/02/cve-2020-3956/]]|CVE-2020-3956 VMware|
|2020.06.02|Security Week| → [[VMware Cloud Director Vulnerability Has Major Impact for Cloud Providers|https://www.securityweek.com/vmware-cloud-director-vulnerability-has-major-impact-cloud-providers]]|CVE-2020-3956 VMware|
<<tiddler [[arOund0C]]>>
!//Conférence 'Cloud Security Summit 2020' du SANS//
[>img(150px,auto)[iCSF/K5SES.jpg]]Les slides présentées lors du 'Cloud Security Summit 2020' du SANS qui s'est déroulé du 28 mai 2020 au 5 juin 2020 sont maintenant disponibles
* [[Building a Pipeline for Secure Virtual Machines in AWS|http://www.sans.org/cyber-security-summit/archives/download/24060]] par Shaun McCullough
* [[Cloud Breaches - Case Studies, Best Practices, and Pitfalls|http://www.sans.org/cyber-security-summit/archives/download/24055]] par Dylan Marcoux et Christopher Romano
* [[Cloud Security Posture Management from Security Hygiene to Incident Response|http://www.sans.org/cyber-security-summit/archives/download/24005]] par Yuri Diogenes, Jess Huber et Ricardo Bruno
* [[Cloud Security to Go|http://www.sans.org/cyber-security-summit/archives/download/24065]] par Ken Hartman
* [[Cover Your SaaS - Practical SaaS Security Tips|http://www.sans.org/cyber-security-summit/archives/download/24035]] par Ben Johnson
* [[Doing Cloud in China|http://www.sans.org/cyber-security-summit/archives/download/24020]] par Kenneth G. Hartman
* [[Don't Just Lift and Shift - Why Traditional Controls Don't Always Apply to the Cloud and What You Can Do About It|http://www.sans.org/cyber-security-summit/archives/download/23985]] par Steve Turner
* [[Keynote - Lessons Learned from Cloud Security Incidents Past and Present|http://www.sans.org/cyber-security-summit/archives/download/24025]] par Dave Shackleford
* [[Keynote - Securing Cloud Deployments - A Red Team Perspective|http://www.sans.org/cyber-security-summit/archives/download/23970]] par Matt Burrough
* [[Leveling Up Your Workforce for Cloud Enablement - Pathways to Total Pwnage|http://www.sans.org/cyber-security-summit/archives/download/24045]] par Aaron Lancaster
* [[Modern Identity Strategies to Securely Manage Your Cloud Infrastructure|http://www.sans.org/cyber-security-summit/archives/download/24010]] par Michael Soule
* [[Multi-Cloud Visibility for Large Organizations|http://www.sans.org/cyber-security-summit/archives/download/24050]] par Chris Farris
* [[Put a Lid on Those AWS S3 Buckets|http://www.sans.org/cyber-security-summit/archives/download/24030]] par Lily Lee et Melisa Napoles
* [[Reimagining Vulnerability Management in the Cloud|http://www.sans.org/cyber-security-summit/archives/download/24015]] par Eric Zielinski
* [[Static Analysis of Infrastructure as Code|http://www.sans.org/cyber-security-summit/archives/download/23990]] par Barak Schoster Goihman
* [[Threat Hunting in the Microsoft Cloud - The Times They Are a-Changin'|http://www.sans.org/cyber-security-summit/archives/download/23995]] par John Stoner
Liens :
* Page d'accueil ⇒ https://www.sans.org/event/cloud-security-summit-2020
!//GAIA-X: A Federated Data Infrastructure for Europe//
[>img(50px,auto)[iCSF/GAIA-X.gif]]Le soutien des ministres de l'Économie de la France et de l'Allemagne, respectivement Bruno Lemaire et Peter Altmaier, a été approté au projet GAIA-X lors d'une conférence de presse le jeudi 4 juin 2020.
Avec GAIA-X, il s'agit de créer une infrastructure de données pour supporter un écosystème européen vital.
Voici la présentation succincte du projet GAIA-X telle que publiée sur son site+++*[»]> https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/FAQ/faq-projekt-gaia-x-01.html === (et traduite par nos soins) :
<<<
//Le projet GAIA-X se caractérise par les éléments fondamentaux suivants :[>img(500px,auto)[iCSF/GAIA-X-Arch.jpg]]
* Nous voulons créer la prochaine génération d'infrastructures de données pour l'Europe, ses États, ses entreprises et ses citoyens.
* Cette infrastructure doit répondre aux normes les plus élevées en termes de souveraineté numérique et de promotion de l'innovation. Nous considérons cette infrastructure comme le berceau d'un écosystème, où les données et les services peuvent être mis à disposition, collectés et partagés dans un environnement de confiance.
* Le concept se concentre sur les besoins précis des utilisateurs et sur le bénéfice supplémentaire comme le montrent les cas d'usage.
* Les concepts existants doivent être compris comme une proposition à l'Europe, tels que nous les avons développés avec nos partenaires français. Nous poursuivons cette voie également avec d'autres partenaires européens et en accord avec la Commission européenne.
* Notre objectif est d'établir un cadre plus solide pour cette initiative en 2020 et de lancer quelques premiers cas d'usage d'ici la fin 2020.
//
<<<
A ce jour plusieurs documents ont été publiés en octobre 2019 et en ce mois de juin 2020.Leur lecture est conseillée ''pour savoir réellement de quoi on parle'', et notamment identifier parmi tous les articles publiés, ceux qui recopient bêtement (et sont malheuresement repris), et ceux qui ont vraiment réfléchi au sujet.
Un fil de discussion dédiéa été ouvert sur la communauté ''Chapter France'' de la plateforme [[Circle]].
Vous trouverez ci-dessous les documents les plus importants, en prévenant toutefois que ce corpus documentaire risque d'en décevoir certains :
* il est volumineux (plus de 250 pages) mais semble complet et solide (//à l'heure de la rédaction de cet article, nous n'en avons pas fini la lecture complète//)
* il a été principalement rédigés par des universitaires et des chercheurs allemands, dont les préoccupations semblent parfois un peu éloignées des attentes et des besoins des entreperises
Liens :
* Page d'accueil du projet GAIA-X ⇒ [[HTML|https://www.data-infrastructure.eu/GAIAX/Navigation/EN/Home/home.html]]
* Foire aux Questions sur le projet GAIA-X+++*[»]
Lien ⇒ [[HTML|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/FAQ/faq-projekt-gaia-x.html]]
* 1. What is the GAIA-X project?
* 2. Why do we need GAIA-X? What is the added benefit?
* 3. What are the key elements? Are you building another hyperscaler, that will compete against existing market offerings?
* 4. What will be Germany's role?
* 5. What are the next steps?
* 6. Who can join the project in future and how can interested companies and organisations get involved?
* 7. How and using which procedure were the current project partners selected?
* 8. Who is involved in the project?
* 9. Is the project open for international cloud providers?
* 10. How will other European countries be involved in GAIA-X?
* 11. How will the submitted use cases be financially supported with regard to development and implementation?
* 12. Does GAIA-X currently have any users?
* 13. How are users and providers involved in the development of GAIA-X and how can they contribute their requirements for a European data infrastructure?
* 14. What is intended fort he technical conception?
* 15. Who can be contacted in case of question about GAIA-X?
* 16. What advantages does GAIA-X offer for SMEs?
* 17. What does GAIA-X have to be able to do from the user's perspective?
* 18. What does the architecture look like?
* 19. What is the purpose or task of the entity?
=== ⇒ [[HTML|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/FAQ/faq-projekt-gaia-x.html]]
* "Publication: Franco-German Position on GAIA-X" ⇒ [[PDF|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Downloads/franco-german-position-on-gaia-x.pdf?__blob=publicationFile&v=2]]
* "Le projet GAIA-X" - "Une infrastructure de données en forme de réseau, berceau d'un écosystème européen vital" [img[iCSF/flag_fr.png]] ⇒ [[HTML|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/das-projekt-gaia-x-french.html]] [[PDF|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/das-projekt-gaia-x-french.pdf?__blob=publicationFile&v=2]]
* Project GAIA-X "A Federated Data Infrastructure as the Cradle of a Vibrant European Ecosystem" (octobre 2019) ⇒ [[HTML|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/project-gaia-x.html]] et [[PDF|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/project-gaia-x.pdf?__blob=publicationFile&v=4]]
* "Le projet GAIA-X" - Synthèse ⇒ [img[iCSF/flag_fr.png]] [[HTML|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/le-projet-gaia-x-sommaire-de-gestion.html]] et [[PDF|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/le-projet-gaia-x-sommaire-de-gestion.pdf?__blob=publicationFile&v=3]]
* "GAIA-X - the European project kicks off the next phase" (juin 2020) ⇒ [[HTML|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-the-european-project-kicks-of-the-next-phase.html]] et [[PDF|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-the-european-project-kicks-of-the-next-phase.pdf?__blob=publicationFile&v=5]]
* "GAIA-X: A Pitch Towards Europe" - "Status Report on User Ecosystems and Requirements" ⇒ [[HTML|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-a-pitch-towards-europe.html]] et [[PDF|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-a-pitch-towards-europe.pdf?__blob=publicationFile&v=4]]
* "GAIA-X: Technical Architecture" (juin 2020) ⇒ [[HTML|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-technical-architecture.html]] et [[PDF|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-technical-architecture.pdf?__blob=publicationFile&v=3]]
* "GAIA-X: Driver of digital innovation in Europe" - "Featuring the next generation of data infrastructure" (juin 2020) ⇒ [[HTML|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-driver-of-digital-innovation-in-europe.html]] et [[PDF|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-driver-of-digital-innovation-in-europe.pdf?__blob=publicationFile&v=6]]
* "GAIA-X: Policy Rules and Architecture of Standards " (juin 2020) ⇒ [[HTML|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-policy-rules-and-architecture-of-standards.html]] et [[PDF|https://www.data-infrastructure.eu/GAIAX/Redaktion/EN/Publications/gaia-x-policy-rules-and-architecture-of-standards.pdf?__blob=publicationFile&v=2]]<<tiddler [[arOund0C]]>>
Voici la newsletter publiée par le CSA pour les Chapitres Européens, nord et sud américains. pour le mois de Juin 2020.
<<<
|ssTablN0|k
|>| [img(auto,125px)[iCSA/K61N1.png]] |
|>|Dear Chapters, |
|>|Thank you for participating in CSA's global community. We hope you enjoy this newsletter, created exclusively for our chapters.Feel free to share with your members.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Welcome Newly Chartered Chapters|
| |We are excited to welcome two recentlychartered CSA Chapters, located in New Jersey and North Carolina:|
|~|• The New Jersey Chapter, located at Kean Unversity in Union, NJ.|
|~|• The Triangle Chapter, headquartered in Raleigh-Durham, NC.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Recently Published Research|
| |CSA released the following research documents this past month. Like all of CSA's research, they are completely vendor-neutral and freely accessible on our website:|
|~|• Research: '[[Software-Defined Perimeter (SDP) and Zero Trust|https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-and-zero-trust/]]'|
|~|• Research: '[[CCM, PLA, and CAIQ Translations in 10 Languages|https://cloudsecurityalliance.org/artifacts/pla-coc-translation-in-10-languages/]]'|
|~|• Research: '[[Cloud Industrial Internet of Things (IIoT) - Industrial Control Systems Security Glossary|https://cloudsecurityalliance.org/artifacts/cloud-industrial-internet-of-things-iiot-industrial-control-systems-security-glossary/]]'|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|[img(150px,auto)[iCSA/K61N2.jpg]]|!Join Us for the CSA Virtual EU Summit - June 9-12 - FREE|
|~|The Cloud Security Alliance's Virtual EU Summit will address trust building measures such as certification, risk management, and privacy protectionto support agency missions, and the private sector, in a secure and trusted cloud environment.|
|~|CSA virtual events arefreefor all to attend.|
|~|Earn up to 11 CPE credits. |
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Other Research News|
| |• Survey: '[[Quantum-Safe Security Awareness|https://www.surveymonkey.com/r/QSSAWARE]]'|
|~|• Peer Review: '[[Financial Services Stakeholders Platform Working Group Charter|https://cloudsecurityalliance.org/artifacts/fssp-2020-2021-charter/]]'|
|~|• Peer Review: '[[Mobile Application Security Testing =E2=80=93 Sum-Up & Landscape Overview|https://cloudsecurityalliance.org/artifacts/mast-landscape-overview/]]'|
|~|• Blog: '[[Pen Testing in the Age of Cloud|https://cloudsecurityalliance.org/blog/2020/05/26/pen-testing-in-the-age-of-cloud/]]'|
|~|If you have any questions around how to implement this research, you can ask our research analysts and working group members in our Circle Community [[here|https://circle.cloudsecurityalliance.org/communities/allcommunities?DisplayBy=3&OrderBy=0&CommunityTypeKey=314037a2-8690-4cd7-b3f6-596013ec15ca&FilterBy=]].|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|!Upcoming Events|
| |''CSA Virtual EU Summit'', June 9-12, Online - [[More Information|https://web.cvent.com/event/c286b4fc-ecbd-4692-b11a-e9c4f55d0061/summary?RefId=eventsmainpage]]|
|~|''Federal Summit'', June 25, Washington, D.C. Complimentary Passes|
|~|Chapter boardmembers are eligible to receive two free passes to the CSA Federal Summit in Washington, D.C. Email the Chapter Relations Manager to learn more: [[Todd Edison|mailto:tedison@cloudsecurityalliance.org]] - [[More Information|https://csacongress.org/event/csa-federal-summit-2020/]]|
|~|''CSA CloudCon 2020'', August 19 - 20, Grand Rapids, MI (Hosted by the CSA West Michigan Chapter) - [[More Information|http://csawmi.org/index.php/2020/01/27/cloudcon-grand-rapids/]]|
|~|''Cloud Security & Hacking Conference'', August 27, Guatemala City, Guatemala (Hosted by the CSA Central America Chapter) - [[More Information|https://circle.cloudsecurityalliance.org/events/event-description?CalendarEventKey=746f0ad7-e3a8-44aa-8ac2-741225764121&Home=%2fevents%2fcalendar&_ga=2.63324719.1668205685.1588780275-351404941.1578521279]]|
|~|''SECtember'', September 14-18, Seattle, WA - [[More Information|https://sectember.com/]]|
|~|See our full list of events [[here|https://cloudsecurityalliance.org/events]].|
|~|Let us know if you would like to post your chapter meeting, event, or webinar on the CSA Circle platform. This is an opportunity to increase your event audience, as thereare currently over 1,500 Circle community users.|
|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|Until next time...|
|>|Sincerely,|
|>|''Todd Edison -- Chapter Relations Manager, Cloud Security Alliance''|
<<<
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202005>>
<<tiddler fAll2Tabs10 with: VeilleM","_202005>>
Aucune alerte notable en Mai 2020.
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Mai 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202005>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Mai 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Mai 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202005'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202005'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Mai 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202005'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Mai 2020]]>>
!"//Cloud Security Alliance Announces Phoenix One as Authorized CCSK Training Partner in the Philippines//"
^^Communiqué de presse de la CSA du 28 mai 2020.
* Lien ⇒ https://cloudsecurityalliance.org/press-releases/2020/05/28/cloud-security-alliance-announces-phoenix-one-as-authorized-ccsk-training-partner-in-the-philippines/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Application Containers and Microservices Working Group Charter//"
^^Appel à commentaires publié le 26 mai mai 2020 sur le site de la CSA. La date limite est fixée au 26 juin.
* Lien ⇒ https://cloudsecurityalliance.org/artifacts/application-containers-and-microservices-working-group-charter/ /% ''[[CloudSecurityAlliance.fr/go/k5qr/|https://CloudSecurityAlliance.fr/go/k5qr/]]'' %/^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Pen Testing in the Age of Cloud//"
[>img(100px,auto)[iCSA/K5QBP.png]]^^Article publié le 26 mai 2020 sur le blog de la CSA, après l'avoir été le 19 mai 2020 sur le site de Fugue
__Liens :__
* Blog CSA ⇒ https://cloudsecurityalliance.org/articles/pen-testing-in-the-age-of-cloud/ /% ''[[CloudSecurityAlliance.fr/go/k5qx/|https://CloudSecurityAlliance.fr/go/k5qx/]]'' %/
* Site Fugue ⇒ https://www.fugue.co/blog/pen-testing-in-the-age-of-cloud /% ''[[CloudSecurityAlliance.fr/go/k5qz/|https://CloudSecurityAlliance.fr/go/k5qz/]]'' %/
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Cloud Security Alliance Announces ACinfotec as Authorized CCSK Training Partner in Thailand//"
^^Communiqué de presse de la CSA du 20 mai 2020.
* Lien ⇒ https://cloudsecurityalliance.org/articles/cloud-security-alliance-announces-acinfotec-as-authorized-ccsk-training-partner-in-thailand/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//The road to the cloud - The story of public versus private//"
[>img(150px,auto)[iCSA/K5EBT.png]]^^Article publié le 14 mai 2020 sur le site de la CSA. après l'avoir été ''4,5 mois'' auparavent (record battu !), le 2 décembre 2019 sur le site LinkedIN.
Son auteur est le Dr. Wendy Ng+++*[»]> https://www.linkedin.com/in/wendyng1/ ===, DevSecOps Security Advisor chez Experian
__Liens :__
* Site CSA ⇒ https://cloudsecurityalliance.org/blog/2020/05/14/the-road-to-the-cloud-the-story-of-public-versus-private/ /% ''[[CloudSecurityAlliance.fr/go/k5ex/|https://CloudSecurityAlliance.fr/go/k5ex/]]'' %/
* Site LinkedIN ⇒ https://www.linkedin.com/pulse/road-cloud-story-public-versus-private-dr-wendy-ng-cissp/ /% ''[[CloudSecurityAlliance.fr/go/k57z/|https://CloudSecurityAlliance.fr/go/k57z/]]'' %/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Cloud Security Alliance and Asia Cybersecurity Exchange Renew Memorandum of Intent//"
^^Communiqué de presse CSA du 13 mai 2020.
Lien ⇒ https://cloudsecurityalliance.org/articles/cloud-security-alliance-and-asia-cybersecurity-exchange-renew-memorandum-of-intent/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Cloud Security Alliance Announces Cyberstrat IT Consulting as the Newest Authorized CCSK Training Partner//"
^^Communiqué de presse de la CSA du 12 mai 2020.
* Lien ⇒ https://cloudsecurityalliance.org/articles/cloud-security-alliance-announces-cyberstrat-it-consulting-as-the-newest-authorized-ccsk-training-partner/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Cloud Security Alliance Partners with Singapore IT Industry in Initiative to Support Continuous Education//"
^^Communiqué de presse de la CSA du 11 mai 2020.
* Lien ⇒ https://cloudsecurityalliance.org/articles/cloud-security-alliance-partners-with-singapore-it-industry-in-initiative-to-support-continuous-education/
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Mobile-Connect Controls for Secure Remote Working//"
[>img(150px,auto)[iCSA/K5CBM.jpg]]^^Article publié le 12 mai 2020 sur le blog de la CSA, après l'avoir été le 28 avril 2020 sur le site de CipherCloud
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k5cx/|https://CloudSecurityAlliance.fr/go/k5cx/]]''
* Site CipherCloud ⇒ ''[[CloudSecurityAlliance.fr/go/k5cz/|https://CloudSecurityAlliance.fr/go/k5cz/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Cloud Security Alliance Partners with Singapore Government IT Agency in National Support Initiative//"
^^Communiqué de presse CSA du 8 mai 2020.
> //The Cloud Security Alliance //[...]// announced the 'CSA National Support Initiative', under which it has partnered with a government IT agency in Singapore to provide 50 complimentary Certificate of Cloud Security Knowledge (CCSK) Learning Management System (LMS) licenses. The partnership will allow IT professionals to continue with their learning during the COVID-19 period.//
* Site CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k58p/|https://CloudSecurityAlliance.fr/go/k58p/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Why is Cloud DLP the most important technology for SaaS apps?//"
^^Article publié le 7 mai 2020 sur le site de la CSA. après l'avoir été le 23 avril sur le site de CipherCloud.
__Liens :__
* Site CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k57x/|https://CloudSecurityAlliance.fr/go/k57x/]]''
* Site CipherCloud ⇒ ''[[CloudSecurityAlliance.fr/go/k57z/|https://CloudSecurityAlliance.fr/go/k57z/]]''
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//The State of Cloud Security 2020 Report: Understanding Misconfiguration Risk//"
^^Article publié le 5 mai 2020, après l'avoir été le 23 avril sur le site de la socuiété Fugue.
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/k51r/|https://CloudSecurityAlliance.fr/go/k51r/]]'' ^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Financial Services Stakeholders Platform Working Group Charter//"
^^Appel à commentaires publié le 1er mai 2020 sur le site de la CSA. La date limite est fixée au 17 mai.
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/k51r/|https://CloudSecurityAlliance.fr/go/k51r/]]'' ^^
[img(25%,1px)[iCSF/BluePixel.gif]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #66|2020.05.31 - Newsletter Hebdomadaire #66]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #66|2020.05.31 - Weekly Newsletter - #66]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.05.31 - Newsletter Hebdomadaire #66]]>> |<<tiddler [[2020.05.31 - Weekly Newsletter - #66]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - semaine du 25 au 31 mai 2020
!!1 - Informations CSA - 25 au 31 mai 2020
* Podcast : 'CSA STAR + SOC2 - From Readiness to Attestation'+++*[»]> <<tiddler [[2020.05.26 - Podcast : 'CSA STAR + SOC2 - From Readiness to Attestation']]>>===
* Blog : Applications d'aujourd'hui et cybersécurité dans le Cloud+++*[»]> <<tiddler [[2020.05.27 - Blog : Applications d'aujourd'hui et cybersécurité dans le Cloud]]>>===
* Publication : 'Software Defined Perimeter (SDP) and Zero Trust'+++*[»]> <<tiddler [[2020.05.27 - Publication : 'Software Defined Perimeter (SDP) and Zero Trust']]>>===
* Appels à commentaires CSA sur le document 'Mobile Application Security Testing - Sum-Up & Landscape Overview'+++*[»]> <<tiddler [[2020.05.08 - Appel à commentaires : 'Mobile Application Security Testing - Sum-Up & Landscape Overview']]>>=== (8 juin)
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.05.31 - Veille Hebdomadaire - 31 mai]] avec plus de 70 liens
* Rapports à lire
** ''AWS Shield Threat Landscape''+++*[»]
|2020.05.29|//AWS//|![[AWS Shield Threat Landscape report is now available|https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/]] ([[rapport|https://aws-shield-tlr.s3.amazonaws.com/2020-Q1_AWS_Shield_TLR.pdf]])|Report AWS|
===
** ''McAfee Cloud Adoption & Risk Report''+++*[»]
|2020.05.27|//McAfee//|![[Cloud Adoption & Risk Report|https://www.mcafee.com/enterprise/en-us/forms/gated-form.html]]|Report McAfee|
|2020.05.28|The Daily Swig|[[Cloud-based cyber-attacks flaring up during coronavirus pandemic|https://portswigger.net/daily-swig/cloud-based-cyber-attacks-flaring-up-during-coronavirus-pandemic]]|Attacks|
|2020.05.28|Help Net Security| → [[External attacks on cloud accounts grew 630 percent from January to April|https://www.helpnetsecurity.com/2020/05/28/external-attacks-on-cloud-accounts/]]|Report McAfee|
===
** ''Australian Strategic Policy Institute''+++*[»]
|2020.05.27|ASPI|![[National security agencies and the cloud: An urgent capability issue for Australia|https://www.aspi.org.au/report/national-security-agencies-and-cloud-urgent-capability-issue-australia]] ([[rapport|https://s3-ap-southeast-2.amazonaws.com/ad-aspi/2020-05/SR%20156%20National%20security%20agencies%20and%20the%20cloud.pdf]])|Report Australia|
===
* __Attaques__ et pannes
** Phishing AWS+++*[»]
|2020.05.27|//Abnormal Security//|[[Abnormal Attack Stories: AWS Phishing|https://abnormalsecurity.com/blog/abnormal-attack-stories-aws-phishing/]]|AWS Phishing|
|2020.05.28|ZDNet| → [[Phishing attack impersonates Amazon Web Services to steal user credentials|https://www.techrepublic.com/article/phishing-attack-impersonates-amazon-web-services-to-steal-user-credentials/]]|AWS Phishing|
|2020.05.30|HackRead| → [[New AWS phishing scam steals credentials via fake AWS notification|https://www.hackread.com/aws-phishing-scam-steals-aws-credentials-fake-notification/]]|Phishing AWS|
===, et attaque de clients Cloud de NTT au Japon+++*[»]
|2020.05.29|The Register|[[NTT warns its Singapore cloud was hacked, Japanese customer data compromised|https://www.theregister.com/2020/05/29/ntt_hacked_customer_breach/]]|Compromise|
===
** Panne Adobe Cloud+++*[»]>
|2020.05.27|The Register|[[Photostopped: Adobe Cloud evaporates in mass outage. Hope none of you are on a deadline, eh?|https://www.theregister.com/2020/05/27/adobe_cloud_outage/]]|Outage Adobe|
===
* Analyses techniques
** Active Directory via AzureAD+++*[»]
|2020.05.27|Active Directory Security|![[From Azure AD to Active Directory (via Azure) - An Unanticipated Attack Path|https://adsecurity.org/?p=4277]]|AzureAD Attacks|
|2020.05.28|//Trimarc Security//| → [[Webcast: Securing Office 365 and Azure AD Defend Your Tenant|https://www.hub.trimarcsecurity.com/post/webcast-securing-office-365-and-azure-ad-defend-your-tenant]]|O365 AzureAD Tenant|
===
** Pièces jointes dans Office 365+++*[»]
|2020.05.31|Bleeping Computer|[[Office 365 to give detailed info on malicious email attachments|https://www.bleepingcomputer.com/news/security/office-365-to-give-detailed-info-on-malicious-email-attachments/]]|O365 Attacks|
===
* __Rapports et études__
** Fortinet sur le manque de comptences Cloud et Sécurité+++*[»]
|2020.05.27|//Fortinet//|[[Fortinet Survey Uncovers Critical Insights for Addressing the Growing Skills Gap|https://www.fortinet.com/blog/industry-trends/fortinet-uncovers-critical-insights-to-address-cyber-skills-gap.html]] ([[rapport|https://www.fortinet.com/content/dam/maindam/PUBLIC/02_MARKETING/08_Report/report-fortinet-survey-skills-shortage.pdf]])|Skills|
|2020.05.27|Dark Reading| → [[Cloud Security Architect Proves Hardest Infosec Role to Fill|https://www.darkreading.com/cloud/cloud-security-architect-proves-hardest-infosec-role-to-fill/d/d-id/1337925]]|Skills|
===
* __Acquisitions__
** ThousandEyes par Cisco+++*[»]
|2020.05.28|//ThousandEyes//|[[ThousandEyes + Cisco = A Thousand Times ThousandEyes|https://blog.thousandeyes.com/cisco-announces-intent-to-acquire-thousandeyes/]]|Acquisitions|
|2020.05.28|SecurityWeek| → [[Cisco to Buy Network Intelligence Firm ThousandEyes|https://www.securityweek.com/cisco-buy-network-intelligence-firm-thousandeyes]]|Acquisitions|
|2020.05.28|Silicon Angle| → [[Cisco to acquire network intelligence startup ThousandEyes for reported $1B|https://siliconangle.com/2020/05/28/cisco-to-acquire-network-intelligence-startup-thousandeyes-reported-1b/]]|Acquisitions|
===
** Edgewise par Zscaler+++*[»]
|2020.05.28|Silicon Angle|[[Zscaler buys security startup Edgewise as it beats earnings estimates|https://siliconangle.com/2020/05/28/zscaler-buys-security-startup-edgewise-beats-earnings-estimates/]]|Acquisition|
===
* __Divers__
** Annonce d'une nouvelle région Google en France en 2022+++*[»]
|2020.05.28|Silicon.fr[>img[iCSF/flag_fr.png]]|![[Google Cloud annonce une "région" France pour 2022|https://www.silicon.fr/google-cloud-annonce-une-region-france-pour-2022-340430.html]]|GCP France|
|2020.05.28|Le Mag IT[img[iCSF/flag_fr.png]]| → [[Google se donne un an et demi pour mettre son cloud en France|https://www.lemagit.fr/actualites/252483826/Google-se-donne-encore-un-an-et-demi-pour-mettre-son-cloud-en-France]]|GCP France|
|2020.05.28|DataCenter Magazine[img[iCSF/flag_fr.png]]| → [[Google Cloud ouvrira une nouvelle région en France|https://datacenter-magazine.fr/google-cloud-ouvrira-une-nouvelle-region-en-france/]]|GCP France|
|2020.05.28|Journal du Net[>img[iCSF/flag_fr.png]]|[[Cloud : les pièges du stockage hybride|https://www.journaldunet.com/web-tech/cloud/1491703-les-pieges-du-stockage-hybride/]]|Storage|
===
** Containers+++*[»]
|2020.05.29|Container Journal|[[Gartner's 6 Best Practices for Containers, Kubernetes|https://containerjournal.com/topics/container-ecosystems/gartners-6-best-practices-for-containers-kubernetes/]]|Containers Kubernetes Best_Practices|
|2020.05.27|//CyberArk Conjur//|[[Top 4 Open Source Tools for Observability of Containers and Microservices|https://www.conjur.org/blog/top-4-open-source-tools-for-observability-of-containers-and-microservices/]]|Containers Micro_Services|
|2020.05.26|//Palo Alto Networks//|[[Rootless Containers: The Next Trend in Container Security|https://unit42.paloaltonetworks.com/rootless-containers-the-next-trend-in-container-security/]]|Containers|
===
** SDP+++*[»]
|2020.05.29|Help Net Security|[[Why is SDP the most effective architecture for zero trust strategy adoption?|https://www.helpnetsecurity.com/2020/05/29/sdp-zero-trust/]]|SDP Zero_Tust|
===
** Outils forensique+++*[»]
|2020.05.29|//Cado Security//|![[Introducing Cado Live - A Free Forensic Imaging Tool for the Cloud|https://medium.com/@cloudyforensics/introducing-cado-live-a-free-forensic-imaging-tool-for-the-cloud-5716c81d4093]] ([[vidéo|https://www.youtube.com/watch?v=9QPU6us8X_g]])|Forensics Tools|
|2020.05.29|//Cado Security//| → [[Cado Live|https://www.cadosecurity.com/community/cado-live/]]|Forensics Tools|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K5V/|https://CloudSecurityAlliance.fr/go/K5V/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - May 25th to 31st, 2020[>img[iCSF/inEnglish.png]]
!!1 - CSA News and Updates - May 25th to 31st, 2020
* Podcast: 'CSA STAR + SOC2 - From Readiness to Attestation'+++*[»]> <<tiddler [[2020.05.26 - Podcast : 'CSA STAR + SOC2 - From Readiness to Attestation']]>>===
* Blog: 'Cloud Cybersecurity and the Modern Applications' (3 parts)+++*[»]> <<tiddler [[2020.05.27 - Blog : Applications d'aujourd'hui et cybersécurité dans le Cloud]]>>===
* Publication: 'Software Defined Perimeter (SDP) and Zero Trust'+++*[»]> <<tiddler [[2020.05.27 - Publication : 'Software Defined Perimeter (SDP) and Zero Trust']]>>===
* Call for comments: CSA document 'Mobile Application Security Testing - Sum-Up & Landscape Overview'+++*[»]> <<tiddler [[2020.05.08 - Appel à commentaires : 'Mobile Application Security Testing - Sum-Up & Landscape Overview']]>>=== (June 8th)
!!2 - Cloud and Security News Watch
[[Over 60 links|2020.05.31 - Veille Hebdomadaire - 31 mai]]
* __''Must read''__ reports:
** ''AWS Shield Threat Landscape''+++*[»]
|2020.05.29|//AWS//|![[AWS Shield Threat Landscape report is now available|https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/]] ([[rapport|https://aws-shield-tlr.s3.amazonaws.com/2020-Q1_AWS_Shield_TLR.pdf]])|Report AWS|
===
** ''McAfee Cloud Adoption & Risk Report''+++*[»]
|2020.05.27|//McAfee//|![[Cloud Adoption & Risk Report|https://www.mcafee.com/enterprise/en-us/forms/gated-form.html]]|Report McAfee|
|2020.05.28|The Daily Swig|[[Cloud-based cyber-attacks flaring up during coronavirus pandemic|https://portswigger.net/daily-swig/cloud-based-cyber-attacks-flaring-up-during-coronavirus-pandemic]]|Attacks|
|2020.05.28|Help Net Security| → [[External attacks on cloud accounts grew 630 percent from January to April|https://www.helpnetsecurity.com/2020/05/28/external-attacks-on-cloud-accounts/]]|Report McAfee|
===
** Australian report on National Security Agencies and the cloud+++*[»]
|2020.05.27|ASPI|![[National security agencies and the cloud: An urgent capability issue for Australia|https://www.aspi.org.au/report/national-security-agencies-and-cloud-urgent-capability-issue-australia]] ([[rapport|https://s3-ap-southeast-2.amazonaws.com/ad-aspi/2020-05/SR%20156%20National%20security%20agencies%20and%20the%20cloud.pdf]])|Report Australia|
===
* __Attacks__ and outages
** AWS phishing+++*[»]
|2020.05.27|//Abnormal Security//|[[Abnormal Attack Stories: AWS Phishing|https://abnormalsecurity.com/blog/abnormal-attack-stories-aws-phishing/]]|AWS Phishing|
|2020.05.28|ZDNet| → [[Phishing attack impersonates Amazon Web Services to steal user credentials|https://www.techrepublic.com/article/phishing-attack-impersonates-amazon-web-services-to-steal-user-credentials/]]|AWS Phishing|
|2020.05.30|HackRead| → [[New AWS phishing scam steals credentials via fake AWS notification|https://www.hackread.com/aws-phishing-scam-steals-aws-credentials-fake-notification/]]|Phishing AWS|
===, and NTT Japanese customers' data compromise+++*[»]
|2020.05.29|The Register|[[NTT warns its Singapore cloud was hacked, Japanese customer data compromised|https://www.theregister.com/2020/05/29/ntt_hacked_customer_breach/]]|Compromise|
===
** Adobe Cloud outage+++*[»]>
|2020.05.27|The Register|[[Photostopped: Adobe Cloud evaporates in mass outage. Hope none of you are on a deadline, eh?|https://www.theregister.com/2020/05/27/adobe_cloud_outage/]]|Outage Adobe|
===
* Analysis
** Active Directory attack via AzureAD+++*[»]
|2020.05.27|Active Directory Security|![[From Azure AD to Active Directory (via Azure) - An Unanticipated Attack Path|https://adsecurity.org/?p=4277]]|AzureAD Attacks|
|2020.05.28|//Trimarc Security//| → [[Webcast: Securing Office 365 and Azure AD Defend Your Tenant|https://www.hub.trimarcsecurity.com/post/webcast-securing-office-365-and-azure-ad-defend-your-tenant]]|O365 AzureAD Tenant|
===
** Office 365 Email attachments+++*[»]
|2020.05.31|Bleeping Computer|[[Office 365 to give detailed info on malicious email attachments|https://www.bleepingcomputer.com/news/security/office-365-to-give-detailed-info-on-malicious-email-attachments/]]|O365 Attacks|
===
* Survey
** Fortinet on addressing the skills gap in Cloud and Security expertise+++*[»]
|2020.05.27|//Fortinet//|[[Fortinet Survey Uncovers Critical Insights for Addressing the Growing Skills Gap|https://www.fortinet.com/blog/industry-trends/fortinet-uncovers-critical-insights-to-address-cyber-skills-gap.html]] ([[rapport|https://www.fortinet.com/content/dam/maindam/PUBLIC/02_MARKETING/08_Report/report-fortinet-survey-skills-shortage.pdf]])|Skills|
|2020.05.27|Dark Reading| → [[Cloud Security Architect Proves Hardest Infosec Role to Fill|https://www.darkreading.com/cloud/cloud-security-architect-proves-hardest-infosec-role-to-fill/d/d-id/1337925]]|Skills|
===
* __Acquisitions__
** ThousandEyes by Cisco+++*[»]
|2020.05.28|//ThousandEyes//|[[ThousandEyes + Cisco = A Thousand Times ThousandEyes|https://blog.thousandeyes.com/cisco-announces-intent-to-acquire-thousandeyes/]]|Acquisitions|
|2020.05.28|SecurityWeek| → [[Cisco to Buy Network Intelligence Firm ThousandEyes|https://www.securityweek.com/cisco-buy-network-intelligence-firm-thousandeyes]]|Acquisitions|
|2020.05.28|Silicon Angle| → [[Cisco to acquire network intelligence startup ThousandEyes for reported $1B|https://siliconangle.com/2020/05/28/cisco-to-acquire-network-intelligence-startup-thousandeyes-reported-1b/]]|Acquisitions|
===
** Edgewise by Zscaler+++*[»]
|2020.05.28|Silicon Angle|[[Zscaler buys security startup Edgewise as it beats earnings estimates|https://siliconangle.com/2020/05/28/zscaler-buys-security-startup-edgewise-beats-earnings-estimates/]]|Acquisition|
===
* __Miscellaneous__
** Annoncement of a new GCP region in France in 2022+++*[»]
|2020.05.28|Silicon.fr[>img[iCSF/flag_fr.png]]|![[Google Cloud annonce une "région" France pour 2022|https://www.silicon.fr/google-cloud-annonce-une-region-france-pour-2022-340430.html]]|GCP France|
|2020.05.28|Le Mag IT[img[iCSF/flag_fr.png]]| → [[Google se donne un an et demi pour mettre son cloud en France|https://www.lemagit.fr/actualites/252483826/Google-se-donne-encore-un-an-et-demi-pour-mettre-son-cloud-en-France]]|GCP France|
|2020.05.28|DataCenter Magazine[img[iCSF/flag_fr.png]]| → [[Google Cloud ouvrira une nouvelle région en France|https://datacenter-magazine.fr/google-cloud-ouvrira-une-nouvelle-region-en-france/]]|GCP France|
|2020.05.28|Journal du Net[>img[iCSF/flag_fr.png]]|[[Cloud : les pièges du stockage hybride|https://www.journaldunet.com/web-tech/cloud/1491703-les-pieges-du-stockage-hybride/]]|Storage|
===
** Containers+++*[»]
|2020.05.29|Container Journal|[[Gartner's 6 Best Practices for Containers, Kubernetes|https://containerjournal.com/topics/container-ecosystems/gartners-6-best-practices-for-containers-kubernetes/]]|Containers Kubernetes Best_Practices|
|2020.05.27|//CyberArk Conjur//|[[Top 4 Open Source Tools for Observability of Containers and Microservices|https://www.conjur.org/blog/top-4-open-source-tools-for-observability-of-containers-and-microservices/]]|Containers Micro_Services|
|2020.05.26|//Palo Alto Networks//|[[Rootless Containers: The Next Trend in Container Security|https://unit42.paloaltonetworks.com/rootless-containers-the-next-trend-in-container-security/]]|Containers|
===
** SDP+++*[»]
|2020.05.29|Help Net Security|[[Why is SDP the most effective architecture for zero trust strategy adoption?|https://www.helpnetsecurity.com/2020/05/29/sdp-zero-trust/]]|SDP Zero_Tust|
===
** Forensic imaging tool for the Cloud+++*[»]
|2020.05.29|//Cado Security//|![[Introducing Cado Live - A Free Forensic Imaging Tool for the Cloud|https://medium.com/@cloudyforensics/introducing-cado-live-a-free-forensic-imaging-tool-for-the-cloud-5716c81d4093]] ([[vidéo|https://www.youtube.com/watch?v=9QPU6us8X_g]])|Forensics Tools|
|2020.05.29|//Cado Security//| → [[Cado Live|https://www.cadosecurity.com/community/cado-live/]]|Forensics Tools|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K5V/|https://CloudSecurityAlliance.fr/go/K5V/]] |
<<tiddler [[arOund0C]]>>
|!Mai|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.05.31|
|2020.05.31|Marco Lancini|[[The Cloud Security Reading List #39|https://cloudseclist.com/issues/issue-39/]]|Weekly_Newsletter|
|2020.05.31|Bleeping Computer|[[Office 365 to give detailed info on malicious email attachments|https://www.bleepingcomputer.com/news/security/office-365-to-give-detailed-info-on-malicious-email-attachments/]]|O365 Attacks|
|2020.05.31|KitPloit|[[Vault - A Tool For Secrets Management, Encryption As A Service, And Privileged Access Management|https://www.kitploit.com/2020/05/vault-tool-for-secrets-management.html]]|Tools Secrets_Management|
|>|>|>|!2020.05.30|
|2020.05.28|Le Big Data[>img[iCSF/flag_fr.png]]|[[Cloud Computing : les inconvénients et secrets inavouables du nuage|https://www.lebigdata.fr/secrets-cloud-inconvenients]]|Misc|
|>|>|>|!2020.05.29|
|2020.05.29|The Daily Swig|[[Google launches CTF-style bug bounty challenge for Kubernetes|https://portswigger.net/daily-swig/google-launches-ctf-style-bug-bounty-challenge-for-kubernetes]]|GCP Bug_Bounty|
|2020.05.29|Open Source DFIR|[[Introducing Libcloudforensics|https://osdfir.blogspot.com/2020/05/introducing-libcloudforensics.html]]|Forensics|
|2020.05.29|Help Net Security|[[Why is SDP the most effective architecture for zero trust strategy adoption?|https://www.helpnetsecurity.com/2020/05/29/sdp-zero-trust/]]|SDP Zero_Tust|
|2020.05.29|The Register|[[NTT warns its Singapore cloud was hacked, Japanese customer data compromised|https://www.theregister.com/2020/05/29/ntt_hacked_customer_breach/]]|Compromise|
|2020.05.29|The Register|[[The top three myths of cloud data protection - busted|https://www.theregister.com/2020/05/29/cloud_data_protection_myths/]]|Protection Myths Webcast|
|2020.05.29|Computer Weekly|[[How Sega Europe slashed incident response times using cloud SIEM|https://www.computerweekly.com/news/252483852/How-Sega-Europe-slashed-incident-response-times-using-cloud-SIEM]]|SIEM|
|2020.05.29|Kubernetes|[[K8s KPIs with Kuberhealthy|ttps://kubernetes.io/blog/2020/05/29/k8s-kpis-with-kuberhealthy/]]|K8s KPIs|
|2020.05.29|VMblog|[[A New Algorithm May Help Secure Cloud Computing and IoT|https://vmblog.com/archive/2020/05/29/a-new-algorithm-may-help-secure-cloud-computing-and-iot.aspx]]|AES IOT|
|2020.05.29|Computer Weekly|[[Cloud storage 101: File, block and object storage in the cloud|https://www.computerweekly.com/feature/Cloud-storage-101-File-block-and-object-storage-in-the-cloud]]|Storage|
|2020.05.29|Cloud Native Computing Foundation|[[Kubernetes Governance, What You Should Know|https://www.cncf.io/blog/2020/05/29/kubernetes-governance-what-you-should-know/]]|K8s Governance|
|2020.05.29|Container Journal|[[Gartner's 6 Best Practices for Containers, Kubernetes|https://containerjournal.com/topics/container-ecosystems/gartners-6-best-practices-for-containers-kubernetes/]]|Containers Kubernetes Best_Practices|
|2020.05.29|TechRepublic|[[Security at the network edge: Inside software-defined networking and Kubernetes|https://www.techrepublic.com/article/security-at-the-network-edge-inside-software-defined-networking-and-kubernetes/]]|SDN|
|2020.05.29|//AWS//|![[AWS Shield Threat Landscape report is now available|https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/]] ([[rapport|https://aws-shield-tlr.s3.amazonaws.com/2020-Q1_AWS_Shield_TLR.pdf]])|Report AWS|
|2020.06.12|CBR Online|[[AWS Hit With a Record 2.3 Tbps DDoS Attack|https://www.cbronline.com/news/record-ddos-attack-aws]]|Report AWS|
|2020.05.29|//Microsoft Azure//|[[Manage authentication sessions in Azure AD Conditional Access is now generally available!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/manage-authentication-sessions-in-azure-ad-conditional-access-is/ba-p/1421687]]|AzureAD|
|2020.05.29|//Cado Security//|![[Introducing Cado Live - A Free Forensic Imaging Tool for the Cloud|https://medium.com/@cloudyforensics/introducing-cado-live-a-free-forensic-imaging-tool-for-the-cloud-5716c81d4093]] ([[vidéo|https://www.youtube.com/watch?v=9QPU6us8X_g]])|Forensics Tools|
|2020.05.29|//Cado Security//| → [[Cado Live|https://www.cadosecurity.com/community/cado-live/]]|Forensics Tools|
|2020.05.29|//Binary Edge//|[[Continuous Attack Surface Monitoring|https://blog.binaryedge.io/2020/05/29/asm-attack-surface-monitoring/]]|Attack_Surface|
|2020.05.29|//Palo Alto Networks//|[[Achieving End-to-End Zero Trust|https://blog.paloaltonetworks.com/2020/05/network-end-to-end-zero-trust/]]|Zero_Trust|
|2020.05.29|//DataDog//|[[Best practices for monitoring GCP audit logs|https://www.datadoghq.com/blog/monitoring-gcp-audit-logs/]]|GCP Best_practices Logging|
|>|>|>|!2020.05.28|
|2020.05.28|Silicon.fr[>img[iCSF/flag_fr.png]]|![[Google Cloud annonce une "région" France pour 2022|https://www.silicon.fr/google-cloud-annonce-une-region-france-pour-2022-340430.html]]|GCP France|
|2020.05.28|Le Mag IT[img[iCSF/flag_fr.png]]| → [[Google se donne un an et demi pour mettre son cloud en France|https://www.lemagit.fr/actualites/252483826/Google-se-donne-encore-un-an-et-demi-pour-mettre-son-cloud-en-France]]|GCP France|
|2020.05.28|DataCenter Magazine[img[iCSF/flag_fr.png]]| → [[Google Cloud ouvrira une nouvelle région en France|https://datacenter-magazine.fr/google-cloud-ouvrira-une-nouvelle-region-en-france/]]|GCP France|
|2020.05.28|Journal du Net[>img[iCSF/flag_fr.png]]|[[Cloud : les pièges du stockage hybride|https://www.journaldunet.com/web-tech/cloud/1491703-les-pieges-du-stockage-hybride/]]|Storage|
|2020.05.28|TL;DR Security|[[#36 - AWS Security Maturity Roadmap, Fuzzing, Dynamic Infra for Security Testing|https://tldrsec.com/blog/tldr-sec-036/]] |Weekly_Newsletter|
|2020.05.28|Kubernetes|![[My exciting journey into Kubernetes' history|https://kubernetes.io/blog/2020/05/my-exciting-journey-into-kubernetes-history/]]|K8s Workflow|
|2020.05.28|Bleeping Computer|[[New Octopus Scanner malware spreads via GitHub supply chain attack|https://www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/]]|Supply_Chain|
|2020.05.28|GBHackers on Security|[[How to Choose a Cloud Services Provider With Best Security considerations|https://gbhackers.com/how-to-choose-a-cloud-services-provider-with-best-security-considerations/]]|Misc|
|2020.05.28|SANS Institute|[[Introduction to Docker for security work - SANS@MIC Talk|https://www.youtube.com/watch?v=JwQvu-h1QOM]] (vidéo)|Docker|
|2020.05.28|Amit Saha|[[Using Gatekeeper in Kubernetes|https://echorand.me/posts/gatekeeper-kubernetes/]]|K8s Policy|
|2020.05.28|ZDNet|[[First new Docker release under Mirantis appears|https://www.zdnet.com/article/first-new-docker-release-under-mirantis-appears/]]|Docker|
|2020.05.28|Silicon Angle|[[Zscaler buys security startup Edgewise as it beats earnings estimates|https://siliconangle.com/2020/05/28/zscaler-buys-security-startup-edgewise-beats-earnings-estimates/]]|Acquisition|
|2020.05.28|n0secure.org|[[K3S/Mail|https://www.n0secure.org/2020/05/k3s-mail-a-long-way-to-devsecops-episode-3.html]]|DevSecOps|
|2020.05.28|//Orange Business Service//[>img[iCSF/flag_fr.png]]|[[SASE: the future of network and network security architectures|https://www.orange-business.com/en/blogs/sase-future-network-and-network-security-architectures]]|SASE|
|2020.05.28|//ThousandEyes//|[[ThousandEyes + Cisco = A Thousand Times ThousandEyes|https://blog.thousandeyes.com/cisco-announces-intent-to-acquire-thousandeyes/]]|Acquisitions|
|2020.05.28|SecurityWeek| → [[Cisco to Buy Network Intelligence Firm ThousandEyes|https://www.securityweek.com/cisco-buy-network-intelligence-firm-thousandeyes]]|Acquisitions|
|2020.05.28|Silicon Angle| → [[Cisco to acquire network intelligence startup ThousandEyes for reported $1B|https://siliconangle.com/2020/05/28/cisco-to-acquire-network-intelligence-startup-thousandeyes-reported-1b/]]|Acquisitions|
|2020.05.28|//Microsoft//|[[Managing cybersecurity like a business risk: Part 1 - Modeling opportunities and threats|https://www.microsoft.com/security/blog/2020/05/28/managing-cybersecurity-business-risks-part-1-modeling-opportunities-threats/]]|Risks Threats Modeling|
|2020.05.28|//Caylent//|[[A Kubernetes Service Mesh Tool Comparison for 2020|https://caylent.com/a-kubernetes-service-mesh-tool-comparison-for-2020]]|Mesh Tools|
|2020.05.28|//Untangle//|[[Cloud-Based Firewalls Are Key to Protecting Employees While Working Remotely|https://www.untangle.com/inside-untangle/cloud-based-firewalls-are-key-to-protecting-employees-while-working-remotely/]]|Firewalls|
|2020.05.28|//Google Cloud//|[[Tools for debugging apps on Google Kubernetes Engine|https://cloud.google.com/blog/products/containers-kubernetes/tools-for-debugging-apps-on-google-kubernetes-engine]]|K8s|
|2020.05.28|//Google Cloud//|[[Expanding our work with the open source security community|https://security.googleblog.com/2020/05/expanding-our-work-with-open-source.html]]|GCP Bug_Bounty|
|2020.05.28|//Orange//|[[SASE: the future of network and network security architectures|https://www.orange-business.com/en/blogs/sase-future-network-and-network-security-architectures]]|SASE|
|2020.05.28|//Amazon AWS//|[[Using AWS SSO with Okta, Active Directory, and AWS SSO Identities|https://pages.awscloud.com/Using-AWS-SSO-with-Okta-Active-Directory-and-AWS-SSO-Identities_2020_0524-SID_OD.html]]|AWS SSO IAM|
|>|>|>|!2020.05.27|
|2020.05.27|ASPI|![[National security agencies and the cloud: An urgent capability issue for Australia|https://www.aspi.org.au/report/national-security-agencies-and-cloud-urgent-capability-issue-australia]] ([[rapport|https://s3-ap-southeast-2.amazonaws.com/ad-aspi/2020-05/SR%20156%20National%20security%20agencies%20and%20the%20cloud.pdf]])|Report Australia|
|2020.05.27|Active Directory Security|![[From Azure AD to Active Directory (via Azure) - An Unanticipated Attack Path|https://adsecurity.org/?p=4277]]|AzureAD Attacks|
|2020.05.28|//Trimarc Security//| → [[Webcast: Securing Office 365 and Azure AD Defend Your Tenant|https://www.hub.trimarcsecurity.com/post/webcast-securing-office-365-and-azure-ad-defend-your-tenant]]|O365 AzureAD Tenant|
|2020.05.27|Bleeping Computer|[[Ransomware's big jump: ransoms grew 14 times in one year|https://www.bleepingcomputer.com/news/security/ransomwares-big-jump-ransoms-grew-14-times-in-one-year/]]|Ransomware|
|2020.05.27|The Register|[[Photostopped: Adobe Cloud evaporates in mass outage. Hope none of you are on a deadline, eh?|https://www.theregister.com/2020/05/27/adobe_cloud_outage/]]|Outage Adobe|
|2020.05.27|//Abnormal Security//|[[Abnormal Attack Stories: AWS Phishing|https://abnormalsecurity.com/blog/abnormal-attack-stories-aws-phishing/]]|AWS Phishing|
|2020.05.28|ZDNet| → [[Phishing attack impersonates Amazon Web Services to steal user credentials|https://www.techrepublic.com/article/phishing-attack-impersonates-amazon-web-services-to-steal-user-credentials/]]|AWS Phishing|
|2020.05.30|HackRead| → [[New AWS phishing scam steals credentials via fake AWS notification|https://www.hackread.com/aws-phishing-scam-steals-aws-credentials-fake-notification/]]|Phishing AWS|
|2020.05.27|//McAfee//|![[Cloud Adoption & Risk Report|https://www.mcafee.com/enterprise/en-us/forms/gated-form.html]]|Report McAfee|
|2020.05.28|The Daily Swig|[[Cloud-based cyber-attacks flaring up during coronavirus pandemic|https://portswigger.net/daily-swig/cloud-based-cyber-attacks-flaring-up-during-coronavirus-pandemic]]|Attacks|
|2020.05.28|Help Net Security| → [[External attacks on cloud accounts grew 630 percent from January to April|https://www.helpnetsecurity.com/2020/05/28/external-attacks-on-cloud-accounts/]]|Report McAfee|
|2020.05.27|n0secure.org|[[K3S - A (long) way to DevSecOps - Épisode 2|https://www.n0secure.org/2020/05/k3s-a-long-way-to-devsecops-partie-2.html]]|DevSecOps|
|2020.05.27|//Threatpost//|[[DoubleGun Group Builds Massive Botnet Using Cloud Services|https://threatpost.com/doublegun-massive-botnet-cloud-services/156075/]]|Botnet|
|2020.05.27|//CyberArk Conjur//|[[Top 4 Open Source Tools for Observability of Containers and Microservices|https://www.conjur.org/blog/top-4-open-source-tools-for-observability-of-containers-and-microservices/]]|Containers Micro_Services|
|2020.05.27|//Forcepoint//|[[Azure Active Directory integrations bring risk-adaptive authentication and access|https://www.forcepoint.com/blog/x-labs/azure-active-directory-authentication-access]]|AzureAD CASB|
|2020.05.27|//Fortinet//|[[Fortinet Survey Uncovers Critical Insights for Addressing the Growing Skills Gap|https://www.fortinet.com/blog/industry-trends/fortinet-uncovers-critical-insights-to-address-cyber-skills-gap.html]] ([[rapport|https://www.fortinet.com/content/dam/maindam/PUBLIC/02_MARKETING/08_Report/report-fortinet-survey-skills-shortage.pdf]])|Skills|
|2020.05.27|Dark Reading| → [[Cloud Security Architect Proves Hardest Infosec Role to Fill|https://www.darkreading.com/cloud/cloud-security-architect-proves-hardest-infosec-role-to-fill/d/d-id/1337925]]|Skills|
|2020.05.27|//Tufin//|[[New Release of SecureCloud adds compliance reports for CIS Benchmarks|https://www.tufin.com/blog/securecloud-new-release-cis-benchmark]]|CIS_Benchmark|
|2020.05.27|//DivvyCloud//|![[Augmenting Native Cloud Service Provider Security|https://divvycloud.com/augmenting-native-cloud-security/]]|Cloud_Native|
|2020.05.27|//Palo Alto Networks//|[[Need to Secure Cloud Native Applications? Take a Look at Airport Security|https://blog.paloaltonetworks.com/2020/05/network-cloud-native-applications/]]|Misc|
|2020.05.27|//Tanium//|[[Tanium Further Strengthens Zero Trust Capabilities with Cloudflare Partnership|https://www.tanium.com/blog/tanium-further-strengthens-zero-trust-capabilities-with-cloudflare-partnership/]]|Products Zero_Trust|
|2020.05.27|//TrendMicro//|[[Securing the 4 Cs of Cloud-Native Systems: Cloud, Cluster, Container, and Code|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/securing-the-4-cs-of-cloud-native-systems-cloud-cluster-container-and-code]]|Cloud_Native Defense_in_Depth|
|2020.05.27|//Trimarc Security//|[[From Azure AD to Active Directory (via Azure) - An Unanticipated Attack Path|https://www.hub.trimarcsecurity.com/post/from-azure-ad-to-active-directory-via-azure-an-unanticipated-attack-path]]|AzureAD|
|2020.05.27|//Flant//|[[Using SSL certificates from Let's Encrypt in your Kubernetes Ingress via cert-manager|https://medium.com/flant-com/cert-manager-lets-encrypt-ssl-certs-for-kubernetes-7642e463bbce]]|K8s Build|
|>|>|>|!2020.05.26|
|2020.05.26|IoT World Today|[[Building a Foundation for IoT Security From the Cloud to the Edge|https://www.iotworldtoday.com/2020/05/26/addressing-iot-security-challenges-from-the-cloud-to-the-edge/]]|IoT|
|2020.05.26|n0secure.org|[[K3S/Traefik|https://www.n0secure.org/2020/05/k3s-traefik-a-long-way-to-devsecops-partie-1.html]] |DevSecOps|
|2020.05.26|//PCI Pal//|[[Critical Security Considerations for a Cloud-based Contact Centre|https://www.pcipal.com/en/knowledge-centre/news/critical-security-considerations-for-a-cloud-based-contact-center/]]|Misc|
|2020.05.26|//Perimeter81//|[[Boosting Security for Organizations on Microsoft Teams | Perimeter 81|https://www.perimeter81.com/blog/cloud/tightening-security-on-microsoft-teams/]]|Teams|
|2020.05.26|//The SSL Store//|[[Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid|https://www.thesslstore.com/blog/cloud-security-5-serious-emerging-cloud-computing-threats-to-avoid/]]|Threats|
|2020.05.26|//Palo Alto Networks//|[[Rootless Containers: The Next Trend in Container Security|https://unit42.paloaltonetworks.com/rootless-containers-the-next-trend-in-container-security/]]|Containers|
|2020.05.26|//Cloud Vector//|[[RSAC 2020 Survey - API Security Attitudes & Trends|https://www.cloudvector.com/rsac-2020-survey-api-security-attitudes-trends/]]|Survey APIs|
|2020.05.26|//InfraCloud//|[[Kubernetes Pod Security Policies with Open Policy Agent|https://www.infracloud.io/kubernetes-pod-security-policies-opa/]]|K8s Policy|
|2020.05.26|//Spanning//|[[AES Encryption: A Closer Look at Advanced Encryption Standards|https://spanning.com/blog/aes-encryption/]]|Encryption|
|2020.05.26|//Compunnel Digital//|[[Business Benefits of Single Tenant vs Multi-Tenant SaaS Solutions|https://www.compunneldigital.com/blog/business-benefits-of-single-tenant-vs-multi-tenant-saas-solutions/]]|SaaS Tenant|
|2020.05.26|//CCSI//|[[Security in Kubernetes Environment|https://www.ccsinet.com/blog/security-kubernetes/]]|K8s|
|2020.05.26|//AppFleet//|[[Reverse Engineer Docker Images into Dockerfiles|https://appfleet.com/blog/reverse-engineer-docker-images-into-dockerfiles-with-dedockify/]]Docker Images|
!"//Cloud Security Alliance's Latest Research Examines Symbiotic Relationship Between Software Defined Perimeter (SDP) and Zero Trust//"
[>img(150px,auto)[iCSA/K5RPS.png]]
Software-Defined Perimeter (SDP) and Zero Trust
<<<
//A Zero Trust implementation using Software-Defined Perimeter enables organizations to defend new variations of old attack methods that are constantly surfacing in existing network and infrastructure perimeter-centric networking models.
Implementing SDP improves the security posture of businesses facing the challenge of continuously adapting to expanding attack surfaces that are increasingly more complex.
This paper will show how SDP can be used to implement ZTNs and why SDP is applied to network connectivity, meaning it is agnostic of the underlying IP-based infrastructure and hones in on securing all connections using said infrastructure - it is the best architecture for achieving Zero Trust.//
<<<
__Liens :__
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/k5ra/|https://CloudSecurityAlliance.fr/go/k5ra/]]''
* Document ⇒ ''[[CloudSecurityAlliance.fr/go/k5rp/|https://CloudSecurityAlliance.fr/go/k5rp/]]''
!"//Cloud Cybersecurity and the Modern Applications (part 1)//"
À lire, ce long article publié en 3 parties les 26, 27 et 28 mai 2020 — Rédigé par Francesco Cipollone, Director of Events, Chapitre UK de la CSA
Seule la première partie est reproduite ci-dessous.
{{ss2col{
<<<
[>img(200px,auto)[iCSA/K5QBC.jpg]]//Modern enterprises tend to utilize a mix or hybrid of cloud services like IaaS, PaaS and SaaS (Infrastructure/Platform/Software as a Service) to develop cloud applications.
In a hybrid situation designing of the access control should be carefully planned.
Access control can be implemented at various levels:
* At the application level — embedding access control and roles in the logic of the application
* Infrastructure — implementing access control rules at network level
* Endpoint — implementing access control rules in a firewall endpoint or process access control.
We will explore and focus mainly on infrastructure and network as the application logic could take a whole different set of articles.
!!Network Virtual Appliances (NVA) aka Firewall Appliances
Modern firewall appliances integrate some security controls and are commonly referred to as Next Generation Firewalls (briefly NGFW).
The firewall appliances have been introduced into the cloud platforms as recent as the virtual instance. The cloud platforms are based on different architecture (like Software Defined Networks — SDN) that are quite different from traditional data centers. This difference makes the traditional firewall patterns challenging to implement in the cloud.
!!Firewall as access control and its history
Firewalls as technology have been around for a while and control was deployed in the enterprise and SMB. The control originated as a simple NAT device, and evolved, like the services. As the attacks became more and more sophisticated a range of security features were integrated like:
Access Controls (as firewall Rules):
* NAT/PAT Functionalities
* Deep Packet inspection (with IDS/IPS signature or behavioral based)
* Specialized Web Controls (as WAF rules)
* And many more…
With the added security features the traditional firewall rebranded itself as the Next Generation Firewall (aka NGFW) to make it sound more trendy.
Nowadays NGFW tends to fundamental be a security control that could be used to implement some of the building blocks of several security standards (e.g. PCI-DSS, ISO 27001, Security Essentials).
This control might not be directly related with GDPR but forms a fundamental element of the due diligence for the enterprise.
The NGFW is fundamentally the same virtual appliance as the On-Premises one.
Following all of our work I have discovered that cloud appliances can present the following challenges:
* Number of interfaces
* VLANs and Sub-interfaces
* Networking and default gateways
* High-Availability configuration
* VPN and termination of them
* Zoning concept (a division of firewall interfaces in different logical trust areas)
* The load balancer in high availability configurations
It took a bit of time for me to get the above elements right in the various implementation, in fact a lot longer than I expected.
Each appliance differs slightly in configuration, but the challenges mentioned above have remained quite a constant.
As there are more and more cloud platforms, I will focus on the more popular ones (Azure and AWS).
!!Networking, VLANs and HA
The fundamental difference in networking (layer 2 and layer 3) between on-Prem and cloud appliances is the fact that the cloud platforms implement software-based networking (SDN) and prevent the appliances interacting directly with the under-layering fabric.
This has a consequence, specifically on the high availability configuration, to prevent the more traditional IP address sharing methods (HRRP, GLBP etc…).
!!Going full cloud-native
Native Access control offers seamless integration between the fabric of the cloud infrastructure (networks, endpoints) and access control.
This seamless integration implies that it is possible to deploy access control lists fundamentally at any level:
* access control list at endpoints
* access control list in the network
These powers and freedom imply that deploying too many access control lists in too many locations/network/endpoints might turn out into a management nightmare.
At this point, I haven't come across any centralized solution that enables central management of rules even if AWS is doing some great work on maintaining the rule set for web access firewalls (AWS WAF/Firewall rules manager).
Depending on the maturity of the organization, the deployment model (infrastructure as code) and teams (DEV-(SEC)-OPS) this deployment might be more appropriate.
In a scenario where rules are deployed per stack they would be written into the deployment code (cloud formation, terraformation, azure power shell scripts). The code in the deployment stack implies that the security team would have a harder job controlling and auditing rules unless there is a reliable and ingrained process (read as dev sec ops).
!!Traditional Appliances
As discussed in the firewall history the traditional firewall appliances have been around for a while now and they have advantages and disadvantages in a cloud world.
The primary advantage is the widespread level of talent and knowledge available on the market (any network and security engineer had to interact with NAT firewalls etc).
The disadvantages though, are that the network appliances are not integrated into the cloud fabric and are more complicated to deploy.
The other advantage is that most of the rules from different appliances can be managed from a central location that can maintain synchronous configuration amongst various models, facilitate, redeploy, and most important of all avoid direct human interaction with production appliances.
One of the other advantages, or disadvantages depending on your feelings on the subject, is that the vendor tends to implement some software add-ons (sometimes referred to as blades) into their appliances. But while they offer some convenience for small and medium businesses (SMB) they tend to be less effective or configurable than standalone controls. Enterprise tends to prefer standalone controls from different vendors (to avoid vendor lock-in or complete outages if something goes wrong with an upgrade).//
[...]
<<<
}}}
__Liens :__
* Article du 26 mai sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k5qb/|https://CloudSecurityAlliance.fr/go/k5qb/]]''
* Article du 27 mai sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k5rb/|https://CloudSecurityAlliance.fr/go/k5rb/]]''
* Article du 27 mai sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k5sb/|https://CloudSecurityAlliance.fr/go/k5sb/]]''
!"//CSA STAR + SOC2 - From Readiness to Attestation//"
Podcast de la série "[[CSA Security Update]]" publié le 26 mai 2020 — Invité : Audrey Katcher; partner of RubinBrown's Business Advisory Services Group[>img(150px,auto)[iCSA/CSAsecUpd.jpg]]
<<<
//As organizations look to cloud services to process more sensitive and critical data, security and risk management teams require tools to quickly assess and understand the types and rigor of security controls applied by cloud service providers. CSA STAR Attestation is the first cloud-specific attestation program designed to meet this need. CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix.
# What is CSA STAR & SOC2? What is CSA STAR & SOC2?
# What are the prevalent business drivers which lead to the necessity of obtaining a CSA STAR & SOC2 attestation?
# Why should my business plan for a CSA STAR & SOC2 rather than react to the demand for the attestation?
Join us as we interview Audrey Katcher; partner of RubinBrown's Business Advisory Services Group, overseeing the group's Information Technology Risk Services. She also serves as the Open Certification Framework Working group liaison for AICPA and made a significant contribution to the STAR Attestation guidelines.
Listen as Audrey answers these questions and more regarding STAR Attestation and the assessment process.//
<<<
__Liens :__
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/k5qp/|https://CloudSecurityAlliance.fr/go/k5qp/]]''
* Podcast ⇒ ''[[CloudSecurityAlliance.fr/go/k5q3/|https://CloudSecurityAlliance.fr/go/k5q3/]]''
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #65|2020.05.24 - Newsletter Hebdomadaire #65]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #65|2020.05.24 - Weekly Newsletter - #65]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.05.24 - Newsletter Hebdomadaire #65]]>> |<<tiddler [[2020.05.24 - Weekly Newsletter - #65]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - 18 au 24 mai 2020
!!1 - Informations CSA
* ''Ouverture des inscriptions'' pour la ''formation CCSK en français de mi juin'', et nouvelles dates fin août, et fin novembre+++*[»]> <<tiddler [[2020.05.20 - Nouvelles dates et ouverture des inscriptions pour les formations CCSK en français]]>>===
* Agenda final pour la conférence virtuelle ''CloudBytes Connect'' des ''26 au 28'' mai+++*[»]> <<tiddler [[2020.05.19 - 'CloudBytes Connect Virtual Conference' : Agenda final]]>>===
* Appels à commentaires CSA sur le document 'Mobile Application Security Testing - Sum-Up & Landscape Overview'+++*[»]> <<tiddler [[2020.05.08 - Appel à commentaires : 'Mobile Application Security Testing - Sum-Up & Landscape Overview']]>>=== (8 juin)
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.05.24 - Veille Hebdomadaire - 24 mai]] avec plus de 60 liens
* __''À lire''__ :
** Rapport annuel sur l'''état de la menace sur le Cloud'' d'Oracle et de KPMG+++*[»]
|2020.05.14|//Oracle Cloud//|![[New Study: IT Pros Are More Worried About Corporate Security than Home Security|https://www.oracle.com/corporate/pressrelease/cloud-threat-report-2020-051420.html]] ([[rapport PDF|https://www.oracle.com/a/ocom/docs/cloud/oracle-cloud-threat-report-2020.pdf]])|Report Threats|
|2020.05.14|//Oracle Cloud//| → [[Enabling a Security-First Culture with the Oracle and KPMG Cloud Threat Report|https://blogs.oracle.com/cloudsecurity/intro-to-ctr-20-report]]|Report Threats|
|2020.05.21|MSSP Alert| → [[Cloud Cybersecurity Research: Oracle, KPMG Findings|https://www.msspalert.com/cybersecurity-research/oracle-kpmg-threat-report/]]|Report Threats|
===
** Rapport ''DBIR de Verizon''+++*[»]
|2020.05.19|//Verizon//|![[2020 Data Breach Investigations Report|https://enterprise.verizon.com/resources/reports/dbir/2020/introduction/]] ([[téléchargement|https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf]])|Report Verizon_DBIR|
|2020.05.19|//Duo//| → [[Attacks Based on Credential Theft On The Rise, DBIR Says|https://duo.com/decipher/attacks-based-on-credential-theft-on-the-rise-dbir-says]]|Report Verizon_DBIR|
|2020.05.19|Security Week| → [[Verizon 2020 DBIR: More Extensive, More Detailed and More Thorough Than Ever|https://www.securityweek.com/verizon-2020-data-breach-investigations-report-more-extensive-detailed-and-thorough-ever]]|Report Verizon_DBIR|
|2020.05.19|Dark Reading| → [[Web Application Attacks Double from 2019: Verizon DBIR|https://www.darkreading.com/application-security/web-application-attacks-double-from-2019-verizon-dbir/d/d-id/1337860]]|Report Verizon_DBIR|
|2020.05.20|//Tripwire//| → [[Verizon DBIR 2020: Cloud Apps, Stolen Credentials, and Errors|https://www.tripwire.com/state-of-security/security-data-protection/verizon-dbir-2020-cloud-apps-stolen-credentials-errors/]]|Report Verizon_DBIR|
|2020.05.22|Security Week| → [[Industry Reactions to Verizon 2020 DBIR: Feedback Friday|https://www.securityweek.com/industry-reactions-verizon-2020-dbir-feedback-friday]]|Report Verizon_DBIR|
|2020.05.22|ZDnet[>img[iCSF/flag_fr.png]]| → [[Les PME sont de plus en plus la cible de cyberattaques avec le passage au cloud|https://www.zdnet.fr/actualites/les-pme-sont-de-plus-en-plus-la-cible-de-cyberattaques-avec-le-passage-au-cloud-39903947.htm]]|Report Verizon_DBIR|
===
** Nouvelle version de la ''AWS Security Maturity Roadmap'' de ''Scott Piper''+++*[»]
|2020.05.21|//Summit Route//|![[AWS Security Maturity Roadmap 2020|https://summitroute.com/blog/2020/05/21/aws_security_maturity_roadmap_2020/]] ([[Document|https://summitroute.com/downloads/aws_security_maturity_roadmap-Summit_Route.pdf]])|AWS Maturity|
===
* Vulnérabilités et alertes
** Docker sur Windows+++*[»]
|2020.05.22|//Pen Test Partners//|![[Docker Desktop for Windows PrivEsc (CVE-2020-11492)|https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/]]|CVE-2020-11492 Docker|
|2020.05.22|Bleeping Computer| → [[Docker fixes Windows client bug letting programs run as SYSTEM|https://www.bleepingcomputer.com/news/security/docker-fixes-windows-client-bug-letting-programs-run-as-system/]]|CVE-2020-11492 Docker|
===
** VMware Cloud Director+++*[»]
|2020.05.19|//VMware//|![[VMSA-2020-0010: VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)|https://www.vmware.com/security/advisories/VMSA-2020-0010.html]]|CVE-2020-3956|
|2020.05.20|Security Week| → [[Remote Code Execution Vulnerability Patched in VMware Cloud Director|https://www.securityweek.com/remote-code-execution-vulnerability-patched-vmware-cloud-director]]|CVE-2020-3956|
===
** Récompense de 31.337$ au Bug Bounty GCP pour un chercheur en sécurité+++*[»]>
|2020.05.21|Ezequiel Pereira|![[RCE in Google Cloud Deployment Manager|https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html]]|GCP Bug_Bounty|
|2020.05.22|The Daily Swig| → [[Google Cloud security find earns South American researcher $31k bug bounty payout|https://portswigger.net/daily-swig/google-cloud-security-find-earns-south-american-researcher-31k-bug-bounty-payout]]|GCP Bug_Bounty|
===
* __Attaques__
** Analyse d'une attaques SaaS+++*[»]
|2020.05.20|//DarkTrace//|![[The anatomy of a SaaS attack: Two threats caught and investigated by AI|https://www.darktrace.com/en/blog/the-anatomy-of-a-saa-s-attack-two-threats-caught-and-investigated-by-ai/]]|SaaS Attacks|
=== et contre Kubernetes+++*[»]
|2020.05.19|//Threatstack//|[[Investigating Kubernetes Attack Scenarios in Threat Stack (part 2)| Threat Stack|https://www.threatstack.com/blog/investigating-kubernetes-attack-scenarios-in-threat-stack-part-2]] (2/2)|Kubernetes Attack_Scenario|
|2020.04.23|//ThreatStack//|[[Investigating Kubernetes Attack Scenarios in Threat Stack (part 1)|https://www.threatstack.com/blog/kubernetes-attack-scenarios-part-1]] (1/2)|Kubernetes Attack|
===
** Phishing(s) O365+++*[»]
|2020.05.21|Bleeping Computer|[[Office 365 phishing uses Supreme Court theme and working CAPTCHA|https://www.bleepingcomputer.com/news/security/office-365-phishing-uses-supreme-court-theme-and-working-captcha/]]|O365 Phishing|
|2020.05.18|//Sophos//|[[Shiny new Azure login attracts shiny new phishing attacks|https://nakedsecurity.sophos.com/2020/05/18/shiny-new-azure-login-attracts-shiny-new-phishing-attacks/]]|Phishing Azure|
===
** Vols de comptes AWS+++*[»]
|2020.05.19|//Tyler Fornes//|Test d'intrusion : [[technique de vol d'authentifiants AWS|https://twitter.com/tfornez/status/1262747748547194888]]|AWS Pen_Testing Credentials|
===, dans des containers+++*[»]
|2020.05.19|//Rhino Security Labs//|![[Weaponizing AWS ECS Task Definitions to Steal Credentials From Running Containers|https://rhinosecuritylabs.com/aws/weaponizing-ecs-task-definitions-steal-credentials-running-containers/]]|Containers Exploit|
===, et techniques de contournement du MFA+++*[»]
|2020.05.18|//Cofense//|[[MFA Bypass Phish Caught: OAuth2 Grants Access to User Data Without a Password|https://cofense.com/mfa-bypass-phish-caught-oauth2-grants-access-user-data-without-password/]]|O365 Phishing MFA|
|2020.05.19|//Security Intelligence//| → [[Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials|https://threatpost.com/phishing-campaign-allows-for-mfa-bypass-on-office-365/155864/]]|O365 Phishing MFA|
===
** Fuite de données O365+++*[»]
|2020.05.20|The Register|[[Microsoft gives Office 365 admins the heads-up: Some internal queries over weekend might have returned results from completely different orgs|https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/]]|O365 Leak|
|2020.05.20|//Sophos//| → [[Office 365 exposed some internal search results to other companies|https://nakedsecurity.sophos.com/2020/05/20/office-365-exposed-some-internal-search-results-to-other-companies/]]|O365 Leak|
===
* __Rapports et études__
** Accurics (DevSecOps)+++*[»]
|2020.05.19|//Accurics//|[[Accurics Releases 'State of DevSecOps Report', Highlights Shift Toward Provisioning Cloud Infrastructure Through Code|https://www.accurics.com/news/press-release/accurics-releases-state-of-devsecops-report/]] ([[rapport|http://start.accurics.com/CT-2020-05-Research-Report_LP-Reg.html]])|Report DevSecOps|
|2020.05.20|Security Review| → [[Accurics: 96 Percent of Reported Cloud Security Issues Aren't Addressed|https://solutionsreview.com/cloud-platforms/accurics-96-percent-of-reported-cloud-security-issues-arent-addressed/]]|Report|
===
* __Acquisitions__
** Born in the Cloud par OpenSystems+++*[»]
|2020.05.20|//OpenSystems//|[[Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert|https://open-systems.com/press-release/open-systems-acquires-born-in-the-cloud]]||Acquisition|
===
* __Divers__
** AzureAD+++*[»]
|2020.05.22|Hakin9 Mag|[[Stormspotter - Tool for graphing Azure and Azure Active Directory objects|https://hakin9.org/stormspotter-azure-red-team-tool-for-graphing-azure-and-azure-active-directory-objects/]]|Tools|
|2020.05.21|//Microsoft Azure//|[[Evolving Azure AD for every user and any identity with External Identities|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/evolving-azure-ad-for-every-user-and-any-identity-with-external/ba-p/1257361]] ([[détails|https://azure.microsoft.com/en-us/services/active-directory/external-identities/]])|AzureAD|
===
** ''Cyber-résilience''+++*[»]
|2020.05.21|//Security Intelligence//|[[The Connection Between Cloud Service Providers and Cyber Resilience|https://securityintelligence.com/articles/the-connection-between-cloud-service-providers-and-cyber-resilience/]]|Resilience|
===
** Gestion de la Supply Chain+++*[»]
|2020.05.20|//Compare the Cloud//|[[Cloud Supply Chain Risk - is your MSP in control?|https://www.comparethecloud.net/articles/cloud-supply-chain-risk-is-your-msp-in-control/]]|Supply_Chain Risks|
===
** Gestion des secrets+++*[»]
|2020.05.20|DZone|[[How to Manage Secrets in Kubernetes Environment|https://dzone.com/articles/how-to-manage-secrets-in-kubernetes-environment]]|K8s|
|2020.05.20|//CyberArk Conjur//|[[Secrets Management Best Practices for Machines and Services to Get Secure Access|https://www.conjur.org/blog/secrets-management-best-practices-for-machines-and-services-to-get-secure-access/]]|Secrets_Management|
===
** Quelques réflexions d'''Anton Chuvakin''+++*[»]
|2020.05.19|Anton Chuvakin|![[Fake Cloud: Now There Are Two Hands in Your Pocket|https://medium.com/anton-on-security/fake-cloud-now-there-are-two-hands-in-your-pocket-605409a4631c]]|Misc|
===
** Tests d'intrusion dans le Cloud+++*[»]
|2020.05.19|//Fugue//|[[Pen Testing in the Age of Cloud|https://www.fugue.co/blog/pen-testing-in-the-age-of-cloud]]|Pen_Testing|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K5O/|https://CloudSecurityAlliance.fr/go/K5O/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - May 18th to 24th[>img[iCSF/inEnglish.png]]
!!1 - CSA News and Updates
* Registration now open for the CCSK training in French for the mid June session, new sessions late Agust and in November+++*[»]> <<tiddler [[2020.05.20 - Nouvelles dates et ouverture des inscriptions pour les formations CCSK en français]]>>===
* Agenda for the ''CloudBytes Connect Virtual Conference'', May 26th to 28th+++*[»]> <<tiddler [[2020.05.19 - 'CloudBytes Connect Virtual Conference' : Agenda final]]>>===
* Call for comments for a CSA document: 'Mobile Application Security Testing - Sum-Up & Landscape Overview'+++*[»]> <<tiddler [[2020.05.08 - Appel à commentaires : 'Mobile Application Security Testing - Sum-Up & Landscape Overview']]>>=== before June 8th
!!2 - Cloud and Security News Watch
[[Over 60 links|2020.05.24 - Veille Hebdomadaire - 24 mai]]
* __''Must read''__:
** Oracle and KPMG ''Cloud Threat Report'' for 2020+++*[»]
|2020.05.14|//Oracle Cloud//|![[New Study: IT Pros Are More Worried About Corporate Security than Home Security|https://www.oracle.com/corporate/pressrelease/cloud-threat-report-2020-051420.html]] ([[rapport PDF|https://www.oracle.com/a/ocom/docs/cloud/oracle-cloud-threat-report-2020.pdf]])|Report Threats|
|2020.05.14|//Oracle Cloud//| → [[Enabling a Security-First Culture with the Oracle and KPMG Cloud Threat Report|https://blogs.oracle.com/cloudsecurity/intro-to-ctr-20-report]]|Report Threats|
|2020.05.21|MSSP Alert| → [[Cloud Cybersecurity Research: Oracle, KPMG Findings|https://www.msspalert.com/cybersecurity-research/oracle-kpmg-threat-report/]]|Report Threats|
===
** Verizon ''Data Breach Investigations Report'' (DBIR)+++*[»]
|2020.05.19|//Verizon//|![[2020 Data Breach Investigations Report|https://enterprise.verizon.com/resources/reports/dbir/2020/introduction/]] ([[téléchargement|https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf]])|Report Verizon_DBIR|
|2020.05.19|//Duo//| → [[Attacks Based on Credential Theft On The Rise, DBIR Says|https://duo.com/decipher/attacks-based-on-credential-theft-on-the-rise-dbir-says]]|Report Verizon_DBIR|
|2020.05.19|Security Week| → [[Verizon 2020 DBIR: More Extensive, More Detailed and More Thorough Than Ever|https://www.securityweek.com/verizon-2020-data-breach-investigations-report-more-extensive-detailed-and-thorough-ever]]|Report Verizon_DBIR|
|2020.05.19|Dark Reading| → [[Web Application Attacks Double from 2019: Verizon DBIR|https://www.darkreading.com/application-security/web-application-attacks-double-from-2019-verizon-dbir/d/d-id/1337860]]|Report Verizon_DBIR|
|2020.05.20|//Tripwire//| → [[Verizon DBIR 2020: Cloud Apps, Stolen Credentials, and Errors|https://www.tripwire.com/state-of-security/security-data-protection/verizon-dbir-2020-cloud-apps-stolen-credentials-errors/]]|Report Verizon_DBIR|
|2020.05.22|Security Week| → [[Industry Reactions to Verizon 2020 DBIR: Feedback Friday|https://www.securityweek.com/industry-reactions-verizon-2020-dbir-feedback-friday]]|Report Verizon_DBIR|
|2020.05.22|ZDnet[>img[iCSF/flag_fr.png]]| → [[Les PME sont de plus en plus la cible de cyberattaques avec le passage au cloud|https://www.zdnet.fr/actualites/les-pme-sont-de-plus-en-plus-la-cible-de-cyberattaques-avec-le-passage-au-cloud-39903947.htm]]|Report Verizon_DBIR|
===
** Update of ''Scott Piper'''s ''AWS Security Maturity Roadmap''+++*[»]
|2020.05.21|//Summit Route//|![[AWS Security Maturity Roadmap 2020|https://summitroute.com/blog/2020/05/21/aws_security_maturity_roadmap_2020/]] ([[Document|https://summitroute.com/downloads/aws_security_maturity_roadmap-Summit_Route.pdf]])|AWS Maturity|
===
* Vulnerabilities and alertss
** Docker Desktop for Windows+++*[»]
|2020.05.22|//Pen Test Partners//|![[Docker Desktop for Windows PrivEsc (CVE-2020-11492)|https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/]]|CVE-2020-11492 Docker|
|2020.05.22|Bleeping Computer| → [[Docker fixes Windows client bug letting programs run as SYSTEM|https://www.bleepingcomputer.com/news/security/docker-fixes-windows-client-bug-letting-programs-run-as-system/]]|CVE-2020-11492 Docker|
===
** VMware Cloud Director+++*[»]
|2020.05.19|//VMware//|![[VMSA-2020-0010: VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)|https://www.vmware.com/security/advisories/VMSA-2020-0010.html]]|CVE-2020-3956|
|2020.05.20|Security Week| → [[Remote Code Execution Vulnerability Patched in VMware Cloud Director|https://www.securityweek.com/remote-code-execution-vulnerability-patched-vmware-cloud-director]]|CVE-2020-3956|
===
** Bug Bounty payout of 31.337$ for a GCP vulnerability+++*[»]>
|2020.05.21|Ezequiel Pereira|![[RCE in Google Cloud Deployment Manager|https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html]]|GCP Bug_Bounty|
|2020.05.22|The Daily Swig| → [[Google Cloud security find earns South American researcher $31k bug bounty payout|https://portswigger.net/daily-swig/google-cloud-security-find-earns-south-american-researcher-31k-bug-bounty-payout]]|GCP Bug_Bounty|
===
* __Attacks__
** Anatomy of a SaaS attack+++*[»]
|2020.05.20|//DarkTrace//|![[The anatomy of a SaaS attack: Two threats caught and investigated by AI|https://www.darktrace.com/en/blog/the-anatomy-of-a-saa-s-attack-two-threats-caught-and-investigated-by-ai/]]|SaaS Attacks|
=== and Kubernetes attack scenarios+++*[»]
|2020.05.19|//Threatstack//|[[Investigating Kubernetes Attack Scenarios in Threat Stack (part 2)| Threat Stack|https://www.threatstack.com/blog/investigating-kubernetes-attack-scenarios-in-threat-stack-part-2]] (2/2)|Kubernetes Attack_Scenario|
|2020.04.23|//ThreatStack//|[[Investigating Kubernetes Attack Scenarios in Threat Stack (part 1)|https://www.threatstack.com/blog/kubernetes-attack-scenarios-part-1]] (1/2)|Kubernetes Attack|
===
** O365 phishing case(s)+++*[»]
|2020.05.21|Bleeping Computer|[[Office 365 phishing uses Supreme Court theme and working CAPTCHA|https://www.bleepingcomputer.com/news/security/office-365-phishing-uses-supreme-court-theme-and-working-captcha/]]|O365 Phishing|
|2020.05.18|//Sophos//|[[Shiny new Azure login attracts shiny new phishing attacks|https://nakedsecurity.sophos.com/2020/05/18/shiny-new-azure-login-attracts-shiny-new-phishing-attacks/]]|Phishing Azure|
===
** Credential theft for AWS+++*[»]
|2020.05.19|//Tyler Fornes//|Test d'intrusion : [[technique de vol d'authentifiants AWS|https://twitter.com/tfornez/status/1262747748547194888]]|AWS Pen_Testing Credentials|
===, in containers+++*[»]
|2020.05.19|//Rhino Security Labs//|![[Weaponizing AWS ECS Task Definitions to Steal Credentials From Running Containers|https://rhinosecuritylabs.com/aws/weaponizing-ecs-task-definitions-steal-credentials-running-containers/]]|Containers Exploit|
===, and by bypassing MFA+++*[»]
|2020.05.18|//Cofense//|[[MFA Bypass Phish Caught: OAuth2 Grants Access to User Data Without a Password|https://cofense.com/mfa-bypass-phish-caught-oauth2-grants-access-user-data-without-password/]]|O365 Phishing MFA|
|2020.05.19|//Security Intelligence//| → [[Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials|https://threatpost.com/phishing-campaign-allows-for-mfa-bypass-on-office-365/155864/]]|O365 Phishing MFA|
===
** Some search results exposed in O365+++*[»]
|2020.05.20|The Register|[[Microsoft gives Office 365 admins the heads-up: Some internal queries over weekend might have returned results from completely different orgs|https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/]]|O365 Leak|
|2020.05.20|//Sophos//| → [[Office 365 exposed some internal search results to other companies|https://nakedsecurity.sophos.com/2020/05/20/office-365-exposed-some-internal-search-results-to-other-companies/]]|O365 Leak|
===
* Reports
** Accurics (DevSecOps)+++*[»]
|2020.05.19|//Accurics//|[[Accurics Releases 'State of DevSecOps Report', Highlights Shift Toward Provisioning Cloud Infrastructure Through Code|https://www.accurics.com/news/press-release/accurics-releases-state-of-devsecops-report/]] ([[rapport|http://start.accurics.com/CT-2020-05-Research-Report_LP-Reg.html]])|Report DevSecOps|
|2020.05.20|Security Review| → [[Accurics: 96 Percent of Reported Cloud Security Issues Aren't Addressed|https://solutionsreview.com/cloud-platforms/accurics-96-percent-of-reported-cloud-security-issues-arent-addressed/]]|Report|
===
* __Acquisitions__
** Born in the Cloud by OpenSystems+++*[»]
|2020.05.20|//OpenSystems//|[[Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert|https://open-systems.com/press-release/open-systems-acquires-born-in-the-cloud]]||Acquisition|
===
* __Miscellaneous__
** AzureAD+++*[»]
|2020.05.22|Hakin9 Mag|[[Stormspotter - Tool for graphing Azure and Azure Active Directory objects|https://hakin9.org/stormspotter-azure-red-team-tool-for-graphing-azure-and-azure-active-directory-objects/]]|Tools|
|2020.05.21|//Microsoft Azure//|[[Evolving Azure AD for every user and any identity with External Identities|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/evolving-azure-ad-for-every-user-and-any-identity-with-external/ba-p/1257361]] ([[détails|https://azure.microsoft.com/en-us/services/active-directory/external-identities/]])|AzureAD|
===
** ''Cyberresilience''+++*[»]
|2020.05.21|//Security Intelligence//|[[The Connection Between Cloud Service Providers and Cyber Resilience|https://securityintelligence.com/articles/the-connection-between-cloud-service-providers-and-cyber-resilience/]]|Resilience|
===
** Cloud Supply Chain+++*[»]
|2020.05.20|//Compare the Cloud//|[[Cloud Supply Chain Risk - is your MSP in control?|https://www.comparethecloud.net/articles/cloud-supply-chain-risk-is-your-msp-in-control/]]|Supply_Chain Risks|
===
** Secrets Management+++*[»]
|2020.05.20|DZone|[[How to Manage Secrets in Kubernetes Environment|https://dzone.com/articles/how-to-manage-secrets-in-kubernetes-environment]]|K8s|
|2020.05.20|//CyberArk Conjur//|[[Secrets Management Best Practices for Machines and Services to Get Secure Access|https://www.conjur.org/blog/secrets-management-best-practices-for-machines-and-services-to-get-secure-access/]]|Secrets_Management|
===
** ''Anton Chuvakin'' viewpoint+++*[»]
|2020.05.19|Anton Chuvakin|![[Fake Cloud: Now There Are Two Hands in Your Pocket|https://medium.com/anton-on-security/fake-cloud-now-there-are-two-hands-in-your-pocket-605409a4631c]]|Misc|
===
** Pen Testing in the Cloud+++*[»]
|2020.05.19|//Fugue//|[[Pen Testing in the Age of Cloud|https://www.fugue.co/blog/pen-testing-in-the-age-of-cloud]]|Pen_Testing|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K5O/|https://CloudSecurityAlliance.fr/go/K5O/]] |
<<tiddler [[arOund0C]]>>
|!Mai|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.05.24|
|2020.05.24|Marco Lancini|[[The Cloud Security Reading List #38|https://cloudseclist.com/issues/issue-38/]]|Weekly_Newsletter|
|2020.05.24|Root Sec Dev|[[Hardening Azure Active Directory from Attacks and insider threats|https://medium.com/@rootsecdev/hardening-azure-active-directory-from-attacks-and-insider-threats-82890d6a64be]]|AzureAD|
|2020.05.24|//CipherCloud//|[[Data Discovery to Rescue Historical Data from Compliance Violations|https://www.ciphercloud.com/data-discovery-to-rescue-historical-data-from-compliance-violations/]]|Compliance|
|>|>|>|!2020.05.23|
|2020.05.23|//Microsoft//|![[Cloud security responsibilities|https://docs.microsoft.com/en-us/learn/modules/cmu-cloud-security/1-responsibilities]]|Azure Shared_Responsibilities|
|2020.05.23|//NetLab 360//|[[New activity of DoubleGuns Group, control hundreds of thousands of bots via public cloud service|https://blog.netlab.360.com/shuangqiang/]]|Botnet|
|2020.05.23|//JumpCloud//|[[Using U2F Security Keys for MFA to Cloud Applications|https://jumpcloud.com/blog/u2f-mfa-cloud-apps]]|MFA|
|>|>|>|!2020.05.22|
|2020.05.22|Bleeping Computer|[[Ransomware encrypts from virtual machines to evade antivirus|https://www.bleepingcomputer.com/news/security/ransomware-encrypts-from-virtual-machines-to-evade-antivirus/]]|Ransomware|
|2020.05.22|Hakin9 Mag|[[Stormspotter - Tool for graphing Azure and Azure Active Directory objects|https://hakin9.org/stormspotter-azure-red-team-tool-for-graphing-azure-and-azure-active-directory-objects/]]|Tools|
|2020.05.22|Dark Reading|[[Benefits of a Cloud-Based, Automated Cyber Range|https://www.darkreading.com/cloud/benefits-of-a-cloud-based-automated-cyber-range/a/d-id/1337883]]|Cyber_Range|
|2020.05.22|//Pen Test Partners//|![[Docker Desktop for Windows PrivEsc (CVE-2020-11492)|https://www.pentestpartners.com/security-blog/docker-desktop-for-windows-privesc-cve-2020-11492/]]|CVE-2020-11492 Docker|
|2020.05.22|Bleeping Computer| → [[Docker fixes Windows client bug letting programs run as SYSTEM|https://www.bleepingcomputer.com/news/security/docker-fixes-windows-client-bug-letting-programs-run-as-system/]]|CVE-2020-11492 Docker|
|2020.05.22|//CloudFlare//|[[Releasing Cloudflare Access' most requested feature|https://blog.cloudflare.com/releasing-cloudflare-access-most-requested-feature/]]|Misc|
|2020.05.22|//DarkTrace//|[[Illuminating AWS cloud environments with Darktrace Cyber AI|https://www.darktrace.com/en/blog/illuminating-aws-cloud-environments-with-darktrace-cyber-ai]]|AWS|
|2020.05.22|//PivotPoint Security//|[[Why Your SIEM Tool Needs to Monitor Cloud Environments… or Else|https://www.pivotpointsecurity.com/blog/why-your-siem-tool-needs-to-monitor-cloud-environments-or-else/]]|SIEM|
|>|>|>|!2020.05.21|
|2020.05.21|Bleeping Computer|[[Office 365 phishing uses Supreme Court theme and working CAPTCHA|https://www.bleepingcomputer.com/news/security/office-365-phishing-uses-supreme-court-theme-and-working-captcha/]]|O365 Phishing|
|2020.05.21|BetaNews|[[Securing the cloud for healthcare|https://betanews.com/2020/05/21/securing-the-cloud-for-healthcare/]]|Healthcare|
|2020.05.21|DZone|[[Creating a Highly Available K3s Cluster|https://dzone.com/articles/creating-a-highly-available-k3s-cluster]][Kubernetes|
|2020.05.21|Ezequiel Pereira|![[RCE in Google Cloud Deployment Manager|https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html]]|GCP Bug_Bounty|
|2020.05.22|The Daily Swig| → [[Google Cloud security find earns South American researcher $31k bug bounty payout|https://portswigger.net/daily-swig/google-cloud-security-find-earns-south-american-researcher-31k-bug-bounty-payout]]|GCP Bug_Bounty|
|2020.05.21|//Summit Route//|![[AWS Security Maturity Roadmap 2020|https://summitroute.com/blog/2020/05/21/aws_security_maturity_roadmap_2020/]] ([[Document|https://summitroute.com/downloads/aws_security_maturity_roadmap-Summit_Route.pdf]])|AWS Maturity|
|2020.05.21|//Microsoft Azure//|[[Evolving Azure AD for every user and any identity with External Identities|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/evolving-azure-ad-for-every-user-and-any-identity-with-external/ba-p/1257361]] ([[détails|https://azure.microsoft.com/en-us/services/active-directory/external-identities/]])|AzureAD|
|2020.05.21|//Security Intelligence//|[[The Connection Between Cloud Service Providers and Cyber Resilience|https://securityintelligence.com/articles/the-connection-between-cloud-service-providers-and-cyber-resilience/]]|Resilience|
|2020.05.21|//FireEye//|[[Clouds Are Great, Secure Clouds Are the Greatest|https://www.fireeye.com/blog/products-and-services/2020/05/clouds-are-great-secure-clouds-are-the-greatest.html]]|Misc|
|2020.05.21|//Capsule8//|[[Security Delusions Part 3: Cheat Codes|https://capsule8.com/blog/security-delusions-part-3-cheat-codes/]] (3/3)|Cheat_Codes APIs Containers|
|2020.05.21|//Fugue//|[[3 Big Amazon S3 Vulnerabilities You May Be Missing|https://www.fugue.co/blog/3-big-amazon-s3-vulnerabilities-you-may-be-missing]]|AWS_S3|
|2020.05.21|//Fugue//| → Webinaire [[Building a Highly-Secure Amazon S3 Bucket|https://resources.fugue.co/building-a-highly-secure-amazon-s3-bucket]]|Webinaire|
|2020.05.21|//Check Point//|[[The Best Security Management is now in the Cloud|https://blog.checkpoint.com/2020/05/21/the-best-security-management-is-now-in-the-cloud/]]|Products|
|2020.05.21|//Trustwave//|![[Phishing in a Bucket: Utilizing Google Firebase Storage|https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-in-a-bucket-utilizing-google-firebase-storage/]]|Phishing GCP|
|2020.05.26|//Amazon AWS//|[[How to create SAML providers with AWS CloudFormation|https://aws.amazon.com/blogs/security/how-to-create-saml-providers-with-aws-cloudformation/]]|AWS CloudFormation|
|2020.05.21|//Kublr//|[[How to Run Kubernetes in Restrictive Environments|https://kublr.com/on-demand-videos/kubernetes-in-restrictive-environments/]]|K8s|
|2020.05.21|//Microsoft//|[[Best practices for network security - Microsoft Azure|https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices#adopt-a-zero-trust-approach]]|Azure Network|
|>|>|>|!2020.05.20|
|2020.05.20|TL;DR Security|[[#35 - Careers in Security, Testing OAuth, Session Management with Burp|https://tldrsec.com/blog/tldr-sec-035/]] |Weekly_Newsletter|
|2020.05.20|DZone|[[How to Manage Secrets in Kubernetes Environment|https://dzone.com/articles/how-to-manage-secrets-in-kubernetes-environment]]|K8s|
|2020.05.20|//DarkTrace//|![[The anatomy of a SaaS attack: Two threats caught and investigated by AI|https://www.darktrace.com/en/blog/the-anatomy-of-a-saa-s-attack-two-threats-caught-and-investigated-by-ai/]]|SaaS Attacks|
|2020.05.20|//Perimeter81//|[[SASE: Evolving Government' Cloud and Network Security Strategy|https://www.perimeter81.com/blog/cloud/sase-evolving-governments-cloud-and-network-security-strategy/]]|SASE|
|2020.05.20|//OpenSystems//|[[Open Systems Augments its Cybersecurity Capabilities With Acquisition of Leading Microsoft Azure Sentinel Expert|https://open-systems.com/press-release/open-systems-acquires-born-in-the-cloud]]|Acquisition|
|2020.05.20|//CyberArk Conjur//|[[Secrets Management Best Practices for Machines and Services to Get Secure Access|https://www.conjur.org/blog/secrets-management-best-practices-for-machines-and-services-to-get-secure-access/]]|Secrets_Management|
|2020.05.20|//Box//|[[Box enables zero-trust-based access to its content from any device|https://siliconangle.com/2020/05/20/box-enables-zero-trust-based-access-content-device/]]|Zero_Trust Box|
|2020.05.20|//Compare the Cloud//|[[Cloud Supply Chain Risk - is your MSP in control?|https://www.comparethecloud.net/articles/cloud-supply-chain-risk-is-your-msp-in-control/]]|Supply_Chain Risks|
|2020.05.20|//Google Cloud//|[[Defense Innovation Unit Selects Google Cloud|https://cloud.google.com/press-releases/2020/0520/defense-innovation-unit]]|Government Anthos|
|2020.05.20|ZDnet| → [[Pentagon unit taps Google Cloud's Anthos for multi-cloud management|https://www.zdnet.com/article/pentagon-taps-google-clouds-anthos-for-multi-cloud-management/]]|Government Anthos|
|2020.05.20|//Microsoft Azure//|[[Azure Active Directory IDaaS in Security Operations|https://docs.microsoft.com/en-us/azure/architecture/example-scenario/aadsec/azure-ad-security]]|AzureAD|
|>|>|>|!2020.05.19|
|2020.05.19|ZDnet[>img[iCSF/flag_fr.png]]|[[Quelle sécurité pour les réseaux managés dans le Cloud ?|https://www.zdnet.fr/actualites/quelle-securite-pour-les-reseaux-manages-dans-le-cloud-39903423.htm]]|Networks|
|2020.05.19|Anton Chuvakin|![[Fake Cloud: Now There Are Two Hands in Your Pocket|https://medium.com/anton-on-security/fake-cloud-now-there-are-two-hands-in-your-pocket-605409a4631c]]|Misc|
|2020.05.19|Container Journal|[[Why is Enterprise Kubernetes Important?|https://containerjournal.com/topics/container-ecosystems/why-is-enterprise-kubernetes-important/]]|K8s|
|2020.05.19|Container Journal|[[Why Enterprises Should Embrace Kubernetes|https://containerjournal.com/topics/container-management/why-enterprises-should-embrace-kubernetes/]]|K8s|
|2020.05.19|Insider Pro|[[6 ways to be more secure in the cloud|https://www.idginsiderpro.com/article/3529382/6-ways-to-be-more-secure-in-the-cloud.html]]|Best_Practices|
|2020.05.19|Computer Weekly|[[Detect O365 ATP Activities In Cloud App Security and Microsoft Threat Protection |https://samilamppu.com/2020/05/19/detect-o365-atp-alerts-in-cloud-app-security-and-microsoft-threat-protection/]]|O365_ATP|
|2020.05.19|//Zscaler//[>img[iCSF/flag_fr.png]]|[[SASE : cinq étapes vers une nouvelle approche de la sécurité|https://www.informatiquenews.fr/sase-cinq-etapes-vers-une-nouvelle-approche-de-la-securite-didier-guyomarch-zscaler-70278]]|SASE|
|2020.05.19|//VMware//|![[VMSA-2020-0010: VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)|https://www.vmware.com/security/advisories/VMSA-2020-0010.html]]|CVE-2020-3956|
|2020.05.20|Security Week| → [[Remote Code Execution Vulnerability Patched in VMware Cloud Director|https://www.securityweek.com/remote-code-execution-vulnerability-patched-vmware-cloud-director]]|CVE-2020-3956|
|2020.05.19|//Verizon//|![[2020 Data Breach Investigations Report|https://enterprise.verizon.com/resources/reports/dbir/2020/introduction/]] ([[téléchargement|https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf]])|Report Verizon_DBIR|
|2020.05.19|//Duo//| → [[Attacks Based on Credential Theft On The Rise, DBIR Says|https://duo.com/decipher/attacks-based-on-credential-theft-on-the-rise-dbir-says]]|Report Verizon_DBIR|
|2020.05.19|Security Week| → [[Verizon 2020 DBIR: More Extensive, More Detailed and More Thorough Than Ever|https://www.securityweek.com/verizon-2020-data-breach-investigations-report-more-extensive-detailed-and-thorough-ever]]|Report Verizon_DBIR|
|2020.05.19|Dark Reading| → [[Web Application Attacks Double from 2019: Verizon DBIR|https://www.darkreading.com/application-security/web-application-attacks-double-from-2019-verizon-dbir/d/d-id/1337860]]|Report Verizon_DBIR|
|2020.05.20|//Tripwire//| → [[Verizon DBIR 2020: Cloud Apps, Stolen Credentials, and Errors|https://www.tripwire.com/state-of-security/security-data-protection/verizon-dbir-2020-cloud-apps-stolen-credentials-errors/]]|Report Verizon_DBIR|
|2020.05.22|Security Week| → [[Industry Reactions to Verizon 2020 DBIR: Feedback Friday|https://www.securityweek.com/industry-reactions-verizon-2020-dbir-feedback-friday]]|Report Verizon_DBIR|
|2020.05.22|ZDnet[>img[iCSF/flag_fr.png]]| → [[Les PME sont de plus en plus la cible de cyberattaques avec le passage au cloud|https://www.zdnet.fr/actualites/les-pme-sont-de-plus-en-plus-la-cible-de-cyberattaques-avec-le-passage-au-cloud-39903947.htm]]|Report Verizon_DBIR|
|2020.05.27|//Sentinel One//| → [[The CISO's Quick Guide to Verizon' 2020 Data Breach Investigations Report|https://www.sentinelone.com/blog/the-cisos-quick-guide-to-verizons-2020-data-breach-investigations-report/]]|Report Verizon_DBIR|
|2020.05.19|//Rhino Security Labs//|![[Weaponizing AWS ECS Task Definitions to Steal Credentials From Running Containers|https://rhinosecuritylabs.com/aws/weaponizing-ecs-task-definitions-steal-credentials-running-containers/]]|Containers Exploit|
|2020.05.19|//Fugue//|[[Pen Testing in the Age of Cloud|https://www.fugue.co/blog/pen-testing-in-the-age-of-cloud]]|Pen_Testing|
|2020.05.19|//Tyler Fornes//|Test d'intrusion : [[technique de vol d'authentifiants AWS|https://twitter.com/tfornez/status/1262747748547194888]]|AWS Pen_Testing Credentials|
|2020.05.19|//Accurics//|[[Accurics Releases 'State of DevSecOps Report', Highlights Shift Toward Provisioning Cloud Infrastructure Through Code|https://www.accurics.com/news/press-release/accurics-releases-state-of-devsecops-report/]] ([[rapport|http://start.accurics.com/CT-2020-05-Research-Report_LP-Reg.html]])|Report DevSecOps|
|2020.05.20|Security Review| → [[Accurics: 96 Percent of Reported Cloud Security Issues Aren't Addressed|https://solutionsreview.com/cloud-platforms/accurics-96-percent-of-reported-cloud-security-issues-arent-addressed/]]|Report|
|2020.05.19|//Portshift//|[[Portshift Secures Kubernetes APIs|https://containerjournal.com/topics/container-security/portshift-secures-kubernetes-apis/]]|K8s APIs|
|2020.05.19|//Menlo Security//|[[Introducing Cloud App Isolation|https://www.menlosecurity.com/blog/introducing-cloud-app-isolation]]|Apps Isolation|
|2020.05.19|//Threatstack//|[[Investigating Kubernetes Attack Scenarios in Threat Stack (part 2)| Threat Stack|https://www.threatstack.com/blog/investigating-kubernetes-attack-scenarios-in-threat-stack-part-2]] (2/2)|Kubernetes Attack_Scenario|
|2020.05.19|//Veracode//|[[New Research Reveals That 70% of Applications Have Open Source Security Flaws | Veracode|https://www.veracode.com/new-research-reveals-70-applications-have-open-source-security-flaws]]|Reports Flaws|
|2020.07.01|//Pivot Point Security//| → [[70% of Web Apps Have Open Source Security Flaws - Here's How to Fix Yours|https://www.pivotpointsecurity.com/blog/70-of-web-apps-have-open-source-security-flaws-heres-how-to-fix-yours/]]|Reports Flaws|
|>|>|>|!2020.05.18|
|2020.05.18|The Register|[[Microsoft gives Office 365 admins the heads-up: Some internal queries over weekend might have returned results from completely different orgs|https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/]]|O365 Leak|
|2020.05.20|//Sophos//| → [[Office 365 exposed some internal search results to other companies|https://nakedsecurity.sophos.com/2020/05/20/office-365-exposed-some-internal-search-results-to-other-companies/]]|O365 Leak|
|2020.05.18|//Imperva//|[[Cloud Compliance - A Top Challenge for organizations|https://www.imperva.com/blog/cloud-compliance-a-top-challenge-for-organizations/]]|Compliance|
|2020.05.18|//Cofense//|[[MFA Bypass Phish Caught: OAuth2 Grants Access to User Data Without a Password|https://cofense.com/mfa-bypass-phish-caught-oauth2-grants-access-user-data-without-password/]]|O365 Phishing MFA|
|2020.05.19|//Security Intelligence//| → [[Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials|https://threatpost.com/phishing-campaign-allows-for-mfa-bypass-on-office-365/155864/]]|O365 Phishing MFA|
|2020.05.20|infoRisk Today| → [[Phishing Attack Bypassed Office 365 Multifactor Protections|https://www.inforisktoday.com/phishing-attack-bypassed-office-365-multifactor-protections-a-14310]]|O365 Phishing MFA|
|2020.05.18|//DivvyCloud//|[[Podcast: Shifting Cloud Security Left With Infrastructure-as-Code|https://divvycloud.com/podcast-shifting-cloud-security-left-with-iac/]] ([[MP3|https://divvycloud.com/wp-content/uploads/2020/05/divvycloud_2020-05-12T12_16_18-07_00.mp3]])|Podcast Infrastructure-as-Code|
|2020.05.18|//Palo Alto Networks//|[[Why DevOps Needs to Change Security: The Move to DevSecOps|https://blog.paloaltonetworks.com/2020/05/cloud-devops-needs-to-change-security/]]|DevSecOps|
|2020.05.18|//Sophos//|[[Shiny new Azure login attracts shiny new phishing attacks|https://nakedsecurity.sophos.com/2020/05/18/shiny-new-azure-login-attracts-shiny-new-phishing-attacks/]]|Phishing Azure|
|2020.05.18|//SonaType//|[[SaltStack: 20 Breaches Within Four Days|https://blog.sonatype.com/saltstack-20-breaches-within-four-days]]|Salt Data_breaches|
|2020.05.18|//Iland//|[[The questions to ask to avoid cloud trade-offs|https://blog.iland.com/cloud/the-questions-to-ask-to-avoid-cloud-trade-offs/]]|Misc|
|2020.05.18|//InfraCloud//|[[Logging in Kubernetes: EFK vs PLG Stack|https://www.infracloud.io/blogs/logging-in-kubernetes-efk-vs-plg-stack/]]|K8s Logging|
|>|>|>|!2020.05.14|
|2020.05.14|//Oracle Cloud//|![[New Study: IT Pros Are More Worried About Corporate Security than Home Security|https://www.oracle.com/corporate/pressrelease/cloud-threat-report-2020-051420.html]] ([[rapport PDF|https://www.oracle.com/a/ocom/docs/cloud/oracle-cloud-threat-report-2020.pdf]])|Report Threats|
|2020.05.14|//Oracle Cloud//| → [[Enabling a Security-First Culture with the Oracle and KPMG Cloud Threat Report|https://blogs.oracle.com/cloudsecurity/intro-to-ctr-20-report]]|Report Threats|
|2020.05.21|MSSP Alert| → [[Cloud Cybersecurity Research: Oracle, KPMG Findings|https://www.msspalert.com/cybersecurity-research/oracle-kpmg-threat-report/]]|Report Threats|
[>img(100px,auto)[iCSA/K4QCCSK.png]]Le [[Chapitre Français]] a le plaisir d'annoncer 3 sessions de formation officielle et ''certifiante'' [[CCSK]] ''en français'' : ''CCSK Foundation'' et ''CCSK Plus''.
Outre celle déjà annoncée la semaine du 15 juin 2020, les 2 autres sessions auront lieu les semaines des 31 août et 23 novembre 2020.
Elle comprennent tous les modules théoriques, ainsi que des exercices pratiques dans le cloud AWS (CCSK Plus), ainsi que la possibilité de passer l'examen de certification CCSK.
|!Dates|!Formation|!Tarif CSA|
|Lundi 15 et mardi 16 juin 2020|CCSK Foundation| 1.350 €HT|
|Lundi 15, mardi 16 et mercredi 17 juin 2020|CCSK Plus| 1.950 €HT|
|>|>|
|Lundi 31 août et mardi 1er septembre 2020|CCSK Foundation| 1.350 €HT|
|Lundi 31 août, mardi 1er et mercredi 2 septembre 2020|CCSK Plus| 1.950 €HT|
|>|>|
|Lundi 23 et mardi 24 novembre 2020|CCSK Foundation| 1.350 €HT|
|Lundi 23, mardi 24 et mercredi 25 novembre 2020|CCSK Plus| 1.950 €HT|
|>|>|
Elles seront toutes dispensées par ''+++*[Guillaume Boutisseau] [img(98%,1px)[iCSF/BluePixel.gif]]^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]] ==='', ''CCSK Authorized Instructor''^^1^^ de la société [img(100px,auto)[iCSF/K4CSP.png][https://CloudSecurityPass.com/]]).
Les inscriptions sont ouvertes sur le site de CloudSecurityPass ⇒ ''[[CloudSecurityAlliance.fr/go/CSPass|http://CloudSecurityAlliance.fr/go/CSPass]]''
Pour toute information complémentaire, vous pouvez aussi nous contacter sur [img(200px,auto)[iCSF/Email-CSA_FR.png]]
!//Cloud Security Alliance Announces Agenda, Speaker Line-Up for CloudBytes Connect Virtual Conference//
[>img(300px,auto)[iCSA/K5QCB.png]]La CSA a finalisé la liste des présentations et des intervenants pour la conférence virtuelle ''CloudBytes Connect'' qui se tiendra les 26, 27 et 28 mai.
Cette conférence gratuite aura pour thème ''Virtual Roadmap: Guiding Your Journey to the Cloud''
Compte-tenu du décallage horaire, les sessions ''commenceront à 18h et se termineront à 22h''.
La participation donne droit à 4 crédits CPE, et un tirage au sort aura lieu chaque jour pour gagner un jeton pour passer l'examen CCSK.
A noter que toutes les présentations seront mises à disposition sur la plate-forme [[Circle]].
!Mardi 26 mai 2020 : "//Transitioning//"
//As organizations look to transition to the cloud, the road ahead can appear overwhelming. Sessions on this day will provide guidance and best practices for those just beginning their cloud journey.//
* 18h : "The Hits - and a Few Misses - in Vendor Security Assessments" par David Lenoe, Senior Director of Product Security, Adobe
* 19h : "Why Your Cloud Migration Needs a New Approach to Security and Governance" par Brendan Hannigan, CEO & co-founder, Sonrai Security
* 20h : "An Interview with Sophos: Navigating cloud security" avec Richard Beckett, Senior Product Marketing Manager, Sophos et Ganesh Krishnan, Public Cloud Security Group VP of Engineering, Sophos
* 21h : "don't let the Attackers Weaponize Fear: Malware in the time of COVID-19" par Diana Kelley, Cybersecurity Field CTO, Microsoft
!Mercredi 27 mai 2020 : "//Enhancing//"
//For organizations with established cloud environments, enhancing security is the first line of defense against critical threats and the next step on the path towards a trusted cloud.//
* 18h : Keynote Session with IBM, avec Christopher Bontempo, VP Security Marketing, Routes and Offerings, North America, IBM Security et Patrick Vowles, Team Lead for North America Marketing, IBM Security
* 19h : "Secure your Cloud Investment by Unlocking the Network as a Data Source", par Ryan Davis, Senior Cloud Product Manager, ExtraHop
* 20h : "Enhance Security and Operational Efficiency with CASB" par Itir Clarke, Senior Product Marketing Manager, Proofpoint
* 21h : "SDP - The Yellow Brick Road to Zero Trust" par Juanita Koilpillai, Founder and CEO, Waverley Labs LLC
!Jeudi 28 mai 2020 : "//Innovating//"
//Reliance on cloud technology brings concerns about system breaches, privacy, shared responsibility, and compliance with regulations. Organizations with mature cloud environments must look beyond today's threats and develop innovative security solutions to address the needs of tomorrow's cloud.//
* 18h : "Cyber Risk Exchanges: Mastering a New Approach to Vendor Risk & Performance Monitoring" par Randy Ferree, Third-Party Risk Consultant, OneTrust Vendorpedia
* 19h : "How to Future-Proof the Cloud, from the POV of a leading food delivery app's CISO, ethical hacker, and cloud security expert", par Peter Blanks, Chief Product Officer & Head of Engineering, Synack et Kevin Fielder, CISO, Just Eat
* 20h : "Innovative Enterprise Architecture Techniques to Complete your Digital Transformation" par Jon-Michael Brook, Principal: Security, Cloud & Privacy, Guide Holdings LLC
* 21h : "DLT Security Framework for the Finance Industry" par Williams Izzo, Director of Security Technology, Depository Trust & Clearing Corporation (DTCC); Jyoti Ponnapalli, DLT Lead, Depository Trust & Clearing Corporation (DTCC); et Kurt Seifried, Chief Blockchain Officer, CSA
__Détails :__
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/k5ja/|https://CloudSecurityAlliance.fr/go/k5ja/]]''
* Inscriptions ⇒ ''[[CloudSecurityAlliance.fr/go/k5ji/|https://CloudSecurityAlliance.fr/go/k5ji/]]''<<tiddler [[arOund0C]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #64|2020.05.17 - Newsletter Hebdomadaire #64]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #64|2020.05.17 - Weekly Newsletter - #64]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.05.17 - Newsletter Hebdomadaire #64]]>> |<<tiddler [[2020.05.17 - Weekly Newsletter - #64]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - 11 au 17 mai 2020
!!1 - Informations CSA
* Publication ''CSA'' : rappel de la disponibilité de la traduction en français des 3 documents CCM v3.0.1, CAIQ v3.0.1 et PLC CoC v3.1+++*[»]> <<tiddler [[2020.05.07 - Publication : Traduction française des documents CCM, CAIQ et PLA CoC]]>>===
* Appels à commentaires ''CSA'' : document ''Mobile Application Security Testing - Sum-Up & Landscape Overview''+++*[»]> <<tiddler [[2020.05.08 - Appel à commentaires : 'Mobile Application Security Testing - Sum-Up & Landscape Overview']]>>=== (8 juin)
* Sondage CSA : impact de la pandémie actuelle sur l'emploi dans le secteur de la cybersécurité, les résultats+++*[»]> <<tiddler [[2020.05.14 - Résultats du sondage CSA sur l'impact de la pandémie actuelle sur l'emploi]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.05.17 - Veille Hebdomadaire - 17 mai]] avec plus de 40 liens
* Rapports : Bitsight+++*[»]
|2020.05.15|//Bitsight//|[[Report Shows Cyber Attacks on Cloud Services Have Doubled|https://www.bitsight.com/blog/report-shows-cyber-attacks-on-cloud-services-have-doubled]]|Report|
===
* __Attaques__ : Office 365 dans le viseur+++*[»]
|2020.05.15|Bleeping Computer|[[Microsoft Office 365 ATP getting malware campaign analysis|https://www.bleepingcomputer.com/news/security/microsoft-office-365-atp-getting-malware-campaign-analysis/]]|O365_ATP|
|2020.05.14|Bleeping Computer|[[New Microsoft 365 sign-in pages already spoofed for phishing|https://www.bleepingcomputer.com/news/security/new-microsoft-365-sign-in-pages-already-spoofed-for-phishing/]]|O365 Phishing|
|2020.05.11|//Armorblox//|[[Blox Tales #4: Vendor Email Fraud + Office 365 Credential Phishing|https://www.armorblox.com/blog/blox-tales-4-vendor-email-fraud-office-365-credential-phishing/]]|O365 Phishing|
===, analyse pour SaltStack+++*[»]
|2020.05.11|//Intezer//|[[Exploitation of SaltStack Vulnerabilities Signals Increase in Cloud Server Attacks|https://intezer.com/blog/cloud-security-blog/exploitation-of-saltstack-vulnerabilities-signals-increase-in-cloud-server-attacks/]]|Salt CVE-2020-11651 CVE-2020-11652|
===, exemple de protections+++*[»]
|2020.05.12|//Radware//|[[How to Protect Applications from Cloud-Based Attacks|https://blog.radware.com/security/cloudsecurity/2020/05/how-to-protect-applications-from-cloud-based-attacks/]]|Protection|
===
* __Acquisitions__ : Idaptative par CyberArk+++*[»]
|2020.05.13|Dark Reading|[[CyberArk Acquires Idaptive for Identity-as-a-Service Tech|https://www.darkreading.com/cloud/cyberark-acquires-idaptive-for-identity-as-a-service-tech/d/d-id/1337805]]|Acquisition|
===, Jetstack par Venafi+++*[»]
|2020.05.14|//Venafi//|[[More cybersecurity consolidation: Venafi acquires Kubernetes startup Jetstack|https://siliconangle.com/2020/05/14/cybersecurity-consolidation-venafi-acquires-kubernetes-startup-jetstack/]]|Acquisition|
|2020.05.15|Security Week| → [[Venafi Acquires Kubernetes Services Provider Jetstack|https://www.securityweek.com/venafi-acquires-kubernetes-services-provider-jetstack]]|Acquisition|
===, Octarine par VMware+++*[»]
|2020.05.13|ZDnet|[[VMware to acquire Kubernetes security platform Octarine)|https://www.zdnet.com/article/vmware-to-acquire-kubernetes-security-platform-octarine/]]|Acquisition|
|2020.05.14|Security Week| → [[VMware to Acquire Kubernetes Security Firm Octarine|https://www.securityweek.com/vmware-acquire-kubernetes-security-firm-octarine]]|Acquisition|
===
* __Divers__ : Containers+++*[»]
|2020.05.15|//Palo Alto Networks//|[[Containers Are Inherently Secure: Reality or Myth?|https://blog.paloaltonetworks.com/2020/05/containers-are-inherently-secure-reality-or-myth/]]|Containers|
=== et maturité+++*[»]
|2020.05.16|//StackRox//|![[Guide to Evaluating Your Container Security Maturity|https://www.stackrox.com/post/2020/05/guide-to-evaluating-your-container-security-maturity/]]|Containers Maturity|
===, Kubernetes+++*[»]
|2020.05.15|//StackRox//|![[Kubernetes Security 101: Risks and 29 Best Practices|https://www.stackrox.com/post/2020/05/kubernetes-security-101/]]|K8s Risks Best_Practices|
===, workloads+++*[»]
|2020.05.15|//Palo Alto Networks//|![[Gartner Market Guide for Cloud Workload Protection Platforms: Key Takeaways|https://blog.paloaltonetworks.com/2020/05/cloud-2020-guide-cloud-workload-protection-2/]] ([[Guide gartner|https://start.paloaltonetworks.com/gartner-market-guide-cwpp.html]])|Gartner Workloads|
|2020.05.12|//Microsoft Azure//|[[Monitor your Azure workload compliance with Azure Security Benchmark|https://azure.microsoft.com/blog/monitor-your-azure-workload-compliance-with-azure-security-benchmark/]]|Azure Compliance|
===, malveillance liée au COVID-19+++*[»]
|2020.05.11|//Palo Alto Networks//|[[COVID-19 Themed Malware Within Cloud Environments|https://unit42.paloaltonetworks.com/covid-19-themed-malware-within-cloud-environments/]]|Malware COVID-19|
===
!!3 - Lien direct
|!⇒ [[CloudSecurityAlliance.fr/go/K5H/|https://CloudSecurityAlliance.fr/go/K5H/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - May 11th to 17th[>img[iCSF/inEnglish.png]]
!!1 - CSA News and Updates
* Publication: Reminder of the availability of the translation in 10 different languages of the ''CCM'', ''CAIQ'' and ''PLA CoC'' documents+++*[»]> <<tiddler [[2020.05.07 - Publication : Traduction française des documents CCM, CAIQ et PLA CoC]]>>===
* Call for comments for a CSA document: 'Mobile Application Security Testing - Sum-Up & Landscape Overview'+++*[»]> <<tiddler [[2020.05.08 - Appel à commentaires : 'Mobile Application Security Testing - Sum-Up & Landscape Overview']]>>=== before June 8th
* Results of the COVID-19 Workforce Impact CSA Survey+++*[»]> <<tiddler [[2020.05.14 - Résultats du sondage CSA sur l'impact de la pandémie actuelle sur l'emploi]]>>===
!!2 - Cloud and Security News Watch
[[Over 40 links|2020.05.17 - Veille Hebdomadaire - 17 mai]]
* Reports: Bitsight+++*[»]
|2020.05.15|//Bitsight//|[[Report Shows Cyber Attacks on Cloud Services Have Doubled|https://www.bitsight.com/blog/report-shows-cyber-attacks-on-cloud-services-have-doubled]]|Report|
===
* __Attacks__: Office/Microsoft 365 targeted+++*[»]
|2020.05.15|Bleeping Computer|[[Microsoft Office 365 ATP getting malware campaign analysis|https://www.bleepingcomputer.com/news/security/microsoft-office-365-atp-getting-malware-campaign-analysis/]]|O365_ATP|
|2020.05.14|Bleeping Computer|[[New Microsoft 365 sign-in pages already spoofed for phishing|https://www.bleepingcomputer.com/news/security/new-microsoft-365-sign-in-pages-already-spoofed-for-phishing/]]|O365 Phishing|
|2020.05.11|//Armorblox//|[[Blox Tales #4: Vendor Email Fraud + Office 365 Credential Phishing|https://www.armorblox.com/blog/blox-tales-4-vendor-email-fraud-office-365-credential-phishing/]]|O365 Phishing|
===; SaltStack vulnerabilities exploitation,+++*[»]
|2020.05.11|//Intezer//|[[Exploitation of SaltStack Vulnerabilities Signals Increase in Cloud Server Attacks|https://intezer.com/blog/cloud-security-blog/exploitation-of-saltstack-vulnerabilities-signals-increase-in-cloud-server-attacks/]]|Salt CVE-2020-11651 CVE-2020-11652|
===; sample protections+++*[»]
|2020.05.12|//Radware//|[[How to Protect Applications from Cloud-Based Attacks|https://blog.radware.com/security/cloudsecurity/2020/05/how-to-protect-applications-from-cloud-based-attacks/]]|Protection|
===
* __Acquisitions__: Idaptative by CyberArk+++*[»]
|2020.05.13|Dark Reading|[[CyberArk Acquires Idaptive for Identity-as-a-Service Tech|https://www.darkreading.com/cloud/cyberark-acquires-idaptive-for-identity-as-a-service-tech/d/d-id/1337805]]|Acquisition|
===; Jetstack by Venafi+++*[»]
|2020.05.14|//Venafi//|[[More cybersecurity consolidation: Venafi acquires Kubernetes startup Jetstack|https://siliconangle.com/2020/05/14/cybersecurity-consolidation-venafi-acquires-kubernetes-startup-jetstack/]]|Acquisition|
|2020.05.15|Security Week| → [[Venafi Acquires Kubernetes Services Provider Jetstack|https://www.securityweek.com/venafi-acquires-kubernetes-services-provider-jetstack]]|Acquisition|
===; Octarine by VMware+++*[»]
|2020.05.13|ZDnet|[[VMware to acquire Kubernetes security platform Octarine)|https://www.zdnet.com/article/vmware-to-acquire-kubernetes-security-platform-octarine/]]|Acquisition|
|2020.05.14|Security Week| → [[VMware to Acquire Kubernetes Security Firm Octarine|https://www.securityweek.com/vmware-acquire-kubernetes-security-firm-octarine]]|Acquisition|
===
* __Miscellaneous__: Containers+++*[»]
|2020.05.15|//Palo Alto Networks//|[[Containers Are Inherently Secure: Reality or Myth?|https://blog.paloaltonetworks.com/2020/05/containers-are-inherently-secure-reality-or-myth/]]|Containers|
=== and maturity+++*[»]
|2020.05.16|//StackRox//|![[Guide to Evaluating Your Container Security Maturity|https://www.stackrox.com/post/2020/05/guide-to-evaluating-your-container-security-maturity/]]|Containers Maturity|
===, Kubernetes Risks and Best Practices+++*[»]
|2020.05.15|//StackRox//|![[Kubernetes Security 101: Risks and 29 Best Practices|https://www.stackrox.com/post/2020/05/kubernetes-security-101/]]|K8s Risks Best_Practices|
===; Workloads+++*[»]
|2020.05.15|//Palo Alto Networks//|![[Gartner Market Guide for Cloud Workload Protection Platforms: Key Takeaways|https://blog.paloaltonetworks.com/2020/05/cloud-2020-guide-cloud-workload-protection-2/]] ([[Guide gartner|https://start.paloaltonetworks.com/gartner-market-guide-cwpp.html]])|Gartner Workloads|
|2020.05.12|//Microsoft Azure//|[[Monitor your Azure workload compliance with Azure Security Benchmark|https://azure.microsoft.com/blog/monitor-your-azure-workload-compliance-with-azure-security-benchmark/]]|Azure Compliance|
===;, COVID-19 Themed Malware+++*[»]
|2020.05.11|//Palo Alto Networks//|[[COVID-19 Themed Malware Within Cloud Environments|https://unit42.paloaltonetworks.com/covid-19-themed-malware-within-cloud-environments/]]|Malware COVID-19|
===
!!3 - Link
|!⇒ [[CloudSecurityAlliance.fr/go/K5H/|https://CloudSecurityAlliance.fr/go/K5H/]] |
<<tiddler [[arOund0C]]>>
|!Mai|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.05.17|
|2020.05.17|Marco Lancini|[[The Cloud Security Reading List #37|https://cloudseclist.com/issues/issue-37/]]|Weekly_Newsletter|
|>|>|>|!2020.05.16|
|2020.05.16|Madhu Akula|[[Dockerfile Security Checks using OPA Rego Policies with Conftest|https://blog.madhuakula.com/dockerfile-security-checks-using-opa-rego-policies-with-conftest-32ab2316172f]]|Tools Docker|
|2020.05.16|//Microsoft//|![[DevSecOps in Azure|https://docs.microsoft.com/en-us/azure/architecture/solution-ideas/articles/devsecops-in-azure]]|Azure DevSecOps|
|2020.05.16|//StackRox//|![[Guide to Evaluating Your Container Security Maturity|https://www.stackrox.com/post/2020/05/guide-to-evaluating-your-container-security-maturity/]]|Containers Maturity|
|>|>|>|!2020.05.15|
|2020.05.15|Bleeping Computer|[[Microsoft Office 365 ATP getting malware campaign analysis|https://www.bleepingcomputer.com/news/security/microsoft-office-365-atp-getting-malware-campaign-analysis/]]|O365_ATP|
|2020.05.15|Security Week|[[NortonLifeLock Releases Free Tool for Detecting Bots on Twitter|https://www.securityweek.com/nortonlifelock-releases-free-tool-detecting-bots-twitter]]|Botnets|
|2020.05.15|Help Net Security|[[Educational organizations use cloud apps to share sensitive data outside of IT control|https://www.helpnetsecurity.com/2020/05/15/educational-organizations-cloud-apps/]]|Survey|
|2020.05.15|Dark Reading|[[8 Supply Chain Security Requirements|https://www.darkreading.com/edge/theedge/8-supply-chain-security-requirements/b/d-id/1337820]]||
|2020.05.15|//StackRox//|![[Kubernetes Security 101: Risks and 29 Best Practices|https://www.stackrox.com/post/2020/05/kubernetes-security-101/]]|K8s Risks Best_Practices|
|2020.05.15|//Palo Alto Networks//|[[Containers Are Inherently Secure: Reality or Myth?|https://blog.paloaltonetworks.com/2020/05/containers-are-inherently-secure-reality-or-myth/]]|Containers|
|2020.05.15|//Palo Alto Networks//|![[Gartner Market Guide for Cloud Workload Protection Platforms: Key Takeaways|https://blog.paloaltonetworks.com/2020/05/cloud-2020-guide-cloud-workload-protection-2/]] ([[Guide gartner|https://start.paloaltonetworks.com/gartner-market-guide-cwpp.html]])|Gartner Workloads|
|2020.05.15|//Bitsight//|[[Report Shows Cyber Attacks on Cloud Services Have Doubled|https://www.bitsight.com/blog/report-shows-cyber-attacks-on-cloud-services-have-doubled]]|Report|
|2020.05.15|//Micosoft Azure//|[[Get started: Implement security across the enterprise environment|https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/get-started/security]]|Azure Framework|
|>|>|>|!2020.05.14|
|2020.05.14|Dark Reading|[[As Businesses Rush to the Cloud, Security Teams Struggle to Keep Up|https://www.darkreading.com/cloud/as-businesses-rush-to-the-cloud-security-teams-struggle-to-keep-up/d/d-id/1337832]]|SecOps|
|2020.05.14|Dark Reading|[[79% of Companies Report Identity-Related Breach in Past Two Years|https://www.darkreading.com/operations/79--of-companies-report-identity-related-breach-in-past-two-years/d/d-id/1337824]]|Identity|
|2020.05.14|DZone|[[Why Do SaaS Applications Need Third-Party Backup?|https://dzone.com/articles/why-do-saas-applications-need-third-party-backup]]|SaaS Third_Party|
|2020.05.14|Bleeping Computer|[[New Microsoft 365 sign-in pages already spoofed for phishing|https://www.bleepingcomputer.com/news/security/new-microsoft-365-sign-in-pages-already-spoofed-for-phishing/]]|O365 Phishing|
|2020.05.14|Bleeping Computer|[[Free service simplifies encrypting and sharing confidential data|https://betanews.com/2020/05/14/voltshare-free-encryption/]]|Encryption|
|2020.05.14|//Nuageo[img[iCSF/flag_fr.png]]//|[[La face illuminée de la transformation numérique : Proposer une nouvelle façon de travailler|https://www.nuageo.fr/2020/05/transformation-numerique-facon-travailler/]]|Misc|
|2020.05.14|//Venafi//|[[More cybersecurity consolidation: Venafi acquires Kubernetes startup Jetstack|https://siliconangle.com/2020/05/14/cybersecurity-consolidation-venafi-acquires-kubernetes-startup-jetstack/]]|Acquisition|
|2020.05.15|Security Week| → [[Venafi Acquires Kubernetes Services Provider Jetstack|https://www.securityweek.com/venafi-acquires-kubernetes-services-provider-jetstack]]|Acquisition|
|2020.05.14|//JumpCloud//|[[Cloud LDAP for MSPs|https://jumpcloud.com/blog/cloud-ldap-msp]]|LDAP|
|2020.05.14|//FireEye//|[[FireEye Cloudvisory: Control center for multi-cloud security management|https://www.helpnetsecurity.com/2020/05/14/fireeye-cloudvisory-2/]]|CSPM|
|2020.05.14|//Caylent//|[[Kubernetes Pod Security Policies|https://caylent.com/kubernetes-pod-security-policies]]|K8s Policy|
|>|>|>|!2020.05.13|
|2020.05.13|TL;DR Security|[[#34 - Game Theory + 0days, Kubernetes Hacking Practice, AWS Least Privilege|https://tldrsec.com/blog/tldr-sec-034/]] |Weekly_Newsletter|
|2020.05.13|Help Net Security|[[How to implement least privilege in the cloud|https://www.helpnetsecurity.com/2020/05/13/least-privilege-cloud/]]|CSA Privileges|
|2020.05.13|Dark Reading|[[CyberArk Acquires Idaptive for Identity-as-a-Service Tech|https://www.darkreading.com/cloud/cyberark-acquires-idaptive-for-identity-as-a-service-tech/d/d-id/1337805]]|Acquisition|
|2020.05.13|DZone|[[AWS Transit Gateway Examined - Part II|https://dzone.com/articles/aws-transit-gateway-examined-part-ii]]|AWS|
|2020.05.13|ZDnet|[[VMware to acquire Kubernetes security platform Octarine)|https://www.zdnet.com/article/vmware-to-acquire-kubernetes-security-platform-octarine/]]|Acquisition|
|2020.05.14|Security Week| → [[VMware to Acquire Kubernetes Security Firm Octarine|https://www.securityweek.com/vmware-acquire-kubernetes-security-firm-octarine]]|Acquisition|
|2020.05.13|Computer Weekly|[[How To Manage Security Alerts In Microsoft 365 |https://samilamppu.com/2020/05/13/how-to-manage-security-alerts-in-microsoft-365/]]|M365 Alerts|
|>|>|>|!2020.05.12|
|2020.05.12|//Panorays//|[[What is the Consensus Assessments Initiative Questionnaire (CAIQ)? |https://www.panorays.com/blog/what-is-caiq/]]|CAIQ|
|2020.05.12|//Radware//|[[How to Protect Applications from Cloud-Based Attacks|https://blog.radware.com/security/cloudsecurity/2020/05/how-to-protect-applications-from-cloud-based-attacks/]]|Protection|
|2020.05.12|//Microsoft Azure//|[[Monitor your Azure workload compliance with Azure Security Benchmark|https://azure.microsoft.com/blog/monitor-your-azure-workload-compliance-with-azure-security-benchmark/]]|Azure Compliance|
|2020.05.12|//RhinoSecurity Labs//|[[CloudGoat AWS Scenario Walkthrough: "EC2_SSRF"|https://rhinosecuritylabs.com/cloud-security/cloudgoat-aws-scenario-ec2_ssrf/]]|AWS|
|2020.05.12|//Cloud Vector//|[[API Security Checklist: Secure API Design|https://www.cloudvector.com/api-security-checklist-secure-api-design/]] (1/2)|APIs|
|>|>|>|!2020.05.11|
|2020.05.11|Bleeping Computer|[[Office 365 to let regular users revoke encrypted messages|https://www.bleepingcomputer.com/news/microsoft/office-365-to-let-regular-users-revoke-encrypted-messages/]]|O365 Right_Management|
|2020.05.11|//Google Cloud//|[[The case of the missing DNS packets: a Google Cloud support story|https://cloud.google.com/blog/topics/inside-google-cloud/google-cloud-support-engineer-solves-a-tough-dns-case/]]|!DNS|
|2020.05.11|//Google Cloud//|[[Using logging for your apps running on Kubernetes Engine|https://cloud.google.com/blog/products/management-tools/using-logging-your-apps-running-kubernetes-engine/]]|K8s GCP|
|2020.05.11|//Intezer//|[[Exploitation of SaltStack Vulnerabilities Signals Increase in Cloud Server Attacks|https://intezer.com/blog/cloud-security-blog/exploitation-of-saltstack-vulnerabilities-signals-increase-in-cloud-server-attacks/]]|Salt CVE-2020-11651 CVE-2020-11652|
|2020.05.11|//Palo Alto Networks//|[[COVID-19 Themed Malware Within Cloud Environments|https://unit42.paloaltonetworks.com/covid-19-themed-malware-within-cloud-environments/]]|Malware COVID-19|
|2020.05.11|//Armorblox//|[[Blox Tales #4: Vendor Email Fraud + Office 365 Credential Phishing|https://www.armorblox.com/blog/blox-tales-4-vendor-email-fraud-office-365-credential-phishing/]]|O365 Phishing|
|2020.05.11|//Microsoft Azure//|[[Automating cybersecurity guardrails with new Zero Trust blueprint and Azure integrations|https://azure.microsoft.com/en-us/blog/automating-cybersecurity-guardrails-with-new-zero-trust-blueprint-and-azure-integrations/]]|Azure Zero_Trust|
|2020.05.11|//Microsoft Azure//|[[Use Azure Firewall for secure and cost-effective Windows Virtual Desktop protection|https://azure.microsoft.com/en-us/blog/use-azure-firewall-for-secure-and-cost-effective-windows-virtual-desktop-protection/]]|Firewalls|
|2020.05.11|//Palo Alto Networks//|[[Bridging the DevOps and Security Divide with DevSecOps|https://blog.paloaltonetworks.com/2020/05/cloud-devsecops/]]|DevSecOps|
|2020.05.11|//AT&T CyberSecurity//|[[Stories from the SOC - Office365 Credential Abuse|https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-office365-credential-abuse]]|O365 Credentials Abuse|
Jim Reavis a publié les premiers résultats du sondage CSA sur l'impact de la pandémie actuelle sur l'emploi.
Les principaux enseignements sont :
* 122 réponses
* 18% des entreprises font état de licenciements dans les équipes sécurité
* les domaines les plus impactés sont : forensique, administrtaion sécurité, sécurité dans les développements logiciels
* les roles les moins impactés : sécurité opérationnel et exploitation, audit et tests d'intrusionconformité
Tous les résultats sont accessibles uniquement sur [[Circle]], et uniquement sur [[Circle]]... Une bonne raison de s'y inscrire...
Les résultats du sondage ⇒ ''[[CloudSecurityAlliance.fr/go/k5es/|https://CloudSecurityAlliance.fr/go/k5es/]]''
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #63|2020.05.10 - Newsletter Hebdomadaire #63]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #63|2020.05.10 - Weekly Newsletter - #63]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.05.10 - Newsletter Hebdomadaire #63]]>> |<<tiddler [[2020.05.10 - Weekly Newsletter - #63]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - 4 au 10 mai 2020
!!1 - Informations CSA
* Publication ''CSA'' : validation de la traduction en français des 3 documents CCM v3.0.1, CAIQ v3.0.1 et PLC CoC v3.1+++*[»]> <<tiddler [[2020.05.07 - Publication : Traduction française des documents CCM, CAIQ et PLA CoC]]>>===
* Publication ''CSA'' : glossaire sécurité industrielle 'IIoT et ICS'+++*[»]> <<tiddler [[2020.05.05 - Publication : Glossaire sécurité 'IIoT et ICS']]>>===
* Appels à commentaires ''CSA'' : document ''Telehealth data in the cloud''+++*[»]> <<tiddler [[2020.05.01 - Appel à commentaires : 'Telehealth data in the cloud']]>>=== (17 mai)
* Appels à commentaires ''CSA'' : document ''Mobile Application Security Testing - Sum-Up & Landscape Overview''+++*[»]> <<tiddler [[2020.05.08 - Appel à commentaires : 'Mobile Application Security Testing - Sum-Up & Landscape Overview']]>>=== (8 juin)
* Appels à commentaires ''NIST'' : SP 800-210 ''General Access Control Guidance for Cloud Systems''+++*[»]> <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]>>=== (15 mai)
* Webinar : '''Break the Top 10 Cloud Attack Kill Chains'''+++*[»]> <<tiddler [[2020.05.07 - Webinar : 'Break the Top 10 Cloud Attack Kill Chains']]>>===
* Sondage CSA : impact de la pandémie actuelle sur l'emploi dans le secteur de la cybersécurité+++*[»]> <<tiddler [[2020.05.06 - Sondage CSA sur l'impact de la pandémie actuelle sur l'emploi]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.05.10 - Veille Hebdomadaire - 10 mai]] avec plus de 50 liens dont :
* Alertes : Framework Salt (suite) et compromissions associées+++*[»]
|2020.05.04|Salt Exploit|![[SaltStack CVE-2020-11651 and CVE-2020-11652 Attack|https://saltexploit.com/]]|Salt CVE-2020-11651 CVE-2020-11652|
|2020.05.04|IT News| → [[Cloud servers hacked via critical SaltStack vulnerabilities|https://www.itnews.com/article/3541721/cloud-servers-hacked-via-critical-saltstack-vulnerabilities.html]]|Salt CVE-2020-11651 CVE-2020-11652|
===
* Analyse : Escalade de provilège dans GCP+++*[»]
|2020.05.05|//Rhino Security Labs//|[[Privilege Escalation in Google Cloud Platform - Part 1 (IAM)|https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/]] (1/2)|GCP IAM|
|2020.05.05|//Rhino Security Labs//|[[Privilege Escalation in Google Cloud Platform - Part 2 (Non-IAM)|https://rhinosecuritylabs.com/cloud-security/privilege-escalation-google-cloud-platform-part-2/]] (2/2)|GCP IAM|
===
* Rapport : VMware sur Kubernetes+++*[»]
|2020.05.08|//VMware//|[[State of Kubernetes 2020 Report|https://k8s.vmware.com/state-of-kubernetes-2020/]]|Report Kubernetes|
|2020.05.08|Container Journal| → [[VMware Releases State of Kubernetes 2020 Report|https://containerjournal.com/topics/container-ecosystems/vmware-releases-state-of-kubernetes-2020-report/]]|Report Kubernetes|
===, Palo Alto Networks sur la malveillance liée à COVID-19 dans le Cloud+++*[»]
|2020.05.04|//Palo Alto Networks//|![[COVID-19: Cloud Threat Landscape|https://unit42.paloaltonetworks.com/covid-19-cloud-threat-landscape/]]|COVID-19 DNS Public_Cloud|
|2020.05.04|CIO Dive| → [[Malicious domains are floating around the cloud: Here's the threat to companies|https://www.ciodive.com/news/malicious-domains-coronavirus-cloud/577220/]]|COVID-19 DNS Public_Cloud|
|2020.05.06|Silicon FR[>img[iCSF/flag_fr.png]]| → [[Le cloud public, un nid à sites malveillants ?|https://www.silicon.fr/cloud-public-sites-malveillants-339209.html]]|COVID-19 DNS Public_Cloud|
===
* __Divers__ : Suggestion de 5 groupes de travail CSA à rejoindre+++*[»]
|2020.05.05|//Panorays//|![[5 Cloud Security Alliance Working Groups to Consider Joining|https://www.panorays.com/blog/5-cloud-security-alliance-working-groups-to-consider-joining/]]|CSA|
===; Forcepoint sur l'avenir de la sécurité du Cloud+++*[»]
|2020.05.06|//Forcepoint//|[[The Future of Cloud Security is a Cloud-Powered One|https://www.forcepoint.com/blog/insights/cloud-powered-security-sase]]|SASE|
|2020.05.06|//Forcepoint//| → [[Voice of the CTO: The Future of Cloud Security|https://www.brighttalk.com/webcast/15527/404744?sf121706630=1]]|SASE|
===; Sandbox AWS+++*[»]
|2020.05.05|//Aurum//|[[Creating an AWS Sandbox|https://www.stuffwithaurum.com/2020/05/05/creating-an-aws-sandbox/]]|AWS Sandbox|
===
!!3 - Lien Direct
|!⇒ [[CloudSecurityAlliance.fr/go/K5A/|https://CloudSecurityAlliance.fr/go/K5A/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - May 4th to 10th[>img[iCSF/inEnglish.png]]
!!1 - CSA News and Updates
* Publication: Translation in 10 different languages of the ''CCM'', ''CAIQ'' and ''PLA CoC'' documents+++*[»]> <<tiddler [[2020.05.07 - Publication : Traduction française des documents CCM, CAIQ et PLA CoC]]>>===
* Publication: Cloud IIoT - ICS Glossary"+++*[»]> <<tiddler [[2020.05.05 - Publication : Glossaire sécurité 'IIoT et ICS']]>>===
* Call for comments for a CSA document: ''Telehealth data in the cloud''+++*[»]> <<tiddler [[2020.05.01 - Appel à commentaires : 'Telehealth data in the cloud']]>>=== before May 17^^th^^
* Call for comments for a CSA document: 'Mobile Application Security Testing - Sum-Up & Landscape Overview'+++*[»]> <<tiddler [[2020.05.08 - Appel à commentaires : 'Mobile Application Security Testing - Sum-Up & Landscape Overview']]>>=== before June 8^^th^^
* Call for comments for a NIST document: SP 800-210 'General Access Control Guidance for Cloud Systems'+++*[»]> <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]>>===
* Webinar: '''Break the Top 10 Cloud Attack Kill Chains'''+++*[»]> <<tiddler [[2020.05.07 - Webinar : 'Break the Top 10 Cloud Attack Kill Chains']]>>===
!!2 - Cloud and Security News Watch
[[Over 50 links|2020.05.10 - Veille Hebdomadaire - 10 mai]] among which:
* Alerts: Salt Framework (folow-up) and related compromises+++*[»]>
|2020.05.04|Salt Exploit|![[SaltStack CVE-2020-11651 and CVE-2020-11652 Attack|https://saltexploit.com/]]|Salt CVE-2020-11651 CVE-2020-11652|
===
* Analysis: Privilege escalation in GCP+++*[»]>
|2020.05.05|//Rhino Security Labs//|[[Privilege Escalation in Google Cloud Platform - Part 1 (IAM)|https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/]] (1/2)|GCP IAM|
|2020.05.05|//Rhino Security Labs//|[[Privilege Escalation in Google Cloud Platform - Part 2 (Non-IAM)|https://rhinosecuritylabs.com/cloud-security/privilege-escalation-google-cloud-platform-part-2/]] (2/2)|GCP IAM|
===
* Reports: VMware about Kubernetes+++*[»]>
|2020.05.08|//VMware//|[[State of Kubernetes 2020 Report|https://k8s.vmware.com/state-of-kubernetes-2020/]]|Report Kubernetes|
===, Palo Alto Networks on COVID-19 related threats in the public Cloud+++*[»]
|2020.05.04|//Palo Alto Networks//|![[COVID-19: Cloud Threat Landscape|https://unit42.paloaltonetworks.com/covid-19-cloud-threat-landscape/]]|COVID-19 DNS Public_Cloud|
|2020.05.04|CIO Dive| → [[Malicious domains are floating around the cloud: Here's the threat to companies|https://www.ciodive.com/news/malicious-domains-coronavirus-cloud/577220/]]|COVID-19 DNS Public_Cloud|
===
* __Miscellaneous__: 5 CSA WG to consider joining+++*[»]>
|2020.05.05|//Panorays//|![[5 Cloud Security Alliance Working Groups to Consider Joining|https://www.panorays.com/blog/5-cloud-security-alliance-working-groups-to-consider-joining/]]|CSA|
===, Forcepoint on the future of Cloud Security+++*[»]>
|2020.05.06|//Forcepoint//|[[The Future of Cloud Security is a Cloud-Powered One|https://www.forcepoint.com/blog/insights/cloud-powered-security-sase]]|SASE|
|2020.05.06|//Forcepoint//| → [[Voice of the CTO: The Future of Cloud Security|https://www.brighttalk.com/webcast/15527/404744?sf121706630=1]]|SASE|
===; AWS Sandbox+++*[»]>
|2020.05.05|//Aurum//|[[Creating an AWS Sandbox|https://www.stuffwithaurum.com/2020/05/05/creating-an-aws-sandbox/]]|AWS Sandbox|
===
!!3 - Direct Link
|!⇒ [[CloudSecurityAlliance.fr/go/K5A/|https://CloudSecurityAlliance.fr/go/K5A/]] |
|!Mai|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.05.10|
|2020.05.10|Marco Lancini|[[The Cloud Security Reading List #36|https://cloudseclist.com/issues/issue-36/]]|Weekly_Newsletter|
|2020.05.10|//XM Cyber//|[[How Pizza Can Be the Recipe to Understand Cloud Security|https://xmcyber.com/how-pizza-can-be-the-recipe-to-understand-cloud-security-2/]]|Misc|
|2020.05.10|//Managed Sentinel//|![[Azure Advanced Threat Protection (ATP) Design|https://www.managedsentinel.com/2020/05/10/azure-atp-design/]]|Azure_ATP|
|>|>|>|!2020.05.09|
|2020.05.09|Chris Farris|[[Adventures in Cloud Inventory|https://www.chrisfarris.com/post/adventures-in-cloud-inventory/]]|Inventory|
|>|>|>|!2020.05.08|
|2020.05.08|Dark Reading|[[As Remote Work Becomes the Norm, Security Fight Moves to Cloud, Endpoints|https://www.darkreading.com/cloud/as-remote-work-becomes-the-norm-security-fight-moves-to-cloud-endpoints/d/d-id/1337774]]|Survey Gartner|
|2020.05.08|Dark Reading|[[Why DevSecOps Is Critical for Containers and Kubernetes|https://www.darkreading.com/cloud/why-devsecops-is-critical-for-containers-and-kubernetes/a/d-id/1337735]]|DevSecOps|
|2020.05.08|Help Net Security|[[BlueCat Adaptive DNS gives network teams visibility over AWS resources and threat protection|https://www.helpnetsecurity.com/2020/05/08/bluecat-adaptive-dns/]]|AWS DNS Visibility|
|2020.05.08|//Amazon AWS//|[[Enabling AWS Security Hub integration with AWS Chatbot|https://aws.amazon.com/blogs/security/enabling-aws-security-hub-integration-with-aws-chatbot/]]|AWS_Security_Hub|
|2020.05.08|//VMware//|[[State of Kubernetes 2020 Report|https://k8s.vmware.com/state-of-kubernetes-2020/]]|Report Kubernetes|
|2020.05.08|Container Journal| → [[VMware Releases State of Kubernetes 2020 Report|https://containerjournal.com/topics/container-ecosystems/vmware-releases-state-of-kubernetes-2020-report/]]|Report Kubernetes|
|2020.05.08|//Threatpost//|[[Podcast: Shifting Cloud Security Left With Infrastructure-as-Code|https://threatpost.com/podcast-shifting-left-with-infrastructure-as-code/155546/]] ([[podcast .mp3|http://traffic.libsyn.com/digitalunderground/DivvyCloud_Sponsored_Podcast_Final.mp3]])|Podcast IaC|
|2020.05.08|//Digital Ocean//|[[How to manage Secrets in Kubernetes environment|https://medium.com/faun/introduction-2139c9df7cce]]|Secrets Kubernetes|
|2020.05.08|//N2WS//|[[Backup and restore on AWS is a nightmare - is there a way to speed it up?|https://www.theregister.co.uk/2020/05/08/speed_up_aws_backup/]] ([[futur Webcast le 28 mai|https://whitepapers.theregister.co.uk/paper/view/8720/how-to-simplify-data-protection-on-amazon-web-services?td=promo1]])|AWS Backup|
|>|>|>|!2020.05.07|
|2020.05.07|PaperMtn|[[Slack Watchman - Monitoring Slack workspaces for sensitive information|https://papermtn.co.uk/slack-watchman-monitoring-slack-workspaces-for-sensitive-information/]]|[[Tools|GitHub-Outils]]|
|2020.05.07|//Amazon AWS//|![[AWS Foundational Security Best Practices standard now available in Security Hub|https://aws.amazon.com/blogs/security/aws-foundational-security-best-practices-standard-now-available-security-hub/]]|Best_Practices AWS|
|2020.05.07|//Shared Assessments//|[[Regulatory Consistency in Cloud Due Diligence Guidance|https://sharedassessments.org/blog/regulatory-consistency-in-cloud-due-diligence-guidance/]]|Regulations|
|2020.05.07|//Park My Cloud//|[[Use this Azure IAM Checklist When You Add New Users|https://www.parkmycloud.com/blog/azure-iam/]]|Azure IAM|
|2020.05.07|//Uptycs//|[[Harnessing the AWS Nitro Architecture to Encrypt Inter-Node Traffic in Kubernetes|https://www.uptycs.com/blog/harnessing-the-aws-nitro-architecture-to-encrypt-inter-node-traffic-in-kubernetes]]|AWS Kubernetes|
|2020.05.07|//Square//|[[Kubernetes - Pod Security Policies|https://developer.squareup.com/blog/kubernetes-pod-security-policies/]]|K8s Policy|
|>|>|>|!2020.05.06|
|2020.05.06|TL;DR Security|[[#33 - Splunk's Attack Range, Detecting Compromised Cloud Creds, Azure AD for Red Teamers|https://tldrsec.com/blog/tldr-sec-033/]] |Weekly_Newsletter|
|2020.05.06|NextGov|[[Homeland Security's Biometrics Database Is on Its Way to the Amazon Cloud|https://www.nextgov.com/it-modernization/2020/05/homeland-securitys-biometrics-database-its-way-amazon-cloud/165186/]]|Misc|
|2020.05.06|SecureCloudBlog|[[Project Log 0: Automating Azure Security Reports With AZSK, NodeJS and PS|https://securecloud.blog/2020/05/06/project-log-0-automating-azure-security-reports-with-azsk-nodejs-and-ps/]] (1/3)|Azure Reporting|
|2020.05.06|//Forcepoint//|[[The Future of Cloud Security is a Cloud-Powered One|https://www.forcepoint.com/blog/insights/cloud-powered-security-sase]]|SASE|
|2020.05.06|//Forcepoint//| → [[Voice of the CTO: The Future of Cloud Security|https://www.brighttalk.com/webcast/15527/404744?sf121706630=1]]|SASE|
|2020.05.06|//Capsule8//|[[Security Delusions Part 2: Modern Monsters|https://capsule8.com/blog/security-delusions-part-2-modern-monsters/]] (2/3)|Misc|
|2020.05.06|//Netskope//|[[AWS: Improve CloudTrail Logging for Assumed Role Actions|https://www.netskope.com/blog/aws-improve-cloudtrail-logging-for-assumedrole-actions]]|AWS Logging|
|2020.05.06|//Proact//|[[Proact BaaS-O365: A backup and recovery service for Microsoft Office 365 users|https://www.helpnetsecurity.com/2020/05/06/proact-baas-o365/]]|O365 BaaS|
|2020.05.06|//Cobalt.io//|[[Pentest as a Service (PtaaS) Impact Report 2020|https://blog.cobalt.io/pentest-as-a-service-ptaas-impact-report-2020-businesses-are-expanding-pentesting-scope-and-e0d7cd035c2b]]|Flaws|
|>|>|>|!2020.05.05|
|2020.05.05|SANS Handlers Diary|![[Cloud Security Features Don't Replace the Need for Personnel Security Capabilities|https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/]] |Misc|
|2020.05.05|SANS| → [[Commentaires|https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/]]|Misc|
|2020.05.05|CloudTweaks|[[Episode 4: The Power of Regulatory Compliant Cloud: A European Case Study|https://cloudtweaks.com/2020/05/episode-4-power-of-regulatory-compliant-cloud-european-case-study/]]|COVID-19 Compliance|
|2020.05.05|//Panorays//|![[5 Cloud Security Alliance Working Groups to Consider Joining|https://www.panorays.com/blog/5-cloud-security-alliance-working-groups-to-consider-joining/]]|CSA|
|2020.05.05|//Rhino Security Labs//|[[Working-As-Intended: RCE to IAM Privilege Escalation in GCP Cloud Build|https://rhinosecuritylabs.com/gcp/iam-privilege-escalation-gcp-cloudbuild/]]|GCP Flaw|
|2020.05.05|//Rhino Security Labs//|[[Privilege Escalation in Google Cloud Platform - Part 1 (IAM)|https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/]] (1/2)|GCP IAM|
|2020.05.05|//Rhino Security Labs//|[[Privilege Escalation in Google Cloud Platform - Part 2 (Non-IAM)|https://rhinosecuritylabs.com/cloud-security/privilege-escalation-google-cloud-platform-part-2/]] (2/2)|GCP IAM|
|2020.05.05|//KWNetApps//|[[Terraform AWS FIPS provider|https://blog.kwnetapps.com/terraform-aws-fips-provider/]]|AWS FIPS|
|2020.05.05|//Microsoft Azure//|[[Updates to Azure AD Conditional Access report-only mode, insights & reporting, and troubleshooting|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/updates-to-azure-ad-conditional-access-report-only-mode-insights/ba-p/1257357]]|AzureAD|
|2020.05.05|//Microsoft Azure//|[[Azure Sphere Security Research Challenge Now Open|https://msrc-blog.microsoft.com/2020/05/05/azure-sphere-security-research-challenge/]]|Azure_Sphere|
|2020.05.05|//Microsoft Azure//|[[Azure Sphere Security Research Challenge |https://www.microsoft.com/en-us/msrc/azure-security-lab]]|Azure_Sphere|
|2020.05.06|Dark Reading| → [[Microsoft Challenges Security Researchers to Hack Azure Sphere|https://www.darkreading.com/threat-intelligence/microsoft-challenges-security-researchers-to-hack-azure-sphere/d/d-id/1337739]]|Azure_Sphere|
|2020.05.05|//Aurum//|[[Creating an AWS Sandbox|https://www.stuffwithaurum.com/2020/05/05/creating-an-aws-sandbox/]]|AWS Sandbox|
|2020.05.05|//MalwareBytes//|[[Explained: cloud-delivered security|https://blog.malwarebytes.com/explained/2020/05/explained-cloud-delivered-security/]]|Misc|
|2020.05.05|//Netskope//|[[The Path of a Packet in a SASE Architecture|https://www.netskope.com/blog/the-path-of-a-packet-in-a-sase-architecture]] (1/2)|SASE|
|2020.05.05|//Lastline//|[[You're One Cloud Misconfiguration Away from a Data Breach|https://www.lastline.com/blog/youre-one-cloud-misconfiguration-away-from-a-data-breach/]]|Misconfigurations|
|>|>|>|!2020.05.04|
|2020.05.04|Christophe Parisel|![[Key teleportation in Azure and AWS|https://www.linkedin.com/pulse/key-teleportation-azure-aws-christophe-parisel/]] |AWS Secrets_Management|
|2020.05.04|Salt Exploit|![[SaltStack CVE-2020-11651 and CVE-2020-11652 Attack|https://saltexploit.com/]]|Salt CVE-2020-11651 CVE-2020-11652|
|2020.05.04|IT News| → [[Cloud servers hacked via critical SaltStack vulnerabilities|https://www.itnews.com/article/3541721/cloud-servers-hacked-via-critical-saltstack-vulnerabilities.html]]|Salt CVE-2020-11651 CVE-2020-11652|
|2020.05.06|//Aqua Security//| → [[Mitigating High Severity CVEs Affecting SaltStack on Public Clouds|https://blog.aquasec.com/saltstack-cve-2020-11651-cve-2020-11652]]|Salt CVE-2020-11651 CVE-2020-11652|
|2020.05.04|jdSupra|[[Critical Guidance for Financial Institutions on Security Considerations for Cloud Computing Environments|https://www.jdsupra.com/legalnews/critical-guidance-for-financial-33435/]]|Guidance|
|2020.05.04|FINRA|[[Regulatory Notice 20-12: FINRA Warns of Fraudulent Phishing Emails Purporting to be from FINRA|https://www.finra.org/rules-guidance/notices/20-12]]|Alert O365 Phishing|
|2020.05.04|ZDNet| → [[US financial industry regulator warns of widespread phishing campaign|https://www.zdnet.com/article/us-financial-industry-regulator-warns-of-widespread-phishing-campaign/]]|O365 Phishing|
|2020.05.04|//Palo Alto Networks//|![[COVID-19: Cloud Threat Landscape|https://unit42.paloaltonetworks.com/covid-19-cloud-threat-landscape/]]|COVID-19 DNS Public_Cloud|
|2020.05.04|CIO Dive| → [[Malicious domains are floating around the cloud: Here's the threat to companies|https://www.ciodive.com/news/malicious-domains-coronavirus-cloud/577220/]]|COVID-19 DNS Public_Cloud|
|2020.05.06|Silicon FR[>img[iCSF/flag_fr.png]]| → [[Le cloud public, un nid à sites malveillants ?|https://www.silicon.fr/cloud-public-sites-malveillants-339209.html]]|COVID-19 DNS Public_Cloud|
|2020.05.04|//SAP//|[[SAP addresses gaps in connection with its contractual cybersecurity infrastructure terms relating to certain parts of its cloud products|https://www.sap.com/investors/en/financial-news/ad-hoc-news/2020/05/1956485.html]]|SAP Flaws|
|2020.05.05|Reuters| → [[SAP discloses security lapses; says there was no data breach|https://www.reuters.com/article/us-sap-cyber/sap-discloses-security-lapses-says-there-was-no-data-breach-idUSKBN22H1CB]]|SAP Flaws|
|2020.05.06|//Forcepoint//| → [[SAP to Address Security Issues With Some Cloud Products and to Notify 440,000 Customers|https://gbhackers.com/sap-security-issues/]]|SAP Flaws|
|2020.05.04|//Micrsoft Azure//|![[Security Controls in ASC: Secure Score Series - Overview|https://techcommunity.microsoft.com/t5/azure-security-center/security-controls-in-asc-secure-score-series-overview/ba-p/1358556]] |Azure_Security_Center Best_Practices|
!"//Mobile Application Security Testing - Sum-Up & Landscape Overview//"
La date limite pour transmettre les commentaires est le 8 juin 2020.
<<<
//Users place a good deal of trust in mobile app stores' abilities to review, test, flag and block apps that exhibit undesirable behavior.
However, even with the best expertise and resources touted by the most popular and established app stores, and the extensive experience gained from testing and reviewing large numbers of mobile apps, malware still manages to slip through their defenses from time to time to make the headlines.
In 2016, with the aim to define a framework for secure mobile application development, achieving privacy and security by design, CSA's Mobile Application Security Testing (MAST) WG previously worked on and released a MAST whitepaper.
Fast forward to 2020, in this summary paper, the WG strives to give readers an overview of the current MAST landscape, what the various mobile app stores are doing in terms of security review and testing of app submitted to them, popular app testing guides and tools.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/k58a/|https://CloudSecurityAlliance.fr/go/k58a/]]''
!"//Break the Top 10 Cloud Attack Kill Chains//"
[>img(250px,auto)[iCSA/K57WB.png]]Webinar [[CloudBytes]] diffusé le 7 mai 2020 — Présenté par Rich Mogull, VP Product, disruptOps
<<<
//As cloud adoption matures, so do cloud attacks.
This session will highlight the top 10 cloud kill chains and how to break them.
The presenters will lay out each step of the chain, which are the easiest to snap, and which common security defenses work across multiple chains.//
<<<
⇒ S'inscrire au Webinar de 60 minutes [[sur le site de BrightTALK|https://CloudSecurityAlliance.fr/go/k57w/]].
[>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]La [[Cloud Security Alliance]] a relancé sa demande de validation de la traduction de 3 outils majeurs ([[CCM]], [[CAIQ]] et [[PLA CoC|2018.06.04 - Publication : PLA Code of Conduct (CoC): Statement of Adherence Self-Assessment]] dans 10 langues : allemand, danois, espagnol, italien, japonais, néerlandais, portugais, roumain, suédois, et ... français.
Il s'agit de feuilles Excel dans lesquelles il vous est demandé de valider les traductions proposer, ou de les amender.
Pour chaque document à valider, ses 10 propositions de traduction sont dans un pacquet ZIP dédié. Ainsi, pour travailler sur la version française, il faut sélectionner le document commençant par "''FR-''"
Les 3 documents sont les suivants :
* "''Cloud Controls Matrix''" (CCM) : document "FR-CSA_CCM_v.3.0.1-09-01-2017_FINAL.xlsx"
: ⇒ ''[[CloudSecurityAlliance.fr/go/k57c/|https://cloudsecurityalliance.fr/go/k57c/]]''
* "''Consensus Assessments Initiative Questionnaire''" (CAIQ) : document "FR-CAIQ_v3.0.1-09-01-2017_FINAL.xlsx"
: ⇒ ''[[CloudSecurityAlliance.fr/go/k57q/|https://cloudsecurityalliance.fr/go/k57q/]]''
* "''Code of Conduct''" du "''Privacy Level Agreement''" (PLA CoC) : document "FR-CoC_GDPR_Annex_1_Compliance_Assessment_Template.xlsx"
: ⇒ ''[[CloudSecurityAlliance.fr/go/k57p/|https://cloudsecurityalliance.fr/go/k57p/]]''
Compte-tenu de l'ampleur de la tâche, un espace collaboratif va être mis en place sur la plateforme ''Circle''. Une bonne raison de la rejoindre, si ce n'est pas déjà fait.
Le CSA a lancé un sondage de 6 questions pour évaluer l'impact de la pandémie actuelle sur la cybersécurité et l'emploi.
Pour vous préparer à y répondre sur SurveyMonkey, voici la traduction en français des questions posées :
* Secteur d'activité de votre entreprise ?
* Dans quel pays résidez-vous actuellement?
* Quel est l'impact sur COVID-19 sur l'emploi dans votre entreprise dans le domaine de la cybersécurité ?
** Choix possibles : blocage des embauches, licenciements ou fin de contrats de prestatations, nouvelles embauches ou intégrations
* Si vous avez signalé des licenciements à la question précédente, quel est le pourcentage approximatif du personnel lié à la cybersécurité qui a été licencié?
* En cas de ralentissement économique prolongé, quels rôles ou fontions liées à la cybersécurité prévoyez-vous le plus susceptibles d'être réduits dans votre organisation? Sélectionnez jusqu'à 3 maximum (référene : "ISC2 2019 Workforce Study")
** Choix possibles : exploitation, administration, gestion des risques, conformité, sécurité des technologies opérationnelles, développement logiciel sécurisé, tests d'intrusion, analyse forensique
* Pour le personnel de cybersécurité qui n'est pas directement touché par les licenciements, quels sont, selon vous, les plus grands défis pour le reste de l'année 2020 et qui sont liés aux réductions ou gels budgétaires ?
Lien vers le sondage ⇒ https://www.surveymonkey.com/r/VNL966Y
!"Cloud Security Alliance Releases Cloud Industrial Internet of Things (IIoT) - Industrial Control Systems Security Glossary"
[>img(150px,auto)[iCSA/K55PI.jpg]]Un communiqué de presse publié le 5 mai pour annoncer la publication du document "''Cloud Industrial Internet of Things (IIoT) - Industrial Control Systems Security Glossary''".
Il contient 39 termes et définitions et a pour vocation de servir de référence pour les autres travaux liés à la sécurisation du monde industriel.
<<<
//The Industrial Control Systems (ICS) Security Glossary is a reference document that brings together ICS and IT/OT related terms and definitions. Bringing together the terms and definitions in this document is meant to minimize misinterpretation and provide a common ICS and IT/OT language. A balance has been struck between length of the definitions and understandability with reliance on the reference source as the final arbiter. The goal is to provide a common language to communicate, understand, debate, conclude, and present the results of the ICS WG's work. The intended audience is everyone from the Board to security staff inside an organization to customers and third-party suppliers including cloud service providers.//
<<<
__Liens :__
* Communiqué de presse ⇒ ''[[CloudSecurityAlliance.fr/go/k55c/|https://CloudSecurityAlliance.fr/go/k55c/]]''
* Document ⇒ ''[[CloudSecurityAlliance.fr/go/k55p/|https://CloudSecurityAlliance.fr/go/k55p/]]''
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #62|2020.05.03 - Newsletter Hebdomadaire #62]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #62|2020.05.03 - Weekly Newsletter - #62]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.05.03 - Newsletter Hebdomadaire #62]]>> |<<tiddler [[2020.05.03 - Weekly Newsletter - #62]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - 27 avril au 3 mai 2020
!!1 - Informations CSA
* Blog : De l'importance d'être prêt quand survient une pandémie+++*[»]> <<tiddler [[2020.04.28 - Blog : De l'importance d'être prêt quand survient une pandémie]]>>===
* Blog : Qu'est ce qu'un 'Cloud Service Provider' ?+++*[»]> <<tiddler [[2020.04.30 - Blog : Qu'est ce qu'un 'Cloud Service Provider' ?]]>>===
* Blog : la sécurité génère la confiance+++*[»]> <<tiddler [[2020.04.30 - Blog : la sécurité génère la confiance]]>>===
* Appels à commentaires ''CSA'' : 'Hybrid Clouds and its Associated Risks'+++*[»]> <<tiddler [[2020.04.10 - Appel à commentaires : 'Hybrid Clouds and its Associated Risks']]>>=== (8 mai) et 'Telehealth data in the cloud'+++*[»]> <<tiddler [[2020.05.01 - Appel à commentaires : 'Telehealth data in the cloud']]>>=== (17 mai)
* Appels à commentaires ''NIST'' : SP 800-210 'General Access Control Guidance for Cloud Systems'+++*[»]> <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]>>=== (15 mai)
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.05.03 - Veille Hebdomadaire - 3 mai]] avec plus de 40 liens dont :
* Alertes : Framework Salt+++*[»]>
|2020.04.30|//F-Secure labs//|![[SaltStack authorization bypass|https://labs.f-secure.com/advisories/saltstack-authorization-bypass]]|CVE-2020-11651 CVE-2020-11652|
|2020.04.30|//ThreatPost//| → [[Salt Bugs Allow Full RCE as Root on Cloud Servers|https://threatpost.com/salt-bugs-full-rce-root-cloud-servers/155383/]]|CVE-2020-11651 CVE-2020-11652|
===
* Recommendations : Sécurisation Office 365 par le DHS/US-CERT+++*[»]>
|2020.04.29|US-CERT|![[Alert (AA20-120A): Microsoft Office 365 Security Recommendations |https://www.us-cert.gov/ncas/alerts/aa20-120a]]|O365|
|2020.04.29|Bleeping Computer| → [[US govt updates Microsoft Office 365 security best practices|https://www.bleepingcomputer.com/news/security/us-govt-updates-microsoft-office-365-security-best-practices/]]|O365|
|2020.05.01|Security Week| → [[DHS Reiterates Recommendations on Securing Office 365|https://www.securityweek.com/dhs-reiterates-recommendations-securing-office-365]]|O365|
===
* __Attaques__ : Campagne de phishing PerSwaysion+++*[»]>
|2020.04.30|//Group-IB//|![[PerSwaysion Campaign - Playbook of Microsoft Document Sharing-Based Phishing Attack|https://www.group-ib.com/blog/perswaysion]]|Azure Phishing|
|2020.04.30|//Threatpost//| → [[Microsoft Sway Abused in Office 365 Phishing Attack|https://threatpost.com/microsoft-sway-abused-office-365-phishing-attack/155366/]]|Azure Phishing|
=== et via des alertes Teams+++*[»]>
|2020.05.01|Bleeping Computer|[[Convincing Office 365 phishing uses fake Microsoft Teams alerts|https://www.bleepingcomputer.com/news/security/convincing-office-365-phishing-uses-fake-microsoft-teams-alerts/]]|Phishing O365|
=== contre Office 365, et technique d'attaque contre Teams+++*[»]>
|2020.04.27|//CyberArk//|[[Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams|https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/]]|Teams Attacks|
===
* Fuite de données : Le Figaro+++*[»]>
|2020.05.01|Safety Detectives|[[French Subscribers to Famous News Site at Risk from Hacking, Fraud|https://www.safetydetectives.com/blog/lefigaro-leak-report/]]|Data_Leak ElasticSearch|
=== et risques avec les liens de partage Google+++*[»]>
|2020.05.01|//NetSkope//|[[Leaky Links: Accidental Exposure in Google Link Sharing|https://www.netskope.com/blog/leaky-links-accidental-exposure-in-google-link-sharing]]|GCP Leakage|
===
* Rapport : '2020 State of the Cloud Report' (Flexera)+++*[»]>
|2020.04.28|//Flexera//|[[Flexera Releases 2020 State of the Cloud Report |https://www.flexera.com/about-us/press-center/flexera-releases-2020-state-of-the-cloud-report.html]]|Report|
|2020.04.28|//Flexera//| → [[2020 State of the Cloud Report|https://info.flexera.com/SLO-CM-REPORT-State-of-the-Cloud-2020]]|Report|
===
* Podcast : Cloud Security Podcast+++*[»]>
|2020.05.03|Cloud Security Podcast|[[Virtual Coffee with Ashish - Cloud Security Podcast & Hacker Valley Studio|https://anchor.fm/cloudsecuritypodcast/episodes/Virtual-Coffee-with-Ashish---Cloud-Security-Podcast--Hacker-Valley-Studio-edi7ce]]|Podcast|
===
* Outils : ROADtools pour AzureAD+++*[»]>
|2020.04.30|Hackin9|[[ROADtools - The Azure AD exploration framework|https://hakin9.org/roadtools-the-azure-ad-exploration-framework/]]|AzureAD Tools|
===
* __Divers__ : Supervision de Zoom depuis Azure Sentinel+++*[»]>
|2020.04.29|//Microsoft//|![[Monitoring Zoom with Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/monitoring-zoom-with-azure-sentinel/ba-p/1341516]]|Zoom Azure_Sentinel|
===, diverses problématiques sur AWS+++*[»]
|2020.04.28|//Tripwire//|[[Cloud Under Pressure: Keeping AWS Projects Secure|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-under-pressure-keeping-aws-projects-secure/]]|AWS|
|2020.04.28|//Expel//|![[Finding evil in AWS: A key pair to remember|https://expel.io/blog/finding-evil-in-aws/]] |AWS Attacks|
===, Threat Modeling pour Kubernetes+++*[»]
|2020.04.27|//TrendMicro//|![[Guidance on Kubernetes Threat Modeling|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/guidance-on-kubernetes-threat-modeling]]|K8s Threats|
===
|!⇒ [[CloudSecurityAlliance.fr/go/K53/|https://CloudSecurityAlliance.fr/go/K53/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - April 27th to May 3rd[>img[iCSF/inEnglish.png]]
!!1 - CSA News and Updates
* Blog: Human and cyber-pandemic: the importance to get ready+++*[»]> <<tiddler [[2020.04.28 - Blog : De l'importance d'être prêt quand survient une pandémie]]>>===
* Blog: What is a "Cloud Service Provider"+++*[»]> <<tiddler [[2020.04.30 - Blog : Qu'est ce qu'un 'Cloud Service Provider' ?]]>>===
* Blog: Why Better Security is the First Step to Greater Trust+++*[»]> <<tiddler [[2020.04.30 - Blog : la sécurité génère la confiance]]>>===
* Call for comments for 2 CSA documents: 'Hybrid Clouds and its Associated Risks'+++*[»]> <<tiddler [[2020.04.10 - Appel à commentaires : 'Hybrid Clouds and its Associated Risks']]>>=== before May 8th, and 'Telehealth data in the cloud'+++*[»]> <<tiddler [[2020.05.01 - Appel à commentaires : 'Telehealth data in the cloud']]>>=== before May 17th
* Call for comments for a NIST document: SP 800-210 'General Access Control Guidance for Cloud Systems'+++*[»]> <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]>>===
!2 - Cloud and Security News Watch
[[Over 40 links|2020.05.03 - Veille Hebdomadaire - 3 mai]] among which:
* Alerts: Framework Salt+++*[»]>
|2020.04.30|//F-Secure labs//|![[SaltStack authorization bypass|https://labs.f-secure.com/advisories/saltstack-authorization-bypass]]|CVE-2020-11651 CVE-2020-11652|
|2020.04.30|//ThreatPost//| → [[Salt Bugs Allow Full RCE as Root on Cloud Servers|https://threatpost.com/salt-bugs-full-rce-root-cloud-servers/155383/]]|CVE-2020-11651 CVE-2020-11652|
* Recommendations: Microsoft Office 365 security recommendations by DHS/US-CERT+++*[»]>
|2020.04.29|US-CERT|![[Alert (AA20-120A): Microsoft Office 365 Security Recommendations |https://www.us-cert.gov/ncas/alerts/aa20-120a]]|O365|
|2020.04.29|Bleeping Computer| → [[US govt updates Microsoft Office 365 security best practices|https://www.bleepingcomputer.com/news/security/us-govt-updates-microsoft-office-365-security-best-practices/]]|O365|
|2020.05.01|Security Week| → [[DHS Reiterates Recommendations on Securing Office 365|https://www.securityweek.com/dhs-reiterates-recommendations-securing-office-365]]|O365|
===
|2020.04.29|US-CERT|![[Alert (AA20-120A): Microsoft Office 365 Security Recommendations |https://www.us-cert.gov/ncas/alerts/aa20-120a]]|O365|
|2020.04.29|Bleeping Computer| → [[US govt updates Microsoft Office 365 security best practices|https://www.bleepingcomputer.com/news/security/us-govt-updates-microsoft-office-365-security-best-practices/]]|O365|
|2020.05.01|Security Week| → [[DHS Reiterates Recommendations on Securing Office 365|https://www.securityweek.com/dhs-reiterates-recommendations-securing-office-365]]|O365|
===
* __Attacks__: PerSwaysion phishing campaign+++*[»]>
|2020.04.30|//Group-IB//|![[PerSwaysion Campaign - Playbook of Microsoft Document Sharing-Based Phishing Attack|https://www.group-ib.com/blog/perswaysion]]|Azure Phishing|
|2020.04.30|//Threatpost//| → [[Microsoft Sway Abused in Office 365 Phishing Attack|https://threatpost.com/microsoft-sway-abused-office-365-phishing-attack/155366/]]|Azure Phishing|
=== and fake Microsoft Teams alerts+++*[»]>
|2020.05.01|Bleeping Computer|[[Convincing Office 365 phishing uses fake Microsoft Teams alerts|https://www.bleepingcomputer.com/news/security/convincing-office-365-phishing-uses-fake-microsoft-teams-alerts/]]|Phishing O365|
=== attacks against Office 365; and Account takeover vulnerability in Microsoft Teams+++*[»]>
|2020.04.27|//CyberArk//|[[Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams|https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/]]|Teams Attacks|
===
* Data leaks: Le Figaro news platform+++*[»]>
|2020.05.01|Safety Detectives|[[French Subscribers to Famous News Site at Risk from Hacking, Fraud|https://www.safetydetectives.com/blog/lefigaro-leak-report/]]|Data_Leak ElasticSearch|
===; issues with Google Link Sharing+++*[»]>
|2020.05.01|//NetSkope//|[[Leaky Links: Accidental Exposure in Google Link Sharing|https://www.netskope.com/blog/leaky-links-accidental-exposure-in-google-link-sharing]]|GCP Leakage|
===
* Report: '2020 State of the Cloud Report' (Flexera)+++*[»]>
|2020.04.28|//Flexera//|[[Flexera Releases 2020 State of the Cloud Report |https://www.flexera.com/about-us/press-center/flexera-releases-2020-state-of-the-cloud-report.html]]|Report|
|2020.04.28|//Flexera//| → [[2020 State of the Cloud Report|https://info.flexera.com/SLO-CM-REPORT-State-of-the-Cloud-2020]]|Report|
===
* Podcast : Cloud Security Podcast+++*[»]>
|2020.05.03|Cloud Security Podcast|[[Virtual Coffee with Ashish - Cloud Security Podcast & Hacker Valley Studio|https://anchor.fm/cloudsecuritypodcast/episodes/Virtual-Coffee-with-Ashish---Cloud-Security-Podcast--Hacker-Valley-Studio-edi7ce]]|Podcast|
===
* Outils : ROADtools for AzureAD+++*[»]>
|2020.04.30|Hackin9|[[ROADtools - The Azure AD exploration framework|https://hakin9.org/roadtools-the-azure-ad-exploration-framework/]]|AzureAD Tools|
===
* __Miscellaneous__: Monitoring Zoom with Azure Sentinel+++*[»]>
|2020.04.29|//Microsoft//|![[Monitoring Zoom with Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/monitoring-zoom-with-azure-sentinel/ba-p/1341516]]|Zoom Azure_Sentinel|
===; Keeping AWS Projects Secure+++*[»]
|2020.04.28|//Tripwire//|[[Cloud Under Pressure: Keeping AWS Projects Secure|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-under-pressure-keeping-aws-projects-secure/]]|AWS|
|2020.04.28|//Expel//|![[Finding evil in AWS: A key pair to remember|https://expel.io/blog/finding-evil-in-aws/]] |AWS Attacks|
===; Kubernetes Threat Modeling+++*[»]
|2020.04.27|//TrendMicro//|![[Guidance on Kubernetes Threat Modeling|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/guidance-on-kubernetes-threat-modeling]]|K8s Threats|
===
|!⇒ [[CloudSecurityAlliance.fr/go/K53/|https://CloudSecurityAlliance.fr/go/K53/]] |
<<tiddler [[arOund0C]]>>
|!Mai|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.05.03|
|2020.05.03|Marco Lancini|[[The Cloud Security Reading List #35|https://cloudseclist.com/issues/issue-35/]]|Weekly_Newsletter|
|2020.05.03|Cloud Security Podcast|[[Virtual Coffee with Ashish - Cloud Security Podcast & Hacker Valley Studio|https://anchor.fm/cloudsecuritypodcast/episodes/Virtual-Coffee-with-Ashish---Cloud-Security-Podcast--Hacker-Valley-Studio-edi7ce]]|Podcast|
|2020.05.03|//JumpCloud//|[[Azure Active Directory vs. Amazon Web Services IAM|https://jumpcloud.com/blog/aad-vs-aws-iam]]|AzureAD AWS IAM|
|>|>|>|!2020.05.01|
|2020.05.01|Safety Detectives|[[French Subscribers to Famous News Site at Risk from Hacking, Fraud|https://www.safetydetectives.com/blog/lefigaro-leak-report/]]|Data_Leak ElasticSearch|
|2020.05.01|Bleeping Computer| → [[French daily Le Figaro database exposes users' personal info|https://www.bleepingcomputer.com/news/security/french-daily-le-figaro-database-exposes-users-personal-info/]]|Data_Leak ElasticSearch|
|2020.05.01|Bleeping Computer|[[Convincing Office 365 phishing uses fake Microsoft Teams alerts|https://www.bleepingcomputer.com/news/security/convincing-office-365-phishing-uses-fake-microsoft-teams-alerts/]]|Phishing O365|
|2020.05.01|CIO Dive|[[Hasty Office 365 deployments wrought with security configuration holes|https://www.ciodive.com/news/office-365-deployment-cybersecurity-risk-dhs-cisa/577168/]]|Misconfigurations|
|2020.05.01|Cao Duc Nguyen|[[A Design Analysis of Cloud-based Microservices Architecture at Netflix|https://medium.com/swlh/a-design-analysis-of-cloud-based-microservices-architecture-at-netflix-98836b2da45f]]|Architecture MicroServices|
|2020.05.01|//CloudCheckr//|[[Emerging Public Cloud Security Challenges in 2020|https://cloudcheckr.com/article/emerging-public-cloud-security-challenges-in-2020/]]|Challenges|
|2020.05.01|//NetSkope//|[[Leaky Links: Accidental Exposure in Google Link Sharing|https://www.netskope.com/blog/leaky-links-accidental-exposure-in-google-link-sharing]]|GCP Leakage|
|2020.05.01|//Managed Kube//|[[A Complete Step by Step Guide to Implementing a GitOps Workflow with Flux|https://managedkube.com/gitops/flux/weaveworks/guide/tutorial/2020/05/01/a-complete-step-by-step-guide-to-implementing-a-gitops-workflow-with-flux.html]]|GitOps|
|2020.05.01|//Google Cloud//|[[Understanding forwarding, peering, and private zones in Cloud DNS|https://cloud.google.com/blog/products/networking/cloud-forwarding-peering-and-zones]]|GCP DNS|
|2020.11.05|Kinnaird McQuade|[[Building Secure AWS AMIs: Building hardened CentOS AMIs from scratch|https://kmcquade.com/2020/05/secure-aws-amis/]]|AWS AMIs|
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2020.04.30|Secure Cloud blog|[[Send Security Alerts From Microsoft Cloud To 3rd Party SIEM With Logic Apps and Event Hub|https://securecloud.blog/2020/04/30/send-security-alerts-from-microsoft-cloud-to-3rd-party-siem-with-logic-apps-and-event-hub/]]|Azure SIEM|
|>|>|>|!2020.04.30|
|2020.04.30|TL;DR Security|[[#32 - Security + Empathy, Chrome Extension Security, Attacking Azure AD|https://tldrsec.com/blog/tldr-sec-032/]] |Weekly_Newsletter|
|2020.04.30|DZone|[[AWS Config Rules and Custom Config Rules|https://dzone.com/articles/aws-config-and-custom-config-rules]]|AWS|
|2020.04.30|Hackin9|[[ROADtools - The Azure AD exploration framework|https://hakin9.org/roadtools-the-azure-ad-exploration-framework/]]|AzureAD Tools|
|2020.04.30|Security Boulevard|[[Cloud Security Challenges in 2020|https://securityboulevard.com/2020/04/cloud-security-challenges-in-2020/]]|Challenges|
|2020.04.30|TechPluto|[[The State of Data Security in the Cloud|https://www.techpluto.com/the-state-of-data-security-in-the-cloud/]]|Misc|
|2020.04.30|isBuzzNews|[[What Are The Top 5 Kubernetes Security Challenges And Risks?|https://www.informationsecuritybuzz.com/articles/what-are-the-top-5-kubernetes-security-challenges-and-risks/]]|K8s|
|2020.04.30|//F-Secure labs//|![[SaltStack authorization bypass|https://labs.f-secure.com/advisories/saltstack-authorization-bypass]]|CVE-2020-11651 CVE-2020-11652|
|2020.04.30|//ThreatPost//| → [[Salt Bugs Allow Full RCE as Root on Cloud Servers|https://threatpost.com/salt-bugs-full-rce-root-cloud-servers/155383/]]|CVE-2020-11651 CVE-2020-11652|
|2020.04.30|CBR Online| → [[Critical Vulnerability in Data Centre Configuration Tool Gives "Full Remote Command Execution as Root|https://www.cbronline.com/cybersecurity/threats/salt-vulnerability-f-secure/]]|CVE-2020-11651 CVE-2020-11652|
|2020.04.30|//Microsoft Azure//|[[Azure Container Registry: Mitigating data exfiltration with dedicated data endpoints|https://azure.microsoft.com/en-us/blog/azure-container-registry-mitigating-data-exfiltration-with-dedicated-data-endpoints/]]|Azure Containers Exfiltration|
|2020.04.30|//Group-IB//|![[PerSwaysion Campaign - Playbook of Microsoft Document Sharing-Based Phishing Attack|https://www.group-ib.com/blog/perswaysion]]|Azure Phishing|
|2020.04.30|//Threatpost//| → [[Microsoft Sway Abused in Office 365 Phishing Attack|https://threatpost.com/microsoft-sway-abused-office-365-phishing-attack/155366/]]|Azure Phishing|
|2020.04.30|//Forcepoint//|[[Debunking 5 Cloud Security Infrastructure Myths|https://www.forcepoint.com/blog/insights/5-cloud-security-myths]]|Misc|
|2020.04.30|//Ontrack//|[[Where on earth is cloud data actually located?|https://www.ontrack.com/uk/blog/top-tips/where-on-earth-is-cloud-data-actually-stored/]]|Data|
|>|>|>|!2020.04.29|
|2020.04.29|US-CERT|![[Alert (AA20-120A): Microsoft Office 365 Security Recommendations |https://www.us-cert.gov/ncas/alerts/aa20-120a]]|O365|
|2020.04.29|Bleeping Computer| → [[US govt updates Microsoft Office 365 security best practices|https://www.bleepingcomputer.com/news/security/us-govt-updates-microsoft-office-365-security-best-practices/]]|O365|
|2020.05.01|Security Week| → [[DHS Reiterates Recommendations on Securing Office 365|https://www.securityweek.com/dhs-reiterates-recommendations-securing-office-365]]|O365|
|2020.04.29|//Microsoft//|![[Monitoring Zoom with Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/monitoring-zoom-with-azure-sentinel/ba-p/1341516]]|Zoom Azure_Sentinel|
|2020.04.29|//Intezer//|[[What is Cloud Workload Protection?|https://intezer.com/cloud-security/what-is-cloud-workload-protection/]]|Workloads|
|2020.04.29|//Cisco//|[[Cisco Secure Cloud Architecture for AWS|https://blogs.cisco.com/security/cisco-secure-cloud-architecture-for-aws]]|
|>|>|>|!2020.04.28|
|2020.04.28|ISF|[[Top Tips for Using Cloud Services Securely in the COVID-19 Era|https://www.securityforum.org/uploads/2020/04/ISF_Top-Tips-for-Using-Cloud-Services-Securely-in-the-COVID-19-Era_2020.pdf]] (pdf)|COVID-19|
|2020.04.28||[[So You Inherited an AWS Account|https://medium.com/swlh/so-you-inherited-an-aws-account-e5fe6550607d]]|AWS|
|2020.04.28|//Flexera//|[[Flexera Releases 2020 State of the Cloud Report |https://www.flexera.com/about-us/press-center/flexera-releases-2020-state-of-the-cloud-report.html]]|Report|
|2020.04.28|//Flexera//| → [[2020 State of the Cloud Report|https://info.flexera.com/SLO-CM-REPORT-State-of-the-Cloud-2020]]|Report|
|2020.04.28|//Tripwire//|[[Cloud Under Pressure: Keeping AWS Projects Secure|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-under-pressure-keeping-aws-projects-secure/]]|AWS|
|2020.04.28|//Expel//|![[Finding evil in AWS: A key pair to remember|https://expel.io/blog/finding-evil-in-aws/]] |AWS Attacks|
|2020.04.28|//Microsoft Azure//|[[Monitoring Zoom with Azure Sentinel|Monitoring Zoom with Azure Sentinel]]|Azure_Sentinel Zoom|
|2020.04.28|//Microsoft Azure//|[[Hunting Threats on Linux with Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/hunting-threats-on-linux-with-azure-sentinel/ba-p/1344431]]|Azure_Sentinel Linux|
|>|>|>|!2020.04.27|
|2020.04.27|//3DS Outscale//[>img[iCSF/flag_fr.png]]|[[Servane Augier, 3DS Outscale : "En temps de crise, il faut avoir des procédures claires et déjà appliquées dans l'organisation"|https://www.silicon.fr/servane-augier-3ds-outscale-en-temps-de-crise-il-faut-avoir-des-procedures-claires-et-deja-appliquees-dans-lorganisation-338685.html]]|Misc|
|2020.04.27|//CyberArk//|[[Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams|https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/]]|Teams Attacks|
|2020.04.27|//TrendMicro//|![[Guidance on Kubernetes Threat Modeling|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/guidance-on-kubernetes-threat-modeling]]|K8s Threats|
!"//Telehealth data in the cloud'//"
Cet appel à commentaires traite des données de télémédecine gérées dans le Cloud.
La date limite pour faire les commentaires est fixée au ''17 mai 2020''.
Extraits :
<<<
|ssTablN0|k
|__''Synthèse''__ |__''Conclusion''__ |
|//In the wake of COVID-19 Health Delivery Organizations (HDOs) are rapidly increasing their utilization of telehealth capabilities like Remote Patient Monitoring (RPM) and telemedicine so treat patients without leaving their home. These technology solutions allow the delivery of patient treatments, comply with the COVID-19 mitigation strategies being promulgation across the country and reduce the risk of health provider exposure. As COVID-19 progresses telehealth solutions can be used to monitor patients who have mild cases of the virus and are treated in their home. Telehealth puts large amounts of patient data over the Internet and in the cloud. These trends, in times of this global pandemic, likely will continue to grow and evolve in a post COVID environment. As the use of these capabilities increase so do the security risks. This risk makes it important to ensure that the infrastructure supporting telehealth can maintain the confidentiality, integrity, and availability of patient data. Third party vendors are using videoconferencing capabilities utilizing cloud technologies with RPM devices to remotely monitor and manage patient care. This paper will address the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud for telehealth solutions.// |//Currently the response to COVID-19 relies heavily on social distancing as a major measure used to fight the pandemic. Healthcare is implementing more telehealth as a key technology for safe and efficient communications between healthcare providers and patients. According to a new WHO policy, within the optimizing service delivery action, telemedicine should be one of the alternative models for clinical services and clinical decision support. Additionally, the Centers for Medicare & Medicaid Services (CMS) has broadened access to Medicare telehealth services so that beneficiaries can receive a wider range of services from their doctors without having to travel to a healthcare facility (HHS, 2020). With the increased use of telehealth in the cloud it is imperative HDOs get data privacy and security right. The HDO cannot leave this up to the service provider, it is a shared responsibility. It is important the HDO understands regulatory requirements as well as the technologies. The regulatory requirement may span multiple jurisdictions and mandates may include both the GDPR and HIPAA. Armed with the right information the HDO can implement and maintain a secure and robust telehealth program.// |
<<<
⇒ Lire l'original sur le site de la CSA ⇒ [[CloudSecurityAlliance.fr/go/k51a/|https://CloudSecurityAlliance.fr/go/k51a/]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202004>>
<<tiddler fAll2Tabs10 with: VeilleM","_202004>>
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2019.05.13|US-CERT|!//Microsoft Office 365 Security Recommendations// [[Alert (AA20-120A)|https://www.us-cert.gov/ncas/alerts/aa20-120a]]|O365|
|2019.05.13|US-CERT|!//Analysis Report: Microsoft Office 365 Security Observations// [[AR19-133A|https://www.us-cert.gov/ncas/analysis-reports/AR19-133A]]|O365|
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Avril 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202004>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Avril 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Avril 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202004'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202004'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Avril 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202004'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Avril 2020]]>>
!"//Nine mandates to secure your remote workforce//"
[>img(150px,auto)[iCSA/K4MBN.jpg]]^^Article publié le 22 avril 2020 sur le blog de la CSA, après l'avoir été le 13 avril 2020 sur le site de CipherCloud
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k4mx/|https://CloudSecurityAlliance.fr/go/k4mx/]]''
* Site CipherCloud ⇒ ''[[CloudSecurityAlliance.fr/go/k4mz/|https://CloudSecurityAlliance.fr/go/k4mz/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Top 10 Audio/Video Conferencing Security Best Practices//"
[>img(150px,auto)[iCSA/K4MBT.jpg]]^^Article publié le 22 avril 2020 sur le blog de la CSA, après l'avoir été le 8 avril 2020 sur le site de SecureSky
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k4mw/|https://CloudSecurityAlliance.fr/go/k4mw/]]''
* Site SecureSky ⇒ ''[[CloudSecurityAlliance.fr/go/k4my/|https://CloudSecurityAlliance.fr/go/k4my/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Secure Historical Cloud Data with Cloud Data Discovery//"
[>img(150px,auto)[iCSA/K4EBS.jpg]]^^Article publié le 14 avril 2020 sur le blog de la CSA, après l'avoir été le 30 mars 2020 sur le site de CipherCloud
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k4ex/|https://CloudSecurityAlliance.fr/go/k4ex/]]''
* Site CipherCloud ⇒ ''[[CloudSecurityAlliance.fr/go/k4ez/|https://CloudSecurityAlliance.fr/go/k4ez/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//CSA Federal Summit 2020 Announces New Date, New Focus on Cloud Security as National Security//"
^^Communiqué de presse publié le 3 avril 2020 par la CSA.{{ss2col{
<<<
[>img(150px,auto)[iCSA/202005US-WashintonDC.jpg]]//SEATTLE - April 3, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced that in response to the ongoing concerns surrounding COVID-19, its annual Federal Summit will now be held on ''June 25, 2020'', at the Hyatt Regency Washington on Capitol Hill (Washington, DC.). With its theme of Cloud Security Is National Security, the 7th annual Federal Summit will address how rapidly developing cloud technology, risk management, and shared responsibility across agencies are central to building a trusted cloud environment.
//[...]//
Learn more or register ''here''+++*[»]> ⇒ https://csacongress.org/event/csa-federal-summit-2020/#registration ===. Members of the media and analyst community interested in attending the event should contact ''Kari Walker''+++*[»]> email : kari @ zagcommunications . com === for more information, to receive press credentials and to schedule interviews with CSA leadership and conference speakers.//
<<<
}}}__Lien :__
⇒ ''[[CloudSecurityAlliance.fr/go/k43p/|https://CloudSecurityAlliance.fr/go/k43p/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Using Open Policy Agent (OPA) to Apply Policy-as-Code to Infrastructure-as-Code//"
[>img(150px,auto)[iCSA/K42BU.jpg]]^^Article publié le 2 avril 2020 sur le blog de la CSA, après l'avoir été le 6 février 2020 sur le site de Fugue
__Liens :__
* Blog CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k42x/|https://CloudSecurityAlliance.fr/go/k42x/]]''
* Site Fugue ⇒ ''[[CloudSecurityAlliance.fr/go/k42z/|https://CloudSecurityAlliance.fr/go/k42z/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler fFormCCSK with: '15 juin 2020' 'Lundi 15 et mardi 16 juin 2020' 'Lundi 15, mardi 16 et mercredi 17 juin 2020'>>
!"//What is a "Cloud Service Provider"//"
Article de blog publié le 30 avril 2020 — Rédigé par John DiMaria, Assurance Investigatory Fellow, Cloud Security
{{ss2col{
<<<
[>img(200px,auto)[iCSA/K4UB2.jpg]]//Defining what is a Cloud Service Provider is not as easy as one might think, especially if you are an enterprise organization wondering if your vendors are servicing you from the cloud or not.
A cloud service provider, or CSP, is a company that offers some component of cloud computing; typically when you search the internet a cloud service is defined as, infrastructure as a service (IaaS), software as a service (SaaS) or platform as a service (PaaS) to other businesses or individuals. We know the usual suspects; Microsoft Azure, AWS and Google Cloud, but it is not always that simple.
A refined more adequate definition would be "A Cloud Service is any system that provides on-demand availability of computer system resources, e.g; data storage and computing power, without direct active management by the user". While this may seem a bit broad that is because it should be. Cloud services come in many forms and sizes even to the point where it may not be exactly clear to the average user, if their vendor or supplier should technically be classified as a cloud service provider or not.
One benefit of using cloud computing services is that firms can avoid the upfront cost and complexity of owning and maintaining their own IT infrastructure, and instead simply pay for what they use, when they use it.
Today, rather than owning their own computing infrastructure or data centers, companies can rent access to anything from applications to storage. What that means is that if you have a supplier that handles and processes your companies healthcare data for instance, they may in fact be storing and processing your information in the cloud, either by outsourcing services or in some cases using an internal cloud or "private cloud" that they developed themselves by implementing it within the organization's dedicated resources, and infrastructure using "on-prem" services.
To add another twist, in other cases organizations may be using a diversified approach or "Hybrid Cloud" where they utilize both a private and public approach.
Let's look at a simple use case example:
A large global bank has built their own private cloud. They wanted to take advantage of benefits of cloud computing like
* Rapid and simple deployment
* Less time to market for services
* Cost efficiency
* More utilization of server resources
* Less capital and operational costs
* This is managed by ABC bank Cloud datacenter services
* Better perceived security by managing and controlling it internally
However, one question they had was what if due to some natural disaster or a fire accident they lose their datacenter? They can't afford to lose their data. They wanted a Disaster recovery solution, which would simply replicate all their data and services somewhere else. So, they outsourced services in a public cloud using AWS infrastructure so now they have the best of both worlds.
So, having said all that, we come to the question, how do you define your supplier as a cloud service or not? Well, think of it this way: the basic concept behind the cloud is that the location of the service, and associated processes and assets such as the hardware and operating system(s) and/or applications on which it is running, are largely immaterial to the user. They may have a separate business unit that is a private cloud that is dedicated to serving the entire internal organization, they may use a 3rd party service like AWS or Azure and in some cases may use both. In any event they are servicing you from the cloud and you should expect that they have cloud specific controls like the CSA Cloud Control Matrix (CCM) to address the applicable scope of service and to mitigate the associated risks.
Further it would be prudent to require that they submit a self-assessment against the CCM's extended question set, the Consensus Assessment Initiative Questionnaire (CAIQ) or what is better known as CSA Security Trust Assurance and Risk (STAR) STAR Level 1 and is the first of three levels of transparency and Assurance provided by the STAR Program.
The CAIQ offers an industry-accepted way to document what security controls exist in cloud services, providing security control transparency and to some extent assurance. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM). Therefore, it helps cloud customers to gauge the security posture of prospective cloud service providers and determine if their cloud services are suitably secure. CSA took into account the combined comprehensive feedback that was collected over the years from its partners, industry experts and the CCM working group. It allows the cloud user to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experience and because it is posted on the STAR public registry and updated on a regular basis, you can easily monitor the provider's ongoing compliance posture providing a higher level of peace of mind for the user. Because the CCM aligns itself with over 40 of the leading standards and regulations, it basically eliminates the need for any other questioner. //
<<<
}}}__Lien :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k4u2/|https://CloudSecurityAlliance.fr/go/k4u2/]]''
!"//Why Better Security is the First Step to Greater Trust//"
Article de blog publié le 30 avril 2020 — Rédigé par Tim Mullahy, Executive Vice President et Managing Director, Liberty One Center
{{ss2col{
<<<
[>img(200px,auto)[iCSA/K4UBW.jpg]]//We are currently in the midst of a technological renaissance, and the world is going digital. On the one hand, that's great. Innovations such as the Internet of Things (IoT) come hand-in-hand with incredible benefits, including new revenue streams, more efficient workflows, and untold convenience in our personal lives.
On the other hand, it's a cybersecurity nightmare. As IoT continues to gain prominence, more and more businesses are diving headlong into bringing their products onto the Internet. The problem is that many of these organizations are not technology companies.
Instead, they're consumer-focused vendors who have a history of selling products like home appliances, light bulbs, media players, and televisions. Products, in other words, for which endpoint security is traditionally unimportant. As a result, these vendors lack the expertise of a company with a background in digital technology.
And it shows.
In McAfee's Mobile Threat Report 2019+++*[»]> https://www.mcafee.com/enterprise/en-us/assets/reports/rp-mobile-threat-report-2019.pdf ===, for example, the vendor revealed that the majority of IoT devices fail at even rudimentary security practices. While some of these - such as easily-guessable credentials - can be placed at the feet of the user, most are solely the domain of the vendor. The firm predicts that as IoT continues to grow, these simple, easily-patchable vulnerabilities will become increasingly valuable to criminals as an attack vector.
"Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings," Raj Samani, Fellow and Chief Scientist at McAfee, explained in a presentation at Mobile World Congress+++*[»]> https://www.techradar.com/news/mcafee-warns-that-2019-could-be-the-year-of-everywhere-malware ===. "From building botnets to stealing banking credentials, perpetrating click fraud, or threatening reputation damage unless a ransom is paid, money is the ultimate goal for criminals."
If you don't find that news concerning, you should. We are already in a time of crisis, and one in which consumer trust in businesses is at an all-time low. Just a quick look at the news is enough to confirm that. See how long you can go without hearing about some new data breach or security failure.
Alternatively, you could simply have a look at the 2019 data breach timeline compiled by security agency Selfkey+++*[»]> https://selfkey.org/data-breaches-in-2019/ ===. It's a sobering read. I'd recommend keeping a stiff drink nearby if you're planning to go through the whole thing.
Unsurprisingly, people are fed up. Data breaches cause more than financial damage. They erode trust.
And trust is already at an all-time low. Last year, for example, Oxford Economics found that a paltry eight percent of consumers trust businesses to keep their personal information safe+++*[»]> https://www.helpnetsecurity.com/2018/10/10/consumers-feeling-uneasy/ ===. Another survey from that same year by identity security specialist Ping found that 78 percent of people stop engaging with a brand online after a breach, and 36 percent write off the brand entirely+++*[»]> https://www.techrepublic.com/article/consumers-are-more-concerned-with-cybersecurity-and-data-privacy-in-2018/ ===.
"Trust [is] both the most important aspect of any commercial interaction and the hardest to measure," writes Immuta Chief Privacy Officer and Legal Engineer Andrew Burt+++*[»]> https://hbr.org/2019/03/cybersecurity-is-putting-customer-trust-at-the-center-of-competition ===. "If we don't trust the maker, we simply don't know what it is we're getting. And because trust cannot be proven, it must be signaled - through branding, marketing, and more."
"Security and privacy concerns can no longer take a back seat in the product development lifecycle," he continues. "Clear and demonstrable processes must be put in place to illustrate the importance of data protection, both inside and outside every organization … Companies and consumers alike must be honest about the risks we collectively face in the digital world."
So what exactly does this involve? How can your brand follow Burt's advice and prioritize cybersecurity, thereby regaining the trust of its customers?
* Engage with experts. There are many agencies out there whose sole purpose is to help businesses improve their security posture. Seek one such third party out, and work with them to address vulnerabilities within your internal organization, your products, and your supply chain.
* Be transparent. If you suffer a breach, do not try to sweep it under the rug. Notify customers and shareholders the moment you suspect something has gone wrong, and explain what you are doing to mitigate the attack. Sure, you might suffer a bit of reputational damage - but the damage will be worse if you wait.
* Be accountable. Continuing my point above, if your customers suffer as a result of a breach, step up and offer reparations of some kind. Equifax, for all its failings, had the right idea when it offered a decade of free credit monitoring to everyone impacted by its breach+++*[»]> https://www.cnet.com/how-to/equifax-settlement-owes-you-125-but-the-free-credit-monitoring-may-be-a-better-offer/ ===. You'd be well-advised to do the same.
* Understand that cybersecurity is everyone's job. Your IT department should not be the sole gatekeeper of security. Everyone, from marketing to human resources to manufacturing, now has skin in the game. It's important to understand that and to incorporate measures at every step of your product's lifecycle to keep you in control of your systems and data.
People no longer trust brands. They don't believe businesses have their best interests at heart. In order to challenge that belief, you need to implement stronger security measures to show them that keeping their data safe is a priority.
Only then can you begin to regain the trust you've lost.//
[...]
<<<
}}}
Un article au tittre similaire "//Why greater security is the first step to greater trust//" déjà été publié par cet auteur le 19 décembre 2019+++*[»]> https://digileaders.com/why-greater-security-is-the-first-step-to-greater-trust/ ===, mais le contenu du présent article est plus évolué.
__Lien :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k4ub/|https://CloudSecurityAlliance.fr/go/k4ub/]]''
!"//Human and cyber-pandemic: the importance to get ready//"
[>img(150px,auto)[iCSA/K4SBH.jpg]]Article de blog publié le 28 avril 2020 — Rédigé par Daniele Catteddu, Chief Technology Office, Cloud Security Alliance
<<<
//Ironically, 2020 was supposed to be the year in which our luminous predictions of wealth and development would materialize. The advent of the Zeta-bytes word, trillions of smart devices in our all-encompassing smart environments, the maturation of AI and Quantum Computing, etc. Instead, we got infected by a nasty virus, and not even a malware, a real one. And despite the fact that our intelligence was able to build a machine that beat GO-masters and Poker champions, we are struggling to produce enough protective masks to reduce virus spread.
COVID-19 will likely result in the biggest societal shock since WWII. The short-term impact of this pandemic is unfortunately already very clear today, with nearly two hundred thousand casualties, healthcare systems close to collapse, and economies stalling out and forecasting the biggest depression since 1929. What we haven't accounted for yet is the medium/long-term impact of this calamity. The more optimistic among us see the tragedy as an opportunity for a new start, a boost to our capabilities, the chance to be better as a human race. Others, perhaps more realistically, foresee a long, slow and hard process that will eventually get us back to the same levels of wealth we had at the beginning of this outbreak.
We can safely state that something went wrong with our predictions. Someone could say that COVID-19 is a black swan and by definition it could not have been foreseen. Others might argue that this is a pandemic and that in the history of our humanity there were plenty of those. The last one, not long ago, was SARS in 2003. Maybe it's a bit too early to start drawing conclusions, but it doesn't seem too hazardous to say that we haven't done a great job with our pandemic preparedness and response plans. Being Italian, I found particularly interesting this article in the Harvard Business Review: "Lessons from Italy's Response to Coronavirus"+++*[»]> https://hbr.org/2020/03/lessons-from-italys-response-to-coronavirus === where the authors describe how Italy first, and then the rest of the EU Countries and then the US, showed a "…systematic failure to absorb and act upon existing information rapidly and effectively…".
What is not reported in the article is that the Italian influenza pandemic preparedness plan was updated in 2010 and as far as I've read in the news during these days, never tested. Italy, unfortunately, is not a black sheep in the EU, since the only countries with plans more than 5 years old are Germany and Lithuania, while all the others have plans that are 7 to 15 years old+++*[»]> https://www.ecdc.europa.eu/en/seasonal-influenza/preparedness/influenza-pandemic-preparedness-plans ===.
I know nothing about the specifics of national pandemic preparedness and response plans, so I'll leave it to the experts to do their jobs.
What's interesting to me is to draw a parallel between COVID-19 and a cybersecurity preparedness and response plan. I believe that a number of similarities can be found and several lessons could be learned in order to avoid a cyber-pandemic in the near future.
!!The importance of establishing and testing your plans
The Cloud Security Alliance is currently undergoing the review of the Cloud Control Matrix (CCM) version 4. Several controls objectives will be changed, but there are some core controls that will not. One of them is about establishing, enforcing, testing and maintaining your incident management and response plan. This is clearly one of the foundational best practices in cybersecurity, but sadly one of most disregarded too. According to the 4th annual study "Cyber Resilient Organization" by IBM and Ponemon Institute, 77% of companies surveyed still do not have a cybersecurity incident response plan applied consistently across the enterprise and 54% of the organizations that do have a plan in place, do not test their plans regularly. In essence the attitude is, "let's put our conscience at ease with a fancy policy, but let's not spend too much money in enforcing and testing something that's too unlikely to happen. And if it happens, we'll surely find a creative solution on the fly." Bravo! That's the right attitude...
!!Information sharing is key
The COVID19 emergency tells us that following the telltale signs, the first indicators that something anomalous was happening in various countries across the globe (substantial increase of the number of cases of aggressive pneumonia+++*[»]> https://www.ecdc.europa.eu/sites/default/files/documents/communicable-disease-threats-report-12-18-january-2020-week-3.pdf et http://www.rai.it/dl/doc/1585595608321_Il_paziente_zero_report.pdf ===) and transparently sharing those early warning signs across the global community, could have greatly improved our preparedness, response capabilities and coordination. Does this sound familiar to anyone involved in cybersecurity? In total fairness, our industry is getting better and better in intelligence sharing. Besides the well known voluntary Information Sharing and Analysis Centers (ISACs)+++*[»]> https://www.enisa.europa.eu/topics/national-cyber-security-strategies/information-sharing et https://www.fsisac.com/===, there's also a stronger emphasis given by regulators on incident reporting. What we are still missing, perhaps, is a stronger cooperation and coordination between the public and private sector on preparedness, threat intelligence sharing and incident response.
!!Do not reinvent the wheel
In absence of a coherent and coordinated plan for preparedness or of proper training for those involved on the front line, the most likely scenario when a crisis hits is a series of random actions based on the gut-feelings of those in the chain of control. The most likely output of this scenario is at best a partially ineffective response, or at worst a total failure. An example? The medical and paramedical personnel on the front line in Italy were sent to 'war' understaffed, under-equipped and under-trained to deal with the pandemic. Result? A lot of them contracted the virus, several died, and the quality and speed of the response was undermined+++*[»]> http://www.rai.it/dl/doc/1585595608321_Il_paziente_zero_report.pdf (en italien) ===.
What does this mean for the IT community? DO NOT reinvent the wheel, STOP following your personal gut-feelings, and START following standards and best practices. It means stop making assumptions on the readiness of your staff and train them with both theory and practice (organize table-top exercises). Invest in preparedness; thinking short term doesn't pay off.
!!Be ready for more frequent low probability / high impact scenarios
I mentioned in the beginning that it is debatable if COVID-19 can be considered a black swan or not. Regardless, we are certain in the presence of low probability/high impact scenarios. One of those cases is that during a risk management approach, many leaders tend to disregard since they prefer to spend their limited resources in mitigating risk scenarios that appear to be more likely to happen.
The calculation of risk assumes the availability of reliable historical data and a clear understanding of the phenomenon under analysis. In the cybersecurity space we seem to fall short on both accounts. With the historical data, our best effort is possibly represented by the Verizon annual Data Breach Investigation Report+++*[»]> https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf ===. This year, the report included about 40K incidents. The report was first published in 2008 and has since been collecting an average of 60K incidents per year from a number of sources. A good base, but unfortunately it might be just the tip of the iceberg since most incidents and breaches are not reported. In addition, we need to factor the rate of 'asymptomatic patients' into our analysis. In other terms, the fact that it takes months, if not years, to realize that a breach has occurred.
We have several limitations from the understanding of the phenomenon perspective too, since our IT environments are becoming more interdependent and complex (complex supply chains, shared responsibilities, exponential number of devices and data to manage, new technologies - IoT, AI, etc.) and we don't seem to score highly when building models for measuring systemic correlated risks. As Dan Geer says in "A Rubicon+++*[»]> https://www.hoover.org/sites/default/files/research/docs/geer_webreadypdfupdated2.pdf
===," "Our concern is unacknowledged correlated risk, the unacknowledged correlated risk of cyberspace is why cyberspace is capable of black swan behavior. Unacknowledged correlations contribute, by definition, to heavy tails in the probability distribution of possible events." In other words, we should expect that using the pareto principle in evaluating and managing risks might not be the recommended choice. Companies should be resilient to unexpected events. And in order to accomplish this, they must establish, enforce, test and maintain their preparedness and response plans.//
<<<
__Lien :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k4sb/|https://CloudSecurityAlliance.fr/go/k4sb/]]''
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #61|2020.04.26 - Newsletter Hebdomadaire #61]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #61|2020.04.26 - Weekly Newsletter - #61]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.04.26 - Newsletter Hebdomadaire #61]]>> |<<tiddler [[2020.04.26 - Weekly Newsletter - #61]]>> |
!!1 - Informations CSA de la semaine du 20 au 26 avril 2020
* Formation ''CCSK en Français'' en juin 2020 : un webinar de préparation le 29 avril+++*[»]> <<tiddler [[2020.04.26 - Webinar de présentation de la formation CCSK en juin 2020]]>>===, des détails sur son contenu+++*[»]> <<tiddler [[2020.04.20 - Blog : Contenu de la formation officielle CCSK du 15 juin 2020]]>>=== et sur l'examen+++*[»]> <<tiddler [[2020.04.25 - Blog : L'examen pour passer la certification CCSK en juin 2020]]>>===
* ''CSA Virtual EU Summit'' : Agenda et ouverture des inscriptions+++*[»]> <<tiddler [[2020.04.24 - 'CSA Virtual EU Summit' : Agenda et inscriptions]]>>===
* Cadre de réponse aux incidents dans le Cloud : blog+++*[»]> <<tiddler [[2020.04.22 - Blog : Cadre de réponse aux incidents dans le Cloud]]>>=== et publication+++*[»]> <<tiddler [[2020.04.21 - Publication : Cadre de réponse aux incidents dans le Cloud]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.04.26 - Veille Hebdomadaire - 26 avril]] avec plus de 40 liens dont :
* Rapports : CyberHaven+++*[»]>
|2020.04.22|//CyberHeaven//|[[Lack of awareness, cloud apps, and remote workers create perfect storm for insider attacks|https://www.cyberhaven.com/press/2020-insider-threat-report]] ([[rapport|https://www.cyberhaven.com/survey-2020-insider-threat-report]])|Report|
=== et Trustwave+++*[»]>
|2020.04.22|//Trustwave//|[[New Trustwave Report Reveals Cybersecurity Threats Becoming Pervasive and Attacks More Targeted|https://www.trustwave.com/en-us/company/newsroom/news/new-trustwave-report-reveals-cybersecurity-threats-becoming-pervasive-and-attacks-more-targeted/]] ([[rapport|https://www.trustwave.com/en-us/resources/library/documents/2020-trustwave-global-security-report/]])|Report|
===
* Azure : une vulnérabilité+++*[»]>
|2020.04.22|//Varonis//|![[Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials|https://blogvaronis2.wpengine.com/azure-skeleton-key/]]|Azure AzureAD Risks|
|2020.04.22|The Daily Swig| → [[Cloud security: Azure environments at risk from on-prem privilege escalation attack|https://portswigger.net/daily-swig/cloud-security-azure-environments-at-risk-from-on-prem-privilege-escalation-attack]]|Azure AzureAD Risks|
|2020.04.24|Silicon[>img[iCSF/flag_fr.png]]| → [[Office 365 : de gros trous dans l'authentification ?|https://www.silicon.fr/office-365-authentification-338541.html]]|O365 Flaw|
=== et des améliorations pour le Security Center+++*[»]>
|2020.04.20|//Microsoft Azure//|[[Azure Security Center enhancements|https://azure.microsoft.com/en-us/blog/azure-security-center-enhancements/]]|Azure|
===
* Podcast : SilverLining+++*[»]>
|2020.04.21|SilverLining IL|![[Episode 19: Understanding Cloud Attack Vectors|https://silverlining.media/019-understanding-cloud-attack-vectors/]] ([[mp3|https://techtalk-podcast.s3-eu-west-1.amazonaws.com/silver-lining/silver-lining-19.mp3]])|Podcast Attack_Vector|
===
* __Divers__ : Kubernetes avec la Matrice ATT&CK+++*[»]>
|2020.04.24|//Lacework//|[[Kubernetes Recon: A Closer Look at Discovery from the Kubernetes Attack Matrix|https://www.lacework.com/kubernetes-recon-attack-matrix/]]|ATT&CK Kubernetes|
=== et des scénarios d'attaques+++*[»]>
|2020.04.23|//ThreatStack//|[[Investigating Kubernetes Attack Scenarios in Threat Stack (part 1)|https://www.threatstack.com/blog/kubernetes-attack-scenarios-part-1]] (1/2)|Kubernetes Attack|
===; le Confidential Computing+++*[»]>
|2020.04.22|Dark Reading|[[IBM Cloud Data Shield Brings Confidential Computing to Public Cloud|https://www.darkreading.com/cloud/ibm-cloud-data-shield-brings-confidential-computing-to-public-cloud/d/d-id/1337626]]|Confidential_Computting|
|2020.04.21|//Cloud Management Insider//|[[Can Azure Confidential Computing Promise Security In The Data Breach World?|https://www.cloudmanagementinsider.com/can-azure-confidential-computing-promise-security-in-the-data-breach-world/]]|Confidential_Computing|
===; les containers+++*[»]>
|2020.04.22|Container Journal|[[Containers Are Not VMs, and Other Misconceptions|https://containerjournal.com/topics/container-ecosystems/containers-are-not-vms-and-other-misconceptions/]]|Cntainers|
|2020.04.21|//Anchore//|[[Our Top 5 Strategies for Modern Container Security|https://anchore.com/blog/top-5-strategies/]]|Containers|
===
!CSA News and Updates - April 20th to 26th
* On April 29th, a Webinar to prepare for the ''CCSK'' training in June 2020+++*[»]> <<tiddler [[2020.04.26 - Webinar de présentation de la formation CCSK en juin 2020]]>>===, des détails sur son contenu+++*[»]> <<tiddler [[2020.04.20 - Blog : Contenu de la formation officielle CCSK du 15 juin 2020]]>>=== et sur l'examen+++*[»]> <<tiddler [[2020.04.25 - Blog : L'examen pour passer la certification CCSK en juin 2020]]>>===
* ''CSA Virtual EU Summit'': Agenda and registrations+++*[»]> <<tiddler [[2020.04.24 - 'CSA Virtual EU Summit' : Agenda et inscriptions]]>>===
* Guidelines for Cloud Incident Response: blog post+++*[»]> <<tiddler [[2020.04.22 - Blog : Cadre de réponse aux incidents dans le Cloud]]>>=== and publication+++*[»]> <<tiddler [[2020.04.21 - Publication : Cadre de réponse aux incidents dans le Cloud]]>>===
!Cloud and Security News Watch
[[Over 40 links|2020.04.26 - Veille Hebdomadaire - 26 avril]] among which:
* Reports: CyberHaven+++*[»]>
|2020.04.22|//CyberHeaven//|[[Lack of awareness, cloud apps, and remote workers create perfect storm for insider attacks|https://www.cyberhaven.com/press/2020-insider-threat-report]] ([[rapport|https://www.cyberhaven.com/survey-2020-insider-threat-report]])|Report|
=== and Trustwave+++*[»]>
|2020.04.22|//Trustwave//|[[New Trustwave Report Reveals Cybersecurity Threats Becoming Pervasive and Attacks More Targeted|https://www.trustwave.com/en-us/company/newsroom/news/new-trustwave-report-reveals-cybersecurity-threats-becoming-pervasive-and-attacks-more-targeted/]] ([[rapport|https://www.trustwave.com/en-us/resources/library/documents/2020-trustwave-global-security-report/]])|Report|
===
* Azure: Credentials stealing+++*[»]>
|2020.04.22|//Varonis//|![[Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials|https://blogvaronis2.wpengine.com/azure-skeleton-key/]]|Azure AzureAD Risks|
|2020.04.22|The Daily Swig| → [[Cloud security: Azure environments at risk from on-prem privilege escalation attack|https://portswigger.net/daily-swig/cloud-security-azure-environments-at-risk-from-on-prem-privilege-escalation-attack]]|Azure AzureAD Risks|
|2020.04.24|Silicon[>img[iCSF/flag_fr.png]]| → [[Office 365 : de gros trous dans l'authentification ?|https://www.silicon.fr/office-365-authentification-338541.html]]|O365 Flaw|
=== and Security Center enhancements+++*[»]>
|2020.04.20|//Microsoft Azure//|[[Azure Security Center enhancements|https://azure.microsoft.com/en-us/blog/azure-security-center-enhancements/]]|Azure|
===
* Podcast: SilverLining+++*[»]>
|2020.04.21|SilverLining IL|![[Episode 19: Understanding Cloud Attack Vectors|https://silverlining.media/019-understanding-cloud-attack-vectors/]] ([[mp3|https://techtalk-podcast.s3-eu-west-1.amazonaws.com/silver-lining/silver-lining-19.mp3]])|Podcast Attack_Vector|
===
* __Miscellaneous__: Kubernetes ATT&CK Matrix (Recon)+++*[»]>
|2020.04.24|//Lacework//|[[Kubernetes Recon: A Closer Look at Discovery from the Kubernetes Attack Matrix|https://www.lacework.com/kubernetes-recon-attack-matrix/]]|ATT&CK Kubernetes|
=== and Attack Scenarios+++*[»]>
|2020.04.23|//ThreatStack//|[[Investigating Kubernetes Attack Scenarios in Threat Stack (part 1)|https://www.threatstack.com/blog/kubernetes-attack-scenarios-part-1]]|K8s Attack|
===; Confidential Computing+++*[»]>
|2020.04.22|Dark Reading|[[IBM Cloud Data Shield Brings Confidential Computing to Public Cloud|https://www.darkreading.com/cloud/ibm-cloud-data-shield-brings-confidential-computing-to-public-cloud/d/d-id/1337626]]|Confidential_Computting|
|2020.04.21|//Cloud Management Insider//|[[Can Azure Confidential Computing Promise Security In The Data Breach World?|https://www.cloudmanagementinsider.com/can-azure-confidential-computing-promise-security-in-the-data-breach-world/]]|Confidential_Computing|
===; containers+++*[»]>
|2020.04.22|Container Journal|[[Containers Are Not VMs, and Other Misconceptions|https://containerjournal.com/topics/container-ecosystems/containers-are-not-vms-and-other-misconceptions/]]|Cntainers|
|2020.04.21|//Anchore//|[[Our Top 5 Strategies for Modern Container Security|https://anchore.com/blog/top-5-strategies/]]|Containers|
===
|!⇒ [[CloudSecurityAlliance.fr/go/K4Q/|https://CloudSecurityAlliance.fr/go/K4Q/]] |
|!Avril|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.04.26|
|2020.04.26|Cloud Security Podcast|[[Serverless Security Best Practices with Abhay Bhargav, CTO, we45|https://anchor.fm/cloudsecuritypodcast/episodes/Scaling-a-DevSecOps-model--SERVERLESS-SECURITY-BEST-PRACTICES-with-Abhay-Bhargav---CTO---we45-ed90jm]]|Podcast DevSecOps|
|2020.04.26|Security Boulevard|[[Can I Use Azure AD for Authentication?|https://securityboulevard.com/2020/04/can-i-use-azure-ad-for-authentication/]]|AzureAD|
|2020.04.26|Riyaz Walikar|[[What are these 'reserved' set of security-credentials in AWS?|https://ibreak.software/2020/04/what-are-these-reserved-set-of-security-credentials-in-aws/]]|AWS|
|>|>|>|!2020.04.25|
|2020.04.25|//Avast//|[[Data in Transit Encryption|https://blog.avast.com/data-in-transit-encryption]]|Encryption|
|>|>|>|!2020.04.24|
|2020.04.24|Silicon[>img[iCSF/flag_fr.png]]|[[Anthos : l'offensive multicloud de Google commence avec AWS|https://www.silicon.fr/anthos-multicloud-google-aws-338594.html]]|GCP Anthos|
|2020.04.24|Solutions Review|[[5 Key Considerations for Successful Cloud Security|https://solutionsreview.com/cloud-platforms/5-key-considerations-for-successful-cloud-security/]]|Best_Practices|
|2020.04.24|SecureCloud.blog|[[Hidden gem in Azure: Scan your docker images in ACR, view results in Sub Assessment API and Azure Security Center|https://securecloud.blog/2020/04/24/hidden-gem-in-azure-scan-your-docker-images-in-acr-view-results-in-sub-assessment-api-and-azure-security-center/]]|Azure Scanning|
|2020.04.24|Signal Sciences|[[Continuous Contextual Authentication: Cybersecurity and Identity Converge in a Hybrid-cloud World|https://www.signalsciences.com/blog/continuous-contextual-authentication-cybersecurity-and-identity-converge-in-a-hybrid-cloud-world/]]|Authentication APIs|
|2020.04.24|//Lacework//|[[Kubernetes Recon: A Closer Look at Discovery from the Kubernetes Attack Matrix|https://www.lacework.com/kubernetes-recon-attack-matrix/]]|ATT&CK Kubernetes|
|2020.04.24|//Palo Alto Networks//|[[3 Myths About Security in the Cloud|https://blog.paloaltonetworks.com/2020/04/cloud-3-myths-about-security-in-the-cloud/]]|Misc|
|2020.04.24|//Cloud Management Insider//|[[How To Ensure Security For Your Cloud Storage?|https://www.cloudmanagementinsider.com/cloud-storage-best-practices-2020/]]|Storage Best_Practices|
|2020.04.24|//IBM//|[[IBM Research - Confidentiality and Governance of Cloud Services|https://devops.com/ibm-research-confidentiality-and-governance-of-cloud-services%e2%80%af/]]|Confidentiality Governance|
|2020.04.24|//ThreatVector//|[[Video: Sherri Davidoff and Threat Hunting in the Cloud|https://threatvector.cylance.com/en_us/home/video-sherri-davidoff-and-threat-hunting-in-the-cloud.html]] ([[vidéo|https://www.youtube.com/watch?v=6YWFFxMmyC0]])|Threat_Hunting|
|2020.04.24|//NCC Group//|![[The Extended AWS Security Ramp-Up Guide|https://research.nccgroup.com/2020/04/24/the-extended-aws-security-ramp-up-guide/]]|AWS best_Practices|
|>|>|>|!2020.04.23|
|2020.04.23|Réseaux & Télécoms[>img[iCSF/flag_fr.png]]|[[Google Cloud Anthos est désormais disponible pour AWS, avec Azure à suivre|http://www.reseaux-telecoms.net/actualites/lire-google-cloud-anthos-est-desormais-disponible-pour-aws-avec-azure-a-suivre-27955.html]]|GCP Anthos|
|2020.04.23|Solutions Review|[[Google Anthos Enters General Availability with Support for AWS|https://solutionsreview.com/cloud-platforms/google-anthos-enters-general-availability-with-support-for-aws/]]|GCP Anthos|
|2020.04.23|ShiftKeft|[[Dev + Sec + Ops ! = DevSecOps|https://blog.shiftleft.io/dev-sec-ops-devsecops-5d05e3516e00]]|DevSecOps|
|2020.04.23|//ThreatStack//|[[Investigating Kubernetes Attack Scenarios in Threat Stack (part 1)|https://www.threatstack.com/blog/kubernetes-attack-scenarios-part-1]]|K8s Attack|
|2020.04.23|//Microsoft Azure//|[[Update #3: Business continuity with Azure|https://azure.microsoft.com/en-us/blog/update-3-business-continuity-azure/]] (3/3)|COVID-19 Azure Resilience|
|2020.04.23|//Managed Methods//|[[Google Drive Security for Remote Learning & Working|https://managedmethods.com/blog/google-drive-security/]]|Google_Drive DLP Compliance|
|2020.04.23|//Neu Vector//|[[10 Steps to Automate Container Security Into the CI/CD Pipeline|https://neuvector.com/container-security/container-security-automation/]]|Containers CD_CI|
|2020.04.23|//Exabeam//|[[7 Cloud Security Tools to Watch for in 2020|https://www.exabeam.com/information-security/7-cloud-security-tools-to-watch-for-in-2020/]]|Tools|
|2020.April.23|//Threatstack//|[[Investigating Kubernetes Attack Scenarios in Threat Stack (part 1) | Threat Stack|https://www.threatstack.com/blog/kubernetes-attack-scenarios-part-1]] (1/2)|Kubernetes Attack_Scenario|
|>|>|>|!2020.04.22|
|2020.04.22|TL;DR Security|[[#31 - Instrument with Frida, Free Course on Attacking Apps in AWS/Azure, VM with 8 C&C Frameworks|https://tldrsec.com/blog/tldr-sec-031/]] |Weekly_Newsletter|
|2020.04.22|Dark Reading|[[Learning from the Honeypot: A Researcher and a Duplicitous Docker Image|https://www.darkreading.com/theedge/learning-from-the-honeypot-a-researcher-and-a-duplicitous-docker-image/b/d-id/1337618]]|Docker Attacks Honeypot|
|2020.04.22|Dark Reading|[[IBM Cloud Data Shield Brings Confidential Computing to Public Cloud|https://www.darkreading.com/cloud/ibm-cloud-data-shield-brings-confidential-computing-to-public-cloud/d/d-id/1337626]]|Confidential_Computting|
|2020.04.22|Container Journal|[[Containers Are Not VMs, and Other Misconceptions|https://containerjournal.com/topics/container-ecosystems/containers-are-not-vms-and-other-misconceptions/]]|Cntainers|
|2020.04.22|Rick Blaisdell|[[Top Five Secure Computing Tips|https://rickscloud.com/top-five-secure-computing-tips/]]|Best_Practices|
|2020.04.22|The Salty Hash|[[SaaS Trust Models for Security and Data Privacy|https://blog.ironcorelabs.com/saas-trust-models-for-security-and-data-privacy-a83731c2a446]]|SaaS Trust Privacy|
|2020.04.22|//Varonis//|![[Azure Skeleton Key: Exploiting Pass-Through Auth to Steal Credentials|https://blogvaronis2.wpengine.com/azure-skeleton-key/]]|Azure AzureAD Risks|
|2020.04.22|The Daily Swig| → [[Cloud security: Azure environments at risk from on-prem privilege escalation attack|https://portswigger.net/daily-swig/cloud-security-azure-environments-at-risk-from-on-prem-privilege-escalation-attack]]|Azure AzureAD Risks|
|2020.04.24|Silicon[>img[iCSF/flag_fr.png]]| → [[Office 365 : de gros trous dans l'authentification ?|https://www.silicon.fr/office-365-authentification-338541.html]]|O365 Flaw|
|2020.04.22|//Trustwave//|[[New Trustwave Report Reveals Cybersecurity Threats Becoming Pervasive and Attacks More Targeted|https://www.trustwave.com/en-us/company/newsroom/news/new-trustwave-report-reveals-cybersecurity-threats-becoming-pervasive-and-attacks-more-targeted/]] ([[rapport|https://www.trustwave.com/en-us/resources/library/documents/2020-trustwave-global-security-report/]])|Report|
|2020.04.22|//CyberHeaven//|[[Lack of awareness, cloud apps, and remote workers create perfect storm for insider attacks|https://www.cyberhaven.com/press/2020-insider-threat-report]] ([[rapport|https://www.cyberhaven.com/survey-2020-insider-threat-report]])|Report|
|2020.04.22|//CipherCloud//|[[Why Cloud DLP is the most important technology for SaaS apps?|https://www.ciphercloud.com/why-cloud-dlp-is-the-most-important-technology-for-saas-apps/]]|DLP SaaS|
|2020.04.25|Dark Reading| → [[Communication, Cloud & Finance Apps Most Vulnerable to Insider Threat|https://www.darkreading.com/cloud/communication-cloud-and-finance-apps-most-vulnerable-to-insider-threat/d/d-id/1337636]]|Report|
|2020.04.22|//Cloudonaut//|[[Anonymize CloudFront Access Logs|https://cloudonaut.io/anonymize-cloudfront-access-logs/]]|AWS Cloudfront Anonymization Logging|
|2020.04.22|//Aqua Security//|[[Dynamic Threat Analysis for Container Images: Uncovering Hidden Risks|https://blog.aquasec.com/dynamic-container-analysis]]|Container Risks|
|2020.04.22|//Oracle Cloud//|[[Boost Your Cloud Security Knowledge|https://blogs.oracle.com/cloudsecurity/boost-your-cloud-security-knowledge]]|Context|
|>|>|>|!2020.04.21|
|2020.04.21|SilverLining IL|![[Episode 19: Understanding Cloud Attack Vectors|https://silverlining.media/019-understanding-cloud-attack-vectors/]] ([[mp3|https://techtalk-podcast.s3-eu-west-1.amazonaws.com/silver-lining/silver-lining-19.mp3]])|Podcast Attack_Vector|
|2020.04.21|CloudTweaks|[[Questions To Ask Every Cloud Storage Provider|https://cloudtweaks.com/2020/04/cloud-storage-provider-questions/]]|Storage Assessment|
|2020.04.21|Dark Reading|[[7 Steps to Avoid the Top Cloud Access Risks|https://www.darkreading.com/cloud/7-steps-to-avoid-the-top-cloud-access-risks-/a/d-id/1337545]]|Best_Practices Top_Threats|
|2020.04.21|Computer Weekly|[[Searching For O365 Data Loss Prevention (DLP) Event Data |https://samilamppu.com/2020/04/21/searching-for-o365-data-loss-prevention-dlp-event-data/]]|O365 DLP|
|2020.04.21|Gabor Matuz|[[Testing docker CVE scanners. Part 2: How good is package detection?|https://medium.com/@matuzg/testing-docker-cve-scanners-part-2-how-good-is-package-detection-f68d7230b830]]|Docker Scanning|
|2020.04.21|//CloudPassage//|[[Dozen Dirtiest CVEs Q120 (Cloud Vulnerability Exposures)|https://www.cloudpassage.com/blog/dozen-dirtiest-cves-q120/]]|Vulnerabilities CVEs|
|2020.04.21|//Anchore//|[[Our Top 5 Strategies for Modern Container Security|https://anchore.com/blog/top-5-strategies/]]|Containers|
|2020.04.21|//Cloud Management Insider//|[[Can Azure Confidential Computing Promise Security In The Data Breach World?|https://www.cloudmanagementinsider.com/can-azure-confidential-computing-promise-security-in-the-data-breach-world/]]|Confidential_Computing|
|2020.04.21|//Compare the Cloud//|[[You have lots of APIs and Microservices - now what?|https://www.comparethecloud.net/articles/you-have-lots-of-apis-and-microservices-now-what/]]|APIs Microservices|
|2020.04.21|//Perimeter81//|[[SASE and Zero Trust Are a Perfect Match|https://www.perimeter81.com/blog/zero-trust/sase-and-zero-trust-perfect-match/]]|SASE Zero_Trust|
|2020.04.21|//Microsoft//|[[Security roadmap - Top priorities for the first 30 days, 90 days, and beyond|https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/security-roadmap?view=o365-worldwide]]|O365 M365|
|2020.04.10|//AppOmni//|[[SaaS Security Best Practices in #WFH World|https://cdn2.hubspot.net/hubfs/6705456/Collateral/AppOmni%20SaaS%20Security%20Best%20Practices%20WFH%20World.pdf]]|SaaS Best_Practices|
|>|>|>|!2020.04.20|
|2020.04.20|Solutions Review|[[The 4 Major Players in Cloud Management Platforms, 2020|https://solutionsreview.com/cloud-platforms/the-4-major-players-in-cloud-management-platforms-2020/]]|CSPM|
|2020.04.20|//Microsoft Azure//|[[Azure Security Center enhancements|https://azure.microsoft.com/en-us/blog/azure-security-center-enhancements/]]|Azure|
|2020.04.20|//Microsoft//|[[What's the difference between Azure Active Directory Identity Protection and Conditional Access?|https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-active-directory-identity/ba-p/1320887]]|AzureAD|
|2020.04.20|//SynAcktiv//|[[Azure AD introduction for red teamers|https://www.synacktiv.com/posts/pentest/azure-ad-introduction-for-red-teamers.html]]|AzureAD Pentesting|
|2020.04.20|//Capsule8//|[[Security Delusions Part 1: A History of Cloud Compunction|https://capsule8.com/blog/security-delusions-part-1-a-history-of-cloud-compunction/]] (1/3)|History Architecture|
|>|>|>|!|
||Cloudockit|[[The 25 Most Used AWS icons Explained!|https://www.cloudockit.com/the-25-most-used-aws-icons-explained/]]|AWS Services Icons|
[>img(200px,auto)[iCSA/K4QCCSK.png]]Comme annoncé précédemment, le [[Chapitre Français]] de la [[Cloud Security Alliance]] organise une formation officielle [[CCSK]] pour le ''CCSK Foundation'' et le ''CCSK Plus''.
Elle se déroulera la semaine du 15 juin 2020.
Elle sera dispensée ''en français'' par ''+++[Guillaume Boutisseau] [img(98%,1px)[iCSF/BluePixel.gif]]^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]] ==='', ''CCSK Authorized Instructor''^^1^^.
|>|!Un webinar est organisé Mercredi 29 avril à partir de 13h30 à 14h15 |
|Programme|1 - Détails pour les formations ''CCSK Foundation'' et ''CCSK Plus'' de la semaine du 15 juin 2020 |
|~|2 - Présentation du contenu des 2 formations |
|~|3 - Présentation des conditions de réalisation de la formation |
|~|4 - Présentation des conditions de passage de l'examen pour la certification CCSK |
|~|5 - Prix et nombre de jeton pour passer l'examen |
|~|6 - Scéance de questions / réponses en direct |
Pour s'inscrire à ce webinar et recevoir le lien pour le suivre, envoyez un message avec votre adresse email à ''Guillaume Boutisseau'' sur [[Circle|CSA Circle]] ou sur [[LinkedIN]].
Vous pouvez déjà relire les articles publiés par Guillaume Boutisseau sur le sujet :
* "''CCSK la formation à suivre''"+++*[»]> <<tiddler [[2019.01.24 - Blog : CCSK la formation à suivre]]>>===
* "''Contenu de la formation officielle CCSK du 15 juin 2020''"+++*[»]> <<tiddler [[2020.04.20 - Blog : Contenu de la formation officielle CCSK du 15 juin 2020]]>>===
* "''L'examen pour passer la certification CCSK en juin 2020''"+++*[»]> <<tiddler [[2020.04.25 - Blog : L'examen pour passer la certification CCSK en juin 2020]]>>===
Rappel des dates :
* Lundi 15 et mardi 16 juin 2020 : ''CCSK Foundation''
* Lundi 15, mardi 16 juin et mercredi 17 juin 2020 : ''CCSK Plus''
[img(50%,1px)[iCSF/BluePixel.gif]]
^^1^^ Guillaume Boutisseau est un "formateur certifié CCSK" ou "''CCSK Authorized Instructor''+++*[»]> https://cloudsecurityalliance.org/education/instructors ===" et son attestation est disponible+++*[ici »]> ^^ https://cloudsecurityalliance.org/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdkVKIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--d3415bd77ff8e91832bfd76f3426ff27902b3c4a/ccsk-ttt-Guillaume-Boutisseau.pdf ^^ ===.
[img[iCSF/flag_fr.png]]^^gb oc^^[img(50%,1px)[iCSF/BluePixel.gif]]
[>img(200px,auto)[iCSA/K4PCCSK.png]]Article rédigé par ''+++[Guillaume Boutisseau] [img(98%,1px)[iCSF/BluePixel.gif]]^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]] ==='', ''CCSK Authorized Instructor''^^1^^ qui anime des formations [[CCSK]] officielles en français pour le ''CCSK Foundation'' et le ''CCSK Plus''.
!!L'examen CCSK
L'examen CCSK comporte 60 questions et dure 90 minutes. Il faut répondre correctement à au moins 80% des questions pour obtenir la certification CCSK.
Un jeton (//exam token//) est inclus dans la formation officielle. Il donne droit à 2 tentatives.
Environ 87% de l'examen porte sur le document ''CSA Guidance v4'', ce qui en fait le document le plus important. ''CCM'' et ''ENISA recommendations'' représentent à peu près 6% chacun.
[>img(100px,auto)[iCSA/K4KCC.jpg]][>img(100px,auto)[iCSA/K4KEN.jpg]][>img(100px,auto)[iCSA/K4KSG.png]]Les documents sont autorisés lors de l'examen (mode //open book//), et on peut donc consulter ces 3 documents (''Guidance v4'', ''ENISA recommendations'', ''CCM'') pendant l'examen. Mais attention, il faut bien comprendre que pour la grande majorité des questions, on ne trouve pas la réponse après une simple recherche dans ces documents. Une compréhension solide du contenu de ces documents et de la sécurité dans le cloud est indispensable. Il n'est pas non plus envisageable de chercher dans les documents pour chacune des 60 questions. La durée de l'examen (90 minutes) ne le permet pas.
Le taux de réussite à l'examen avec 1 seul jeton (donc quand la certification est obtenue dès la première tentative ou sinon la deuxième tentative) est de ''62%''.
Le ''CCSK'' ne fait pas partie des examens faciles, mais il garantit aussi une compréhension solide de la sécurité dans le cloud, et c'est une des meilleures références dans ce domaine.
Le résultat est connu immédiatement, dès la fin de l'examen. Un tableau de performances est également présenté, il permet à ceux qui ne réussissent pas dès la premiere tentative, d'identifier les domaines à réviser plus en profondeur avant de passer à la deuxième tentative.
Un examen blanc sera proposé pendant la formation officielle du 15 juin 2020, ainsi qu'une stratégie pour se préparer, et identifier et chosir les bonnes réponses aux questions de l'examen final.
[img(98%,1px)[iCSF/BluePixel.gif]]
^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]]
<<tiddler [[arOundGB]]>>
!//Incriptions ouvertes pour le 'CSA Virtual EU Summit' du 9 au 12 juin 2020//
[>img(300px,auto)[iCSA/K69S0.jpg]]Compte-tenu de la situation sanitaire actuelle en Europe et de son évolution, le ''CSA EU Summit 2020'' initialement prévu le 9 juin 2020 à Bruxelles+++*[»]]> https://csacongress.org/event/csa-eu-summit-2020/ === est remplacé par un ''Virtual EU Summit'' du 9 au 12 juin 2020, de 9h00 à 11h30.
Un thème différent sera abordé chaque jour :
# Mardi 9 juin : certification
# Mercredi 10 juin : gestion des risques et gouvernance
# Jeudi 11 juin : respect de la vie privée et du RGPD
# Vendredi 12 juin : nouvelles tendances ayant un impact sur l'Union Européenne
[img(500px,auto)[iCSA/K69VS.png]]
|>|>|>|!09 June 2020|
|09:00|09:30|//Toward a European Certification Scheme for Cloud Services//|Eric Vétillard, Lead Certification Expert, ENISA|
|09:40|10:10|//Keynote Session - Microsoft//|Andreas Fuchsberger, International Standards Officer, Microsoft|
|10:20|10:50|//Keynote Session//||
|>|>|>|!10 June 2020|
|09:00|10:15|//Panel Discussion: Auditing and Compliance//|Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance|
|>|||Craig Balding, Independent Cyber Security Consultant|
|>|||Steven Mezzio, Director, Lubin School of Business Center for Excellence in Financial Reporting|
|10:20|10:50|//Lines of Defense within the Public Sector//|
|11:00|11:30|//Keynote Session//||
|11:30|12:00|//|Keynote Speaker - OneTrust GRC//|Scott Bridgen, GRC Consulting Director, OneTrust GRC|
|>|>|>|!11 June 2020|
|09:00|10:15|//Panel Discussion: GDPR with the CSA Center of Excellence//|Linda Strick, EMEA Managing Director, Cloud Security Alliance|
|>|||Blake Brannon, Chief Technology Officer, OneTrust|
|10:20|11:00|//Keynote Session - CNIL (French Data Protection Authority)//|
|>|>|>|!12 June 2020|
|09:00|10:00|//Emerging Trends Impacting the European Union//|Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance|
|>|||Raj Samani, Chief Scientist, McAfee|
|10:00|10:30|//Keynote Session//||
__Détails :__
* Inscriptions ⇒ ''[[CloudSecurityAlliance.fr/go/k69c/|https://CloudSecurityAlliance.fr/go/k69c/]]''<<tiddler [[arOund0C]]>>
!"//Guideline for the Dark Cloudy Days//"
[>img(150px,auto)[iCSA/K4MBG.jpg]]Article de blog publié le 22 avril 2020 — Rédigé par Prof. Alex SIOW, Professor (Practice) in the School of Computing, NUS et LIM Soon Tein, Vice President, IT, ST Electronics
<<<
//Given today's evolving threat landscape, incident response (IR) strategy for safeguarding is no longer optional. In 2019 alone, the cloud realm saw countless notable breaches and outages for a variety of reasons. In preparation for an inevitable incident, cloud incident response (CIR) has become an indispensable pillar of any organization and should be properly developed to achieve a good security posture. A comprehensive incident response strategy needs to be able to not only cater to today's complex threat landscape, but also be applicable in a variety of other situations such as downtime caused by system failures, operational mistakes and force majeure etc.
When in the cloud, there are other considerations to IR strategies. Handling incidents on the cloud is fundamentally different than traditional on-premises IT, and this deviation arises due in part to three key aspects - Governance, Visibility and Shared Responsibility of the cloud.
__''Governance''__
When organizations engage multiple cloud service providers (CSPs), in addition to the fact that data could reside in multiple locations in the cloud, it could also be challenging getting the various organizations to investigate an incident together.
__''Visibility''__
Running workloads and services in the cloud means that organizations no longer have the same rights of visibility as traditional IT. Much of the underlying supporting infrastructure and services are abstracted and organizations can often only view logs provided by the CSP for the specific service being used. This can be a challenge when trying to fully understand an incident and stem its spread or escalation.
__''Shared responsibility''__
Cloud security involves various stakeholders such as cloud customers and CSPs and / or third-party providers. The various stakeholders have their part to play in this shared responsibility model. Generally, the customers are responsible for their own data, and the CSPs for the cloud infrastructure and services that they provide.
[>img(400px,auto)[iCSA/K4MBG.png]]A common framework that IR teams adopt is the lifecycle in ''NIST SP800-61R2 Computer Security Incident Handling Guide'' which runs through the phases of Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-Mortem.
To further reinforce the CIR, a vital puzzle piece of 'Coordination and Information Sharing' that is iterated at each phase of the CIR plan should be considered. Effective communication is not limited to just reporting to the customers. An attack typically affects more than one organization, simultaneously. Thus incident information sharing is mutually beneficial in helping other organizations guard against the same threats. The CSA runs the ''Cloud Cyber Incident Sharing Center'' (''CloudCISC'') that facilitates the sharing of incident data between participating CSPs.
When a critical incident occurs, there is no time to waste figuring out the game plan - every second that goes by is more data being potentially compromised. Having a methodical, step-by-step response plan can help organizations be better prepared when dealing with cloud incidents, which helps to manage and minimize damage to businesses.
The ''Cloud Incident Response (CIR) Working Group (WG)'' coalesces various industry incident response best practices and frameworks available in the industry in an on-going work, '''Cloud Incident Response Framework'''. The framework covers the major causes of cloud incidents (both security and non-security related) and their handling and mitigation strategies with the aim to provide a holistic and consistent view across widely used frameworks for the reader. This serves as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, and also a transparent and common framework for CSPs to share cloud incident response practices with their customers.
The WG recently released a '[[Cloud Incident Response - A Quick Guide|2020.04.21 - Publication : Cadre de réponse aux incidents dans le Cloud]]', a succinct prequel to the main framework covering key ideas and concepts. Readers can expect a step-by-step guide, from preparation to post-mortem, with CIR guidelines curated for different levels of incident severity in the upcoming deliverable.
As a work in progress, the ''CIR WG'' welcomes individuals who are interested in contributing to this work to join the WG by registering here+++*[»]> https://cloudsecurityalliance.org/research/join-working-group/ ===.//
<<<
__Lien :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k4mb/|https://CloudSecurityAlliance.fr/go/k4mb/]]''
!"Cloud Incident Response Framework - A Quick Guide"
[>img(150px,auto)[iCSA/K4LPC.png]]A lire ! Ce document est publié par le Groupe de Travail ''Cloud Incident Response'' (CIR).
<<<
//What this Quick Guide aims to do is to distill and give readers an overview of key contributions of the work currently undertaken in the CIR WG, towards a comprehensive CIR framework. The CIR WG hopes to take this opportunity to encourage volunteers to participate in the WG's efforts and provide valuable feedback to the ongoing work.//
<<<
__Table des Matières :__//{{ss2col{
<<<
//1. Executive Summary
2. Introduction
2.1 Incident Response vs Cloud Incident Response
2.2 What This Quick Guide Does
2.3 How Everything Kind of Fits Together
3. CIR Framework
3.1 Phase 1: Preparation
3.2 Phase 2: Detection and Analysis
3.3 Phase 3: Containment, Eradication, and Recovery
3.4 Phase 4: Post-Mortem
3.5 Continuous Phase: Coordination and Information Sharing
4. Incident Response Controls
5. Conclusion//
<<<
}}}
__Extrait :__//{{ss2col{
<<<
//The CIR Framework refers to several industry-accepted standards and frameworks to plan and prepare for cloud incident, mitigation strategies and post-mortem processes. The current list is not exhaustive, and the CIR WG welcomes contributions from the public.
# Technical Reference (TR) 62 - Cloud Outage Incident Response (COIR)
# CSA Security Guidance For Critical areas of Focus In Cloud Computing v4.0
# NIST 800-61 Computer Security Incident Handling Guide
# ISO/IEC 27035-1:2016
# ENISA Cloud Computing Risk Assessment
# Other relevant documents:
** ISO 22320:2011 Societal Security - Emergency Management - Requirements for Incident Response
** FedRAMP Incident Communications Procedure
** NIST 800-150 Guide to Cyber Threat Information Sharing
** NIST 800-53 Security and Privacy Controls for Information Systems and Organizations
** SANS Institute Information Security Reading Room Incident Handler's Handbook
There is an abundance of Incident Response (IR) standards, frameworks and guidelines available in the industry today, which can be overwhelming for organizations to comprehend. The following IR lifecycle diagram provides a clear understanding of how various chapters and sections across different frameworks fit into an IR lifecycle. This is especially helpful when the user needs to zoom in and plan for specific phases in the response process.//
[img(500px,auto)[iCSA/K4LPI.png]]
<<<
}}}
__Liens :__
* Document ⇒ ''[[CloudSecurityAlliance.fr/go/k4kp/|https://CloudSecurityAlliance.fr/go/k4kp/]]''
!"//Cloud Adoption Considerations for IoT and OT//"
[>img(250px,auto)[iCSA/K4LWC.png]]Webinar [[CloudBytes]] diffusé le 21 avril 2020 — Présenté par Shih Hsien Lim, Chief Security Officer, société SP Group
<<<
//IoT in the enterprise will generate new information and business models that will strain on-prem capabilities and resources. The challenges can be resolved by judicious of the cloud. This potential upside needs to be weighted against risks around data privacy, visibility, and (in)effectiveness of traditional security tools and approaches.
The increasing digitisation of OT (Operations Technology) will impose similar challenges, with the added key dimension of safety on top of the traditional tripartite of confidentiality, integrity and availability.
The talk will thus dive deeper into these real-world challenges and share some practical considerations and approaches.//
<<<
⇒ S'inscrire au Webinar de 60 minutes [[sur le site de BrightTALK|https://CloudSecurityAlliance.fr/go/k4lw/]].
[>img(200px,auto)[iCSA/K4PCCSK.png]]Article rédigé par ''+++[Guillaume Boutisseau] [img(98%,1px)[iCSF/BluePixel.gif]]^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]] ==='', ''CCSK Authorized Instructor''^^1^^ qui anime des formations [[CCSK]] officielles en français pour le ''CCSK Foundation'' et le ''CCSK Plus''.
Comme annoncé précédemment, le [[Chapitre Français]] de la [[Cloud Security Alliance]] organise une formation officielle [[CCSK]] pour le ''CCSK Foundation'' et le ''CCSK Plus''.
Elle se déroulera la semaine du 15 juin 2020.
Elle sera dispensée ''en français'' par ''Guillaume Boutisseau''^^1^^.
!!Contenu de la formation officielle CCSK
La formation ''CCSK Fondation'' comprend tous les modules théoriques (module 1 à module 6, listés plus bas), elle dure 2 jours et permet d'obtenir 14 CPEs.
La formation ''CCSK Plus'' comprend tous les modules théoriques, ainsi que des exercices pratiques dans le cloud AWS (lab 1 à lab 6, listés plus bas). Elle dure 3 jours et permet d'obtenir 21 CPEs.
!!!Les modules théoriques
{{ss2col{ Les modules théoriques sont le suivants :
* module 1 : définitions et architectures du cloud
* module 2 : sécurité des infrastructures cloud
* module 3 : choix du fournisseur cloud et gestion du risque
* module 4 : sécurisation des données
* module 5 : sécurisation des applications
* module 6 : opérations dans l'environnement cloud
[img(200px,auto)[iCSA/K4KMO.png]] }}}
[>img(100px,auto)[iCSA/K4KCC.jpg]][>img(100px,auto)[iCSA/K4KEN.jpg]][>img(100px,auto)[iCSA/K4KSG.png]]Ces modules théoriques couvrent le contenu des 3 documents essentiels à la preparation de l'examen CCSK (on peut les télécharger en Anglais sur le site CSA):
* CSA Guidance v4
* Cloud Control Matrix (CCM)
* ENISA Recommendations
Les points les plus importants de ces 3 documents seront repris dans un document en Français qui sera distribué aux participants. Ce document pourra servir de référence pour l'examen, il peut aussi servir de référence pour tout projet cloud.
!!!Les exercices pratiques
Exercices pratiques (AWS):
* lab 1 : sécurisation des comptes d'accès (IAM, MFA)
* lab 2 : permissions des comptes et options de monitoring (Policies, CloudTrail, CloudWatch)
* lab 3 : sécurité des réseaux et des instances (VPC, Security Group, ACL, Inspector)
* lab 4 : chiffrement des données et sécurisation des stockages (S3, EBS, KMS)
* lab 5 : sécurité des applications et fédération des identités (WAF, OpenID, Oauth, SSO)
* lab 6 : comparaison et choix de fournisseurs cloud (STAR, CCM, CAIQ)
Les exercices pratiques permettent d'appliquer dans un environnement cloud réel les points couverts dans les modules théoriques. Les labs sont vivement recommandés à tous ceux qui n'ont pas une expérience pratique du cloud.
!!!A suivre...
Une liste plus détaillée des modules et labs compris dans la formation est disponible en Anglais sur le site CSA: https://cloudsecurityalliance.org/artifacts/ccsk-course-outlines/
Tous les éléments listés dans ce document seront présentés et expliqués en Français lors de la formation.
Enfin, pour se préparer à l'examen ''CCSK'', une série de questions semblables à celles de l'examen final sera distribuée aux participants et étudiée en détails.
Des détails complémentaires, dont les modalités d'inscriptions, seront publiés dans les prochains jours.
[img(98%,1px)[iCSF/BluePixel.gif]]
^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]]
<<tiddler [[arOundGB]]>>
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #60|2020.04.19 - Newsletter Hebdomadaire #60]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #60|2020.04.19 - Weekly Newsletter - #60]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.04.19 - Newsletter Hebdomadaire #60]]>> |<<tiddler [[2020.04.19 - Weekly Newsletter - #60]]>> |
!!1 - Informations CSA de la semaine du 13 au 19 avril 2020
* Formation ''CCSK en Français'' en juin 2020+++*[»]> <<tiddler [[2020.04.12 - Formation CCSK en Français en juin 2020]]>>===
* Conférences en ligne du CSA 'CloudBytes Connect' et 'Virtual EU Summit' en mai et juin 2020+++*[»]> <<tiddler [[2020.04.14 - #CSAAnywhere : conférences en ligne du CSA]]>>===
* Appels à commentaires : ''CSA'' 'Hybrid Clouds and its Associated Risks'+++*[»]> <<tiddler [[2020.04.10 - Appel à commentaires : 'Hybrid Clouds and its Associated Risks']]>>=== et ''NIST'' 800-210 'General Access Control Guidance for Cloud Systems'+++*[»]> <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]>>===
* Sondages : sur la technologie CASB d'ici pour le ''20 avril''+++*[»]> <<tiddler [[2020.03.09 - Sondage sur la technologie CASB]]>>===, sur la sensibilisation à la cryptographie quantique+++*[»]> <<tiddler [[2020.03.09 - Sondage sur la sensibilisation à la cryptographie quantique]]>>=== et sur l'adoption du Cloud (28 avril)+++*[»]> <<tiddler [[2020.04.18 - Actu : Sondage sur l'adoption du Cloud]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.04.19 - Veille Hebdomadaire - 19 avril]] avec plus de 50 liens dont :
* Etudes et rapports : Fugue (COVID-19) • Imperva+++*[»]>
* Fuites de données : Clearview+++*[»]
|2020.04.17|TechDirt|[[Cybersecurity Firm Finds A Bunch Of Clearview's Secret Stuff Sitting Around In An Poorly-Secured Cloud Storage Bucket|https://www.techdirt.com/articles/20200416/17414544321/cybersecurity-firm-finds-bunch-clearviews-secret-stuff-sitting-around-poorly-secured-cloud-storage-bucket.shtml]]|Data_Leak|
===, approche pour contrer une fuite dans le Cloud+++*[»]
|2020.04.14|//AttackIQ//|[[Defeating a Cloud Breach Part 3|https://attackiq.com/blog/2020/04/14/defeating-a-cloud-breach-part-3/]] (3/3)|Attack Breach|
|2020.04.06|//AttackIQ//|[[Defeating a Cloud Breach Part 2|https://attackiq.com/blog/2020/04/06/defeating-a-cloud-breach-part-2/]] (2/3)|Attack Breach|
|2020.03.30|//AttackIQ//|[[Defeating a Cloud Breach Part 1|https://attackiq.com/blog/2020/03/30/defeating-a-cloud-breach-part-1/]] (1/3)|Attack Breach|
=== et impacts d'erreurs de configuration+++*[»]
|2020.04.15|Dark Reading|[[You're One Misconfiguration Away from a Cloud-Based Data Breach|https://www.darkreading.com/cloud/youre-one-misconfiguration-away-from-a-cloud-based-data-breach/a/d-id/1337464]]|Misconfiguration|
===, analyse de risques FAIR™+++*[»]
|2020.04.13|Fair Institute|![[Amazon S3 Bucket Data Breaches - a FAIR™ Risk Analysis|https://www.fairinstitute.org/blog/amazon-s3-bucket-data-breaches-a-fair-risk-analysis]]|AWS_S3 Data_Breach Risk_Analysis||
===
* __Attaques__ et pannes : Panne Cloudflare+++*[»]
|2020.04.15|Bleeping Computer|[[Cloudflare dashboard and APIs are down, some sites having issues|https://www.bleepingcomputer.com/news/technology/cloudflare-dashboard-and-apis-are-down-some-sites-having-issues/]]|Outage cloudflare|
=== et une explication sur une panne précédente+++*[»]
|2020.04.16|CBR Online|[[Cloudflare Admits Outage Came After Technician Unplugged Cables|https://www.cbronline.com/news/cloudflare-technician-unplugged-cables]]|Outage Cloudflare|
===, les aventures d'une image Docker "pot de miel"+++*[»]
|2020.04.15|//Akamai//|![[A Brief History of a Rootable Docker Image|https://blogs.akamai.com/sitr/2020/04/a-brief-history-of-a-rootable-docker-image.html]]|Docker Attacks Honeypot|
|2020.04.16|//ThreatPost//| → [[Poorly Secured Docker Image Comes Under Rapid Attack|https://threatpost.com/poorly-secured-docker-image-rapid-attack/154874/]]|Docker Attacks Honeypot|
===
* __Menaces__ et protection : Matrice ATT&CK pour les serveurs Cloud sous Linux+++*[»]
|2020.04.15|//Intezer//|![[The missing MITRE ATT&CK matrix for Linux cloud servers|https://intezer.com/blog/cloud/the-missing-mitre-attck-matrix-for-linux-cloud-servers/]]|ATT&CK Linux|
===, le Cloud comme protection anti-rançongiciel+++*[»]
|2020.04.14|Security Week|![[Backup or Disaster Recovery for Protection Against Ransomware?|https://www.securityweek.com/backup-or-disaster-recovery-protection-against-ransomware]]|Backup DRP Ransomware|
===
* Formation : audit Docker et Kubernetes+++*[»]
|2020.04.14|//Appsecco//|![[Attacking and Auditing Docker Containers and Kubernetes Clusters|https://github.com/appsecco/attacking-and-auditing-docker-containers-and-kubernetes-clusters]]|Training Docker Kubernetes|
===, Azure Sentinel+++*[»]
|2020.04.13|//Microsoft Azure//|![[Become an Azure Sentinel Ninja: The complete level 400 training|https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310]]|Training Azure|
===
* __Divers__ : détection d'intrusion sur AWS+++*[»]
|2020.04.15|ZDnet|[[New tool detects AWS intrusions where hackers abuse self-replicating tokens|https://www.zdnet.com/article/new-tool-detects-aws-intrusions-where-hackers-abuse-self-replicating-tokens/]]|AWS [[Tools|Outils-GitHub]]|
=== et dans Docker+++*[»]
|2020.04.13|//Uptics//|[[Detecting Docker Container Malware using osquery|https://www.uptycs.com/blog/detecting-docker-container-malware-using-osquery]]|Docker Malware Detection|
===, sécurité Multi-Cloud+++*[»]>
|2020.04.15|SANS|[[Top 5 Considerations for Multicloud Security|https://www.sans.org/blog/top-5-considerations-for-multicloud-security/]] ([[étude|https://www.sans.org/reading-room/whitepapers/cloud/top-5-considerations-multicloud-security-39505]])|Multi_Cloud|
===, bizarreries entre CloudTrail et des API AWS+++*[»]
|2020.04.16|Hacking Exposed|[[The curious case of cloud trail and AWS EBS Block API access|https://www.hecfblog.com/2020/04/daily-blog-675-curious-case-of-cloud.html]]|AWS Gaps|
===, principes de sécurité de GCP+++*[»]
|2020.04.16|Dawid Balut|![[Security Principles of Google Cloud Platform|https://dawidbalut.com/2020/04/16/security-principles-of-google-cloud-platform/]]|GCP|
===
|!⇒ [[CloudSecurityAlliance.fr/go/K4J/|https://CloudSecurityAlliance.fr/go/K4J/]] |
!CSA News and Updates - April 13th to 19th
* ''CCSK'' training in ''French'' in June 2020+++*[»]> <<tiddler [[2020.04.12 - Formation CCSK en Français en juin 2020]]>>===
* ''CloudBytes Connect'' and ''Virtual EU Summit'', two CSA global virtual events in May and June+++*[»]> <<tiddler [[2020.04.14 - #CSAAnywhere : conférences en ligne du CSA]]>>===
* Call for comments: 'CSA' 'Hybrid Clouds and its Associated Risks'+++*[»]> <<tiddler [[2020.04.10 - Appel à commentaires : 'Hybrid Clouds and its Associated Risks']]>>=== and 'NIST' SP 800-210 'General Access Control Guidance for Cloud Systems'+++*[»]> <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]>>===
* Surveys: 'Expectations and Evolution of CASBs' before ''April 20th''+++*[»]> <<tiddler [[2020.03.09 - Sondage sur la technologie CASB]]>>=== and Quantum-Safe Security Awareness before ''April 27th''+++*[»]> <<tiddler [[2020.03.09 - Sondage sur la sensibilisation à la cryptographie quantique]]>>===and on Cloud adoption before ''April 28th''+++*[»]> <<tiddler [[2020.04.18 - Actu : Sondage sur l'adoption du Cloud]]>>===
!Cloud and Security News Watch
[[Over 50 links|2020.04.19 - Veille Hebdomadaire - 19 avril]] among which:
* Reports: Fugue (Concerns Over Cloud risks), and Imperva (2020 Cyberthreat Defense Report)
* Data Leaks: Clearview
* __Attacks__ and outages: Cloudflare dashboard and APIs issue, and feedback on an earier outage; History of a rootable Docker image; Backup or Disaster Recovery for protection against ransomware; a FAIR™ Risk Analysis of Amazon S3 Bucket Data Breaches;
* Threats: MITRE ATT&CK matrix for Linux cloud servers;
* Training: Attacking and auditing Docker containers and Kubernetes clusters; Become an Azure Sentinel Ninja
* __Miscellaneous__: Security Principles of Google Cloud Platform; final blog post of the 'Defeating a Cloud Breach' serie; discrepencies between CloudTrail and AWS EBS Block API access; Top Considerations for Multicloud Security; AWS intrusions detection based on self-replicating tokens abuse; Detecting Docker container malware;
|!⇒ [[CloudSecurityAlliance.fr/go/K4J/|https://CloudSecurityAlliance.fr/go/K4J/]] |
|!Avril|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Rapports / Reports'' |
|2020.04.13|//Fugue//|[[Fugue Survey Finds Widespread Concern Over Cloud Security Risks During the COVID-19 Crisis|https://www.fugue.co/press/releases/fugue-survey-finds-widespread-concern-over-cloud-security-risks-during-the-covid-19-crisis]]|Survey|
|2020.04.13|//Imperva//|[[The 2020 Cyberthreat Defense Report: Simplify Security with Unified Tools and Monitoring|https://www.imperva.com/blog/the-2020-cyberthreat-defense-report-simplify-security-with-unified-tools-and-monitoring/]]|Survey|
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''AWS (Amazon)'' |
|2020.04.15|//Amazon AWS//|![[Raising the bar on storage: How to improve your disaster recovery, ransomware prevention, and backup strategy|https://aws.amazon.com/blogs/publicsector/raise-bar-storage-how-improve-disaster-recovery-ransomware-prevention-backup-strategy/]] |AWS Backup|
|2020.04.15|ZDnet|[[New tool detects AWS intrusions where hackers abuse self-replicating tokens|https://www.zdnet.com/article/new-tool-detects-aws-intrusions-where-hackers-abuse-self-replicating-tokens/]]|AWS [[Tools|Outils-GitHub]]|
|2020.04.16|Hacking Exposed|[[The curious case of cloud trail and AWS EBS Block API access|https://www.hecfblog.com/2020/04/daily-blog-675-curious-case-of-cloud.html]]|AWS Gaps|
|>|>|>|''Azure (Microsoft)'' |
|2020.04.13|//Microsoft Azure//|![[Become an Azure Sentinel Ninja: The complete level 400 training|https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310]]|Training Azure|
|>|>|>|''GCP (Google)'' |
|2020.04.13|//Google Cloud//|[[Find and fix issues faster with our new Logs Viewer|https://cloud.google.com/blog/products/management-tools/troubleshoot-issues-faster-with-cloud-logging]]|Detection Logging|
|>|>|>|!|
|>|>|>||
|>|>|>|!2020.04.18|
|2020.04.18|//Avast//|[[Data security issues in cloud computing|https://blog.avast.com/data-security-issues-in-cloud-computing]]|Privacy|
|>|>|>|!2020.04.17|
|2020.04.17|BSidesATL 2020|[[Detect: Shane Peden's 'Conquering The Cloud: Defense-In-Depth Strategies For Amazon Web Services'|http://www.youtube.com/watch?v=JuQj9uczqn8]] (vidéo)|Conference|
|2020.04.17|BSidesATL 2020|[[Protect: Oscar Salazar's 'Expose Yourself Without Insecurity: Cloud Breach Patterns'|http://www.youtube.com/watch?v=n0O4scm7mVc]] (vidéo)|Conference|
|2020.04.17|Security Week|[[DHS Working on Cloud-based Root-of-Trust to Secure Agency Email on Mobile Devices|https://www.securityweek.com/dhs-working-cloud-based-root-trust-secure-agency-email-mobile-devices]]|CRoT |
|2020.04.17|The Hacker News|[[Why SaaS opens the door to so many cyber threats (and how to make it safer)|https://thehackernews.com/2020/04/saas-cybersecurity.html]]|SaaS|
|2020.04.17|DZone|[[5 Best Security Practices for Kubernetes and Oracle Kubernetes Engine|https://dzone.com/articles/5-best-security-practices-for-kubernetes-and-oracle-kubernetes-engine]]|Best_Practices Kubernetes|
|2020.04.17|Security Newspaper|[[Pastebin is now more hacker friendly and will block cyber security researchers|https://www.securitynewspaper.com/2020/04/17/pastebin-is-now-more-hacker-friendly-and-will-block-cyber-security-researchers/]]|Pastebin|
|2020.04.17|TechDirt|[[Cybersecurity Firm Finds A Bunch Of Clearview's Secret Stuff Sitting Around In An Poorly-Secured Cloud Storage Bucket|https://www.techdirt.com/articles/20200416/17414544321/cybersecurity-firm-finds-bunch-clearviews-secret-stuff-sitting-around-poorly-secured-cloud-storage-bucket.shtml]]|Data_Leak|
|2020.04.17|//Palo Alto Networks//|[[Cloud Security 2021: 4 Key Trends You Shouldn't Miss|https://blog.paloaltonetworks.com/2020/04/cloud-security-2021/]]|Trends|
|2020.04.17|//Compare the Cloud//|[[4 Ways Armoured Vehicles Can Teach Us About Cloud Cybersecurity|https://www.comparethecloud.net/articles/4-ways-armoured-vehicles-can-teach-us-about-cloud-cybersecurity/]]|Misc|
|2020.04.17|//Menlo Security//|[[Is SaaS the New Trojan Horse in the Age of Cloud Computing?|https://www.infosecurity-magazine.com/white-papers/saas-trojan-horse/]]|SaaS|
|2020.04.17|//Proofpoint//|[[Securing Innovation in the Cloud: Best Practices for Remote Development Teams|https://www.forcepoint.com/blog/insights/remote-dev-team-best-practices]]|Innovation|
|>|>|>|!2020.04.16|
|2020.04.16|FedScoop|[[A closer look at TIC telework guidance reveals not all cloud providers are eligible|https://www.fedscoop.com/tic-telework-cloud-service-providers/]]|...|
|2020.04.16|Cybersecurity Insiders|[[Cloud Security concerns increase during Corona Virus Pandemic|https://www.cybersecurity-insiders.com/cloud-security-concerns-increase-during-corona-virus-pandemic/]]|COVID-19|
|2020.04.16|Help Net Security|[[On my mind: Transitioning to third-party cloud services|https://www.helpnetsecurity.com/2020/04/16/third-party-cloud-services/]]|Third_Party|
|2020.04.16|CBR Online|[[Cloudflare Admits Outage Came After Technician Unplugged Cables|https://www.cbronline.com/news/cloudflare-technician-unplugged-cables]]|Outage Cloudflare|
|2020.04.16|Dawid Balut|![[Security Principles of Google Cloud Platform|https://dawidbalut.com/2020/04/16/security-principles-of-google-cloud-platform/]]|GCP|
|2020.04.16|Hakin9|[[Top 7 Cloud Security Issues and How to Overcome Them|https://hakin9.org/top-7-cloud-security-issues-and-how-to-overcome-them/]]|Risks|
|2020.04.16|IoTGN|[[IEC 62443: How to achieve the highest levels of industrial security|https://www.iotglobalnetwork.com/iotdir/2020/04/16/iec-62443-how-to-achieve-the-highest-levels-of-industrial-security-24420/]]|IoT IEC_62443|
|2020.04.16|arXiv.org|[[Experiential probabilistic assessment of cloud services|https://arxiv.org/ftp/arxiv/papers/2004/2004.10858.pdf]] (pdf)|Assessment|
|2020.04.16|Dirk-jan Mollema|[[Introducing ROADtools - The Azure AD exploration framework|https://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/]]|AzureAD Exploit_Framework|
|2020.04.16|//Trendyol Tech//|[[Configure RBAC in Kubernetes Like a Boss|https://medium.com/trendyol-tech/configure-rbac-in-kubernetes-like-a-boss-665e2a8665dd]]|K8s RBAC|
|2020.04.16|//Voodoo Security//[>img[iCSF/flag_fr.png]]|[[Traitements cloud : quels outils et contrôles de sécurité fonctionnent le mieux ?|https://www.lemagit.fr/conseil/Traitements-Cloud-quels-outils-et-controles-de-securite-fonctionnent-le-mieux]]|Misc|
|2020.04.16|//Thibault Joubert//[>img[iCSF/flag_fr.png]]|[[Un Office 365 sécurisé, une perle rare ?|https://www.linkedin.com/pulse/un-office-365-s%25C3%25A9curis%25C3%25A9-une-perle-rare-thibault-joubert/]]|O365|
|2020.04.16|//Intezer//|[[Pre-runtime vulnerability scans or runtime protection: Which is better for your IaaS security?|https://intezer.com/blog/cloud/pre-runtime-vulnerability-scans-or-runtime-protection-which-is-better-for-your-iaas-security/]]|IaaS Scanning Protection|
|2020.04.16|//AlienVault//|[[7 key steps to Zero Trust|https://cybersecurity.att.com/blogs/security-essentials/7-key-steps-to-zero-trust]] (3/3]|Zero_Trust|
|2020.04.16|//NeuVector//|[[New tools help automate container security|https://betanews.com/2020/04/16/tools-automate-container-security/]]|Container Scanning|
|>|>|>|!2020.04.15|
|2020.04.15|SANS|[[Top 5 Considerations for Multicloud Security|https://www.sans.org/blog/top-5-considerations-for-multicloud-security/]] ([[étude|https://www.sans.org/reading-room/whitepapers/cloud/top-5-considerations-multicloud-security-39505]])|Multi_Cloud|
|2020.04.15|Dark Reading|[[You're One Misconfiguration Away from a Cloud-Based Data Breach|https://www.darkreading.com/cloud/youre-one-misconfiguration-away-from-a-cloud-based-data-breach/a/d-id/1337464]]|Misconfiguration|
|2020.04.15|Bleeping Computer|[[Cloudflare dashboard and APIs are down, some sites having issues|https://www.bleepingcomputer.com/news/technology/cloudflare-dashboard-and-apis-are-down-some-sites-having-issues/]]|Outage cloudflare|
|2020.04.15|Bleeping Computer|[[Nemty Ransomware shuts down public RaaS operation, goes private|https://www.bleepingcomputer.com/news/security/nemty-ransomware-shuts-down-public-raas-operation-goes-private/]]|RaaS Ransomware|
|2020.04.15|DZone|[[Disaster Recovery Problem: Solution|https://dzone.com/articles/disaster-recovery-problem-solution]]|DRaaS DRP|
|2020.04.15|//Intezer//|![[The missing MITRE ATT&CK matrix for Linux cloud servers|https://intezer.com/blog/cloud/the-missing-mitre-attck-matrix-for-linux-cloud-servers/]]|ATT&CK Linux|
|2020.04.15|//TrendMicro//|[[Principles of a Cloud Migration - Security, The W5H|https://blog.trendmicro.com/principles-of-a-cloud-migration-security-the-w5h/]]|Responsibility|
|2020.04.15|//Voodoo Security//[>img[iCSF/flag_fr.png]]|[[Cloud : cinq étapes pour sécuriser la console d'administration|https://www.lemagit.fr/conseil/Cloud-Cinq-etapes-pour-securiser-la-console-dadministration]]|Misc|
|2020.04.15|//Akamai//|![[A Brief History of a Rootable Docker Image|https://blogs.akamai.com/sitr/2020/04/a-brief-history-of-a-rootable-docker-image.html]]|Docker Attacks Honeypot|
|2020.04.16|//ThreatPost//| → [[Poorly Secured Docker Image Comes Under Rapid Attack|https://threatpost.com/poorly-secured-docker-image-rapid-attack/154874/]]|Docker Attacks Honeypot|
|2020.04.15|//FlowRoute//|[[How Cloud-Based Communication Tools Support the Spike in Global Remote Workers|https://vmblog.com/archive/2020/04/15/how-cloud-based-communication-tools-support-the-spike-in-global-remote-workers.aspx]]|Resilience|
|2020.04.15|//Awake Security//|[[Delivering On the Promise of Securing the Hybrid Cloud|Delivering On the Promise of Securing the Hybrid Cloud]]|Hybrid_Cloud|
|>|>|>|!2020.04.14|
|2020.04.14|Le MagIT[>img[iCSF/flag_fr.png]]|[[Services gratuits coupés : le cloud Azure en pénurie de capacités|https://www.lemagit.fr/actualites/252481611/Services-gratuits-coupes-le-cloud-Azure-en-penurie-de-capacites]]|Capacity Shortage|
|2020.04.14|Security Week|![[Backup or Disaster Recovery for Protection Against Ransomware?|https://www.securityweek.com/backup-or-disaster-recovery-protection-against-ransomware]]|Backup DRP Ransomware|
|2020.04.14|Marco Lancini|![[My Blogging Stack |https://www.marcolancini.it/2020/blog-blogging-stack/]]|Implementation|
|2020.04.14|//Appsecco//|![[Attacking and Auditing Docker Containers and Kubernetes Clusters|https://github.com/appsecco/attacking-and-auditing-docker-containers-and-kubernetes-clusters]]|Training Docker Kubernetes|
|2020.04.14|//AlienVault//|[[Slack phishing attacks using webhooks|https://cybersecurity.att.com/blogs/labs-research/slack-phishing-attacks-using-webhooks]]|Slack Attacks|
|2020.04.15|Dark Reading| → [[Slack's Incoming Webhooks Can Be Weaponized in Phishing Attacks|https://www.darkreading.com/cloud/slack-incoming-webhooks-can-be-weaponized-in-phishing-attacks/d/d-id/1337573]]|Slack Attacks|
|2020.04.14|//Spanning//|[[Pitching SaaS Backup: 3 Obstacles to Expect|https://spanning.com/blog/pitching-saas-backup-3-obstacles-to-expect/]]|SaaS Back_Ups|
|2020.04.14|//AttackIQ//|[[Defeating a Cloud Breach Part 3|https://attackiq.com/blog/2020/04/14/defeating-a-cloud-breach-part-3/]] (3/3)|Attack Breach|
|2020.04.14|//Exabeam//|[[Top Cyber Security Best Practices for the Hybrid Cloud|https://www.exabeam.com/information-security/top-cybersecurity-best-practices-for-hybrid-cloud/]]|Hybrid_Cloud best_Practices|
|2020.04.14|//Arcserve//|[[2 decades of cloud: Where it's been and where it's heading|https://www.ciodive.com/news/cloud-adoption-disaster-recovery/575946/]]|DRaaS DRP|
|2020.04.14|//AppOmni//|[[Top 3 Myths of SaaS Data Security for Enterprises|https://cdn2.hubspot.net/hubfs/6705456/Collateral/Top-3-Myths-SaaS-Data-Security-Enterprise.pdf]]|SaaS Myths|
|>|>|>|!2020.04.13|
|2020.04.13|Help Net Security|[[You have to consider cybersecurity at all points of a cloud migration|https://www.helpnetsecurity.com/2020/04/13/cybersecurity-cloud-migration/]]|Migration|
|2020.04.13|Fair Institute|![[Amazon S3 Bucket Data Breaches - a FAIR™ Risk Analysis|https://www.fairinstitute.org/blog/amazon-s3-bucket-data-breaches-a-fair-risk-analysis]]|AWS_S3 Data_Breach Risk_Analysis|
|2020.04.13|//Uptics//|[[Detecting Docker Container Malware using osquery|https://www.uptycs.com/blog/detecting-docker-container-malware-using-osquery]]|Docker Malware Detection|
|2020.04.13|//Cloud Management Insider//|[[How Containers And Hybrid Cloud Is A Perfect Match?|https://www.cloudmanagementinsider.com/benefits-of-containers-in-hybrid-cloud/]]|Containers Hybrd_Cloud|
|2020.04.13|//Cloud Passage//|[[Containerization and Container Orchestration Platform Protection: Cloud Workload Security Part 3|https://www.cloudpassage.com/blog/containerization-container-orchestration-platform-protection/]] (3/3)|Containers Orchestration|
|2020.04.13|//TrendMicro//|[[Shift Well-Architecture Left. By Extension, Security Will Follow|https://blog.trendmicro.com/shift-well-architecture-left-by-extension-security-will-follow/]]|DevSecOps|
|2020.04.13|//TrendMicro//|[[What do serverless compute platforms mean for security?|https://blog.trendmicro.com/what-do-serverless-compute-platforms-mean-for-security/]]|Serverless|
/%
|>|>|>|!À lire / Must read |
|>|>|>|!Attaques, Incidents, Fuites de données, Pannes / Attacks, Incidents, Data Leaks, Outages |
|>|>|>|''Attaques / Attacks'' |
|>|>|>|''Incidents'' |
|>|>|>|''Fuites de données / Leaks'' |
|>|>|>|''Pannes / Outages'' |
|>|>|>|!Risques, Menaces, Vulnérabilités / Risks, Threats, Vulnerabilities |
|>|>|>|''Risques / Risks'' |
|>|>|>|''Menaces / Threats'' |
|>|>|>|''Vulnérabilités / Vulnerabilities'' |
|>|>|>|!Bonnes Pratiques, Techniques de Détection / Best Practices, and Detection |
|>|>|>|''Bonnes pratiques / Best Practices'' |
|>|>|>|''Protection'' |
|>|>|>|''Détection / Detection'' |
|>|>|>|!Rapports, Sondages, Études, Publications / Reports, Surveys, Studies, Publications |
|>|>|>|''Sondages / Surveys'' |
|>|>|>|''Études / Studies'' |
|>|>|>|''Publications'' |
|>|>|>|!Cloud Services Providers, Outils / CSPs, Solutions, and Tools |
|>|>|>|''Oracle'' |
|>|>|>|''Kubernetes'' |
|>|>|>|''Docker'' |
|>|>|>|''Containers'' |
|>|>|>|''Workloads'' |
|>|>|>|''Outils / Tools'' |
|>|>|>|!Veilles hebdomadaires 'Cloud et Sécurité', Podcasts, Conférences / Weekly 'Cloud and Security' Watch, Podcasts, Conferences |
|>|>|>|''Conférences / Conferences'' |
|>|>|>|''Podcasts'' |
|>|>|>|''Veilles / Newsletters'' |
|§YYYY§.§MM§.§DD§|Marco Lancini|[[The Cloud Security Reading List #§§|https://cloudseclist.com/issues/issue-§§/]] |Weekly_Newsletter|
|§YYYY§.§MM§.|TL;DR Security|[[#§§ - ????|https://tldrsec.com/blog/tldr-sec-0§§/]] |Weekly_Newsletter|
|>|>|>|!Marché, Acquisitions / Market, Acquisitions |
|>|>|>|''Marché / Market'' |
|>|>|>|''Acquisitions'' |
|>|>|>|!Divers / Miscellaneous |
|>|>|>|''APIs'' |
|>|>|>|''Privacy Shield'' |
|>|>|>|''SASE'' |
|>|>|>|''Autres / Others'' |
%/
!"//Etat de l'adoption du Cloud//"
Un premier sondage a été lancé sur [[Circle]] par l'un de ses membres sur le sujet de l'adoption du Cloud.
Le sondage est ouvert jusqu'au ''28 avril 2020'' et le résultat sera publié sur [[Circle]] et sera communiqué sur notre site.
Il est hébergé sur la plateforme SurveyMonkey.
Afin de vous y préparer, les 20 questions posées sont disponibles+++*[ici]> {{ss2col{ //
# How would you describe your role in the company?
# Which industry are your company operating in?
# Number of employees at your company
# The use of cloud computing...
# Degree of company's perceived risks of cloud computing regarding the three statements below
# Cloud computing is difficult to integrate with existing IT systems
# The company has a clear and coherent digital strategy including how tech drives business goals and how it could be implemented
# The standardisation of cloud computing involving security and privacy standards, interface standards for different layers, architecture and integration standards, etc is sufficient for deployment within the firm
# My company has sufficient digital capabilities (skills, right eduction, experience or knowledge within IT) to implement, maintain and use cloud computing
# Degree my firm is a cross-functional organisation (teams with members from different functional areas in the organisation, such as business and technology)
# The company's top management understand the values of digital technologies to the organisation's future
# Cloud computing is important in terms of competitive advantage for the firm
# The laws and regulations that exists nowadays are sufficient to protect privacy, access, and confidentiality in a cloud-based environment
# Support from provider and other trading partners are sufficient to build a cloud computing infrastructure according to the needs of the company
# Level of firm's functions are processes in the cloud
# At what stage of cloud computing adoption is your organisation currently engaged?
# Your firm's intention to migrate to the cloud
# What kind of deployment model is the company currently using?
# Which provider's cloud does your company use?
# Which country are you working in?
//}}} ===
* Lien vers le sondage ⇒ ''[[CloudSecurityAlliance.fr/go/k4is/|https://CloudSecurityAlliance.fr/go/k4is/]]''
!"//Cloud Security Alliance Expands Virtual Learning Resources Program CSAAnywhere//"
[>img(150px,auto)[iCSA/K39BC.png]]Le CSA fait des promotions sur ses formations en ligne et va organiser deux événements en ligne :
# ''CloudBytes Connect'' du 26 au 28 mai 2020
# ''Virtual EU Summit'' du 9 au 12 Juin 2020
Le communiqué de presse a été publié le 14 avril 2020 par la CSA.
<<<
//SEATTLE - April 14, 2020 - The Cloud Security Alliance (CSA)// [...] //today announced the availability of numerous online resources for cloud and cybersecurity professionals to further their education and expand their network through its CSAAnywhere program. Whether it's leveraging CSA's discounted online courses, collaborating through Circle, CSA's online global community, or earning CPE credits while learning about the latest cloud security technology and research on CloudBytes, CSA's award winning webinar channel, CSA has it covered.
//[...]//
In addition, cloud and cybersecurity professionals can take advantage of a 20-percent discount on all CSA online courses, as well as CCSK exam tokens, through May 31 with the discount code ''TrainAnywhere''.
//[...]//
CSA will be rolling out a series of global virtual events in the coming weeks, including CloudBytes Connect (May 26-28), a multi-day virtual event program that will bring the collaboration of research and community to the forefront, and the Virtual EU Summit (June 9-12), which will address trust-building measures and the private sector in a secure and trusted cloud environment. Check back for updated information.//
<<<
__Lien :__
⇒ ''[[CloudSecurityAlliance.fr/go/k43p/|https://CloudSecurityAlliance.fr/go/k4ep/]]''
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #59|2020.04.12 - Newsletter Hebdomadaire #59]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #59|2020.04.12 - Weekly Newsletter - #59]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.04.12 - Newsletter Hebdomadaire #59]]>> |<<tiddler [[2020.04.12 - Weekly Newsletter - #59]]>> |
!!1 - Informations CSA de la semaine du 6 au 12 avril 2020
* Formation ''CCSK en Français'' en juin 2020+++*[»]> <<tiddler [[2020.04.12 - Formation CCSK en Français en juin 2020]]>>===
* Conférence : ''CSA Virtual EU Summit'' du 9 au 12 juin+++*[»]> <<tiddler [[2020.04.11 - Premier 'CSA Virtual EU Summit' du 9 au 12 juin]]>>===
* Blog : 23 Conseils pour réussir la certification ''CCSK''+++*[»]> <<tiddler [[2020.04.10 - Blog : 23 Conseils pour réussir la certification CCSK]]>>===
* Blog : Sécurité réseau pour le ''Cloud et le travail à distance''+++*[»]> <<tiddler [[2020.04.08 - Blog : Sécurité réseau pour le Cloud et le travail à distance]]>>===
* Blog : Projet CSA pour un référentiel sécurité pour la ''blockchain et les cryptomonnaies''+++*[»]> <<tiddler [[2020.04.06 - Blog : Projet CSA pour un référentiel sécurité pour la blockchain et les cryptomonnaies]]>>===
* Publication du Chapitre italien : '''Cloud, RGPD, NIS et DSP2'''+++*[»]> <<tiddler [[2020.04.10 - Publication du Chapitre italien : 'Cloud, RGPD, NIS et DSP2']]>>===
* Webinar : 'Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage'+++*[»]> <<tiddler [[2020.04.07 - Webinar : 'Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage']]>>===
* Appels à commentaires : ''CSA'' 'Hybrid Clouds and its Associated Risks'+++*[»]> <<tiddler [[2020.04.10 - Appel à commentaires : 'Hybrid Clouds and its Associated Risks']]>>=== et ''NIST'' 800-210 'General Access Control Guidance for Cloud Systems'+++*[»]> <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]>>===
* Sondages : sur la technologie CASB d'ici au ''20 avril''+++*[»]> <<tiddler [[2020.03.09 - Sondage sur la technologie CASB]]>>=== et sur la sensibilisation à la cryptographie quantique d'ici au ''27 avril''+++*[»]> <<tiddler [[2020.03.09 - Sondage sur la sensibilisation à la cryptographie quantique]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.04.12 - Veille Hebdomadaire - 12 avril]] avec plus de 60 liens dont :
* Publications : Le CloudBook de //Nuageo//+++*[»]>
|2020.04.11|//Nuageo//[>img[iCSF/flag_fr.png]]|![[Le CloudBook Nuageo|https://www.nuageo.fr/2020/04/cloudbook-ebook/]]|Misc|
===
* Etudes et rapports : TrendMicro+++*[»]>
|2020.04.08|//TrendMicro//|![[Exploring Common Threats to Cloud Security|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/exploring-common-threats-to-cloud-security]]|Report TrendMicro|
|2020.04.08|//TrendMicro//| → [[Untangling the Web of Cloud Security Threats (pdf)|https://documents.trendmicro.com/assets/white_papers/wp-untangling-the-web-of-cloud-security-threats.pdf]]|Report TrendMicro|
===
* Fuites de données : RigUp+++*[»]
|2020.04.08|VPNmentor|[[Report: Massive Data Leak Exposes US Energy Sector to Cyberattack|https://www.vpnmentor.com/blog/report-rigup-leak/]]|AWS Data_Leak|
|2020.04.10|Security Week| → [[RigUp Database Exposed 76,000 Files From U.S. Energy Sector|https://www.securityweek.com/rigup-database-exposed-76000-files-us-energy-sector]]|AWS Data_Leak|
=== et Maropost+++*[»]
|2020.04.08|CyberNews|[[Marketing giant Maropost exposes 95 million email records and doesn't seem to care about it|https://cybernews.com/security/marketing-giant-maropost-exposes-95-million-emails-and-doesnt-seem-to-care-about-it/]]|GCP Data_Leak|
|2020.04.10|//Hot for Security//| → [[Maropost customer database exposes 95 million email records|https://hotforsecurity.bitdefender.com/blog/maropost-customer-database-exposes-95-million-email-records-22955.html]]|GCP Data_Leak|
===
* __Attaques__ et pannes : retour sur une panne d'Azure+++*[»]
|2020.04.09|CIO Dive|![[Asleep at the cloud: A Microsoft Azure disruption changed who gets a wake-up call|https://www.ciodive.com/news/microsoft-azure-outage-delay-manager-asleep/575811/]]|Escalation|
===, de GCP+++*[»]
|2020.04.08|CBR Online|[[Google Cloud Confirms, Fixes Sweeping Outage, Blames IAM API Issues|https://www.cbronline.com/news/google-cloud-issues]]|GCP Outage|
=== et du détournement de BGP+++*[»]
|2020.04.08|//Catchpoint//|[[April Fools' BGP Hijack|https://blog.catchpoint.com/2020/04/06/april-fools-bgp-hijack/]]|BGP_Highjack|
===, fraudes au président via le Cloud+++*[»]
|2020.04.06|FBI|![[Cyber Criminals Conduct Business Email Compromise through Exploitation of Cloud-Based Email Services, Costing US Businesses More Than $2 Billion|https://www.ic3.gov/media/2020/200406.aspx]]|Business_Email_Compromise|
===
* __Menaces__ et protection : deux bons articles de Checkpoint+++*[»]
|2020.04.10|//Check Point//|![[Threat Actors Migrating to the Cloud|https://research.checkpoint.com/2020/threat-actors-migrating-to-the-cloud/]]|Threat_Actors|
|2020.04.10|//Check Point//|[[How to Implement Layered Security into Cloud Workloads|https://blog.checkpoint.com/2020/04/10/how-to-implement-layered-security-into-cloud-workloads/]]|Workloads|
===, détection d'attaques contre les clusters Kubernetes+++*[»]>
|2020.04.08|//Microsoft Azure//|[[Detect large-scale cryptocurrency mining attack against Kubernetes clusters|https://azure.microsoft.com/en-us/blog/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters/]]|Azure Kubernetes Cryptomining|
===
* __Divers__ : réflexions sur la résilience+++*[»]
|2020.04.10|//Cohesity//[>img[iCSF/flag_fr.png]]|![[Que ferez-vous quand votre cloud ne sera plus accessible ?|https://datacenter-magazine.fr/que-ferez-vous-quand-votre-cloud-ne-sera-plus-accessible/]]|Resilience|
===, sécurité des containers et de Docker+++*[»]
|2020.04.10|//Lacework//|[[Who's Attacking My Containers?|https://www.lacework.com/whos-attacking-my-containers/]]|Containers Attacks|
|2020.04.10|//Uptycs//|[[8 Docker Security Best Practices To Optimize Your Container System|https://www.uptycs.com/blog/docker-security-best-practices]]|Docker Best_Practices|
===, migration des données+++*[»]
|2020.04.06|Portail de l'IE[>img[iCSF/flag_fr.png]]|![[Comment diminuer les risques liés à la migration des données dans le multi-Cloud ?|https://portail-ie.fr/analysis/2350/comment-diminuer-les-risques-lies-a-la-migration-des-donnees-dans-le-multi-cloud]]|Multi_Cloud|
===, recommendations NCSC UK+++*[»]
|2020.04.08|NCSC UK|[[Cloud backup options for mitigating the threat of ransomware|https://www.ncsc.gov.uk/blog-post/cloud-backup-options-for-mitigating-the-threat-of-ransomware]]|BackUps Ransomware|
|2020.04.08|NCSC UK|[[NCSC IT: There's confidence and then there's SaaS|https://www.ncsc.gov.uk/blog-post/ncsc-it-theres-confidence-and-then-theres-saas]]|SaaS|
===
!CSA News and Updates - April 5th to 12th
* ''CCSK'' training in ''French'' in June 2020+++*[»]> <<tiddler [[2020.04.12 - Formation CCSK en Français en juin 2020]]>>===
* ''CSA Virtual EU Summit'' from June 9th to 12th+++*[»]> <<tiddler [[2020.04.11 - Premier 'CSA Virtual EU Summit' du 9 au 12 juin]]>>===
* Blog: 23 tips to pass the CCSK exam+++*[»]> <<tiddler [[2020.04.10 - Blog : 23 Conseils pour réussir la certification CCSK]]>>===
* Blog: 'Network Security for the Cloud and Mobile Workforce'+++*[»]> <<tiddler [[2020.04.08 - Blog : Sécurité réseau pour le Cloud et le travail à distance]]>>===
* Blog: 'CSA kicks off project to create a security framework for blockchain and cryptocurrencies'+++*[»]> <<tiddler [[2020.04.06 - Blog : Projet CSA pour un référentiel sécurité pour la blockchain et les cryptomonnaies]]>>===
* Publication by the CSA Italian Chapter: 'Cloud, GCPR, NIS et PSD2'+++*[»]> <<tiddler [[2020.04.10 - Publication du Chapitre italien : 'Cloud, RGPD, NIS et DSP2']]>>===
* Webinar: 'Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage'+++*[»]> <<tiddler [[2020.04.07 - Webinar : 'Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage']]>>===
* Call for comments: 'CSA' 'Hybrid Clouds and its Associated Risks'+++*[»]> <<tiddler [[2020.04.10 - Appel à commentaires : 'Hybrid Clouds and its Associated Risks']]>>=== and 'NIST' SP 800-210 'General Access Control Guidance for Cloud Systems'+++*[»]> <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]>>===
* Surveys: 'Expectations and Evolution of CASBs' before ''April 20th''+++*[»]> <<tiddler [[2020.03.09 - Sondage sur la technologie CASB]]>>=== and Quantum-Safe Security Awareness before ''April 27th''+++*[»]> <<tiddler [[2020.03.09 - Sondage sur la sensibilisation à la cryptographie quantique]]>>===
!Cloud and Security News Watch
[[Over 60 links|2020.04.12 - Veille Hebdomadaire - 12 avril]] among which:
* Publications: CloudBook by //Nuageo//
* Reports: TrendMicro (Untangling the Web of Cloud Security Threats)
* Data Leaks: RigUp (Massive data leak exposes 76,000 files from US Energy sector) and Maropost (customer database exposed 95 million email records)
* __Attacks__ and outages: feedback on a previous Azure disruption and GCP outage (IAM API issues), and BGP Hijack; FBI warning on BEC (Business Email Compromise through exploitation of Cloud-based email services)
* Threats: Checkpoint articles (Threat actors migrating to the Cloud, and layered security for Cloud workloads), and Kubernetes clusters (detection of large-scale cryptocurrency mining attacks)
* __Miscellaneous__: resilience, container an Docker best practices, and NCSC UK memos (Saas; Cloud backup options for mitigating the threat of ransomware)
|!⇒ [[CloudSecurityAlliance.fr/go/K4C/|https://CloudSecurityAlliance.fr/go/K4C/]] |
<<tiddler [[arOund0C]]>>
|!Avril|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.04.11|
|2020.04.11|//Nuageo//[>img[iCSF/flag_fr.png]]|![[Le CloudBook Nuageo|https://www.nuageo.fr/2020/04/cloudbook-ebook/]]|Misc|
|2020.04.11|Cloud Security Podcast|[[How to secure and improve cloud environment - Merritt Baer, Principal Security Architect, AWS|https://anchor.fm/cloudsecuritypodcast/episodes/How-to-secure-and-improve-cloud-environment---Merritt-Baer--Principal-Security-Architect--AWS-ecleai]]|Podcast AWS|
|2020.04.11|GitHub|[[Breaking and Pwning Apps and Servers on AWS and Azure - Free Training Courseware and Labs|https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training]]|Training|
|2020.04.11|arXiv.org|[[A Role-Based Encryption Scheme for Securing Outsourced Cloud Data in a Multi-Organization Context|https://arxiv.org/pdf/2004.05419.pdf]] (pdf)|Encryption|
|2020.04.11|//Coalfire//|[[Clearing the Clouds: Comparing CMMC to other Frameworks|https://www.coalfire.com/The-Coalfire-Blog/April-2020/Comparing-CMMC-to-other-Frameworks?feed=blogs]]|Maturity|
|>|>|>|!2020.04.10|
|2020.04.10|//Cohesity//[>img[iCSF/flag_fr.png]]|![[Que ferez-vous quand votre cloud ne sera plus accessible ?|https://datacenter-magazine.fr/que-ferez-vous-quand-votre-cloud-ne-sera-plus-accessible/]]|Resilience|
|2020.04.10|//Check Point//|![[Threat Actors Migrating to the Cloud|https://research.checkpoint.com/2020/threat-actors-migrating-to-the-cloud/]]|Threat_Actors|
|2020.04.10|//Check Point//|[[How to Implement Layered Security into Cloud Workloads|https://blog.checkpoint.com/2020/04/10/how-to-implement-layered-security-into-cloud-workloads/]]|Workloads|
|2020.04.10|//Lacework//|![[Who's Attacking My Containers?|https://www.lacework.com/whos-attacking-my-containers/]] |Containers Attacks IOCs|
|2020.04.10|//Uptycs//|[[8 Docker Security Best Practices To Optimize Your Container System|https://www.uptycs.com/blog/docker-security-best-practices]]|Docker Best_Practices|
|2020.04.10|//AWS//|[[Enable automatic logging of web ACLs by using AWS Config|https://aws.amazon.com/blogs/security/enable-automatic-logging-of-web-acls-by-using-aws-config/]]|AWS Logging|
|>|>|>|!2020.04.09|
|2020.04.09|TechRepublic|[[How to secure a Kubernetes cluster by preventing unwanted modules from loading|https://www.techrepublic.com/article/how-to-secure-a-kubernetes-cluster-by-preventing-unwanted-modules-from-loading/]]|K8s|
|2020.04.09|CIO Dive|![[Asleep at the cloud: A Microsoft Azure disruption changed who gets a wake-up call|https://www.ciodive.com/news/microsoft-azure-outage-delay-manager-asleep/575811/]]|Escalation|
|2020.04.09|CIO Dive|[[Yes, developers break cloud security rules. But do companies have adequate policies in place?|https://www.ciodive.com/news/developer-cloud-security/575791/]]|DevSecOps|
|2020.04.09|DZone|[[Azure Sphere: A Secured Hardware Solution for Your IoT Device Security|https://dzone.com/articles/azure-sphere-a-secured-hardware-solution-for-your]]|Azure AIoT|
|2020.04.09|NextGov|[[NIST Invites Comment on Guidance for Who Gets to Access What in the Cloud|https://www.nextgov.com/it-modernization/2020/04/nist-invites-comment-guidance-who-gets-access-what-cloud/164500/]]|NIST|
|2020.04.09|CBR Online|[[All That Cloud Data Is Causing Firms to Focus on the Wrong Security Issues|https://www.cbronline.com/news/cloud-data]]|Data|
|2020.04.09|CyberSecurity Insiders|[[Box bolsters its Cloud Security with automated Malware Detection Shield|https://www.cybersecurity-insiders.com/box-bolsters-its-cloud-security-with-automated-malware-detection-shield/]]|
|2020.04.10|Help Net Security| → [[Box Shield: Mitigating malware attacks by neutralizing malicious files|https://www.helpnetsecurity.com/2020/04/10/box-shield/]]|Box Detection|
|2020.04.09|//WeScale//[>img[iCSF/flag_fr.png]]|[[La gestion des secrets dans Google Cloud Platform|https://blog.wescale.fr/2020/04/09/la-gestion-des-secrets-dans-google-cloud-platform/]]|GCP Secrets|
|2020.04.09|//TrendMicro//|[[Cloud Transformation Is The Biggest Opportunity To Fix Security|https://blog.trendmicro.com/cloud-transformation-is-the-biggest-opportunity-to-fix-security/]]|Misc|
|2020.04.09|//Microsoft//|[[Security and Microsoft Teams|https://docs.microsoft.com/en-us/microsoftteams/teams-security-guide]]|M365 Teams|
|2020.04.09|//Rapid7//|[[Answers to Three FAQs About the New-and-Improved Cloud Configuration Assessment Remediation Content in InsightVM|https://blog.rapid7.com/2020/04/09/answers-to-three-faqs-about-the-new-and-improved-cloud-configuration-assessment-remediation-content-in-insightvm/]]|Configuration Assessment|
|2020.04.09|//Microsoft//|[[Enable remote work while keeping cloud deployments secure|https://www.microsoft.com/security/blog/2020/04/09/enable-remote-work-while-keeping-cloud-deployments-secure/]]|Misc.|
|2020.04.09|//Alibaba//|[[Cloud-based Security Service Provisioning: The Future of Cybersecurity|https://medium.com/@Alibaba_Cloud/cloud-based-security-service-provisioning-the-future-of-cybersecurity-d6be933c2b96]]|SecOps|
|2020.04.09|//Park My Cloud//|[[If You Just Do One Thing Today, Run the AWS IAM Access Analyzer|https://www.parkmycloud.com/blog/aws-iam-access-analyzer/]]|AWS IAM|
|2020.04.09|//Security Intelligence//|[[Why Hybrid Cloud Environments Require More Than Just First-Generation IDaaS Solutions|https://securityintelligence.com/posts/why-hybrid-cloud-environments-require-more-than-just-first-generation-idaas-solutions/]]|IDaaS|
|2020.04.09|//CyberArk Conjur//|[[How to Scan Github Repositories for Secrets & Credentials with Open Source|https://www.conjur.org/blog/how-to-scan-github-repositories-for-secrets-credentials-with-open-source/]]|GithubSecrets|
|2020.04.09|Gabor Matuz|[[Testing docker CVE scanners. Part 1: false negatives and what they mean for your security|https://medium.com/@matuzg/testing-docker-cve-scanners-part-1-false-negatives-and-what-they-mean-for-your-security-77fc4eb1b2cf]]|Docker Scanning|
|>|>|>|!2020.04.08|
|2020.04.08|TL;DR Security|[[#30 - Securing Your Home Network, ATT&CK for Kubernetes, Google on Building Secure Systems|https://tldrsec.com/blog/tldr-sec-030/]] |Weekly_Newsletter|
|2020.04.08|NCSC UK|[[Cloud backup options for mitigating the threat of ransomware|https://www.ncsc.gov.uk/blog-post/cloud-backup-options-for-mitigating-the-threat-of-ransomware]]|BackUps Ransomware|
|2020.04.08|NCSC UK|[[NCSC IT: There's confidence and then there's SaaS|https://www.ncsc.gov.uk/blog-post/ncsc-it-theres-confidence-and-then-theres-saas]]|SaaS|
|2020.04.08|CBR Online|[[Google Cloud Confirms, Fixes Sweeping Outage, Blames IAM API Issues|https://www.cbronline.com/news/google-cloud-issues]]|GCP Outage|
|2020.04.08|VPNmentor|[[Report: Massive Data Leak Exposes US Energy Sector to Cyberattack|https://www.vpnmentor.com/blog/report-rigup-leak/]]|AWS Data_Leak|
|2020.04.10|Security Week| → [[RigUp Database Exposed 76,000 Files From U.S. Energy Sector|https://www.securityweek.com/rigup-database-exposed-76000-files-us-energy-sector]]|AWS Data_Leak|
|2020.04.08|CyberNews|[[Marketing giant Maropost exposes 95 million email records and doesn't seem to care about it|https://cybernews.com/security/marketing-giant-maropost-exposes-95-million-emails-and-doesnt-seem-to-care-about-it/]]|GCP Data_Leak|
|2020.04.10|//Hot for Security//| → [[Maropost customer database exposes 95 million email records|https://hotforsecurity.bitdefender.com/blog/maropost-customer-database-exposes-95-million-email-records-22955.html]]|GCP Data_Leak|
|2020.04.08|0x00SEC|[[VulnHub BoredHackerBlog: Cloud AV. WriteUp - Walkthrough|https://0x00sec.org/t/vulnhub-boredhackerblog-cloud-av-writeup-walkthrough/20360]] ([[challenge to download|https://www.vulnhub.com/entry/boredhackerblog-cloud-av,453/]])|Challenge_Analysis|
|2020.04.08|FedScoop|[[CISA suggests telework adaptations to TIC 3.0|https://www.fedscoop.com/cisa-telework-adaptations-tic-3-0/]]|Teleworking|
|2020.04.08|//Catchpoint//|[[April Fools' BGP Hijack|https://blog.catchpoint.com/2020/04/06/april-fools-bgp-hijack/]]|BGP_Highjack|
|2020.04.08|CSO Online|[[Episode 7: Security in a time of crisis|https://www.csoonline.com/article/3536599/episode-7-security-in-a-time-of-crisis.html]] ([[podcast|https://playlist.megaphone.fm?e=IDG5153554764]])|Governance Risks|
|2020.04.08|//TrendMicro//|![[Exploring Common Threats to Cloud Security|https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/exploring-common-threats-to-cloud-security]]|Report TrendMicro|
|2020.04.08|//TrendMicro//| → [[Untangling the Web of Cloud Security Threats (pdf)|https://documents.trendmicro.com/assets/white_papers/wp-untangling-the-web-of-cloud-security-threats.pdf]]|Report TrendMicro|
|2020.04.08|Solutions Review| → [[Trend Micro Study Shows Cloud Misconfiguration as Major Threat|https://solutionsreview.com/security-information-event-management/trend-micro-study-shows-cloud-misconfiguration-as-major-threat/]]|Report TrendMicro|
|2020.04.08|//Tripwire//|[[Auditing Cloud Administrator Behavior as a Matter of Data Breach Preparedness|https://www.tripwire.com/state-of-security/security-data-protection/cloud/auditing-cloud-administrator-behavior-data-breach-preparedness/]]|Best_Practices|
|2020.04.08|//Microsoft Azure//|[[Detect large-scale cryptocurrency mining attack against Kubernetes clusters|https://azure.microsoft.com/en-us/blog/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters/]]|Azure Kubernetes Cryptomining|
|2020.04.08|//Cloudonaut//|[[AWS Account Structure: Think twice before using AWS Organizations|https://cloudonaut.io/aws-account-structure-think-twice-before-using-aws-organizations/]]|AWS Accounts|
|2020.04.08|//VirtuStream//|[[The Tenets of a Trusted Cloud Partner Should Include Security, Compliance, Privacy and Transparency|https://www.virtustream.com/blog/tenets-of-a-trusted-cloud-partner]]|Tenets|
|2020.04.08|//JumpCloud//|[[What Can Azure AD Tell You About Your Organization?|https://jumpcloud.com/blog/aad-tell-you-about-org]]|AzureAD|
|2020.04.08|//AlienVault//|[[The Zero Trust Authorization Core|https://cybersecurity.att.com/blogs/security-essentials/the-zero-trust-authorization-core]] (2/3]|Zero_Trust|
|2020.04.08|//Inovex//|![[Welcome To The Container Jungle: Docker vs. containerd vs. Nabla vs. Kata vs. Firecracker and more!|https://www.inovex.de/blog/containers-docker-containerd-nabla-kata-firecracker/]] |Docker Comparison|
|>|>|>|!2020.04.07|
|2020.04.07|Forbes|[[Cybersecurity Issues? Amazon Detective Is On The Case|https://www.forbes.com/sites/moorinsights/2020/04/07/cybersecurity-issues-amazon-detective-is-on-the-case/]]|AWS_Detective|
|2020.04.07|KitPloit|[[MSOLSpray - A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)|https://www.kitploit.com/2020/04/msolspray-password-spraying-tool-for.html]]|[[Tools|GitHub-Tools]]|
|2020.04.07|//Duo Security//|[[Kinsing Malware Targets Docker|https://duo.com/decipher/kinsing-malware-targets-docker]]|Docker Attacks|
|2020.04.07|//ThousandEyes//|[[The Internet Report, Episode 2|https://blog.thousandeyes.com/internet-report-episode-2/]] ([[podcast|https://cdn.transistor.fm/file/transistor/m/shows/9326/5faf13e6ec6e6bfd7ada537b6b8cfcc0.mp3]])|
|2020.04.07|//Red Hat OpenShift//|[[Why Linux containers are a CIO's best friend|https://www.ciodive.com/news/linux-containers-kubernetes/575506/]]|Containers Linux|
|>|>|>|!2020.04.06|
|2020.04.06|Portail de l'IE[>img[iCSF/flag_fr.png]]|![[Comment diminuer les risques liés à la migration des données dans le multi-Cloud ?|https://portail-ie.fr/analysis/2350/comment-diminuer-les-risques-lies-a-la-migration-des-donnees-dans-le-multi-cloud]]|Multi_Cloud|
|2020.04.06|UK Authority|[[GDS publishes guide to cloud hosting strategy|https://www.ukauthority.com/articles/gds-publishes-guide-to-cloud-hosting-strategy/]]|Strategy|
|2020.04.06|FBI|![[Cyber Criminals Conduct Business Email Compromise through Exploitation of Cloud-Based Email Services, Costing US Businesses More Than $2 Billion|https://www.ic3.gov/media/2020/200406.aspx]]|Business_Email_Compromise|
|2020.04.10|E Hacking News| → [[BEC Scams Cost American Companies Billions!|https://www.ehackingnews.com/2020/04/bec-scams-cost-american-companies.html]]|Business_Email_Compromise|
|2020.04.06|InfoSecurity Mag|[[Docker Users Targeted with Crypto Malware Via Exposed APIs|https://www.infosecurity-magazine.com/news/docker-crypto-malware/]]|Docker APIs Malware|
|2020.04.06|//Almond//[>img[iCSF/flag_fr.png]]|[[Sécurité avec API : OAuth, Token-based access ou Key-based access|https://www.informatiquenews.fr/securite-avec-api-oauth-token-based-access-ou-key-based-access-68884]]|Authentication APIs|
|2020.04.06|//AttackIQ//|[[Defeating a Cloud Breach Part 2|https://attackiq.com/blog/2020/04/06/defeating-a-cloud-breach-part-2/]] (2/3)|Attack Breach|
|2020.04.06|//Microsoft//|[[Support of DANE and DNSSEC in Office 365 Exchange Online|https://techcommunity.microsoft.com/t5/exchange-team-blog/support-of-dane-and-dnssec-in-office-365-exchange-online/ba-p/1275494]]|M365 Exchange|
|2020.04.06|//Microsoft//|[[Our commitment to privacy and security in Microsoft Teams|https://www.microsoft.com/en-us/microsoft-365/blog/2020/04/06/microsofts-commitment-privacy-security-microsoft-teams/]]|M365 Teams|
|2020.04.06|//CipherCloud//|[[A Round-up of Data Breaches in March 2020|https://www.ciphercloud.com/a-round-up-of-data-breaches-in-march-2020/]]|Data_Breaches|
|2020.04.06|//Aqua Security//|![[EP11: Liz Rice - The Container Security Book|https://d3ctxlq1ktw2nl.cloudfront.net/production/2020-3-1/60785307-48000-2-493984793c3ba.mp3]]|Podcast Container|
|2020.04.06|//Aqua Security//| → [[The Container Security Book|https://info.aquasec.com/container-security-book]]|eBook Container|
<<tiddler fFormCCSK with: '15 juin 2020' 'Lundi 15 et mardi 16 juin 2020' 'Lundi 15, mardi 16 et mercredi 17 juin 2020'>>
!//Premier 'CSA Virtual EU Summit' du 9 au 12 juin 2020//
[>img(300px,auto)[iCSA/K69S0.jpg]]Compte-tenu de la situation sanitaire actuelle en Europe et de son évolution prévisible, de forts doutes émergent quant à la tenue du ''CSA EU Summit 2020'' initialement prévu le 9 juin 2020 à Bruxelles+++*[»]]> https://csacongress.org/event/csa-eu-summit-2020/ ===.
Ainsi la [[CSA]] organise ''du 9 au 12 juin 2020, de 9h00 à 10h30'', un ''Virtual EU Summit'' avec un nouveau thème chaque jour :
# __Mardi 9 juin : certification__
** Le règlement européen Cybersecurity Act a été adopté par le Parlement européen le 12 mars 2019 puis par le Conseil de l'Union européenne le 7 juin 2019. Il marque une avancée pour l'autonomie stratégique européenne et poursuit deux objectifs : l'adoption du mandat permanent de l'ENISA, et la définition d'un cadre européen de certification de cybersécurité
** Ce cadre est essentiel pour renforcer la sécurité du marché unique numérique européen, et pour la certification des produits, services et processus de sécurité.
** Cette session présentera le rôle de l'ENISA et traitera de l'impact sur la certification du Cloud pour l'industrie et le secteur public.
# __Mercredi 10 juin : gestion des risques et gouvernance__
** Le recours aux technologies de l'informatique dématérialisée suscite des inquiétudes quant aux violations du système, aux menaces et au respect des réglementations
** Cette session consistera en une table ronde sur la gestion des risques et la gouvernance et examinera les outils de gestion des risques et la manière dont ils sont utilisés pour les atténuer.
** deux secteurs seront plus particulièrement utilisés à titre d'exemples : le secteur public et le secteur financier.
# __Jeudi 11 juin : respect de la vie privée et du RGPD__
** Les exigences réglementaires et de sécurité évoluent rapidement. Nous devons donc tous soit avoir des notions, soit être formés au mieux pour savoir comment être conforme dans le cadre de nos activités.
** Cette session sera organisée par le Centre d'excellence pour la protection de la vie privée de la CSA. Il traitera de la responsabilité dans le cadre du RGPD et de la manière dont les codes de conduite et les certifications sont utilisés afin de favoriser la transparence, la conformité et la confiance.
** Elle présentera également le point de vue de la CNIL, sur le respect du RGPD par le biais du code de conduite et de la certification CSA.
# __Vendredi 12 juin : nouvelles tendances ayant un impact sur l'Union Européenne__
** Il est nécessaire d'anticiper et de réfléchir sur les évolutions sécurité.
** Cette session sera axée sur les tendances futures en matière de cybersécurité du point de vue de la CSA et d'autres experts.
[>img(200px,auto)[iCSA/K69S4.png]]
__Détails :__
* Détails (à venir) et inscriptions (pas encore ouvertes) ⇒ ''[[CloudSecurityAlliance.fr/go/k69c/|https://CloudSecurityAlliance.fr/go/k69c/]]''<<tiddler [[arOund0C]]>>
!"//Principi di sicurezza applicabili ai Cloud Computing Services: GDPR, Direttiva NIS e PSD2 a confronto//"
[>img(200px,auto)[iCSF/CSA_IT.png]]Le Chapitre italien+++*[»]> https://cloudsecurityalliance.it/ === de la [[Cloud Security Alliance]] a publié une étude intitulée "Principes de sécurité applicables aux services de cloud computing : comparaison entre la GDPR, la directive NIS et la PSD2". Elle se veut être une approche à 360 degrés permet de traiter véritablement la question de la conformité, et a été rédigée par le groupe de travail "Privacy & Legal in the Cloud".
Vcici la traduction de la table des matières, de l'introduction et de la conclusion.
!!Table des matières
{{ss2col{
<<<
* Principes et mesures de sécurité applicables aux prestataires Cloud : approche RGPD
** Mesures techniques et organisationnelles envisagées par le RGPD
** Principes relatifs au transfert de données vers des pays tiers
* Principes et mesures de sécurité applicables aux prestataires Cloud : approche NIS
* Principes et mesures de sécurité applicables aux prestataires Cloud : approche DSP2
* Différences et chevauchements entre les obligations de RGPD, NIS et DSP2
** Les chevauchements entre NEI et RGPD
** Les chevauchements entre la DSP2 et la RGPD
* Conclusions
<<<
}}}
!!Introduction
<<<
//[>img(200px,auto)[iCSF/K4APP.jpg]]La protection des données à caractère personnel et, plus généralement la sécurité de l'information, sont devenues ces dernières années des questions de toute première importance, tant au niveau national que supranational. En témoigne l'adoption en 2016 et sa mise en œuvre ultérieure en 2018 de deux règlements européens qui ont redéfini le cadre de la protection des données et de la sécurité des systèmes d'information : le règlement général sur la protection des données à caractère personnel ("règlement" ou "RGPD") et la directive 2016/1148 relative à la sécurité des réseaux et des systèmes d'information, plus connue sous le nom de directive NIS (Network and Information Security). Ce cadre réglementaire comprend également la directive 2015/2366/(EU) sur les services de paiement fournis dans le marché intérieur européen ("DSP2"), qui a introduit des innovations significatives dans le monde des paiements numériques.
Les prestataires de services dans le nuage ("CSP") ont donc été "investis" par la succession des changements réglementaires et le chevauchement de nombreuses obligations résultant de l'application souvent simultanée du RGPD, de la directive NIS et parfois aussi de la DSP2. Le cumul de dispositions prescrites par différents règlements peut entraîner une confusion dans la gestion des obligations imposées par ces règlements. La clarification dans ce contexte incertain est essentielle non seulement pour permettre une bonne gestion des différentes obligations mais aussi pour permettre aux destinataires de ces obligations de mettre à profit ces recoupements afin d'optimiser, plutôt que de multiplier, leurs efforts d'exécution.
Cette étude vise donc à analyser les exigences contenues dans la GDPR et la directive de sécurité NIS afin d'identifier (1) les mesures techniques et organisationnelles que les fournisseurs de services cloud sont tenus d'appliquer et les exigences de notification du RGPD et de la Directive; (2) les recoupements et, en même temps, (3) les différences entre ces exigences dans leur contenu, les hypothèses d'application, les critères et les risques sur la base desquels l'adéquation des mesures de sécurité doit être évaluée. Cette analyse sera également complétée par un examen des obligations correspondantes imposées par la DSP2.//
<<<
!!Conclusion
<<<
{{ss2col{
//Cette étude a mis en évidence et comparé les principales exigences de sécurité imposées par la RGPD, la directive NIS et la directive DSP2. Ces trois règlements ont un impact important sur les fournisseurs de services dans le Cloud : les fournisseurs de services dans le Cloud qui traitent des données à caractère personnel entrent dans la catégorie des contrôleurs/processeurs de données; en même temps, ils sont considérés comme des fournisseurs de services numériques et sont donc soumis aux obligations de la directive NIS; en outre, ils peuvent jouer le rôle de fournisseurs de services de paiement (PISP) ou de fournisseurs d'informations sur les comptes bancaires (AISP) en vertu de la directive DSP2.
Comme expliqué ci-dessus, le RGPD impose de mettre en œuvre des mesures de sécurité pour assurer un niveau de sécurité approprié au risque auquel les données personnelles sont exposées tout en confiant au détenteur la tâche de décider en pratique des mesures à appliquer. Des obligations importantes de notification (et de rapport) sont également prévues en cas de violation de données personnelles en vertu des articles 33 et 34 du RGPD. Dans ce contexte, l'article 28 de la RGPD joue un rôle clé car il permet au responsable du traitement de garder le contrôle des données lorsqu'elles sont traitées pour son compte par des tiers, par exemple des fournisseurs de services dans les nuages.
D'importantes obligations de sécurité ont également été introduites par la directive NIS, qui vise à garantir un niveau élevé commun de sécurité des réseaux et des systèmes d'information. Les destinataires de ces obligations sont, outre les opérateurs de services essentiels, les fournisseurs de services numériques, y compris les fournisseurs de services Cloud. La directive NIS décrit les mesures de sécurité que les fournisseurs de services numériques doivent prendre pour atténuer les risques auxquels la sécurité des réseaux et des systèmes d'information est exposée et décrit la procédure de signalement des cyberincidents.
Plus récemment, la DSP2 a introduit de nouveaux développements importants dans le monde des paiements numériques. Premièrement, la DSP2 a introduit trois nouveaux acteurs dans l'industrie, à savoir l'AISP, le PISP et le CISP ("PSP"). Afin d'opérer en tant que PSP, ces acteurs devront passer les évaluations des banques centrales en ce qui concerne les procédures adoptées en cas d'incident informatique et le montant des investissements que l'entreprise entend faire dans la sécurité informatique. En particulier, un cadre détaillé sur la manière dont les entreprises qui ont l'intention d'opérer en tant que PSP doivent gérer les incidents informatiques est décrit dans les lignes directrices de l'EBA du 27 juillet 2017. En outre, les PSP devront accorder une grande attention à la protection des données de paiement sensibles.
Dans la pratique, les exigences du RGPD, de la directive NIS et de la DSP2 peuvent se chevaucher partiellement, tout en conservant des objets de protection différents et donc des champs d'application différents. On peut en fait identifier plusieurs points de contact entre les dispositions de sécurité des NEI et de la RGPD bien que, dans l'ensemble, les obligations de sécurité soient décrites par les NEI de manière plus spécifique et plus détaillée que la RGPD. Des chevauchements importants peuvent également affecter les procédures de notification des violations de données (dans le cadre de la RGPD D'autres chevauchements peuvent survenir entre la RGPD et la DSP2 en raison de la classification des PSP comme responsables/responsables/co-responsables du traitement des données, de la définition des données sensibles dans le cadre de la DSP2, des procédures à activer en cas de cyberincident, de la gestion de l'analyse d'impact.
Afin d'éliminer tout problème de gestion pouvant découler de ces chevauchements, il convient de gérer ces obligations de manière coordonnée, par exemple en fusionnant la documentation afin d'optimiser les efforts d'application auxquels les entreprises sont appelées à faire face.// }}}
<<<
__Détails :__
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/k4ai/|https://CloudSecurityAlliance.fr/go/k4ai/]]'' (en intalien)
* Étude au format 'PDF' ⇒ ''[[CloudSecurityAlliance.fr/go/k4aj/|https://CloudSecurityAlliance.fr/go/k4aj/]]'' (en intalien)
!"//Hybrid Clouds and its Associated Risks//"
Extraits :
|ssTablN0|k
|__''Introduction''__ |__''Conclusion''__ |
|//This document aims to describe the concept and value of hybrid clouds, highlight key application scenarios and point out security risks in the hybrid cloud. A subsequent document by CSA Hybrid Cloud Security Services Working Group [3] will propose countermeasures to help users and cloud service providers identify and reduce security and compliance risks in the hybrid cloud.// |//Hybrid cloud brings great help to enterprise development and represents the best of both worlds. The control and security of private clouds combined with the versatility and scale of public clouds meet the development requirements of enterprises. Even with all its advantages security and privacy in Hybrid cloud environments remain a major concern. This document details hybrid cloud scenarios and lists a number of threats, risks, and vulnerabilities. Subsequent artifacts from the Working Group will focus on countermeasures and strategies to mitigate these weaknesses.// |
La date limite pour faire les commentaires est fixée au ''8 mai 2020''.
⇒ Lire l'original sur le site de la CSA ⇒ [[CloudSecurityAlliance.fr/go/k4aa/|https://CloudSecurityAlliance.fr/go/k4aa/]]
!"//23 Conseils pour réussir la certification CCSK (Certificate of Cloud Security Knowledge)//"
[<img(200px,auto)[iCSA/K4AB1.jpg]]Article de blog publié le 8 avril 2020
Rédigé par François Quiquet, Architecte Sécurité Réseau chez Bouygues Télécom -- Certifié CISSP, CCSK, ISO 27001 LI, ISO 27005 RM
Publication initiale de l'article le 5 avril 2020
Version originale de l'article sur LinkedIN : "[[23 Conseils pour réussir la certification CCSK|https://www.linkedin.com/pulse/23-conseils-pour-r%C3%A9ussir-la-certification-ccsk-cloud-quiquet-/]]".
J'ai passé avec succès, début avril 2020, la certification CCSK (Certificate of Cloud Security Knowledge) et je vous livre ci-dessous quelques conseils et astuces pour que vous puissiez également réussir l'examen du premier coup.
!!Qu'est-ce que la CCSK ?
[>img(300px,auto)[iCSA/K4AB2.jpg]]Le [[CCSK]] est une certification "vendor neutral" sur la sécurité du Cloud. Elle est considérée comme étant la "state of the art" de la sécurité du Cloud. Elle a été créée en 2010 par la [[CSA]] (Cloud Security Alliance) un organisme qui pilote le programme [[STAR]] (Security, Trust & Assurance Registry) dont l'objectif est de fournir et de maintenir un standard de haut niveau pour permettre à des organismes d'audit indépendants de délivrer des niveaux de certification aux différents Cloud du marché.
[>img(300px,auto)[iCSA/K4AB3.jpg]]Le CSA publie régulièrement des documents de référence pour promouvoir les bonnes pratiques de la sécurité du Cloud. Le CSA anime et organise également plusieurs groupes de travail et chantiers de recherche auxquels les entreprises membres peuvent participer pour faire avancer le domaine de la sécurité du Cloud.
!!Comment passer la CCSK ?
Le [[CCSK]] est un examen qui se fait à distance (pas dans un centre d'examen), en ligne sur le web et "open book" (matériel d'étude à disposition). A la différence de la plupart des autres certifications, le [[CCSK]], dans sa version passée (v4 en ce moment), est valable a vie. Il n'est pas nécessaire de justifier d'expériences pour se présenter à l'examen. Il n'y a pas non plus de paiement annuel, ni de CPE (Continuous Professional Education) pour maintenir la certification.
Le coût de l'examen est de $395 USD et permet de disposer de deux tentatives. Si vous réussissez à le première tentative, vous pourrez utiliser la deuxième lors de la publication d'une nouvelle version du [[CCSK]]. Un jeton d'examen est valable deux ans à partir de son achat.
Pour s'inscrire à l'examen : https://ccsk.cloudsecurityalliance.org/en
!!Quel est le contenu du CCSK ?
La version [[CCSK]] v4 actuelle existe depuis le 1er décembre 2017. Elle a subi une importante mise à jour par rapport à la version v3 précédentes incluant les toutes dernières technologies du Cloud (micro-service, serverless, container, SDN, Big Data, IOT, etc ..)
[>img(400px,auto)[iCSA/K4AB4.jpg]]L'examen est un QCM de type A/B/C/D/E ou True/False composé de 60 questions à réaliser en 90 mn. Une fois que l'examen est lancée, il n'est pas possible de le mettre en pause. Le score minimum pour réussir l'examen et obtenir la certification est de 80%. Le taux de réussite à l'examen est de 62%.
Vous obtenez votre résultat immédiatement dès la fin de l'examen avec votre score global et par domaine pour identifier vos axes d'amélioration. Si vous réussissez l'examen, vous pouvez même télécharger votre certificat. Par contre, les réponses aux questions ne sont par fournies afin de préserver l'intégrité de l'examen. Il existe un kit de préparation à l'examen et une FAQ téléchargeable sur le site de la CSA : https://ccsk.cloudsecurityalliance.org/en/faq
!!Quel est le matériel d'étude du CCSK ?
[>img(400px,auto)[iCSA/K4AB5.jpg]]L'examen du [[CCSK]] teste le candidat sur le contenu de 3 documents qui sont téléchargeables gratuitement sur le site du CSA : https://cloudsecurityalliance.org/education/ccsk/#_prepare
L'ensemble de ces 3 documents représente le CBK (Common Body of Knowledge) de l'examen CCSK. Il s'agit de :
# CSA Security Guidance for Critical Areas of Focus in Cloud Computing v4
# CSA Cloud Controls Matrix (CCM)
# ENISA (European Network and Information Security Agency) Whitepaper Cloud Computing: Benefits, Risks and Recommendations for Information Security
__''Les 14 domaines du Security Guidance du CSA sont les suivants :''__
{{ss2col{
<<<
* Domaine 01 : Cloud Computing Concepts and Architectures
* Domaine 02 : Governance and Enterprise Risk Management
* Domaine 03 : Legal Issues, Contracts and Electronic Discovery
* Domaine 04 : Compliance and Audit Management
* Domaine 05 : Information Governance
* Domaine 06 : Management Plane and Business Continuity
* Domaine 07 : Infrastructure Security
* Domaine 08 : Virtualization and Containers
* Domaine 09 : Incident Response
* Domaine 10 : Application Security
* Domaine 11 : Data Security and Encryption
* Domaine 12 : Identity, Entitlement, and Access Management
* Domaine 13 : Security as a Service
* Domaine 14 : Related Technologies
<<<
__''Les chapitres importants du document de l'ENISA sont les suivants :''__
<<<
* Information Security
* Isolation failure
* Economic Denial of Service
* Licensing Risks
* VM hopping
* Five key legal issues common across all scenarios
* Top security risks in ENISA research
* OVF
* Underlying vulnerability in Loss of Governance
* User provisioning vulnerability
* Risk concerns of a cloud provider being acquired
* Security benefits of cloud
* Risks R.1 - R.35 and underlying vulnerabilities
* Data controller versus data processor definitions
* In IaaS, who is responsible for guest systems monitoring
<<<
__''Les éléments important de la CSA CCM (Cloud Controls Matrix) à connaitre sont les suivants :''__
<<<
* CCM Domains
* CCM Controls
* Architectural Relevance
* Delivery Model Applicability
* Scope Applicability
* Mapped Standards and Frameworks
<<<
}}}
Le document le plus important est de loin le Security Guidance du CSA. Il représente à lui-seul 87% des questions de l'examen. La CSA CCM représente 7% et le rapport de l'ENISA 6%.
__''La répartition exacte du nombre de questions par domaine est la suivante :''__
{{ss2col{
<<<
[img(400px,auto)[iCSA/K4AB6a.jpg]]
[img(400px,auto)[iCSA/K4AB6b.jpg]]
<<<
}}}
!!Ma préparation au CCSK
__''Mon matériel d'étude''__
Outre le matériel d'étude officiel, j'ai utilisé en plus deux autres documents qui m'ont beaucoup aidé :
* Le ''CSA Guidance Summary in 6O minutes''+++*[»]> https://freetalents.ma/wp-content/uploads/2019/10/8-CSA-Guidance-in-60Minutes.pdf === : c'est un très bon résumé de 25 pages du Security Guidance v4 du CSA. Je l'ai imprimé pour réviser et je l'avais en PDF pendant l'examen.
* [>img(150px,auto)[iCSA/K4AB7.jpg]]Le ''CCSK All-in-One Exam Guide''+++*[»]> https://amzn.to/39Nzvpf === de Graham Thompson : c'est un excellent guide de révision que je recommande fortement et auquel a participé Peter van Eijk avec qui j'ai eu l'honneur de discuter. Peter est un formateur officiel du [[CCSK]] de la CSA et je pense qu'il participe au comité de rédaction des questions. Le livre repasse en revue avec de très bonnes explications les 14 domaines du CBK mais aussi le document de l'ENISA et la CCM. A la fin de chaque chapitre, il y a un "Chapter Review" qui reprend l'essentiel à savoir pour l'examen. Le livre comprend également 150 questions de tests qui sont très proches de celles de l'examen en terme de formulation et de difficulté. Et enfin, à la fin du livre, il y a un code pour accéder à un simulateur en ligne sur le site TotalSem qui contient 200 questions supplémentaires (lien vers le livre en ebook ou en papier sur Amazon)+++*[»]> https://amzn.to/39Nzvpf ===
* Je tiens aussi à signaler l'existence de la formation [[CCSK]] en e-learning de Verisafe+++*[»]> https://www.verisafe.fr/ === avec Boris Motylewski. J'ai eu de très bons retours sur les formations de Boris qui s'investit beaucoup dans l'aide au passage des certifications (CISSP, CCSK et bientôt CCSP). Deux vidéos expliquent ce qu'est la [[CCSK]], les avantages de la [[CCSK]] et comment devenir [[CCSK]] en 30 jours. Les slides d'exemple montrent la qualité du support du cours. Elles m'ont aidé à bien comprendre les 35 risques identifiés par l'ENISA, les 11 risques majeurs, les 23 actifs potentiellement impactés (dont ceux les plus exposés) et le top 7 des vulnérabilités.
__''Mon plan de révision''__
[>img(300px,auto)[iCSA/K4AB8.jpg]]Mon passage de la certification [[CCSK]] s'est fait dans des conditions un peu particulières. En effet, initialement, je devais passer la certification CCSP (Certified Cloud Security Professional). Je révisai depuis deux mois et demi quand j'ai appris que mon examen début avril était décalé suite à la pandémie de Covid-19 qui circulait en France. Pour mettre à profit mes révisions et les connaissances acquises, j'ai décidé vers mi-mars de tenter l'examen [[CCSK]] qui se fait en ligne et à domicile. La période de confinement était pratique aux révisions : 1h le matin avant de commencer le télétravail (en remplacement du temps de transport), 1h le midi sur la pause déjeuner et 2 à 3h en fin d'après-midi, après la journée de télétravail et le soir.
En deux semaines et demi, j'ai réussi à lire l'ensemble du matériel d'étude officiel plus le matériel d'étude supplémentaire. J'ai fait plus de 700 questions de tests (ceux du livre mais aussi d'autres sur Udemy ou trouvé sur internet). J'ai fait une centaine de Flashcards. J'ai visualisé quelques vidéos sur Youtube. J'ai surtout pris beaucoup de notes personnelles. En ce qui me concerne, c'est essentiel car ça me permet de faire des révisions de dernières minute mais ça me permet surtout de mieux retenir tout ce que j'apprends.
!!23 Conseils et Astuces pour réussir le CCSK
* ''TIP #1'' : Lisez tout le matériel d'étude au moins une fois (deux fois, c'est encore mieux). Même si l'examen est open book, vous serez ainsi plus à l'aise.
* ''TIP #2'' : En plus du matériel d'étude officiel, révisez en utilisant des vidéos et/ou des (e)books pour encore mieux comprendre les domaines du CBK.
* ''TIP #3'' : Utilisez le document "CSA Guidance Summary in 6O minutes"+++*[»]> https://freetalents.ma/wp-content/uploads/2019/10/8-CSA-Guidance-in-60Minutes.pdf === qui est un très bon résumé de 25 pages du Security Guidance du CSA.
* ''TIP #4'' : Ecrivez vos propres notes de révision. On retient beaucoup mieux quand on écrit soi-même.
* ''TIP #5'' : Comprenez bien en quoi le Cloud impacte les différents processus de sécurité de l'entreprise. C'est l'objectif principal de l'examen.
* ''TIP #6'' : Comprenez bien les défis, les risques, les préoccupations mais aussi les bénéfices et les avantages du Cloud pour chaque domaine du CBK.
* ''TIP #7'' : Utilisez des questions de tests et/ou des flashcards pour tester votre bonne compréhension des domaines du CBK mais aussi pour vous entraîner à utiliser les documents.
* ''TIP #8'' : Mettez en place un programme de révision et tenez-y vous. Par exemple, prévoyez 1 à 2h de révision chaque jour de la semaine et un peu plus le week-end (3 à 4h). Commencez par le Security Guidance v4 de la CSA, puis par le rapport de l'ENISA et enfin par la CCM (il suffit de survoler ce dernier et d'en comprendre la structure car vous l'aurez sous la main pendant l'examen).
* ''TIP #9'' : Pendant l'examen, lisez deux fois chaque question. Lisez les réponses. Puis relisez la question.
* ''TIP #10'' : Soyez attentifs aux réponses contenant des éléments trop techniques, trop spécifiques ou encore étant trop relatives à une technologie (comme le SAN, le NAS, etc ...). Ce sont souvent les mauvaises réponses.
* ''TIP #11'' : Identifiez les réponses qui ne sont pas spécifiques au Cloud. Ce sont souvent les mauvaises réponses.
* ''TIP #12'' : Éliminez rapidement les réponses qui n'ont rien à voir ou qui sont trop éloignées de la question.
* ''TIP #13'' : Toujours répondre aux questions d'un point de vue business. C'est le business de l'entreprise qui challenge les choix de sécurité et non l'inverse. On parle d'ailleurs du BIA (Business Impact Analysis) pour identifier les actifs critiques à protéger en priorité
* ''TIP #14'' : Soyez attentifs aux questions négatives qui contiennent le mot "NOT". On a tendance à trop l'oublier quand on choisit la réponse.
* ''TIP #15'' : Soyez attentifs aux questions qui contiennent les verbes "IS" ou "ARE". Ça permet de choisir ou d'éliminer des réponses.
* ''TIP #16'' : Si vous ne connaissez pas la bonne réponse, tentez d'éliminer rapidement deux mauvaises réponses puis choisissez la réponse qui vous semble être la meilleure parmi les deux réponses restantes.
* ''TIP #17'' : Identifiez des mots-clés dans les questions et recherchez ces mots-clés dans les documents.
* ''TIP #18'' : Utilisez la fonction de recherche avancée de votre lecteur PDF préféré pour rechercher en une seule fois un mot, une expression ou une phrases sur l'ensemble des documents. Vous gagnerez ainsi du temps.
* ''TIP #19'' : Apprenez bien la structure de chaque document. Ça permet de retrouver rapidement dans le document, le domaine relatif à la question.
* ''TIP #20'' : Utilisez deux écrans : un pour la matériel d'étude et un deuxième pour l'examen. Cela vous fera gagner du temps en évitant de passer sans cesse d'une fenêtre à l'autre.
* ''TIP #21'' : Testez et répétez plusieurs fois votre méthode et votre logistique mise en place pour être à l'aise pendant l'examen.
* ''TIP #22'' : Utilisez un traducteur (Google Translate, DeepL ou autre) pour vous aider à mieux comprendre le sens de certains mots compliqués.
* ''TIP #23'' : En cas d'échec à l'examen, ne gâchez pas votre 2e jeton pour le retenter tout de suite sur un coup de tête. Prenez du temps pour refaire des révisions et mieux comprendre les domaines du CBK.
!!Différence entre les certifications CCSK et CCSP
[>img(300px,auto)[iCSA/K4AB9.png]]La CCSP est la "Certified Cloud Security Professional". C'est une certification qui a été créé en 2015 conjointement par la CSA, l'organisme qui a créé la [[CCSK]] et l'(ISC)², l'organisme qui a créé la très célèbre et recherchée certification CISSP.
[img(500px,auto)[iCSA/K4ABA.jpg]]
__''La certification CCSP couvre les 6 domaines suivants :''__
<<<
* Domain 1 : Cloud Concepts, Architecture and Design
* Domain 2 : Cloud Data Security
* Domain 3 : Cloud Platform and Infrastructure Security
* Domain 4 : Cloud Application Security
* Domain 5 : Cloud Security Operations
* Domain 6 : Legal, Risk and Compliance
<<<
__''Si on devait faire une opération mathématique, elle serait la suivante :''__
> @@color:#014;CCSP = CCSK + Expanded Governance Items + Traditional Security + Privacy@@
__''Voici les articles à lire pour bien comprendre la différence entre les 2 certifications :''__
# Comparing the CCSP and CCSK Cloud Security Credentials+++*[»]> https://www.isc2.org/articles/Comparing-the-CCSP-and-CCSK-Cloud-Security-Credentials%20 ===
# CCSK vs CCSP: An Unbiased Comparison+++*[»]> https://cloudsecurityalliance.org/blog/2018/04/24/ccsk-vs-ccsp-unbiased-comparison/ ===
# CCSK vs CCSP - An Impartial Comparison+++*[»]> https://www.whizlabs.com/blog/ccsk-vs-ccsp/ ===
# The CCSP is a BEAST that you must defeat to get your org into the clouds+++*[»]> https://www.linkedin.com/pulse/ccsk-vs-ccsp-how-compare-cissp-emil-man-cissp-mba/ ===
!!Conclusion
Bon courage et bonne révision à tous. Gardez en tête la citation suivante :
> @@color:#014;Dans un voyage ce n'est pas la destination qui compte mais toujours le chemin parcouru.@@
Ce n'est pas en soi l'obtention de la certification qui soit importante mais bien les connaissances que vous allez acquérir et qui vont vous faire monter en compétences. La certification est la cerise sur le gâteau.
[img[iCSF/flag_fr.png]]^^fq^^[img(50%,1px)[iCSF/BluePixel.gif]]
[img(300px,auto)[iCSA/K4ABB.jpg]]
!"//Coronavirus today and cybersecurity tomorrow//"
Article de blog publié le 8 avril 2020 — Rédigé par Jim Reavis, Co-Founder and CEO, CSA
{{ss2col{
<<<
[>img(150px,auto)[iCSA/K48BC.jpg]]//The Black Swan event that is Coronavirus is a challenge for our times that we must win. Some may say that this pandemic should not be called a Black Swan event because we had the warning signs. However, the Internet is a great archive and you cannot find a hint of the wholesale segmentation of humanity and the rapid shutdown of our global economy just a few weeks ago. How much the world has changed in 28 days. From a cloud and cybersecurity perspective, organizations are being challenged by a barrage of new cyberattacks and malware, while completely shifting significant portions of their compute infrastructure.
In the realm of Cloud Security Alliance, we are monitoring events, collaborating with members, communicating with researchers and chapters to start understanding and building a database of lessons learned, what is working well and what the challenges are ahead. At a high level, we are seeing a variety of security, capacity and design issues in the rush to work from home, we are facing an onslaught of COVID-19 phishing and other malware attacks and cybersecurity professionals have a more complicated work environment to solve problems. Your company may be locked into its initial Work From Home (WFH) plan, but the following are a collection of observations that may cause you to adjust some short term plans and also give you some pause to think about where this is taking us.
''Malicious Attackers love a crisis''.
There is no honor among thieves. In the initial days of the global COVID-19, there were claims by some purported hacker groups that they would not attack the healthcare infrastructure. That lasted about a minute as the World Health Organization and hospitals have been under constant attack. The worse the crisis gets, the more active the hackers will get.
''Multi-factor authentication''.
Let's start with MFA. This needs to be deployed everywhere, with every WFH user having it. This will prevent virtually all account takeovers from being successful. However, this is not simply a matter of home user deployment. You need to make sure that host systems, be they VPNs, cloud services or on premise servers support the authentication scheme and that legacy protocols that do not support MFA are disabled. Having Single Sign-On (SSO) on top of MFA is even better.
''Traditional VPNs are insufficient''.
Many VPN Gateways are getting overwhelmed and were not designed for the entire workforce to be using them. If you are backhauling Internet-bound traffic to the home office and then running traffic through your security gauntlets, you are probably both creating an unintentional denial of service to your on-premise data centers and slowing cloud access to a crawl. At a minimum, you need split-tunnel VPNs to allow users to only send on-premise bound traffic to the VPN Gateway, and send the rest directly to the Internet. You don't want cloud backups going over the corporate VPN. VPN logging is important to pay attention to now. There's likely to be a lot more VPN event activity and logs may be getting "rolled over." Even if not actively monitored, establish off-device "lookback" to support potential investigations. You should be performing VPN group reviews. With many new users on VPNs, take a look at your VPN groups and consider if they meet your security goals.
''Jump Boxes''.
If you didn't have them before, now is a great time to consider deploying jump boxes for administrators to securely access remotely managed servers - this could be an on-prem VM or a cloud jump box (check cloud provider blueprints for these).
''Smart Home threat vector''.
In the old days, a person's home-based work computer might literally be the only computer in a house. In today's smart home, the WFH system is coexisting with dozens and even hundreds of devices. Most of these devices are poorly maintained, unpatched and full of vulnerabilities. We have heard of corporate breaches instigated by compromised smart TVs and you can be sure that there will be a second wave of WFH users attacked by their home devices, controlled by malicious attackers. Ideally, all devices would be patched and hardened. However, if we can start with making sure that the Cable Modem/Internet Gateway/WiFi Router is patched, hardened, admin is inaccessible from the Internet, all defaults are changed and a separate network is maintained for the work devices, that would be ideal. A separate network and hardened work devices also helps mitigate the risks from the curious and bored kids you may have at home.
''Security Awareness''.
Is your corporate security awareness program up to date with this rapid shift? Make sure there are no gaps and we provide employees with appropriate guidance, such as some of the "Smart Home" issues listed previously.
''COVID-19 information centers''.
A user in this environment is liable to click on any provocative COVID-19 message, which is a hacker's dream. Organizations can mitigate this with good awareness training and by pointing users to their own comprehensive COVID-19 information centers, that include both company-specific and general information.
''State-of-the-Art Cloud Security''.
As I said before, VPNs are not up to the task of protecting and enabling WFH users on their own. There is a group of solutions with different category names, but they are Security as a Service solutions that provide users with granular access to cloud applications, threat protection and rigorous policy enforcement. Connecting users only to authorized applications is far better than providing a VPN with access to any service within the network's visibility. CSA's Software Defined Perimeter and Zero Trust, originally defined by Forrester Research, are two of the most important and complementary architectural frameworks embodying this principle. Identity becomes the perimeter and it is straight forward to implement least privilege protections. You will find the Cloud Access Security Broker (CASB) and Secure Web Gateway product categories have greatly matured over the years, to the point that they provide their own fast and secure global Internets that provide this type of capability. Being delivered as a service, these solutions can be provisioned immediately and allow an organization to develop agile and secure WFH deployment plans.
''Staggered times of usage''.
You may have noticed network latency and even unavailable services when a large number of users access services simultaneously. We have even heard of politicians suggest NetFlix should throttle content delivery to maintain room for emergency services. One lesson learned is that meetings tend to start at the top of the hour and you can improve the performance of cloud conferencing by starting at 15 minutes past the hour. No doubt there are several more simple tricks like that.
''Lock down locations''.
You may find that this is a rare point in time where you actually have a fairly good understanding of where your employees are. This could be an interesting opportunity to use filtering and access control capabilities within several security solutions to block traffic coming from many different problem locations to your applications. This may come with several caveats, but you should take the opportunity to identify previously hidden attackers.
''The downside of forced agility''.
There is concern that in the rush to enable pervasive WFH, we may institutionalize degraded security if we are not careful. Perhaps we had to punch holes in firewalls thoughtlessly. Or, we may have lowered our BYOD security policy standards to enable users to get to work with what they have. It is important that we have documented and categorized changes that deviated from our security standards and work to remediate them as we go and/or roll them back when normalcy returns.
''Where are the systemic issues?'' By and large, it appears that cloud has fared pretty well so far, although there have been some resource exhaustion issues and network performance has been an adjacent problem. Although pandemics may ultimately be more of an exception than a rule, we can think of many other disasters that can similarly strain existing IT architectures, at least on a regional basis. Compute, applications and data need to be resilient. Workloads need to move seamlessly. Organizations may not be 100% cloud in the future, but they will likely need a cloud-based architecture with a common orchestration, management and security framework.
''Maintaining your cybersecurity workforce''.
One of my biggest concerns is how our profession is handling this stressful time. In addition to being worried about their own health and the health of their family, they may find the job is made more difficult by the inability to collaborate and the hours are surely long in a crisis. Add on to that the risk of being laid off, and we have a volatile combination. The denizens of the Dark Web are counting on a weakened cybersecurity workforce and we must be vigilant about taking care of our people, keeping them motivated and protecting their jobs.
//
<<<
}}}__Lien :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k48c/|https://CloudSecurityAlliance.fr/go/k48c/]]''
!"//Network Security for the Cloud and Mobile Workforce//"
Article de blog publié le 8 avril 2020 — Rédigé par Etay Bogner, VP of Zero-Trust Products, Proofpoint
{{ss2col{
<<<
[>img(150px,auto)[iCSA/K48BN.jpg]]//An increasing number of enterprises today have made large-scale shifts to cloud-based IT resources by putting their applications in the cloud, subscribing to ready-to-use software-as-a-service (SaaS) applications, and supporting an expanding remote and mobile workforce. However, these practices strain the capabilities of legacy networks built around site-centric connectivity and security stacks. There are many recognized challenges tied to dependencies on data-center-based Firewalls and VPNs, such as large network attack surfaces, unreliable end-user experiences, and administrative headaches.
!!The Mobile Workforce, The Cloud and Secure Networking
Many enterprise applications, workloads and storage have shifted to the cloud as companies adopt a "cloud first" strategy to get out of the requirement of owning and operating infrastructure. They are migrating their own custom applications to the cloud to run on public cloud infrastructure, in addition to subscribing to enterprise SaaS applications and countless other productivity applications.
The idea of people always working in the same office location during specific work hours seems quaint in 2020. The workday doesn't end at 5 PM; many people work extra hours at home in the evening and on weekends, and they need remote access to their office computer. People are mobile; they work from home or wherever they happen to be. In fact, some people may never even go to a company site - especially if they aren't actual employees of the company. An organization's workforce is very likely to include contractors, partners and consultants who need varying levels of access to applications, data and other company resources. What's more, workers may use non-corporate-owned, unmanaged devices as they access the network and applications.
With people and computing resources scattered about, unknown devices connecting from near and far, and cloud-based applications now essential to business operations, the traditional site-centric perimeter of network security is long gone. Nevertheless, strong security is needed more than ever as concerns become more pervasive and damaging, and cyber-attacks and breaches surface with alarming regularity.
!!The Problem of Network Security with an Overly Permissive VPN
In terms of networking, people have to connect to something regardless of where they work. Most organizations do that today by connecting workers to the network in the corporate data center or headquarters.
For those employees in an office, it's typically a simple LAN or WAN connection; those outside the office (i.e., mobile or remote workers) usually connect via a VPN. The security paradigm for either method of connectivity is flawed because once authenticated users access the enterprise network, they are considered "trusted" and have overly broad access to the network. VPNs have their own problems because the user experience can be bad, and from the IT perspective, VPNs can be difficult to manage.
The connectivity and security challenges escalate when the organization uses cloud applications. For branch or mobile workers, the enterprise can either bring all traffic back to the headquarters network hub and then send it out to the cloud or allow the traffic to go straight to the cloud from wherever the user is. Backhauling all remote traffic to a central facility isn't practical. Companies do it to enforce the on-premise security stack, but this practice puts a strain on network and application performance and degrades the user experience. What's more, mobile users lose "locality," meaning that someone who is traveling quite far from the home network - perhaps out of the country - still has their traffic backhauled to the network hub, which results in latency and throughput issues.
Allowing user traffic to go straight to the cloud or the internet is too risky. This practice circumvents corporate security infrastructure and policy and doesn't allow all traffic to be logged for audit and security purposes. Companies compensate by installing one after another security solutions - CASBs for SaaS applications, and VPNs for IaaS/PaaS, which becomes more complex and expensive with the growing number of instances.
It's simply not practical or cost-effective to deploy so many security solutions, especially for cloud applications. It forces corporate IT departments to become systems integrators to make a lot of disparate solutions work together for the sake of trying to hold onto a porous security perimeter.
!!Enter Secure Access Service Edge (SASE)
Cloud-based IT resources serving mobile workforces and others in the enterprise require highly available network access that is reliable and secure." According to a recent report by Gartner, "As a result, secure access services need to be everywhere as well. The data-centric model will not scale. Network gymnastics to route traffic to and from the enterprise data center make no sense when very little of what a user needs remains in the data center. Worse, we impact user productivity, user experience and costs by restricting access to SaaS only if a user is on the enterprise network or has used a VPN, or requiring different agents for SWG, CASB and VPN, which creates agent bloat and user confusion. In other cases, branch-office traffic is forced through the data center for inspection when users access any cloud-based resource, increasing latency and the cost associated with dedicated MPLS circuits."
To provide a more secure and manageable alternative to legacy networking solutions SASE offers reduced risk, application-specific access, efficient management and a consistent end-user experience. Administrators can onboard each network resource to a SASE platform once and manage all policies centrally in the cloud, avoiding the need to configure and sync across different locations. Fully-cloud based SASE platforms require little setup or maintenance and operate in the data center or VPC that the user is enabling access to. All of the intelligence, as well as the security enforcement, is done in the cloud.
Next generation network service providers are building the fabric that delivers user-centric computing to enterprises. Advanced Zero trust SASE platforms offer a multi-tenant global overlay network but can function like a private enterprise wide area network for organizations. All of the infrastructure of this network is provided by the vendor in the cloud, so there is no hardware for a customer organization to deploy. SASE platforms provide the micro-segmented access to applications and network resources that workers require. They deliver a best-of-breed network security stack in the cloud to help enterprises chain together the needed security services at every point in the network.//
<<<
}}}__Lien :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k48b/|https://CloudSecurityAlliance.fr/go/k48b/]]''
!"//Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage//"
[>img(250px,auto)[iCSA/K47WS.png]]Webinar [[CloudBytes]] diffusé le 7 avril 2020 — Présenté par Thomas Martin, précédemment CIO de GE et fondateur de NephoSec, et Chris Hertz, Chief Revenue Officer de DivvyCloud
<<<
//Join Thomas Martin, former GE CIO and Founder of NephoSec, and Chris Hertz, Chief Revenue Officer of DivvyCloud, for a deep dive into the current state of cloud security and practical guidance on ways to stop cyberattackers who seek to take advantage of the disruption caused by the coronavirus pandemic. Topics covered include:
• Discussion of the increased challenges faced by security and IT professionals during times of crisis.
• Key findings from the 2020 State of Enterprise Cloud Adoption and Security Report as a guide to what to focus on.
• Critical actions and steps that enterprises can take to protect their cloud environments from cyberattackers.//
<<<
⇒ S'inscrire au Webinar de 60 minutes [[sur le site de BrightTALK|https://www.brighttalk.com/webcast/10415/392806]].
!"//CSA kicks off project to create a security framework for blockchain and cryptocurrencies//"
Article de blog publié le 6 avril 2020 — Rédigé par John DiMaria, Assurance Investigatory Fellow, CSA
{{ss2col{
<<<
[>img(150px,auto)[iCSA/K46BC.jpg]]//Like many new technologies, many industries are moving ahead with experimentation and deployments of DLT (Distributed Ledger Technology), especially in the finance sector. The benefits offered by DLTs such as tamper evident and tamper proof records, near instant settlement via smart contracts and the potential for multi-party coordination without a trusted third party are attractive indeed.
!!No widely used standards or security frameworks for Distributed Ledger Technologies (DLT)
At this time, there are currently no widely accepted security frameworks or standards for DLT (Distributed Ledger Technologies). There isn't even a widely accepted vocabulary, ask five DLT experts what the term "decentralized" means and you'll get six answers. Now is the time for a DLT vendor and platform agnostic security framework. This means actual testing and deployment, it can't be an academic standard, and it needs to be operational. The companies showing leadership in DLT technology also need to show security leadership, not only for customer confidence, but also because DLT's will become the next battleground for hackers, it literally will be where all the value is stored and processed. Involvement in this standard will also position organizations to help shape it and ensure that it is useful for all parties, and of course, involvement will make deployment that much easier.
!!Recent attacks on DLT resulted in millions of dollars of losses
DLTs are already being used to store and process value, and we have seen attacks that have resulted in millions of dollars of theft and losses. Organizations are rapidly gaining operational DLT security knowledge, and now is the time to coordinate and create a security framework to ensure a safe and secure future.
!!Get in on the ground floor to help secure DLT.
For financial institutions and blockchain experts interested in participating in the creation of the DLT security framework, please reach out to research@cloudsecurityalliance.org for more information.//
[...]
<<<
}}}__Lien :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k46b/|https://CloudSecurityAlliance.fr/go/k46b/]]''
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #58|2020.04.05 - Newsletter Hebdomadaire #58]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #58|2020.04.05 - Weekly Newsletter - #58]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.04.05 - Newsletter Hebdomadaire #58]]>> |<<tiddler [[2020.04.05 - Weekly Newsletter - #58]]>> |
!!1 - Informations CSA de la semaine du 30 mars au 5 avril 2020
* Blog : CAIQ ou une autre méthode ?+++*[»]> <<tiddler [[2020.04.04 - Blog : CAIQ ou une autre méthode ?]]>>===
* Webinar : 'CSA's Executive Series: When AI Goes Wrong'+++*[»]> <<tiddler [[2020.04.02 - Webinar : 'CSA's Executive Series: When AI Goes Wrong']]>>===
* Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems'+++*[»]> <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]>>===
* Appel à commentaires : CSA 'The Six Pillars of DevSecOps: Automation+++*[»]> <<tiddler [[2020.03.30 - Appel à commentaires : 'The Six Pillars of DevSecOps: Automation]]>>===
* Webinar : le 7 avril, 'Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage'+++*[»]> <<tiddler [[2020.04.07 - Webinar : 'Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.04.05 - Veille Hebdomadaire - 5 avril]] avec plus de 80 liens dont :
* Etudes et rapports : Divvy Cloud+++*[»]>
|2020.04.03|//Divvy Cloud//|[[2020 State of Enterprise Cloud and Container Adoption and Security|https://divvycloud.com/state-of-cloud-report-2020/]] '[[rapport|https://divvycloud.com/wp-content/uploads/2020/04/2020-State-of-Enterprise-Cloud-and-Container-Adoption-and-Security.pdf]])|Report Containers|
===
* Fuites de données : Key Ring+++*[»]
|2020.04.02|VPNmentor|[[Report: Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak|https://www.vpnmentor.com/blog/report-keyring-leak/]]|AWS_S3 Data_Leak Key_Ring|
|2020.04.02|//Threatpost//| → [[44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig|https://threatpost.com/44m-digital-wallet-key-ring-cloud-misconfig/154260/]]|AWS_S3 Data_Leak Key_Ring|
===, SOS Online Backup+++*[»]
|2020.04.01|VPNmentor|[[Report: Cloud Backup Provider Exposes Customer Data in Massive Leak|https://www.vpnmentor.com/blog/report-sosonlinebackup-leak/]]|Data_Leak|
===
* __Attaques__ et pannes : attaques en lien avec le COVID-19+++*[»]
|2020.04.04|//Menlo Security//|[[Sophisticated COVID-19–Based Phishing Attacks Leverage PDF Attachments and SaaS to Bypass Defenses|https://www.menlosecurity.com/blog/sophisticated-covid-19-based-phishing-attacks-leverage-pdf-attachments-and-saas-to-bypass-defenses]]|Phishing COVID19|
|2020.04.02|CBR Online|[[Microsoft Azure Throttles Cloud Access, Blames Capacity Crunch|https://www.cbronline.com/news/microsoft-azure-capacity-crunch]]|Azure Resilience|
===, détournement de traffic Cloud+++*[»]
|2020.04.05|ZDnet|![[Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others|https://www.zdnet.com/article/russian-telco-hijacks-internet-traffic-for-google-aws-cloudflare-and-others/]]|BGP_Highjack|
===, malware Kinsing visant les containers+++*[»]>
|2020.04.03|//Aqua Security//|![[Threat Alert: Kinsing Malware Attacks Targeting Container Environments|https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability]]|Docker Attacks|
|2020.04.03|//Threatpost//| → [[Self-Propagating Malware Targets Thousands of Docker Ports Per Day|https://threatpost.com/self-propagating-malware-docker-ports/154453/]]|Docker Attacks|
===, panne GCP+++*[»]>
|2020.04.01|//Google Cloud//|[[Google Cloud infrastructure components Incident #20003|https://status.cloud.google.com/incident/zall/20003]]|GCP Outage|
===
* __Menaces__ et vulnérabilités : instances Redis vulnérables+++*[»]
|2020.04.02|//TrendMicro//|![[More Than 8,000 Unsecured Redis Instances Found in the Cloud|https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-8000-unsecured-redis-instances-found-in-the-cloud/]]|Misconfigurations Redis|
===, malware Raccoon et GCP+++*[»]
|2020.03.31|//TrendMicro//|[[Raccoon Stealer's Abuse of Google Cloud Services and Multiple Delivery Techniques|https://blog.trendmicro.com/trendlabs-security-intelligence/raccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniques/]]|GCP MaaS|
===
* __Divers__ : après les questionnements, des doutes sur la sécurité de Zoom+++*[»]>
|2020.04.05|//Divvy Cloud//|[[Zoom Recordings Exposed|https://divvycloud.com/zoom-recordings-exposed/]]|Zoom Data_Leak|
|2020.04.03|Washington Post|[[Zoom videos exposed online, highlighting privacy risk|https://www.washingtonpost.com/technology/2020/04/03/thousands-zoom-video-calls-left-exposed-open-web/]]|Zoom Data_Leak|
|2020.04.03|Citizen Lab|![[Move Fast & Roll Your Own Crypto|https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/]]|Zoom Confidentiality Cryptography|
|2020.04.03|The Intercept|[[Zoom's Encryption Is "Not Suited for Secrets" and Has Surprising Links to China, Researchers Discover|https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/]]|Zoom Data_Leak|
|2020.04.01|//Zoom//|[[The Facts Around Zoom and Encryption for Meetings/Webinars|https://blog.zoom.us/wordpress/2020/04/01/facts-around-zoom-encryption-for-meetings-webinars/]]|Zoom Encryption|
|2020.03.31|The Intercept|[[Zoom Meetings Aren't End-to-End Encrypted, Despite Misleading Marketing|https://theintercept.com/2020/03/31/zoom-meeting-encryption/]]|Zoom Encryption|
===, consortium pour la sécurité du routage+++*[»]
|2020.03.31|Internet Society|![[Leading CDN and Cloud Providers Join MANRS to Improve Routing Security|https://www.internetsociety.org/news/press-releases/2020/leading-cdn-and-cloud-providers-join-manrs-to-improve-routing-security/]]|Networking Prevention|
|2020.04.03|//Threatpost//| → [[Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks|https://threatpost.com/cloud-cdns-team-internet-routing-attacks/154434/]]|Networking Prevention|
===, matrice ATT&CK pour Kubernetes+++*[»]
|2020.04.02|//Microsoft//|![[Attack matrix for Kubernetes|https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/]]|ATT&CK Kubernetes|
===, SIEM+++*[»]
|2020.04.01|//Panther Labs//|[[Panther Labs Launches Open-Source Cloud-Native SIEM|https://www.securityweek.com/panther-labs-launches-open-source-cloud-native-siem]]|SIEM Tools|
|2020.03.31|//Exabeam//|[[Plugging AWS Into Your SIEM: A Practical Guide|https://www.exabeam.com/siem/plugging-aws-into-your-siem-a-practical-guide/]]|SIEM AWS|
===
!CSA News and Updates - March 30th to April 5th
* Blog: 'Why use the CAIQ for vendor analysis vs. other questionnaires?'+++*[»]> <<tiddler [[2020.04.04 - Blog : CAIQ ou une autre méthode ?]]>>===
* Webinar: 'CSA's Executive Series: When AI Goes Wrong'+++*[»]> <<tiddler [[2020.04.02 - Webinar : 'CSA's Executive Series: When AI Goes Wrong']]>>===
* Call for comments: NIST 800-210 'General Access Control Guidance for Cloud Systems'+++*[»]> <<tiddler [[2020.04.01 - Appel à commentaires : NIST 800-210 'General Access Control Guidance for Cloud Systems']]>>===
* Call for comments: CSA's 'The Six Pillars of DevSecOps: Automation+++*[»]> <<tiddler [[2020.03.30 - Appel à commentaires : 'The Six Pillars of DevSecOps: Automation]]>>===
* Webinar on April 7th, 'Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage'+++*[»]> <<tiddler [[2020.04.07 - Webinar : 'Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage']]>>===
!Cloud and Security News Watch
[[Over 80 links|2020.04.05 - Veille Hebdomadaire - 5 avril]] among which:
* Reports: Divvy Cloud (2020 State of Enterprise Cloud and Container Adoption and Security)
* Data Leaks: Key Ring (popular digital wallet); SOS Online Backup (Cloud backup provider)
* __Attacks__ and outages: some related to the COVID-19 outbreak; hijacks of internet traffic for Google, AWS, Cloudflare, and others; Kinsing malware targeting container environments; GCP outage
* Threats: Unsecured Redis instances in the Cloud; Raccoon malware abuse of Google Cloud Services
* __Miscellaneous__: issues with Zoom (recordings exposed, encryption not end-to-end...); leading CDN and Cloud Providers Join MANRS to improve routing security; ATT&CK matrix for Kubernetes; Open-Source Cloud-Native SIEM
|!⇒ [[CloudSecurityAlliance.fr/go/K45|https://CloudSecurityAlliance.fr/go/K45/]] |
<<tiddler [[arOund0C]]>>
|!Avril|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.04.05|
|2020.04.05|François Quiquet[>img[iCSF/flag_fr.png]]|![[23 Conseils pour réussir la certification CCSK (Certificate of Cloud Security Knowledge)|https://www.linkedin.com/pulse/23-conseils-pour-r%25C3%25A9ussir-la-certification-ccsk-cloud-quiquet-/]]|CCSK|
|2020.04.05|ZDnet|![[Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others|https://www.zdnet.com/article/russian-telco-hijacks-internet-traffic-for-google-aws-cloudflare-and-others/]]|BGP_Highjack|
|2020.04.07|Security Week| → [[Russian Telco Hijacked Internet Traffic of Major Networks - Accident or Malicious Action?|https://www.securityweek.com/russian-telco-hijacked-internet-traffic-major-networks-accident-or-malicious-action]]|BGP_Highjack|
|2020.04.05|//Divvy Cloud//|[[Zoom Recordings Exposed|https://divvycloud.com/zoom-recordings-exposed/]]|Zoom Data_Leak|
|2020.04.05|//JumpCloud//|[[Azure AD versus Ping Identity|https://jumpcloud.com/blog/aad-versus-ping-identity]]|AzureAD Ping_Identity|
|>|>|>|!2020.04.04|
|2020.04.04|TechBeacon|[[3 ways to build a more secure private cloud|https://techbeacon.com/security/3-ways-build-more-secure-private-cloud]]|Private_Cloud|
|2020.04.04|KitPloit|[[Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Function|https://www.kitploit.com/2020/04/serverless-prey-serverless-functions.html]]|[[Tools|GitHub-Tools]]|
|2020.04.04|//Menlo Security//|[[Sophisticated COVID-19–Based Phishing Attacks Leverage PDF Attachments and SaaS to Bypass Defenses|https://www.menlosecurity.com/blog/sophisticated-covid-19-based-phishing-attacks-leverage-pdf-attachments-and-saas-to-bypass-defenses]]|Phishing COVID19|
|>|>|>|!2020.04.03|
|2020.04.03|Hackers Online|[[OWASP IoTGoat Firmware To Find IoT Devices Vulnerabilities|https://hackersonlineclub.com/owasp-iotgoat-firmware-to-find-iot-devices-vulnerabilities/]]|IoT Security_Challenge|
|2020.04.03|Dark Reading|[[Want to Improve Cloud Security? It Starts with Logging|https://www.darkreading.com/cloud/want-to-improve-cloud-security-it-starts-with-logging/a/d-id/1337383]]|Logging|
|2020.04.03|Bleeping Computer|[[Zoom's Web Client is Down, Users Report 403 Forbidden Errors|https://www.bleepingcomputer.com/news/technology/zooms-web-client-is-down-users-report-403-forbidden-errors/]]|Zoom Outage|
|2020.04.03|DZone|[[50+ Useful Kubernetes Tools List - Part 2|https://dzone.com/articles/50-useful-kubernetes-tools-list-part-2]]|K8s Tools|
|2020.04.03|jdSupra|[[Processing in Office 365 eDiscovery|https://www.jdsupra.com/legalnews/processing-in-office-365-ediscovery-21377/]]|eDiscovery|
|2020.04.03|ZDnet|[[Australian Privacy Foundation labels CLOUD Act-readying Bill as 'deeply flawed'|https://www.zdnet.com/article/australian-privacy-foundation-labels-cloud-act-readying-bill-as-deeply-flawed/]]|CLOUD_Act|
|2020.04.03|Washington Post|[[Zoom videos exposed online, highlighting privacy risk|https://www.washingtonpost.com/technology/2020/04/03/thousands-zoom-video-calls-left-exposed-open-web/]]|Zoom Data_Leak|
|2020.04.03|Citizen Lab|![[Move Fast & Roll Your Own Crypto|https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/]]|Zoom Confidentiality Cryptography|
|2020.04.03|The Intercept|[[Zoom's Encryption Is "Not Suited for Secrets" and Has Surprising Links to China, Researchers Discover|https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/]]|Zoom Data_Leak|
|2020.04.03|Sami Lamppu|![[Azure AD Identity Protection Integration with Cloud App Security |https://samilamppu.com/2020/04/03/benefit-of-azure-ad-identity-protection-integration-with-cloud-app-security/]] (1/2) |AzureAD IAM|
|2020.04.03|CRN AU|[[6 big challenges security partners face when migrating to the cloud|https://www.crn.com.au/news/6-big-challenges-security-partners-face-when-migrating-to-the-cloud-545968]]|Misc|
|2020.04.03|//Almond//[>img[iCSF/flag_fr.png]]|[[Sécurité avec API : OAuth, Token-based access ou Key-based access|https://www.globalsecuritymag.fr/Securite-avec-API-OAuth-Token,20200403,97298.html]]|APIs|
|2020.04.03|//Google Cloud//|[[Connecting to Google Cloud: your networking options explained|https://cloud.google.com/blog/products/networking/google-cloud-network-connectivity-options-explained]]|GCP Networking|
|2020.04.03|//Aqua Security//|![[Threat Alert: Kinsing Malware Attacks Targeting Container Environments|https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability]]|Docker Attacks|
|2020.04.03|//Threatpost//| → [[Self-Propagating Malware Targets Thousands of Docker Ports Per Day|https://threatpost.com/self-propagating-malware-docker-ports/154453/]]|Docker Attacks|
|2020.04.05|ZDnet| → [[Docker servers targeted by new Kinsing malware campaign|https://www.zdnet.com/article/docker-servers-targeted-by-new-kinsing-malware-campaign/]]|Docker Attacks|
|2020.04.06|GBHackers on Security| → [[Kinsing Malware Attacks Misconfigured Open Docker Daemon API Ports|https://gbhackers.com/kinsing-malware-attack/]]|Docker Attacks|
|2020.04.06|Dark Reading| → [[Misconfigured Containers Again Targeted by Cryptominer Malware|https://www.darkreading.com/attacks-breaches/misconfigured-containers-again-targeted-by-cryptominer-malware/d/d-id/1337492]]|Docker Attacks|
|2020.04.06|Security Week| → [[Kinsing Linux Malware Deploys Crypto-Miner in Container Environments|https://www.securityweek.com/kinsing-linux-malware-deploys-crypto-miner-container-environments]]|Docker Attacks|
|2020.04.06|//Tripwire//| → [[Misconfigured Docker API Ports Targeted by Kinsing Malware|https://www.tripwire.com/state-of-security/security-data-protection/cloud/misconfigured-docker-api-ports-targeted-by-kinsing-malware/]]|Docker Attacks|
|2020.04.07|//Duo Security//| → [[Kinsing Malware Targets Docker|https://duo.com/decipher/kinsing-malware-targets-docker]]|Docker Attacks|
|2020.04.03|//Divvy Cloud//|[[2020 State of Enterprise Cloud and Container Adoption and Security|https://divvycloud.com/state-of-cloud-report-2020/]] '[[rapport|https://divvycloud.com/wp-content/uploads/2020/04/2020-State-of-Enterprise-Cloud-and-Container-Adoption-and-Security.pdf]])|Report Containers|
|2020.04.03|//HashiCorp//|[[Enforcing AWS S3 Security Best Practices Using Terraform & Sentinel|https://medium.com/hashicorp-engineering/enforcing-aws-s3-security-best-practice-using-terraform-sentinel-ddcd181ff4b7]]|AWS Best_Practices|
|>|>|>|!2020.04.02|
|2020.04.02|VPNmentor|[[Report: Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak|https://www.vpnmentor.com/blog/report-keyring-leak/]]|AWS_S3 Data_Leak Key_Ring|
|2020.04.02|InfoSecurity Mag| → [[Key Ring App Data Leak Exposes 44 Million Images|https://www.infosecurity-magazine.com/news/key-ring-app-data-leak-exposes-44m/]]|AWS_S3 Data_Leak Key_Ring|
|2020.04.02|//Threatpost//| → [[44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig|https://threatpost.com/44m-digital-wallet-key-ring-cloud-misconfig/154260/]]|AWS_S3 Data_Leak Key_Ring|
|2020.04.06|CISO Mag| → [[Data Breach Exposes 14 Million Key Ring Users Data|https://www.cisomag.com/data-breach-exposes-14-million-key-ring-users-data/]]|AWS_S3 Data_Leak Key_Ring|
|2020.04.02|Bleeping Computer|[[Office 365 Phishing Uses CSS Tricks to Bypass Email Gateways|https://www.bleepingcomputer.com/news/security/office-365-phishing-uses-css-tricks-to-bypass-email-gateways/]]|O365 Phishing|
|2020.04.02|DZone|![[Azure, AWS, and GCP: A Multicloud Service Cheat Sheet|https://dzone.com/articles/azure-aws-and-gcp-a-multicloud-service-cheat-sheet]]|Azure AWS GCP Comparisons|
|2020.04.02|CBR Online|[[Microsoft Azure Throttles Cloud Access, Blames Capacity Crunch|https://www.cbronline.com/news/microsoft-azure-capacity-crunch]]|Azure Resilience|
|2020.04.02|//Microsoft//|![[Attack matrix for Kubernetes|https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/]]|ATT&CK Kubernetes|
|2020.04.02|//Microsoft Azure//|[[Announcing server-side encryption with customer-managed keys for Azure Managed Disks|https://azure.microsoft.com/en-us/blog/announcing-serverside-encryption-with-customermanaged-keys-for-azure-managed-disks/]]|Azure Encryption|
|2020.04.02|//TrendMicro//|![[More Than 8,000 Unsecured Redis Instances Found in the Cloud|https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-8000-unsecured-redis-instances-found-in-the-cloud/]]|Misconfigurations Redis|
|2020.04.02|//TrendMicro//|[[Cloud-First but Not Cloud-Only: Why Organizations Need to Simplify Cybersecurity|https://blog.trendmicro.com/cloud-first-but-not-cloud-only-why-organizations-need-to-simplify-cybersecurity/]]|Misc|
|2020.04.02|//Cloudonaut//|![[Top 14 Must-Haves for Your AWS Architecture Checklist|https://cloudonaut.io/aws-architecture-checklist/]]|AWS Architecture|
|2020.04.02|//Phoenix TS//|[[Head in the Cloud? Time to Face Cyber Security Reality|https://phoenixts.com/blog/head-in-the-cloud-time-to-face-cyber-security-reality/]]|Misc|
|>|>|>|!2020.04.01|
|2020.04.01|TL;DR Security|[[#29 - Testing GraphQL, Bug Bounty Programs, & AWS Service Control Policy Best Practices|https://tldrsec.com/blog/tldr-sec-029/]] |Weekly_Newsletter|
|2020.04.01|VPNmentor|[[Report: Cloud Backup Provider Exposes Customer Data in Massive Leak|https://www.vpnmentor.com/blog/report-sosonlinebackup-leak/]]|Data_Leak|
|2020.04.01|Silicon Angle| → [[SOS Online Backup exposed 135M records via unsecured cloud storage|https://siliconangle.com/2020/04/01/cloud-backup-provider-sos-online-backup-exposed-135m-records-via-unsecured-cloud-storage/]]|Data_Leak|
|2020.04.01|HackRead|[["World's most secure online backup" provider exposes 135M records|https://www.hackread.com/worlds-most-secure-online-backup-provider-exposes-records/]]|Data_Leak|
|2020.04.01|Security Week|[[AWS Security Service 'Amazon Detective' Now Generally Available|https://www.securityweek.com/aws-security-service-amazon-detective-now-generally-available]]|AWS_Detective|
|2020.04.03|CBR Online| → [[Amazon Detective Spots Unusual Behaviour Buried in the Data Logs|https://www.cbronline.com/news/amazon-detective]]|AWS_Detective|
|2020.04.01|(ISC)2|[[Cybersecurity's Top Needed Skill: Cloud Security|https://blog.isc2.org/isc2_blog/2020/04/cybersecuritys-top-needed-skill-cloud-security.html]]|Training|
|2020.04.01|DevOps|[[How to Secure Online Coding Platforms|https://devops.com/how-to-secure-online-coding-platforms/]]|Coding Threat_Modeling|
|2020.04.01|DevOps|[[Comparing Three Approaches to Multi-Cloud Security Management|https://devops.com/comparing-three-approaches-to-multi-cloud-security-management/]]|Multi_Cloud|
|2020.04.01|//Google Cloud//|[[Google Cloud infrastructure components Incident #20003|https://status.cloud.google.com/incident/zall/20003]]|GCP Outage|
|2020.04.01|//Google Cloud//|[[Achieving identity and access governance on Google Cloud|https://cloud.google.com/blog/products/identity-security/achieving-identity-and-access-governance-on-google-cloud]]|CGP Identity|
|2020.04.02|The Register| → [[Google Cloud Engine outage caused by 'large backlog of queued mutations'|https://www.theregister.co.uk/2020/04/02/google_cloud_services_outage_caused/]]|GCP Outage|
|2020.04.01|//XMCO//[>img[iCSF/flag_fr.png]]|[[Sécurité des environnements AWS - Partie 1|https://www.xmco.fr/actu-secu/XMCO-ActuSecu-53-AWS_Cryptomineur_SmartInstall.pdf]] (1/2) (pdf)|AWS|
|2020.04.01|//Zoom//|[[The Facts Around Zoom and Encryption for Meetings/Webinars|https://blog.zoom.us/wordpress/2020/04/01/facts-around-zoom-encryption-for-meetings-webinars/]]|Zoom Encryption|
|2020.04.01|//Panther Labs//|[[Panther Labs Launches Open-Source Cloud-Native SIEM|https://www.securityweek.com/panther-labs-launches-open-source-cloud-native-siem]]|SIEM Tools|
|2020.04.01|//Menlo Security//|[[2020 Will Be the Year That SaaS Breaks Enterprise Security|https://www.menlosecurity.com/blog/2020-will-be-the-year-that-saas-breaks-enterprise-security]]|SaaS|
|2020.04.01|//AlienVault//|[[The foundation of a Zero Trust architecture|https://cybersecurity.att.com/blogs/security-essentials/the-foundation-of-a-zero-trust-architecture]] (1/3]|Zero_Trust|
|2020.04.01|//Nightfall//|[[Cloud-native as the Future of Data Loss Prevention|https://nightfall.ai/resources/cloud-native-as-the-future-of-data-loss-prevention/]]|Cloud_Native DLP|
|!Mars|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.03.31|
|2020.03.31|Internet Society|![[Leading CDN and Cloud Providers Join MANRS to Improve Routing Security|https://www.internetsociety.org/news/press-releases/2020/leading-cdn-and-cloud-providers-join-manrs-to-improve-routing-security/]]|Networking Prevention|
|2020.03.31|MANRS|![[MANRS for CDN and Cloud Providers|https://www.manrs.org/cdn-cloud-providers/]]|Networking Prevention|
|2020.04.03|APNIC| → [[CDNs and cloud providers join MANRS to improve routing security|https://blog.apnic.net/2020/04/03/cdns-and-cloud-providers-join-manrs-to-improve-routing-security/]]|Networking Prevention|
|2020.04.03|//Threatpost//| → [[Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks|https://threatpost.com/cloud-cdns-team-internet-routing-attacks/154434/]]|Networking Prevention|
|2020.03.31|Summit Route|![[Isolated networks on AWS|https://summitroute.com/blog/2020/03/31/isolated_networks_on_aws/]] |AWS Isolation|
|2020.03.31|The Intercept|[[Zoom Meetings Aren't End-to-End Encrypted, Despite Misleading Marketing|https://theintercept.com/2020/03/31/zoom-meeting-encryption/]]|Zoom Encryption|
|2020.03.31|The Register|[[Outage hits some Google Cloud services, error rate curve flattens and they're coming back|https://www.theregister.co.uk/2020/03/31/google_cloud_infrastructure_outage/]]|GCP Outage|
|2020.03.31|The Last Watchdog|[[Security Compass streamlines the insertion of security best practices into DevOps|https://www.lastwatchdog.com/new-tech-security-compass-streamlines-the-insertion-of-security-best-practices-into-devops/]]|DevSecOps|
|2020.03.31|KitPloit|[[Awspx - A Graph-Based Tool For Visualizing Effective Access And Resource Relationships In AWS Environments|https://www.kitploit.com/2020/03/awspx-graph-based-tool-for-visualizing.html]]|Tools AWS|
|2020.03.31|Container Journal|[[Catch Breaches Faster With Automated Kubernetes Audit Log Monitoring|https://containerjournal.com/topics/container-security/catch-breaches-faster-with-automated-kubernetes-audit-log-monitoring/]]|Monitoring Logging Kubernetes|
|2020.03.31|Security Boulevard|[[Cybersecurity Cloud Transition Likely to Accelerate|https://securityboulevard.com/2020/03/cybersecurity-cloud-transition-likely-to-accelerate/]]|Misc|
|2020.03.31|arXiv.org|![[Cybersecurity in the AWS Cloud|https://arxiv.org/pdf/2003.12905.pdf]] (pdf)|AWS|
|2020.03.31|arXiv.org|[[A Security and Performance Driven Architecture for Cloud Data Centers|https://arxiv.org/pdf/2003.12598.pdf]] (pdf)|Data_Centers|
|2020.03.31|//TrendMicro//|[[Raccoon Stealer's Abuse of Google Cloud Services and Multiple Delivery Techniques|https://blog.trendmicro.com/trendlabs-security-intelligence/raccoon-stealers-abuse-of-google-cloud-services-and-multiple-delivery-techniques/]]|GCP MaaS|
|2020.04.02|CyberDefense Mag| → [[New Raccoon Stealer uses Google Cloud Services to evade detection|https://www.cyberdefensemagazine.com/new-raccoon-stealer-uses-google-cloud-services-to-evade-detection/]]|GCP MaaS|
|2020.03.31|//Google Cloud//|[[Introducing Service Directory: Manage all your services in one place at scale|https://cloud.google.com/blog/products/networking/introducing-service-directory]]|GCP Directory|
|2020.04.01|The Register| → [[Who you gonna call? Google Cloud Platform's beta Service Directory is like a phone book for microservice discovery|https://www.theregister.co.uk/2020/04/01/google_cloud_service_directory_beta/]]|GCP Directory|
|2020.03.31|//Lastline//|[[The Challenge of Obtaining Visibility into Cloud Security|https://www.lastline.com/blog/the-challenge-of-obtaining-visibility-into-cloud-security/]]|Visibility|
|2020.03.31|//G2//|[[5 SaaS Security Concerns and How to Address Them|https://learn.g2.com/saas-security]]|SaaS|
|2020.03.31|//Backblaze//|[[Look Before You Sync: Cloud Backup Vs. Cloud Sync|https://www.backblaze.com/blog/cloud-backup-vs-cloud-sync/]]|BackUp Synchronization|
|2020.03.31|//Sysdig//|[[PCI Compliance for Containers and Kubernetes|https://sysdig.com/blog/container-pci-compliance/]]|Compliance Containers|
|2020.03.31|//Exabeam//|[[Plugging AWS Into Your SIEM: A Practical Guide|https://www.exabeam.com/siem/plugging-aws-into-your-siem-a-practical-guide/]]|SIEM AWS|
|2020.03.31|//HashiCorp//|[[HashiCorp Vault: Delivering Secrets with Kubernetes|https://medium.com/hashicorp-engineering/hashicorp-vault-delivering-secrets-with-kubernetes-1b358c03b2a3]]|K8s Secrets|
|>|>|>|!2020.03.30|
|2020.03.30|Summit Route|[[AWS Phishing Emails|https://summitroute.com/blog/2020/03/30/aws_phishing_emails/]]|AWS Phishing|
|2020.03.30|The Register|[[Cloud'n'server hosting giant OVH more like OMG: Data center hardware failure knocks out services in France|https://www.theregister.co.uk/2020/03/30/ovh_cloud_outage/]]|OVH Outage|
|2020.03.30|Christophe Tafani-Dereeper|[[They told me I could be anything, so I became a Kubernetes node - Using K3s for command and control on compromised Linux hosts|https://blog.christophetd.fr/using-k3s-for-command-and-control-on-compromised-linux-hosts/]] ([[video|https://www.youtube.com/watch?v=CH7S5rE3j8w]])|Kubernetes K3s APT|
|2020.03.30|Christophe Tafani-Dereeper|[[Using K3s for command and control on compromised Linux hosts|https://blog.christophetd.fr/using-k3s-for-command-and-control-on-compromised-linux-hosts/]]|K8s Attacks|
|2020.03.30|DevOps|[[How to Secure Your Kubernetes Cluster on GKE|https://devops.com/how-to-secure-your-kubernetes-cluster-on-gke/]]|GKE Kubernetes|
|2020.03.30|Alex Smolen|[[Fine-tuning access with AWS IAM global condition context keys|https://medium.com/@alsmola/fine-tuning-access-with-aws-iam-global-condition-context-keys-784d6374ee]]|AWS IAM Keys|
|2020.03.30|Keith Rozario|[[My experience with AWS Certified Security|https://www.keithrozario.com/2020/03/my-experience-with-aws-certified-security-specialty.html]]|AWS Certification|
|2020.03.30|//Microsoft//|[[Introducing new Microsoft 365 Personal Family subscriptions|https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/30/introducing-new-microsoft-365-personal-family-subscriptions/]]|O365 M365|
|2020.03.31|Redmond Channel Partner| → [[Some Office 365 Products Getting 'Microsoft 365' Rebrand|https://rcpmag.com/articles/2020/03/31/office-365-microsoft-365-rebrand.aspx]]|O365 M365|
|2020.03.31|NetGuide NZ| → [[Microsoft overhauls Office 365, rebrands it 'Microsoft 365'|https://netguide.co.nz/story/microsoft-overhauls-office-365-rebrands-it-microsoft-365]]|O365 M365|
|2020.04.01|Ars Technica| → [[Microsoft announces Microsoft 365, a service to replace personal Office 365|https://arstechnica.com/gadgets/2020/04/office-365-is-now-microsoft-365-and-its-getting-new-apps-and-features/]]|O365 M365|
|2020.03.30|//McAfee//[>img[iCSF/flag_fr.png]]|[[Le partage des responsabilités est primordial à la sécurité du cloud|https://www.globalsecuritymag.fr/Le-partage-des-responsabilites-est,20200330,97144.html]]|Shared_responsibility|
|2020.03.30|//G Suite//|[[Less secure app turn-off suspended until further notice|https://gsuiteupdates.googleblog.com/2020/03/less-secure-app-turn-off-suspended.html]]|G_Suite|
|2020.03.30|//Microsoft//|[[Enable remote collaboration quickly and securely with Azure AD|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/enable-remote-collaboration-quickly-and-securely-with-azure-ad/ba-p/1257334]]|AzureAD|
|2020.03.30|//AttackIQ//|[[Defeating a Cloud Breach Part 1|https://attackiq.com/blog/2020/03/30/defeating-a-cloud-breach-part-1/]] (1/3)|Attack Breach|
|2020.03.30|//Toshiba//|[[World Back Up Day : Toshiba fait cinq recommandations pour la sauvegarde des données|https://www.globalsecuritymag.fr/World-Back-Up-Day-Toshiba-fait,20200330,97122.html]]|Backup|
|2020.03.30|//Coalfire//|[[Accelerate Your Path to Cloud Compliance|https://www.coalfire.com/The-Coalfire-Blog/March-2020/Accelerate-Your-Path-to-Cloud-Compliance]]|Compliance|
|2020.03.30|//ForgeRock//|[[Part Two: 5 More IAM Capabilities to Support Remote Work and Online Business at Scale|https://www.forgerock.com/blog/part-two-5-more-iam-capabilities-support-remote-work-and-online-business-scale]] (2/2)|IAM|
!"//Why use the CAIQ for vendor analysis vs. other questionnaires?//"
Article de blog publié le 4 avril 2020 — Rédigé par John DiMaria, Assurance Investigatory Fellow, CSA
{{ss2col{
<<<
[>img(150px,auto)[iCSA/K44BW.png]]//Security assessments, security questionnaires, vendor assessments, RFPs are all unavoidable in today's world of cloud computing and drain valuable resources and time when completing them. However, they're a big part of closing new deals and maintaining or up-selling to existing accounts. If you are a start-up trying to escalate, it can be even more daunting.
Well, here is some information only old fixtures like me know from doing this for 30 years:
!!The challenge with most security questionnaires
A questionnaire addresses only the "perception" of risk by your customers; it does not address your "actual" risks. Customer security teams often create these questionnaires based on their own risks using a list of specific controls based on their internal experiences or what they are using. They usually apply the same prescription to every vendor they work with, regardless if it's reasonable or even applicable.
In many cases, it is to check a box or cover a legal requirement of due diligence recommended by the General Council. This means that you can (technically) complete this questionnaire without having any tangible evidence of security at all. And here is the kicker, they may not even look at your answers and many times don't. Face it, if you are a person tasked with administering security questionnaires and you have; for example, 1000 vendors and you send them all a questionnaire that say covers 114 + controls similar to ISO/IEC 27001 plus maybe a few of your own and now they all come back… are you going to read every line and vet each question to make sure it is complete enough and if a few are not; are you going to audit them or even call to discuss it? Chances are the answer is NO, or at best, you address the "showstoppers." Even if you wanted to address every single one 100%, it would take a huge investment. So, the questionnaire is just a tad better than blind trust.
Now obviously, none of what I just described is advisable, but it does happen to some extent. So how do you make the best use of your time, help your customers satisfy their requirements, provide an actual account of what you have in place with applicable controls, AND ensure it is updated and maintained for them?
!!One questionnaire that aligns with over 40 leading standards and regulations
CSA, through the power of years of research, has combined the comprehensive feedback that was collected over the years from its partners, working groups and the industry to produce the Cloud Control Matrix (CCM). The CCM is a set of sector-specific controls for cloud service providers. There is also a set of questions a cloud consumer and auditor may wish to ask a cloud provider to ascertain their compliance to the CCM called the Consensus Assessment Initiative Questionnaire (CAIQ).
The CAIQ offers an industry-accepted way to document what security controls exist in cloud services, providing security control transparency and to some extent assurance. Therefore, it helps cloud customers to gauge the security posture of prospective cloud service providers and determine if their cloud services are suitably secure. It allows the cloud user to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experience and because it is posted on the STAR public registry and updated on a regular basis, the customer can easily monitor the provider's ongoing compliance posture providing a higher level of peace of mind for the user.
!!Eliminates the need for multiple questionnaires
Because the CCM aligns itself with over 40 of the leading standards and regulations, it basically eliminates the need for any other questionnaire. This allows the cloud service provider (CSP) to break down how you express risk to a customer with your actual risk. And because of the detailed mappings, within the main CCM document, they can see the connection with many other standards and/or regulations they may have questions about.
!!For cloud customers
It is prudent to require that your cloud providers submit a CAIQ self-assessment to the CSA STAR registry. This means the provider will have completed the first of three levels of transparency and assurance provided by the CSA STAR Program.
* The CSA STAR compliance program lets you select the level of transparency and assurance you may want to require from CSPs as part of your procurement process and ongoing monitoring.
* The STAR registry is a trusted source of information on the security and privacy posture of CSPs. It enforces accountability and lets you build a coherent GRC program.
* The STAR Foundation tools (including the CCM, CAIQ, and GDPR Code of Conduct) support your own GRC approach and ensure language alignment between you and your CSP.
If your provider is not listed on the STAR registry, you can submit a request to have them verified using our ready-made editable template that you can revise and e-mail directly to your provider(s).
After you've selected the appropriate level for your organization you can check their status in the STAR registry.
!!To cloud service providers
The Security, Trust, Assurance, and Risk (STAR) registry is a cost-effective solution that decreases complexity while increasing trust and transparency. Demonstrate your adherence to security and privacy best practices to future and current customers by submitting to the registry.
* Accelerate your sales cycle
* Solidify your position as a trusted provider of cloud services
* Better build, establish and maintain a robust security program that is internationally accepted
* Expand your business by helping customers navigate secure cloud adoption
* Be part of a global database that is becoming the marketplace for providers used by cloud users
* You can update your entry annually and it is maintained by CSA. You just need to provide a link to your customers.
* CSA experts will help you with the initial business communication to facilitate eliminating or reducing those multiple questionnaires
//[...]
<<<
}}}__Lien :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k44b/|https://CloudSecurityAlliance.fr/go/k44b/]]''
!"//Cloud Adoption Considerations for IoT and OT//"
Webinar [[CloudBytes]] diffusé le 2 avril 2020 — Présenté par Bob Gourley, Directeur technique et co-fondateur de OODA
<<<
//to learn about when AI goes wrong including... 6 categories of real-world AI failures, notable failures in operational systems, compliance needs, a guide for securing AI for framework//
<<<
⇒ S'inscrire au Webinar de 60 minutes [[sur le site de BrightTALK|https://CloudSecurityAlliance.fr/go/k41w/]].
!"//General Access Control Guidance for Cloud Systems//"
[>img(150px,auto)[iCSF/NIST.gif]]Ce document de travail propose une première approche pour comprendre les défis de sécurité dans le cloud en analysant les aspects de contrôle d'accès (AC) dans les trois modèles de services cloud : IaaS, PaaS et SaaS.
Les caractéristiques essentielles qui affecteraient la conception du contrôle d'accès au cloud sont également résumées, telles que l'accès au réseau, la mise en commun des ressources, l'élasticité rapide, les services à la consommation et le partage des données.
Diverses orientations pour la conception du contrôle d'accès de l'IaaS, du PaaS et du SaaS sont proposées en fonction de leurs caractéristiques respectives.
Des recommandations pour la conception du contrôle d'accès dans différents systèmes cloud sont également incluses pour faciliter les futures mises en œuvre.
En outre, des exemples de règles sont synthétisées pour chaque système de cloud.
En conclusion : un document assez court et synthétique (26 pages) à consulter. La date limite pour faire les commentaires est fixée au ''15 mai 2020''.
La table des matières :{{ss2col{
<<<
//Executive Summary
* 1 - Introduction
** 1.1 - Purpose
** 1.2 - Scope
** 1.3 - Audience
** 1.4 - Document Structure
* 2 - Cloud Access Control Characteristics
* 3 - Access Control Guidance for IaaS
** 3.1 - Guidance for Network
** 3.2 - Guidance for Hypervisor
** 3.3 - Guidance for Virtual Machines
** 3.4 - Guidance for APIs
** 3.5 - Recommendations for IaaS Access Control
* 4 - Access Control System for PaaS
** 4.1 - Guidance for Memory Data
** 4.2 - Guidance for APIs
** 4.3 - Recommendations for PaaS Access Control
* 5 - AC System for SaaS
** 5.1 - Guidance for Data Owner's Control
** 5.2 - Guidance for Confidentiality
** 5.3 - Guidance for Privilege Management
** 5.4 - Guidance for Multiple Replicas of Data
** 5.5 - Guidance for Multi-tenancy
** 5.6 - Guidance for Attribute and Role Management
** 5.7 - Guidance for Policies
** 5.8 - Guidance for APIs
** 5.9 - Recommendations for SaaS Access Control
* 6 - Guidance for Inter and Intra Operation
* 7 - Conclusions
References
List of Appendices
Guidance and SP 800-53 Revision 4 AC Control Mapping//
<<<
}}}
__Liens sur le site du NIST :__
⇒ Lire [[l'annonce|https://CloudSecurityAlliance.fr/go/k41d/]]
⇒ Télécharger [[le document|https://CloudSecurityAlliance.fr/go/k41d/]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202003>>
<<tiddler fAll2Tabs10 with: VeilleM","_202003>>
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2020.03.05|//Source Incite//|[[SRC-2020-0011 : ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability|https://srcincite.io/advisories/src-2020-0011/]]|Zoho CVE-2020-10189|
|2020.03.06|//Zoho//|[[We acknowledge the vulnerability in versions of Desktop Central released before 1/20/20 (build 10.0.473 and below)|https://mobile.twitter.com/manageengine/status/1235985409731149824]]|Zoho CVE-2020-10189|
|2020.03.06|US-CERT| → [[Zoho Releases Security Update on ManageEngine Desktop Central|https://www.us-cert.gov/ncas/current-activity/2020/03/06/zoho-releases-security-update-manageengine-desktop-central]]|Zoho CVE-2020-10189|
|2020.03.06|Bleeping Computer| → [[Zoho Fixes No-Auth RCE Zero-Day in ManageEngine Desktop Central|https://www.bleepingcomputer.com/news/security/zoho-fixes-no-auth-rce-zero-day-in-manageengine-desktop-central/]]|Zoho CVE-2020-10189|
|2020.03.06|//Desktop Central//| → [[ManageEngine Desktop Central remote code execution vulnerability (CVE-2020-10189)|https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html]]|Zoho CVE-2020-10189|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Mars 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202003>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Mars 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Mars 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202003'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202003'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Mars 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202003'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Mars 2020]]>>
!"//The Six Pillars of DevSecOps: Automation//"
{{ss2col{
<<<
//Security automation is the programmatic execution of security actions to identify, protect, detect, respond, and recover from cyber threats.
Automation is a critical component of DevSecOps because it creates process efficiency, enabling developers, infrastructure, and security teams to focus on delivering value rather than repeating manual efforts and errors with every release.
Example activities that can be automated include application, host, and container vulnerability scanning.
DevOps teams utilizing CI/CD and infrastructure as code are agile and release features incrementally and at a much faster pace than teams using a waterfall approach.
This creates the need to automate security capabilities so as to provide timely and meaningful feedback.
This security capability must be embedded in the software delivery pipeline in order to keep pace with rapid changes in organizational assets and regulatory compliance.
Due to the complexity of cloud infrastructure and the potential downstream impact of even small code changes, security needs to be included in design, implementation, testing, release, and monitored in production.
A pragmatic approach introducing tentative and modest automation of security capabilities enables rapid feedback and can potentially eliminate whole classes of risk, such as container scanning to ensure OS hardening or software composition analysis for known CVEs.//
<<<
}}}La date limite pour faire les commentaires est fixée au ''22 avril 2020''.
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k3ua/]] sur le site de la CSA
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #57|2020.03.29 - Newsletter Hebdomadaire #57]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #57|2020.03.29 - Weekly Newsletter - #57]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.03.29 - Newsletter Hebdomadaire #57]]>> |<<tiddler [[2020.03.29 - Weekly Newsletter - #57]]>> |
!!1 - Informations CSA de la semaine du 23 au 29 mars 2020
* Podcast : 'CSA STAR Certification Case Study'+++*[»]> <<tiddler [[2020.03.25 - Podcast : 'CSA STAR Certification Case Study']]>>===
* Blog : les 7 étapes pour sécuriser le télétravail dans le Cloud+++*[»]> <<tiddler [[2020.03.27 - Blog : les 7 étapes pour sécuriser le télétravail dans le Cloud]]>>===
* Blog : Questions pour ses fournisseurs en cette période de télétravail massif+++*[»]> <<tiddler [[2020.03.26 - Blog : Questions pour ses fournisseurs en cette période de télétravail massif]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.03.29 - Veille Hebdomadaire - 29 mars]] avec plus d'une soixantaine de liens dont :
* Etudes et rapports : Exabeam+++*[»]
|2020.03.25|//Exabeam//|[[Exabeam Research Shows Companies are Embracing Cloud-based Security Tools, but Concerns Around Risk, Ease of Deployment Remain|https://www.exabeam.com/pr/exabeam-research-shows-companies-are-embracing-cloud-based-security-tools-but-concerns-around-risk-ease-of-deployment-remain/]]|Report Exabeam|
|2020.03.25|MSSP Alert| → [[Cloud-Based Security Tool Adoption: Latest Research Findings|https://www.msspalert.com/cybersecurity-research/cloud-based-tool-adoption/]]|Report Exabeam|
|2020.03.27|Help Net Security| → [[While many migrate security tools to the cloud, concerns remain|https://www.helpnetsecurity.com/2020/03/27/migrate-security-tools/]]|Report Exabeam|
===
* Alertes : Kubernetes+++*[»]
|2020.03.24|//Alcide//|[[New Kubernetes Vulnerabilities: CVE-2020-8551, CVE-2020-8552|https://blog.alcide.io/new-kubernetes-vulnerabilities-cve-2020-855-cve-2020-8552]]|K8s Flaws|
===
* __Attaques__ et pannes : Fuite de données+++*[»]
|2020.03.25|//vpnMentor//|[[Report: Cloud Storage Data Breach Exposes Users' Private Information|https://www.vpnmentor.com/blog/report-datadepositbox-leak/]]|Data_Leak AWS_S3|
===, incidents GCP+++*[»]
|2020.03.27|CIO Dive|[[Understanding Google Cloud's recent service hiccups|https://www.ciodive.com/news/google-cloud-platform-outage/575047/]]|GCP Outages|
===, malveillance par le Cloud+++*[»]
|2020.03.27|TechRepublic|[[Why Microsoft's Office 365 has become an all-access pass for phishers to exploit|https://www.techrepublic.com/article/why-microsofts-office-365-has-become-an-all-access-pass-for-phishers-to-exploit/]]|O365 Phishing|
|2020.03.25|//ZScaler//|[[Multistaged Downloader Leverages Google Drive to Download Advanced Malware|https://www.zscaler.com/blogs/research/multistaged-downloader-leverages-google-drive-download-advanced-malware]]|Attacks Malware Google_Drive|
|2020.03.23|Washington Post|[[How the cloud has opened new doors for hackers|https://www.washingtonpost.com/technology/2020/03/02/cloud-hack-problems/]]||
|2020.03.24|Dark Reading|![[How Attackers Could Use Azure Apps to Sneak into Microsoft 365|https://www.darkreading.com/cloud/how-attackers-could-use-azure-apps-to-sneak-into-microsoft-365/d/d-id/1337399]]|Azure Attacks|
===, tableau de bord Internet+++*[»]
|2020.03.23|CBR Online|[[New Global Internet Outages Map: "Concerning" Rise in ISP Outages|https://www.cbronline.com/news/global-internet-outages-map]]|Outages|
===
* __Divers__ : Impacts de la pandémie COVID-19 et du télétravail+++*[»]>
|2020.03.28|//Microsoft Azure//|![[Update #2 on Microsoft cloud services continuity|https://azure.microsoft.com/en-us/blog/update-2-on-microsoft-cloud-services-continuity/]]|COVID-19 Azure Resilience|
|2020.03.27|Solutions Review|[[The Coronavirus Cloud Computing Survival Guide for Businesses|https://solutionsreview.com/cloud-platforms/the-coronavirus-cloud-computing-survival-guide-for-businesses/]]|COVID-19 Recommendations|
|2020.03.26|DZone|[[Enabling WFH With Office 365 Requires State-of-the-Art Security and Data Backup|https://dzone.com/articles/enabling-wfh-with-office-365-requires-state-of-the]]|HomeWorking Backups|
|2020.03.24|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Microsoft Azure : à qui la priorité sur les ressources cloud ?|https://www.silicon.fr/microsoft-azure-priorite-cloud-336761.html]]|Azure|
|2020.03.24|Beeping Computer|[[Microsoft Cuts Back More Office 365 Features to Handle High Load|https://www.bleepingcomputer.com/news/microsoft/microsoft-cuts-back-more-office-365-features-to-handle-high-load/]]|O365|
|2020.03.24|//3DS Outscale//[>img[iCSF/flag_fr.png]]|[[Cybersécurité et risques liés au télétravail|https://www.globalsecuritymag.fr/3DS-Outscale-Cybersecurite-et,20200324,96966.html]]|Home_Working|
|2020.03.23|//Thousand Eyes//|[[State of Internet Health During COVID-19|https://blog.thousandeyes.com/internet-health-during-covid-19/]]|Status Outages|
===, questionnements sur Zoom+++*[»]
|2020.03.27|Forbes|[[Beware Zoom Users: Here's How People Can 'Zoom-Bomb' Your Chat|https://www.forbes.com/sites/kateoflahertyuk/2020/03/27/beware-zoom-users-heres-how-people-can-zoom-bomb-your-chat/]]|Zoom|
|2020.03.26|Vice|[[Zoom iOS App Sends Data to Facebook Even if You Don't Have a Facebook Account|https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account]]|Zoom Privacy|
|2020.03.25|//Checkpoint//[>img[iCSF/flag_fr.png]]|[[Qui regarde qui dans Zoom ? Conseils pour une utilisation de Zoom en toute sécurité|https://www.globalsecuritymag.fr/Qui-regarde-qui-dans-Zoom-Conseils,20200326,97015.html]]|Zoom Privacy|
===
!3 - Weekly Cloud and Security Watch Newsletter[>img[iCSF/inEnglish.png]]
<<tiddler [[2020.03.29 - Weekly Newsletter - March 29th]]>>
!CSA News and Updates - March 23rd to 29th
* Podcast : 'CSA STAR Certification Case Study'[>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* Blog : '7 Steps to Securing Your Remote Work Lifecycle in the Cloud'
* Blog : 'Right Questions to Ask Your Vendors in Times of Large-Scale Remote Working'
!Cloud and Security News Watch
[[Over 60 links|2020.03.29 - Veille Hebdomadaire - 29 mars]] among which:
* Reports: Exabeam
* Alerts: Kubernetes
* __Attacks__: Data Leaks, GCP incidents, Global Internet Outages Map, New doors for hackers thanks to the Cloud,
* __Miscellaneous__: COVID-19 and WFH impacts, Zoom issues and Zoom-bombing
|!⇒ [[CloudSecurityAlliance.fr/go/K3T/|https://CloudSecurityAlliance.fr/go/K3T/]] |
<<tiddler [[arOund0C]]>>
|!Mars|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.03.29|
|2020.03.29|//JumpCloud//|[[Comparing Azure AD and AD FS|https://jumpcloud.com/blog/aad-vs-adfs]]|AzureAD|
|>|>|>|!2020.03.28|
|2020.03.28|//Microsoft Azure//|![[Update #2 on Microsoft cloud services continuity|https://azure.microsoft.com/en-us/blog/update-2-on-microsoft-cloud-services-continuity/]] (2/3)|COVID-19 Azure Resilience|
|2020.03.29|The Register| → [[Microsoft reveals 775 percent Azure surge, quotas on some resources and 'significant new capacity' coming ASAP|https://www.theregister.co.uk/2020/03/29/microsoft_reveals_775_percent_azure_usage_surge_in_coronavirus_lockdown_zones/]]|COVID-19 Azure Resilience|
|2020.03.29|Silicon Angle| → [[Microsoft sees massive 775% spike in cloud services traffic|https://siliconangle.com/2020/03/29/microsoft-sees-massive-775-spike-cloud-services-traffic/]]|COVID-19 Azure Resilience|
|2020.03.30|Bleeping Computer| → [[Microsoft Cloud Services See 775% Growth As More Work Remotely|https://www.bleepingcomputer.com/news/microsoft/microsoft-cloud-services-see-775-percent-growth-as-more-work-remotely/]]|COVID-19 Azure Resilience|
|2020.03.30|JDN[>img[iCSF/flag_fr.png]]| → [[Azure : une demande en hausse de 775% dans les régions en confinement|https://www.journaldunet.com/web-tech/cloud/1490015-azure-une-demande-en-hausse-775-dans-les-regions-en-confinement/]]|COVID-19 Azure Resilience|
|2020.03.18|Enterprise Networking Planet|[[Kubernetes 1.18 Improves Networking and Security for Cloud Native|http://www.enterprisenetworkingplanet.com/datacenter/kubernetes-1.18-improves-networking-and-security-for-cloud-native.html]]|K8s|
|>|>|>|!2020.03.27|
|2020.03.27|Forbes|[[Beware Zoom Users: Here's How People Can 'Zoom-Bomb' Your Chat|https://www.forbes.com/sites/kateoflahertyuk/2020/03/27/beware-zoom-users-heres-how-people-can-zoom-bomb-your-chat/]]|Zoom|
|2020.03.27|Solutions Review|[[The Coronavirus Cloud Computing Survival Guide for Businesses|https://solutionsreview.com/cloud-platforms/the-coronavirus-cloud-computing-survival-guide-for-businesses/]]|COVID-19 Recommendations|
|2020.03.27|CIO Dive|[[Understanding Google Cloud's recent service hiccups|https://www.ciodive.com/news/google-cloud-platform-outage/575047/]]|GCP Outages|
|2020.03.30|CRN Australia| → [[Google Cloud confirms global outage|https://www.crn.com.au/news/google-cloud-confirms-global-outage-539947]]|GCP Outages|
|2020.03.27|TechRepublic|[[Why Microsoft's Office 365 has become an all-access pass for phishers to exploit|https://www.techrepublic.com/article/why-microsofts-office-365-has-become-an-all-access-pass-for-phishers-to-exploit/]]|O365 Phishing|
|2020.03.27|Security Boulevard|[[Why Traditional Security Is Failing Us, Part 2|https://securityboulevard.com/2020/03/why-traditional-security-is-failing-us-part-2/]] (2/2)|Treats|
|2020.03.27|TechBeacon|[[Why your data is safer in the cloud than on premises|https://techbeacon.com/security/why-your-data-safer-cloud-premises]]|Data|
|2020.03.27|IT Brief NZ|[[The top four cloud IT security misconfigurations and how to fix them|https://itbrief.co.nz/story/the-top-four-cloud-it-security-misconfigurations-and-how-to-fix-them]]|Misconfigurations|
|2020.03.27|NextGov|[[Microsoft Upgrades Classified Cloud Offering|https://www.nextgov.com/it-modernization/2020/03/microsoft-upgrades-classified-cloud-offering/164169/]]|Azure Government|
|2020.03.27|//Chekpoint//|[[Public Cloud - 4 Subtle Differences with Significant Security Concerns|https://blog.checkpoint.com/2020/03/27/public-cloud-4-subtle-differences-with-significant-security-concerns/]]|Public_Cloud|
|2020.03.27|//Compare the Cloud//|[[Managed Kubernetes: Understanding Your Options in the Cloud|https://www.comparethecloud.net/kubernetes/managed-kubernetes-understanding-your-options-in-the-cloud/]]|K8s|
|>|>|>|!2020.03.26|
|2020.03.26|Dark Reading|[[How to Prevent an AWS Cloud Bucket Data Leak|https://www.darkreading.com/edge/theedge/how-to-prevent-an-aws-cloud-bucket-data-leak--/b/d-id/1337093]]|Data_Leak|
|2020.03.26|Vice|[[Zoom iOS App Sends Data to Facebook Even if You Don't Have a Facebook Account|https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account]]|Zoom Privacy|
|2020.03.27|TechRadar| → [[Video calling app Zoom's iOS version is sharing user data with Facebook|https://www.techradar.com/news/video-calling-app-zooms-ios-version-is-sharing-user-data-with-facebook]]|Zoom Privacy|
|2020.03.26|DZone|[[Enabling WFH With Office 365 Requires State-of-the-Art Security and Data Backup|https://dzone.com/articles/enabling-wfh-with-office-365-requires-state-of-the]]|HomeWorking Backups|
|2020.03.26|//Optiv Security//|[[Operationalizing NSA Guidance (or any Guidance, For That Matter!)|https://www.infosecurity-magazine.com/opinions/operationalizing-nsa-guidance]]|Guidance NSA|
|2020.03.26|//Intrinsec//[>img[iCSF/flag_fr.png]]|[[Bonnes pratiques - Sécurité de votre environnement cloud|https://www.intrinsec.com/bonnes-pratiques-cloud/]]|Best_Practices|
|2020.03.26|//Tripwire//|[[The Future is Hybrid: Practicing Security in the Hybrid Cloud|https://www.tripwire.com/state-of-security/security-data-protection/cloud/future-hybrid-practicing-security-hybrid-cloud/]]|Hybrid_Cloud|
|2020.03.26|//CloudCheckr//|![[The 5 AWS Security Mistakes You Might Be Making and How to Fix Them|https://cloudcheckr.com/cloud-security/the-5-aws-security-mistakes-you-might-be-making-and-how-to-fix-them/]]|AWS Bad_Practices Misconfigurations|
|2020.03.26|//Omdia//|[[Introducing Zero-Trust Access|https://www.darkreading.com/cloud/introducing-zero-trust-access-/a/d-id/1337362]]|Zero_Trust|
|2020.03.26|//Compare the Cloud//|[[Innovation & collaboration: Recent trends in cloud security|https://www.comparethecloud.net/articles/cloud-security-trends/]]|Trends|
|2020.03.26|//ForgeRock//|[[5 IAM Capabilities You Need to Support Remote Work, Study, and Play at Scale|https://www.forgerock.com/blog/5-iam-capabilities-you-need-support-remote-work-study-and-play-scale]] (1/2)|IAM|
|>|>|>|!2020.03.25|
|2020.03.25|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Conteneurs : Microsoft développe une couche de sécurité sur Azure|https://www.silicon.fr/conteneurs-microsoft-securite-azure-336844.html]]|Azure Containers|
|2020.03.25|TL;DR Security|[[#28 - 25 Years of Fuzzing, Secrets Management, Security Questionnaires|https://tldrsec.com/blog/tldr-sec-028/]] |Weekly_Newsletter|
|2020.03.25|DZone|[[Zero-Trust for Next Generation Clouds|https://dzone.com/articles/zero-trust-for-next-generation-clouds]]|Zero_Trust|
|2020.03.25|InfoSec Mag|![[Cloud Native Threats: The Role of Infrastructure|https://www.infosecurity-magazine.com/blogs/cloud-native-threats/]]|Threats|
|2020.03.25|Help Net Security|[[How to secure customer data for SaaS success|https://www.helpnetsecurity.com/2020/03/25/saas-success/]]|SaaS|
|2020.03.25|Help Net Security|[[Cloud-native security considerations for critical enterprise workloads|https://www.helpnetsecurity.com/2020/03/25/cloud-native-security-considerations/]]|Misconfigurations|
|2020.03.25|VMblog|[[VMblog Expert Interview: Cloud Disaster Recovery Service - A Chat with Executives from JetStream Software, Cloudian and ENS-Inc|https://vmblog.com/archive/2020/03/25/vmblog-expert-interview-cloud-disaster-recovery-service-a-chat-with-executives-from-jetstream-software-cloudian-and-ens-inc.aspx]]|DRaaS|
|2020.03.25|//Checkpoint//[>img[iCSF/flag_fr.png]]|[[Qui regarde qui dans Zoom ? Conseils pour une utilisation de Zoom en toute sécurité|https://www.globalsecuritymag.fr/Qui-regarde-qui-dans-Zoom-Conseils,20200326,97015.html]]|Zoom Privacy|
|2020.03.25|//vpnMentor//|[[Report: Cloud Storage Data Breach Exposes Users' Private Information|https://www.vpnmentor.com/blog/report-datadepositbox-leak/]]|Data_Leak AWS_S3|
|2020.03.25|//Summit Route//|[[AWS SCP Best Practices|https://summitroute.com/blog/2020/03/25/aws_scp_best_practices/]]|AWS Best_Practices|
|2020.03.25|//ZScaler//|[[Multistaged Downloader Leverages Google Drive to Download Advanced Malware|https://www.zscaler.com/blogs/research/multistaged-downloader-leverages-google-drive-download-advanced-malware]]|Attacks Malware Google_Drive|
|2020.03.25|//Exabeam//|[[Exabeam Research Shows Companies are Embracing Cloud-based Security Tools, but Concerns Around Risk, Ease of Deployment Remain|https://www.exabeam.com/pr/exabeam-research-shows-companies-are-embracing-cloud-based-security-tools-but-concerns-around-risk-ease-of-deployment-remain/]]|Report Exabeam|
|2020.03.25|MSSP Alert| → [[Cloud-Based Security Tool Adoption: Latest Research Findings|https://www.msspalert.com/cybersecurity-research/cloud-based-tool-adoption/]]|Report Exabeam|
|2020.03.25|TechRepublic| → [[Organizations are moving their security to the cloud, but concerns remain|https://www.techrepublic.com/article/organizations-are-moving-their-security-to-the-cloud-but-concerns-remain/]]|Report Exabeam|
|2020.03.27|Help Net Security| → [[While many migrate security tools to the cloud, concerns remain|https://www.helpnetsecurity.com/2020/03/27/migrate-security-tools/]]|Report Exabeam|
|2020.03.25|//Microsoft Azure//|[[Keeping your cloud deployments secure during challenging times|https://azure.microsoft.com/en-us/blog/keeping-your-cloud-deployments-secure-during-challenging-times/]]|Deployment|
|2020.03.25|//Microsoft Azure//|[[Azure Dedicated Host: New capabilities and benefits|https://azure.microsoft.com/en-us/blog/azure-dedicated-host-new-capabilities-and-benefits/]]|Hosting|
|>|>|>|!2020.03.24|
|2020.03.24|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Microsoft Azure : à qui la priorité sur les ressources cloud ?|https://www.silicon.fr/microsoft-azure-priorite-cloud-336761.html]]|Azure|
|2020.03.24|Dark Reading|![[How Attackers Could Use Azure Apps to Sneak into Microsoft 365|https://www.darkreading.com/cloud/how-attackers-could-use-azure-apps-to-sneak-into-microsoft-365/d/d-id/1337399]]|Azure Attacks|
|2020.03.18|//Varonis//| ⇡ [[Using Malicious Azure Apps to Infiltrate a Microsoft 365 Tenant|https://www.varonis.com/blog/using-malicious-azure-apps-to-infiltrate-a-microsoft-365-tenant/]]|Azure Attacks|
|2020.04.01|BetaNews| → [[How Malicious Azure apps can be used to target Office 365|https://betanews.com/2020/04/01/malicious-azure-apps-attack-office-365/]]|Azure Attacks|
|2020.03.24|Dark Reasing|![[How to Secure Your Kubernetes Deployments|https://www.darkreading.com/cloud/how-to-secure-your-kubernetes-deployments/a/d-id/1337324]]|K8s Best_Practices|
|2020.03.24|Container Journal|[[Kubernetes Security: Key Factors to Consider|https://containerjournal.com/topics/container-security/kubernetes-security-key-factors-to-consider/]]|K8s|
|2020.03.24|Security Boulevard|[[A Security Audit Is Critical to Mitigate Risk|https://securityboulevard.com/2020/03/a-security-audit-is-critical-to-mitigate-risk/]]|Audit|
|2020.03.24|Beeping Computer|[[Microsoft Cuts Back More Office 365 Features to Handle High Load|https://www.bleepingcomputer.com/news/microsoft/microsoft-cuts-back-more-office-365-features-to-handle-high-load/]]|O365|
|2020.03.24|IoT for All|[[Asset Tracking with Google Cloud Platform|https://www.iotforall.com/asset-tracking-with-gcp/]]|Asset_Management|
|2020.03.24|//3DS Outscale//[>img[iCSF/flag_fr.png]]|[[Cybersécurité et risques liés au télétravail|https://www.globalsecuritymag.fr/3DS-Outscale-Cybersecurite-et,20200324,96966.html]]|Home_Working|
|2020.03.24|//Security Intelligence//|[[Do You Know Your Responsibilities When It Comes to Container Security?|https://securityintelligence.com/posts/do-you-know-your-responsibilities-when-it-comes-to-container-security/]]|Containers|
|2020.03.24|//Optiv//|[[Container Compromise to IaaS Recon|https://www.optiv.com/blog/container-compromise-iaas-recon]]|Containers Compromise|
|2020.03.24|//Alcide//|[[New Kubernetes Vulnerabilities: CVE-2020-8551, CVE-2020-8552|https://blog.alcide.io/new-kubernetes-vulnerabilities-cve-2020-855-cve-2020-8552]]|K8s Flaws|
|2020.03.24|//Panorays//|[[The Future of Cloud Security: Challenges, Trends and Solutions |https://www.panorays.com/blog/the-future-of-cloud-security-challenges-trends-and-solutions/]]|Challenges Trends CAIQ|
|>|>|>|!2020.03.23|
|2020.03.23|Washington Post|[[How the cloud has opened new doors for hackers|https://www.washingtonpost.com/technology/2020/03/02/cloud-hack-problems/]]||
|2020.03.23|ComputerWeekly|![[The AWS bucket list: Keep your cloud secure|https://www.computerweekly.com/feature/The-AWS-bucket-list-Keep-your-cloud-secure]]|AWS|
|2020.03.23|CBR Online|[[New Global Internet Outages Map: "Concerning" Rise in ISP Outages|https://www.cbronline.com/news/global-internet-outages-map]]|Outages|
|2020.03.23|Tal Maor|[[Lateral Movement Graph for Azure AD|https://medium.com/@talthemaor/lateral-movement-graph-for-azure-ad-7c5e0136e2d8]]|AzureAD Attacks|
|2020.03.23|//Varonis//|[[How to Connect to Office 365 PowerShell: Azure AD Modules|https://www.varonis.com/blog/connect-to-office-365-powershell/]]|AzureAD PowerShell|
|2020.03.23|CIO[>img[iCSF/flag_fr.png]]|[[Cloud public : la sécurité reste un frein|https://www.cio-online.com/actualites/lire-cloud-public-la-securite-reste-un-frein-12045.html]]|Report|
|2020.03.23|//Thousand Eyes//|[[State of Internet Health During COVID-19|https://blog.thousandeyes.com/internet-health-during-covid-19/]]|Status Outages|
|2020.03.23|//IONOS//[>img[iCSF/flag_fr.png]]|[[Sécurité accrue pour les conteneurs et les Kubernetes avec les filtres syscall|https://www.globalsecuritymag.fr/Securite-accrue-pour-les,20200323,96930.html]]|Containers Kubernetes|
|2020.03.23|//Cisco//|[[Understanding the Shared Responsibility Model: Securing Public Cloud Just Got Easier|https://blogs.cisco.com/security/understanding-the-shared-responsibility-model-securing-public-cloud-just-got-easier]]|Public_Cloud Shared_Responsibility|
|2020.03.23|//Compare the Cloud//|[[Reasons for the hybrid cloud: disaster recovery and cost|https://www.comparethecloud.net/articles/reasons-for-the-hybrid-cloud-disaster-recovery-and-cost/]]|DRP Hybrid_Cloud|
|2020.03.23|//CloudCheckr//|[[Government Clouds for Federal Agencies: The Public Sector Guide to IaaS Success|https://cloudcheckr.com/document/white-paper-public-cloud-success/]]|Government|
|2020.03.23|//Microsoft Azure//|[[Azure security best practices and patterns|https://docs.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns]]|Azure Best_Practices|
!"//7 Steps to Securing Your Remote Work Lifecycle in the Cloud//"
[>img(150px,auto)[iCSA/K3RB7.jpg]]Article de blog publié le 27 mars 2020 — Rédigé par Martin JohnsonVP Marketing at Polyrize+++*[»]> https://www.polyrize.com/ ===
<<<
//Current global events and government mandates are forcing many organizations that have not, to date, encouraged remote work to suddenly allow their employees en masse to make a quick, often chaotic scramble for the exit and into the safety of their own homes. Typically, that means an unplanned migration to business-enablement cloud apps and services, even before security measures have been fully established. So, it is important, as soon as the dust settles, for those same organizations to then look to ensure that they are establishing formal processes to secure the entire remote work lifecycle in the cloud. In all probability, remote work will become the new normal, and a growing attack vector, even after the current crisis passes.
As many companies who have allowed remote work for a while know, as employees move outside of the network perimeter and into the cloud, so too does your business-critical data, and, unfortunately, your employees' risky collaboration and bad file sharing habits. Cloud email, file sharing, instant messaging, and collaboration are critical to facilitate remote work, but organizations need to ensure that use of these apps is managed in a way that protects their business-critical resources by preventing account takeovers and data leakage.
This means making sure cloud users are only granted up-front the least amount of privileges within those services needed to do their specific jobs; that resource sharing is limited to specific groups to prevent external oversharing while employees and contractors do their work; and that remote offboarding is a quick, efficient, and thorough process when they leave.
To that end, it is recommended that you take the following 7 steps to secure your remote work lifecycle with respect to leveraging cloud services:
* ''STEP 1: Segregate your cloud workflows by group, department or location'' to determine what apps and resources they and their associated employees and contractors need to do their jobs. If possible, roll-out new cloud services incrementally for remote access, allowing only a manageable number of individuals from each group to try out the app and their associated access privileges before full deployment.
* ''STEP 2: Adhere to the principle of least privilege access'' by ensuring employees have the minimum access privileges needed to do their job. For example, consultants shouldn't have unfettered access to customer PII and interns shouldn't have access to sensitive engineering documents and IP. It also means placing controls on privileged users of both SaaS and IaaS services to prevent them from abusing admin privileges for non-admin related activities that can place your organization at high risk. In addition, you should eliminate unused or stale permissions of employees and external contractors to effectively reduce your attack surface by minimizing the risk of account takeovers and data loss.
* ''STEP 3: Ensure your business-critical resources are protected with MFA''. This means identifying and consolidating your business-critical resources within IT-sanctioned cloud apps that have been fully vetted for MFA support, as well as PII security controls, SOC-2 compliance, encryption support, etc.
* ''STEP 4: Make sure that file and folder sharing permissions within your sanctioned apps are restricted within specific groups'', depending on usage. This will help prevent accidental oversharing of business-critical data. Realize that a sensitive file carelessly dropped into a folder with overly-broad sharing rights will inherit those same rights and be automatically exposed.
* ''STEP 5: Implement cloud DLP policies'' to provide a last line of defense against the leakage of business-critical data. This includes placing strict controls on externally sharing sensitive files, especially those containing PII, PCI and PHI, with contractors and on copying files to personal accounts.
* ''STEP 6: Set up processes for off-boarding remote employees and contractors''. This process can be a challenge since many cloud services are managed outside of your SSO. Adopting a unified, cross-service access control solution that allows you to identify and revoke permissions when employees or contractors leave the company is recommended.
* ''STEP 7: Reprioritize security team resources to cloud data protection'', focused on preventing data leakage and account takeovers.
Ultimately, with few exceptions, all organizations will need to accept the fact that remote work is here to stay, and that cloud apps and services are critical to making it work effectively. Reorienting your employees, security teams, and processes to that new reality is critical to reducing your remote-work attack surface and ensuring that your business remains secure against the financial, reputational, and compliance related impact of cloud account takeovers and data loss throughout the remote work lifecycle//
[...]
<<<
__Liens :__
* Article sur le site de la CSA ⇒ ''[[CloudSecurityAlliance.fr/go/k3rx/|https://CloudSecurityAlliance.fr/go/k3rx/]]'', et sur celui de Polyrize ⇒ ''[[CloudSecurityAlliance.fr/go/k3rz/|https://CloudSecurityAlliance.fr/go/k3rz/]]''
!"//The Right Questions to Ask Your Vendors in Times of Large-Scale Remote Working//"
[>img(150px,auto)[iCSA/K3QBT.jpg]]Article de blog publié le 26 mars 2020 — Rédigé par Elad Shapira+++*[»]> https://www.linkedin.com/in/eladshapira/ ===, Head of Security, Panorays+++*[»]> https://www.panorays.com/ ===
Il propose des critères d'évaluation des fournisseurs, répartis en 18 questions dans 4 catégories : généralités, authentification et autorisation, résilience et continuité d'activités, procédure et processus.
<<<
//In the wake of coronavirus, companies are now applying immediate work-from-home policies. This sudden and massive change poses a set of new cybersecurity risks and is forcing security teams to take immediate action.
One of these cybersecurity risks emanates from the supply chain. While a large company may be able to quickly undergo the transition from a relatively concentrated workforce to a large-scale remote workforce, its supply chain partners may not.
In an effort to ensure the cyber resilience of the supply chain during these turbulent times, Panorays has readily made available the related vendor evaluation criteria, broken down to 18 questions. Companies are welcome to use these questions to assess their vendors' preparedness for work from home.
!!1 - General
# Do you already have remote work practices and policies?
# How many of your employees already have remote work capabilities?
# How much of your day-to-day activity is suitable for remote working today?
# What is your remote access mechanism?
# Which client devices are allowed to access your digital assets remotely?
!!2 - Authentication and Authorization
# Do you enforce 2FA for employees with remote work capabilities?
# Do you enforce strong passwords for all employees with remote work capabilities?
!!3 - Resilience and Business Continuity
# Is your network structured to support remote access for all of your employees?
# Do you expect operational problems or negative impact to your service due to remote access?
# Do you expect the pre-agreed SLA might be breached?
# Do you backup regularly and require your employees to use and save files only on company-related places (such as internal Google Drive or dedicated services)?
# Do you have redundant inbound connectivity for your facilities / internal systems?
!!4 - Procedure and Processes
# Do you train your employees with dedicated security awareness for working in public places such as coffee shops or restaurants? In particular, are they instructed to leave the end point station locked and verify use of a secure Wi-Fi network such as by using an employee's mobile phone?
# Did you train your employees with respect to the above procedures / processes before allowing remote working?
# Do you have clear procedures / processes / controls in place for verifying the authenticity of communications (email, phone, IM) with respect to activities such as fund transfers, account creation, account reset, etc.?
# Do you have a security solution protecting the end point stations (anti virus, EDR etc)?
# Do you have tools or procedures to support remote patch management for your servers, services and end-points?
# Do you have a secure manner of communication between employees working remotely?
These questions will help companies assess the cybersecurity risk emanating from their suppliers that have adopted work-from-home practices. It's important to note that considering the sudden shift in business behavior, the regular spreadsheet evaluation process will not work, considering the time and human effort it requires. As such, automation of the process is essential. Doing so will allow companies to easily add questions without the need to resend the full questionnaire, track progress, measure and quickly calculate risk levels. Most of all, it will allow companies to quickly and easily scale this process to ensure their security policy is enforced throughout the supply chain. //
[...]
<<<
__Lien :__
* blog original en anglais ⇒ ''[[CloudSecurityAlliance.fr/go/k3kb/|https://CloudSecurityAlliance.fr/go/k3kb/]]''
!"//CSA STAR Certification Case Study//"
[>img(150px,auto)[iCSA/CSAsecUpd.jpg]]Podcast de la série "[[CSA Security Update]]" publié le 25 mars 2020 — Invité : Larry Greenblatt, CISSP, CCSP; Information Security Specialist chez QAD
<<<
//The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.
The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.
Listen as we interview Larry Greenblatt, Information Security Specialist at QAD as he takes us through his journey to CSA STAR Certification from business case to implementation to through the audit process as well as discussing the ROI and the importance the maturity evaluation and how this has facilitated improving their business overall.//
<<<
__Liens :__
* Annonce → https://www.buzzsprout.com/303731/3118498-csa-star-certification-case-study-guest-larry-greenblatt-cissp-ccsp-information-security-specialist-at-qad
* Podcast → https://www.buzzsprout.com/303731/3118498-csa-star-certification-case-study-guest-larry-greenblatt-cissp-ccsp-information-security-specialist-at-qad.mp3
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #56|2020.03.22 - Newsletter Hebdomadaire #56]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #56|2020.03.22 - Weekly Newsletter - #56]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.03.22 - Newsletter Hebdomadaire #56]]>> |<<tiddler [[2020.03.22 - Weekly Newsletter - #56]]>> |
!Newsletter Hebdomadaire Cloud et Sécurité - 16 au 22 mars 2020
!!1 - Informations CSA
* Ouverture de la plateforme collaborative [[CSA Circle]] pour le Chapitre Français+++*[»]> <<tiddler [[2020.03.19 - Ouverture de la plateforme collaborative CSA Circle]]>>===
* Blog : Continuous Auditing and Continuous Certification+++*[»]> <<tiddler [[2020.03.20 - Blog : Continuous Auditing and Continuous Certification]]>>===
* Ouverture des inscriptions pour la conférence SECtember+++*[»]> <<tiddler [[2020.03.16 - Ouverture des inscriptions pour la conférence SECtember]]>>===
* Webinar: 'Top 5 Latest Cloud Security Hacks and How You Can Avoid Them'+++*[»]> <<tiddler [[2020.03.17 - Webinar : 'Top 5 Latest Cloud Security Hacks and How You Can Avoid Them']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.03.22 - Veille Hebdomadaire - 22 mars]] avec plus d'une soixantaine de liens dont :
* __''À lire''__ : Sécurisation des comptes AWS+++*[»]
|2020.03.20|//AWS//|![[Top 10 security items to improve in your AWS account|https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/]]|AWS Best_Practices|
===
* Etudes et rapports : Firemon+++*[»]
|2020.03.18|The Last Watchdog|[[FireMon survey shows security lags behind fast pace of hybrid cloud deployments|https://www.lastwatchdog.com/shared-intel-firemon-survey-shows-security-lags-behind-fast-pace-of-hybrid-cloud-deployments/]]|Survey Firemon|
===
* Supervision : les flux latéraux (Est-Ouest)+++*[»]
|2020.03.18|//Lastline//|![[Why Monitoring East-West Traffic is Crucial for Cloud Security|https://www.lastline.com/blog/why-monitoring-east-west-traffic-is-crucial-for-cloud-security/]]|Strategy Monitoring|
===
* __Attaques__ : nouvelles attaques conre O365+++*[»]>
|2020.03.20|Solutions Numériques[>img[iCSF/flag_fr.png]]|[[Nouveau vecteur d'attaque : Office 365 ciblé par des applications Azure malveillantes|https://www.solutions-numeriques.com/nouveau-vecteur-dattaque-office-365-cible-par-des-applications-azure-malveillantes/]]|O365 Attacks|
===, et Docker+++*[»]>
|2020.03.17|H4CKarandas|[[Hacking Docker Remotely|https://hackarandas.com/blog/2020/03/17/hacking-docker-remotely/]]|Docker |
===
* Fuites de données : aux Etats-Unis+++*[»]>
|2020.03.20|CyberNews|[[Report: unidentified database exposes 200 million Americans|https://cybernews.com/security/report-unidentified-database-exposes-200-million-americans/]]|Data_Leak|
|2020.03.20|Dark Reading| → [[200M Records of US Citizens Leaked in Unprotected Database|https://www.darkreading.com/cloud/200m-records-of-us-citizens-leaked-in-unprotected-database/d/d-id/1337377]]|Data_Leak|
|2020.03.20|Forbes| → [[Beware - This Open Database On Google Cloud 'Exposes 200 Million Americans': Are You At Risk?|https://www.forbes.com/sites/zakdoffman/2020/03/20/stunning-new-google-cloud-breach-hits-200-million-us-citizens-check-here-if-youre-now-at-risk/]]|Data_Leak|
===, au Royaume-Uni (2 cas)+++*[»]>
|2020.03.20|//vpnMentor//|[[Report: British Printing Press Leaks Confidential Material & More|https://www.vpnmentor.com/blog/report-doxzoo-leak/]]|Data_Leak AWS|
|2020.03.20|Security Week| → [[UK Printing Company Exposed Military Documents|https://www.securityweek.com/uk-printing-company-exposed-military-documents]]|Data_Leak AWS|
|>|>|>||
|2020.03.19|//Service Discovery//|[[A UK-based Security Company Seemed To Have Inadvertently Exposed Its 'Leaks Database' with 5B+ Records|https://securitydiscovery.com/data-breach-database-data-breach/]]|Data_Leak ElasticSearch Keepnet_Labs|
|2020.03.21|Security Week| → [[Unprotected Database Exposed 5 Billion Previously Leaked Records|https://www.securityweek.com/unprotected-database-exposed-5-billion-previously-leaked-records]]|Data_Leak ElasticSearch Keepnet_Labs|
===, et ailleurs+++*[»]>
|2020.03.17|//vpnMentor//|[[Report: Two Corporate Finance Companies Leak Half a Million Legal and Financial Documents Online|https://www.vpnmentor.com/blog/report-mca-wizard-leak/]]|Data_Leak|
|2020.03.17|Security Week| → [[Financial Services Firms Exposed 500,000 Sensitive Documents|https://www.securityweek.com/financial-services-firms-exposed-500000-sensitive-documents]]|Data_Leak AWS_S3|
|2020.03.17|Dark Reading| → [[500,000 Documents Exposed in Open S3 Bucket Incident|https://www.darkreading.com/cloud/500000-documents-exposed-in-open-s3-bucket-incident/d/d-id/1337343]]|Data_Leak AWS_S3|
===
* Vulnérabilité corrigée : sur Azure (il y a 8 mois)+++*[»]>
|2020.03.18|//CyberArk//|[[I Know What Azure Did Last Summer|https://www.cyberark.com/threat-research-blog/i-know-what-azure-did-last-summer/]]|Azure Portal Flaw|
|2020.03.18|//Threatpost//| → [[Azure Red Flag: Microsoft Accidentally Fixes Cloud Config 'Bug'|https://threatpost.com/azure-red-flag-microsoft-fixes-cloud-config-bug/153928/]]|Azure Portal Flaw|
===
* Outils : MSOLSpray+++*[»]>
|2020.03.16|Beau Bullock|[[MSOLSpray: a password spraying tool for Microsoft Online accounts (Azure/O365)|https://github.com/dafthack/MSOLSpray]]|[[Tools|Outils-GitHub]] Aeure O365|
===, bibliothèque d'alertes Sentinel et capagnes de recherches basées sur Sysmon et ATT&CK+++*[»]>
|2020.03.19|Hakin9|[[Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework|https://hakin9.org/repository-of-sentinel-alerts-and-hunting-queries-leveraging-sysmon-and-the-mitre-attck-framework/]]|Sentinel ATT&CK|
||GitHub| → [[Sentinel Attack|https://github.com/BlueTeamLabs/sentinel-attack/wiki/Deploying-sentinel-ATT&CK-analytics]]|[[Tools|Outils-GitHub]] Sentinel ATT&CK|
===
* __Divers__ : Garantie de service et engagement de résilience de prestataires de services Cloud+++*[»]>
|2020.03.21|//Microsoft Azure//|[[Our commitment to customers and Microsoft cloud services continuity|https://azure.microsoft.com/en-us/blog/our-commitment-to-customers-and-microsoft-cloud-services-continuity/]] (1/3)|Azure Resilience|
|2020.03.19|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Office 365 : Microsoft active des leviers de résilience|https://www.silicon.fr/office-365-microsoft-resilience-336497.html]]|COVID-19 O365|
|2020.03.18|Bleeping Computer|[[Microsoft Scales Back Office 365 Features to Handle High Loads|https://www.bleepingcomputer.com/news/microsoft/microsoft-scales-back-office-365-features-to-handle-high-loads/]]|O365|
|2020.03.16|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Coronavirus : quelles garanties chez les fournisseurs de Cloud ?|https://www.silicon.fr/coronavirus-fournisseurs-cloud-336217.html]]|Resilience|
===
|!⇒ [[CloudSecurityAlliance.fr/go/K3M/|https://CloudSecurityAlliance.fr/go/K3M/]] |
<<tiddler [[arOund0C]]>>
!Weekly Cloud and Security Watch Newsletter - March 16th to 22nd
!!CSA News and Updates
* The French Chapter workspace is now available on the CSA 'Circle' portal+++*[»]> <<tiddler [[2020.03.19 - Ouverture de la plateforme collaborative CSA Circle]]>>===
* Blog : Continuous Auditing and Continuous Certification+++*[»]> <<tiddler [[2020.03.20 - Blog : Continuous Auditing and Continuous Certification]]>>===
* Registration opens for the SECtember conference+++*[»]> <<tiddler [[2020.03.16 - Ouverture des inscriptions pour la conférence SECtember]]>>===
* Webinar: 'Top 5 Latest Cloud Security Hacks and How You Can Avoid Them'+++*[»]> <<tiddler [[2020.03.17 - Webinar : 'Top 5 Latest Cloud Security Hacks and How You Can Avoid Them']]>>===
!!Cloud and Security News Watch
[[Over 60 links|2020.03.22 - Veille Hebdomadaire - 22 mars]] among which:
* Top 10 security items to improve in your AWS account+++*[»]>
|2020.03.20|//AWS//|![[Top 10 security items to improve in your AWS account|https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/]]|AWS Best_Practices|
===
* Reports: Firemon+++*[»]>
|2020.03.18|The Last Watchdog|[[FireMon survey shows security lags behind fast pace of hybrid cloud deployments|https://www.lastwatchdog.com/shared-intel-firemon-survey-shows-security-lags-behind-fast-pace-of-hybrid-cloud-deployments/]]|Survey Firemon|
===
* Monitoring: East-West Traffic Crucial for Cloud Security
* __Attacks__: O365 as a target, Hacking Docker remotely
* Data leaks: 200M Records of US Citizens, UK Printing Press and UK Printing Company, Financial documents exposed in open S3 bucket
* Tools: MSOLSpray for password spraying, Repository of Sentinel alerts and hunting queries leveraging Sysmon and the MITRE ATT&CK framework
* __Miscellaneous__: CSPs commitment to customers and services continuity
|!⇒ [[CloudSecurityAlliance.fr/go/K3M/|https://CloudSecurityAlliance.fr/go/K3M/]] |
<<tiddler [[arOund0C]]>>
|!Mars|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.03.22|
|2020.03.22|Cloud Security podcast|[[HASHICORP, Working Remotely, Incident Response, AWS Cloud Native - Will Bengston|https://anchor.fm/cloudsecuritypodcast/episodes/HASHICORP--Working-Remotely--Incident-Response--AWS-Cloud-Native---Will-Bengston-ebpa0f]]|Podcast|
|>|>|>|!2020.03.21|
|2020.03.21|//Microsoft Azure//|[[Our commitment to customers and Microsoft cloud services continuity|https://azure.microsoft.com/en-us/blog/our-commitment-to-customers-and-microsoft-cloud-services-continuity/]] (1/3)|Azure Resilience|
|2020.03.21|//Delta Risk//|[[Microsoft Defender ATP and ActiveEye Integration Makes it Easier to Detect Threats|https://deltarisk.com/blog/microsoft-defender-atp-and-activeeye-integration-makes-it-easier-to-detect-threats/]]|Detection|
|>|>|>|!2020.03.20|
|2020.03.20|Solutions Numériques[>img[iCSF/flag_fr.png]]|[[Nouveau vecteur d'attaque : Office 365 ciblé par des applications Azure malveillantes|https://www.solutions-numeriques.com/nouveau-vecteur-dattaque-office-365-cible-par-des-applications-azure-malveillantes/]]|O365 Attacks|
|2020.03.20|CyberNews|[[Report: unidentified database exposes 200 million Americans|https://cybernews.com/security/report-unidentified-database-exposes-200-million-americans/]]|Data_Leak|
|2020.03.20|Dark Reading| → [[200M Records of US Citizens Leaked in Unprotected Database|https://www.darkreading.com/cloud/200m-records-of-us-citizens-leaked-in-unprotected-database/d/d-id/1337377]]|Data_Leak|
|2020.03.20|Forbes| → [[Beware - This Open Database On Google Cloud 'Exposes 200 Million Americans': Are You At Risk?|https://www.forbes.com/sites/zakdoffman/2020/03/20/stunning-new-google-cloud-breach-hits-200-million-us-citizens-check-here-if-youre-now-at-risk/]]|Data_Leak|
|2020.03.24|CISO Mag| → [[Unidentified Database Exposes 800 GB of Americans' Personal Records|https://www.cisomag.com/unidentified-database-exposes-800-gb-of-americans-personal-records/]]|Data_Leak|
|2020.03.20|Cyber Defense Magazine|[[Conquering the Cyber Security Challenges of The Cloud|http://www.cyberdefensemagazinebackup.com/conquering-the-cyber-security-challenges-of-the-cloud/]]|Challenges|
|2020.03.20|IT Web|[[Hasty cloud adoption increases companies' risk profile|https://www.itweb.co.za/content/KzQenqjVd8lqZd2r]]|Risks|
|2020.03.20|//vpnMentor//|[[Report: British Printing Press Leaks Confidential Material & More|https://www.vpnmentor.com/blog/report-doxzoo-leak/]]|Data_Leak AWS|
|2020.03.20|Security Week| → [[UK Printing Company Exposed Military Documents|https://www.securityweek.com/uk-printing-company-exposed-military-documents]]|Data_Leak AWS|
|2020.03.20|SC Magazine| → [[UK printer's S3 Bucket exposes military documents, AWS issues patch|https://www.scmagazineuk.com/uk-printers-s3-bucket-exposes-military-documents-aws-issues-patch/article/1677806]]|Data_Leak AWS|
|2020.03.20|//NakedSecurity//|[[Exchange rate service's customer details hacked via AWS|https://nakedsecurity.sophos.com/2020/03/20/exchange-rate-services-customer-details-hacked-via-aws/]]|Data_Leak AWS|
|2020.03.20|//Cloud Academy//|[[The 12 AWS Certifications: Which is Right for You and Your Team?|https://cloudacademy.com/blog/choosing-the-right-aws-certification/]]|Training|
|2020.03.20|//Hunton//|[[Irish DPA Issues Guidance to Secure Cloud-Based Environments|https://www.huntonprivacyblog.com/2020/03/20/irish-dpa-issues-guidance-to-secure-cloud-based-environments/]]|Privacy Guidance Ireland|
|2020.03.20|//Palo Alto Networks//|[[The Best Method to Secure the Cloud Starts Offline|https://blog.paloaltonetworks.com/2020/03/cloud-secure-the-cloud/]]|Misc|
|2020.03.20|//ProtonMail//|[[Using Zoom? Here are the privacy issues you need to be aware of|https://protonmail.com/blog/zoom-privacy-issues/]]|Zoom Privacy|
|2020.03.20|//AWS//|![[Top 10 security items to improve in your AWS account|https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/]]|AWS Best_Practices|
|2020.03.20|//Microsoft Azure//|[[Azure PowerShell Docker image|https://techcommunity.microsoft.com/t5/azure-tools/azure-powershell-docker-image/ba-p/1242407]]|Azure Docker|
|>|>|>|!2020.03.19|
|2020.03.19|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Office 365 : Microsoft active des leviers de résilience|https://www.silicon.fr/office-365-microsoft-resilience-336497.html]]|COVID-19 O365|
|2020.03.19|The Register|[[NASA to launch 247 petabytes of data into AWS - but forgot about eye-watering cloudy egress costs before lift-off|https://www.theregister.co.uk/2020/03/19/nasa_cloud_data_migration_mess/]]|Misc|
|2020.03.19|Cyber Defense Magazine|[[Create Remote User Deployments and Security Nearly Instantly with Secure Desktop as a Service (DaaS)|https://www.cyberdefensemagazine.com/create-remote-user-deployments-and-security-nearly-instantly-with-secure-desktop-as-a-service-daas/]]|DaaS|
|2020.03.19|Hakin9|[[Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework|https://hakin9.org/repository-of-sentinel-alerts-and-hunting-queries-leveraging-sysmon-and-the-mitre-attck-framework/]]|Sentinel ATT&CK|
||GitHub| → [[Sentinel Attack|https://github.com/BlueTeamLabs/sentinel-attack/wiki/Deploying-sentinel-ATT&CK-analytics]]|[[Tools|Outils-GitHub]] Sentinel ATT&CK|
|2020.03.19|//Microsoft Azure//|[[Microsoft Teams at 3: Everything you need to connect with your teammates and be more productive |https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/19/microsoft-teams-3-everything-you-need-connect-teammates-be-more-productive/]]|COVID-19 Teams|
|2020.03.19|GeekWire| → [[Microsoft Teams hits 44M daily active users, spiking 37% in one week amid remote work surge|https://www.geekwire.com/2020/microsoft-teams-hits-44m-users-huge-37-growth-spike-1-week-amid-remote-work-surge/]]|COVID-19 Teams|
|2020.03.19|//Service Discovery//|[[A UK-based Security Company Seemed To Have Inadvertently Exposed Its 'Leaks Database' with 5B+ Records|https://securitydiscovery.com/data-breach-database-data-breach/]]|Data_Leak ElasticSearch Keepnet_Labs|
|2020.03.21|Security Week| → [[Unprotected Database Exposed 5 Billion Previously Leaked Records|https://www.securityweek.com/unprotected-database-exposed-5-billion-previously-leaked-records]]|Data_Leak ElasticSearch Keepnet_Labs|
|2020.03.19|//Threatpost//|[[Cloud Misconfig Mistakes Show Need For DevSecOps|https://threatpost.com/cloud-misconfig-devsecops/153921/]]|Misconfigurations DevSecOps|
|2020.03.19|//Fugue//|[[Cloud Security for Newly Distributed Engineering Teams|https://www.fugue.co/blog/cloud-security-for-newly-distributed-engineering-teams]]|Best_Practices Remote_Security|
|2020.03.19|//Palo Alto Networks//|[[Do MSSPs Have What it Takes to Win Today's Cybersecurity War?|https://blog.paloaltonetworks.com/2020/03/network-mssps/]]|MSSPs|
|2020.03.19|//Caylent//|![[50+ Useful Kubernetes Tools List - Part 2|https://caylent.com/50-useful-kubernetes-tools-list-part-2]]|K8s Tools|
|>|>|>|!2020.03.18|
|2020.03.18|TL;DR Security|[[#27 - AppSec Weekly, SOC2 Starting Seven, Save Encryption|https://tldrsec.com/blog/tldr-sec-027/]] |Weekly_Newsletter|
|2020.03.18|Bleeping Computer|![[Microsoft Scales Back Office 365 Features to Handle High Loads|https://www.bleepingcomputer.com/news/microsoft/microsoft-scales-back-office-365-features-to-handle-high-loads/]]|O365|
|2020.03.18|Solutions Review|[[Flexera: 68 Percent of CIOs Worry About Vendor Lock-In with Public Cloud|https://solutionsreview.com/cloud-platforms/flexera-68-percent-of-cios-worry-about-vendor-lock-in-with-public-cloud/]] ([[rapport|https://info.flexera.com/SLO-REPORT-CIO-Priorities-2020]])|Survey|
|2020.03.18|The Last Watchdog|[[FireMon survey shows security lags behind fast pace of hybrid cloud deployments|https://www.lastwatchdog.com/shared-intel-firemon-survey-shows-security-lags-behind-fast-pace-of-hybrid-cloud-deployments/]]|Survey Firemon|
|2020.03.18|//Varonis//|![[Using Malicious Azure Apps to Infiltrate a Microsoft 365 Tenant|https://www.varonis.com/blog/using-malicious-azure-apps-to-infiltrate-a-microsoft-365-tenant/]]|Azure Attacks|
|2020.03.18|//Lastline//|![[Why Monitoring East-West Traffic is Crucial for Cloud Security|https://www.lastline.com/blog/why-monitoring-east-west-traffic-is-crucial-for-cloud-security/]]|Strategy Monitoring|
|2020.03.18|//CyberArk//|[[I Know What Azure Did Last Summer|https://www.cyberark.com/threat-research-blog/i-know-what-azure-did-last-summer/]]|Azure Portal Flaw|
|2020.03.18|//Threatpost//| → [[Azure Red Flag: Microsoft Accidentally Fixes Cloud Config 'Bug'|https://threatpost.com/azure-red-flag-microsoft-fixes-cloud-config-bug/153928/]]|Azure Portal Flaw|
|2020.03.18|//Forcepoint//|[[SaaS Security: Prioritizing Security During a Time of Social Distancing|https://www.forcepoint.com/blog/insights/prioritizing-saas-security-during-social-distancing]]|SaaS|
|2020.03.18|//Tuffin//[>img[iCSF/flag_fr.png]]|[[Sécuriser les environnements de cloud hybrides : un impératif stratégique|https://www.globalsecuritymag.fr/Securiser-les-environnements-de,20200319,96798.html]]|Hybrid_Cloud|
|2020.03.18|//Cloud Management Insider//|[[CSA Invites Professionals To Review Cloud Control Matrix v4|https://www.cloudmanagementinsider.com/csa-invites-professionals-to-review-cloud-control-matrix-v4/]]|CSA|
|2020.03.18|//Kinvolk//|[[Writing Kubernetes network policies with Inspektor Gadget's Network Policy Advisor|https://kinvolk.io/blog/2020/03/writing-kubernetes-network-policies-with-inspektor-gadgets-network-policy-advisor/]]|K8s Network_Policy|
|2020.03.18|//NetSPI//|[[Gaining AWS Console Access via API Keys|https://blog.netspi.com/gaining-aws-console-access-via-api-keys/]]|AWS APIs|
|>|>|>|!2020.03.17|
|2020.03.17|H4CKarandas|[[Hacking Docker Remotely|https://hackarandas.com/blog/2020/03/17/hacking-docker-remotely/]]|Docker|
|2020.03.17|Lawfare|[[Better to Be Realistic About the Security Opportunities of Cloud Computing|https://www.lawfareblog.com/better-be-realistic-about-security-opportunities-cloud-computing]]|Cyberspace_Solarium|
|2020.03.17|DZone|[[Set Up An Amazon Elasticsearch Service Domain Using A VPC With VPN|https://dzone.com/articles/set-up-an-amazon-elasticsearch-service-domain-usin]]|Misc|
|2020.03.17|Security Boulevard|[[Why Traditional Security Is Failing Us|https://securityboulevard.com/2020/03/why-traditional-security-is-failing-us/]] (1/2)|Treats|
|2020.03.17|Tal Maor|[[Moving laterally between Azure AD joined machines|https://medium.com/@talthemaor/moving-laterally-between-azure-ad-joined-machines-ed1f8871da56]]|AzureAD Attacks|
|2020.03.17|//Security Intelligence//|[[Grow Your Business With an Evolving Cloud Security Strategy|https://securityintelligence.com/posts/grow-your-business-with-an-evolving-cloud-security-strategy/]]|Strategy|
|2020.03.17|//vpnMentor//|[[Report: Two Corporate Finance Companies Leak Half a Million Legal and Financial Documents Online|https://www.vpnmentor.com/blog/report-mca-wizard-leak/]]|Data_Leak|
|2020.03.17|Security Week| → [[Financial Services Firms Exposed 500,000 Sensitive Documents|https://www.securityweek.com/financial-services-firms-exposed-500000-sensitive-documents]]|Data_Leak AWS_S3|
|2020.03.17|Dark Reading| → [[500,000 Documents Exposed in Open S3 Bucket Incident|https://www.darkreading.com/cloud/500000-documents-exposed-in-open-s3-bucket-incident/d/d-id/1337343]]|Data_Leak AWS_S3|
|2020.03.17|SC Magazine|[[Secure Access Service Edge (SASE) - key points for early adopters|https://www.scmagazine.com/home/opinion/secure-access-service-edge-sase-key-points-for-early-adopters/]]|SASE|
|2020.03.17|//Cloudnaut//|[[Advanced AWS Networking: Pitfalls That You Should Avoid|https://cloudonaut.io/advanved-aws-networking-pitfalls-that-you-should-avoid/]]|AWS Networking|
|2020.03.17|//Forcepoint//|[[SASE: What is its impact today, and where do we go from here?|https://www.forcepoint.com/blog/insights/forcepoint-converged-security-gartner-sase-impact]]|SASE|
|2020.03.17|//UpGuard//|[[What is Zero Trust? A Model for More Effective Security|[https://www.upguard.com/blog/zero-trust]]|Zero_Trust|
|2020.03.17|//OVHcloud//|[[Managing Harbor at cloud scale : The story behind Harbor Kubernetes Operator|https://www.ovh.com/blog/managing-harbor-at-cloud-scale-the-story-behind-harbor-kubernetes-operator/]]|K8s Harbor_Project|
|2020.03.17|//Rancher//|[[Enhancing Kubernetes Security with Pod Security Policies, Part 2|https://rancher.com/blog/2020/pod-security-policies-part-2/]] (2/2)|K8s|
|2020.03.17|//Barracuda Networks//[>img[iCSF/flag_fr.png]]|[[Les entreprises sont responsables de leur protection Cloud|https://www.globalsecuritymag.fr/Les-entreprises-sont-responsables,20200317,96734.html]]|Governance|
|2020.03.17|//Quest//[>img[iCSF/flag_fr.png]]|[[Sauvegardes dans le cloud : Mimikatz vient en aide aux cybercriminels|https://www.globalsecuritymag.fr/Sauvegardes-dans-le-cloud-Mimikatz,20200309,96463.html]]|Risks Backups|
|>|>|>|!2020.03.16|
|2020.03.16|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Coronavirus : quelles garanties chez les fournisseurs de Cloud ?|https://www.silicon.fr/coronavirus-fournisseurs-cloud-336217.html]]|Resilience|
|2020.03.16|TechBeacon|[[How a zero-trust approach can protect your cloud resources|https://techbeacon.com/security/how-zero-trust-approach-can-protect-your-cloud-resources]]|Zero_Trust|
|2020.03.16|Beau Bullock|[[MSOLSpray: a password spraying tool for Microsoft Online accounts (Azure/O365)|https://github.com/dafthack/MSOLSpray]]|[[Tools|Outils-GitHub]] Aeure O365|
|2020.03.16|//Microsoft Azure//|[[Azure Container Registry: Preview of customer-managed keys|https://azure.microsoft.com/en-us/blog/azure-container-registry-preview-of-customer-managed-keys/]]|Azure Containers Registry|
|2020.03.16|//FNTS//|[[How to leverage DRaaA to avoid costly outages|https://info.fnts.com/blog/how-to-leverage-draas-to-avoid-costly-outages]]|DRaaS|
|2020.03.16|//Aqua Security//|[[Trivy Vulnerability Scanner from Aqua Security Adopted by Leading Cloud Native Platforms|https://www.prnewswire.com/news-releases/trivy-vulnerability-scanner-from-aqua-security-adopted-by-leading-cloud-native-platforms-301022747.html]]|Containers Registry|
|2020.03.17|Slicon Angle|[[Aqua Security debuts open-source container image registry scanner|https://siliconangle.com/2020/03/17/aqua-security-debuts-open-source-container-image-registry-scanner/]]|Containers Registry|
|2020.03.16|//Commvault//[>img[iCSF/flag_fr.png]]|[[Gérer la complexité pour exploiter tout le potentiel de la reprise après sinistre multi-cloud|https://www.globalsecuritymag.fr/Gerer-la-complexite-pour-exploiter,20200311,96561.html]]|DRaaS|
!"//Continuous Auditing and Continuous Certification//"
[>img(150px,auto)[iCSA/K3KBC.jpg]]Article de blog publié le 20 mars 2020 — Rédigé par Alain Pannetrat, Senior Researcher CSA et fondateur de Omzlo.com
<<<
//For some cloud customers in sensitive or highly-regulated industries, such as banking or healthcare, "traditional" annual or bi-annual audits do not provide enough assurance to move to the cloud. To address the concerns of this segment of the industry, the Cloud Security Alliance is building STAR Continuous: an innovative framework designed to provide assurance to customers on a monthly, daily or even hourly basis.
The foundation of STAR Continuous is continuous auditing: the continuous evaluation of certain characteristics of an information system, mostly by automated means, in order to get near real-time assurance. Continuous audits can be used as a basis for a novel type of certification (or attestation) as well as for self-assessments. In many ways, the industry is already doing continuous auditing. Yet cloud customers cannot fully take advantage of it, due to lack of relevant standards and best practices.
Read on to learn more about the genesis and purpose of STAR Continuous.
!When a certification or an attestation is not good enough
[>img(320px,auto)[iCSA/K3KBC.png]]Certification and attestation schemes such as those offered by the CSA Open Certification Framework (OCF), ISO/IEC, or AICPA, have strongly contributed to the success of the cloud by providing many cloud customers the necessary assurance that the cloud service they are using meet relevant security requirements. These schemes rely on annual or biannual audits conducted by trusted independent auditors. However, for some cloud customers in sensitive or highly-regulated industries, such as banking or healthcare, the time elapsed between annual or bi-annual third-party audits is perceived as a "blind spot": a much more frequent level of scrutiny is required.
Over the years, CSA has participated in several research initiatives with industry, public bodies and academia in order to develop new certification tools providing a more continuous level of assurance. Recently, as part of the European Commission-funded project EU-SEC+++*[»]> https://www.sec-cert.eu/ ===, CSA participated in a pilot for the continuous certification of a cloud service for a major Spanish financial institution (LaCaixa) and successfully demonstrated the feasibility of providing continuous assurance to demanding cloud customers.
The continuous certification scheme CSA has developed extends a "traditional" certification scheme with a continuous process of automated checks. The whole process can be summarised in two consecutive phases: an initialisation phase and a continuous audit phase.
__''Initialisation phase:''__
The CSP undergoes a traditional third-party audit in order to obtain a certification or attestation. In addition, the CSP defines:
* A continuous certification target which comprises a set of security objectives, each associated with a policy that defines the assessment frequency (e.g. check every 4 hours).
* A set of tools capable of verifying that the security objectives are fulfilled..
The third party auditor involved in the certification checks:
* That the defined continuous certification target covers a satisfactory scope of the certified information system.
* That the reporting tools are trustworthy and fit-for-purpose.
* If this process is successful the continuous certification target is transmitted to the certification authority (i.e. CSA), which creates a corresponding entry for the cloud service in a dedicated public registry of continuously certified cloud services.
__''Continuous audit phase:''__
The third-party auditor periodically performs checks to confirm that the assessment tools are trustworthy (e.g. integrity checks).
The assessment tools continuously reports back to the certification authority (i.e. CSA) through a dedicated API the results of the assessment of each defined security objective, according to the frequency defined in policies within the continuous certification target:
* If a CSP reports in due time that all security objectives are met, the cloud service is marked as "compliant" in the corresponding entry in the public registry.
* If a CSP reports non-compliances or if the CSP fails to report about security objectives in due time, the entry will ultimately be removed from the public registry if the situation is not resolved with a predefined period of time.
It's important to note that the public registry (STAR) will not provide details of non-compliances in order not to potentially compromise the security cloud services under scrutiny.
CSA's research has highlighted that one of the biggest challenge in the process outlined above is the definition of the continuous certification target, and in particular the set security objectives that are used to assess an information system.
Let's see why.
!!Security Level Objectives and Security Qualitative Objectives
Traditional certification typically relies on control frameworks such as the CSA Cloud Control Matrix or ISO/IEC 27002. These frameworks contain high-level control objectives that are interpreted by humans and translated into applicable technical or organisational security controls. This process is slow and complex and cannot be conducted on a daily or hourly basis. On the other hand, at least some of the applicable technical or organisational security controls can be evaluated automatically and frequently, if we are able to express them as quantifiable or qualifiable attributes of an information system, associated to metrics and expected results.
Thinking in terms of quantifiable or qualifiable attributes, metrics and expected results is, in fact, a familiar concept in the cloud, as embodied through Service Level Agreements (SLA), where cloud providers express expected results usually related to performance attributes of a cloud service, along with the metrics used to assess them. What has been done for performance in SLAs can also be done for security and the standardisation community has been working to build Security Level Agreements for cloud computing through the development of ISO/IEC 19086+++*[»]> https://www.iso.org/standard/67545.html ===.
The continuous certification scheme CSA has developed uses ISO/IEC 19086 as a foundation, using its well-defined terminology and conceptual model. The standard notably defines 3 important concepts:
* Metric: a standard of measurement that defines the conditions and the rules for performing the measurement and for understanding the results of a measurement.
* Cloud service level objective (SLO): commitment a cloud service provider (ISO/IEC 17788:2014, 3.2.15) makes for a specific, quantitative characteristic of a cloud service (ISO/IEC 17788:2014, 3.2.8), where the value follows the interval scale or ratio scale.
* Cloud service qualitative objective (SQO): commitment a cloud service provider (ISO/IEC 17788:2014, 3.2.15) makes for a specific, qualitative characteristic of a cloud service (ISO/IEC 17788:2014, 3.2.8), where the value follows the nominal scale or ordinal scale.
Consider for example, as a control objective, the need to define and regularly test business continuity plans. At a high level, such a control objective is difficult to quantify or measure explicitly, with a corresponding expected result. At a lower level however, we can identify many useful technical attributes of an information system that can be used to highlight the strength of business continuity plans. For instance, the number of successful backup restoration simulated per month/week, the recovery point actual, or data durability. Each one of these attributes can be tested and measured according to a metric, and corresponding objectives can be set. Moreover, these attributes can be tested automatically and regularly.
It turns out that this work of translating high-level control objectives into SLOs and SQOs is hard, due to the absence of existing guidance in the field. Just like we did for traditional certification through the creation of control frameworks, we now need to create standards for security attributes, metrics, SLOs and SQOs in order to enable the practical deployment of continuous audit-based certification.
!!It's also a tool for self-assessment
The usefulness of a continuous auditing framework is clearly not limited to third-party certification for customers in sensitive industries. In fact, such a framework could be just as important and useful for organisations wishing to perform a continuous assessment of their cloud assets.
Again this will only reach its true potential if there is a standard set of security attributes, metrics, SLOs and SQOs that the industry adopts as a reference for continuous auditing, giving practitioners a meaningful reference to assess and relate the security of competing cloud services.
With the right platform, we can well imagine a continuous audit-based self-assessment that mirrors what the CSA CAIQ is doing today as a point-in-time assurance tool.
!!Continuous is already there
One major IaaS provider recently joked with us that there is never a day in the year where there is not at least one external auditor setting a foot in their data centres.
In order to do business today, cloud providers are obliged to be compliant with dozens of compliance schemes, both international and regional, or sector specific, such as ISO 27001, AICPA SOC, CSA STAR, PCI DSS, FedRamp, FISMA, HIPAA, or BSI C5 just to name a few. There is a lot of overlap in security requirements between these various assurance schemes. As a result, cloud service providers are under "continuous" scrutiny.
Moreover, as a natural part of information security management, most cloud providers and customers are using security tools that continuously assess the security of their information systems. Cloud security tool vendors have developed a rich set of data points and assessment mechanisms to address industry requirements. In many ways, what we call SQOs, SLOs and metrics, already exist, albeit under different names.
Unfortunately many of these efforts remain invisible to cloud customers, due to the lack of supporting standards and best practices.
!!What Cloud Security Alliance is doing
By creating STAR Continuous, the Cloud Security Alliance aims to build the next generation of certification and self-assessment tools, based on a continuous auditing.
In this process, we established the following goals:
* Capitalise on existing standards, such as ISO/IEC 19086, avoid reinventing the wheel.
* Be technological neutral: continuous auditing tools should be freely selectable by the industry, as long as they can demonstrate that they are trustworthy and fit-for-purpose.
* Strike a balance between transparency and security, while providing continuous assurance to all cloud customers.
* Complement but not replace traditional certification.
In the context of this effort, the Cloud Security Alliance is launching a new initiative dedicated to the definition of security attributes and metrics associated with the control objectives defined within our Cloud Control Matrix (CCM), the CSA Continuous Audit Metrics Working Group.
We are now seeking the help of cloud customers, cloud providers, security tool vendors, auditors and all relevant experts in order to define the very first industry-wide catalogue of security attributes and metrics for continuous auditing.//
[...]
<<<
__Lien :__
* blog original en anglais ⇒ ''[[CloudSecurityAlliance.fr/go/k3kb/|https://CloudSecurityAlliance.fr/go/k3kb/]]''
!"//Circle : la plateforme collaborative de la CSA//"
[>img[iCSA/CircleCSA.png]]Après une phase de test, la plateforme collaborative [[CSA Circle]] est maintenant ouverte à tous.
Si vous vous intéressez au ''Cloud Computing et à la sécurité'', et si vous souhaitez rejoindre une communauté de personnes avec le même centre d'intérêt que vous, ... la plateforme [[Circle|CSA Circle]] est faite pour vous.
Vous y retrouverez :
* les annonces de notre [[Chapitre Français|CSA-FR]]
* les points d'entrée vers tous les [[Groupes de Travail]] de la [[Cloud Security Alliance]]
* la possibilité de recevoir toutes les informations dès leur parution ou sous la forme d'un email quotidien
* une communauté de partage ''Cloud Computing et sécurité''
Cette plateforme [[Circle|CSA Circle]] a également pour objectif de remplacer :
* les groupes [[LinkedIN]], utilisés depuis la création de la CSA il y a plus de 10 ans
* la plateforme ''Basecamp'', utilisée par de nombreux groupes de travail pour le partage de document
* les autres plateformes de partage comme ''GoogleDocs'' ou autre
|!Le conseil du jour : ''inscrivez-vous sur [[Circle|CSA Circle]]'' ⇒ ''[[CloudSecurityAlliance.fr/go/Circle/|https://CloudSecurityAlliance.fr/go/Circle/]]''|
[>img[iCSA/CircleCSA.png]]<<tiddler [[CSA Circle]]>>[img(40%,1px)[iCSF/BluePixel.gif]]
Lien vers [[CSA Circle]] ⇒ ''[[CloudSecurityAlliance.fr/go/Circle/|https://CloudSecurityAlliance.fr/go/Circle/]]''
[img(40%,1px)[iCSF/BluePixel.gif]]
!"//Top 5 Latest Cloud Security Hacks and How You Can Avoid Them//"
[>img(250px,auto)[iCSA/K3HWT.png]]Webinar [[CloudBytes]] diffusé le 17 mars 2020 — Présenté par Roger Grimes, Data-Driven Defense Evangelist, société KnowBe4
<<<
//Most people know that cloud security overall is often better than traditional on-premise security. However, that doesn't mean that cloud products can't be hacked or misconfigured even if you are using the best security practices. Social engineering is the number one threat to your cloud security that nobody is talking about, and your users are the last line of defense against these hacks!
Join Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, as he breaks down the ways that bad actors can get around even the most up-to-date cloud security defenses and what you can do to keep your cloud safe. He'll discuss:
* Top 5 hacks the bad guys can use to get around your cloud security defenses
* How to defend your organization against these hacks
* The role that your users play in an effective defense strategy
* How to spot (and stop) these types of attacks before it's too late
Attend this webinar to learn about various cloud hacks and how they compromise security, and what you can do to help better defend against them!//
<<<
⇒ S'inscrire au Webinar de 60 minutes [[sur le site de BrightTALK|https://CloudSecurityAlliance.fr/go/k3hw/]].
!"//Registration Now Open for SECtember, Cloud Security Alliance's Premier Event//"
[>img(300px,auto)[iCSA/202009US-SECtember.png]]Les inscriptions pour la conférence [[SECtember]] de la mi septembre 2020 sont maintenant ouvertes !
Les frais de participation dépendant de la date d'inscription :
* 995$, soit environ 900€, jusqu'au 28 mai 2020
* 1.195$, soit environ 1.080€, jusqu'au 4 septembre 2020
* 1.495$, soit environ 1.350€, ensuite.
<<<
//''Annual conference to provide global perspective on strategic cloud, cybersecurity issues''
SEATTLE - March 16, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today that registration has opened for [[SECtember]](Seattle, Sept. 14-18, 2020), the first global event dedicated to the intersection of cloud and cybersecurity.
This premier event will bring together thought leaders from five continents to provide a global perspective on strategic cloud and cybersecurity issues and deliver state-of-the-art educational activities.
Those interested in attending are encouraged to register now and take advantage of early registration pricing ($995) through May 29. Afterward, rates will increase to $1,195 through Sept. 4, at which time late registration pricing ($1,495) will go into effect through Sept. 18.
"[[SECtember]] promises to provide attendees with unparalleled learning opportunities thanks to the event's proximity to the headquarters of several large enterprise organizations and tech giants. As a result, [[SECtember]] will be able to feature in-depth trainings, networking opportunities and expert-led sessions from some of the brightest minds in the cloud and cybersecurity sector," said Jim Reavis, co-founder and CEO, Cloud Security Alliance.
The event will provide attendees with the chance to upskill their cloud security knowledge through an enhanced roster of training, including:
* Certificate of Cloud Security Knowledge (CCSK) Foundation (1-day course offered on both Sept. 14 and Sept. 15)
* Certificate of Cloud Auditing Knowledge (Sept. 15)
* Certificate of Cloud Security Knowledge - Plus - Azure (Sept. 14-15)
* Certificate of Cloud Security Knowledge - Plus - AWS (Sept. 14-15)
* Advanced Cloud Security Practitioner (Sept. 14-15)
[[SECtember]] will also feature numerous opportunities to access to Seattle's leading technology and cybersecurity companies. Organizations and governments seeking to send delegations to maximize the benefits of this unique conference will also benefit from various executive briefings that will be held over the course of the five-day event.//
[...]
<<<
__Lien :__
⇒ ''[[CloudSecurityAlliance.fr/go/k3gc/|https://CloudSecurityAlliance.fr/go/k3gc/]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #55|2020.03.15 - Newsletter Hebdomadaire #55]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #55|2020.03.15 - Weekly Newsletter - #55]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.03.15 - Newsletter Hebdomadaire #55]]>> |<<tiddler [[2020.03.15 - Weekly Newsletter - #55]]>> |
!!1 - Informations CSA de la semaine du 9 au 15 mars 2020
* Remise sur les cours en ligne de la CSA jusqu'au 30 avril+++*[»]> <<tiddler [[2020.03.09 - Remise sur les cours en ligne de la CSA]]>>=== [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* Sondage sur la technologie CASB d'ici au 20 avril+++*[»]> <<tiddler [[2020.03.09 - Sondage sur la technologie CASB]]>>===
* Sondage sur la sensibilisation à la cryptographie quantique d'ici au 27 avril+++*[»]> <<tiddler [[2020.03.09 - Sondage sur la sensibilisation à la cryptographie quantique]]>>===
* Publication : Gestion des risques pour les équipements médicaux connectés+++*[»]> <<tiddler [[2020.03.12 - Publication : Gestion des risques pour les équipements médicaux connectés]]>>===
* Webinar CloudBytes 'Top 5 Latest Cloud Security Hacks' le 17 mars+++*[»]> <<tiddler [[2020.03.17 - Webinar : 'Top 5 Latest Cloud Security Hacks and How You Can Avoid Them']]>>===
* Ouverture des inscriptions pour la conférence SECtember de septembre 2020+++*[»]> <<tiddler [[2020.03.16 - Ouverture des inscriptions pour la conférence SECtember]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.03.15 - Veille Hebdomadaire - 15 mars]] avec plus d'une soixantaine de liens dont :
* Références : mise à jour de recommandations de l'ACSC+++*[»]>
|2020.03.09|ACSC (AU)|[[Cloud Computing Security for Cloud Service Providers|https://www.cyber.gov.au/publications/cloud-computing-security-for-cloud-service-providers]] ([[PDF|https://www.cyber.gov.au/sites/default/files/2020-03/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28March%202020%29.pdf]])|Guidelines|
|2020.03.09|ACSC (AU)|[[Cloud Computing Security for Tenants|https://www.cyber.gov.au/publications/cloud-computing-security-for-tenants]] ([[PDF|https://www.cyber.gov.au/sites/default/files/2020-03/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28March%202020%29.pdf]])|Guidelines|
===
* Etudes et rapports : A10 Networks+++*[»]>
|2020.03.13|//A10 Networks//|[[The State of DDoS Weapons|https://www.a10networks.com/marketing-comms/reports/state-ddos-weapons/]]|DDoS|
|2020.03.13|Dark Reading| → [[DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile|https://www.darkreading.com/iot/ddos-attack-trends-reveal-stronger-shift-to-iot-mobile/d/d-id/1337318]]|Report|
===, Axonius+++*[»]>
|2020.03.10|//Axonius//|[[Combatting Complexity by Focusing on Fundamentals: New Study from Axonius and ESG Uncovers IT Megatrends Driving Decreased Asset Visibility, Increased Risk|http://www.prweb.com/releases/combatting_complexity_by_focusing_on_fundamentals_new_study_from_axonius_and_esg_uncovers_it_megatrends_driving_decreased_asset_visibility_increased_risk/prweb16968933.htm]] ([[téléchargement|https://info.axonius.com/2020-asset-management-trends-esg-ebook]])|Report Axonius|
|2020.03.10|Solutions Review| → [[Axonius: 69 Percent of Enterprises Have a Cloud Visibility Gap|https://solutionsreview.com/cloud-platforms/axonius-69-percent-of-enterprises-have-a-cloud-visibility-gap/]]|Report Axonius|
|2020.03.10|BetaNews| → [[IT teams struggle with asset visibility and management|https://betanews.com/2020/03/10/it-asset-management-struggle/]]|Report Axonius|
|2020.03.13|Help Net Security| → [[Cloud + BYOD + IoT = major security gaps|https://www.helpnetsecurity.com/2020/03/13/major-security-gaps/]]|Report Axonius|
===, Volterra+++*[»]>
|2020.03.09|//Volterra//|[[Infrastructure and Security Challenges Threaten Multi-Cloud and Edge Deployments, New Survey from Volterra Shows|https://www.volterra.io/company/news/infrastructure-security-challenges-threaten-multi-cloud-edge-deployments/]]|Report Volterra|
|2020.03.09|VMblog| → [[Infrastructure and Security Challenges Threaten Multi-Cloud and Edge Deployments, New Survey from Volterra Shows|https://vmblog.com/archive/2020/03/09/infrastructure-and-security-challenges-threaten-multi-cloud-and-edge-deployments-new-survey-from-volterra-shows.aspx]]|Report Volterra|
|2020.03.11|Help Net Security| → [[Multi-cloud and edge deployments threatened by security and connectivity problems|https://www.helpnetsecurity.com/2020/03/11/multi-cloud-deployments/]]|Report Volterra|
===, Netwrix+++*[»]>
|2020.02.25|//Netwrix//|[[2020 Data Risk & Security Report (pdf)|https://www.netwrix.com/download/collaterals/2020_data_risk_security_report.pdf]]|Report|
===
* Fuite de données : Open Exchange Rates+++*[»]>
|2020.03.12|//Open Exchange Rates//|[[Notice of Data Breach|https://pastebin.com/raw/AzDPAN9N]] ([[email|https://twitter.com/SylvieLorxu/status/1238149687200358401]])|Data_Breach AWS Third_Party|
|2020.03.13|Security Week| → [[Currency Data Provider 'Open Exchange Rates' Discloses Breach|https://www.securityweek.com/currency-data-provider-open-exchange-rates-discloses-breach]]|Data_Breach AWS Third_Party|
===
* __Divers__ : Backup dans le Cloud, Bottlerocket nouveau système d'exploitation AWS en open source+++*[»]>
|2020.03.10|//AWS//|[[Bottlerocket - Open Source OS for Container Hosting|https://aws.amazon.com/blogs/aws/bottlerocket-open-source-os-for-container-hosting/]]|AWS Operating_System|
|2020.03.11|CBR Online| → [[AWS's New Open Source OS "Bottlerocket": A Baby RHEL Competitor?|https://www.cbronline.com/news/aws-operating-system-bottlerocket]]|AWS Operating_System|
|2020.03.12|//Cloud Management Insider//| → [[AWS launches Open Source OS for Containers|https://www.cloudmanagementinsider.com/aws-launches-bottlerocket/]]|AWS Operating_System|
===, et toujours des articles sur l'analyse des risques dans le Cloud, la sécurité des containers, de Kubernetes, et le Zero-Trust
!CSA News and Updates - March 9th to 15th
* Price Reduction for Online CSA Educational Programs until April 30^^th+++^*[»] <<tiddler [[2020.03.09 - Remise sur les cours en ligne de la CSA]]>>=== [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* 'Expectations and Evolution of CASBs' CSA survey opens until March 30^^th+++^*[»] <<tiddler [[2020.03.09 - Sondage sur la technologie CASB]]>>===
* 'Quantum-Safe Solutions' CSA survey opens until March 30^^th+++^*[»] <<tiddler [[2020.03.09 - Sondage sur la sensibilisation à la cryptographie quantique]]>>===
* 'Managing the Risk for Medical Devices Connected to the Cloud" CSA publication+++*[»]> <<tiddler [[2020.03.12 - Publication : Gestion des risques pour les équipements médicaux connectés]]>>===
* The 'Top 5 Latest Cloud Security Hacks' CloudBytes webinar will teka place on March 17^^th+++^*[»] <<tiddler [[2020.03.17 - Webinar : 'Top 5 Latest Cloud Security Hacks and How You Can Avoid Them']]>>===
* Registration Now Open for SECtember 2020+++*[»]> <<tiddler [[2020.03.16 - Ouverture des inscriptions pour la conférence SECtember]] ===
!Cloud and Security News Watch
[[Over 60 links|2020.03.15 - Veille Hebdomadaire - 15 mars]] among which:
* References: updates of some ACSC guidelines+++*[»]>
|2020.03.09|ACSC (AU)|[[Cloud Computing Security for Cloud Service Providers|https://www.cyber.gov.au/publications/cloud-computing-security-for-cloud-service-providers]] ([[PDF|https://www.cyber.gov.au/sites/default/files/2020-03/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28March%202020%29.pdf]])|Guidelines|
|2020.03.09|ACSC (AU)|[[Cloud Computing Security for Tenants|https://www.cyber.gov.au/publications/cloud-computing-security-for-tenants]] ([[PDF|https://www.cyber.gov.au/sites/default/files/2020-03/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28March%202020%29.pdf]])|Guidelines|
===
* Surveys and reports: A10 Networks+++*[»]>
|2020.03.13|//A10 Networks//|[[The State of DDoS Weapons|https://www.a10networks.com/marketing-comms/reports/state-ddos-weapons/]]|DDoS|
|2020.03.13|Dark Reading| → [[DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile|https://www.darkreading.com/iot/ddos-attack-trends-reveal-stronger-shift-to-iot-mobile/d/d-id/1337318]]|Report|
===, Axonius+++*[»]>
|2020.03.10|//Axonius//|[[Combatting Complexity by Focusing on Fundamentals: New Study from Axonius and ESG Uncovers IT Megatrends Driving Decreased Asset Visibility, Increased Risk|http://www.prweb.com/releases/combatting_complexity_by_focusing_on_fundamentals_new_study_from_axonius_and_esg_uncovers_it_megatrends_driving_decreased_asset_visibility_increased_risk/prweb16968933.htm]] ([[téléchargement|https://info.axonius.com/2020-asset-management-trends-esg-ebook]])|Report Axonius|
|2020.03.10|Solutions Review| → [[Axonius: 69 Percent of Enterprises Have a Cloud Visibility Gap|https://solutionsreview.com/cloud-platforms/axonius-69-percent-of-enterprises-have-a-cloud-visibility-gap/]]|Report Axonius|
|2020.03.10|BetaNews| → [[IT teams struggle with asset visibility and management|https://betanews.com/2020/03/10/it-asset-management-struggle/]]|Report Axonius|
|2020.03.13|Help Net Security| → [[Cloud + BYOD + IoT = major security gaps|https://www.helpnetsecurity.com/2020/03/13/major-security-gaps/]]|Report Axonius|
===, Volterra+++*[»]>
|2020.03.09|//Volterra//|[[Infrastructure and Security Challenges Threaten Multi-Cloud and Edge Deployments, New Survey from Volterra Shows|https://www.volterra.io/company/news/infrastructure-security-challenges-threaten-multi-cloud-edge-deployments/]]|Report Volterra|
|2020.03.09|VMblog| → [[Infrastructure and Security Challenges Threaten Multi-Cloud and Edge Deployments, New Survey from Volterra Shows|https://vmblog.com/archive/2020/03/09/infrastructure-and-security-challenges-threaten-multi-cloud-and-edge-deployments-new-survey-from-volterra-shows.aspx]]|Report Volterra|
|2020.03.11|Help Net Security| → [[Multi-cloud and edge deployments threatened by security and connectivity problems|https://www.helpnetsecurity.com/2020/03/11/multi-cloud-deployments/]]|Report Volterra|
===, Netwrix+++*[»]>
|2020.02.25|//Netwrix//|[[2020 Data Risk & Security Report (pdf)|https://www.netwrix.com/download/collaterals/2020_data_risk_security_report.pdf]]|Report|
===
* Data leaks: Open Exchange Rates+++*[»]>
|2020.03.12|//Open Exchange Rates//|[[Notice of Data Breach|https://pastebin.com/raw/AzDPAN9N]] ([[email|https://twitter.com/SylvieLorxu/status/1238149687200358401]])|Data_Breach AWS Third_Party|
|2020.03.13|Security Week| → [[Currency Data Provider 'Open Exchange Rates' Discloses Breach|https://www.securityweek.com/currency-data-provider-open-exchange-rates-discloses-breach]]|Data_Breach AWS Third_Party|
===
* __Miscellaneous__ : Backups in the Cloud, Bottlerocket new AWS open source operating systems+++*[»]>
|2020.03.10|//AWS//|[[Bottlerocket - Open Source OS for Container Hosting|https://aws.amazon.com/blogs/aws/bottlerocket-open-source-os-for-container-hosting/]]|AWS Operating_System|
|2020.03.11|CBR Online| → [[AWS's New Open Source OS "Bottlerocket": A Baby RHEL Competitor?|https://www.cbronline.com/news/aws-operating-system-bottlerocket]]|AWS Operating_System|
|2020.03.12|//Cloud Management Insider//| → [[AWS launches Open Source OS for Containers|https://www.cloudmanagementinsider.com/aws-launches-bottlerocket/]]|AWS Operating_System|
===, some other articles on risk analysis, containers security, Kubernetes, and Zero-Trust
|!⇒ [[CloudSecurityAlliance.fr/go/K3F/|https://CloudSecurityAlliance.fr/go/K3F/]] |
<<tiddler [[arOund0C]]>>
|!Mars|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.03.15|
|2020.03.15|Chrstophe Parisel|![[Embracing "native"? security in Azure|https://www.linkedin.com/pulse/embracing-native-security-azure-christophe-parisel/]] |Azure|
|2020.03.15|MSSP Alert|[[Zero Trust Security Explained|https://www.msspalert.com/cybersecurity-research/zero-trust-security-explained/]]|Zero_Trust|
|2020.03.15|AppFleet|[[Kubernetes Authentication|https://appfleet.com/blog/kubernetes-authentication/]]|K8s Authentication|
|>|>|>|!2020.03.14|
|2020.03.14|Bleeping Computer|[[BlackWater Malware Abuses Cloudflare Workers for C2 Communication|https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/]]|Malware COVID-19|
|2020.03.17|SC Magazine| → [[COVID-19 decoy doc, Cloudflare service used to spread 'BlackWater' malware|https://www.scmagazine.com/home/security-news/malware/covid-19-decoy-doc-cloudflare-service-used-to-spread-blackwater-malware/]]|Malware COVID-19|
|2020.03.14|Medium|[[HTTP Desync Attacks with Python and AWS|https://medium.com/@emilefugulin/http-desync-attacks-with-python-and-aws-1ba07d2c860f]]|AWS Attacks|
|2020.03.14|//Rancher//|[[Enhancing Kubernetes Security with Pod Security Policies, Part 1|https://rancher.com/blog/2020/pod-security-policies-part-1]] (1/2)|K8s|
|2020.03.14|//Varonis//|[[13 Must-Know Office 365 PowerShell Commands|https://www.varonis.com/blog/office-365-powershell-commands/]]|O365 PowerShell|
|>|>|>|!2020.03.13|
|2020.03.13|DZone|[[A Sneak Peek Into Amazon Web Services Cloud (AWS)|https://dzone.com/articles/a-sneak-peek-into-amazon-web-services-cloud-aws]]|AWS|
|2020.03.13|DevOps|[[Catch Emerging Security Risks Earlier by Leveraging Kubernetes Audit Logs|https://devops.com/catch-emerging-security-risks-earlier-by-leveraging-kubernetes-audit-logs/]]|K8s Logs|
|2020.03.13|Information Security Newspaper|[[List of 8 million people, their address, and phones, who bought something from eBay or Amazon|https://www.securitynewspaper.com/2020/03/13/list-of-8-million-people-their-address-and-phones-who-bought-something-from-ebay-and-amazon/]]|Data_Leak|
|2020.03.13|//A10 Networks//|[[The State of DDoS Weapons|https://www.a10networks.com/marketing-comms/reports/state-ddos-weapons/]]|DDoS|
|2020.03.13|Dark Reading| → [[DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile|https://www.darkreading.com/iot/ddos-attack-trends-reveal-stronger-shift-to-iot-mobile/d/d-id/1337318]]|Report|
|2020.03.13|Security Brief NZ|[[Cyber threats, rising costs, cloud integration - Dell reveals data trends|https://securitybrief.co.nz/story/cyber-threats-rising-costs-cloud-integration-dell-reveals-data-trends]]|Report Dell|
|2020.03.13|//Nuageo//[>img[iCSF/flag_fr.png]]|[[Calculer les gains du Cloud|https://www.nuageo.fr/2020/03/livre-blanc/]]|Misc|
|2020.03.13|//Aqua Security//|[[3 new rules of cloud-native application security|https://techbeacon.com/security/3-new-rules-cloud-native-application-security]]|Cloud_Native|
|2020.03.13|//PaloAlto Networks//|[[The Art of Automation: Creating Threat Intelligence Bots in the Cloud|https://blog.paloaltonetworks.com/2020/03/cloud-threat-intelligence-bot/]]|Threat_Intelligence|
|2020.03.13|//Park my Cloud//|[[AWS EBS Volume Types & What to Use Them For|https://www.parkmycloud.com/blog/ebs-volume-types/]]|AWS Storage|
|2020.03.13|//HyperProof//|[[The Four Signs of an Effective Compliance Program: Quality, Consistency, Oversight and Efficiency|https://hyperproof.io/resource/four-signs-of-an-effective-compliance-program/]]|Compliance|
|>|>|>|!2020.03.12|
|2020.03.12|Dark Reading|[[CASB 101: Why a Cloud Access Security Broker Matters|https://www.darkreading.com/theedge/casb-101-why-a-cloud-access-security-broker-matters/b/d-id/1337302]]|CASB|
|2020.03.12|The Daily Swigg|[[Google awards $100k to Dutch bug hunter for cutting-edge cloud security research|https://portswigger.net/daily-swig/google-awards-100k-to-dutch-bug-hunter-for-cutting-edge-cloud-security-research]]|GCP Bug_Bounty|
|2020.03.12|Information Security Newspaper| → [[Google pays $100k USD to an infosec researcher for reporting vulnerability in GCP|https://www.securitynewspaper.com/2020/03/12/google-pays-100k-usd-to-an-infosec-researcher-for-reporting-vulnerability-in-gcp/]]|GCP Bug_Bounty|
|2020.03.12|//ThreatPost//| → [[$100K Paid Out for Google Cloud Shell Root Compromise|https://threatpost.com/100k-google-cloud-shell-root-compromise/153665/]]|GCP Bug_Bounty|
|2020.03.12|DZone|[[Five Security Best Practices for Kubernetes Deployments|https://dzone.com/articles/five-security-best-practices-for-kubernetes-deploy]]|K8s|
|2020.03.12|DZone|[[Docker Without Root Privileges|https://dzone.com/articles/docker-without-root-privileges]]|Docker|
|2020.03.12|jdSupra|[[HIPAA Compliant Cloud Storage|https://www.jdsupra.com/legalnews/hipaa-compliant-cloud-storage-10059/]]|HIPPA|
|2020.03.12|DZone|[[Engineers Own Cloud Security and They Need Better Tools|https://dzone.com/articles/engineers-own-cloud-security-and-they-need-better]]|Misc|
|2020.03.12|//SANS//|[[Frequently Asked Questions - MGT516: Managing Security Vulnerabilities: Enterprise and Cloud|https://www.sans.org/blog/faqs-mgt516-managing-security-vulnerabilities-enterprise-and-cloud/]] ([[cursus MGT516|https://www.sans.org/course/managing-enterprise-cloud-security-vulnerabilities]])|Training|
|2020.03.12|//Microsoft Azure//|[[Use DMARC to validate email in Office 365|https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide]]|O365 DMARC|
|2020.03.12|Bleeping Computer| → [[Office 365 ATP To Block Email Domains That Fail Authentication|https://www.bleepingcomputer.com/news/security/office-365-atp-to-block-email-domains-that-fail-authentication/]]|O365 DMARC|
|2020.03.12|//Open Exchange Rates//|[[Notice of Data Breach|https://pastebin.com/raw/AzDPAN9N]] ([[email|https://twitter.com/SylvieLorxu/status/1238149687200358401]])|Data_Breach AWS Third_Party|
|2020.03.13|Security Week| → [[Currency Data Provider 'Open Exchange Rates' Discloses Breach|https://www.securityweek.com/currency-data-provider-open-exchange-rates-discloses-breach]]|Data_Breach AWS Third_Party|
|2020.03.12|//CyberArk Conjur//|[[Enhance your product's supportability with a logs-first approach|https://www.conjur.org/blog/enhance-your-products-supportability-with-a-logs-first-approach/]]|Logs|
|2020.03.12|//Forcepoint//|[[The Top Critical Features for Cloud Security Controls|https://www.forcepoint.com/blog/insights/forrester-andras-cser-policy-setting-controls-cloud-security]]|Controls|
|2020.03.12|//Alibaba Cloud//|[[Setting up HTTP to HTTPS Redirection with Alibaba Cloud Container Service|https://medium.com/@Alibaba_Cloud/setting-up-http-to-https-redirection-with-alibaba-cloud-container-service-6ed92137bc70]]|Alibaba_Cloud|
|2020.03.12|//Netwrix//|[[The Cloud Security Risk of Remote Workers, and How to Stop It|https://blog.netwrix.com/2020/03/12/the-cloud-security-risk-of-remote-workers-and-how-to-stop-it/]]|Remote_Security|
|2020.03.12|//MalwareBytes//|[[RemoteSec: achieving on-prem security levels with cloud-based remote teams|https://blog.malwarebytes.com/business-2/2020/03/remotesec-achieving-on-prem-security-levels-with-cloud-based-remote-teams/]]|Remote_Security|
|>|>|>|!2020.03.11|
|2020.03.11|UnderNews[>img[iCSF/flag_fr.png]]|[[Slack : comment garantir la sécurité les données ?|https://www.undernews.fr/reseau-securite/slack-comment-garantir-la-securite-les-donnees.html]]|Slack|
|2020.03.11|TL;DR Security|[[#26 - Learnings from Duo, Auto-healing Clouds, Fuzzing|https://tldrsec.com/blog/tldr-sec-026-duo-learnings-healing-clouds-fuzzing/]] |Weekly_Newsletter|
|2020.03.11|Container Journal|[[Unpacking Containers to Find Network Vulnerabilities|https://containerjournal.com/topics/container-security/unpacking-containers-to-find-network-vulnerabilities/]]|Containers Flaws|
|2020.03.11|DZone|[[Go Cloud, but Don't Forget to Backup Your Physical Servers and Data|https://dzone.com/articles/go-cloud-but-dont-forget-to-backup-your-physical-s]]|Backups Tools|
|2020.03.11|Analytics India Mag|[[What Makes Cloud Security Challenging For Cybersecurity Teams?|https://analyticsindiamag.com/what-makes-cloud-security-challenging-for-cybersecurity-teams/]]|Misc|
|2020.03.11|DevOps.com|[[The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1)|https://devops.com/the-devops-sweet-spot-inserting-security-at-pull-requests-part-1/]] (1/2)|DevSecOps|
|2020.03.11|arXiv.org|[[Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers|https://arxiv.org/pdf/2003.04498.pdf]] (pdf)|Rowhammer DRAM|
|2020.03.11|//Atempo, OVHcloud//|[[Atempo and OVHcloud sign a strategic partnership for a sovereign cloud solution|https://vmblog.com/archive/2020/03/11/atempo-and-ovhcloud-sign-a-strategic-partnership-for-a-sovereign-cloud-solution.aspx]]|Backups|
|2020.03.13|Silicon.fr[>img[iCSF/flag_fr.png]]| → [[Cloud souverain : Atempo et OVHcloud unis pour la sauvegarde en mode SaaS|https://www.silicon.fr/cloud-souverain-atempo-ovhcloud-335952.html]]|Backups|
|2020.03.11|//Coalfire//|[[Third Party Risk Management and the Cloud|https://www.coalfire.com/The-Coalfire-Blog/March-2020/Third-Party-Risk-Management-and-the-Cloud]]|Risk_Management|
|2020.03.11|//SpecterOps//|[[Through the Looking Glass - Part 1|https://posts.specterops.io/through-the-looking-glass-part-1-f539ae308512]] (1/2)|AWS Traffic_Mirroring|
|2020.03.11|//Spanning//|[[Risk Mitigation: How SaaS Backup Addresses Operational Risk|https://spanning.com/blog/risk-mitigation-how-saas-backup-addresses-operational-risk/]]|SaaS Backups|
|2020.03.11|//DivvyCloud//|[[Full Life Cycle Cloud Security|https://divvycloud.com/full-life-cycle-cloud-security/]]|Misc|
|2020.03.11|//Compare the Cloud//|[[Ensuring Security In An Era Of AI And Cloud Platforms|https://www.comparethecloud.net/articles/ensuring-security-in-an-era-of-ai-and-cloud-platforms/]]|Misc|
|2020.03.11|//Sensu//|[[Monitoring multi-cloud environments|https://blog.sensu.io/monitoring-multi-cloud-environments]]|Monitoring|
|2020.03.11|//OxygenForensics//|[[10 Quick Facts About Oxygen Forensic Cloud Extractor|https://www.forensicfocus.com/News/article/sid=3880/]]|Forensics|
|2020.03.11|//FireOak Strategy//|[[Increase performance and reduce system load by automatically excluding Office 365 traffic from your organization's split tunnel VPN|https://fireoakstrategies.com/split-tunnel-vpn/]]|O365 VPN|
|2020.03.11|//Google Cloud//|[[Important changes to less secure apps and account recovery management in the Admin console |https://gsuiteupdates.googleblog.com/2020/03/lsa-account-recovery-settings-changes.html]]|GCP|
|2020.03.11|//VMware//|[[Why Large Organizations Trust Kubernetes|https://tanzu.vmware.com/content/blog/why-large-organizations-trust-kubernetes]]|K8s Survey|
|>|>|>|!2020.03.10|
|2020.03.10|//AWS//|[[Bottlerocket - Open Source OS for Container Hosting|https://aws.amazon.com/blogs/aws/bottlerocket-open-source-os-for-container-hosting/]]|AWS Operating_System|
|2020.03.11|CBR Online| → [[AWS's New Open Source OS "Bottlerocket": A Baby RHEL Competitor?|https://www.cbronline.com/news/aws-operating-system-bottlerocket]]|AWS Operating_System|
|2020.03.12|//Cloud Management Insider//| → [[AWS launches Open Source OS for Containers|https://www.cloudmanagementinsider.com/aws-launches-bottlerocket/]]|AWS Operating_System|
|2020.03.10|//Axonius//|[[Combatting Complexity by Focusing on Fundamentals: New Study from Axonius and ESG Uncovers IT Megatrends Driving Decreased Asset Visibility, Increased Risk|http://www.prweb.com/releases/combatting_complexity_by_focusing_on_fundamentals_new_study_from_axonius_and_esg_uncovers_it_megatrends_driving_decreased_asset_visibility_increased_risk/prweb16968933.htm]] ([[téléchargement|https://info.axonius.com/2020-asset-management-trends-esg-ebook]])|Report Axonius|
|2020.03.10|Solutions Review| → [[Axonius: 69 Percent of Enterprises Have a Cloud Visibility Gap|https://solutionsreview.com/cloud-platforms/axonius-69-percent-of-enterprises-have-a-cloud-visibility-gap/]]|Report Axonius|
|2020.03.10|BetaNews| → [[IT teams struggle with asset visibility and management|https://betanews.com/2020/03/10/it-asset-management-struggle/]]|Report Axonius|
|2020.03.13|Help Net Security| → [[Cloud + BYOD + IoT = major security gaps|https://www.helpnetsecurity.com/2020/03/13/major-security-gaps/]]|Report Axonius|
|2020.03.12|jdSupra|[[Source Code Escrow Agreements Are Reaching For The Cloud|https://www.jdsupra.com/legalnews/source-code-escrow-agreements-are-73777/]]|Escrow Code|
|2020.03.10|//Forecepoint//|[[SASE Will Redefine Network and Cloud Security: So What Does it Mean?|https://www.forcepoint.com/forcepoint-gartner-sase-converging-network-cloud-security]]|SASE|
|2020.03.10|//JumpCloud//|[[Using IDaaS To Improve Security|https://jumpcloud.com/blog/idaas-improve-security/]]|IDaaS|
|2020.03.10|//Threatstack//|[[15 Cloud & Cloud Security Certifications for 2020|https://www.threatstack.com/blog/15-cloud-cloud-security-certifications-for-2020]]|Training Certification|
|2020.03.10|//AddWeb Solution//|[[DevSecOps - Incorporating The 10 Best Security Practices Of The Industry|https://addwebsolution.com/blog/devsecops-incorporating-ten-best-security-practices-industry]]|DevSecOps|
|2020.03.10|//Lacework//|[[Research Automation with ATT&CK & Python|https://www.lacework.com/automation-attck-python/]]|ATT&CK|
|>|>|>|!2020.03.09|
|2020.03.09|Dark Reading|[[Cyber Resiliency, Cloud & the Evolving Role of the Firewall|https://www.darkreading.com/cloud/cyber-resiliency-cloud-and-the-evolving-role-of-the-firewall/a/d-id/1337206]]|Resilience|
|2020.03.09|ACSC (AU)|[[Cloud Computing Security for Cloud Service Providers|https://www.cyber.gov.au/publications/cloud-computing-security-for-cloud-service-providers]] ([[PDF|https://www.cyber.gov.au/sites/default/files/2020-03/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28March%202020%29.pdf]])|Guidelines|
|2020.03.09|ACSC (AU)|[[Cloud Computing Security for Tenants|https://www.cyber.gov.au/publications/cloud-computing-security-for-tenants]] ([[PDF|https://www.cyber.gov.au/sites/default/files/2020-03/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28March%202020%29.pdf]])|Guidelines|
|2020.03.09|Daniel Hood|[[How to Embezzle Money Using Amazon AMIs|https://blog.iamwritingaboutsecurity.com/posts/how-to-embezzle-money/]]|AWS AMI|
|2020.03.09|arXiv.org|[[Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment|https://arxiv.org/pdf/2003.04163.pdf]] (pdf)|Storage Encryption|
|2020.03.09|//Volterra//|[[Infrastructure and Security Challenges Threaten Multi-Cloud and Edge Deployments, New Survey from Volterra Shows|https://www.volterra.io/company/news/infrastructure-security-challenges-threaten-multi-cloud-edge-deployments/]]|Report Volterra|
|2020.03.09|VMblog| → [[Infrastructure and Security Challenges Threaten Multi-Cloud and Edge Deployments, New Survey from Volterra Shows|https://vmblog.com/archive/2020/03/09/infrastructure-and-security-challenges-threaten-multi-cloud-and-edge-deployments-new-survey-from-volterra-shows.aspx]]|Report Volterra|
|2020.03.11|Help Net Security| → [[Multi-cloud and edge deployments threatened by security and connectivity problems|https://www.helpnetsecurity.com/2020/03/11/multi-cloud-deployments/]]|Report Volterra|
|2020.03.09|//Panorays//|[[Service Announcement: The Right Questions to Ask Your Vendors in Times of Large-Scale Remote Working|https://www.panorays.com/blog/service-announcement-the-right-questions-to-ask-your-vendors-in-times-of-large-scale-remote-working/]]|Third_Party Vendor_Assessment|
|2020.03.09|//Microsoft//|[[Top 5 ways your Azure AD can help you enable remote work|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/top-5-ways-your-azure-ad-can-help-you-enable-remote-work/ba-p/1144691]]|AzureAD|
|2020.03.09|Georgios Kapoglis|[[Fantastic AWS Attacks and Where to Find Them (vidéo)|https://www.youtube.com/watch?v=IOyV8ww-lKM]]|BSidesSF_2020 AWS Attcks|
|2020.03.09|//StackRox//|![[Azure Kubernetes (AKS) Security Best Practices Part 4 of 4: Cluster|https://www.stackrox.com/post/2020/03/azure-kubernetes-aks-security-best-practices-part-4-of-4/]] (4/4)|Azure Kubernetes Best_Practices|
!Managing the Risk for Medical Devices Connected to the Cloud
[>img(150px,auto)[iCSA/K3CPM.jpg]]Même si l'annonce a été faite, le site de la CSA ne permet d'accéder qu'au draft du document.
<<<
//Avec l'augmentation du nombre de dispositifs IoT, les prestataires de santé sont confrontés à la transformation numérique la plus importante qu'ils aient jamais connue.
La nouvelle génération d'appareils médicaux connectés est porteuse de la promesse de meilleurs soins pour les patients, de meilleures données cliniques, d'une plus grande efficacité et d'une diminution des coûts.
Cependant, elle présente également des risques accrus en matière de sécurité.
L'objectif de ce document est de présenter le concept de gestion des dispositifs médicaux en fonction de leur proximité avec le patient et d'introduire des pratiques visant à sécuriser l'utilisation du cloud pour les dispositifs médicaux.//
<<<
__Table des Matières :__//{{ss2col{
<<<
# Medical Device Security Life Cycle
## Pre-Purchase
## Post Purchase/Pre-Deployment
### Network
### Web Application Interface
### Wireless Communications
### Secure Communication Channels
## Deployment/Operations Management
### Devices with Zero Degrees of Separation
### Devices with One Degree of Separation
### Devices with Two Degrees of Separation
### Devices with Three Degrees of Separation
### Devices with Four Degrees of Separation
## Decommission/Disposal
# Recommendations and Conclusion
## Recommendations
## Conclusion/Need for further Studies
# References
<<<
}}}//__Liens :__
* Annonce 'Newest Cloud Security Alliance Paper Sheds Light on Best Practices for Managing Risks Associated with Cloud-Connected Medical Devices' ⇒ ''[[CloudSecurityAlliance.fr/go/k3cp/|https://CloudSecurityAlliance.fr/go/k3cp/]]''
* Document ⇒ ''[[CloudSecurityAlliance.fr/go/k3cw/|https://CloudSecurityAlliance.fr/go/k3cw/]]''
[img(50%,1px)[iCSF/BluePixel.gif]]
!"//Expectations and Evolution of CASBs//"
Un sondage est lancé par la CSA sur le sujet de la technologie CASB.
Son objectif est de mieux cerner le niveau d'attente des utilisateurs et leurs évolutions.
Le sondage est ouvert jusqu'au ''20 avril 2020'' et est hébergé sur la plateforme SurveyMonkey.
Afin de vous y préparer, les 28 questions posées sont disponibles+++*[ici]>
!!Intro
1. What inhibitors has your organization encountered in adopting or fully utilizing your cloud security vendor's technology? (Check all that apply)
* Inadequate staffing or staff expertise / Company culture / Solution complexity / Inadequate budget / Complexity in setting up / Solution usability / Lack of complete feature set / Poor support / None / Other (please specify)
2. What are your top 3 security projects to implement or improve by type? (Select up to 3)
* Network security / Cloud security / Endpoint security / Email security / Application security / Security awareness training / Insider threat management / Compliance / Other (please specify)
3. Where is your organization in the CASB procurement lifecycle?
* Initial research / Evaluating vendors / POC/pilot / Implementation / Operational / Not considering
!!Visibility
4. To your knowledge, where do your users keep sensitive data in the cloud? (Check all that apply)
* Microsoft Sharepoint Online/OneDrive / Google Drive / Box / SalesForce / Workday / AWS / Azure / ServiceNow / Unsure / N/A - no sensitive, organizational data in the cloud / Other (please specify)
5. Rate the importance of visibility features in CASB services.
* None / Low / importance / Medium importance / High importance
* Locate and track all cloud services accessed
* Discover sensitive data
* Assess cloud service compliance gaps
* Identify cloud usage by user or device
* Detect data traffic and usage of cloud services
* Detect user behavior activity
* Detect cloud-to-cloud activity (e.g. OAuth)
* Other (please specify)
6. Do you use CASB services for identifying any of the following? (Check all that apply)
* Data classification / Data sensitivity levels (e.g. contextual) / Data location / User profiles (e.g. privilege) / Device categorization / User behavior activity / Unauthorized access (e.g. location, network, threat) / Configuration errors in IaaS and PaaS / Compliance gaps / Other (please specify)
7. Rate how effective your CASB is with multi-cloud visibility across IaaS and PaaS usage.
* Unsure / Low / Medium / High
8. What visibility features are missing from CASB services?
* Details...
!!Compliance
9. Are you using a CASB effectively as your internal compliance tool?
* Yes / No / Unsure
10. Does your CASB effectively assist your organization in compliance with regulations and standards?
* Yes / No / Unsure
11. Does your CASB effectively assist with data residency requirements?
* Yes / No / Unsure
12. Which standards and regulations does your organization adhere to? (Check all that apply)
* GDPR / CCPA / HIPAA / PCI-DSS / FISMA/FedRAMP/DoD_8500.x / ISO / CSA CCM/STAR / NIST / None / Other (please specify)
13. Rate the level of importance for potential compliance features in a CASB.
* Unsure / Low / Medium / High
* Blocking of applications and services
* Automation of policy enforcement
* Bringing unapproved applications to compliance with regulation
* Recommend compensating controls
* Reporting compliance adherence
!!Data Security
14. What level of file sharing in the cloud is allowed by your organization?
* Public / External / Internal with all company domain / Internal with individual members / Private only
15. Rate how effective your CASB is at the following...
* Unsure / Low / Medium / High
* Prevent data exfiltration for approved apps
* Prevent data exfiltration for unapproved apps
* Prevent upload of sensitive data
* Prevent download of sensitive data
* Detect anomalies in user behaviors
* Protecting cloud users from account takeover
16. Rate how effective your CASB is at the following… (Unsure, Low, Medium, High)
* Unsure / Low / Medium / High
* Control user access from certain locations (countries, outside of corporate network, etc.)
* Control user access from unmanaged devices
* Discover/monitor sensitive data in the cloud (DLP)
* Govern cloud applications (Shadow IT visibility, OAuth apps control)
* Report on compliance gaps/violations
* Discover, assess and solve IaaS/PaaS misconfigurations (Cloud Security Posture Management)
17. Which of the below would most enhance your DLP program?
* Context-based controls (device, browser, network, location, etc.) / User role-based controls (privilege, VIP, etc.) / User behavior monitoring / Risk-based controls (threat intel, users targeted by cyberattacks, etc.) / Risk-aware incident response (prioritized to incidents based on access conditions and threat intelligence) / Fewer solutions to manage / Superior compliance management / Superior incident management workflows / ITSM and SIEM integrations / Other (please specify)
!!Threat Protection
18. What cybersecurity mechanism do you use to control user access?
* Secure Web Gateway / Next-gen firewall / Traditional VPN appliance / Cloud based VPN / Zero Trust/Always On VPN / CASB (API-based only) / CASB (API-based and Reverse Proxy) / CASB (API-based and Forward Proxy) / Other (please specify)
19. What type of security mechanism do you use to prevent malicious or non-compliant access?
* Network based access control / Multi Factor Authentication for VPN only / Multi Factor Authentication for VPN and cloud applications / Adaptive access controls (Conditional access, risk-based authentication, etc.) / MDM/Device posture and hygiene compliance / Zero Trust Network Access / Other (please specify)
20. Which identity and access management providers (IDaaS) do you deploy or plan to deploy? (Check all that apply)
* OneLogin / Okta / Microsoft Azure AD / Microsoft ADFS / Ping Identity / IDaptive / SecureAuth / ForgeRock / Auth0 / Other (please specify)
21. What multi-factor controls does your organization use?
* Standalone cloud delivered multi factor authentication provider / Standalone on-premise multi factor authentication provider / MFA included with Identity Provider / Risk-based authentication (2fa based on condition) / N/A
22. Rate how effective your CASB is at threat protection on each of the following.
* Unsure / Low / Medium / High
* Detecting cloud account takeover
* Detecting data breach
* Ingesting threat intelligence feeds
* Identifying malware
* Identifying and monitoring misconfigurations
23. Rate your CASB as an effective mechanism on the following abilities. - Unsure, Low, Medium, High
* Unsure / Low / Medium / High
* Detection
* Correlation
* Remediation
* Response
!!Demographics
24. What is the size of your organization?
* 1-50 employees / 51-500 employees / 501-1000 employees / 1001-5000 employees / 5001-10000 employees / 10000+ employees
25. What region do you work in?
* Americas / APAC (Asia, Pacific Islands) / EMEA (Europe, Middle East, Africa)
26. In what country do you work?
27. Which of the following best describes the principal industry of your organization?
28. What is your level or responsibility?
* C-level Executive / Manager / Staff
===
* Lien vers le sondage ⇒ ''[[CloudSecurityAlliance.fr/go/k39b/|https://CloudSecurityAlliance.fr/go/k39b/]]''
!"//QSS Awareness Survey 2020//"
Un sondage est lancé par la CSA sur le sujet de la cryptographie quantique.
Son objectif est de mieux cerner le niveau de sensibilisation aux questions de sécurité quantique et sur les approches qui peuvent être utilisées pour y répondre.
Le sondage est ouvert jusqu'au ''27 avril 2020'' et est hébergé sur la plateforme SurveyMonkey.
Afin de vous y préparer, les 11 questions posées sont disponibles+++*[ici]>
!!General Quantum-Safe Awareness
1. What would you rate your awareness of quantum computing technology's impact on data security?
* Very aware / Somewhat aware / A little aware / Not at all aware
2. When do you expect the quantum computing threat to be real?
* Right now / In 2-5 years / In 5-10 years / In 10-20 years / In 20+ years
3. How confident are you that current security approaches will keep your organization's data safe from quantum computing attacks?
* Not at all confident / A little confident / Somewhat confident / Very confident / Unsure
4. How would you rate the priority for preparing against the threat of the quantum computer?
* High priority / Moderate priority / Low priority / Not a priority
* 5. Are you or your company working or are planning to work on protecting your organisation against the future threat of quantum computers?
* Yes / No / Unsure
!!Not Implementing Quantum-Safe Technology
6. What is the main reason you are not implementing or are not planning to implement quantum-safe technologies in your organization?
* Not a priority / Unaware of existing solutions / It is too expensive / Lack of budget / No buy-in from upper management / Lack of standardization / Other (possibility to specify)
!!Familiarity with Quantum-Safe Solutions
7. Rate your level of agreement with the following statement: "There are currently quantum-safe technologies on the market that can help protect against quantum-based cyber-attacks."
* Strongly agree / Agree / Neither agree nor disagree / Disagree / Strongly disagree
* 8. Which of these quantum resistant technologies are you familiar with? (Select all that apply)?
* Quantum random number generator (QRNG) / Quantum key distribution (QKD) / Post Quantum algorithms / Longer symmetric keys / Longer hash functions / None of these
9. What would be the value for you of a more detailed analysis on the applications of these different technologies?
* High value / Moderate value / Low value / No value at all
10. When are you planning on adding Quantum-Safe Security as a requirement for your cryptography suppliers?
* Required now / In the next year / In 2-5 years / In 5+ years / No plans
11. Are you interested in learning more about quantum computers, the threat to data security, and quantum-safe solutions?
* Not at all interested / A little interested / Somewhat interested / Very interested
===
* Lien vers le sondage ⇒ ''[[CloudSecurityAlliance.fr/go/k39q/|https://CloudSecurityAlliance.fr/go/k39q/]]''
!"//Cloud Security Alliance Announces Temporary Price Reduction in Online Educational Programs//"
[>img(300px,auto)[iCSA/K39IC.jpg]]Compte tenu de la situation actuelle liée à la pandémie du coronavirus COVID-19, la CSA a annoncé le 9 mars 2020 une remise de 100 dollars sur tous les cours de formation en ligne proposés sur le CSA Knowledge Center.
Cette remise restera en vigueur jusqu'au 30 avril 2020.
__Lien :__
⇒ ''[[CloudSecurityAlliance.fr/go/k39t/|https://CloudSecurityAlliance.fr/go/k39t/]]
|[img(30px,auto)[iCSF/Francais.gif]] @@color:#014;font-size:125%;__[[Version française #54|2020.03.08 - Newsletter Hebdomadaire #54]]__@@ {{arOund{FRA}}} |[img(30px,auto)[iCSF/Anglais.gif]] @@color:#014;font-size:125%;__[[English Version #54|2020.03.08 - Weekly Newsletter - #54]]__@@ {{arOund{ENG}}} |
|<<tiddler [[2020.03.08 - Newsletter Hebdomadaire #54]]>> |<<tiddler [[2020.03.08 - Weekly Newsletter - #54]]>> |
!!1 - Informations CSA de la semaine du 2 au 8 mars 2020
* Actu : Report du Forum Securité@Cloud 2020+++*[»]> <<tiddler [[2020.03.03 - Report du Forum Securité@Cloud 2020 aux 23 et 24 septembre]]>>===
* Blog : Retour sur le CSA Summit à RSA 2020, parties 1+++*[»]> <<tiddler [[2020.03.02 - Blog : Retour sur le CSA Summit à RSA 2020 (1/2)]]>>=== et 2+++*[»]> <<tiddler [[2020.03.03 - Blog : Retour sur le CSA Summit à RSA 2020 (2/2)]]>>===
* Podcast : IoT et Régions Intelligentes, aspects de résilience+++*[»]> <<tiddler [[2020.03.02 - Podcast : 'IoT and SMART Nations - Building Resilience']]>>===
* Webinar : Inscriptions ouvertes pour le prochain CloudBytes 'Top 5 Latest Cloud Security Hacks'+++*[»]> <<tiddler [[2020.03.17 - Webinar : 'Top 5 Latest Cloud Security Hacks and How You Can Avoid Them']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.03.08 - Veille Hebdomadaire - 8 mars]] avec plus d'une soixantaine de liens dont :
* Etudes et rapports : AtScale+++*[»]>
|2020.03.04|//AtScale//|[[79% of Enterprises Want Better Integrated Security and Governance for Their Data in the Cloud|https://www.atscale.com/press/enterprises-security-governance-data-cloud/]] ([[rapport|https://www.atscale.com/resource/2020-big-data-analytics-maturity-survey-report/]])|Survey|
===
* Alertes : Zoho et Desktop Central+++*[»]>
<<tiddler [[2020.03.31 - Alertes]]>>
===,
* __Attaques__ : liste d'atttaques+++*[»]>
|2020.03.06|Dark Reading|[[7 Cloud Attack Techniques You Should Worry About|https://www.darkreading.com/cloud/7-cloud-attack-techniques-you-should-worry-about/d/d-id/1337259]]|Attacks|
===, noms de domaines (homoglyphes+++*[»]>
|2020.03.04|//Soluble//|![[Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomainsy|https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day]]|!DNS IDN_Homograph_Attack|
||Wikipedia| → [[IDN homograph attack|https://en.wikipedia.org/wiki/IDN_homograph_attack]]|!DNS IDN_Homograph_Attack|
|2020.03.04|Bleeping Computer| → [[Zero-Day Bug Allowed Attackers to Register Malicious Domains|https://www.bleepingcomputer.com/news/security/zero-day-bug-allowed-attackers-to-register-malicious-domains/]]|!DNS IDN_Homograph_Attack|
|2020.03.04|Security Week| → [[A Zero-Day Homograph Domain Name Attack|https://www.securityweek.com/zero-day-homograph-domain-name-attack]]|!DNS IDN_Homograph_Attack|
=== et Microsoft+++*[»]>
|2020.03.05|//Vullnerability//|[[670+ Subdomains of Microsoft are Vulnerable to Takeover (Lead to Account Takeover)|https://vullnerability.com/blog/microsoft-subdomain-account-takeover]] ([[vidéo|http://www.youtube.com/watch?v=Jg3mkLm2K2g]])|!DNS Attacks|
|2020.03.05|Security Week| → [[Over 600 Microsoft Subdomains Can Be Hijacked: Researchers|https://www.securityweek.com/over-600-microsoft-subdomains-can-be-hijacked-researchers]]|!DNS Attacks|
|2020.03.05|Dark Reading| → [[Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover|https://www.darkreading.com/vulnerabilities---threats/researchers-find-670+-microsoft-subdomains-vulnerable-to-takeover/d/d-id/1337246]]|!DNS Attacks|
===), Ransomware et backups dans le Cloud+++*[»]>
|2020.03.03|Bleeping Computer|![[Ransomware Attackers Use Your Cloud Backups Against You|https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/]]|Ransomware|
===
* __Divers__ : CASB+++*[»]>
|2020.03.02|//Nuageo//[>img[iCSF/flag_fr.png]]|[[CASB, la nouvelle star de l'écosystème Cloud?|https://www.nuageo.fr/2020/03/casb-star-ecosysteme-cloud/]]|CASB|
|2020.03.03|//Cisco//|[[What is CASB?|https://umbrella.cisco.com/blog/2020/03/03/what-is-casb/]]|CASB|
===, groupe de travail ENISA+++*[»]>
|2020.03.06|ENISA|[[After cloud…cybersecurity certification: launching the ENISA ad hoc Working Group on Cloud Services|https://www.enisa.europa.eu/news/enisa-news/after-cloud-cybersecurity-certification-launching-the-enisa-ad-hoc-working-group-on-cloud-services]]|ENISA|
|2019.12.19|ENISA|Call 02/19 - Cloud Services: [[Call for expression of interest for an ad hoc Working Group|https://www.enisa.europa.eu/news/enisa-news/call-for-expression-of-interest-for-an-ad-hoc-working-group]] ([[Terms of Reference|https://www.enisa.europa.eu/topics/standards/adhoc_wg_calls/ahWG02/tor_ahwg02_cloud]])|ENISA|
===, retours sur le référentiel SecNumCloud+++*[»]>
|2020.03.05|ZDnet[>img[iCSF/flag_fr.png]]|![[Secnumcloud : qu'est ce qu'il ne faut pas faire pour plaire à l'Anssi|https://www.zdnet.fr/actualites/secnumcloud-qu-est-ce-qu-il-ne-faut-pas-faire-pour-plaire-a-l-anssi-39900067.htm]]|SecNumCloud|
===, Zero Trust+++*[»]>
|2020.03.05|//JumpCloud//|[[A Cloud-Based Model for Zero Trust Security|https://jumpcloud.com/blog/cloud-model-zero-trust-security/]]|Zero_Trust|
|2020.03.05|Federal News Network|[[NIST issuing revised draft of zero trust guidance for public comment|https://federalnewsnetwork.com/march-2020-zero-trust-month/2020/03/nist-issuing-revised-draft-of-zero-trust-guidance-for-public-comment/]]|Zero_Trust NIST|
===
!3 - Weekly Cloud and Security Watch Newsletter[>img[iCSF/inEnglish.png]]
<<tiddler [[2020.03.08 - Weekly Newsletter - March 8th]]>>
!CSA News and Updates - March 2nd to 8th
* Blog: Recap of the CSA Summit at RSA 2020 - part 1+++*[»]> <<tiddler [[2020.03.02 - Blog : Retour sur le CSA Summit à RSA 2020 (1/2)]]>>=== and 2+++*[»]> <<tiddler [[2020.03.03 - Blog : Retour sur le CSA Summit à RSA 2020 (2/2)]]>>===
* Podcast: 'IoT and SMART Nations - Building Resilience'+++*[»]> <<tiddler [[2020.03.02 - Podcast : 'IoT and SMART Nations - Building Resilience']]>>===
* Webinar: Register for 'Top 5 Latest Cloud Security Hacks and How You Can Avoid Them'+++*[»]> <<tiddler [[2020.03.17 - Webinar : 'Top 5 Latest Cloud Security Hacks and How You Can Avoid Them']]>>===
* Event: Forum Securité@Cloud postponed in September+++*[»]> <<tiddler [[2020.03.03 - Report du Forum Securité@Cloud 2020 aux 23 et 24 septembre]]>>===
!Cloud and Security News Watch
[[Over 60 links|2020.03.08 - Veille Hebdomadaire - 8 mars]] among which:
* Reports: AtScale+++*[»]>
|2020.03.04|//AtScale//|[[79% of Enterprises Want Better Integrated Security and Governance for Their Data in the Cloud|https://www.atscale.com/press/enterprises-security-governance-data-cloud/]] ([[rapport|https://www.atscale.com/resource/2020-big-data-analytics-maturity-survey-report/]])|Survey|
===
* Alerts: Zoho Releases Security Update on ManageEngine Desktop Central+++*[»]>
<<tiddler [[2020.03.31 - Alertes]]>>
===,
* __Attacks__: 7 Cloud Attack Techniques+++*[»]>
|2020.03.06|Dark Reading|[[7 Cloud Attack Techniques You Should Worry About|https://www.darkreading.com/cloud/7-cloud-attack-techniques-you-should-worry-about/d/d-id/1337259]]|Attacks|
===, Domain names issues with Latin Homoglyphs+++*[»]>
|2020.03.04|//Soluble//|![[Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomainsy|https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day]]|!DNS IDN_Homograph_Attack|
||Wikipedia| → [[IDN homograph attack|https://en.wikipedia.org/wiki/IDN_homograph_attack]]|!DNS IDN_Homograph_Attack|
|2020.03.04|Bleeping Computer| → [[Zero-Day Bug Allowed Attackers to Register Malicious Domains|https://www.bleepingcomputer.com/news/security/zero-day-bug-allowed-attackers-to-register-malicious-domains/]]|!DNS IDN_Homograph_Attack|
|2020.03.04|Security Week| → [[A Zero-Day Homograph Domain Name Attack|https://www.securityweek.com/zero-day-homograph-domain-name-attack]]|!DNS IDN_Homograph_Attack|
=== and Microsoft Subdomains Vulnerable to Takeover+++*[»]>
|2020.03.05|//Vullnerability//|[[670+ Subdomains of Microsoft are Vulnerable to Takeover (Lead to Account Takeover)|https://vullnerability.com/blog/microsoft-subdomain-account-takeover]] ([[vidéo|http://www.youtube.com/watch?v=Jg3mkLm2K2g]])|!DNS Attacks|
|2020.03.05|Security Week| → [[Over 600 Microsoft Subdomains Can Be Hijacked: Researchers|https://www.securityweek.com/over-600-microsoft-subdomains-can-be-hijacked-researchers]]|!DNS Attacks|
|2020.03.05|Dark Reading| → [[Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover|https://www.darkreading.com/vulnerabilities---threats/researchers-find-670+-microsoft-subdomains-vulnerable-to-takeover/d/d-id/1337246]]|!DNS Attacks|
===, Ransomware and Cloud Backups+++*[»]>
|2020.03.03|Bleeping Computer|![[Ransomware Attackers Use Your Cloud Backups Against You|https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/]]|Ransomware|
===
* __Miscellaneous__: CASB+++*[»]>
|2020.03.02|//Nuageo//[>img[iCSF/flag_fr.png]]|[[CASB, la nouvelle star de l'écosystème Cloud?|https://www.nuageo.fr/2020/03/casb-star-ecosysteme-cloud/]]|CASB|
|2020.03.03|//Cisco//|[[What is CASB?|https://umbrella.cisco.com/blog/2020/03/03/what-is-casb/]]|CASB|
===, ENISA ad hoc Working Group on Cloud Services+++*[»]>
|2020.03.06|ENISA|[[After cloud…cybersecurity certification: launching the ENISA ad hoc Working Group on Cloud Services|https://www.enisa.europa.eu/news/enisa-news/after-cloud-cybersecurity-certification-launching-the-enisa-ad-hoc-working-group-on-cloud-services]]|ENISA|
|2019.12.19|ENISA|Call 02/19 - Cloud Services: [[Call for expression of interest for an ad hoc Working Group|https://www.enisa.europa.eu/news/enisa-news/call-for-expression-of-interest-for-an-ad-hoc-working-group]] ([[Terms of Reference|https://www.enisa.europa.eu/topics/standards/adhoc_wg_calls/ahWG02/tor_ahwg02_cloud]])|ENISA|
===, Feedback on the French SecNumCloud+++*[»]>
|2020.03.05|ZDnet[>img[iCSF/flag_fr.png]]|![[Secnumcloud : qu'est ce qu'il ne faut pas faire pour plaire à l'Anssi|https://www.zdnet.fr/actualites/secnumcloud-qu-est-ce-qu-il-ne-faut-pas-faire-pour-plaire-a-l-anssi-39900067.htm]]|SecNumCloud|
===, Zero Trust+++*[»]>
|2020.03.05|//JumpCloud//|[[A Cloud-Based Model for Zero Trust Security|https://jumpcloud.com/blog/cloud-model-zero-trust-security/]]|Zero_Trust|
|2020.03.05|Federal News Network|[[NIST issuing revised draft of zero trust guidance for public comment|https://federalnewsnetwork.com/march-2020-zero-trust-month/2020/03/nist-issuing-revised-draft-of-zero-trust-guidance-for-public-comment/]]|Zero_Trust NIST|
===
|!⇒ [[CloudSecurityAlliance.fr/go/K38/|https://CloudSecurityAlliance.fr/go/K38/]] |
<<tiddler [[arOund0C]]>>
|!Mars|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.03.08|
|2020.03.08|//Tripwire//|[[To Be or Not to Be: BCSI in the Cloud?|https://www.tripwire.com/state-of-security/security-data-protection/cloud/bcsi-in-cloud/]]|Risk_Assessment|
|2020.03.08|//Barracuda Networks//|[[Future shock: the cloud is the new network|https://www.barracuda.com/cloud-market]]|Report|
|>|>|>|!2020.03.06|
|2020.03.06|ENISA|[[After cloud…cybersecurity certification: launching the ENISA ad hoc Working Group on Cloud Services|https://www.enisa.europa.eu/news/enisa-news/after-cloud-cybersecurity-certification-launching-the-enisa-ad-hoc-working-group-on-cloud-services]]|ENISA|
|2020.03.06|Dark Reading|[[7 Cloud Attack Techniques You Should Worry About|https://www.darkreading.com/cloud/7-cloud-attack-techniques-you-should-worry-about/d/d-id/1337259]]|Attacks|
|2020.03.06|Bleeping Computer|[[FBI Warns of BEC Attacks Abusing Microsoft Office 365, Google G Suite|https://www.bleepingcomputer.com/news/security/fbi-warns-of-bec-attacks-abusing-microsoft-office-365-google-g-suite/]]|Attacks|
|2020.03.06|jdSupra|[[Contract Corner: Basics of Uptime Commitment in Cloud Service Level Agreements|https://www.jdsupra.com/legalnews/contract-corner-basics-of-uptime-89492/]]|SLA|
|2020.03.06|Help Net Security|[[HITRUST Shared Responsibility: Assigning privacy and responsibility on the cloud|https://www.helpnetsecurity.com/2020/03/06/hitrust-shared-responsibility-program-and-matrix-1-0/]]|Shared_Responsibility|
|2020.03.06|TechBeacon|[[5 keys to securing multi-cloud environments|https://techbeacon.com/security/5-keys-securing-multi-cloud-environments]]|Multi_Cloud Recommendations|
|2020.03.06|//Fraktal//|[[Cloud WAF Comparison Using Real-World Attacks|https://medium.com/fraktal/cloud-waf-comparison-using-real-world-attacks-acb21d37805e]]|WAF|
|2020.03.06|//PaloAlto Networks//|[[Breaking Down Silos with DevSecOp|https://blog.paloaltonetworks.com/2020/03/cloud-break-silos-devsecops/]]|DevSecOps|
|2020.03.06|//Slack//[>img[iCSF/flag_fr.png]]|[[Continuite de l'activité chez Slack : comment permettre à nos clients de rester operationnels pendant l'episode COVID 19|https://slackhq.com/continuite-de-lactivite-chez-slack-comment-permettre-a-nos-clients-de-rester-operationnels-pendant-lepisode-covid-19]]|COVID-19 BCP|
|2020.03.06|//Slack//| → [[Business continuity at Slack: Keeping our customers up and running during COVID-19|https://slackhq.com/business-continuity-plan-covid-19]]|COVID-19 BCP|
|2020.03.06|//CyCognito//|[[Eliminate the Shadow Risk That Attackers Seek First|https://www.cycognito.com/blog/eliminate-shadow-risk-that-attackers-seek-first]]|Shadow_IT|
|>|>|>|!2020.03.05|
|2020.03.05|ZDnet[>img[iCSF/flag_fr.png]]|![[Secnumcloud : qu'est ce qu'il ne faut pas faire pour plaire à l'Anssi|https://www.zdnet.fr/actualites/secnumcloud-qu-est-ce-qu-il-ne-faut-pas-faire-pour-plaire-a-l-anssi-39900067.htm]]|SecNumCloud|
|2020.03.05|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Azure Bastion apporte confort et sécurité à la gestion des VM|https://www.lemagit.fr/conseil/Azure-Bastion-apporte-confort-et-securite-a-la-gestion-des-VM]]|Azure|
|2020.03.05|The Register|[[Enable that MF-ing MFA: 1.2 million Azure Active Directory accounts compromised every month, reckons Microsoft|https://www.theregister.co.uk/2020/03/05/microsoft_12_million_enterprise_accounts_are_compromised_every_month/]] ([[vidéo|https://www.youtube.com/watch?v=B_mhJO2qHlQ]])|AzureAD Attacks|
|2020.03.05|ZDnet|[[New Bill to prepare Australian law enforcement for the US CLOUD Act|https://www.zdnet.com/article/new-bill-to-prepare-australian-law-enforcement-for-the-us-cloud-act/]] (documents de référence [[1|https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6511_first-reps/toc_pdf/20025b01.pdf]] et [[2|https://parlinfo.aph.gov.au/parlInfo/download/legislation/ems/r6511_ems_0ac5ae09-3e3e-400b-ae5e-680a68af4e45/upload_pdf/733176.pdf]])|CLOUD_Act|
|2020.03.05|Computer Weekly|[[Monitor Azure AD Break-Glass Account(s) Activity |https://samilamppu.com/2020/03/05/monitor-azure-ad-break-a-glass-accounts-activity/]]|AzureAD|
|2020.03.05|//Source Incite//|[[SRC-2020-0011 : ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability|https://srcincite.io/advisories/src-2020-0011/]]|Zoho CVE-2020-10189|
|2020.03.06|//Zoho//|[[We acknowledge the vulnerability in versions of Desktop Central released before 1/20/20 (build 10.0.473 and below)|https://mobile.twitter.com/manageengine/status/1235985409731149824]]|Zoho CVE-2020-10189|
|2020.03.06|US-CERT| → [[Zoho Releases Security Update on ManageEngine Desktop Central|https://www.us-cert.gov/ncas/current-activity/2020/03/06/zoho-releases-security-update-manageengine-desktop-central]]|Zoho CVE-2020-10189|
|2020.03.06|Bleeping Computer| → [[Zoho Fixes No-Auth RCE Zero-Day in ManageEngine Desktop Central|https://www.bleepingcomputer.com/news/security/zoho-fixes-no-auth-rce-zero-day-in-manageengine-desktop-central/]]|Zoho CVE-2020-10189|
|2020.03.06|//Desktop Central//| → [[ManageEngine Desktop Central remote code execution vulnerability (CVE-2020-10189)|https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html]]|Zoho CVE-2020-10189|
|2020.03.05|//JumpCloud//|[[A Cloud-Based Model for Zero Trust Security|https://jumpcloud.com/blog/cloud-model-zero-trust-security/]]|Zero_Trust|
|2020.03.05|//Menlo Security//|[[Stop Data Exfiltration with Cloud DLP|https://www.menlosecurity.com/blog/stop-data-exfiltration-with-cloud-dlp]]|DLP|
|2020.03.11|Security Boulevard| → [[Report Details Security Threats Posed by Cloud File Services|https://securityboulevard.com/2020/03/report-details-security-threats-posed-by-cloud-file-services/]]|DLP|
|2020.03.05|//Sysdig//|[[GitOps Security with k8s-security-configwatch|https://sysdig.com/blog/gitops-k8s-security-configwatch/]]|K8s|
|2020.03.05|//Microsoft Azure//|![[Azure Sentinel Side-by-Side with Splunk|https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-side-by-side-with-splunk/ba-p/1211266]] |Azure_Sentinel Splunk|
|2020.03.05|//Vullnerability//|[[670+ Subdomains of Microsoft are Vulnerable to Takeover (Lead to Account Takeover)|https://vullnerability.com/blog/microsoft-subdomain-account-takeover]] ([[vidéo|http://www.youtube.com/watch?v=Jg3mkLm2K2g]])|!DNS Attacks|
|2020.03.05|Security Week| → [[Over 600 Microsoft Subdomains Can Be Hijacked: Researchers|https://www.securityweek.com/over-600-microsoft-subdomains-can-be-hijacked-researchers]]|!DNS Attacks|
|2020.03.05|Dark Reading| → [[Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover|https://www.darkreading.com/vulnerabilities---threats/researchers-find-670+-microsoft-subdomains-vulnerable-to-takeover/d/d-id/1337246]]|!DNS Attacks|
|>|>|>|!2020.03.04|
|2020.03.04|Silicon[>img[iCSF/flag_fr.png]]|[[Les malfaiteurs derrière les rançongiciels s'attaquent à votre seul moyen de protection : les sauvegardes|https://cyberguerre.numerama.com/3644-les-malfaiteurs-derriere-les-rancongiciels-sattaquent-a-votre-seul-moyen-de-protection-les-sauvegardes.html]]|Ransomware Backups|
|2020.03.04|TL;DR Security|[[#25 - BSidesSF and RSA, Demystifying Container Security, Your Privacy Online|https://tldrsec.com/blog/tldr-sec-025-bsidessf-rsa-demystifying-container-security-privacy-online/]] |Weekly_Newsletter|
|2020.03.04|Container Journal|[[Establishing a Kubernetes Pod Security Policy|https://containerjournal.com/topics/container-security/establishing-a-kubernetes-pod-security-policy/]]|K8s|
|2020.03.04|Solutions Review|[[The 8 Best Cloud Security LinkedIn Groups You Should Join|https://solutionsreview.com/cloud-platforms/the-8-best-cloud-security-linkedin-groups-you-should-join/]]|LinkedIn|
|2020.03.04|//Soluble//|![[Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomainsy|https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day]]|!DNS IDN_Homograph_Attack|
||Wikipedia| → [[IDN homograph attack|https://en.wikipedia.org/wiki/IDN_homograph_attack]]|!DNS IDN_Homograph_Attack|
|2020.03.04|Bleeping Computer| → [[Zero-Day Bug Allowed Attackers to Register Malicious Domains|https://www.bleepingcomputer.com/news/security/zero-day-bug-allowed-attackers-to-register-malicious-domains/]]|!DNS IDN_Homograph_Attack|
|2020.03.04|Security Week| → [[A Zero-Day Homograph Domain Name Attack|https://www.securityweek.com/zero-day-homograph-domain-name-attack]]|!DNS IDN_Homograph_Attack|
|2020.03.04|Cloud Native Computing Foundation|[[CNCF Survey results are here: Deployments are growing in size and speed as cloud native adoption becomes mainstream|https://www.cncf.io/blog/2020/03/04/2019-cncf-survey-results-are-here-deployments-are-growing-in-size-and-speed-as-cloud-native-adoption-becomes-mainstream/]] ([[rapport|https://www.cncf.io/wp-content/uploads/2020/03/CNCF_Survey_Report.pdf]])|Report CNCF|
|2020.03.09|Jaxcenter| → [[CNCF survey reveals 78% use Kubernetes in production|https://jaxenter.com/kuberetes-cncf-169420.html]]|Report CNCF|
|2020.03.24|DZone| → [[6 Interesting Trends from the Latest CNCF Survey|https://dzone.com/articles/-6-interesting-trends-from-the-latest-cncf-survey]]|Report CNCF|
|2020.03.04|//Cloud Management Insider//|[[Amazon S3 Bucket Security - Don't be the Next Data Breach Headline!|https://www.cloudmanagementinsider.com/amazon-s3-bucket-security/]]|AWS_S3 Data_Leak|
|2020.03.04|//AtScale//|[[79% of Enterprises Want Better Integrated Security and Governance for Their Data in the Cloud|https://www.atscale.com/press/enterprises-security-governance-data-cloud/]] ([[rapport|https://www.atscale.com/resource/2020-big-data-analytics-maturity-survey-report/]])|Survey|
|2020.03.04|//Microsoft//|[[Become a security focused CSP with Microsoft 365 Business|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/become-a-security-focused-csp-with-microsoft-365-business/ba-p/1144690]]|O365 Risks|
|2020.03.04|//Microsoft Azure//|[[Announcing preview of Backup Reports|https://azure.microsoft.com/en-us/blog/announcing-preview-of-backup-reports/]]|Azure Backups|
|2020.03.04|//TrendMicro//|[[Security Risks in Online Coding Platforms|https://blog.trendmicro.com/trendlabs-security-intelligence/security-risks-in-online-coding-platforms/]]|DevSecOps|
|2020.03.04|//TrendMicro//|[[Supply Chain Risk for the 2020s: Cloud and DevOps Under the Microscope|https://vmblog.com/archive/2020/03/04/supply-chain-risk-for-the-2020s-cloud-and-devops-under-the-microscope.aspx]]|Supply_Chain|
|2020.03.04|//eSentire//|[[Applying the 80/20 Rule to Cloud Security|https://www.scmagazine.com/home/advertise/applying-the-80-20-rule-to-cloud-security/]]|Best_Practices|
|2020.03.12|//eSentire//| → [[Applying the 80/20 rule to cloud security|https://www.helpnetsecurity.com/2020/03/12/paretos-principle-cloud-security/]]|Best_Practices|
|2020.03.04|//CloudPassage//|![[API-level Connectivity and Control for IaaS and PaaS: Cloud Workload Security Part 2|https://www.cloudpassage.com/blog/api-level-connectivity-and-control-for-iaas-and-paas/]] (2/2)|APIs|
|2020.03.04|//NCC Group//|[[A Survey of Istio's Network Security Features|https://research.nccgroup.com/2020/03/04/a-survey-of-istios-network-security-features/]]|Service_Mesh|
|>|>|>|!2020.03.03|
|2020.03.03|Silicon[>img[iCSF/flag_fr.png]]|[[Bug Bounty : YesWeHack chasse les failles pour 3DS Outscale|https://www.silicon.fr/bug-bounty-yeswehack-chasse-les-failles-pour-3ds-outscale-335338.html]]|Bug_Bounty Outscale|
|2020.03.03|Bleeping Computer|![[Ransomware Attackers Use Your Cloud Backups Against You|https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/]]|Ransomware|
|2020.03.03|ZDnet|[[Australian government's certified cloud list to expire come June 30|https://www.zdnet.com/article/australian-governments-certified-cloud-list-to-expire-come-june-30/]]|Australia Government|
|2020.03.03|Security Week|[[Advancing DevSecOps Into the Future|https://www.securityweek.com/advancing-devsecops-future]]|DevSecOps|
|2020.03.05|IT News|[[ASD scraps cloud security certification program|https://www.itnews.com.au/news/asd-scraps-cloud-security-certification-program-538820]]|Australia Government Certification|
|2020.03.04|Technology Decisions| → [[ACSC shutters cloud certification program|https://www.technologydecisions.com.au/content/cloud-and-virtualisation/article/acsc-shutters-cloud-certification-program-1415216250]]|Australia Government Certification|
|2020.03.05|IT News| → [[ASD warned cloud accreditation U-turn jeopardises security, adoption|https://www.itnews.com.au/news/asd-warned-cloud-accreditation-u-turn-jeopardises-security-adoption-538913]]|Australia Government Certification|
|2020.03.05|Federal News Network|[[NIST issuing revised draft of zero trust guidance for public comment|https://federalnewsnetwork.com/march-2020-zero-trust-month/2020/03/nist-issuing-revised-draft-of-zero-trust-guidance-for-public-comment/]]|Zero_Trust NIST|
|2020.03.03|Matt Fuller|[[7 Ways AWS Can Fix Its Public S3 Bucket Problem|https://medium.com/@matthewdf10/7-ways-aws-can-fix-its-public-s3-bucket-problem-c4578741fe42]]|AWS|
|2020.03.03|//VMware//[>img[iCSF/flag_fr.png]]|[[VMware et la sécurisation des workloads et réseaux dans le datacenters et Clouds|https://datacenter-magazine.fr/vmware-et-la-securisation-des-workloads-et-reseaux-dans-le-datacenters-et-clouds/]]|Workloads|
|2020.03.03|//Microsoft//|[[Quick wins - single sign-on (SSO) and Multi-Factor Authentication (MFA)|https://www.microsoft.com/security/blog/2020/03/03/single-sign-on-sso-multi-factor-authentication-mfa/]]|Authentication|
|2020.03.03|//BackBlaze//|[[Pathways to the Cloud: Six Tools for Moving Your Files|https://www.backblaze.com/blog/pathways-to-the-cloud/]]|[[Tools|GitHub-Tools]]|
|2020.03.03|//CyberArk Conjur//|[[How Modern Cloud Design Patterns Impact Security|https://www.conjur.org/blog/how-modern-design-patterns-impact-security/]]|Architecture|
|2020.03.03|//JumpCloud//|[[Azure AD Replacement|https://jumpcloud.com/blog/aad-replacement/]]|AzureAD|
|2020.03.03|//XM Cyber//|[[Why Identity and Access Management is the New Public Cloud Perimeter|https://xmcyber.com/why-identity-and-access-management-is-the-new-public-cloud-perimeter/]]|IAM|
|2020.03.03|//Cisco//|[[What is CASB?|https://umbrella.cisco.com/blog/2020/03/03/what-is-casb/]]|CASB|
|2020.03.03|HITRUST|[[The HITRUST Shared Responsibility Matrix: The Key to Secure Adoption of Cloud Technologies|https://hitrustalliance.net/hitrust-shared-responsibility-matrix-key-secure-adoption-cloud-technologies/]]|Shared_Responsibility|
|>|>|>|!2020.03.02|
|2020.03.02|IT Wire|![[ASD ends role as certifier of cloud providers for govt work|https://itwire.com/government-tech-policy/asd-ends-role-as-certifier-of-cloud-providers-for-govt-work.html]]|Governance Australia|
|2020.03.02|Computer Weekly|[[Rook 101: Building software-defined containerised storage in Kubernetes|https://www.computerweekly.com/feature/Rook-101-Building-software-defined-containerised-storage-in-Kubernetes]]|K8s|
|2020.03.02|Wachington Post|[[How the cloud has opened new doors for hackers|https://www.washingtonpost.com/technology/2020/03/02/cloud-hack-problems/]]|Risks|
|2020.03.02|Container Jounal|[[IPFS Emerges as Tool to Distribute Container Images|https://containerjournal.com/topics/container-management/ipfs-emerges-as-tool-to-distribute-container-images/]]|Containers Images|
|2020.03.02|//Nuageo//[>img[iCSF/flag_fr.png]]|![[CASB, la nouvelle star de l'écosystème Cloud?|https://www.nuageo.fr/2020/03/casb-star-ecosysteme-cloud/]]|CASB|
|2020.03.02|//Microsoft//|[[Microsoft identity acronyms - what do they mean and how do they relate to each other?|https://www.microsoft.com/security/blog/2020/03/02/microsoft-identity-acronyms-what-they-mean-how-they-relate/]]|IAM|
|2020.03.02|//Google Cloud//|[[How to detect and prevent network outages - and stay compliant too|https://cloud.google.com/blog/products/networking/how-to-test-for-and-help-prevent-bad-network-connectivity]]|Outages Prevention|
|2020.03.02|//Alcide//|[[GitOps - A Security Perspective (Part 1)|https://blog.alcide.io/gitops-a-security-perspective]] (1/2)|Kubernetes GitHub|
!Report du Forum Securité@Cloud aux 23 et 24 septembre 2020
[>img(250px,auto)[iCSF/K33AR.jpg]]L'annonce du report est tombée le 3 mars matin...
<<<
//Suite à l'annonce du ministre de la santé de l'annulation de "tous les rassemblements de plus de 5000 personnes en milieu confiné" #coronavirus, nous sommes dans l'obligation de reporter nos #salons @Cloud_WorldExpo @IoTWorldParis1 @SalonMtoM
Nouvelles dates à venir très vite.//
<<<
* Lien ⇒ https://twitter.com/ForumSecuCloud/status/1234753693813219328/
[>img(250px,auto)[iCSF/K34AR.jpg]]...et la nouvelle date annoncée le 4 mars en fin de journée : les ''23 et 24 septembre 2020''.
<<<
//Et voilà, c'est fait ... nouvelles dates pour les salons
23-24 septembre - Paris Porte de Versailles
D'ici là, on va continuer de vous parler de #sécurité du #Cloud & #IoT, #SecNumCloud bref de #cybersécurité et de #confiance !//
<<<
!"//CSA Summit at RSA 2020 - Recap Part 2//"
[>img(150px,auto)[iCSA/K33BC.jpg]]Article de blog publié le 3 mars 2020 — Rédigé par Frank Guanco, Research Program Manager, CSA
La première partie est accessible [[ici|2020.03.02 - Blog : Retour sur le CSA Summit à RSA 2020 (1/2)]]
<<<
//In this post we'll be exploring the big ideas and takeaways from the afternoon sessions. Several main questions and ideas our afternoon speakers addressed were:
* How are enterprises supposed to prepare for incidents if their service provider is in control of their data?
* Why is there still a shortage of security professionals, and how can we attract and qualify new employees?
* How can organizations improve security training for current employees?
* Who's ultimately responsible for security given inter-country cyberattacks? The private sector or the government?
!!Secure Your IT Transformation
Digital Transformation was in the air as Jay Chaudhry, CEO of Zscaler and Christopher Porter, CISO of Fannie Mae, provided takeaways on this subject via key technologies enabling this transformation like cloud, mobility, the internet's connectivity layer, and the Internet of Things. Emerging trends in digital transformation include 5G having the potential to be the new Local Area Network, Zero Trust Network Access as the new norm for Enterprise Security. Porter shared Fannie Mae's takeaway with digital transformation by pointing out that 'data is new oil' and their lessons learned. Fannie Mae's lessons learned were to drive security into the fabric of your business, a mindset change for infrastructure, and how digital transformation is imperative and is a top-down initiative.
!!Incident Response in the Cloud: Fog of War or Skies Clearing?
In this lively talk by Aravind Swaminathan, Partner Global Co-Chair Cyber, Privacy & Data Innovation at Orrick, Herrington & Sutcliffe brought his perspective on managing inventions through the lens of legal forensics. Considerations such as who can control the environment, the details of the investigation, and risk assurance are of prime importance for negotiating the contract with providers. He stressed the importance of negotiating for what you really want. As he said, 'You won't win every time, but you won't win if you'd don't ask.'
!!Transforming Security for the Clouds
Shannon Lietz brought her expertise and expertise with DevSecOps in this session. From the pipelines of DevOps creating value and availability to DevSecOps creating trust and confidence, determining your key performance indicator can be your metric for world class security. Securability is ephemeral, but this risk reduction is significant and having KPIs and planning with this in mind will benefit your security posture.
!!Collaborating with Security to Enable the Business
During this panel session Jason Garbis (Vice President of Products, AppGate) asked our panelist what sorts of skills they develop in their team, and what they look for when hiring.
Stephen Scharf CSO at DTCC said "I look for intelligence and energy...those two things you can't teach. Do they look like they have mindset that's problem solving... someone that's approaching problems from creative ways."
Towards the end, recapping the most important thing they think security professionals should focus on, Jerry Archer (CISO, Sallie Mae) said:
Security needs to surf the wave...need to have the solution before the business needs it. You want to be out in front of that problem. Security gets to lead that change, build security in from the very beginning. That we get to fulfill the notion of security before everyone starts building on top of it.
!!Building the Next Generation Cybersecurity Workforce
The Co-Founder & Vice President of the International Consortium of Minority Cybersecurity Professionals, Larry Whiteside Jr. asked why there's still a skills shortage in the cybersecurity workforce? His answer was partly that "Cybersecurity professionals are unicorns...you have to think a certain way." But he said that doesn't answer it completely, he stressed that:
* We can't say there's not enough people
* Can say there's too many jobs
* Can't say there's a pipeline if not taking steps
So how do we start taking steps? By partnering with diverse candidates and organizations and increasing training opportunities. Companies should reach out in your local community. Most highschool and college students don't even know this career field exists or that it's an option.
"2020 is the year of action whether it's big or small...we all have a responsibility to take some level of action" - Larry Whiteside Jr.
__Takeaways__
* Be confident there's a problem and a way to solve it
* Talk to HR
* Create a training plan for your team
!!A strategic view of the future of our industry from the incomparable Dan Geer
In this session Dan Geer (Chief Information Security Officer, In-Q-Tel), examined the hard choices we're faced with. He ended his speech admonishing everyone to remember that we can't be passive. Freedom isn't free. You can read his full presentation here.
!!Other articles summarizing the sessions:
You can download this year's summit presentations+++*[here]> https://csacongress.org/event/csa-summit-at-rsa-conference-2020/#home ===. Below are links to articles that were written about several of the sessions at this year's summit.
* Glenn Gerstell:+++*[Government Vs. Private Sector in the New Digital Reality - Journal of Cyber Policy]> ===
* John Yeoh:+++*[Next Cloud Security Challenge: Containers and Kubernetes]> ===
* Dan Geer:+++*[A strategic view of the future of our industry from the incomparable Dan Geer]> http://geer.tinho.net/geer.cloudsecurityalliance.24ii20.txt ===
//[...]
<<<
__Lien :__
* blog original en anglais ⇒ ''[[CloudSecurityAlliance.fr/go/k33b/|https://CloudSecurityAlliance.fr/go/k33b/]]''
* slides présentées : ''[[CloudSecurityAlliance.fr/go/k2op/|https://CloudSecurityAlliance.fr/go/k2op/]]''
** [[Why IAM is the New Perimeter in Public Cloud and How to Govern It|https://cloudsecurityalliance.org/artifacts/why-iam-is-the-new-perimeter-in-public-cloud-and-how-to-govern-it]] par Brian Johnson, CEO & Co-Founder - DivvyCloud
** [[Case Study: Obvious and Not-So Obvious Lessons Learned On the Path to Cloud-First IT|https://cloudsecurityalliance.org/artifacts/case-study-obvious-and-not-so-obvious-lessons-learned-on-the-path-to-cloud-first-it]] par Tony Taylor, CISO - Land O' Lakes | Rajiv Gupta, SVP and GM of Cloud Security - McAfee
** [[Building the Next Generation Cybersecurity Workforce|https://cloudsecurityalliance.org/artifacts/building-the-next-generation-cybersecurity-workforce]] par Larry Whiteside Jr, Founder / Investor/ Veteran CISO
** [[Reinventing the Cloud Assurance with CCAK and CCM|https://cloudsecurityalliance.org/artifacts/reinventing-the-cloud-assurance-with-ccak-and-ccm]] par Daniele Catteddu, Chief Technology Officer - CSA | Shawn Harris, Principal Security Architect - Starbucks Coffee Company
** [[Transforming Security for the Clouds|https://cloudsecurityalliance.org/artifacts/transforming-security-for-the-clouds]] par Shannon Lietz, Director, Adversary Management - Intuit
** [[The Future of a Secure Digital Transformation|https://cloudsecurityalliance.org/artifacts/the-future-of-a-secure-digital-transformation]] par Jay Chaudhry CEO, Chairman and Founder - Zscaler
!"//CSA Summit at RSA 2020 - Recap Part 1//"
[>img(150px,auto)[iCSA/K32BC.jpg]]Article de blog publié le 2 mars 2020 — Rédigé par Frank Guanco, Research Program Manager, CSA
La deuxième partie est accessible [[ici|2020.03.03 - Blog : Retour sur le CSA Summit à RSA 2020 (2/2)]]
<<<
//CSA was excited to welcome a diverse group of speakers to discuss cloud security and privacy during this year's CSA Summit at RSA Conference 2020. We heard from Glenn Gerstell, Alex Stamos, Phil Venables, Dan Geer and many others. Our speakers addressed the following questions and topics:
* Who's ultimately responsible for security given inter-country cyberattacks? The private sector or the government?
* What can organizations do to prepare and respond to a breach?
* How can we embed security into the business culture?
In this post, we'll be exploring the highlights, key ideas, and big insights from the morning sessions.
!!Cybersecurity as a First Class Business Risk: Challenges and Opportunities
Phil Venables (Board Director, Goldman Sachs Bank and Senior Advisor (Risk and Cybersecurity))
In this opening session of the CSA Summit at RSA Conference 2020, Phil Venables shared insights on security as a business and technology issue and how a culture of security comes from actions. The considerations for executing this is threefold:
* Enterprise integration and how to embed security into the fabric of business decision-making
* Technology integration that involves embedding improvement into technology delivery
* Resilience and recovery through limiting blast radius of events and integrating incident response and operational controls
As security moves towards the future, Venables shared the unique position of those in the industry like the camaraderie of the security community and the higher purpose of security that impacts innovation essential to progress. As the session closed, Venables shared a quote; "We are careening into the future at the speed of light. Relax and enjoy the ride."
You can read more about his session in this article from Infosecurity Magazine+++*[here]> https://www.infosecurity-magazine.com/news/rsac-security-business-technical/ ===.
!!PANEL: Preparing and Responding to a Breach
The panelists focused on the human aspect of breaches and how organizations can prepare their individual employees through proper training. At one point, Diana Kelley, Cybersecurity Field CTO, Microsoft drove home the idea that no one should be exempt from regular trainings.
"Annual or biannual training is for everyone...just because they have a title people don't get exempt from that training" - Diana Kelley, Cybersecurity Field CTO, Microsoft.
Outside of training your internal employees Andy Kirkland (Global Chief Information Security Officer (CISO), Starbucks) emphasized the importance of fourth-party risk and understanding the full extent of how your supply chain works. For instance, what are the shared providers of the providers and attack vectors that come from those?
Ultimately John Yeoh VP or research wrapped up the session by aptly stating that - "You can share responsibility, but can't share accountability."
!!Tech's Failures and a Way Back to Global Competitiveness
In this talk, Alex Stamos from Stanford Internet Observatory, Stanford University, covered some of the core issues behind the techlash and why Silicon Valley has done such a poor job in responding. He also discussed how Silicon Valley could work collectively and with DC to build a durable competitive advantage for US tech.
Read more about his session in this article from Infosecurity magazine+++*[here]> https://www.infosecurity-magazine.com/news/rsac-harms-technology-policies/ ===.
!!We Cannot Afford to Lose the Digital Revolution
As Glenn Gerstell (Former General Counsel, National Security Agency and Central Security Service) presented keynote, he started by sharing the story of NASA astronaut Christina Koch landing in Kazakhstan after almost a year in orbit and the uniqueness of landing in an area that is considered a US rival. This is the state of the new digital reality. Gerstell stated that this is the Fourth Industrial Revolution. Where it is possible for countries to leapfrog another via technology and the strategic implications of this reality.
The balance between the federal government and the private sector in regards to technology is going through rapid change and is of utmost importance in the digital age.
Gerstell noted three critical challenges:
* China as an adversary and partner. That China can harness their private and public sectors to grow national strategic goals.
* Rebalancing the role of the private and public sector where categories like AI and IoT provides ease, but in the wrong hands can wreak havoc.
Ultimately, who bears the responsibility for keeping our nation safe?
You can read more about his session in this article from the Journal of Cyber Policy+++*[here]> https://journalofcyberpolicy.com/2020/02/24/government-vs-private-sector-new-digital-reality/ ===.
Other articles summarizing the sessions:
You can download this year's summit presentations here. Below are links to articles that were written about several of the sessions at this year's summit.
* Phil Venables:+++*[#RSAC: Make Security a Business and a Technical Issue]> https://www.infosecurity-magazine.com/news/rsac-security-business-technical/ ===
* Alex Stamos:+++*[#RSAC: Realize the Harms and Benefits of Technology and Create Policies to Enable the Public]> https://www.infosecurity-magazine.com/news/rsac-harms-technology-policies/ ===
* Highlights:+++*[Cloud Security Alliance 2020 Highlights - Journal of Cyber Policy]> https://journalofcyberpolicy.com/2020/02/25/cloud-security-alliance-2020-highlights/ ===.
//[...]
<<<
__Lien :__
* blog original en anglais ⇒ ''[[CloudSecurityAlliance.fr/go/k32b/|https://CloudSecurityAlliance.fr/go/k32b/]]''
* slides présentées : ''[[CloudSecurityAlliance.fr/go/k2op/|https://CloudSecurityAlliance.fr/go/k2op/]]''
!"//IoT and SMART Nations - Building Resilience//"
[>img(150px,auto)[iCSA/CSAsecUpd.jpg]]Podcast de la série "[[CSA Security Update]]" publié le 2 mars 2020 — Invité : David Mudd, BSI Group
<<<
//IoT defines the journey of digital technology and data to enable organizations to perform better, boost well-being and respond to local and global challenges - presenting a huge opportunity but risk as well.
With SMART Cites and SMART Nations emerging, a sustainable, pragmatic approach is necessary, ensuring the people, processes, and systems are secure. With predictions that three-quarters of the world's 9 billion people will be city-dwellers by 2050, it's vital we ensure cities provide a safe and pleasant environment that is sustainable and resilient to change.
Listen as we interview David Mudd, Global Digital and Connected Product Certification Director with BSI Group and discuss these pressing issues as well as how IoT can make a positive impact on the environment and the business community in general as well as how CSA is working with industry through the development of the CSA IoT Control Matrix.//
<<<
__Liens :__
* Annonce → https://www.buzzsprout.com/303731/2895877-iot-and-smart-nations-building-resilience-guest-david-mudd-bsi-group
* Podcast → https://www.buzzsprout.com/303731/2895877-iot-and-smart-nations-building-resilience-guest-david-mudd-bsi-group.mp3
!!1 - Informations CSA de la semaine du 24 février au 1er mars 2020
* Blog : Méconnaissance, saut dans l'inconnu et CCAK+++*[»]> <<tiddler [[2020.02.24 - Blog : Méconnaissance, saut dans l'inconnu et CCAK]]>>===
* Publication : Bonnes pratiques pour une architecture Microservice+++*[»]> <<tiddler [[2020.02.24 - Publication : Bonnes pratiques pour une architecture Microservices]]>>===
* Actu : Nouvelles études de la CSA+++*[»]> <<tiddler [[2020.02.24 - Nouvelles études de la CSA]]>>===
* Actu : Nouvelles approches pour l'audit Cloud+++*[»]> <<tiddler [[2020.02.24 - Nouvelles approches pour l'audit Cloud]]>>===
* Actu : Appel à contribution pour la conférence [[SECtember]]+++*[»]> <<tiddler [[2020.02.24 - Ouverture prochaine des inscriptions à la conférence SECtember]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.03.01 - Veille Hebdomadaire - 1er mars]] avec plus d'une soxantaine de liens dont :
* __Derniers jours :__ Pensez à faire la rotation de certains de vos certificats AWS+++*[»]>
|2020.01.07|//AWS//|![[Urgent & Important - Rotate Your Amazon RDS, Aurora, and Amazon DocumentDB (with MongoDB compatibility) Certificates|https://aws.amazon.com/blogs/aws/urgent-important-rotate-your-amazon-rds-aurora-and-documentdb-certificates/]]|AWS Certificates|
|2020.01.08|CBR Online| → [[AWS to DB Users: Download Fresh Certs Urgently, or Risk Applications Breaking|https://www.cbronline.com/cloud/aws-certificate-update/]]|AWS Certificates|
|2020.01.09|Dark Reading| → [[AWS Issues 'Urgent' Warning for Database Users to Update Certs|https://www.darkreading.com/cloud/aws-issues-urgent-warning-for-database-users-to-update-certs/d/d-id/1336766]]|AWS Certificates|
|2020.01.10|Continuity Central| → [[Amazon AWS warns certain users to update certificates or face lost connectivity |https://www.continuitycentral.com/index.php/news/technology/4780-amazon-aws-warns-certain-users-to-update-certificates-or-face-lost-connectivity]]|AWS Certificates|
===
* __À lire :__ Rapports Rezilion+++*[»]>
|2020.02.27|//Rezilion//|![[Only Half of Cloud Vulnerabilities Pose Actual Security Threats, Finds Rezilion Study|https://www.rezilion.com/blog/only-half-of-cloud-vulnerabilities-pose-actual-security-threats-finds-rezilion-study/]] ([[Rapport pdf|https://www.rezilion.com/wp-content/uploads/2019/11/Rezilion-CARTA-Runtime-Vuln-Memory-Analysis-Report.pdf]])|Report Rezilion|
|2020.02.27|Security Week| → [[Less Than Half of Vulnerabilities in Popular Docker Images Pose Risk: Study|https://www.securityweek.com/less-half-vulnerabilities-popular-docker-images-pose-risk-study]]|Report Rezilion|
=== et Sophos+++*[»]>
|2020.02.25|//Sophos//|![['Cloud Snooper' Attack Bypasses Firewall Security Measures|https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/]] ([[rapport|https://news.sophos.com/wp-content/uploads/2020/02/CloudSnooper_report.pdf]])|Report Attacks|
|2020.02.27|Dark Reading| → [['Cloud Snooper' Attack Circumvents AWS Firewall Controls|https://www.darkreading.com/cloud/cloud-snooper-attack-circumvents-aws-firewall-controls/d/d-id/1337171]]|Report Attacks|
===
* Rapports : Firemon+++*[»]>
|2020.02.24|//Firemon//|[[New Research: Nearly 60% of Security Professionals Believe Cloud Deployments Surpass Security Capabilities According to FireMon's 2020 State of Hybrid Cloud Security|https://www.realwire.com/releases/FireMons-2020-State-of-Hybrid-Cloud-Security]] ([[rapport|: https://www.firemon.com/2020-state-of-hybrid-cloud-security-report/]])|Report|
|2020.02.24|Dark Reading| → [[Enterprise Cloud Use Continues to Outpace Security|https://www.darkreading.com/cloud/enterprise-cloud-use-continues-to-outpace-security/d/d-id/1337130]]||
|2020.03.18|The Last Watchdog| → [[FireMon survey shows security lags behind fast pace of hybrid cloud deployments|https://www.lastwatchdog.com/shared-intel-firemon-survey-shows-security-lags-behind-fast-pace-of-hybrid-cloud-deployments/]]|Survey|
===, Thales+++*[»]>
|2020.02.24|//Thales//|[[Organizations Struggle with Cloud Security in the Post Digital Transformation Era - Highlights from our 2020 Data Threat Report-Global Edition|https://blog.thalesesecurity.com/2020/02/24/organizations-struggle-with-cloud-security-in-the-post-digital-transformation-era-highlights-from-our-2020-data-threat-report-global-edition/]] ([[rapport|https://www.thalesesecurity.com/2020/data-threat-report]])|Report|
|2020.02.24|Information Age| → [[Lack of encryption in cloud causing security challenges, says Thales study|https://www.information-age.com/lack-encryption-cloud-causing-security-challenges-thales-study-123487867/]]|Report|
===
* Annonces Cloud : Cisco+++*[»]>
|2020.02.24|//Cisco//|[[Cisco SecureX|https://www.cisco.com/c/en/us/products/security/securex.html]]|Products Cisco|
|2020.02.24|Silicon Angle| → [[Cisco unifies cloud security with SecureX|https://siliconangle.com/2020/02/24/cisco-unifies-cloud-security-cisco-securex/]]|Products Cisco|
|2020.02.24|BetaNews| → [[Cisco launches new cloud-native security platform|https://betanews.com/2020/02/24/cisco-securex-cloud/]]|Products Cisco|
===, Google+++*[»]>
|2020.02.24|//Google Cloud//|[[Google Cloud Security: continuing to give good the advantage|https://cloud.google.com/blog/products/identity-security/bringing-the-best-of-google-cloud-security-to-the-enterprise]]|Products GCP|
|2020.02.24|ZDnet| → [[Google Cloud unveils new tools for detecting modern threats|https://www.zdnet.com/article/google-cloud-unveils-new-tools-for-detecting-modern-threats/]]|Products GCP|
|2020.02.24|Silicon Angle| → [[Google beefs up cloud protection with new threat detection, fraud prevention tools|https://siliconangle.com/2020/02/24/google-beefs-cloud-protection-new-threat-detection-fraud-prevention-tools/]]|Products GCP|
===
* Ransomware+++*[»]>
|2020.02.28|CBR Online|[[Ransomware is Encrypting Backups Too, Warns NCSC: From Cloud, to USB|https://www.cbronline.com/news/ncsc-offline-data-backups-advisory]]|Ransomware Backups|
|2020.02.24|//Divvy Cloud//|[[S3 Bucket Ransomware Attack: What Is It and How Can It Happen?|https://divvycloud.com/s3-bucket-ransomware-attack/]]|Ransomware|
===
* __Divers__ : APIs+++*[»]>
|2020.02.27|Journal du Net[>img[iCSF/flag_fr.png]]|[[API Amazon S3 : comment protéger les données de la privatisation des standards d'échange ?|https://www.journaldunet.com/solutions/cloud-computing/1489277-api-s3-comment-proteger-nos-donnees-de-la-privatisation-des-standards-d-echange/]]|APIs|
|2020.02.25|//Google Cloud//|[[Now, you can explore Google Cloud APIs with Cloud Code|https://cloud.google.com/blog/products/application-development/how-cloud-code-improves-app-dev-on-gcp]]|GCP APIs|
|2020.02.24|Infosec Institute|[[Secure your APIs - don't give hackers a chance!|https://resources.infosecinstitute.com/secure-your-apis-dont-give-hackers-a-chance/]]|APIs|
===, Fuite de données+++*[»]>
|2020.02.26|The Register|[[Rotherwood Healthcare AWS bucket security fail left elderly patients' DNR choices freely readable online|https://www.theregister.co.uk/2020/02/26/rotherwood_healthcare_data_leak_10k_records_aws/]]|Data_Leak AWS|
===, Gestion d'incident+++*[»]>
|2020.03.01|//AllCloud//|![[Preparing Your Organization for Incident Response on AWS|https://allcloud.io/blog/preparing-your-organization-for-incident-response-on-aws/]]|Incident_Handling AWS|
===, Risques+++*[»]>
|2020.02.25|ISC2|[[White Paper on Cloud Security Risks - And How To Mitigate Them|https://blog.isc2.org/isc2_blog/2020/02/white-paper-on-cloud-security-risks-and-how-to-mitigate-them.html]] ([[livre blanc|https://www.isc2.org/landing/Cloud-Security-Risks]])|Whitepaper ISC2|
===
!3 - Weekly Cloud and Security Watch Newsletter[>img[iCSF/inEnglish.png]]
<<tiddler [[2020.03.01 - Weekly Newsletter - March 1st]]>>
!CSA News and Updates - February 24th to March 1st
* Blog: 'The Knowledge Gap, Risk of the Unknown & the Certificate of Cloud Auditing Knowledge'+++*[»]> <<tiddler [[2020.02.24 - Blog : Méconnaissance, saut dans l'inconnu et CCAK]]>>===
* Artefact: 'Best Practices in Implementing a Secure Microservices Architecture'+++*[»]> <<tiddler [[2020.02.24 - Publication : Bonnes pratiques pour une architecture Microservices]]>>===
* Annoucement: CSA Continues to Drive Leadership in Cloud Security with New Research+++*[»]> <<tiddler [[2020.02.24 - Nouvelles études de la CSA]]>>===
* Annoucement: Cloud Security Alliance 2020 Initiatives Changing the Face of IT Audit and Cloud Assurance+++*[»]> <<tiddler [[2020.02.24 - Nouvelles approches pour l'audit Cloud]]>>===
* Annoucement: Cloud Security Alliance Opens the Call for Papers for [[SECtember]]+++*[»]> <<tiddler [[2020.02.24 - Ouverture prochaine des inscriptions à la conférence SECtember]]>>===
!Cloud and Security News Watch
[[Over 60 links|2020.03.01 - Veille Hebdomadaire - 1er mars]] among which:
* Last days to rotate your Amazon RDS, Aurora, and Amazon DocumentDB (with MongoDB compatibility) Certificates
* __''Must read''__ reports from Rezilion (only half of cloud vulnerabilities pose actual security threats), and Sophos ('Cloud Snooper' attack which circumvents AWS Firewall controls)
* Other reports from Firemon (Enterprise Cloud use continues to outpace security), and Thales (Lack of encryption in cloud causes security challenge)
* Announcements from Cisco (SecureX), and Google (threat detection and fraud prevention tools)
* Misc: APIs, Data leak prevention, Incident Response, Ransomware, and an ISC2 white paper on Cloud security risks
* Threats: S3 Bucket Ransomware Attack
|!⇒ [[CloudSecurityAlliance.fr/go/K31/|https://CloudSecurityAlliance.fr/go/K31/]] |
<<tiddler [[arOund0C]]>>
|!Mars|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.03.01|
|2020.03.01|//AllCloud//|![[Preparing Your Organization for Incident Response on AWS|https://allcloud.io/blog/preparing-your-organization-for-incident-response-on-aws/]]|Incident_Handling AWS|
|2020.03.01|Cloud Security podcast|[[Docker Security Best practice | Container Security 101 in AWS - Michael Hausenblas, Product Developer Advocate, AWS|https://anchor.fm/cloudsecuritypodcast/episodes/Docker-Security-Best-practice--Container-Security-101-in-AWS---Michael-Hausenblas--Product-Developer-Advocate--AWS-eb5mnj]]|Podcast Docker|
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.02.28|
|2020.02.28|Cloud Security Podcast|![[Docker Security Best practice - Container Security 101 in AWS|https://anchor.fm/cloudsecuritypodcast/episodes/Docker-Security-Best-practice--Container-Security-101-in-AWS---Michael-Hausenblaus--Product-Developer-Advocate--AWS-eb5mnj]]|Docker Containers|
|2020.02.28|DevOps|[[Castles in the Cloud: How to Take Your Business Kingdom Off-Prem with Confidence|https://devops.com/castles-in-the-cloud-how-to-take-your-business-kingdom-off-prem-with-confidence/]]|Misc|
|2020.02.28|Solutions Review|[[The Top 6 Cloud Security Books You Need to Read in 2020|https://solutionsreview.com/cloud-platforms/the-top-6-cloud-security-books-you-need-to-read-in-2020/]]|Misc|
|2020.02.28|OrissaPOST|[[BGR India hacked, data dumped on Dark Web|https://www.orissapost.com/bgr-india-hacked-data-dumped-on-dark-web/]]|Data_Leak AWS|
|2020.02.28|The Hacker News|[[Why Businesses Should Consider Managed Cloud-Based WAF Protection|https://thehackernews.com/2020/02/cloud-waf-security.html]]|WAF|
|2020.02.28|CIO Magazine|[[Posture management: Cloud security tools rise in wake of breaches|https://www.cio.com/article/3529426/posture-management-cloud-security-tools-rise-in-wake-of-breaches.html]]|CSPM Data_Breaches|
|2020.02.28|//JumpCloud//|[[Understanding Azure AD's Basic/O365 Apps Tier|https://jumpcloud.com/blog/understanding-aad-o365-apps/]] (2/4)|AzureAD|
|2020.02.28|//Catchpoint//|[[Monitoring at the Edge of the Third Act of the Internet|https://blog.catchpoint.com/2020/02/28/monitoring-at-the-edge-of-the-third-act-of-the-internet/]]|Networks|
|>|>|>|!2020.02.27|
|2020.02.27|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Le Cloud est-il vraiment si sûr pour nos données ?|https://www.silicon.fr/avis-expert/le-cloud-est-il-vraiment-si-sur-pour-nos-donnees%e2%80%89]]|Data|
|2020.02.27|Journal du Net[>img[iCSF/flag_fr.png]]|[[API Amazon S3 : comment protéger les données de la privatisation des standards d'échange ?|https://www.journaldunet.com/solutions/cloud-computing/1489277-api-s3-comment-proteger-nos-donnees-de-la-privatisation-des-standards-d-echange/]]|APIs|
|2020.02.27|Security Week|[[Let's Encrypt Issues Over 1 Billion Certificates|https://www.securityweek.com/lets-encrypt-issues-over-1-billion-certificates]]|Certificates|
|2020.02.27|TechRepublic|[[Small cloud configuration mistakes can open up big security risks|https://www.techrepublic.com/article/cloud-misconfigurations-are-a-new-risk-for-the-enterprise/]]|Misconfigurations|
|2020.02.27|Secure Cloud Blog|[[Securing Client Credentials Flow with Certificate|https://securecloud.blog/2020/02/27/securing-client-credentials-flow-with-certificate/]]|Certificates|
|2020.02.27|ZDnet|[[Ransomware victims thought their backups were safe. They were wrong|https://www.zdnet.com/article/ransomware-victims-thought-their-backups-were-safe-they-were-wrong/]]|Ransomware Backups|
|2020.02.28|CBR Online| → [[Ransomware is Encrypting Backups Too, Warns NCSC: From Cloud, to USB|https://www.cbronline.com/news/ncsc-offline-data-backups-advisory]]|Ransomware Backups|
|2020.02.27|ZDnet[>img[iCSF/flag_fr.png]]| → [[Ces victimes de ransomware pensaient que leurs sauvegardes étaient en sécurité. Elles avaient tort|https://www.zdnet.fr/actualites/ces-victimes-de-ransomware-pensaient-que-leurs-sauvegardes-etaient-en-securite-elles-avaient-tort-39899921.htm]]|Ransomware Backups|
|2020.02.27|CSA|[[Continuous auditing and continuous certification|https://www.linkedin.com/pulse/continuous-auditing-certification-alain-pannetrat/]]|STAR|
|2020.02.27|//Maarten Goet//|[[Defender ATP & Linux: trusting Microsoft to protect your open-source workloads|https://medium.com/wortell/defender-atp-linux-trusting-microsoft-to-protect-your-open-source-workloads-cf32a2288a45]]|Workloads Linux|
|2020.02.27|//Rezilion//|![[Only Half of Cloud Vulnerabilities Pose Actual Security Threats, Finds Rezilion Study|https://www.rezilion.com/blog/only-half-of-cloud-vulnerabilities-pose-actual-security-threats-finds-rezilion-study/]] ([[Rapport pdf|https://www.rezilion.com/wp-content/uploads/2019/11/Rezilion-CARTA-Runtime-Vuln-Memory-Analysis-Report.pdf]])|Report Rezilion|
|2020.02.27|Security Week| → [[Less Than Half of Vulnerabilities in Popular Docker Images Pose Risk: Study|https://www.securityweek.com/less-half-vulnerabilities-popular-docker-images-pose-risk-study]]|Report Rezilion|
|2020.02.27|//Securosis//|[[Mastering the Journey - Building Network Manageability and Security for your Path|https://.com/blog/mastering-the-journey-building-network-manageability-and-security-for-your-path]] (3/6)|Misc|
|2020.02.27|//UpGuard//|[[What is the Consensus Assessments Initiative Questionnaire (CAIQ)?|https://www.upguard.com/blog/caiq]]|CAIQ|
|2020.02.27|//ForgeRock//|[[Cloud Series: Building a Secure Identity Cloud|https://www.forgerock.com/blog/cloud-series-building-secure-identity-cloud]]|Identity|
|2020.02.27|//Cloud Academy//|[[5 Steps to Vulnerability Management for Containers|https://cloudacademy.com/blog/5-steps-to-vulnerability-management-for-containers/]]|Containers Vulnerability_Management|
|2020.02.27|//Alcide//|[[Are You a Kubernetes Pros or a Kubernetes Novice?|https://blog.alcide.io/are-you-a-kubernetes-pros-or-a-kubernetes-novice]]|K8s|
|2020.02.27|//HashiCorp//|[[Using an Image Release Process for Security Wins|https://www.hashicorp.com/resources/using-an-image-release-process-for-security-wins]]|AWS Hardening|
|2020.02.27|//Caylent//|[[AWS Transit Gateway Examined - Part II|https://caylent.com/aws-transit-gateway-examined-part-ii]] (2/2)|AWS|
|>|>|>|!2020.02.26|
|2020.02.26|Dark Reading|[[How to Prevent an AWS Cloud Bucket Data Leak|https://www.darkreading.com/application-security/database-security/how-to-prevent-an-aws-cloud-bucket-data-leak--/d/d-id/1337093]]|Data_Leak AWS|
|2020.02.26|The Register|[[Rotherwood Healthcare AWS bucket security fail left elderly patients' DNR choices freely readable online|https://www.theregister.co.uk/2020/02/26/rotherwood_healthcare_data_leak_10k_records_aws/]]|Data_Leak AWS|
|2020.02.26|CISO Mag|[[What Early Adopters Need to Know About SASE|https://www.cisomag.com/how-to-evaluate-a-sase-vendor/]]|SASE|
|2020.02.26|Ozgur Alp|[[Write-up: AWS Document Signing Security Control Bypass|https://medium.com/bugbountywriteup/write-up-aws-document-signing-security-control-bypass-2b13a9c22a4d]]|AWS Document_Signing|
|2020.02.26|//Palo Alto Networks//|[[The Role of Identity Access Management (IAM) in Cloud Security|https://blog.paloaltonetworks.com/2020/02/cloud-iam-security/]]|IAM|
|2020.02.26|//AT&T Cybersecurity//|[[To Address Cloud Security Challenges, Simplify and Unify|https://www.channelfutures.com/from-the-industry/to-address-cloud-security-challenges-simplify-and-unify]]|Misc|
|2020.02.26|//Panther Labs//|![[6 AWS Services for Cloud Security Detection|https://blog.runpanther.io/aws-security-services/]] (5/5)|AWS Detection|
|2020.02.26|//Epsagon//|[[Serverless Open-Source Frameworks: OpenFaaS, Knative, & More|https://epsagon.com/blog/serverless-open-source-frameworks-openfaas-knative-more/]]|Serverless|
|>|>|>|!2020.02.25|
|2020.02.25|Journal du Net[>img[iCSF/flag_fr.png]]|[[Le français InterCloud s'érige en opérateur télécoms des clouds|https://www.journaldunet.com/solutions/cloud-computing/1489191-le-francais-intercloud-s-erige-en-operateur-telecoms-des-clouds/]]|Misc|
|2020.02.25|SilverLining IL|![[Episode 17: How to do penetration testing in cloud application|https://silverlining.media/017-how-to-do-penetration-testing-in-cloud-application/]] ([[mp3|https://silverlining.media/podlove/file/72/s/webplayer/c/episode/silver-lining-17.mp3]])|Podcast Pentesting|
|2020.02.25|Nicolas Fischbach|![[Ensure Your Cloud Security Is as Modern as Your Business|https://www.darkreading.com/cloud/ensure-your-cloud-security-is-as-modern-as-your-business/a/d-id/1337080]]|Recommendations|
|2020.02.25|ISC2|[[White Paper on Cloud Security Risks - And How To Mitigate Them|https://blog.isc2.org/isc2_blog/2020/02/white-paper-on-cloud-security-risks-and-how-to-mitigate-them.html]] ([[livre blanc|https://www.isc2.org/landing/Cloud-Security-Risks]])|Whitepaper ISC2|
|2020.03.30|Help Net Security| → [[Whitepaper: Cloud security risks and how to mitigate them|https://www.helpnetsecurity.com/2020/03/30/whitepaper-cloud-security-risks/]]|Whitepaper ISC2|
|2020.02.25|PenTest IT|[[UPDATE: Prowler 2.2.0|https://pentestit.com/prowler-2-2-0-aws-cis-benchmark-tool-released/]]|[[Tools|Outils-GitHub]] Prowler|
|2020.02.25|Help Net Security|[[Cloud-based collaboration tools are a major driver of data exfiltration|https://www.helpnetsecurity.com/2020/02/25/cloud-based-collaboration-tools/]]|Report Code42|
|2020.02.25|Secure Cloud Blog|[[Microsoft 365 - Security Monitoring|https://securecloud.blog/2020/02/25/microsoft-365-security-monitoring/]]|M365 Monitoring|
|2020.02.25|Cloud Academy|[[Azure Kubernetes Service (AKS): What Is It and Why Do We Use It?|https://cloudacademy.com/blog/azure-kubernetes-service-aks-what-is-it-and-why-do-we-use-it/]]|K8s|
|2020.02.25|Gigamon|[[NetFlow/IPFIX Generation from AWS Cloud|https://blog.gigamon.com/2020/02/25/netflow-ipfix-generation-from-aws-clouds/]]|Networks AWS|
|2020.02.25|Computer Weekly|[[Cloud data leaks compounded by lack of automation tools|https://www.computerweekly.com/news/252479094/Cloud-data-leaks-compounded-by-lack-of-automation-tools]]|Data_Leaks|
|2020.02.25|SecurityBrief|[[New Azure and AWS integration announced amid increasing cyber threats|https://securitybrief.eu/story/new-azure-and-aws-integration-announced-amid-increasing-cyber-threats]]|AWS Azure Integration|
|2020.02.25|//Sophos//|![['Cloud Snooper' Attack Bypasses Firewall Security Measures|https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/]] ([[rapport|https://news.sophos.com/wp-content/uploads/2020/02/CloudSnooper_report.pdf]])|Report Attacks|
|2020.02.25|//Sophos//| → [[The "Cloud Snooper" malware that sneaks into your Linux servers|https://nakedsecurity.sophos.com/2020/02/25/the-cloud-snooper-malware-that-sneaks-into-your-linux-servers/]]|Report Attacks|
|2020.02.25|//Sophos//| → [[Harden your public cloud environment against APT-style attacks|https://news.sophos.com/en-us/2020/02/25/harden-your-public-cloud-environment-against-apt-style-attacks/]]|APT Attacks|
|2020.02.26|Computer Weekly| → [[Cloud Snooper firewall bypass may be work of nation state|https://www.computerweekly.com/news/252479189/Cloud-Snooper-firewall-bypass-may-be-work-of-nation-state]]|Report Attacks|
|2020.02.27|Dark Reading| → [['Cloud Snooper' Attack Circumvents AWS Firewall Controls|https://www.darkreading.com/cloud/cloud-snooper-attack-circumvents-aws-firewall-controls/d/d-id/1337171]]|Report Attacks|
|2020.03.03|CBR Online| → [[Rootkit in the Cloud: Hacker Group Breaches AWS Servers|https://www.cbronline.com/news/aws-servers-hacked-rootkit-in-the-cloud]]|Report Attacks|
|2020.02.25|//Microsoft//|[[Basic Auth and Exchange Online - February 2020 Update|https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-auth-and-exchange-online-february-2020-update/ba-p/1191282]]|O365|
|2020.02.26|The Register| → [[Admins beware! Microsoft gives heads-up for 'disruptive' changes to authentication in Office 365 email service|https://www.theregister.co.uk/2020/02/26/exchange_online_microsoft/]]|O365|
|2020.02.25|//Google Cloud//|[[Now, you can explore Google Cloud APIs with Cloud Code|https://cloud.google.com/blog/products/application-development/how-cloud-code-improves-app-dev-on-gcp]]|GCP APIs|
|2020.02.25|//Lastline//|[[The challenge of obtaining visibility into cloud security|https://betanews.com/2020/02/25/visibility-cloud-security/]]|Visibility|
|2020.02.25|//Netwrix//|[[2020 Data Risk & Security Report (pdf)|https://www.netwrix.com/download/collaterals/2020_data_risk_security_report.pdf]]|Report|
|>|>|>|!2020.02.24|
|2020.02.24|Marteen Goet|[[Microsoft Threat Protection: going down the rabbit hole|https://medium.com/wortell/microsoft-threat-protection-going-down-the-rabbit-hole-6f917d7c98f]]|Threat_Protection|
|2020.02.24|Dark Reading|[[Solving the Cloud Data Security Conundrum|https://www.darkreading.com/cloud/solving-the-cloud-data-security-conundrum/a/d-id/1337074]]|Enryption|
|2020.02.24|Silicon Angle|[[Kubernetes is popular, complex, a security risk, and destined for invisibility|https://siliconangle.com/2020/02/24/kubernetes-is-popular-complex-a-security-risk-and-destined-for-invisibility-thecube/]]|K8s|
|2020.02.24|SC Magazine|[[Phishers using strong tactics and poor bait in Office 365 scam|https://www.scmagazine.com/home/email-security/phishers-using-strong-tactics-and-poor-bait-in-office-365-scam/]]|O365 Phishing|
|2020.02.24|Infosec Institute|[[Secure your APIs - don't give hackers a chance!|https://resources.infosecinstitute.com/secure-your-apis-dont-give-hackers-a-chance/]]|APIs|
|2020.02.24|arXiv.org[>img[iCSF/flag_fr.png]]|[[Une approche sémantique, efficace et sécurisée de recherche d'information sur des données cryptées du cloud computing|https://arxiv.org/pdf/2002.10294.pdf]] (pdf)|Encryption|
|2020.02.24|//Divvy Cloud//|[[S3 Bucket Ransomware Attack: What Is It and How Can It Happen?|https://divvycloud.com/s3-bucket-ransomware-attack/]]|Ransomware|
|2020.02.24|//StackRox//|[[Top 7 Container Security Use Cases for Kubernetes Environments|https://www.stackrox.com/post/2020/02/top-7-container-security-use-cases-for-kubernetes-environments/]]|Containers|
|2020.02.24|//Google Cloud//|[[Google Cloud Security: continuing to give good the advantage|https://cloud.google.com/blog/products/identity-security/bringing-the-best-of-google-cloud-security-to-the-enterprise]]|Products GCP|
|2020.02.24|ZDnet| → [[Google Cloud unveils new tools for detecting modern threats|https://www.zdnet.com/article/google-cloud-unveils-new-tools-for-detecting-modern-threats/]]|Products GCP|
|2020.02.24|Silicon Angle| → [[Google beefs up cloud protection with new threat detection, fraud prevention tools|https://siliconangle.com/2020/02/24/google-beefs-cloud-protection-new-threat-detection-fraud-prevention-tools/]]|Products GCP|
|2020.02.24|//Firemon//|[[New Research: Nearly 60% of Security Professionals Believe Cloud Deployments Surpass Security Capabilities According to FireMon's 2020 State of Hybrid Cloud Security|https://www.realwire.com/releases/FireMons-2020-State-of-Hybrid-Cloud-Security]] ([[rapport|: https://www.firemon.com/2020-state-of-hybrid-cloud-security-report/]])|Report|
|2020.02.24|Dark Reading| → [[Enterprise Cloud Use Continues to Outpace Security|https://www.darkreading.com/cloud/enterprise-cloud-use-continues-to-outpace-security/d/d-id/1337130]]|
|2020.03.18|The Last Watchdog| → [[FireMon survey shows security lags behind fast pace of hybrid cloud deployments|https://www.lastwatchdog.com/shared-intel-firemon-survey-shows-security-lags-behind-fast-pace-of-hybrid-cloud-deployments/]]|Survey|
|2020.02.24|//Kindite//|[[Cloud Data Protection - Let it Flow|https://blog.kindite.com/cloud-data-protection-let-it-flow]]|Data_Protection|
|2020.02.24|//Gemalto//|[[Testing Cloud application stability using the principles of Chaos Engineering|https://blog.gemalto.com/corporate/2020/02/24/testing-cloud-application-stability-using-the-principles-of-chaos-engineering/]]|Chaos_Engineering|
|2020.02.24|//Cisco//|[[Cisco SecureX|https://www.cisco.com/c/en/us/products/security/securex.html]]|Products Cisco|
|2020.02.24|Silicon Angle| → [[Cisco unifies cloud security with SecureX|https://siliconangle.com/2020/02/24/cisco-unifies-cloud-security-cisco-securex/]]|Products Cisco|
|2020.02.24|BetaNews| → [[Cisco launches new cloud-native security platform|https://betanews.com/2020/02/24/cisco-securex-cloud/]]|Products Cisco|
|2020.02.24|//JumpCloud//|[[Understanding Azure AD's Free Tier|https://jumpcloud.com/blog/understanding-aad-pricing-free/]] (1/4)|AzureAD|
|2020.02.24|//Thales//|[[Organizations Struggle with Cloud Security in the Post Digital Transformation Era - Highlights from our 2020 Data Threat Report-Global Edition|https://blog.thalesesecurity.com/2020/02/24/organizations-struggle-with-cloud-security-in-the-post-digital-transformation-era-highlights-from-our-2020-data-threat-report-global-edition/]] ([[rapport|https://www.thalesesecurity.com/2020/data-threat-report]])|Report|
|2020.02.24|Information Age| → [[Lack of encryption in cloud causing security challenges, says Thales study|https://www.information-age.com/lack-encryption-cloud-causing-security-challenges-thales-study-123487867/]]|Report|
|2020.02.24|//StackRox//|![[Azure Kubernetes (AKS) Security Best Practices Part 3 of 4: Runtime Security|https://www.stackrox.com/post/2020/02/azure-kubernetes-aks-security-best-practices-part-3-of-4/]] (3/4)|Azure Kubernetes Best_Practices|
!"//IT and Cyber Security Challenges in Healthcare Industry//"
[>img(150px,auto)[iCSA/K3VBI.jpg]]^^Article publié le 31 mars 2020 sur le blog de la CSA, après l'avoir été le 24 mars 2020 sur le site de CipherCloud
__Liens :__
⇒ https://cloudsecurityalliance.org/blog/2020/03/31/it-and-cyber-security-challenges-in-healthcare-industry/
⇒ https://www.ciphercloud.com/it-and-cyber-security-challenges-in-healthcare-industry/ ^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Cloud Security Alliance Inks Knowledge Partnership with ConnecTechAsia //"
^^Communiqué de presse publié le 31 mars 2020 par la CSA
Extraits :{{ss2col{
<<<
//The partnership with CSA will highlight key shifts impacting cloud computing users and enterprises
Singapore, March 31, 2020 - Asia's leading Infocomm, Media and Technology event ConnecTechAsia has inked a knowledge partnership deal with the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment. Under the partnership, CSA will play a key role in boosting event thought leadership by providing relevant and up-to-date insights on cloud computing.
//[...]//
CSA will share more at their annual CSA APAC Summit to be co-located with ConnecTechAsia at Singapore Expo on 1 October 2020. //
<<<
}}}__Lien :__
⇒ https://cloudsecurityalliance.org/press-releases/2020/03/31/cloud-security-alliance-inks-knowledge-partnership-with-connectechasia/ ^^
!"//The Right Questions to Ask Your Vendors in Times of Large-Scale Remote Working//"
[>img(150px,auto)[iCSA/K3QBT.jpg]]^^Article publié le 26 mars 2020 sur le blog de la CSA, après l'avoir été le 9 mars sur le site de Panorays.
Panorays a publié des critères d'évaluation des fournisseurs, répartis en 18 questions dans 4 catégories : généralités, authentification et autorisation, résilience et continuité d'activités, procédure et processus.
⇒ lire [[l'article|https://CloudSecurityAlliance.fr/go/k3qx/]] sur le blog de la Cloud Security Alliance, ou [[l'original|https://CloudSecurityAlliance.fr/go/k3qz/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Cloud Security for Newly Distributed Engineering Teams//"
[>img(150px,auto)[iCSA/K3NBC.jpg]]^^Article publié le 23 mars 2020 sur le blog de la CSA, après l'avoir été le 19 mars sur le site de Fugue.
⇒ lire [[l'article|https://CloudSecurityAlliance.fr/go/k3nx/]] sur le blog de la Cloud Security Alliance, ou [[l'original|https://CloudSecurityAlliance.fr/go/k3nz/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//New Threat Intelligence Report Reveals the Rise of Emotet//"
[>img(150px,auto)[iCSA/K3GBN.jpg]]^^Article publié le 16 mars 2020 sur le blog de la CSA, après l'avoir été le 25 février sur le site de Mimecast.
⇒ lire [[l'article|https://CloudSecurityAlliance.fr/go/k3nx/]] sur le blog de la Cloud Security Alliance, ou [[l'original|https://CloudSecurityAlliance.fr/go/k3nz/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//California Consumer Privacy Act - 10 Things You Should Know//"
[>img(150px,auto)[iCSA/K3CBC.jpg]]^^Article publié le 12 mars 2020 sur le blog de la CSA, après l'avoir été le 27 décembre 2019 il y a 2,5 mois sur le site de Françoise Gilbert
Les 10 questions traitées sont :// {{ss2col{
<<<
# What is CCPA?
# Who is subject to CCPA?
# What Personal Information is Protected?
# Transparency and Content of Privacy Notices
# Rights Granted to Consumers
# Transfer of Data to an Affiliated Entity
# Contracts with Service Providers and Third Parties
# Enforcement, Class Actions and Financial Risks
# Differences Between CCPA and GDPR
# Does CCPA Applies to Your Business? Most Probably Yes!
<<<
}}}
//⇒ lire [[l'article|https://CloudSecurityAlliance.fr/go/k3cx/]] sur le blog de la Cloud Security Alliance, ou [[l'original|https://CloudSecurityAlliance.fr/go/k3cz/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//CSA's Certificate of Cloud Security Knowledge (CCSK) Is Now an Accepted Ohio TechCred® Credential//"
[>img(400px,auto)[iCSA_/CCSK_banner.jpg]]^^Annonce faite le 11 mars 2020 sur le site de la CSA
<<<
//Ohio program allows employers to upskill their employees' cloud security knowledge, build a stronger, tech-savvy workforce
SEATTLE - March 11, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that its award-winning Certificate of Cloud Security Knowledge (CCSK) exam has been approved as a covered credential and certification under the Ohio TechCred program.
TechCred is a state-run program that gives employers the chance to upskill current and future employees in today's tech-infused economy by reimbursing them up to $2,000 per credential when current or prospective employees complete an eligible technology-focused credential.//
[...]
<<<
⇒ https://cloudsecurityalliance.org/press-releases/2020/03/11/csa-s-certificate-of-cloud-security-knowledge-ccsk-is-now-an-accepted-ohio-techcred-credential/ ^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//CSA's Certificate of Cloud Security Knowledge Named Winner in 16th Annual Info Security PG's 2020 Global Excellence Awards®//"
[>img(400px,auto)[iCSA_/CCSK_banner.jpg]]^^Article publié le 9 mars 2020 sur le blog de la CSA
<<<
//Industry's leading cloud certification program earned Gold
SEATTLE - March 9, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, announced today that Info Security Products Guide, the industry's leading information security research and advisory guide, has named the Certificate for Cloud Security Knowledge (CCSK) a winner in the 16th Annual 2020 Info Security PG's Global Excellence Awards®. The CCSK earned Gold in the category for Professional Certification Programs. These prestigious global awards recognize cybersecurity and information technology vendors with advanced, ground-breaking products, solutions, and services that are helping set the bar higher for others in all areas of security and technologies.
The CCSK is the first credential dedicated to cloud security. Called the "mother of all cloud computing certifications" by CIO.com, the vendor-neutral CCSK tests for a broad foundation of cloud security knowledge, covering such topics as architecture, governance, compliance, operations, encryption, and virtualization. It serves as the foundation for those seeking to demonstrate a deep-seated knowledge and competency with cyber, information, software and cloud computing infrastructure security. Since it was launched in 2010, thousands of IT and security professionals have upgraded their skillsets and enhanced their careers through CCSK certification.//
[...]
<<<
__Liens :__
⇒ https://cloudsecurityalliance.org/articles/csa-s-certificate-of-cloud-security-knowledge-named-winner-in-16th-annual-info-security-pg-s-2020-global-excellence-awards/
⇒ https://cloudsecurityalliance.org/press-releases/2020/03/09/csa-s-certificate-of-cloud-security-knowledge-named-winner-in-16th-annual-info-security-pg-s-2020-global-excellence-awards/ ^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//RSA Conference 2020: Focusing on Human-Centric Security//"
[>img(150px,auto)[iCSA/K36BR.jpg]]^^Article publié le 6 mars 2020 sur le blog de la CSA, après l'avoir été le 2 mars 2020 sur le site de CipherCloud
__Liens :__
⇒ https://cloudsecurityalliance.org/blog/2020/03/06/rsa-conference-2020-wrap-up/
⇒ https://www.ciphercloud.com/rsa-conference-2020-wrap-up-human-centric-security/ ^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202002>>
<<tiddler fAll2Tabs10 with: VeilleM","_202002>>
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|Aucune alerte pour le moment|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Février 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202002>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Février 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Février 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202002'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202002'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Février 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202002'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Février 2020]]>>
!"//How CSA is Working to Address Privacy//"
[>img(150px,auto)[iCSA/K2PBH.jpg]]Article de blog publié le 25 février 2020 — Rédigé par John DiMaria, Assurance Investigatory Fellow, CSA
<<<
//The European Data Protection Board (EDPB) published an+++*[infographic]> https://ec.europa.eu/commission/sites/beta-political/files/190125_gdpr_infographics_v4.pdf === on compliance and enforcement of the GDPR from May 2018 to January 2019. It shows that 95,180 complaints have been made to EU national data protection authorities by individuals who believe their rights under the GDPR have been violated. Two-thirds of the most common of these complaints had to do with telemarketing and promotional emails, which practically every organization uses as the primary tool of communication.
Anyone can file a complaint about anyone else. The question is - how poised is your organization to prove you have a "Standard of Care" in place to protect your organization and have a documented defense in place? As the cloud is a shared high-risk sector, CSA developed a simple yet high-quality way for Cloud Service Providers to evaluate where they are in the compliance process and get detailed feedback from 3rd party legal experts using the CSA GDPR Code of Conduct (COC). CSA established the+++*[CSA GDPR Center of Excellence (CoE)]> https://gdpr.cloudsecurityalliance.org/ === to help organizations improve their privacy posture and achieve compliance with the European General Data Protection Regulation and other global privacy regulations.
!!What is the GDPR Center of Excellence?
The GDPR CoE coordinates CSA's privacy activities globally with the objective of establishing global standards for privacy compliance. The center focuses on cloud computing, IoT and Blockchain, with cloud being the initial focus.
It aims to improve the level of privacy offered to individuals in their use of technology, to increase transparency and accountability, and accelerate the adoption of privacy designed technology services.
The CoE creates a network of technology customers and providers, subject matter experts, and resources with the goal of defining compliance solutions, and awareness and educational material for privacy.
!!What resources does it have to help with privacy in the cloud?
Two documents were produced and currently in practice to help organizations evaluate themselves and ultimately comply with requirements - the+++*[GDPR Code of Conduct]> https://gdpr.cloudsecurityalliance.org/code-of-conduct === and the Privacy Level Agreement (PLA) Code of Practice.
__GDPR Code of Conduct__
The CSA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU's GDPR. The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.
__GDPR Code of Conduct (COC) self-assessment on the STAR registry__
The GDPR COC+++*[self-assessment]> https://gdpr.cloudsecurityalliance.org/star-submit === is an evidenced based self-assessment. Your submission is vetted thoroughly by our GDPR experts and once approved, you can file a PLA Code of Conduct (CoC): Statement of Adherence and your organization will be posted on the registry. After publication, your company will receive authorized use of a Compliance Mark, valid for one year. You are then expected to revise your assessment every time there is a change to the company policies or practices related to the service under assessment.
The GDPR COC is still in the self-assessment stage, but a third-party certification will be available as soon as the CSA COC and Certification Mechanism has been approved by the CSAs Data Protection Authority (DPA) (est. Q3).
!!Establish a security-conscious culture.
It makes sense no matter where you fall in the supply chain to take data privacy seriously. The CSA GDPR COC can help you establish a security-conscious culture. GDPR requires organizations to identify their security strategy and adopt adequate administrative and technical measures to protect personal data. Thanks to CSA's research, the CSA GDPR COC provides the roadmap that will facilitate your organization's efforts to ensure, your processes will become more consolidated, ensuring good governance, compliance and prove that all-important due diligence. Additionally, your data will be easier to use, and you will realize an underlying value and ROI.
//[...]//
You can access the GDPR Code of Conduct+++*[here]> https://gdpr.cloudsecurityalliance.org/code-of-conduct ===. The PLA Code of Practice is available+++*[here]> https://gdpr.cloudsecurityalliance.org/code-of-conduct ===.//
<<<
__Lien :__
* blog original en anglais ⇒ ''[[CloudSecurityAlliance.fr/go/k2pb/|https://CloudSecurityAlliance.fr/go/k2pb/]]''
!Best Practices in Implementing a Secure Microservices Architecture
[>img(200px,auto)[iCSA/K2LPC.jpg]]Des conteneurs d'application et une architecture de micro-services sont mis en œuvre pour concevoir, développer et déployer des applications en s'appuyant sur des approches de développement logiciel agiles telles que le DevOps.
La sécurité doit être intégrée dans ces approches de développement de logiciels.
Ce document sert à identifier les bonnes pratiques en matière de sécurité des microservices dans l'ingénierie de systèmes sécurisés fiables à travers le prisme du développeur, de l'opérateur et de l'architecte.
__Table des Matières :__//
<<<
* 1.0 Overview of the Microservices Architecture
* 1.1 Service Oriented Architecture
* 1.2 Comparison between Monolithic and Microservices Architecture
* 1.3 Benefits and Challenges of Microservices
* 2.0 Microservices Architecture for Cloud-Native Applications
* 2.1 Overall Threat Model and Associated Best Practices
* 2.2 Securing the API
* 2.3 Authorization and Access Control for Microservices
* 2.4 Secure Deployment Styles and Strategies in Microservices Architecture
* 2.5 Stateful and Stateless Microservices Security
* 2.6 Container Storage Interfaces
* 2.7 Runtime Security
* 3.0 Microservices Secure Development and Governance
* 3.1 Container Security Best Practices in Microservices
* 3.2 Microservices Detective Controls
* 3.3 Microservices Messaging Patterns
* 3.4 Microservices Governance
* 4.0 Decomposing Monolithic Applications
* 4.1 Microservices: Use Cases
* 4.2 Microservices: Features
* 4.2.1 Microservice Integrity Validation
* 4.3 Monolithic Application Decomposition Best Practices
* Appendix A: Acronyms
* Appendix B: Glossary
* Appendix C: References
<<<
//__Liens :__
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/k2om/|https://CloudSecurityAlliance.fr/go/k2om/]]''
* Document (pdf) ⇒ ''[[CloudSecurityAlliance.fr/go/k2on/|https://CloudSecurityAlliance.fr/go/k2on/]]''
!"//The Knowledge Gap, Risk of the Unknown & the Certificate of Cloud Auditing Knowledge//"
[>img(150px,auto)[iCSA/K2OBT.jpg]]Article de blog publié le 24 février 2020 — Rédigé par Daniele Catteddu+++*[»]> https://fr.linkedin.com/in/danielecatteddu [>img[iCSA/DanieleCatteddu.jpg]]===, Chief Technology Officer, CSA
<<<
//I have a business admin academic background and so I have always approached cybersecurity risk management using those lenses. The more I have looked at the issues in cybersecurity, the more I am convinced that if you want to manage your risk, you need to be able to make informed decisions which requires access to data and information as well as the skills and expertise to analyze and make good sense of it.
Cloud has never been only a change in technology; it has also introduced a new business model around how to produce and consume information and communication (ICT) services. This new business model is heavily permeated with business relationships that deal with untrusted parties (CSPs) that have a vital role for companies, often being the backbone and neural system of the organization.
This creates challenges in:
* Coordinating and integrating internal processes and tools with the third parties' services and products
* Understanding the interdependencies within the supply chain
* Measuring trust and risk
!!Dangers of Interdependence
Referring to the wisdom of Dan Geer, one of my favorite security experts, interdependencies create complexity and complexity is an enemy of security. Complexity hides interdependencies and creates unacknowledged correlated risks, which are almost impossible to manage since they are, like a black swan, unexpected and unpredictable.
!!The real issue isn't reliable data, it's our ability to analyze the data.
When it comes to making informed risk-based decisions, we seem to have enough reliable information to base our decisions on (of course we can always increase the quality of data). Where we are lagging behind, is our analysis and evaluation capabilities; not because our current workforce is not intelligent enough, but rather because there are knowledge and mindset gaps.
''The fact that after almost 15 years of cloud computing, we are still struggling with the shared responsibility model is symptomatic of the nature and magnitude of the problem we are facing.''
Complex supply chains and the shared responsibilities model are at the core of the educational gap we are talking about. Cloud imposed a new governance approach based on indirect control. But as we all know, doing something yourself is not the same as managing someone who will do that for you.
!!It's about being a good manager, not just being a technical expert.
Inside IT teams are often technologists, but not necessarily managers. Because of this, they often miss an accountability mindset. They need to not only understand the technical aspects of their cloud architecture, but also be able to select and manage their vendors by asking them to provide the right evidence to prove they are indeed doing what they claim they will.
In other terms, what the market requires is IT and security professionals who are also practitioners, managers and auditors. They need to be able to identify the right questions to ask third parties both during the vetting process and during the continuous monitoring of the service execution. They need to know how to read the contract and technical documentation made available by the CSPs, understand how to build and manage SLAs, be able to manage compliance, etc. In other words, they need to put themselves in the shoes of security auditor, assessor, or evaluator and develop an auditor mindset.
!!The knowledge gap is also a reflection of an educational offering gap.
The lack of educational offerings in this area has been one of the main reasons that pushed CSA to work on a professional credential for cloud auditing. We want to fill the gap by building a certificate and training that equips the ICT workforce in leading and managing the cloud journey of the company they work for.
!!The Certificate of Cloud Auditing Knowledge (CCAK).
In this CCAK program we'll focus on cloud governance, risk management and compliance. It will ensure participants know CSA's best practices for audit and assessment and understand how to build a cloud auditing program. Our security control framework, the Cloud Control Matrix (CCM), will also be an important component of the body of knowledge.
The education program is meant to:
* Extend existing IS auditor certifications like ISACA CISA and security auditor certifications like ISO27001 Lead Auditor by providing additional expertise on how to assess the cloud and how to build and execute a cloud auditing program.
* Extend existing cloud security certificates like the CCSK by expanding on their curriculum with additional resources on how to govern, assess and evaluate the cloud.
If you are a cloud security expert and/or a security auditor and interested in getting involved in the CCAK development, please reach out to CSA+++*[here]> https://cloudsecurityalliance.org/education/ccak ===.
//[...]
<<<
__Lien :__
* blog original en anglais ⇒ ''[[CloudSecurityAlliance.fr/go/k2ob/|https://CloudSecurityAlliance.fr/go/k2ob/]]''
!"//Cloud Security Alliance 2020 Initiatives Changing the Face of IT Audit and Cloud Assurance//"
<<<
//''Certificate of Cloud Auditing Knowledge and Cloud Controls Matrix v4 represent critical progress to modernize the audit profession and align cloud assurance with technology innovations''
SAN FRANCISCO - FEB. 24, 2020 - RSA CONFERENCE - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced a call for subject-matter experts to support the ongoing review of its flagship document, the ''Cloud Controls Matrix (CCM)'', Version 4 of which will be released later this year. CCM v4 will reflect the current cloud technology landscape, providing cloud users with a better, more comprehensive security framework and guidelines to facilitate both implementation and audit.
Additionally, CSA is pleased to announce that the Certificate of ''Cloud Auditing Knowledge (CCAK)'' subject-matter expert working group has held initial program development meetings and that the CCAK credential and courseware will be previewed at CSA's [[SECtember]] conference (Seattle, Sept. 14-18). The CCAK is a new credential for industry professionals that demonstrates expertise in the essential principles of assessing and auditing cloud computing systems and will be released in the second half of 2020. The CCAK will provide a common baseline of knowledge and shared nomenclature to ensure that IT and security professionals, as well as auditors, have the right expertise and tools to appropriately and accurately understand and measure the effectiveness of cloud security controls.
"For 11 years, the Cloud Security Alliance has led the industry in delivering the necessary innovations to build the trusted cloud ecosystem on a global basis. In 2020, CSA will focus on supporting the cloud community in acquiring the necessary tools, skills, and expertise to ensure that the many iterations of cloud meet robust security and privacy objectives," said
Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance. "As organizations adopt DevOps, CI/CD, and related innovations, the audit function must keep pace. With the release of CCM and CCAK, we continue to support the community in their cloud journeys."
The Cloud Controls Matrix is the de facto standard in the market. Its latest iteration will include new control objectives in areas such as container and microservices, cryptography, and identity and access management, along with implementation guidance, and will improve upon the auditability of existing controls.
Cloud auditing skills are becoming a mandatory requirement for IT auditors and will become fundamental expertise for any IT manager and professional, especially in the areas of governance, risk management, compliance, and vendor/supply chain management. Traditional IT audit education and certification do not adequately prepare professionals for the challenges cloud provides. Recent breaches demonstrate the knowledge and responsibility gap that comprehensive cloud auditing frameworks such as the CCAK will solve.
Those interested in contributing to the development of the CCAK are encouraged to join the CSA ''Cloud Audit Expert Group''. Group members should be familiar with CSA's best practices and control frameworks, such as the ''Cloud Controls Matrix (CCM)'', the ''Consensus Assessment Initiative Questionnaire (CAIQ)'', and ''CSA STAR levels of assessment'', as well as have knowledge in such key areas as cloud risk management, compliance, continuous auditing, and more. Members will be tasked with reviewing and providing advice on the scope, curriculum, objectives structure, go-to-market, and value proposition for the CCAK.
CSA thanks our corporate member and cloud assurance pioneer, Whistic, for its vision in supporting this initiative as a founding member.// [...]
<<<
⇒ Lire [[l'annonce|https://CloudSecurityAlliance.fr/go/k2oi/]] sur le site de la CSA.
!"//CSA Continues to Drive Leadership in Cloud Security with New Research//"
<<<
//Latest initiatives serve to steer enterprises on a successful cloud migration journey
SAN FRANCISCO - Feb. 24, 2020 - RSA CONFERENCE 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced three new publications that further CSA's commitment to helping cloud security professionals successfully steer their enterprises on their journey to the cloud: ''Banking on the Cloud - Real-World Use in the Financial Services Sector'', ''Best Practices in Implementing a Secure Microservices Architecture'', and ''DevSecOps: Collective Responsibility''. Additionally, CSA, in collaboration with McGraw-Hill, announced the release of "CCSK Certificate of Cloud Security Knowledge All-in-One Exam," by CSA-authorized trainer Graham Thompson, as a comprehensive guide to version 4 of the CCSK.
The ''Cloud Usage in the Financial Services Sector'' report provides insight into the banking and finance sectors' real-world use. Most strikingly, the survey, which was conducted by CSA's ''Financial Services Stakeholder Platform (FSSP) Working Group'', found that 91 percent of respondents are actively using cloud services or plan to use them in the next six to nine months - double the number since ''CSA's last financial services sector survey'' four years ago. Among the survey's other key findings:
* The top 25 percent of respondents already have over half their regulated workloads in public cloud services;
* 52 percent of respondents have a formal cloud security policy or standard as part of their overall Enterprise Risk Management Framework (ERMF); and
* 90 percent of respondents have a key management policy applicable to regulated and critical data, and of them, 42 percent require "on-premise" key management for regulated data and 49 percent do so for critical data.
''DevSecOps: Collective Responsibility'' is part of a planned series that will focus on the area of an organization's security posture that is arguably the foundation for all others - collective responsibility. Drafted by CSA and SAFECode, the paper provides a set of considerations that should be taken into account and identifies methods for 1) creating and maintaining executive support and engagement, 2) building an inclusive cultural program based on cumulative experience, 3) creating deep engagement through security champions, and 4) using metrics to sustain, build, and help evolve the program. This paper addresses two key culture-related measurement issues:
* How what you measure drives culture
* The challenge of measuring something as intangible as culture
''Best Practices for Implementing a Secure Microservices Architecture'' provides detailed guidance on secure application development with microservices architectures versus traditional architectures. The design of microservices architecture is intended to address the limitations of traditional application architectures. This technical guidance applies to the secure development and governance of cloud-native applications and the decomposing of applications for the cloud. ''Best Practices for Microservices'' is the third of four releases on the challenges and best practices related to application containers and microservices following ''Challenges in Securing Containers and Microservices'', and ''Best Practices for Implementing Secure Containers''.
"These diverse research projects paint a picture of cloud computing in 2020. Cloud adoption is accelerating within critical infrastructure industries where security is paramount, while organizations are embedding security into state-of-the-art cloud software development," said John Yeoh, Global Vice President of Research at Cloud Security Alliance.
Mastery of CSA research is proven by obtaining the ''Certificate of Cloud Security Knowledge (CCSK)''. CSA is proud to collaborate with McGraw-Hill and announce the release of the "CCSK Certificate of Cloud Security Knowledge All-in-One Exam Guide," written by CSA-authorized trainer Graham Thompson. The book offers exam-focused coverage of the latest cloud technologies, including virtualization, governance and security. Readers will receive real-world examples and best practices, online content that includes access to 120 additional practice questions, and a 10-percent discount code for the CCSK exam. Beyond exam preparation, the book also serves as a valuable on-the-job reference. Available for pre-order now with shipments starting March 13, 2020, the book can be purchased online for $50 through McGraw-Hill.//
[...]
<<<
__Lien :__
* annonce originale en anglais ⇒ ''[[CloudSecurityAlliance.fr/go/k2oa/|https://CloudSecurityAlliance.fr/go/k2oa/]]''
!"//Cloud Security Alliance Opens the Call for Papers for SECtember//"
[>img(500px,auto)[iCSA/202009US-SECtember.png]]L'appel à contribution est ouvert jusqu'au ''1er mai 2020''.
<<<
//''Registration for leading cloud-security event opens March 16''
SAN FRANCISCO - FEB. 24, 2020 - RSA CONFERENCE 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced the open+++*[Call for Papers]> http://sectember.com/cfp === (CFP) for [[SECtember]], CSA's signature event to be held in Seattle, Sept. 14-18, 2020. [[SECtember]], which represents the intersection of cloud and cybersecurity, is paving the way for future industry education with a focus on the key issues and trends facing cloud and cybersecurity. The CFP is currently open through May 1.
As cloud takes over the computing technology landscape, it is fast becoming the foundation for transforming cybersecurity. [[SECtember]] is assuming the mantle to serve as the model for all future industry education, providing deep dives into technical topics such as state-of-the-art DevSecOps practices, containerization, serverless computing, and critical cloud threat vectors. Notable subject-matter experts will share their insight on a broad scope of industry topics, including global privacy strategies encompassing the General Data Protection Regulations, the California Consumer Privacy Act, and other key mandates.
"SECtember's educational sessions will be characterized by real-world enterprise experiences delivering highly secure and mission critical cloud services. We will prioritize CFP respondents who have 'been there and done that' and have a strong grasp of the cloud security trends to come," said Jim Reavis, co-founder and CEO, Cloud Security Alliance.
The annual event will offer an enhanced roster of training, including the following course line-up:
* ''Certificate of Cloud Security Knowledge (CCSK) Foundation'' (1-day course offered on both Sept. 14 and Sept. 15)
* ''Certificate of Cloud Auditing Knowledge'' (Sept. 15)
* ''Certificate of Cloud Security Knowledge - Plus - Azure'' (Sept. 14-15)
* ''Certificate of Cloud Security Knowledge - Plus - AWS'' (Sept. 14-15)
* ''Advanced Cloud Security Practitioner'' (Sept. 14-15)
[[SECtember]] will also feature numerous opportunities to access to Seattle's leading technology and cybersecurity companies. Executive briefings are being established for organizations and governments seeking to send delegations to maximize the benefits of this unique conference.
Early registration pricing ($995) is available beginning March 16 through May 29, after which rates will increase to $1,195 through Sept. 4. Late pricing rates of $1,495 will go into effect Sept. 5 through Sept. 18.
Visit the+++*[website]> https://sectember.com/ ou https://csacongress.org/event/sectember-2020/ === for more information and to stay up-to-date on the latest event news.//
[...]
<<<
__Liens :__
* annonce originale en anglais ⇒ ''[[CloudSecurityAlliance.fr/go/k2os/|https://CloudSecurityAlliance.fr/go/k2os/]]''
!!1 - Informations CSA de la semaine du 17 au 23 février 2020
* Blog : Challenges 2020 pour la sécurité du Cloud+++*[»]> <<tiddler [[2020.02.18 - Blog : Challenges 2020 pour la sécurité du Cloud']]>>===
* Actu : Appel à contribution pour la conférence [[SECtember]]+++*[»]> <<tiddler [[2020.02.19 - Appel à contribution pour la conférence SECtember]]>>===
* Publication : les 6 piliers du DevSecOps : la responsabilité collective+++*[»]> <<tiddler [[2020.02.21 - Publication : les 6 piliers du DevSecOps : la responsabilité collective]]>>===
* Publication : Utilisation des Services Cloud dans le Secteur Finance+++*[»]> <<tiddler [[2020.02.21 - Publication : Utilisation des Services Cloud dans le Secteur Finance]]>>===
* Blog : Propositions sur l'Intelligence Artificielle par la Maison Blanche+++*[»]> <<tiddler [[2020.02.18 - Blog : Publication de propositions sur l'Intelligence Artificielle par la Maison Blanche]]>>===
* Actu : Appel à commentaires sur le document 'Software-Defined Perimeter (SDP) and Zero Trust'+++*[»]> <<tiddler [[2020.02.17 - Appel à commentaires : 'Software-Defined Perimeter (SDP) and Zero Trust']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.02.23 - Veille Hebdomadaire - 23 février]] avec plus de 80 liens dont :
* Fuites de données : MGM+++*[»]>
|2020.02.20|ZDnet|[[Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum|https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/]]|DataLeak|
|2020.02.20|Bleeping Computer| → [[Hackers Share Stolen MGM Resorts Guest Database with 10M+ Records|https://www.bleepingcomputer.com/news/security/hackers-share-stolen-mgm-resorts-guest-database-with-10m-records/]]|DataLeak|
|2020.02.20|infoRisk Today| → [[Hackers Post Details on MGM Resorts Guests: Report|https://www.inforisktoday.com/hackers-post-details-on-mgm-resorts-guests-report-a-13743]]|DataLeak|
|2020.02.20|Dark Reading| → [[Personal Info of 10.6M MGM Resort Guests Leaked Online|https://www.darkreading.com/attacks-breaches/personal-info-of-106m-mgm-resort-guests-leaked-online/d/d-id/1337102]]|DataLeak|
===, NextMotion+++*[»]>
|2020.02.19|Cybersecurity Insiders|[[Plastic surgery videos leaked due to misconfigured Amazon Web Services Cloud|https://www.cybersecurity-insiders.com/plastic-surgery-videos-leaked-due-to-misconfigured-amazon-web-services-cloud/]]|Data_Leak|
===
* AWS : remédiation+++*[»]>
|2020.02.18|Nathan Getty|[[AWS Automated Remediation - Part 2: S3 Buckets|https://getsec.github.io/2020/02/aws-remedy-2/]] (2/2)|AWS Remediation|
|2020.02.08|Nathan Getty|[[AWS Automated Remediation - Part 1: Security Groups|https://getsec.github.io/2020/02/aws-remedy-1/]] (1/2)|AWS Remediation|
===
* Azure : diverses annonces et rapports+++*[»]>
|2020.02.21|Thomas Naunheim|[[Azure AD Tenant Hardening - Considerations of default settings|https://www.cloud-architekt.net/azuread-tenant-hardening-security-settings-considerations/]]|AzureAD|
|2020.02.20|Nino Crudele|![[Azure Reconnaissance and Scanning for Ethical Hackers and Special Ops Team|https://ninocrudele.com/azure-reconnaissance-and-scanning-for-ethical-hackers-and-special-ops-team-free-whitepaper]] ([[rapport|https://ninocrudele.com/wp-content/docs/Azure-Reconnaissance-and-Scanning-for-Ethical-Hackers-and-Special-Ops-Team.pdf]])|Azure PenTesting|
|2020.02.20|//Microsoft Azure//|[[Microsoft Threat Protection Now Generally Available|https://www.securityweek.com/microsoft-threat-protection-now-generally-available]]|Azure Threat_Protection|
|2020.02.20|//Microsoft Azure//|[[Microsoft Threat Protection stops attack sprawl and auto-heals enterprise assets with built-in intelligence and automation|https://www.microsoft.com/security/blog/2020/02/20/microsoft-threat-protection-intelligence-automation/]]|Azure Threat_Protection|
|2020.02.20|Dark Reading| → [[Microsoft Announces General Availability of Threat Protection, Insider Risk Management|https://www.darkreading.com/cloud/microsoft-announces-general-availability-of-threat-protection-insider-risk-management-/d/d-id/1337105]]|Azure Threat_Protection|
|2020.02.20|//Microsoft Azure//|[[Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals|https://www.microsoft.com/security/blog/2020/02/20/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals/]]|Azure_Sentinel|
|2020.02.20|//Microsoft Azure//|[[Azure Security Center for IoT RSA 2020 announcements|https://azure.microsoft.com/en-us/blog/azure-security-center-for-iot-rsa-2020-announcements/]]|Azure IoT|
===
* Rapports : Barracuda Networks+++*[»]>
|2020.02.20|//Barracuda Networks//|[[New survey indicates security is the top concern restricting faster public cloud adoption|https://www.barracuda.com/news/article/805]] ([[rapport|https://www.barracuda.com/cloud-market]])|Report|
|2020.02.21|Solutions Review| → [[Barracuda: Security and Network Integration are Major Cloud Concerns|https://solutionsreview.com/cloud-platforms/barracuda-security-and-network-integration-are-major-cloud-concerns/]]|Report|
===, Center for Cybersecurity Policy and Law (sur FedRAMP)+++*[»]>
|2020.02.21|Center for Cybersecurity Policy and Law|![[The Future of FedRAMP|https://centerforcybersecuritypolicy.org/the-future-of-fedramp]] ([[rapport PDF|https://static1.squarespace.com/static/5acbb666f407b432519ab15e/t/5e4fd3bf54725e7ce0483940/1582289857151/20-120+Cybersecurity+-+FedRAMP+brochure.pdf]])|FedRAMP Compliance|
|2020.02.21|NextGov| → [[Industry: Include Agencies' Approval of Cloud Service Providers in FISMA Metrics|https://www.nextgov.com/cybersecurity/2020/02/industry-include-agencies-approval-cloud-service-providers-fisma-metrics/163265/]]|FedRAMP Compliance|
===, Code42+++*[»]>
|2020.02.20|//Code42//|[[Code42 Data Exposure Report: Collaborative Work Environments, Dynamic Workforce Exacerbate Insider Threat Problem|https://vmblog.com/archive/2020/02/20/code42-data-exposure-report-collaborative-work-environments-dynamic-workforce-exacerbate-insider-threat-problem.aspx]] ([[rapport|https://www.code42.com/go/2020-data-exposure-report-g/]])|Report Code42|
===, Divvy Cloud+++*[»]>
|2020.02.18|//Divvy Cloud//|[[2020 Cloud Misconfigurations Report|https://divvycloud.com/misconfigurations-report-2020/]] ([[rapport|https://divvycloud.com/wp-content/uploads/2020/02/Cloud-Misconfiguration-Report-FINAL.pdf]])|Report Misconfiguration|
|2020.02.19|//Divvy Cloud//| → [[New DivvyCloud Report Finds Breaches Caused by Cloud Misconfigurations Cost Enterprises Nearly $5 Trillion|https://divvycloud.com/new-divvycloud-misconfigurations-report/]]|Report Misconfiguration|
|2020.02.19|BetaNews| → [[Cloud misconfigurations expose over 33 billion records in two years|https://betanews.com/2020/02/19/cloud-misconfiguration/]]|Report Misconfiguration|
|2020.02.19|TechRepublic| → [[Cloud misconfigurations cost companies nearly $5 trillion|https://www.techrepublic.com/article/cloud-misconfigurations-cost-companies-nearly-5-trillion/]]|Report Misconfiguration|
|2020.02.20|Help Net Security| → [[Cloud misconfigurations surge, organizations need continuous controls|https://www.helpnetsecurity.com/2020/02/20/cloud-misconfigurations/]]|Report Misconfiguration|
|2020.02.21|Enterprise Talk| → [[Cloud Misconfigurations - Losses are Expected to Reach $5tn, Says DivvyCloud|https://enterprisetalk.com/featured/cloud-misconfigurations-losses-are-expected-to-reach-5tn-says-divvycloud/]]|Report Misconfiguration|
===, Imperva+++*[»]>
|2020.02.19|//Imperva//|[[Spikes in High-risk Vulnerabilities and Public Cloud-based Attacks Dominate Threat Landscape, Imperva Researchers Find with New Cyber Threat Index|https://www.imperva.com/company/press_releases/imperva-launches-cyber-threat-index/]] ([[Index|https://www.imperva.com/cyber-threat-index/]])|Report Threat_Index|
|2020.02.21|Help Net Security| → [[High-risk vulnerabilities and public cloud-based attacks on the rise|https://www.helpnetsecurity.com/2020/02/21/high-risk-vulnerabilities-rise/]]|Report|
===, NetSkope+++*[»]>
|2020.02.19|//NetSkope//|[[Cybercriminals Find Cover in the Cloud: New Netskope Research Finds 44% of Threats are Cloud-Enabled|https://www.netskope.com/press-releases/cloud-threat-report]] ([[rapport|https://resources.netskope.com/cloud-reports/cloud-and-threat-report-february-2020-edition]])|Report|
|2020.02.19|Dark Reading| → [[44% of Security Threats Start in the Cloud|https://www.darkreading.com/cloud/44--of-security-threats-start-in-the-cloud/d/d-id/1337088]]|Report|
|2020.02.21|Help Net Security| → [[Cloud-enabled threats are on the rise, sensitive data is moving between cloud apps|https://www.helpnetsecurity.com/2020/02/21/cloud-enabled-threats/]]|Report|
|2020.02.21|Continuity Central| → [[New threat landscape report highlights cyber risk trends|https://www.continuitycentral.com/index.php/news/technology/4902-new-threat-landscape-report-highlights-cyber-risk-trends]]|Report|
|2020.02.21|Solutions Review| → [[Netskope Releases February 2020 Netskope Cloud and Threat Report|https://solutionsreview.com/security-information-event-management/netskope-releases-february-2020-netskope-cloud-and-threat-report/]]|Report|
===, StackRox+++*[»]>
|2020.02.19|//StackRox//|[[5 Surprising Findings from StackRox's Latest Kubernetes Security Report|https://www.stackrox.com/post/2020/02/5-surprising-findings-from-stackroxs-latest-kubernetes-security-report/]] ([[rpport|https://security.stackrox.com/state-of-containers-and-kubernetes-security-report-winter-2020.html]])|Report|
|2020.02.19|Container Journal| → [[StackRox Report Reveals that Container and Kubernetes Security Concerns are Inhibiting Business Innovation|https://containerjournal.com/news/news-releases/stackrox-report-reveals-that-container-and-kubernetes-security-concerns-are-inhibiting-business-innovation/]]|Report|
===
* __Divers__ : Chaos Engineering+++*[»]>
|2020.02.18|//CyberArk Conjur//|[[Security Challenges Around Chaos Engineering|https://www.conjur.org/blog/security-challenges-around-chaos-engineering/]]|Chaos_Engineering|
|2020.02.18|//Sensu//|[[Chaos engineering + monitoring, part 2: for starters|https://blog.sensu.io/chaos-engineering-monitoring-part-2-for-starters]] (2/3)|Chaos_Engineering|
|2019.07.02|//Sensu//|[[Chaos engineering + monitoring, part 1: Sensu + Gremlin|https://blog.sensu.io/chaos-engineering-monitoring-part-1-sensu-gremlin]] (1/3)|Chaos_Engineering|
===, IDaaS, responsabilité(s)+++*[»]>
|2020.02.21|//IBM//|[[Making Cloud Security a Team Sport|https://securityintelligence.com/posts/making-cloud-security-a-team-sport/]]|Best_Practices Responsibility|
|2020.02.21|//Core Security//|[[The Shared Responsibility of Cloud Security|https://www.coresecurity.com/blog/shared-responsibility-cloud-security]]|Shared_Responsibility|
===
!3 - Weekly Cloud and Security Watch Newsletter[>img[iCSF/inEnglish.png]]
<<tiddler [[2020.02.23 - Weekly Newsletter - February 23rd]]>>
!CSA News and Updates - February 17th to 23rd
* Blog: Cloud Security Challenges in 2020, Proposed Principles for Artificial Intelligence Published by the White House [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* News: Call for Papers for the [[SECtember]] conference
* Publication: The Six Pillars of DevSecOps: Collective Responsibility, Cloud Usage in the Financial Services Sector
* Request for comments: Software-Defined Perimeter (SDP) and Zero Trust
!Cloud and Security News Watch
[[Over 80 links|2020.02.23 - Veille Hebdomadaire - 23 février]] among which:
* Data leaks: MGM, NextMotion
* AWS: remédiation
* Azure: products and service announcements, report
* Reports: Barracuda Networks, Center for Cybersecurity Policy and Law (sur FedRAMP), Code42, Divvy Cloud, Imperva, NetSkope, StackRox
* Misc: Chaos Engineering», IDaaS, Shared responsibility
|!⇒ [[CloudSecurityAlliance.fr/go/K2N/|https://CloudSecurityAlliance.fr/go/K2N/]] |
<<tiddler [[arOund0C]]>>
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.02.22|
|2020.02.22|Dark Reading|[[All About SASE: What It Is, Why It's Here, How to Use It|https://www.darkreading.com/cloud/all-about-sase-what-it-is-why-its-here-how-to-use-it/d/d-id/1337120]]|SASE|
|>|>|>|!2020.02.21|
|2020.02.21|Thomas Naunheim|[[Azure AD Tenant Hardening - Considerations of default settings|https://www.cloud-architekt.net/azuread-tenant-hardening-security-settings-considerations/]]|AzureAD|
|2020.02.21|IT Business|[[Experts chime in on how to avoid misconfigurations in the cloud|https://www.itbusiness.ca/news/experts-chime-in-on-how-to-avoid-misconfigurations-in-the-cloud/114219]]|Misconfigurations|
|2020.02.21|Computer Weekly|[[Kubernetes storage 101: Container storage basics|https://www.computerweekly.com/feature/Kubernetes-storage-101-Container-storage-basics]]|Storage Kubernetes|
|2020.02.21|Center for Cybersecurity Policy and Law|![[The Future of FedRAMP|https://centerforcybersecuritypolicy.org/the-future-of-fedramp]] ([[rapport PDF|https://static1.squarespace.com/static/5acbb666f407b432519ab15e/t/5e4fd3bf54725e7ce0483940/1582289857151/20-120+Cybersecurity+-+FedRAMP+brochure.pdf]])|FedRAMP Compliance|
|2020.02.21|NextGov| → [[Industry: Include Agencies' Approval of Cloud Service Providers in FISMA Metrics|https://www.nextgov.com/cybersecurity/2020/02/industry-include-agencies-approval-cloud-service-providers-fisma-metrics/163265/]]|FedRAMP Compliance|
|2020.02.21|Ryan Stalets|![[Abusing AWS Architecture and How to Defend It - Ryan Stalets (vidéo)|https://www.youtube.com/watch?v=nEZ4oqn17PE]]|AWS S3 Attacks|
|2020.02.21|Container Journal|[[Container Security Concerns Impacting Deployments|https://containerjournal.com/topics/container-security/container-security-concerns-impacting-deployments/]]|Containers|
|2020.02.21|SANS|![[Cybersecurity in the Age of the Cloud|https://www.sans.org/reading-room/whitepapers/analyst/cybersecurity-age-cloud-39435]]|Context|
|2020.02.21|//IBM//|[[Making Cloud Security a Team Sport|https://securityintelligence.com/posts/making-cloud-security-a-team-sport/]]|Best_Practices Responsibility|
|2020.02.21|//Core Security//|[[The Shared Responsibility of Cloud Security|https://www.coresecurity.com/blog/shared-responsibility-cloud-security]]|Shared_Responsibility|
|2020.02.21|//Capsule8//|[[Container Security - Nobody Knows What It Means But It's Provocative|https://capsule8.com/blog/container-security-nobody-knows-what-it-means-but-its-provocative/]]|Containers|
|2020.02.21|//Compare the Cloud//|[[Solving Surveillance Storage Woes with the Cloud|https://www.comparethecloud.net/articles/cloud/solving-surveillance-storage-woes-with-the-cloud/]]|Storage|
|2020.02.21|//Forcepoint//|[[Visibility is the first step to better cloud security|https://federalnewsnetwork.com/commentary/2020/02/visibility-is-the-first-step-to-better-cloud-security/]]|Visibility|
|2020.02.21|//Sophos//|[[Five steps to avoid a cloud data breach|https://news.sophos.com/en-us/2020/02/21/five-steps-to-avoid-a-cloud-data-breach/]]|Data_Breach Prevention|
|2020.02.21|//AWS//|[[How to define least-privileged permissions for actions called by AWS services|https://aws.amazon.com/blogs/security/how-to-define-least-privileged-permissions-for-actions-called-by-aws-services/]]|AWS Best_Practices|
|>|>|>|!2020.02.20|
|2020.02.20|TL;DR Security|[[#24 - BSidesSF/RSA, tl;dr sec Mascot, REST API Fuzzing, AWS Auto-remediation|https://tldrsec.com/blog/tldr-sec-024-bsidessf-rsa-swagger-fuzzing-aws-autoremediation/]] |Weekly_Newsletter|
|2020.02.20|Nino Crudele|![[Azure Reconnaissance and Scanning for Ethical Hackers and Special Ops Team|https://ninocrudele.com/azure-reconnaissance-and-scanning-for-ethical-hackers-and-special-ops-team-free-whitepaper]] ([[rapport|https://ninocrudele.com/wp-content/docs/Azure-Reconnaissance-and-Scanning-for-Ethical-Hackers-and-Special-Ops-Team.pdf]])|Azure PenTesting|
|2020.02.20|ZDnet|[[Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum|https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/]]|DataLeak|
|2020.02.20|Bleeping Computer| → [[Hackers Share Stolen MGM Resorts Guest Database with 10M+ Records|https://www.bleepingcomputer.com/news/security/hackers-share-stolen-mgm-resorts-guest-database-with-10m-records/]]|DataLeak|
|2020.02.20|infoRisk Today| → [[Hackers Post Details on MGM Resorts Guests: Report|https://www.inforisktoday.com/hackers-post-details-on-mgm-resorts-guests-report-a-13743]]|DataLeak|
|2020.02.20|Dark Reading| → [[Personal Info of 10.6M MGM Resort Guests Leaked Online|https://www.darkreading.com/attacks-breaches/personal-info-of-106m-mgm-resort-guests-leaked-online/d/d-id/1337102]]|DataLeak|
|2020.02.20|Hakin9|[[RANKED: The Countries Most at Risk of Cyber-Crime|https://hakin9.org/ranked-the-countries-most-at-risk-of-cyber-crime/]]|Report|
|2020.02.20|Container Journal|[[Locking Down the Kernel and Securing the Container|https://containerjournal.com/topics/container-security/locking-down-the-kernel-and-securing-the-container/]]|Containers|
|2020.02.20|Cybersecurity Insiders|[[Ransomware Data Recovery on Amazon Cloud/|https://www.cybersecurity-insiders.com/ransomware-data-recovery-on-amazon-cloud/]]|Ransomware|
|2020.02.20|//Shared Assessments//|[[Where Does Your Data Sleep?|https://sharedassessments.org/where-does-your-data-sleep/]]|Data|
|2020.02.20|//WeScale//|[[Istio K8S: Filtrer les IP sources derrière une chaîne de proxies|https://blog.wescale.fr/2020/02/20/istio-k8s/]]|K8s Networks|
|2020.02.20|//Booz Allen//|[[5 Strategies to Secure Cloud Operations Against Today's Cyber Threats|https://www.darkreading.com/cloud/5-strategies-to-secure-cloud-operations-against-todays-cyber-threats/a/d-id/1337033]]|Best_Practices|
|2020.02.20|//Barracuda Networks//|[[New survey indicates security is the top concern restricting faster public cloud adoption|https://www.barracuda.com/news/article/805]] ([[rapport|https://www.barracuda.com/cloud-market]])|Report|
|2020.02.21|Solutions Review| → [[Barracuda: Security and Network Integration are Major Cloud Concerns|https://solutionsreview.com/cloud-platforms/barracuda-security-and-network-integration-are-major-cloud-concerns/]]|Report|
|2020.02.20|//Microsoft Azure//|[[Microsoft Threat Protection Now Generally Available|https://www.securityweek.com/microsoft-threat-protection-now-generally-available]]|Azure Threat_Protection|
|2020.02.20|//Microsoft Azure//|[[Microsoft Threat Protection stops attack sprawl and auto-heals enterprise assets with built-in intelligence and automation|https://www.microsoft.com/security/blog/2020/02/20/microsoft-threat-protection-intelligence-automation/]]|Azure Threat_Protection|
|2020.02.20|Dark Reading| → [[Microsoft Announces General Availability of Threat Protection, Insider Risk Management|https://www.darkreading.com/cloud/microsoft-announces-general-availability-of-threat-protection-insider-risk-management-/d/d-id/1337105]]|Azure Threat_Protection|
|2020.02.20|//Microsoft Azure//|[[Azure Sentinel uncovers the real threats hidden in billions of low fidelity signals|https://www.microsoft.com/security/blog/2020/02/20/azure-sentinel-uncovers-real-threats-hidden-billions-low-fidelity-signals/]]|Azure_Sentinel|
|2020.02.20|//Code42//|[[Code42 Data Exposure Report: Collaborative Work Environments, Dynamic Workforce Exacerbate Insider Threat Problem|https://vmblog.com/archive/2020/02/20/code42-data-exposure-report-collaborative-work-environments-dynamic-workforce-exacerbate-insider-threat-problem.aspx]] ([[rapport|https://www.code42.com/go/2020-data-exposure-report-g/]])|Report Code42|
|2020.02.20|//Microsoft Azure//|[[Azure Security Center for IoT RSA 2020 announcements|https://azure.microsoft.com/en-us/blog/azure-security-center-for-iot-rsa-2020-announcements/]]|Azure IoT|
|2020.02.20|//Google Cloud//|[[Making your monolith more reliable|https://cloud.google.com/blog/products/management-tools/sre-for-single-tiered-software-applications]]|GCP DevOps|
|2020.02.20|//Caylent//|[[Implementing Aqua Security to Secure Kubernetes|https://caylent.com/implementing-aqua-security-to-secure-kubernetes]]|K8s|
|2020.02.20|//Secure Cloud Blog//|[[Hardening SalesForce Integration in Azure Logic Apps + Azure Secure Devops Kit Alignment of Logic Apps|https://securecloud.blog/2020/02/20/hardening-salesforce-integration-in-azure-logic-apps-azure-secure-devops-kit-alignment-of-logic-apps/]]|Hardening|
|2020.02.20|//4SL//|[[Cloud data risk growing warns 4sl|https://ibsintelligence.com/ibs-journal/ibs-news/cloud-data-risk-growing-warns-4sl/]]|Risks|
|2020.02.21|Continuity Central| → [[Take control of cloud backups or risk loss or non-compliance warns 4sl|https://www.continuitycentral.com/index.php/news/erm-news/4904-take-control-of-cloud-backups-or-risk-loss-or-non-compliance-warns-4sl]]|Risks|
|2020.02.20|//Securosis//|[[Defining the Journey - the Four Cloud Adoption Patterns|https://securosis.com/blog/defining-the-journey-the-four-cloud-adoption-patterns]] (2/6)|Misc|
|2020.02.20|//Cloud Academy//|[[Cloud Academy Training Tips|https://cloudacademy.com/blog/training-tips/]]|Training|
|2020.02.20|//Optiv//|[[Container Risks - Gaining Visibility into NIST SP 800-190, Part Six|https://www.optiv.com/blog/container-risks]] (6/6)|
|>|>|>|!2020.02.19|
|2020.02.19|Journal du Net[>img[iCSF/flag_fr.png]]|[[Le cloud en 2020 : l'année du edge, de l'automatisation et des clouds sectoriels|https://www.journaldunet.com/solutions/cloud-computing/1488803-le-cloud-en-2020-l-annee-du-edge-de-l-automatisation-et-des-clouds-propres-a-un-secteur-d-activite/]]|Misc|
|2020.02.19|Computer Weekly|[[Questions raised over Office 365 shared content policy|https://www.computerweekly.com/news/252478758/Questions-raised-over-Office-365-shared-content-policy]]|O365 Privacy|
|2020.02.19|Cybersecurity Insiders|[[Plastic surgery videos leaked due to misconfigured Amazon Web Services Cloud|https://www.cybersecurity-insiders.com/plastic-surgery-videos-leaked-due-to-misconfigured-amazon-web-services-cloud/]]|Data_Leak|
|2020.02.19|Solutions Review|[[What's Changed: 2020 Gartner Magic Quadrant for Cloud Management Platforms|https://solutionsreview.com/cloud-platforms/whats-changed-2020-gartner-magic-quadrant-for-cloud-management-platforms/]]|Market|
|2020.02.19|//Imperva//|[[Spikes in High-risk Vulnerabilities and Public Cloud-based Attacks Dominate Threat Landscape, Imperva Researchers Find with New Cyber Threat Index|https://www.imperva.com/company/press_releases/imperva-launches-cyber-threat-index/]] ([[Index|https://www.imperva.com/cyber-threat-index/]])|Report Threat_Index|
|2020.02.21|Help Net Security| → [[High-risk vulnerabilities and public cloud-based attacks on the rise|https://www.helpnetsecurity.com/2020/02/21/high-risk-vulnerabilities-rise/]]|Report|
|2020.02.19|//StackRox//|[[5 Surprising Findings from StackRox's Latest Kubernetes Security Report|https://www.stackrox.com/post/2020/02/5-surprising-findings-from-stackroxs-latest-kubernetes-security-report/]] ([[rpport|https://security.stackrox.com/state-of-containers-and-kubernetes-security-report-winter-2020.html]])|Report|
|2020.02.19|Container Journal| → [[StackRox Report Reveals that Container and Kubernetes Security Concerns are Inhibiting Business Innovation|https://containerjournal.com/news/news-releases/stackrox-report-reveals-that-container-and-kubernetes-security-concerns-are-inhibiting-business-innovation/]]|Report|
|2020.02.19|//NetSkope//|[[Cybercriminals Find Cover in the Cloud: New Netskope Research Finds 44% of Threats are Cloud-Enabled|https://www.netskope.com/press-releases/cloud-threat-report]] ([[rapport|https://resources.netskope.com/cloud-reports/cloud-and-threat-report-february-2020-edition]])|Report|
|2020.02.19|Dark Reading| → [[44% of Security Threats Start in the Cloud|https://www.darkreading.com/cloud/44--of-security-threats-start-in-the-cloud/d/d-id/1337088]]|Report|
|2020.02.21|Help Net Security| → [[Cloud-enabled threats are on the rise, sensitive data is moving between cloud apps|https://www.helpnetsecurity.com/2020/02/21/cloud-enabled-threats/]]|Report|
|2020.02.21|Continuity Central| → [[New threat landscape report highlights cyber risk trends|https://www.continuitycentral.com/index.php/news/technology/4902-new-threat-landscape-report-highlights-cyber-risk-trends]]|Report|
|2020.02.21|Solutions Review| → [[Netskope Releases February 2020 Netskope Cloud and Threat Report|https://solutionsreview.com/security-information-event-management/netskope-releases-february-2020-netskope-cloud-and-threat-report/]]|Report|
|2020.02.19|//Bitglass//|[[Cloud Security that Performs|https://www.bitglass.com/blog/cloud-security-performance-1]]|Misc|
|2020.02.19|//CoreView//|[[The top four Office 365 security pain points|https://www.helpnetsecurity.com/2020/02/19/o365-security/]]|O365 Recommendations|
|2020.02.19|//SafeBreach//|[[SafeBreach Adds Docker Support to Breach Simulation Platform|https://containerjournal.com/topics/container-security/safebreach-adds-docker-support-to-breach-simulation-platform/]]|Docker Simulation|
|2020.02.19|//Aqua Security//|[[Threat Alert: New Attack Vector Targeting Your Cloud Environment|https://blog.aquasec.com/threat-alert-cloud-computing-security]]|Attack Evasion|
|>|>|>|!2020.02.18|
|2020.02.18|Nathan Getty|[[AWS Automated Remediation - Part 2: S3 Buckets|https://getsec.github.io/2020/02/aws-remedy-2/]] (2/2)|AWS Remediation|
|2020.02.18|CloudAcademy|[[AWS Reserved Instances and Savings Plans: Challenges and Solutions|https://cloudacademy.com/blog/aws-reserved-instances-and-savings-plans-challenges-and-solutions/]]|AWS|
|2020.02.18|Journal du Net[>img[iCSF/flag_fr.png]]|[[OVHcloud vs Scaleway : l'ambition mondiale face au principe de réalité|https://www.journaldunet.com/solutions/cloud-computing/1489051-scaleway-vs-ovhcloud-le-match-des-clouds-francais/]]|Misc|
|2020.02.18|//Zscaler//[>img[iCSF/flag_fr.png]]|[[Nouvelle approche de sécurité SASE : de la nécessité de mettre en place un cloud de transit sécurisé|https://www.informatiquenews.fr/nouvelle-approche-de-securite-sase-de-la-necessite-de-mettre-en-place-un-cloud-de-transit-securisenathan-howe-zscaler-67291]]|SASE|
|2020.02.18|//Microsoft Azure//|[[Advanced multistage attack detection in Azure Sentinel|https://docs.microsoft.com/en-us/azure/sentinel/fusion]]|Azure Sentinel|
|2020.02.18|//Divvy Cloud//|[[2020 Cloud Misconfigurations Report|https://divvycloud.com/misconfigurations-report-2020/]] ([[rapport|https://divvycloud.com/wp-content/uploads/2020/02/Cloud-Misconfiguration-Report-FINAL.pdf]])|Report Misconfiguration|
|2020.02.19|//Divvy Cloud//| → [[New DivvyCloud Report Finds Breaches Caused by Cloud Misconfigurations Cost Enterprises Nearly $5 Trillion|https://divvycloud.com/new-divvycloud-misconfigurations-report/]]|Report Misconfiguration|
|2020.02.19|BetaNews| → [[Cloud misconfigurations expose over 33 billion records in two years|https://betanews.com/2020/02/19/cloud-misconfiguration/]]|Report Misconfiguration|
|2020.02.19|TechRepublic| → [[Cloud misconfigurations cost companies nearly $5 trillion|https://www.techrepublic.com/article/cloud-misconfigurations-cost-companies-nearly-5-trillion/]]|Report Misconfiguration|
|2020.02.19|Computer Weekly| → [[Cost of cloud misconfigurations set at $5tn|https://www.computerweekly.com/news/252478833/Cost-of-cloud-misconfigurations-set-at-5tn]]|Misconfigurations|
|2020.02.20|Help Net Security| → [[Cloud misconfigurations surge, organizations need continuous controls|https://www.helpnetsecurity.com/2020/02/20/cloud-misconfigurations/]]|Report Misconfiguration|
|2020.02.21|Enterprise Talk| → [[Cloud Misconfigurations - Losses are Expected to Reach $5tn, Says DivvyCloud|https://enterprisetalk.com/featured/cloud-misconfigurations-losses-are-expected-to-reach-5tn-says-divvycloud/]]|Report Misconfiguration|
|2020.02.18|//Microsoft Azure//|[[New Azure Firewall certification and features in Q1 CY2020|https://azure.microsoft.com/en-us/blog/new-azure-firewall-certification-and-features-in-q1-cy2020/]]|Azure|
|2020.02.18|//Microsoft Azure//|[[Azure Firewall Manager now supports virtual networks|https://azure.microsoft.com/en-us/blog/azure-firewall-manager-now-supports-virtual-networks/]]|Azure Firewalls|
|2020.02.18|//MalwreBytes Labs//|[[Harnessing the power of identity management (IDaaS) in the cloud|https://blog.malwarebytes.com/explained/2020/02/harnessing-the-power-of-identity-management-idaas-in-the-cloud/]]|IDaaS|
|2020.02.18|//Extreme Networks//|[[7 out of 10 Organizations Have Seen Hacking Attempts via IoT|https://vmblog.com/archive/2020/02/19/7-out-of-10-organizations-have-seen-hacking-attempts-via-iot.aspx]] ([[report|https://www.extremenetworks.com/resources/white-paper/extreme-networks-security-survey-results/]])|Report|
|2020.02.18|//eXemplify//|[[Critical Questions for Evaluating Cloud Managed Services Providers|http://www.exemplifygroup.com/critical-questions-for-evaluating-cloud-managed-services-providers/]]|MSSPs|
|2020.02.18|//CyberArk Conjur//|[[Security Challenges Around Chaos Engineering|https://www.conjur.org/blog/security-challenges-around-chaos-engineering/]]|Chaos_Engineering|
|2020.02.18|//Sensu//|[[Chaos engineering + monitoring, part 2: for starters|https://blog.sensu.io/chaos-engineering-monitoring-part-2-for-starters]] (2/3)|Chaos_Engineering|
|2020.02.18|//Darbit//|[[Simple DLP for AWS S3|https://darkbit.io/blog/simple-dlp-for-amazon-s3]]|Tools AWS_S3 DLP|
|2020.02.18|//Darbit//| → [[Simple S3 DLP|https://github.com/darkbitio/aws-s3-dlp]]|Tools AWS_S3 DLP|
|>|>|>|!2020.02.17|
|2020.02.17|Help Net Security|[[Three API security risks in the wake of the Facebook breach|https://www.helpnetsecurity.com/2020/02/17/api-security-facebook-breach/]]|APIs Attacks|
|2020.02.17|Techtarget|[[Cloud key to top 2019 data backup and disaster recovery products|https://searchdatabackup.techtarget.com/feature/Cloud-key-to-top-2019-data-backup-and-disaster-recovery-products]]|BCP DRP|
|2020.02.17|CommsMEA|[[Surge in cloud usage drives steep rise in cybersecurity spending|https://www.commsmea.com/business/trends/21419-surge-in-cloud-usage-drives-steep-rise-in-cybersecurity-spending]]|Market|
|2020.02.17|//Securosis//|[[Your Cloud Journeys is Unique, but Not Unknown|https://securosis.com/blog/your-cloud-journeys-is-unique-but-not-unknown]] (1/6)|Public_Cloud|
|2020.02.17|//JumpCloud//|[[One User Account for Both AWS and GCP|https://jumpcloud.com/blog/one-account-aws-gcp/]]|Authentication AWS GCP|
|2020.01.17|//Talent Jump//|[[CLAMBLING - A New Backdoor Base On Dropbox (EN)|http://www.talent-jump.com/article/2020/02/17/CLAMBLING-A-New-Backdoor-Base-On-Dropbox-en/]]|Dropbox Attack|
|2020.01.17|//CipherCloud//|[[Get a grip on data in Box and beyond - for compliance sake|https://www.ciphercloud.com/get-a-grip-on-data-in-box-and-beyond-for-compliance-sake/]]|Data_Protection CASB|
|2020.01.17|//Not So Secure//|[[Hacking AWS Cognito Misconfigurations|https://www.notsosecure.com/hacking-aws-cognito-misconfigurations/]]|AWS Misconfigurations|
|2020.02.17|//Do IT Int.//|[[Securely Access AWS Services from Google Kubernetes Engine (GKE)|https://blog.doit-intl.com/securely-access-aws-from-gke-dba1c6dbccba?]]||
|2020.02.17|//Aqua Security//|[[Cloud Native Security Best Practices: Using Kubernetes Admission Controller for Image Assurance|https://blog.aquasec.com/kubernetes-admission-controller]]|Best_Practices Kubernetes|
!The Six Pillars of DevSecOps: Collective Responsibility [>img(150px,auto)[iCSA/K2LPT.jpg]]
<<<
//The DevSecOps Working Group identified and defined six focus areas critical to integrating DevSecOps into an organization, in accordance with the six pillars described in CSA's Reflexive Security Framework.
More detailed research and guidance across each of the six pillars of DevSecOps will be revisited and established over time in order to maintain industry specific standards.
This paper is part of a planned series and will focus on the area that is arguably the foundation for all others - collective responsibility.
Fostering a sense of collective security responsibility is not only an essential element of driving security into a DevOps environment, but it is also one of the most challenging.
It requires cultivating a change to the organization's mindset, its ideas and its customs and behaviors regarding software security.
In this paper, we refer to this effort as building a security-supportive culture.//
<<<
__Table des Matières :__//
<<<
* Introduction
* Overview
* Executive Support and Engagement
* Program Design and Implementation
* Bringing Champions to the Challenge
* Reinforcing the Program through Security Awareness and Training
* Program Sustainment and Measurement
* Summary
* Appendix I: Healthy Questions and Discussion Points
* Appendix II: Further Reading
<<<
//__Liens :__
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/k2lp/|https://CloudSecurityAlliance.fr/go/k2lp/]]''
* Document (pdf) ⇒ ''[[CloudSecurityAlliance.fr/go/k2ld/|https://CloudSecurityAlliance.fr/go/k2ld/]]''
[img(50%,1px)[iCSF/BluePixel.gif]]
!Cloud Usage in the Financial Services Sector [>img(150px,auto)[iCSA/K2LPC.jpg]]
<<<
//This survey was created and completed by members of the the Financial Services Stakeholders Platform, a CSA working group whose main objective is to identify and share the challenges, risks and best practices for the development, deployment and management of secure cloud services in the financial services industry. The goal of this survey was to analyze the level of adoption of cloud solutions and requirements from financial institutions' perspectives;
In administering the survey, the Cloud Security Alliance's intention was to take the temperature of cloud computing in the financial sector and provide guidance to accelerate adoption of secure cloud services. These takeaways will inform the Financial Services working group and serve as actionable items to address the concerns and opportunities associated with cloud computing and financial services.
This study analyzed the cloud usage of financial institutions across three main areas of interest: security concerns, regulatory requirements, and governance aspects.
The Cloud Security Alliance is a not-for-profit organization with a mission to widely promote best practices for ensuring cyber security in cloud computing and IT technologies. CSA is also tasked with educating various stakeholders within these industries about security concerns in all other forms of computing. CSA's membership is comprised of a broad coalition of industry practitioners, corporations, and professional associations. One of CSA's primary goals is to conduct surveys that assess information security trends. These surveys help gauge the maturity of information security technology at various points in the industry, as well as the rate of adoption of security best practices.//
<<<
__Table des Matières :__//
<<<
* Introduction
* Survey Participant Demographics
* Current Cloud Use by Participants
* Key Cloud Concerns & Challenges
* Technical Controls: Key Management
* Risk Management: Policy, Assessment & Talent Risk
* Threat Monitoring
* Cloud Sourcing
* Backout Plans
* Recommendations
* Conclusion
* About The Sponsor .
<<<
//__Liens :__
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/k2ls/|https://CloudSecurityAlliance.fr/go/k2ls/]]''
* Document (pdf) ⇒ ''[[CloudSecurityAlliance.fr/go/k2lr/|https://CloudSecurityAlliance.fr/go/k2lr/]]''
!"//Call for Papers SECtember//"
[>img(300px,auto)[iCSA/202009US-SECtember.png]]L'appel à contribution est ouvert jusqu'au 1er mai 2020. Les thèmes suggérés sont les suivants ://
<<<
* DevOps, DevSecOps & CI/CD security experiences
* Containerization, Microservices & Serverless computing
* Software Defined Perimeter, Microsegmentation & Zero Trust
* Cloud migration lessons learned
* Cloud encryption, key management, BYOK, HSM
* Cloud identity management
* Data governance, portability and sovereignty
* Cloud governance, compliance and risk management
* Cloud and the Board of Directors
* Continuous assurance & compliance
* Hybrid and multi cloud implementation & security architectures
* Incident Management best practices
* Nation-state cybersecurity trends and cloud-related critical infrastructure
* Cloud threats and threat actors
* Role of adjacent and emerging technologies in cloud: IoT, Blockchain, 5G, Artificial Intelligence, Quantum Computing
* Security workforce enablement
* Global privacy strategies (GDPR, CCPA, etc.)
<<<
//Les sessions seront de 2 types :
* des "Keynotes" de 20 minutes
* des présentations de 40 minutes
Pour rappel, la première conférence [[SECtember]] se déroulera du 14 au 18 septembre 2020 à Seattle.
⇒ Lire [[l'appel à contribution|https://CloudSecurityAlliance.fr/go/k2jc/]] sur le site de la CSA.
⇒ le site de la conférence ⇒ ''[[CloudSecurityAlliance.fr/go/k9ee/|https://CloudSecurityAlliance.fr/go/k9ee/]]''
!"//Proposed Principles for Artificial Intelligence Published by the White House//"
[>img(150px,auto)[iCSA/K2JBP.jpg]]Article de blog publié le 19 février 2020 — Rédigé par Francoise Gilbert, Data & Privacy Expert, DataMinding.com+++*[»]> https://dataminding.com/ === et publié simultanément sur son propre blog+++*[»]> https://www.francoisegilbert.com/?p=1480 ===.
<<<
//A draft memorandum outlining a proposed "Guidance on Regulation of Artificial Intelligence Application"+++*[»]> https://www.whitehouse.gov/wp-content/uploads/2020/01/Draft-OMB-Memo-on-Regulation-of-AI-1-7-19.pdf === ("Memorandum") for agencies to follow when regulating and taking non-regulatory actions affecting artificial intelligence was published by the White House on January 7, 2020. The proposed document addresses the objective identified in an "Executive Order 13859 on Maintaining American Leadership in Artificial Intelligence"+++*[»]> https://www.whitehouse.gov/presidential-actions/executive-order-maintaining-american-leadership-artificial-intelligence/ ===, ("Executive Order 13859") published by the White House in February 2019.2
The Memorandum sets out policy considerations that should guide oversight of artificial intelligence (AI) applications developed and deployed outside the Federal government. It is intended to inform the development of regulatory and non-regulatory approaches regarding technologies and industrial sectors that are empowered or enabled by artificial intelligence and consider ways to reduce barriers to the development and adoption of AI technologies.
!!Principles for the Stewardship of AI Applications
The memorandum sets forth ten proposed principles:
* Ensure public trust in AI
* Public participation in all stages of rulemaking process
* Scientific integrity and information quality
* Consistent application of risk assessment and management
* Maximizing benefits and evaluating risks and costs of not implementing
* Flexibility to adapt to rapid changes
* Ensure Fairness and non-discrimination in outcomes
* Disclosure and transparency to ensure public trust
* Promote safety and security
* Interagency cooperation
Details on each of these principles are provided below
!!!1. Public Trust in AI.
Government regulatory and non-regulatory approaches to AI should promote reliable, robust and trustworthy AI applications that contribute to public trust in AI.
!!!2. Public Participation.
Agencies should provide opportunities for the public to provide information and participate in all stages of the rulemaking process. To the extent practicable, agencies should inform the public and promote awareness and widespread availability of standards, as well as the creation of other informative documents.
!!!3. Scientific Integrity and Information Quality.
Agencies should hold to a high standard of quality, transparency and compliance information that is likely to have substantial influence on important public policy or private sector decisions governing the use of AI. They should develop regulatory approaches to AI in a manner that informs policy decisions and fosters public trust in AI. Suggested best practices would include: (a) transparently articulating the strengths, weaknesses, intended optimizations or outcomes; (b) bias mitigation; and (c) appropriate uses of the results of AI application.
!!!4. Risk Assessment and Management.
The fourth principle caution against an unduly conservative approach to risk management. It recommends the use of a risk-based approach to determine which risks are acceptable, and which risks present the possibility of unacceptable harm, or harm whose expected costs are greater than expected benefits. It also recommends that agencies be transparent about their evaluation of risks.
!!!5. Benefits and Costs.
The fifth principle provides that agencies should consider the full societal costs, benefits, and distributional effects before considering regulations related to the development and deployment of an AI application. Agencies should also consider critical dependencies when evaluating AI costs and benefits because data quality, changes in human processes, and other technological factors associated with AI implementation may alter the nature and magnitude of risks.
!!!6. Flexibility.
When developing regulatory and non-regulatory approaches, agencies should pursue performance-based and flexible approaches that can adapt to rapid changes and updates to AI applications. Agencies should also keep in mind international uses of AI.
!!!7. Fairness and Non-Discrimination.
Agencies should consider whether AI applications produce discriminatory outcomes as compared to existing processes, recognizing that AI has the potential of reducing present-day discrimination caused by human subjectivity.
!!!8. Disclosure and Transparency.
The eighth principle comments that transparency and disclosure may increase public trust and confidence. These disclosures may include identifying when AI is in use, for instance, if appropriate for addressing questions about how an application impacts human end-users. Further, agencies should carefully consider the sufficiency of existing or evolving legal, policy, and regulatory environments before contemplating additional measures for disclosure and transparency.
!!!9. Safety and Security.
Agencies are encouraged to promote the development of AI systems that are safe, secure, and operate as intended, and to encourage the consideration of safety and security issues throughout the AI design, development, deployment, and operation process. Particular attention should be paid to the controls in place to ensure the confidentiality, integrity, and availability of the information processed, stored, and transmitted by AI systems. Further, agencies should give additional consideration to methods for guaranteeing systemic resilience, and preventing bad actors from exploiting AI system weaknesses, cybersecurity risks posed by AI operation, and adversarial use of AI against a regulated entity's AI technology.
!!!10. Interagency Cooperation.
Agencies should coordinate with each other to ensure consistency and predictability of AI-related policies that advance innovation and growth in AI, while appropriately protecting privacy, civil liberties, and allowing for sector- and application-specific approaches when appropriate.
!!Non-Regulatory Approaches to AI
The Memorandum recommends that an agency consider taking no action or considering non-regulatory approaches when it determines, after evaluating a particular AI application, that existing regulations are sufficient, or the benefits of a new regulation do not justify its costs. Examples of such non-regulatory approaches include: (a) sector-specific policy guidance or frameworks; (b) pilot programs and experiments; and (c) the development of voluntary consensus standards
!!Reducing Barriers to the Development and Use of AI
The Memorandum points out that "Executive Order 13859 on Maintaining American Leadership in Artificial Intelligence"+++*[»]> https://www.whitehouse.gov/presidential-actions/executive-order-maintaining-american-leadership-artificial-intelligence/ ===, instructs OMB to identify means to reduce barriers to the use of AI technologies in order to promote their innovative application while protecting civil liberties, privacy, American values, and United States economic and national security. The Memorandum provides examples of actions that agencies can take, outside the rulemaking process, to create an environment that facilitates the use and acceptance of AI. One of the examples is agency participation in the development and use of voluntary consensus standards and conformity assessment activities.
!!Next Steps
The Memorandum points out that Executive Order 13859 requires that implementing agencies review their authorities relevant to AI applications and submit plans to OMB on achieving the goals outlined in the Memorandum within 180 days of the issuance of the final version of the Memorandum. In this respect, such agency plan will have to:
* Identify any statutory authorities specifically governing agency regulation of AI applications;
* Identify collections of AI-related information from regulated entities;
* Describe any statutory restrictions on the collection or sharing of information, such as confidential business information, personally identifiable information, protected health information, law enforcement information, and classified or other national security information);
* Report on the outcomes of stakeholder engagements that identify existing regulatory barriers to AI applications and high-priority AI applications; and
* List and describe any planned or considered regulatory actions on AI.
!!Conclusion
This draft guidance marks defines a concrete structure for outlining regulatory and non-regulatory approaches regarding AI. Businesses should evaluate the extent to which their own AI strategies have the ability to address the ten principles.
In addition, since the development of AI strategies is likely to have global consequences, they should also take into account similar initiatives that have been developed elsewhere around the world, such as by the OECD (with the "OECD Recommendation on Artificial Intelligence"+++*[»]> https://www.oecd.org/going-digital/ai/principles/ ===), the European Commission (through its "Ethics Guidelines for Trustworthy Artificial Intelligence"+++*[»]> https://ec.europa.eu/digital-single-market/en/news/ethics-guidelines-trustworthy-ai ===) or at the country level, for example in France (with the "Algorithm and Artificial Intelligence: CNIL Report on Ethics Issues"+++*[»]> https://www.cnil.fr/en/algorithms-and-artificial-intelligence-cnils-report-ethical-issues ===).//
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k2nb/]] sur le blog de la CSA.
!"//Cloud Security Challenges in 2020//"
[>img(150px,auto)[iCSA/K2IBC.jpg]]Article de blog publié le 18 février 2020 — Rédigé par Ashwin Chaudhary, Chief Executive Officer, Accedere+++*[»]> http://accedere.us/ ===
<<<
//The worldwide public cloud services market is forecast to grow 17% in 2020 to total $266.4 billion, up from $227.8 billion in 2019 according to Gartner+++*[»]> https://www.gartner.com/en/newsroom/press-releases/2019-11-13-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2020 ===. As the cloud continues to be more and more heavily adopted, it's important to be aware of the challenges organizations are faced with when leveraging cloud computing. Recently the Cloud Security Alliance presented the following major cloud challenges in its report "Top Threats to Cloud Computing: Egregious Eleven"+++*[»]> https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-egregious-eleven ===. In this blog, I will be summarizing each threat covered in the report and discuss its implications to organizations today.
!!1. Data Breaches
Consequences of a data breach may include:
* Impact to reputation and trust of customers or partners
* Loss of intellectual property (IP) to competitors, which may impact products release
* Regulatory implications that may result in monetary loss
* Brand impact which may cause a market value decrease due to previously listed reasons
* Legal and contractual liabilities
* Financial expenses incurred due to incident response and forensics
!!2. Misconfiguration and Inadequate Change Control
This is one of the most common challenges of the cloud. In 2017, a misconfigured AWS Simple Storage Service (S3) cloud storage bucket exposed detailed and private data of 123 million American households. The data set belonged to Experian, a credit bureau, which sold the data to an online marketing and data analytics company called Alteryx. It was Alteryx that exposed the file. Such instances can be disastrous.
!!3. Lack of Cloud Security Architecture and Strategy
Worldwide, organizations are migrating portions of their IT infrastructure to public clouds. One of the biggest challenges during this transition is the implementation of appropriate security architecture to withstand cyberattacks. Unfortunately, this process is still a mystery for many organizations. Data are exposed to different threats when organizations assume that cloud migration is a "lift-and-shift" endeavor of simply porting their existing IT stack and security controls to a cloud environment. A lack of understanding of the shared security responsibility model is also another contributing factor.
!!4. Insufficient Identity, Credential, Access and Key Management
Cloud computing introduces multiple changes to traditional internal system management practices related to identity and access management (IAM). It isn't that these are necessarily new issues. Rather, they are more significant issues when dealing with the cloud because cloud computing profoundly impacts identity, credential and access management. In both public and private cloud settings, CSPs and cloud consumers are required to manage IAM without compromising security.
!!5. Account Hijacking
Account hijacking is a threat in which malicious attackers gain access to and abuse accounts that are highly privileged or sensitive. In cloud environments, the accounts with the highest risks are cloud service accounts or subscriptions. Phishing attacks, exploitation of cloud-based systems, or stolen credentials can compromise these accounts.
!!6. Insider Threat
The Netwrix 2018 Cloud Security Report indicates that 58 percent of companies attribute security breaches to insiders. Insider negligence is the cause of most security incidents. Employee or contractor negligence was the root cause of 64 percent of the reported insider incidents, whereas 23 percent were related to criminal insiders and 13 percent to credential theft, according to the Ponemon Institute's 2018 Cost of Insider Threats study. Some common scenarios cited include: misconfigured cloud servers, employees storing sensitive company data on their own insecure personal devices and systems, and employees or other insiders falling prey to phishing emails that led to malicious attacks on company assets.
!!7. Insecure Interfaces and APIs
Cloud computing providers expose a set of software user interfaces (UIs) and APIs to allow customers to manage and interact with cloud services. The security and availability of general cloud services are dependent on the security of these APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent the security policy. Poorly designed APIs could lead to misuse or - even worse - a data breach. Broken, exposed, or hacked APIs have caused some major data breaches. Organizations must understand the security requirements around designing and presenting these interfaces on the internet.
!!8. Weak Control Plane
Moving from the data center to the cloud poses some challenges for creating a sufficient data storage and protection program. The user must now develop new processes for data duplication, migration and storage and - if using multi-cloud - it gets even more complicated. A control plane should be the solution for these problems, as it enables the security and integrity that would complement the data plane that provides stability and runtime of the data. A weak control plane means the person in charge - either a system architect or a DevOps engineer - is not in full control of the data infrastructure's logic, security and verification. In this scenario, controlling stakeholders don't know the security configuration, how data flows and where architectural blind spots and weak points exist. These limitations could result in data corruption, unavailability, or leakage.
!!9. Metastructure and Applistructure Failures
Cloud service providers routinely reveal operations and security protections that are necessary to implement and protect their systems successfully. Typically, API calls disclose this information and the protections are incorporated in the metastructure layer for the CSP. The metastructure is considered the CSP/customer line of demarcation - also known as the waterline. Failure possibilities exist at multiple levels in this model. For example, poor API implementation by the CSP offers attackers an opportunity to disrupt cloud customers by interrupting confidentiality, integrity, or availability of the service.
!!10. Limited Cloud Usage Visibility
Limited cloud usage visibility occurs when an organization does not possess the ability to visualize and analyze whether cloud service use within the organization is safe or malicious. This concept is broken down into two key challenges. Un-sanctioned app use: This occurs when employees are using cloud applications and resources without the specific permission and support of corporate IT and security. This scenario results in a self-support model called Shadow IT. When insecure cloud services activity does not meet corporate guidelines, this behavior is risky - especially when paired with sensitive corporate data. Gartner predicts that by 2020, one-third of all successful security attacks on companies will come through shadow IT systems and resources.
Sanctioned app misuse: Organizations are often unable to analyze how their approved applications are being leveraged by insiders who use a sanctioned app. Frequently, this use occurs without the explicit permission of the company, or by external threat actors who target the service using methods such as credential theft, Structured Query Language (SQL) injection, Domain Name System (DNS) attacks and more.
!!11. Abuse and Nefarious Use of Cloud Services
Malicious actors may leverage cloud computing resources to target users, organizations or other cloud providers. Malicious attackers can also host malware on cloud services. Cloud services that host malware can seem more legitimate because the malware uses the CSP's domain. Furthermore, cloud-hosted malware can use cloud-sharing tools as an attack vector to further propagate itself.
//[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k2nb/]] sur le blog de la CSA
!"//The Underrated Link Between Malicious Code & Cloud Security//"
[>img(250px,auto)[iCSA/K2IWT.png]]Webinar [[CloudBytes]] diffusé le 18 février 2020 — Présenté par Itai Tevet, CEO de la société Intezer
<<<
//In order for an adversary to conduct a successful cyber attack and inflict any kind of damage, they must run malicious code or commands on a victim's machine. This fact also holds true in the world of modern cloud infrastructure, which usually comprises numerous Linux servers, containers and other services that can potentially run unauthorized software.
While there's a lot of publicly available information about securing the CI/CD process and pre-runtime scans, in this webinar, we will focus on best practices for securing your workloads in runtime. We will further explain how monitoring code in-memory can help to detect and quickly respond to cyber threats in public or private cloud servers.//
<<<
⇒ Voir le Webinar de 42 minutes [[sur le site de BrightTALK|https://CloudSecurityAlliance.fr/go/k2hw/]]
!"//Software-Defined Perimeter (SDP) and Zero Trust//"
<<<
//A Zero Trust implementation using Software-Defined Perimeter enables organizations to defend new variations of old attack methods that are constantly surfacing in existing network and infrastructure perimeter-centric networking models.
Implementing SDP improves the security posture of businesses facing the challenge of continuously adapting to expanding attack surfaces that are increasingly more complex.
This paper will show how SDP can be used to implement ZTNs and why SDP is applied to network connectivity, meaning it is agnostic of the underlying IP-based infrastructure and hones in on securing all connections using said infrastructure - it is the best architecture for achieving Zero Trust.//
<<<
Pour accéder au document, vous devez vous enregistrer avec une adresse en "//gmail.com//", et demander une autorisation d'accès au document.
La date limite pour faire les commentaires est fixée au ''16 mars 2020''.
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k2ha/]] sur le site de la CSA
!!1 - Informations CSA de la semaine du 10 au 16 février 2020
* Blog : utilisation des rapports SOC2 pour la sécurité du Cloud et la protection de la vie privée+++*[»]> <<tiddler [[2020.02.10 - Blog : 'Using SOC Reports for Cloud Security and Privacy']]>>===
* Actu : annonce d'un atelier 'Challenges Cloud et Sécurité' par l'Agence Européenne de Défense+++*[»]> <<tiddler [[2020.02.10 - Atelier de l'Agence Européenne de Défense sur la sécurité du Cloud]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.02.16 - Veille Hebdomadaire - 16 février]] avec plus de 50 liens dont :
* __Menaces__ : ''cas concrêt'' de recherche de compromission avec Azure Sentinel+++*[»]>
|2020.02.14|ID Access Management|![[Hunting for University of Maastricht breach using Azure Sentinel|https://identityaccess.management/2020/02/14/hunting-for-university-of-maastricht-breach-using-azure-sentinel/]]|Hunting|
===, ''ransomware'' et Cloud+++*[»]>
|2020.02.11|Dark Reading|![[Why Ransomware Will Soon Target the Cloud|https://www.darkreading.com/cloud/why-ransomware-will-soon-target-the-cloud-/a/d-id/1336957]]|Ransomware|
===, retour d'expérience du NCC Group sur ''Kubernetes''+++*[»]>
|2020.02.12|//NCC Group//|![[Deep Dive into Real-World Kubernetes Threats|https://research.nccgroup.com/2020/02/12/command-and-kubectl-talk-follow-up/]]|K8s|
|2020.02.12|//NCC Group//| → [[Présentation "Command and KubeCTL, Real-World Kubernetes Security for Pentesters"|https://docs.google.com/presentation/d/1y6KGGT5Uw27cCgFMKiGv0NjRhq8YvjY_S9UG8s_TThg/]] et [[démonstration|https://github.com/antitree/cmd_and_kubectl_demos]]|K8s|
===
* Fuites de données : encore et toujours des ''buckets S3'' mal protégés+++*[»]>
|2020.02.10|//vpnMentor//|[[Report: Inmates' Prescriptions & PII Leaked in Breach Spanning Multiple Jailhouses|https://www.vpnmentor.com/blog/report-jailcore-leak/]]|Data_Leak AWS_S3|
|2020.02.11|Graham Cluley| → [[Prison inmates' sensitive data left exposed on leaky cloud bucket|https://www.grahamcluley.com/prisoner-data-leak-bucket/]]|Data_Leak AWS_S3|
|2020.02.12|//TrendMicro//| → [[Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records|https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/misconfigured-aws-s3-bucket-leaks-36-000-inmate-records]]|Data_Leak AWS_S3|
===
* __Divers__ : comparaison des coûts de ''sauvegarde'' entre Azure et AWS+++*[»]>
|2020.02.14|VMblog|![[Cloud Backup Comparison: Azure vs AWS|https://vmblog.com/archive/2020/02/14/cloud-backup-comparison-azure-vs-aws.aspx]]|BackUps|
===, détection et réponse+++*[»]>
|2020.02.12|SANS|![[How to Improve Security Visibility and Detection/Response Operations in AWS|https://www.sans.org/reading-room/whitepapers/analyst/improve-security-visibility-detection-response-operations-aws-39410]]|Detection Response|
===, l'''armée'' américaine fonce vers le Cloud+++*[»]>
|2020.02.11|FCW|[[Army accelerates push to the cloud|https://fcw.com/articles/2020/02/11/army-accelerates-cloud-williams.aspx]]|US Military|
|2020.02.11|GCN| → [[Army takes training for a spin in tactical cloud|https://gcn.com/articles/2020/02/11/army-tactical-cloud-training-pilot.aspx]]|Military training|
===, liens Microsoft pour la sécurité d'''Azure''+++*[»]>
|2020.02.14|Michael Howard|![[So you want to learn Azure Security?|https://michaelhowardsecure.blog/2020/02/14/so-you-want-to-learn-azure-security/]]|Azure|
===
!3 - Weekly Cloud and Security Watch Newsletter[>img[iCSF/inEnglish.png]]
<<tiddler [[2020.02.16 - Weekly Newsletter - February 16th]]>>
!CSA News and Updates - February 10th to 16th
* Blog: 'Using SOC Reports for Cloud Security and Privacy' [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* News: European Defense Agency Workshop on 'Cloud Computing Information Security Challenges'
!Cloud and Security News Watch
[[Over 50 links|2020.02.16 - Veille Hebdomadaire - 16 février]] among which:
* Threats: Deep dive into real-world Kubernetes threats, Hunting for University of Maastricht breach using Azure Sentinel, Why ransomware will soon target the cloud
* Data leaks: Misconfigured AWS S3 Bucket leaks inmate records
* __Miscellaneous__: Cloud Backup Comparison: Azure vs AWS, Army accelerates push to the cloud, Detection and response, Learning about Azure Security
|!⇒ [[CloudSecurityAlliance.fr/go/K2G/|https://CloudSecurityAlliance.fr/go/K2G/]] |
<<tiddler [[arOund0C]]>>
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.02.16|
|2020.02.16|Christophe Parisel|![[Fighting Black Swans in AWS|https://www.linkedin.com/pulse/fighting-black-swans-aws-christophe-parisel/]]|AWS Black_Swan_Events|
|>|>|>|!2020.02.15|
|2020.02.15|TechBeacon|[[With containers, shift your security approach to the micro-perimeters|https://techbeacon.com/security/containers-shift-your-security-approach-micro-perimeters]]|Containers|
|2020.02.15|arXiv.org|[[Analyzing CNN Based Behavioural Malware Detection Techniques on Cloud IaaS|https://arxiv.org/pdf/2002.06383.pdf]] (pdf)|Malware Detection|
|>|>|>|!2020.02.14|
|2020.02.14|Michael Howard|![[So you want to learn Azure Security?|https://michaelhowardsecure.blog/2020/02/14/so-you-want-to-learn-azure-security/]]|Azure|
|2020.02.14|ID Access Management|![[Hunting for University of Maastricht breach using Azure Sentinel|https://identityaccess.management/2020/02/14/hunting-for-university-of-maastricht-breach-using-azure-sentinel/]]|Hunting|
|2020.02.14|Cloud Native Computing Foundation|[[Service Mess to Service Mesh|https://www.cncf.io/blog/2020/02/14/service-mess-to-service-mesh/]]|Misc|
|2020.02.14|DZone|[[Why IoT Needs a Cloud-Native IoT Messaging Service|https://dzone.com/articles/why-iot-needs-a-cloud-native-iot-messaging-service]]|IoT MQT|
|2020.02.14|VMblog|![[Cloud Backup Comparison: Azure vs AWS|https://vmblog.com/archive/2020/02/14/cloud-backup-comparison-azure-vs-aws.aspx]]|BackUps|
|2020.02.14|CSO Online|[[Overcoming the Cyber Security Challenges of the Cloud|https://www.csoonline.com/article/3521033/overcoming-the-cyber-security-challenges-of-the-cloud.html]]|Challenges|
|2020.02.14|//Google Cloud//|[[Logging + Trace: love at first insight|https://cloud.google.com/blog/products/management-tools/cloud-monitoring-with-full-stack-observability]]|Logging|
|2020.02.14|//DeltaRisk//|[[Google Advanced Protection Program Helps Prevent G Suite Account Compromise|https://deltarisk.com/blog/google-advanced-protection-program-helps-prevent-g-suite-account-compromise/]]|GCP Authentication|
|>|>|>|!2020.02.13|
|2020.02.13|InfoSecurity Magazine|[[Why Leaky Clouds Lead to Data Breaches|https://www.infosecurity-magazine.com/opinions/leaky-clouds-data-breaches]]|Data_Breaches|
|2020.02.13|GovLoop|[[Changing the Operating Model: 4 Ways for Government to Overcome Cloud Barriers|https://www.govloop.com/changing-the-operating-model-4-ways-for-government-to-overcome-cloud-barriers/]]|Government|
|2020.02.13|CBR Online|[[Intel Throws Its Weight Behind Israeli Mainframe-to-Cloud Backups Minnow|https://www.cbronline.com/news/intel-capital-model9]]|BackUps|
|2020.02.13|Solutions Review|[[The 7 Best Cloud Security Podcasts You Should Listen To|https://solutionsreview.com/cloud-platforms/the-7-best-cloud-security-podcasts-you-should-listen-to/]]|Podcasts|
|2020.02.13|Container Journal|[[Kubernetes Container Management Is Not Application Management|https://containerjournal.com/topics/container-management/kubernetes-container-management-is-not-application-management/]]|K8s|
|2020.02.13|//Microsoft//|[[Changing the Monolith - Part 4: Quick tech wins for a cloud-first world|https://www.microsoft.com/security/blog/2020/02/13/changing-the-monolith-part-4-quick-tech-wins-for-a-cloud-first-world/]] (4/5)|
|2020.02.13|//NucleusCyber//|[[Leveraging Azure Information Protection for Fine Grained Access and Sharing Control|https://nucleuscyber.com/leveraging-azure-information-protection-for-fine-grained-access-control/]]|Azure Data_Protection|
|2020.02.13|//Panther Labs//|[[7 Open Source Cloud Security Tools You Should Know|https://blog.runpanther.io/open-source-cloud-security-tools/]] (4/5)|[[Tools|GitHub-Tools]]|
|>|>|>|!2020.02.12|
|2020.02.12|Sébastien Paulet|[[Cloud Act et Cloud Microsoft en France|https://sppublish.wordpress.com/2020/02/12/cloud-act-et-cloud-microsoft-en-france/]]|Cloud_Act Microsoft|
|2020.02.12|Bleeping Computer|[[Office 365 Users Get Automated Protection From Malicious Docs|https://www.bleepingcomputer.com/news/security/office-365-users-get-automated-protection-from-malicious-docs/]]|O365|
|2020.02.12|TechRepublic|[[Cloud computing security: These two Microsoft tools can help you battle shadow IT|https://www.techrepublic.com/article/cloud-computing-security-these-two-microsoft-tools-can-help-you-battle-shadow-it/]]|Microsoft Tools|
|2020.02.15|arXiv.org|[[Efficient Cloud-based Secret Shuffling via Homomorphic Encryption|https://arxiv.org/pdf/2002.05231.pdf]]|Homomorphic_Encryption|
|2020.02.12|//NCC Group//|![[Deep Dive into Real-World Kubernetes Threats|https://research.nccgroup.com/2020/02/12/command-and-kubectl-talk-follow-up/]]|K8s|
|2020.02.12|//NCC Group//| → [[Présentation "Command and KubeCTL, Real-World Kubernetes Security for Pentesters"|https://docs.google.com/presentation/d/1y6KGGT5Uw27cCgFMKiGv0NjRhq8YvjY_S9UG8s_TThg/]] et [[démonstration|https://github.com/antitree/cmd_and_kubectl_demos]]|K8s|
|2020.02.12|//GitLab//|[[How to escalate privileges and steal secrets in Google Cloud Platform|https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/]]|GCP Privilege_Escalation|
|2020.02.12|//Rapid7//|[[How to Handle Misconfigurations in the Cloud|https://blog.rapid7.com/2020/02/12/how-to-handle-misconfigurations-in-the-cloud/]]|Misconfigurations|
|2020.02.12|//Microsoft Azure//|[[Building on secure productivity|https://www.microsoft.com/security/blog/2020/02/12/building-on-secure-productivity/]]|O365 Safe_Documents Application_Guard|
|2020.02.12|//Google Cloud//|[[Exploring Container Security: Run what you trust; isolate what you don't|https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-engine-features-and-guidance-to-help-lock-down-your-containers]]|Containers|
|2020.02.12|//Ntirety//|[[More Cloud, More Hacks: 2020 Cyber Threats|https://www.forbes.com/sites/emilsayegh/2020/02/12/more-cloud-more-hacks-pt-2/]] (2/2)|Misc|
|2020.02.12|SANS|![[How to Improve Security Visibility and Detection/Response Operations in AWS|https://www.sans.org/reading-room/whitepapers/analyst/improve-security-visibility-detection-response-operations-aws-39410]]|Detection Response|
|2020.02.12|Gitlab|[[Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments|https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/]]|GCP Flaw|
|>|>|>|!2020.02.11|
|2020.02.11|Dark Reading|![[Why Ransomware Will Soon Target the Cloud|https://www.darkreading.com/cloud/why-ransomware-will-soon-target-the-cloud-/a/d-id/1336957]]|Ransomware|
|2020.02.11|Intelligent CIO|[[Cloud usage drives cybersecurity spending in SANS 2020 Survey|https://www.intelligentcio.com/eu/2020/02/11/cloud-usage-drives-cybersecurity-spending-in-sans-2020-survey-2/]]|Survey|
|2020.02.11|FCW|[[Army accelerates push to the cloud|https://fcw.com/articles/2020/02/11/army-accelerates-cloud-williams.aspx]]|US Military|
|2020.02.11|GCN| → [[Army takes training for a spin in tactical cloud|https://gcn.com/articles/2020/02/11/army-tactical-cloud-training-pilot.aspx]]|Military training|
|2020.02.11|DZone|[[Build Your Cloud Strategy |https://dzone.com/articles/build-your-cloudnbspstrategy]]|Strategy|
|2020.02.11|//Centrify//[>img[iCSF/flag_fr.png]]|[[La confusion autour de la responsabilité partagée est une faille majeure de la sécurité cloud|https://datacenter-magazine.fr/la-confusion-autour-de-la-responsabilite-partagee-est-une-faille-majeure-de-la-securite-cloud/]]|Zero_Trust|
|2020.02.11|//Microsoft Azure//|[[Bring your threat intelligence to Azure Sentinel|https://techcommunity.microsoft.com/t5/azure-sentinel/bring-your-threat-intelligence-to-azure-sentinel/ba-p/1167546]]|Azure Sentinel|
|2020.02.11|//Awake Security//|[[When Data Is Currency, Who's Responsible for Its Security?|http://www.infosecisland.com/blogview/25248-When-Data-Is-Currency-Whos-Responsible-for-Its-Security.html]]|Responsibility|
|2020.02.11|//PaloAlto networks//|[[Holistic SDN Security Makes Security Comprehensive Everywhere|https://blog.paloaltonetworks.com/2020/02/cloud-sdn-security/]]|SDN|
|2020.02.11|//vextra//|[[Vectra Network Threat Detection Launches Office 365 Security Solution|https://www.msspalert.com/cybersecurity-services-and-products/ai/vectra-office-365-security/]]|Product O365|
|2020.02.11|//Cavirin//|[[No Excuses - The "First Line of Defense" for Cloud Security is Now Available at Your Fingertips!|https://vmblog.com/archive/2020/02/11/no-excuses-the-first-line-of-defense-for-cloud-security-is-now-available-at-your-fingertips.aspx]]|Products|
|2020.02.11|//SentinelOne//|[[From Storage to SaaS Cybersecurity: The Why|https://www.sentinelone.com/blog/from-storage-to-saas-cybersecurity-the-why/]] ([[podcast|https://s3.us-east-1.amazonaws.com/audio-for-wordpress-45086892059684b045a4189d91d52199e7d604f2/2020/02/amazon_polly_28245.mp3]])|Misc|
|2020.02.11|//Cisco//|[[Do I really need additional email security when using Office 365?|https://blogs.cisco.com/security/do-i-really-need-additional-email-security-when-using-office-365]]|O365|
|2020.02.11|//Panther Labs//|[[AWS Security Logging Fundamentals - VPC Flow Logs|https://blog.runpanther.io/aws-security-logging-vpc-flow-logs/]]|AWS Logging|
|2020.02.11|//StackRox//|![[Azure Kubernetes (AKS) Security Best Practices Part 2 of 4: Networking|https://www.stackrox.com/post/2020/02/azure-kubernetes-aks-security-best-practices-part-2-of-4/]] (2/4)|Azure Kubernetes Best_Practices|
|>|>|>|!2020.02.10|
|2020.02.10|CRN Australia|[[Google Cloud outage browns out two services|https://www.crn.com.au/news/google-cloud-outage-browns-out-two-services-537719]]|Outage GCP|
|2020.02.10|eForensics Mag|[[5 Things You Must Know About Cyber Security in the Cloud|https://eforensicsmag.com/5-things-you-must-know-about-cyber-security-in-the-cloud-by-anzhela-sychyk/]]|Misc|
|2020.02.10|TechRepublic|[[Kubernetes rollouts: 5 security best practices|https://www.techrepublic.com/article/kubernetes-rollouts-5-security-best-practices/]]|K8s|
|2020.02.10|DZone|[[Private Cloud: Benefits and Use Cases|https://dzone.com/articles/all-about-private-cloud]]|Private_Cloud|
|2020.02.10|DZone|[[Serverless Security Risks and How to Mitigate Them|https://dzone.com/articles/serverless-security-risks-and-how-to-mitigate-them]]|Serverless Risks|
|2020.02.10|//vpnMentor//|[[Report: Inmates' Prescriptions & PII Leaked in Breach Spanning Multiple Jailhouses|https://www.vpnmentor.com/blog/report-jailcore-leak/]]|Data_Leak AWS_S3|
|2020.02.11|Graham Cluley| → [[Prison inmates' sensitive data left exposed on leaky cloud bucket|https://www.grahamcluley.com/prisoner-data-leak-bucket/]]|Data_Leak AWS_S3|
|2020.02.12|//TrendMicro//| → [[Misconfigured AWS S3 Bucket Leaks 36,000 Inmate Records|https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/misconfigured-aws-s3-bucket-leaks-36-000-inmate-records]]|Data_Leak AWS_S3|
|2020.02.10|//DH2i//|[[Safeguarding RasPi and Shoring Up Cloud-Based DR, with a Software Defined Perimeter (SDP)|https://vmblog.com/archive/2020/02/10/safeguarding-raspi-and-shoring-up-cloud-based-dr-with-a-software-defined-perimeter-sdp.aspx]]|RaspberryPi SDP DRP|
|2020.02.10|//Microsoft Azure//|[[Three ways Azure AD Conditional Access balances security and productivity|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/three-ways-azure-ad-conditional-access-balances-security-and/ba-p/1144689]]|AzureAD|
|2020.02.10|//PuPuWeb//|[[The Future of the Cloud Native Security Platform: Q&A with John Morello|https://blog.paloaltonetworks.com/2020/02/cloud-native-security-platform-qa/]] (document de //PaloAlto Networks//)|Cloud_Native|
|2020.02.10|//AWS//|[[AWS CLI v2 is now generally available|https://aws.amazon.com/blogs/developer/aws-cli-v2-is-now-generally-available/]]|AWS|
!"//Re-thinking vulnerability management in the era of Hybrid IT & DevOps//"
[>img(250px,auto)[iCSA/K2DWT.png]]Webinar [[CloudBytes]] diffusé le 13 février 2020 — Présenté par Prateek Bhajankam,VP of Product Management & Badri Raghunathan, Director of Product Management de la société Qualys
<<<
// The digital transformation through Hybrid IT and DevOps has fundamentally changed how organizations operate - with major security implications.
How do companies detect and manage vulnerabilities when the enterprise network constantly evolves, and code written this morning gets deployed this afternoon? This requires enterprises to take a proactive, continuous and automated approach to security.
Join this session to learn from industry experts on how enterprises should approach vulnerability management and take a wholistic approach that goes beyond traditional metrics.
The speakers will detail how enterprises can implement a fully integrated vulnerability workflow - from asset inventory/discovery to vulnerability detection to prioritization and finally to remediation and patching.//
<<<
⇒ Voir le Webinar de 58 minutes [[sur le site de BrightTALK|https://CloudSecurityAlliance.fr/go/k2dw/]]
!SDP: The most Advanced Zero Trust Architecture[>img(150px,auto)[iCSA/CCM.png]]
Une présentation de septembre 2019.
<<<
//Today's "Zero Trust" implementations are like putting up a wall with multiple doors and allowing people to come and pick a lock on the door. We are then just relying on the locks.
It is much better to put up a fence around and authenticate people before they get to the doors. One does want to see who is knocking, but one doesn't want the threat to do bad things - like pick the locks. Authentication BEFORE access is the essence of real "Zero Trust"
This presentation aims to show how Software Defined Perimeter is the optimal architecture for "Zero Trust".//
<<<
* Lien ⇒ ''[[https://CloudSecurityAlliance.fr/go/k2ap/|https://cloudsecurityalliance.org/artifacts/sdp-the-most-advanced-zero-trust-architecture/]]''
[img(50%,1px)[iCSF/BluePixel.gif]]
!"//Sneak Preview of CSA Summit and RSA February 24 - 27 2020//"
[>img(150px,auto)[iCSA/CSAsecUpd.jpg]]Podcast de la série "[[CSA Security Update]]" publié le 11 février 2020 — Invité : Jim Reavis, CEO CSA
<<<
//Excerpt from the most recent PODCAST interview with Jim Reavis; Co-Founder and CEO of Cloud Security Alliance discussing the activities and speakers at the upcoming CSA Summit at RSA!//
<<<
__Liens :__
* Annonce → https://www.buzzsprout.com/303731/2715373-sneak-preview-of-csa-summit-and-rsa-february-24-27-2020
* Podcast → https://www.buzzsprout.com/303731/2715373-sneak-preview-of-csa-summit-and-rsa-february-24-27-2020.mp3
!Atelier de l'Agence Européenne de Défense sur la sécurité du Cloud
[>img(150px,auto)[iCSF/EDA.png]]La mission de l'''Agence Européenne de Défense'' (AED) consiste à "soutenir les États membres et le Conseil dans leurs efforts visant à améliorer les capacités de défense européennes dans le domaine de la gestion des crises et à maintenir la politique européenne de sécurité et de défense dans son état actuel et dans son évolution future".
Parmi les risques identifiés, l'AED met en avant :
* l'intégration entre la surveillance des réseaux locaux et celle du Cloud qui "//présente des problèmes encore largement non résolus//",
* la gestion des incidents qui "//présente des défis qui dépassent les frontières entre les domaines (par exemple : responsabilités contractuelles vs. connaissances techniques, accords de niveau de service vs. procédures opérationnelles standard, ...//"
* le traitement des informations classifiées de l'UE, avec notamment plusieurs entités de l'UE qui étudient la possibilité d'héberger des informations classifiées jusqu'à "Restreint UE" dans un Cloud public : une approche qui "//présente des défis importants, tant du point de vue de la réglementation/accréditation que du point de vue technologique//".
[>img(500px,auto)[iCSF/K4LEE.jpg]]L'AED a lancé un appel à la contributions pour un atelier qu'elle organise en collaboration avec CERT-EU, ENISA et EUROPOL/EC3. Elle invite les acteurs de l'industrie à se joindre au débat et à apporter leurs contributions.
Les propositions de contribution ne doivent pas dépasser 1.500 mots et doivent se concentrer sur un ou plusieurs aspects de la sécurité du Cloud, évaluer les problèmes de sécurité sur la base de l'expérience et proposer des solutions potentielles à des problèmes spécifiques.
Les critères d'évaluation des contributions sont :
* Crédibilité : avoir des antécédents avérés sur le marché de la cybersécurité et/ou de la cyberdéfense, mais le manque d'expertise en matière de défense ne sera pas un critère d'exclusion
* Polyvalence : avoir une bonne connaissance dans le domaine, les soumissions de PME étant fortement encouragées
* Innovation : présenter un bon niveau d'innovation et d'originalité
* Exhaustivité : démontrer une capacité à inclure des réponses dans le contexte plus large de la cyberdéfense et en relation entre le domaine cybernétique et d'autres domaines militaires.
* Pertinence : savoir s'adapter au profil des participants
Les principales dates et échéances sont les suivantes :
* 10 février 2020 : Publication de l'appel à communications
* ''23 mars 2020'' : Date limite de soumission des contributions
* 6 avril 2020 : Notification aux partenaires industriels sélectionnés
* 21 avril 2020 : Atelier
__Lien :__
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k2ac/]] sur le site de l'AED<<tiddler [[arOund0C]]>>
!"//Can you arrest a decentralized autonomous organization that lives in outer space?//"
[>img(150px,auto)[iCSA/K2ABU.jpg]]Article de blog publié le 10 février 2020 — Rédigé par Ashwin Chaudhary, Chief Executive Officer, Accedere+++*[»]> http://accedere.us/ ===
<<<
//Data security and privacy are increasingly challenging in today's cloud-based environments. Many organizations are storing a significant amount of data in distributed and hybrid cloud and even unmanaged environments, increasing challenges for regulatory compliance. Meanwhile, privacy mandates such as GDPR recommend data anonymization, which can be another form of encryption. Without a proper data governance program; however, organizations may face difficulties in meeting these privacy compliance mandates.
Providing independent third-party assurance such as a System and Organization Controls (SOC) 2 report helps address these concerns and helps cloud service providers (CSPs) stay ahead of the competition. This assurance also helps organizations mitigate data security and privacy risk.
Recently I authored a report on "SOC Reports for Cloud Security and Privacy"+++*[»]> ⇒ https://www.isaca.org/resources/isaca-journal/issues/2019/volume-6/soc-reports-for-cloud-security-and-privacy
Seules les 5 premières lignes de l'aricle sont disponibles aux non-membres de l'ISACA.=== In this article, I'll be giving an overview and summarizing several of the topics discussed in the report, including:
* Cloud Assurance for CSPs
* Privacy Compliance for Cloud
* Controls for User Organizations
!Cloud Assurance for CSPs
There are several approaches CSPs can leverage to provide assurance to their customers. Below I explain how each resource can be used to provide customers with confidence in using their CSP's services.
!!Cloud STAR Certification Roadmap
CSA7, in collaboration with the American Institute of CPAs (AICPA), developed a third-party assessment program of CSPs called the CSA Security Trust Assurance and Risk (STAR) Attestation. The STAR program provides multiple benefits, including indications of best practices and validation of the security posture of cloud offerings.
!!SOC 2 for Cloud CSA STAR Attestation
The SOC 2+ Framework allows a SOC 2 to report on any additional controls over and above the trust services criteria controls for security, availability, confidentiality, processing integrity and privacy. Taking advantage of this framework, STAR Attestation provides a framework for Certified Public Accountants performing independent assessments of CSPs using SOC 2 engagements with the CSA's Cloud Controls Matrix (CCM).
!!Cloud Controls Matrix (CCM)
The CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail, and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.
!!Level 2 CSA STAR Attestation
[>img(500px,auto)[iCSA/K2ABU.png]]The STAR Attestation is positioned as a third party certification at Level 2 of the Open Certification Framework. The STAR Attestation is a rigorous third-party independent assessment of the security of a cloud service provider (figure 2 and is based on type I or types II SOC attestations supplemented by the criteria in the CCM.
This assessment:
* Is based on a mature attestation standard
* Allows for the immediate adoption of the CCM and the flexibility to update the criteria as additional criteria and technology and market requirements change
* Does not require the use of any criteria that were not designed for or readily accepted by the CSP
* Provides for robust reporting on the service provider's description of its system and on the service provider's controls, including a description of the service auditor's tests of controls in a format very similar to the current SSAE 18 reporting, thereby facilitating market acceptance+++*[»]> Amazon Web Services, "Shared Responsibility Model"
⇒ https://aws.amazon.com/compliance/shared-responsibility-model/ ===
* Is a mature attest standard (it serves as the standard for SOC 2 and SOC 3 reporting)
* Provides for robust reporting on the service provider's description of its system and on the service provider's controls, including a description of the service auditor's tests of controls in a format very similar to the current SSAE 18 reporting, thereby facilitating market acceptance
* Provides evaluation over a period of time rather than a point in time
* Provides recognition with the AICPA logo
STAR Attestation builds on the key strengths of SOC 2 because it:
* Is a mature attest standard (it serves as the standard for SOC 2 and SOC 3 reporting)
* Provides for robust reporting on the service provider's description of its system and on the service provider's controls, including a description of the service auditor's tests of controls in a format very similar to the current SSAE 18 reporting, thereby facilitating market acceptance
* Provides evaluation over a period of time rather than a point in time
* Provides recognition with the AICPA logo
!!CSA Continuous Assessment (Level 2 and 3 Continuous)
STAR Level 2 Continuous builds on top of the STAR Level 2 requirement of third-party assessments and improves it by allowing the CSP to demonstrate a higher level of assurance and transparency with the addition of a continuous self-assessment.
In STAR Level 2, a CSP is assessed by a third party through one of the Level 2 programs against a determined and appropriate scope. The Level 2 programs, including STAR Certification, STAR Attestation, and C-STAR, are based on varied but demanding cloud security criteria of the CSA CCM, the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) ISO/IEC 27001 standards or the AICPA Trust Services Criteria (TSC), applied toward the CSP's assessment scope.
Level 3 Continuous Certification is a highly selective cloud security assessment program, extending the assurance level of a cloud service beyond the trust given by the certification cycle of ISO/IEC 27001 and the audit period of AICPA SOC 2 Type II reports.
STAR Level 3 Continuous requires all continuous assessments to be performed under the supervision of a third-party auditor. This differs from Level 2 Continuous, which requires a frequently submitted self-assessment on top of Level 2 by the CSP itself.
!!C5 Cloud Controls
In February 2016, the Bundesamt fur Sicherheit Institute (BSI)+++*[»]> ⇒ https://www.bsi.bund.de/ ===, or the German Federal Office for Information Security, established the "Cloud Computing Compliance Controls Catalog (C5) certification"+++*[»]> Federal Office for Information Security, "Compliance Controls Catalogue (C5)"
⇒ https://www.bsi.bund.de/EN/Topics/CloudComputing/Compliance_Controls_Catalogue/Compliance_Controls_Catalogue_node.html === after it noted the rise in cloud computing in Germany. With the C5, the BSI redefined the bar that CSPs should meet when dealing with German data. The establishment of the C5 elevated the demands on CSPs by combining the existing security standards (including international certifications such as ISO 27001) and requiring increased transparency in the data processing. C5 controls can be applied globally.
C5 is intended primarily for professional CSPs, their auditors, and customers of the CSPs. The catalog is divided into 17 thematic sections (e.g., organization of information security, physical security). C5 makes use of recognized security standards, such as ISO 27001, the Cloud Controls Matrix of the Cloud Security Alliance and BSI publications, and it uses these requirements wherever appropriate.
A SOC 2 report proves that a CSP complies with the requirements of the catalogue and that the statements made on transparency are correct. This report is based on the internationally recognized attestation system of the International Standard for Assurance Engagements (ISAE) 3000, which is used by public auditors. When auditing the annual financial statements, the auditors are already on site, and auditing, according to C5, can be performed without much additional effort.
!Privacy Compliance for Cloud
Privacy laws are now changing and may become more stringent. After GDPR, new privacy laws are already in force, such as the US California Consumer Privacy Act (CCPA). It may be prudent for organizations to be more proactive and adopt measures for privacy governance.
To demonstrate privacy-related controls, organizations can include the privacy criteria as part of the scope of their SOC 2 report.[i]Additionally, controls for any other specific laws can be included as additional subject matter. In the wake of new privacy mandates, organizations are encouraged not only to include privacy criteria in their SOC 2 report but also to demand including them in their vendors' SOC 2 report to mitigate risk.
!!SOC 2 Description for Privacy+++*[»]> American Institute of Certified Public Accountants, "System and Organization Controls: SOC Suite of Services"
⇒ https://www.aicpa.org/soc ===
A SOC 2 report contains a description of services that the service provider provides. When the description includes privacy, service organization management discloses the service commitments and system requirements identified in the service organization's privacy notice or in its privacy policy that are relevant to the system being described.
When making such disclosures, it may also be helpful to report users if service organization management describes the purposes, uses, and disclosures of personal information permitted by user entity agreements.
!!AICPA Trust Services Criteria (TSC) for Privacy+++*[»]> American Institute of Certified Public Accountants, "Trust Services Criteria" 2017
⇒ https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf ===
With approximately 50 points of focus, the TSC organizes the privacy criteria as follows:
* Notice and communication of objectives - The entity provides notice to data subjects about its objectives related to privacy.
* Choice and consent - The entity communicates choices available regarding the collection, use, retention, disclosure, and disposal of personal information to data subjects.
* Collection - The entity collects personal information to meet its objectives related to privacy.
* Use, retention and disposal - The entity limits the use, retention, and disposal of personal information to meet its objectives related to privacy.
* Access - The entity provides data subjects with access to their personal information for review and correction (including updates) to meet its objectives related to privacy.
* Disclosure and notification - The entity discloses personal information, with the consent of the data subjects, to meet its objectives related to privacy. Notification of breaches and incidents is provided to affected data subjects, regulators and others to meet its objectives related to privacy.
* Quality - The entity collects and maintains accurate, up-to-date, complete and relevant personal information to meet its objectives related to privacy.
* Monitoring and enforcement - The entity monitors compliance to meet its objectives related to privacy, including procedures to address privacy-related inquiries, complaints, and disputes.
!Controls for User Organizations
To protect its data in the cloud, users should consider implementing the following controls to minimize the risk:
* Create a secure design before moving to the cloud
* Conduct a cloud impact assessment
* Understand the crown jewels (data) and create a flow analysis
* Monitor role-based access controls (RBAC)
* Evaluate SOC reports with relevant controls of the CSPs
* Implement multifactor authentication (MFA)
* Analyze back up and encryption controls
* Evaluate policies and procedures
* Perform configuration audits
* Perform periodic internal audits
* Ensure compliance with laws e.g. data residency
!Read the full report from ISACA
Data governance and privacy programs that align with organizational goals can help in increasing the maturity roadmap. Continuous monitoring and assurance programs such as the SOC 2 can address weaknesses and provide better visibility to the organization's stakeholders. If you're interested in learning more, you can find the full version of the report here+++*[»]> https://www.isaca.org/resources/isaca-journal/issues/2019/volume-6/soc-reports-for-cloud-security-and-privacy ===
//[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k2ab/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 3 au 9 février 2020
* Salon : les thématiques du Forum Securité@Cloud 2020 des 18 et 19 mars 2020 sont connues+++*[»]> <<tiddler [[2020.02.07 - Thématiques du Forum Securité@Cloud 2020]]>>===
* Appel à Commentaires : "''Cloud Industrial IoT - ICS Security Glossary''"+++*[»]> <<tiddler [[2020.01.15 - Appel à commentaires : 'Cloud Industrial IoT - ICS Security Glossary']]>>===, derniers jours !
* Appel à Commentaires : document sur la ''gestion des risques pour les équipements médicaux connectés au Cloud''+++*[»]> <<tiddler [[2020.01.20 - Appel à commentaires : 'Managing the Risk for Medical Devices Connected to the Cloud']]>>===, derniers jours !
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.02.09 - Veille Hebdomadaire - 9 février]] avec une soixantaine de liens dont :
* __''À lire''__ : rapport 'Cloud Threat Report' de PaloAlto Networks+++*[»]>
|2020.02.05|//PaloAlto Networks//|![[Unit 42 Cloud Threat Report: Spring 2020|https://unit42.paloaltonetworks.com/cloud-threat-report-intro/]] ([[rapport|https://start.paloaltonetworks.com/unit-42-cloud-threat-report]])|Report|
|2020.02.05|//PaloAlto Networks//| → [[PaloAlto Networks Report Finds Poor Security Hygiene Leads to Escalating Cloud Vulnerabilities|https://www.prnewswire.com/news-releases/palo-alto-networks-report-finds-poor-security-hygiene-leads-to-escalating-cloud-vulnerabilities-300999159.html]]|Report|
===
* Panne : Microsoft Teams (expiration de certificat)+++*[»]>
|2020.02.03|//Microsoft//|![[Microsoft 365 Status - Microsoft Teams is down|https://twitter.com/MSFT365Status/status/1224351597624537088]]|Outage O365 Teams|
|2020.02.03|On MSFT| → [[Microsoft Teams is down this morning, the company is investigating|https://www.onmsft.com/news/microsoft-teams-is-down-this-morning-the-company-is-investigating]]|Outage O365 Teams|
|2020.02.03|Dark Reading| → [[Bad Certificate Knocks Teams Offline|https://www.darkreading.com/operations/bad-certificate-knocks-teams-offline/d/d-id/1336951]]|Outage O365 Teams|
|2020.02.03|CBR Online| → [[Microsoft Teams Takes a Tumble after Cert Expires|https://www.cbronline.com/enterprise-it/microsoft-teams-certificate/]]|Outage O365 Teams|
|2020.02.03|GeekWire| → [[Microsoft's Slack competitor Teams is down due to an expired authentication certificate|https://www.geekwire.com/2020/microsofts-slack-competitor-teams-due-expired-authentication-certificate/]]|Outage O365 Teams|
===
* Fuites de données : brésiliens fans de football+++*[»]>
|2020.02.05|ZDnet|[[Brazilian firm exposes personal details of thousands of soccer fans|https://www.zdnet.com/article/brazilian-firm-exposes-personal-details-of-thousands-of-soccer-fans/]]|Data_Leak AWS_S3|
===, et Trello+++*[»]>
|2020.02.04|CISO Mag|[[Trello App Exposes Personally Identifiable Information of its Users|https://www.cisomag.com/trello-app-exposes-personally-identifiable-information-of-its-users/]]|Data_Leak Trello|
|2020.01.30|Naked Security| → [[Trello Exposed Search Turns Up Huge Trove of Private Data|https://nakedsecurity.sophos.com/2020/01/30/trello-exposed-search-turns-up-huge-trove-of-private-data/]]|Data_Leak Trello|
===
* Vulnérabilités : Kubernetes+++*[»]>
|2020.02.04|Dark Reading|![[Kubernetes Shows Built-in Weakness|https://www.darkreading.com/vulnerabilities---threats/kubernetes-shows-built-in-weakness/d/d-id/1336956]]|K8s Flaws|
===
* Rapport : PaloAlto Networks (sur GitHub)+++*[»]>
|2020.02.06|//PaloAlto Networks//|![[Unit 42 CTR: Sensitive Data Exposed in GitHub|https://start.paloaltonetworks.com/unit-42-cloud-threat-report]]|Report|
===
* Outils : Dufflebag+++*[»]>
|2020.02.05|KitPloit|[[Dufflebag - Search Exposed EBS Volumes For Secrets|https://www.kitploit.com/2020/02/dufflebag-search-exposed-ebs-volumes.html]]|[[Tools|GitHub-Tools]]|
=== et Parliament+++*[»]>
|2020.02.04|//Cloudonaut//|[[Show your Tool: Parliament|https://cloudonaut.io/show-your-tool-parliament/]]|[[Tools|GitHub-Tools]]|
===
* __Divers__ : détection d'intrusion dans le Cloud+++*[»]>
|2020.02.06|//Uptycs//|![[Best Intrusion Detection Techniques In Cloud Computing|https://www.uptycs.com/blog/intrusion-detection-in-cloud-computing]]|Detection|
===, évaluation des prestataires cloud avec HECVAT+++*[»]>
|2020.02.05|Help Net Security|![[HECVAT toolkit helps higher education institutions assess cloud adoption risks|https://www.helpnetsecurity.com/2020/02/05/hecvat-toolkit/]]|Vendor_Assessment|
||EDUCAUSE|[[HECVAT - Higher Education Community Vendor Assessment Toolkit|https://www.ren-isac.net/public-resources/hecvat.html]]|Vendor_Assessment|
||EDUCAUSE|[[HECVAT Cloud Broker Index (CBI)|https://www.ren-isac.net/hecvat/cbi.html]]|Vendor_Assessment|
===, ressources et certifications AWS, surface d'attaque+++*[»]>
|2020.02.05|//XM Cyber//|![[Having Fun With Cloud Services|https://xmcyber.com/having-fun-with-cloud-services/]]|Attack_Surface|
===, risques liés au DaaS (Desktop-as-a-Service)+++*[»]>
|2020.02.04|//Hysolate//|[[3 Desktop as a Service (DaaS) Security Risks|https://www.hysolate.com/blog/desktop-as-a-service-daas-security-risks/]]|DaaS Risks|
===
!3 - Weekly Cloud and Security Watch Newsletter[>img[iCSF/inEnglish.png]]
<<tiddler [[2020.02.09 - Weekly Newsletter - February 9th]]>>
!CSA News and Updates - February 3rd to 9th
* Themes for the 'Forum Securité@Cloud 2020' in Paris, March 18th and 19th, 2020 [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* Open Peer Reviews: "Managing the Risk for Medical Devices Connected to the Cloud" (until Feb. 14th)
* Open Peer Reviews: "Cloud Industrial Internet of Things (IIoT) - Industrial Control Systems Security Glossary" (until Feb. 15th)
!Cloud and Security News Watch
[[Over 60 links|2020.02.09 - Veille Hebdomadaire - 9 février]] among which:
* Recommended reading: PaloAlto Networks' Unit 42 'Cloud Threat Report'
* __Outages__: Microsoft Teams (expired authentication certificate)
* Data Leaks: personal details of soccer fans in Brazil, and Trello
* Vulnerabilities: Kubernetes
* Report: PaloAlto Networks (Sensitive Data Exposed in GitHub)
* Tools: Dufflebag (to search exposed EBS volumes for secrets) and Parliament (AWS IAM linting library)
* __Miscellaneous__: Best intrusion detection techniques in Cloud Computing; Best Intrusion Detection Techniques In Cloud Computing; HECVAT toolkit to assess cloud adoption risks; Having fun with Cloud Services attack surface, some Desktop as a Service (DaaS) security risks
|!⇒ [[CloudSecurityAlliance.fr/go/K29/|https://CloudSecurityAlliance.fr/go/K29/]] |
<<tiddler [[arOund0C]]>>
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.02.09|
|2020.02.09|Cloud Security Podcast|[[Is public cloud secure? - Francesco Cipollone, Cloud Security Alliance|https://www.cloudsecuritypodcast.tv/listen-to-the-episodes/francesco-cipollone]]|Podcast|
|2020.02.09|Digital Journal|[[Interview: Cloud's biggest threat? The customers who use it|http://www.digitaljournal.com/tech-and-science/technology/interview-cloud-s-biggest-threat-the-customers-who-use-it/article/566808]]|Threats|
|2020.02.09|Bernard Marr|[[What Is A Data Passport: Building Trust, Data Privacy And Security In The Cloud|https://www.linkedin.com/pulse/what-data-passport-building-trust-privacy-security-cloud-bernard-marr/]]|Data Trust Privacy|
|2020.02.09|//RedHat//|[[What is hybrid cloud security?|https://www.redhat.com/en/topics/security/what-is-hybrid-cloud-security]]|Hybrid_Cloud|
|2020.02.09|//PuPuWeb//|![[10 Tenets of Effective SASE Solution to Secure Cloud-Enabled Organization|https://pupuweb.com/tenets-effective-sase-solution-secure-cloud-enabled-organization/]]|SASE|
|>|>|>|!2020.02.08|
|2020.02.08|Nathan Getty|[[AWS Automated Remediation - Part 1: Security Groups|https://getsec.github.io/2020/02/aws-remedy-1/]] (1/2)|AWS Remediation|
|>|>|>|!2020.02.07|
|2020.02.07|Bruce Schneier|[[Security in 2020: Revisited|https://www.schneier.com/blog/archives/2020/02/security_in_202_1.html]]|Challenges History|
|2020.02.07|//PaloAlto Networks//|[[The Cloud's Sunny Future: The Rewards of Working in Cloud Security|https://blog.paloaltonetworks.com/2020/02/cc-working-in-cloud-security/]]|Risks|
|2020.02.07|Safe Controls|[[DevSecOps: Embedded security in agile development|https://safecontrols.blog/2020/02/07/decsecops-embedded-security-in-agile-development/]]|DevSecOps|
|>|>|>|!2020.02.06|
|2020.02.06|//PaloAlto Networks//|![[Unit 42 CTR: Sensitive Data Exposed in GitHub|https://start.paloaltonetworks.com/unit-42-cloud-threat-report]]|Report|
|2020.02.06|Techcentral.ie| → [[Infrastructure-as-code templates are source of cloud infrastructure weaknesses|https://www.techcentral.ie/infrastructure-as-code-templates-are-source-of-cloud-infrastructure-weaknesses/]]|Report|
|2020.02.07|Bleeping Computer| → [[Misconfigured Docker Registries Expose Orgs to Critical Risks|https://www.bleepingcomputer.com/news/security/misconfigured-docker-registries-expose-orgs-to-critical-risks/]]|Report|
|2020.02.10|SecTor| → [[What Exposed Docker Registries Tell Us About Cloud Deployments|https://sector.ca/what-exposed-docker-registries-tell-us-about-cloud-deployments/]]|Report|
|2020.02.10|Security Week| → [[Misconfigured Docker Registries Expose Thousands of Repositories|https://www.securityweek.com/misconfigured-docker-registries-expose-thousands-repositories/]]|Report|
|2020.02.10|//ThreatPost//| → [[Docker Registries Expose Hundreds of Orgs to Malware, Data Theft|https://threatpost.com/docker-registries-malware-data-theft/152734/]]|Report|
|2020.02.06|//Uptycs//|![[Best Intrusion Detection Techniques In Cloud Computing|https://www.uptycs.com/blog/intrusion-detection-in-cloud-computing]]|Detection|
|2020.02.06|//ThreatStack//|[[9 AWS Security Certifications to Consider in 2020|https://www.threatstack.com/blog/9-aws-security-certifications-to-consider-in-2020]]|AWS Certifications|
|2020.02.06|//Park My Cloud//|[[7 Favorite AWS Training Resources|https://www.parkmycloud.com/blog/aws-training/]]|AWS Training|
|2020.02.06|//Caylent//|[[Understanding Kubernetes Interfaces: CRI, CNI, & CSI|https://caylent.com/understanding-kubernetes-interfaces-cri-cni-csi]]|K8s|
|2020.02.06|//Alibaba Cloud//|[[Analysis of TLS/SSL Handshake Failure Scenarios on Alibaba Cloud|https://www.alibabacloud.com/blog/analysis-of-tlsssl-handshake-failure-scenarios-on-alibaba-cloud_595800]]|TLS_SSL Failure|
|>|>|>|!2020.02.05|
|2020.02.05|TL;DR Security|[[#23 - OSINT, Automatic Exploit Generation, Cloud Security|https://tldrsec.com/blog/tldr-sec-023-osint-automatic-exploit-generation/]] |Weekly_Newsletter|
|2020.02.05|UK Authority|[[Survey shows risk, costs and skills shortage hinder cloud adoption|https://www.ukauthority.com/articles/survey-shows-risk-costs-and-skills-shortage-hinder-cloud-adoption/]]|Survey|
|2020.02.05|ZDnet|[[Brazilian firm exposes personal details of thousands of soccer fans|https://www.zdnet.com/article/brazilian-firm-exposes-personal-details-of-thousands-of-soccer-fans/]]|Data_Leak AWS_S3|
|2020.02.05|KitPloit|[[Dufflebag - Search Exposed EBS Volumes For Secrets|https://www.kitploit.com/2020/02/dufflebag-search-exposed-ebs-volumes.html]]|[[Tools|GitHub-Tools]]|
|2020.02.05|Silicon Angle|[[CIA reportedly seeking to hire multiple providers for new cloud computing contracts|https://siliconangle.com/2020/02/05/cia-seeking-hire-multiple-providers-new-cloud-computing-contracts/]]|Vendor_Assessment|
|2020.02.05|Cloud Native Computing Foundation|[[Announcing the containerd Project Journey Report|https://www.cncf.io/blog/2020/02/05/announcing-the-containerd-project-journey-report/]] ([[Analysis|https://www.cncf.io/cncf-containerd-project-journey/]])|Analysis Container|
|2020.02.05|Help Net Security|![[HECVAT toolkit helps higher education institutions assess cloud adoption risks|https://www.helpnetsecurity.com/2020/02/05/hecvat-toolkit/]]|Vendor_Assessment|
||EDUCAUSE|[[HECVAT - Higher Education Community Vendor Assessment Toolkit|https://www.ren-isac.net/public-resources/hecvat.html]]|Vendor_Assessment|
||EDUCAUSE|[[HECVAT Cloud Broker Index (CBI)|https://www.ren-isac.net/hecvat/cbi.html]]|Vendor_Assessment|
|2020.02.05|NextGov|[[CIA Issues Draft Solicitation for Next Step in Multibillion-Dollar Cloud Journey|https://www.nextgov.com/it-modernization/2020/02/cia-issues-draft-solicitation-next-step-multibillion-dollar-cloud-journey/162909/]]|Government US|
|2020.02.13|//Cloud Management Insider//| → [[The C2E Contract: Is CIA updating its cloud technology stack?|https://www.cloudmanagementinsider.com/the-cia-is-updating-its-cloud-technology-with-c2e-contract/]]|Government US|
|2020.02.05|GovLoop|[[Rethinking a Reliance on Public Cloud|https://www.govloop.com/hci-a-public-cloud-alternative/]] ([[étude|https://go.govloop.com/path-to-cloud.html]])|Survey|
|2020.02.05|HubSecurity|[[Top 5 Cyber Threats Facing Cloud Security in 2020|https://hubsecurity.io/top-5-cyber-threats-facing-cloud-security-in-2020/]]|Threats|
|2020.02.05|//OVH Cloud//[>img[iCSF/flag_fr.png]]|[[Quelle (r)évolution pour le cloud en 2020 ?|https://www.journaldunet.com/solutions/cloud-computing/1488599-quelle-r-evolution-pour-le-cloud-en-2020/]]|Evolutions|
|2020.02.05|//JDSupra//|[[Using Microsoft 365 to Stay Compliant with Data Privacy Laws|https://www.jdsupra.com/legalnews/using-microsoft-365-to-stay-compliant-55167/]]|O365 Privacy|
|2020.02.05|//Rapid7//|[[How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud|https://blog.rapid7.com/2020/02/05/how-to-identify-prioritize-and-remediate-vulnerabilities-in-the-cloud/]] (2/4)|Remediation|
|2020.02.05|//PaloAlto Networks//|![[Unit 42 Cloud Threat Report: Spring 2020|https://unit42.paloaltonetworks.com/cloud-threat-report-intro/]] ([[rapport|https://start.paloaltonetworks.com/unit-42-cloud-threat-report]])|Report|
|2020.02.05|//PaloAlto Networks//| → [[PaloAlto Networks Report Finds Poor Security Hygiene Leads to Escalating Cloud Vulnerabilities|https://www.prnewswire.com/news-releases/palo-alto-networks-report-finds-poor-security-hygiene-leads-to-escalating-cloud-vulnerabilities-300999159.html]]|Report|
|2020.02.05|DevOps.com| → [[Report Pins Cloud Security Woes on Flawed DevOps Processes|https://devops.com/report-pins-cloud-security-woes-on-flawed-devops-processes/]]|Report|
|2020.02.05|//XM Cyber//|![[Having Fun With Cloud Services|https://xmcyber.com/having-fun-with-cloud-services/]]|Attack_Surface|
|2020.02.05|//Ntirety//|[[More Cloud, More Hacks: Panic Or "Keep Calm And Carry On"?|https://www.forbes.com/sites/emilsayegh/2020/02/05/more-cloud-more-hacks-pt-1/]] (1/2)|Misc|
|2020.02.05|//Zscaler//|[[A zero trust approach simplifies user access and enables cloud migration|https://www.zscaler.com/blogs/corporate/zero-trust-approach-simplifies-user-access-and-enables-cloud-migration]]|Zero_Trust|
|2020.02.05|//Lastline//|[[You Need to Do SOMETHING to Prevent Your Clouds from Getting Hacked|https://www.lastline.com/blog/do-something-to-prevent-your-clouds-from-getting-hacked/]]|Misc|
|2020.02.05|//Virtustream//|[[Three cybersecurity questions every organisation should ask their cloud service providers|https://www.itproportal.com/features/three-cybersecurity-questions-every-organisation-should-ask-their-cloud-service-providers/]]|Vendor_Assessment|
|2020.02.05|//Datrium//|[[Datrium Expands Partner Network to Fuel Cloud Transformation and Deliver Cloud-based Disaster Recovery to Enterprises Globally|https://vmblog.com/archive/2020/02/05/datrium-expands-partner-network-to-fuel-cloud-transformation-and-deliver-cloud-based-disaster-recovery-to-enterprises-globally.aspx]]|DRP|
|2020.02.05|//JumpCloud//|[[Azure AD for Remote Users|https://jumpcloud.com/blog/azure-ad-remote-users/]]|AzureAD|
|2020.02.05|//Microsoft Azure//|[[Backup Explorer Now Available in Preview|https://azure.microsoft.com/en-us/blog/backup-explorer-now-available-in-preview/]] ([[Détails|https://docs.microsoft.com/en-us/azure/backup/monitor-azure-backup-with-backup-explorer]])|Azure BCP|
|2020.02.05|Redmond ChannelPartner| → [[Microsoft Issues Preview of Azure Backup Explorer|https://rcpmag.com/articles/2020/02/05/microsoft-previews-azure-backup-explorer.aspx]]|Azure BCP|
|2020.02.05|//VMware//|[[Cloud Companies Chase Future in Cybersecurity 'Wild West'|https://finance.yahoo.com/news/cloud-companies-chase-future-cybersecurity-110015077.html]]|Market|
|2020.02.05|//Compare the Cloud//|[[How to Design a Winning Cloud Procurement Strategy|https://www.comparethecloud.net/articles/how-to-design-a-winning-cloud-procurement-strategy/]]|Procurement|
|2020.02.05|//Netskope//|[[The CTI Cloud context dilema|https://www.enisa.europa.eu/events/2019-cti-eu/presentations/the-cti-cloud-context-dilema]]|CTI|
|2020.02.05|//RedHat//|[[The State of Enterprise Open Source|https://www.redhat.com/en/enterprise-open-source-report/2020]] ({{rapport[https://www.redhat.com/cms/managed-files/rh-enterprise-open-source-report-detail-f21756-202002-en.pdf]])|Report OpenSource|
|>|>|>|!2020.02.04|
|2020.02.04|Dark Reading|![[Kubernetes Shows Built-in Weakness|https://www.darkreading.com/vulnerabilities---threats/kubernetes-shows-built-in-weakness/d/d-id/1336956]]|K8s Flaws|
|2020.02.04|Bleeping Computer|[[Office 365 to Block Harmful Content Regardless of Custom Configs|https://www.bleepingcomputer.com/news/security/office-365-to-block-harmful-content-regardless-of-custom-configs/]]|O365|
|2020.02.04|The Register|[[The winners and losers of infrastructure clouds revealed: AWS, Microsoft, Google and Alibaba get fatter|https://www.theregister.co.uk/2020/02/04/worldwide_cloud_computing_revenue_up_37_in_2019_rivals_gain_slightly_on_aws/]]|Market|
|2020.02.04|ID Access Management|[[Integrating Defender ATP with Azure Sentinel to detect Pass-The-Hash & Pass-The-Ticket|https://identityaccess.management/2020/02/04/integrating-defender-atp-with-azure-sentinel-to-detect-pass-the-hash-pass-the-ticket/]]|Azure Sentinel|
|2020.02.04|Dark Reading|[[Companies Pursue Zero Trust, but Implementers Are Hesitant|https://www.darkreading.com/operations/identity-and-access-management/companies-pursue-zero-trust-but-implementers-are-hesitant/d/d-id/1336969]]|Zero_Trust|
|2020.02.04|//Cloudonaut//|[[Show your Tool: Parliament|https://cloudonaut.io/show-your-tool-parliament/]]|[[Tools|GitHub-Tools]]|
|2020.02.04|CISO Mag|[[Trello App Exposes Personally Identifiable Information of its Users|https://www.cisomag.com/trello-app-exposes-personally-identifiable-information-of-its-users/]]|Data_Leak Trello|
|2020.01.30|Naked Security| → [[Trello Exposed Search Turns Up Huge Trove of Private Data|https://nakedsecurity.sophos.com/2020/01/30/trello-exposed-search-turns-up-huge-trove-of-private-data/]]|Data_Leak Trello|
|2020.02.04|//Microsoft Azure//|[[Introducing Conditional Access for the Office 365 suite!|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-conditional-access-for-the-office-365-suite/ba-p/1131979]] ([[détails|https://aka.ms/CA_Service_Dependencies]])|O365|
|2020.02.04|//Google Cloud//|[[Bringing a passion for privacy to Cloud|https://cloud.google.com/blog/products/gcp/bringing-a-passion-for-privacy-to-cloud]]|GCP Privacy|
|2020.02.04|//Compare the Cloud//|[[Maintaining control in a multi-cloud ecosystem|https://www.comparethecloud.net/articles/maintaining-control-in-a-multicloud-ecosystem/]]|Multi_Cloud|
|2020.02.04|//Hysolate//|[[3 Desktop as a Service (DaaS) Security Risks|https://www.hysolate.com/blog/desktop-as-a-service-daas-security-risks/]]|DaaS Risks|
|2020.02.04|//ThreatStack//|[[25 Best Cloud Security Podcasts to Visit in 2020|https://www.threatstack.com/blog/25-best-cloud-security-podcasts-to-visit-in-2020]]|Podcasts|
|2020.02.04|//Attivo Networks//|[[Multi-Cloud Threat Detection Innovations Drive Cyber Deception Growth|https://vmblog.com/archive/2020/02/04/multi-cloud-threat-detection-innovations-drive-cyber-deception-growth.aspx]]|Deception|
|2020.02.04|//Paladion//|[[Why DevOps Is An Attractive Target For Cybercrime Syndicates|https://www.forbes.com/sites/forbestechcouncil/2020/02/04/why-devops-is-an-attractive-target-for-cybercrime-syndicates/]]|DevOps|
|2020.02.04|//TrendMicro//|[[Four Reasons Your Cloud Security Is Keeping You Up At Night|https://blog.trendmicro.com/four-reasons-your-cloud-security-is-keeping-you-up-at-night/]]|Best_Practices|
|>|>|>|!2020.02.03|
|2020.02.03|Hacker Combat|[[How to Conquer the Cybersecurity Challenges of the Cloud?|https://hackercombat.com/how-to-conquer-the-cybersecurity-challenges-of-the-cloud/]]|Challenges|
|2020.02.03|Container Journal|[[Microservices and Cloud-Native: 2 Paths to Get There|https://containerjournal.com/topics/container-ecosystems/microservices-and-cloud-native-2-paths-to-get-there/]]|MicroServices|
|2020.02.03|//Microsoft//|![[Microsoft 365 Status - Microsoft Teams is down|https://twitter.com/MSFT365Status/status/1224351597624537088]]|Outage O365 Teams|
|2020.02.03|On MSFT| → [[Microsoft Teams is down this morning, the company is investigating|https://www.onmsft.com/news/microsoft-teams-is-down-this-morning-the-company-is-investigating]]|Outage O365 Teams|
|2020.02.03|Dark Reading| → [[Bad Certificate Knocks Teams Offline|https://www.darkreading.com/operations/bad-certificate-knocks-teams-offline/d/d-id/1336951]]|Outage O365 Teams|
|2020.02.03|CBR Online| → [[Microsoft Teams Takes a Tumble after Cert Expires|https://www.cbronline.com/enterprise-it/microsoft-teams-certificate/]]|Outage O365 Teams|
|2020.02.03|GeekWire| → [[Microsoft's Slack competitor Teams is down due to an expired authentication certificate|https://www.geekwire.com/2020/microsofts-slack-competitor-teams-due-expired-authentication-certificate/]]|Outage O365 Teams|
|2020.02.03|//Compare the Cloud//|[[The damaging effect of cloud outages, and how to stop them|https://www.comparethecloud.net/articles/the-damaging-effect-of-cloud-outages-and-how-to-stop-them/]]|Outages Impacts|
|2020.02.03|//Catchpoint//|[[Visibility Is Critical During Cloud Migrations|https://blog.catchpoint.com/2020/02/03/cloud-migration-visibility/]]|Visibility|
|2020.02.03|//BishopFox Labs//|[[Dufflebag: Uncovering Secrets in Exposed EBS Volumes|https://labs.bishopfox.com/tech-blog/dufflebag-uncovering-exposed-ebs]]|Tools AWS_EBS|
!Conférences au Forum Securité@Cloud
Le cycle de conférence associé au "Forum Securité@Cloud" se déroulera les 18 et 19 mars 2020, dans le cadre du salon "''Cloud + Datacenter et IoT World - MtoM''" à Paris, Porte de Versailles. Ce Forum aborde la cybersécurité du Cloud et de l'IoT pendant les deux jours du salon dans une salle dédiée.
Les grandes thématiques du Forum par demi-journée sont les suivantes :
|>| !Mercredi 18 mars 2020 |
|Matin|Après-midi|
|''Cloud de Confiance'' • //Enjeux, Méthodologie, Outils d'analyse//
• Mesures de sécurité prendre pour migrer vers le Cloud & y rester en toute sérénité ? |''Cloud & Cybersécurité'' • //Etat de l'art, Innovations, Tendances//
• Sécurité du Cloud, sécurité par le Cloud : technologies & gouvernance|
|>| !Jeudi 19 mars 2020 |
|Matin|Après-midi|
|''Cybersécurité IoT'' • //Réglementations, Security By Design, Méthodes//
• Sécurité & développement IoT : points de vue des experts en cybersécurité |''Préparation & réaction aux incidents'' • //Cyberattaques, Continuité - Résilience//
• Cyber-résilience : Accélération des menaces & Cloud,comment y faire face ?|
''Si vous souhaitez faire une présentation ou participer à une table ronde sur l'un des thèmes, ou même animer une table ronde, contactez nous au plus vite.''
Dès que le programe définitif sera publié, il vous sera communiqué.
!!1 - Informations CSA de la semaine du 27 janvier au 2 février 2020
* Publication : Ajout 'Cloud OS Security Specifications' à la CCM v3.0.1+++*[»]> <<tiddler [[2020.01.29 - Publication : 'CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications']]>>===
* Appel à Commentaires : document "''The Six Pillars of DevSecOps: Collective Responsibility''"+++*[»]> <<tiddler [[2020.01.21 - Appel à commentaires : 'The Six Pillars of DevSecOps: Collective Responsibility']]>>=== : plus que 3 jours pour y participer
* Appel à Commentaires : document "''Cloud Industrial IoT - ICS Security Glossary''"+++*[»]> <<tiddler [[2020.01.15 - Appel à commentaires : 'Cloud Industrial IoT - ICS Security Glossary']]>>===
* Appel à Commentaires : document sur la ''gestion des risques pour les équipements médicaux connectés au Cloud''+++*[»]> <<tiddler [[2020.01.20 - Appel à commentaires : 'Managing the Risk for Medical Devices Connected to the Cloud']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.02.02 - Veille Hebdomadaire - 2 février]] avec seulement une cinquantaine de liens dont :
* __À prévoir :__ accès temporaire illimité sur CloudAcademy du 7 au 10 février 2002+++*[»]>
|2020.01.31|CloudAcademy|![[How to Unlock Complimentary Access to Cloud Academy|https://cloudacademy.com/blog/how-to-unlock-complimentary-access-to-cloud-academy/]]|Training|
===
* __À faire :__ il ne reste plus qu'un mois pour faire la rotation de certains de vos certificats AWS+++*[»]>
|2020.01.07|//AWS//|![[Urgent & Important - Rotate Your Amazon RDS, Aurora, and Amazon DocumentDB (with MongoDB compatibility) Certificates|https://aws.amazon.com/blogs/aws/urgent-important-rotate-your-amazon-rds-aurora-and-documentdb-certificates/]]|AWS Certificates|
|2020.01.09|Dark Reading|[[AWS Issues 'Urgent' Warning for Database Users to Update Certs|https://www.darkreading.com/cloud/aws-issues-urgent-warning-for-database-users-to-update-certs/d/d-id/1336766]]|AWS Certificates|
===
* __Attaques__ et vulnérabilités : retour sur la vulnérabilité Azure détectée par Checkpoint et ''corrigée en novembre 2019''+++*[»]>
|2020.01.30|//Check Point//|![[Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure (Part I)|https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/]] (1/2)|Azure Vulnerability CVE-2019-1372|
|2020.01.30|//Check Point//|![[Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure (Part II)|https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/]] (2/2)|Azure Vulnerability CVE-2019-1372|
|2020.01.30|Dark Reading| → [[Two Vulnerabilities Found in Microsoft Azure Infrastructure|https://www.darkreading.com/cloud/two-vulnerabilities-found-in-microsoft-azure-infrastructure/d/d-id/1336932]]|Azure Vulnerability CVE-2019-1372|
|2020.01.30|The Hacker News| → [[Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers|https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html]]|Azure Vulnerability CVE-2019-1372|
===, techniques d'attaques contre Docker+++*[»]>
|2020.01.29|//PaloAlto Networks//|![[Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed|https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-unsecured-docker-daemons-revealed/]]|Docker Attacks|
|2020.01.30|//Secodify//|! → [[Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed|https://www.secodify.com/report/014e5057-1ab1-5984-be97-794338b20f6a/]]|Docker Attacks|
===
* Rapports : recommandations du Syntec+++*[»]>
|2020.01.29|Syntec Numérique[>img[iCSF/flag_fr.png]]|[[Pour une ambition européenne en matière de Cloud : Syntec Numérique et TECH IN France formulent dix recommandations|https://syntec-numerique.fr/actu-informatique/pour-ambition-europeenne-en-matiere-cloud-syntec-numerique-tech-france-formulent]]|Report Syntec|
|2020.01.29|Silicon[>img[iCSF/flag_fr.png]]| → [[Cloud : 10 recommandations de Syntec Numérique et Tech in France|https://www.silicon.fr/cloud-recommandations-syntec-numerique-tech-in-france-333446.html]]|Report Syntec|
===, protection des données+++*[»]>
|2020.01.29|//Microsoft Azure//|![[Data Protection and Privacy Compliance in the Cloud: Privacy Concerns Are Not Slowing the Adoption of Cloud Services, but Challenges Remain|https://azure.microsoft.com/en-us/resources/ponemon-privacy-cloud-research/]] ([[rapport|https://azure.microsoft.com/mediahandler/files/resourcefiles/ponemon-privacy-cloud-research/Ponemon-privacy-cloud-research.pdf]])|Survey Ponemon|
|2020.01.29|//Microsoft Azure//| → [[10 recommendations for cloud privacy and security with Ponemon research|https://azure.microsoft.com/en-us/blog/10-recommendations-for-cloud-privacy-and-security-with-ponemon-research/]]|Survey Ponemon|
===, sondage Trendmicro et McAfee+++*[»]>
|2020.01.28|//McAfee//|[[Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report|https://www.mcafee.com/enterprise/en-us/solutions/lp/mcafee-data-dispersion-cloud-adoption-risk-report.html]]|Survey McAfee|
|2020.01.28|//McAfee//| → [[McAfee Report Demonstrates That Data Is Widely Dispersed in the Cloud Beyond Most Enterprise Control|https://www.businesswire.com/news/home/20200127005732/en/McAfee-Report-Demonstrates-Data-Widely-Dispersed-Cloud]]|Survey McAfee|
|2020.01.28|Help Net Security| → [[52% of companies use cloud services that have experienced a breach|https://www.helpnetsecurity.com/2020/01/28/accessing-cloud-services/]]|Survey McAfee|
|2020.01.30|Silicon[>img[iCSF/flag_fr.png]]| → [[Cloud : les entreprises perdent-elles le contrôle des données ?|https://www.silicon.fr/cloud-entreprises-controle-donnees-333516.html]]|Survey McAfee|
|2020.02.11|Silicon[>img[iCSF/flag_fr.png]]|[[Cloud : des données de plus en plus hors de contrôle ?|https://www.silicon.fr/cloud-donnees-hors-controle-334007.html]]|Survey McAfee|
===
* __Divers__ : bonnes pratiques+++*[»]>
|2020.01.28|Nathan Getty|![[Cloud Security Commandments|https://getsec.github.io/2020/01/csc/]]|Controls|
===, liste de tous les services AWS+++*[»]>
|2020.02.01|Techradar Pro|![[AWS: Your complete guide to Amazon Web Services & features|https://www.techradar.com/news/aws]]|AWS|
===, fondamentaux sur Azure+++*[»]>
|2020.01.30|Nino Crudele|![[Azure Fundamental for Ethical Hackers and Special Ops Team|https://ninocrudele.com/azure-fundamental-for-ethical-hackers-and-special-ops-team]] ([[pdf|https://ninocrudele.com/wp-content/docs/Azure-Fundamental-for-Ethical-Hackers-and-Special-Ops-Team.pdf]])|AWS Fundamentals|
===, SLAs, outil S3Enum+++*[»]>
|2020.01.30|KitPloit|[[S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters |https://www.kitploit.com/2020/01/s3enum-fast-amazon-s3-bucket.html]]|AWS_S3 [[Tools|Outils-GitHub]]|
===, APIs, Kubernetes, Cloud Act...
!3 - Contacts
Rejoignez nous sur [[Slack]] (si vous êtes déjà membre de notre groupe sur [[LinkedIN]]), et d'ici quelques semaines, sur [[Circle|CSA Circle]]
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.02.01|
|2020.02.01|Techradar Pro|![[AWS: Your complete guide to Amazon Web Services & features|https://www.techradar.com/news/aws]]|AWS|
|2020.02.01|//NCC Group//|[[Command and KubeCTL: Real-World Kubernetes Security for Pentesters|https://www.shmoocon.org/speakers#kubectl]] (Conférence Shmoocon)|Kubernetes PenTesting|
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.01.31|
|2020.01.31|Make Use Of|[[Protect Your Google Account Using the Advanced Protection Program|https://www.makeuseof.com/tag/google-advanced-protection-program/]]|Google Authentication|
|2020.01.31|CloudAcademy|![[How to Unlock Complimentary Access to Cloud Academy|https://cloudacademy.com/blog/how-to-unlock-complimentary-access-to-cloud-academy/]]|Training|
|2020.01.31|Container Journal|[[When To Use - and Not To Use - Microservices|https://containerjournal.com/topics/container-ecosystems/when-to-use-and-not-to-use-microservices/]]|Microservices|
|2020.01.31|//Check Point//|[[Cloud Visibility Challenges|https://blog.checkpoint.com/2020/01/31/cloud-visibility-challenges/]]|Misc|
|2020.01.31|//Imperva//|[[Imperva Received Top Scores in Gartner's "Critical Capabilities for Cloud Web Application Firewalls"|https://www.imperva.com/blog/criticalcomparisonsinappsecurity/]]|WAF|
|2020.01.31|//Thousand Eyes//|[[Measuring Cloud Performance: Mind Your Agency's SLAs|https://blog.thousandeyes.com/measuring-cloud-performance-agency-slas/]]|SLA|
|2020.01.31|//CyberArk Conjur//|[[Managing Secrets Successfully in a Cloud-Native World|https://www.conjur.org/blog/managing-secrets-successfully-in-a-cloud-native-world/]]|Secrets_Management|
|2020.01.31|//Flant//|[[Logs in Kubernetes: expectations vs reality|https://medium.com/flant-com/kubernetes-logging-challenges-aad3f45d8eed]]|K8s Logging|
|>|>|>|!2020.01.30|
|2020.01.30|TL;DR Security|[[#22 - Post AppSec Cali, K8s Security Monitoring at Scale|https://tldrsec.com/blog/tldr-sec-022-appsec-cali-kubernetes-monitoring/]] |Weekly_Newsletter|
|2020.01.30|BizTech|[[In the Cloud, IT Teams Remain Responsible for Cybersecurity|https://biztechmagazine.com/article/2020/01/cloud-it-teams-remain-responsible-cybersecurity]]|Governance Responsibility|
|2020.01.30|Cyber Defense Magazine|[[Blocking Privilege Escalation Attacks in Amazon Web Services (AWS)|https://www.cyberdefensemagazine.com/blocking-privilege-escalation-attacks-in-amazon-web-services-aws/]]|AWS Protection|
|2020.01.30|KitPloit|[[S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters |https://www.kitploit.com/2020/01/s3enum-fast-amazon-s3-bucket.html]]|AWS_S3 [[Tools|Outils-GitHub]]|
|2020.01.30|Nino Crudele|![[Azure Fundamental for Ethical Hackers and Special Ops Team|https://ninocrudele.com/azure-fundamental-for-ethical-hackers-and-special-ops-team]] ([[pdf|https://ninocrudele.com/wp-content/docs/Azure-Fundamental-for-Ethical-Hackers-and-Special-Ops-Team.pdf]])|AWS Fundamentals|
|2020.01.30|//Check Point//|![[Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure (Part I)|https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/]] (1/2)|Azure Vulnerability CVE-2019-1372|
|2020.01.30|//Check Point//|![[Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure (Part II)|https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/]] (2/2)|Azure Vulnerability CVE-2019-1372|
|2020.01.30|Dark Reading| → [[Two Vulnerabilities Found in Microsoft Azure Infrastructure|https://www.darkreading.com/cloud/two-vulnerabilities-found-in-microsoft-azure-infrastructure/d/d-id/1336932]]|Azure Vulnerability CVE-2019-1372|
|2020.01.30|The Hacker News| → [[Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers|https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html]]|Azure Vulnerability CVE-2019-1372|
|2020.01.30|//Comarch//|[[Using the Cloud: Seven Top Security Threats to Know About|https://www.infosecurity-magazine.com/blogs/cloud-security-threats-to-know/]]|Threats|
|2020.01.30|//CloudPassage//|[[Cloud Workload Security - Part 1: Introducing the Forrester Wave Report|https://www.cloudpassage.com/blog/cloud-workload-security-part1/]] (1/2)|Workloads|
|2019.12.24|//Forrester//| → [[Cloud Infrastructure Demands New Protection Approaches - The Forrester Wave™: Cloud Workload Security, Q4 2019|https://pages.cloudpassage.com/forrester_cloud_workload_security_q419]]|Analysis Workloads|
|2020.01.30|//Google//|[[Windows Server applications, welcome to Google Kubernetes Engine|https://cloud.google.com/blog/products/containers-kubernetes/run-windows-server-containers-on-gke]]|GCP Kubernetes Windows|
|2020.01.30|Silicon Angle| → [[Google brings Windows containers to its Kubernetes Engine|https://siliconangle.com/2020/01/30/google-brings-windows-containers-google-kubernetes-engine/]]|GCP Kubernetes Windows|
|2020.02.03|Silicon[>img[iCSF/flag_fr.png]]| → [[Google ouvre son Kubernetes aux conteneurs Windows|https://www.silicon.fr/google-kubernetes-conteneurs-windows-333643.html]]|GCP Kubernetes Windows|
|2020.01.30|//Backblaze//|![[Drive Stats Update|https://www.backblaze.com/blog/drive-stats-update/]]|Storage|
|2020.01.30|//Microsoft//|[[Changing the Monolith - Part 3: What's your process?|https://www.microsoft.com/security/blog/2020/01/30/changing-the-monolith-part-3-whats-your-process/]] (3/5)|Misc|
|>|>|>|!2020.01.29|
|2020.01.29|Syntec Numérique[>img[iCSF/flag_fr.png]]|[[Pour une ambition européenne en matière de Cloud : Syntec Numérique et TECH IN France formulent dix recommandations|https://syntec-numerique.fr/actu-informatique/pour-ambition-europeenne-en-matiere-cloud-syntec-numerique-tech-france-formulent]]|Report Syntec|
|2020.01.29|Silicon[>img[iCSF/flag_fr.png]]| → [[Cloud : 10 recommandations de Syntec Numérique et Tech in France|https://www.silicon.fr/cloud-recommandations-syntec-numerique-tech-in-france-333446.html]]|Report Syntec|
|2020.01.29|CloudTweaks|[[Five Ways to Secure Access to Cloud Workloads|https://cloudtweaks.com/2020/01/five-ways-secure-access-cloud-workloads/]]|Workloads|
|2020.01.29|Cloud Native Computing Foundation|[[Cloud Native Computing Foundation Announces Schedule for KubeCon + CloudNativeCon Europe 2020|https://www.cncf.io/announcement/2020/01/29/cloud-native-computing-foundation-announces-schedule-for-kubecon-cloudnativecon-europe-2020/]]|Conference Kubernetes|
|2020.01.29|VMblog|[[Virtualization Techniques in Cloud Computing|https://vmblog.com/archive/2020/01/29/virtualization-techniques-in-cloud-computing.aspx]]|Virtualization|
|2020.01.29|Dark Reading|[[Inside the Check Point Research Team's Investigation Process|https://www.darkreading.com/cloud/inside-the-check-point-research-teams-investigation-process/d/d-id/1336909]]|Misconfigurations|
|2020.01.29|The Last Watchdog|[[Strategic tactics are key to a robust Cloud Security Posture Management regime|https://www.lastwatchdog.com/guest-essay-strategic-tactics-are-key-to-a-robust-cloud-security-posture-management-regime/]]|CSPM|
|2020.01.29|AME Info|[[Don't be an ostrich. Look for cloud cover for your cybersecurity needs|https://www.ameinfo.com/industry/technology/dont-be-an-ostrich-look-for-cloud-cover-for-your-cybersecurity-needs]]|Misc|
|2020.01.29|//Microsoft Azure//|![[Data Protection and Privacy Compliance in the Cloud: Privacy Concerns Are Not Slowing the Adoption of Cloud Services, but Challenges Remain|https://azure.microsoft.com/en-us/resources/ponemon-privacy-cloud-research/]] ([[rapport|https://azure.microsoft.com/mediahandler/files/resourcefiles/ponemon-privacy-cloud-research/Ponemon-privacy-cloud-research.pdf]])|Survey Ponemon|
|2020.01.29|//Microsoft Azure//| → [[10 recommendations for cloud privacy and security with Ponemon research|https://azure.microsoft.com/en-us/blog/10-recommendations-for-cloud-privacy-and-security-with-ponemon-research/]]|Survey Ponemon|
|2020.01.29|//PaloAlto Networks//|![[Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed|https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-unsecured-docker-daemons-revealed/]]|Docker Attacks|
|2020.01.30|//Secodify//|! → [[Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed|https://www.secodify.com/report/014e5057-1ab1-5984-be97-794338b20f6a/]]|Docker Attacks|
|2020.01.29|//Sensu//|[[Security and privacy in the public cloud: What companies are missing and why it matters|https://blog.sensu.io/security-and-privacy-in-the-public-cloud]]|Privacy|
|2020.01.29|//Alcide//|[[Avoid Exposing Configs in Your SaaS Application|https://blog.alcide.io/exposing-configs]]|SaaS Misconfigurations|
|2020.01.29|//Sysdig//|[[Kubernetes Security monitoring at scale with Sysdig Falco|https://medium.com/@SkyscannerEng/kubernetes-security-monitoring-at-scale-with-sysdig-falco-a60cfdb0f67a]]|K8s Monitoring|
|>|>|>|!2020.01.28|
|2020.01.28|IT Pro[>img[iCSF/flag_fr.png]]|[[Spécial FIC 2020 : quels sont les enjeux de sécurité liés à l'adoption du Cloud ?|https://www.itpro.fr/special-fic-2020-quels-sont-les-enjeux-de-securite-lies-ladoption-du-cloud/]]|Survey TrendMicro|
|2020.02.06|Le Monde Informatique[>img[iCSF/flag_fr.png]]| → [[Les enjeux de sécurité restent un frein à l'adoption du cloud|https://www.lemondeinformatique.fr/actualites/lire-les-enjeux-de-securite-restent-un-frein-a-l-adoption-du-cloud-77996.html]]|Survey TrendMicro|
|2020.01.28|Infoguerre[>img[iCSF/flag_fr.png]]|[["Cloud Act", une polémique en trompe l'œil|https://infoguerre.fr/2020/01/cloud-act-polemique-trompe-loeil/]]|CLOUD_Act|
|2020.01.28|Nathan Getty|![[Cloud Security Commandments|https://getsec.github.io/2020/01/csc/]]|Controls|
|2020.01.28|SANS|[[Spends and Trends: SANS 2020 IT Cybersecurity Spending Survey|https://www.sans.org/reading-room/whitepapers/analyst/spends-trends-2020-cybersecurity-spending-survey-39385]]|Survey|
|2020.01.28|//McAfee//|[[Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report|https://www.mcafee.com/enterprise/en-us/solutions/lp/mcafee-data-dispersion-cloud-adoption-risk-report.html]]|Survey McAfee|
|2020.01.28|//McAfee//| → [[McAfee Report Demonstrates That Data Is Widely Dispersed in the Cloud Beyond Most Enterprise Control|https://www.businesswire.com/news/home/20200127005732/en/McAfee-Report-Demonstrates-Data-Widely-Dispersed-Cloud]]|Survey McAfee|
|2020.01.28|Help Net Security| → [[52% of companies use cloud services that have experienced a breach|https://www.helpnetsecurity.com/2020/01/28/accessing-cloud-services/]]|Survey McAfee|
|2020.01.30|Silicon[>img[iCSF/flag_fr.png]]| → [[Cloud : les entreprises perdent-elles le contrôle des données ?|https://www.silicon.fr/cloud-entreprises-controle-donnees-333516.html]]|Data|
|2020.01.28|//SpecterOps//|[[Attacking Azure, Azure AD, and Introducing PowerZure|https://posts.specterops.io/attacking-azure-azure-ad-and-introducing-powerzure-ca70b330511a]] (1/2)|Azure Tools|
|2020.01.28|//JumpCloud//|[[Cybersecurity with Cloud Computing|https://jumpcloud.com/blog/cybersecurity-with-cloud-computing/]]|Best_Practices|
|2020.01.28|//Imperva//|[[Automating API Security in the Cloud|https://www.imperva.com/blog/automating-api-security-in-the-cloud/]]|API|
|2020.01.28|//Optiv//|[[Orchestrator Risks - Gaining Visibility into NIST SP 800-190, Part Five|https://www.optiv.com/blog/orchestrator-risks]] (5/6)|
|2020.01.28|//Panther Labs//|[[How To Secure S3 Buckets Effectively|https://blog.runpanther.io/s3-bucket-security/]]|AWS Logging|
|>|>|>|!2020.01.27|
|2020.01.27|Above the Law|[[Hey, You, Get Off Of My Cloud: Cybersecurity Considerations For Managed Service Providers|https://abovethelaw.com/2020/01/hey-you-get-off-of-my-cloud-cybersecurity-considerations-for-managed-service-providers/]]|MSSPs Legal|
|2020.01.27|//BSK//|[[The CLOUD Act: Where International Data Privacy and Law Enforcement Collide|https://www.bsk.com/news-insights/the-cloud-act-where-international-data-privacy-and-law-enforcement-collide]]|CLOUD_Act|
|2020.01.27|//Intezer//|[[The Forgotten Link Between Linux Threats & Cloud Security|https://www.darkreading.com/cloud/the-forgotten-link-between-linux-threats-and-cloud-security/d/d-id/1336870]]|Threats|
|2020.01.27|//StackRox//|![[Azure Kubernetes (AKS) Security Best Practices Part 1 of 4: Designing Secure Clusters and Container Images|https://www.stackrox.com/post/2020/01/azure-kubernetes-aks-security-best-practices-part-1-of-4/]] (1/4)|Azure Kubernetes Best_Practices|
!"//Get a grip on data in Box and beyond - for compliance sake.//"
[>img(150px,auto)[iCSA/K2RBH.jpg]]^^Article publié le 27 février sur le blog de la CSA, après l'avoir été le 17 février 2020, sur le site de CipherCloud^^
__Liens :__
⇒ https://cloudsecurityalliance.org/blog/2020/02/27/get-a-grip-on-data-in-box-and-beyond-for-compliance-sake/
⇒ https://www.ciphercloud.com/get-a-grip-on-data-in-box-and-beyond-for-compliance-sake/
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Using Open Policy Agent (OPA) to Develop Policy as Code for Cloud Infrastructure//"
[>img(150px,auto)[iCSA/K2LBU.jpg]]^^Article publié le 21 février sur le blog de la CSA, après l'avoir été le 26 novembre 2019, il y a près de 3 mois sur le site de Fugue^^
__Liens :__
⇒ https://cloudsecurityalliance.org/blog/2020/02/21/using-open-policy-agent-opa-to-develop-policy-as-code-for-cloud-infrastructure/
⇒ https://www.fugue.co/blog/interactively-debugging-the-rego-policy-language-with-fregot
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Glenn Gerstell to Share Perspective on What the Digital Revolution Holds in Store for Business at CSA Federal Summit 2020//"
^^Annonce du 13 février 2020[>img(150px,auto)[iCSA/202005US-WashintonDC.jpg]]^^
<<<
^^//SEATTLE - Feb. 13, 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced that Glenn Gerstell, Senior Adviser for the+++[Center for Strategic & International Studies]> https://www.csis.org/ === (Washington, DC) and former National Security Agency (NSA) General Counsel, will headline its upcoming+++[Federal Summit]> https://csacongress.org/event/csa-federal-summit-2020/ === (May 12, Washington, DC). Gerstell will share his unique insight and perspective gleaned from his career working in key national security roles in his address "Coming Up Next: More Regulation ... Why the Digital Revolution Will Trigger More Duties on Private Businesses," and offer attendees a look at how the Digital Revolution will impact the future of corporate America.//^^
[...]
<<<
__Lien :__
⇒ https://cloudsecurityalliance.org/press-releases/2020/02/13/glenn-gerstell-to-share-perspective-on-what-the-digital-revolution-holds-in-store-for-business-at-csa-federal-summit-2020/
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//?CCPA - Introduction, Applicability and Recommendations//"
[>img(150px,auto)[iCSA/K26BC.png]]^^Article publié le 6 février sur le blog de la CSA, après l'avoir été le 6 janvier sur le site de CipherCloud.
Cet article à pour principal objectif de faire télécharger le document "CCPA Definitive Guide" de la société.
⇒ Lire [[l'article|https://cloudsecurityalliance.org/blog/2020/02/06/ccpa-introduction-applicability-and-recommendations/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.ciphercloud.com/ccpa-introduction-applicability-and-recommendations/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 202001>>
<<tiddler fAll2Tabs10 with: VeilleM","_202001>>
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|Aucune alerte pour le moment|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Janvier 2020]]>>
<<tiddler fAll2LiTabs10 with: NewsL","202001>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Janvier 2020]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Janvier 2020]]>><<tiddler fAll2LiTabs13end with: 'Actu","202001'>>
<<tiddler fAll2LiTabs13end with: 'Blog","202001'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Janvier 2020]]>>
<<tiddler fAll2LiTabs13end with: 'Publ","202001'>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Janvier 2020]]>>
!CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications[>img(150px,auto)[iCSA/CCM.png]]
<<<
//This document is an addendum to the CCM V3.0.1 and contains a controls mapping and gap analysis between the CSA CCM and CSA's research artifact "Cloud OS Security Specifications".
It aims to help organizations adhering to the Cloud OS Security Specifications to also meet CCM requirements.//
<<<
* Détail et fichier XLSX ⇒ ''[[https://CloudSecurityAlliance.fr/go/k1tp/|https://cloudsecurityalliance.fr/go/k1tp/]]''
[img(50%,1px)[iCSF/BluePixel.gif]]
!!1 - Informations CSA de la semaine du 20 au 26 janvier 2020
* Actu : Clap de fin pour ''Cloudwatt''+++*[»]> <<tiddler [[2020.01.26 - Clap de fin pour Cloudwatt]]>>===
* Blog : ''Blockchain et règlementation'', un sujet à creuser+++*[»]> <<tiddler [[2020.01.23 - Blog : 'Can you arrest a decentralized autonomous organization that lives in outer space?']]>>===
* Appel à Commentaires : document "''The Six Pillars of DevSecOps: Collective Responsibility''"+++*[»]> <<tiddler [[2020.01.21 - Appel à commentaires : 'The Six Pillars of DevSecOps: Collective Responsibility']]>>===
* Appel à Commentaires : document "''Cloud Industrial IoT - ICS Security Glossary''"+++*[»]> <<tiddler [[2020.01.15 - Appel à commentaires : 'Cloud Industrial IoT - ICS Security Glossary']]>>===
* Appel à Commentaires : document sur la ''gestion des risques pour les équipements médicaux connectés au Cloud''+++*[»]> <<tiddler [[2020.01.20 - Appel à commentaires : 'Managing the Risk for Medical Devices Connected to the Cloud']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.01.26 - Veille Hebdomadaire - 26 janvier]] avec seulement une cinquantaine de liens dont :
* A lire : Disponibilité de ''Azure Security Benchmark v1 (ASB)''+++*[»]>
|2020.01.23|//Microsoft Azure//|![[Azure Security Benchmark - 90 security and compliance best practices for your workloads in Azure|https://www.microsoft.com/security/blog/2020/01/23/azure-security-benchmark-90-security-compliance-best-practices-azure-workloads/]]|Azure Benchmark|
|2020.01.23|//Microsoft Azure//| → [[Azure security benchmarks documentation|https://docs.microsoft.com/en-us/azure/security/benchmarks/]]|Azure Benchmark|
===, document de la ''NSA'' sur les vulnérabilités du Cloud+++*[»]>
|2020.01.22|NSA|![[Mitigating Cloud Vulnerabilities|https://media.defense.gov/2020/Jan/22/2002237484/-1/-1/0/CSI-MITIGATING-CLOUD-VULNERABILITIES_20200121.PDF]]|Mitigation Best_Practices|
==, cartographie et inventaire des environnements éphémères+++*[»]>
|2020.01.20|!Marco Lancini |![[How to stay on top of your ephemeral environments with Cartography|https://www.marcolancini.it/2020/blog-mapping-moving-clouds-with-cartography/]] |Inventory Cartography|===
* Fuites de données : plusieurs cas avec AWS+++*[»]>
|2020.01.24|VPNmentor|[[Report: Adult Site Leaks Extremely Sensitive Data|https://www.vpnmentor.com/blog/report-pussycash-leak/]]|Data_Leak AWS_S3|
|>|!|>||
|2020.01.22|VPNmentor|[[Report: Cannabis Users' Sensitive Data Exposed in Data Breach|https://www.vpnmentor.com/blog/report-thsuite-breach/]]|Data_Leak AWS_S3|
|2020.01.23|The Register| → [[Sorry to be blunt about this... Open AWS S3 storage bucket just made 30,000 potheads' privacy go up in smoke|https://www.theregister.co.uk/2020/01/23/thsuite_data_exposed/]]|Data_Leak AWS_S3|
|>|!|>||
|2020.01.20|Computer Weekly|[[Exposed AWS buckets again implicated in multiple data leaks|https://www.computerweekly.com/news/252476870/Exposed-AWS-buckets-again-implicated-in-multiple-data-leaks]]|Data_Leaks AWS|
|>|!|>||
|2020.01.23|//Upguard//|[[Identity and Access Misstep: How an Amazon Engineer Exposed Credentials and More|https://www.upguard.com/breaches/identity-and-access-misstep-how-an-amazon-engineer-exposed-credentials-and-more]]|DataLeak AWS|
|2020.01.23|The Register| → [[Hapless AWS engineer spilled passwords, keys, confidential internal training info, customer messages on public GitHub|https://www.theregister.co.uk/2020/01/23/aws_engineer_credentials_github/]]|DataLeak AWS|
===, Azure+++*[»]>
|2020.01.22|//Microsoft Azure//|![[Access Misconfiguration for Customer Support Database|https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/]]|DataLeak Azure|
|2020.01.23|//Comparitech//| → [[Report: 250 million Microsoft customer service and support records exposed on the web|https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/]]|DataLeak Azure|
|2020.01.22|Redmond Channel partner| → [[Azure Misconfiguration Exposes 250 Million Microsoft Customer Accounts|https://rcpmag.com/articles/2020/01/22/azure-misconfiguration-exposes-250-million.aspx]]|DataLeak Azure|
|2020.01.23|Security Boulevard| → [[Microsoft Leaks 250M Customer Details in Azure Fat-Finger Faux Pas|https://securityboulevard.com/2020/01/microsoft-leaks-250m-customer-details-in-azure-fat-finger-faux-pas/]]|DataLeak Azure|
===
* Panne : AWS en Australie+++*[»]>
|2020.01.23|CRN AU|[[AWS cloud issues hit Sydney region|https://www.crn.com.au/news/aws-cloud-issues-hit-sydney-region-536921]]|Outage AWS Australia|
|2020.01.23|CRN AU| → [[AWS reveals rollback required to restore Sydney outage|https://www.crn.com.au/news/aws-reveals-rollback-required-to-restore-sydney-outage-536969]]|Outage AWS Australia|
==
* Rapport : croissance de Kubernetes selon le rapport annuel du CNCF+++*[»]>
|2020.01.21|Container Journal|[[CNCF Annual Report Shows Kubernetes Growth|https://containerjournal.com/topics/container-ecosystems/cncf-annual-report-shows-kubernetes-growth/]]|Report Kubernetes|
===
* __Divers__ : cloud et DRP+++*[»]>
|2020.01.24|Computer Weekly|![[Disaster recovery failover choices: Synchronous mirrors, P2V and the cloud|https://www.computerweekly.com/news/252477296/Disaster-recovery-failover-choices-Synchronous-mirrors-P2V-and-the-cloud]]|DRP|
===, Conformité, Forensique dans le Cloud+++*[»]>
|2020.01.24|Forensic Focus|![[Industry Roundup: Cloud Forensics|https://articles.forensicfocus.com/2020/01/24/industry-roundup-cloud-forensics/]]|Forensics|
===, Kubernetes, et Sécurisation AWS
!3 - Contacts
Rejoignez nous sur [[Slack]] (si vous êtes déjà membre de notre groupe sur [[LinkedIN]]), et d'ici quelques semaines, sur [[Circle|CSA Circle]]
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.01.26|
|2020.01.26|La Tribune[>img[iCSF/flag_fr.png]]|[[Cybersécurité : le Cloud Act, favorable ou préjudiciable à la vie privée des internautes ?|https://www.latribune.fr/entreprises-finance/industrie/aeronautique-defense/le-cloud-act-favorable-ou-prejudiciable-a-la-vie-privee-des-internautes-3-5-837994.html]]|CLOUD_Act|
|2020.01.26|manage IT|[[Sichere Cloud: BSI stellt aktualisierten C5-Katalog vor|https://ap-verlag.de/sichere-cloud-bsi-stellt-aktualisierten-c5-katalog-vor/58049/]]^^Secure Cloud: BSI presents updated C5 catalog^^|BSI|
|2020.01.26|//XM Cyber//|[[Gain Full Visibility into Potential Attacks Across Amazon Web Services (AWS) Environments|https://xmcyber.com/gain-full-visibility-into-potential-attacks-across-amazon-web-services-aws-environments/]]|AWS Risks Simulation|
|2020.01.26|Nathan Getty|[[So many AWS accounts, so much information!?|https://getsec.github.io/2020/01/cross-account-scannin/]]|AWS Scanning|
|>|>|>|!2020.01.24|
|2020.01.24|Forensic Focus|![[Industry Roundup: Cloud Forensics|https://articles.forensicfocus.com/2020/01/24/industry-roundup-cloud-forensics/]]|Forensics|
|2020.01.24|CyberDefense Mag|[[Moving Network Security to The Cloud|https://www.cyberdefensemagazine.com/moving-network-security-to-the-cloud/]]|SASE|
|2020.01.24|Computer Weekly|![[Disaster recovery failover choices: Synchronous mirrors, P2V and the cloud|https://www.computerweekly.com/news/252477296/Disaster-recovery-failover-choices-Synchronous-mirrors-P2V-and-the-cloud]]|DRP|
|2020.01.24|VPNmentor|[[Report: Adult Site Leaks Extremely Sensitive Data|https://www.vpnmentor.com/blog/report-pussycash-leak/]]|Data_Leak AWS_S3|
|2020.01.24|//Veracode//|[[Forrester Study on the Benefits of Cloud vs. On-Premises AppSec|https://www.veracode.com/blog/research/forrester-study-benefits-cloud-vs-premises-appsec-1]] ([[rapport|https://info.veracode.com/analyst-report-forrester-tei-report-saas-based-appsec-platform.html]]|Report|
|2020.01.24|//Rapid7//|[[Seven Tips for Better Cloud Security in 2020|https://blog.rapid7.com/2020/01/24/seven-tips-for-better-cloud-security-in-2020/]]|Best_Practices|
|2020.01.24|//Compare the Cloud//|[[IoT in the Cloud: Azure vs AWS|https://www.comparethecloud.net/articles/cloud/iot-in-the-cloud-azure-vs-aws/]]|IoT AWS Azure|
|2020.01.24|//NCC Group//|[[Tool Release - Enumerating Docker Registries with go-pillage-registries|https://research.nccgroup.com/2020/01/24/tool-release-enumerating-docker-registries-with-go-pillage-registries/]]|Docker Tools|
|>|>|>|!2020.01.23|
|2020.01.23|Silicon[>img[iCSF/flag_fr.png]]|[[Collaboratif : Slack localise les données en France|https://www.silicon.fr/collaboratif-slack-localise-les-donnees-en-france-333235.html]]|Slack|
|2020.01.23|TL;DR Security|[[#21 - AppSec Cali, Bezos's Phone, Fuzzing|https://tldrsec.com/blog/tldr-sec-021/]] |Weekly_Newsletter|
|2020.01.23|TechGenix|[[Keep a lid on your AWS cloud goodies with breach and attack simulation|http://techgenix.com/aws-cloud-breach-and-attack-simulation/]]|
|2020.01.23|KitPloit|[[AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model|https://www.kitploit.com/2020/01/alertresponder-automatic-security-alert.html]]|AWS Alerting|
|2020.01.23|CRN AU|[[AWS cloud issues hit Sydney region|https://www.crn.com.au/news/aws-cloud-issues-hit-sydney-region-536921]]|Outage AWS Australia|
|2020.01.23|CRN AU| → [[AWS reveals rollback required to restore Sydney outage|https://www.crn.com.au/news/aws-reveals-rollback-required-to-restore-sydney-outage-536969]]|Outage AWS Australia|
|2020.01.23|Data Privacy + Security Insider|[[Crime-as-a-Service Targets Popular Platforms|https://www.dataprivacyandsecurityinsider.com/2020/01/crime-as-a-service-targets-popular-platforms/]]|Crime-as-a-Service|
|2020.01.23|//Upguard//|[[Identity and Access Misstep: How an Amazon Engineer Exposed Credentials and More|https://www.upguard.com/breaches/identity-and-access-misstep-how-an-amazon-engineer-exposed-credentials-and-more]]|DataLeak AWS|
|2020.01.23|The Register| → [[Hapless AWS engineer spilled passwords, keys, confidential internal training info, customer messages on public GitHub|https://www.theregister.co.uk/2020/01/23/aws_engineer_credentials_github/]]|DataLeak AWS|
|2020.01.27|//DivvyCloud//| → [[AWS Data Exposed on GitHub|https://divvycloud.com/aws-data-exposed-on-github/]]|DataLeak AWS|
|2020.01.23|//Microsoft Azure//|![[Azure Security Benchmark - 90 security and compliance best practices for your workloads in Azure|https://www.microsoft.com/security/blog/2020/01/23/azure-security-benchmark-90-security-compliance-best-practices-azure-workloads/]]|Azure Benchmark|
|2020.01.23|//Microsoft Azure//| → [[Azure security benchmarks documentation|https://docs.microsoft.com/en-us/azure/security/benchmarks/]]|Azure Benchmark|
|2020.01.23|//Cloud Academy//|[[Learn Cloud Computing: Prerequisites|https://cloudacademy.com/blog/prerequisites-to-learn-cloud-computing-introduction/]]|Misc|
|2020.01.23|//Security Intelligence//|[[Head in the Clouds: Scaling Business Workloads Without Scaling Risk|https://securityintelligence.com/posts/head-in-the-clouds-scaling-business-workloads-without-scaling-risk/]]|Workloads|
|2020.01.23|//Checkpoint//[>img[iCSF/flag_fr.png]]|[[Les huit meilleures pratiques pour concilier multicloud et cybersécurité|https://itsocial.fr/enjeux/securite-dsi/cybersecurite/huit-meilleures-pratiques-concilier-multicloud-cybersecurite/]]|Best_Practices|
|>|>|>|!2020.01.22|
|2020.01.22|Silicon[>img[iCSF/flag_fr.png]]|[[Accès à privilèges dans le cloud : l'évidence de la sécurisation|https://www.silicon.fr/avis-expert/acces-a-privileges-dans-le-cloud-levidence-de-la-securisation]]|Access_Controls|
|2020.01.22|Journal du Net[>img[iCSF/flag_fr.png]]|[[Projet Gaia-X : quelles seront les clés du succès du cloud européen ?|https://www.journaldunet.com/solutions/expert/72478/projet-gaia-x---quelles-seront-les-cles-du-succes-du-cloud-europeen.shtml]]|GAIA-X Europe|
|2020.01.22|NSA|![[Mitigating Cloud Vulnerabilities|https://media.defense.gov/2020/Jan/22/2002237484/-1/-1/0/CSI-MITIGATING-CLOUD-VULNERABILITIES_20200121.PDF]]|Mitigation Best_Practices|
|2020.01.23|Dark Reading| → [[NSA Offers Guidance on Mitigating Cloud Flaws|https://www.darkreading.com/cloud/nsa-offers-guidance-on-mitigating-cloud-flaws/d/d-id/1336871]]|Mitigation Best_Practices|
|2020.01.24|NextGov| → [[NSA Offers Advice on Securing Clouds|https://www.nextgov.com/cybersecurity/2020/01/nsa-offers-advice-securing-clouds/162648/]]|Mitigation Best_Practices|
|2020.01.27|Security Week| → [[NSA Shares Guidance on Mitigating Cloud Vulnerabilities|https://www.securityweek.com/nsa-shares-guidance-mitigating-cloud-vulnerabilities]]|Mitigation Best_Practices|
|2020.02.03|//BitDefender//| → [[How to Mitigate the Most Common Cloud Vulnerabilities|https://businessinsights.bitdefender.com/mitigating-the-most-common-cloud-vulnerabilities]]|Mitigation|
|2020.01.22|VPNmentor|[[Report: Cannabis Users' Sensitive Data Exposed in Data Breach|https://www.vpnmentor.com/blog/report-thsuite-breach/]]|Data_Leak AWS_S3|
|2020.01.23|The Register| → [[Sorry to be blunt about this... Open AWS S3 storage bucket just made 30,000 potheads' privacy go up in smoke|https://www.theregister.co.uk/2020/01/23/thsuite_data_exposed/]]|Data_Leak AWS_S3|
|2020.02.06|Data Privacy Security Insider| → [[30,000 Cannabis Users' Data Exposed|https://www.dataprivacyandsecurityinsider.com/2020/02/30000-cannabis-users-data-exposed/]]|Data_Leak AWS_S3|
|2020.01.22|Help Net Security|[[Container security requires continuous security in new DevSecOps models|https://www.helpnetsecurity.com/2020/01/22/container-security-continuous-security/]]|Containers DevSecOps|
|2020.01.22|Computer Weekly|[[Spread of Kubernetes spurs backup and disaster recovery products|https://www.computerweekly.com/feature/Spread-of-Kubernetes-spurs-backup-and-disaster-recovery-products]]|DRP Kubernetes|
|2020.01.22|Kubernetes|[[KubeInvaders - Gamified Chaos Engineering Tool for Kubernetes|https://kubernetes.io/blog/2020/01/22/kubeinvaders-gamified-chaos-engineering-tool-for-kubernetes/]]|K8s Chaos_Engineering|
|2020.01.22|Dev.to|[[Kube Explained: Part 2 - Containers|https://dev.to/ethanjjackson/kube-explained-part-2-containers-5c1h]] (2/2)|Containers|
|2020.01.22|//Gremlin//|[[Democratizing Chaos Engineering and Progressing From Why to How|https://www.gremlin.com/blog/year-in-review/]]|Chaos_Engineering|
|2020.01.22|//Microsoft Azure//|![[Access Misconfiguration for Customer Support Database|https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/]]|DataLeak Azure|
|2020.01.23|//Comparitech//| → [[Report: 250 million Microsoft customer service and support records exposed on the web|https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/]]|DataLeak Azure|
|2020.01.22|Redmond Channel partner| → [[Azure Misconfiguration Exposes 250 Million Microsoft Customer Accounts|https://rcpmag.com/articles/2020/01/22/azure-misconfiguration-exposes-250-million.aspx]]|DataLeak Azure|
|2020.01.23|Security Boulevard| → [[Microsoft Leaks 250M Customer Details in Azure Fat-Finger Faux Pas|https://securityboulevard.com/2020/01/microsoft-leaks-250m-customer-details-in-azure-fat-finger-faux-pas/]]|DataLeak Azure|
|2020.01.22|//Security Intelligence//|[[Which Incident Response Investments Are You Prioritizing in 2020?|https://securityintelligence.com/articles/which-incident-response-investments-are-you-prioritizing-in-2020/]]|Incident Investments|
|2020.01.22|//Rapid7//|[[Vulnerability Management in the Cloud: Addressing the AWS Shared Responsibility Model|https://blog.rapid7.com/2020/01/22/vulnerability-management-in-the-cloud-addressing-the-aws-shared-responsibility-model/]] (1/4)|Vulnerability_Management AWS|
|2020.01.22|//Octarine//|[[Octarine Adds 2 Open Source Projects to Secure Kubernetes|https://containerjournal.com/topics/container-security/octarine-adds-2-open-source-projects-to-secure-kubernetes/]]|K8s|
|2020.01.22|//Octarine//|[[kube-scan - Octarine k8s cluster risk assessment tool|https://github.com/octarinesec/kube-scan]]|[[Tools|GitHub-Tools]]|
|2020.01.22|//Octarine//|[[KCCSS - Kubernetes Common Configuration Scoring System|https://github.com/octarinesec/kccss]]|[[Tools|GitHub-Tools]]|
|2020.01.22|//QuickHeal//|[[First Node.js-based Ransomware : Nodera|https://blogs.quickheal.com/first-node-js-based-ransomware-nodera/]]|Node.js Ransomware|
|2020.01.22|//Check Point//|[[The Challenge of Compliance in the Cloud|https://blog.checkpoint.com/2020/01/22/the-challenge-of-compliance-in-the-cloud/]]|Compliance|
|2020.01.22|//OVH//[>img[iCSF/flag_fr.png]]|[[Stéphane Nappo, RSSI OVHcloud : "La séparation technique des données est essentielle pour les fournisseurs de Cloud"|https://www.zdnet.fr/actualites/stephane-nappo-rssi-ovhcloud-la-separation-technique-des-donnees-est-essentielle-pour-les-fournisseurs-de-cloud-39897551.htm]]|Data|
|>|>|>|!2020.01.21|
|2020.01.20|!Marco Lancini |![[How to stay on top of your ephemeral environments with Cartography|https://www.marcolancini.it/2020/blog-mapping-moving-clouds-with-cartography/]] |Inventory Cartography|
|2020.01.21|SANS|[[Defending Infrastructure as Code in GitHub Enterprise|https://www.sans.org/reading-room/whitepapers/securecode/paper/39380]]|IaC|
|2020.01.21|Container Journal|[[CNCF Annual Report Shows Kubernetes Growth|https://containerjournal.com/topics/container-ecosystems/cncf-annual-report-shows-kubernetes-growth/]]|Report Kubernetes|
|2020.01.21|//Radware//|[[The Move to Multiple Public Clouds Creates Security Silos|https://blog.radware.com/security/2020/01/the-move-to-multiple-public-clouds-creates-security-silos/]]|Public_Cloud|
|2020.01.21|//Portshift//|[[Techniques and strategies to overcome Kubernetes security challenges|https://www.helpnetsecurity.com/2020/01/21/kubernetes-security-challenges/]]|K8s|
|2020.01.21|//Compare the Cloud//|[[Demystifying the cloud for CFOs|https://www.comparethecloud.net/articles/cfos-last-cloud-holdouts/]]|Misc|
|2020.01.21|//Cisco//|[[How DNS-Layer Security Can Improve Cloud Workloads|https://umbrella.cisco.com/blog/2020/01/23/how-dns-layer-security-can-improve-cloud-workloads/]]|!DNS|
|2020.01.21|//Cisco//|[[What is Cloud Security?|https://umbrella.cisco.com/blog/2020/01/21/what-is-cloud-security/]]|Misc|
|2020.01.21|//Armor//|[[How to Secure AWS: Advanced Strategies and Best Practices|https://www.armor.com/blog/secure-aws/]]|AWS Best_Practices|
|2020.01.21|//Cloud Academy//|[[Kubernetes: The Current and Future State of K8s in the Enterprise|https://cloudacademy.com/blog/kubernetes-the-current-and-future-state-of-k8s-in-the-enterprise/]]|K8s|
|2020.01.21|//Orca//|[[Unlocking the Key to the Cloud|https://blog.orca.security/unlocking-the-key-to-the-cloud]]|Key_Management|
|2020.01.21|//StackRox//|[[Using Containers and Kubernetes to Increase the Efficacy of Anomaly Detection|https://www.cncf.io/blog/2020/01/21/using-containers-and-kubernetes-to-increase-the-efficacy-of-anomaly-detection/]]|Detection|
|2020.01.21|//Orca//|[[Unlocking the Key to the Cloud|https://blog.orca.security/unlocking-the-key-to-the-cloud]]|Misc|
|2020.01.21|//Optiv//|[[Registry Risks - Gaining Visibility into NIST SP 800-190, Part Four|https://www.optiv.com/blog/registry-risks]] (4/6)|
|>|>|>|!2020.01.20|
|2020.01.20|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Kubernetes et Docker : comment sauvegarder ses conteneurs|https://www.lemondeinformatique.fr/actualites/lire-kubernetes-et-docker%C2%A0-comment-sauvegarder-ses-conteneurs-77776.html]]|Docker Kubernetes Backup|
|2020.01.20|Rick Blaisdell|[[IoT Devices and Cloud Computing: Friends or Foes? (infographie)|https://rickscloud.com/infographic-iot-devices-and-cloud-computing-friends-or-foes/]]|IoT|
|2020.01.20|Computer Weekly|[[Exposed AWS buckets again implicated in multiple data leaks|https://www.computerweekly.com/news/252476870/Exposed-AWS-buckets-again-implicated-in-multiple-data-leaks]]|Data_Leaks AWS|
|2020.01.20|CSO|[[How Adobe monitors cloud deployments to control shadow IT|https://www.csoonline.com/article/3514449/how-adobe-monitors-cloud-deployments-to-control-shadow-it.html#tk.rss_cloudsecurity]]|Shadow_IT|
|2020.01.20|Solutions Review|[[Preparing Your Cloud Solutions for CCPA: Three Steps to Follow|https://solutionsreview.com/cloud-platforms/preparing-your-cloud-solutions-for-ccpa-three-steps-to-follow/]]|Compliance|
|2020.01.20|Marco Lancini|![[Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography|https://www.marcolancini.it/2020/blog-mapping-moving-clouds-with-cartography/]] ([[outils|https://github.com/marco-lancini/cartography-queries]])|Resources_Mapping|
|2020.01.20|//AWS//|![[CloudEndure Highly Automated Disaster Recovery - 80% Price Reduction|https://aws.amazon.com/blogs/aws/cloudendure-highly-automated-disaster-recovery-80-price-reduction/]]|AWS DRP|
|2020.01.21|CRN AU|[[AWS slashes DR prices by 80 percent|https://www.crn.com.au/news/aws-slashes-dr-prices-by-80-percent-536795]]|AWS DRP|
|2020.01.28|CBR Online| → [[As AWS Slashes Disaster Recovery Costs by 80%, Can Independent Firms Compete?|https://www.cbronline.com/feature/aws-disaster-recovery]]|AWS DRP|
|2020.01.08|//Mnemonic//|[[Cloud security with an Angel|https://www.buzzsprout.com/652378/1876427-cloud-security-with-an-angel]] ([[mp3[https://www.buzzsprout.com/652378/1876427-cloud-security-with-an-angel.mp3]])|
[>img(200px,auto)[iCSF/Cloudwatt.jpg]]Cloudwatt, 6 septembre 2012 - 31 janvier 2020.
Comme le précise la "FAQ - Fermeture de la plateforme" :
* "''[...] la plateforme Cloudwatt sera désactivée à compter du 1er février 2020 et sans action de votre part vos données seront définitivement effacées et non récupérables.''"
* Il ne vous reste plus que quelques jours pour "''transférer le plus rapidement possible vos applications et/ou vos données vers un autre service et à fermer votre compte.''"
Voici quelques liens pour les quelques jours qui restent, et pour se replonger dans une histoire malheureuse commencée il y a plus d'une décennie avec ''Andromède''.
||Twitter[>img[iCSF/flag_fr.png]]|le compte [[Cloudwatt|https://twitter.com/cloudwatt]]| <<tiddler RollCloudwatt>> |
||Twitter|le hashtag [[#cloudwatt|https://twitter.com/hashtag/cloudwatt]]|~|
||Wikipedia[>img[iCSF/flag_fr.png]]|[[Cloudwatt|https://fr.wikipedia.org/wiki/Cloudwatt]]|~|
||Wikipedia[>img[iCSF/flag_fr.png]]|[[Andromède|https://fr.wikipedia.org/wiki/Androm%C3%A8de_(cloud)]]|~|
||Cloudwatt[>img[iCSF/flag_fr.png]]|![[FAQ - Fermeture de la plateforme|https://support.cloudwatt.com/kb/faq/fermeture/]]|~|
|2019.08.29|Rude baguette[>img[iCSF/flag_fr.png]]|>|[[Cloudwatt : vie et mort du premier "cloud souverain" de la France|https://www.rudebaguette.com/2019/08/cloudwatt-orange-cloud-souverain-fin/]]|
|2019.08.01|Les Echos[>img[iCSF/flag_fr.png]]|>|[[Une page se tourne pour le cloud souverain français|https://www.lesechos.fr/tech-medias/hightech/une-page-se-tourne-pour-le-cloud-souverain-francais-1118112]]|
|2019.07.31|le Monde Informatique[>img[iCSF/flag_fr.png]]|>|[[Cloudwatt : arrêt définitif de service en février 2020|https://www.lemondeinformatique.fr/actualites/lire-cloudwatt-arret-definitif-de-service-en-fevrier-2020-76055.html]]|
|2019.07.31|ZDnet[>img[iCSF/flag_fr.png]]|>|[[Cloudwatt : arrêt du service en février prochain|https://www.zdnet.fr/actualites/cloudwatt-arret-du-service-en-fevrier-prochain-39888593.htm]]|
|2016.12.20|ZDnet[>img[iCSF/flag_fr.png]]|>|[[Retour vers le futur - Cloudwatt et Numergy, les souverains descendent du nuage|https://www.zdnet.fr/actualites/retour-vers-le-futur-cloudwatt-le-souverain-descend-de-son-nuage-39813666.htm]]|
|2015.03.21|Direction Générale des Entreprises[>img[iCSF/flag_fr.png]]|>|[[Acquisition par Orange de Cloudwatt|https://www.entreprises.gouv.fr/dge/acquisition-par-orange-cloudwatt]] ([[Communiqué .pdf|https://www.entreprises.gouv.fr/files/files/directions_services/secteurs-professionnels/numerique/cloud-computing.pdf]])|
|2015.03.18|Silicon.fr[>img[iCSF/flag_fr.png]]|>|[[Cloudwatt sur les rails de la croissance d'Orange Business Services|https://www.silicon.fr/cloudwatt-sur-les-rails-de-la-croissance-dorange-business-services-111309.html]]|
|2015.03.17|Silicon.fr[>img[iCSF/flag_fr.png]]|>|[[Numergy et Cloudwatt : embrouilles sur le financement étatique|https://www.silicon.fr/numergy-et-cloudwatt-embrouilles-sur-le-financement-etatique-111295.html]]|
|2015.03.03|Silicon.fr[>img[iCSF/flag_fr.png]]|>|[[Le faux départ du Cloud souverain (tribune)|https://www.silicon.fr/faux-depart-cloud-souverain-109780.html]]|
|2015.03.24|Les Echos[>img[iCSF/flag_fr.png]]|>|[[Cloud souverain, un gâchis à la française|https://www.lesechos.fr/2015/02/cloud-souverain-un-gachis-a-la-francaise-1105856]]|
|2014.09.24|Next INpact[>img[iCSF/flag_fr.png]]|>|Cloud souverain : deux ans après, on fait le point ([[1|https://www.nextinpact.com/dossier/734-cloud-souverain-deux-ans-apres-on-fait-le-point/1.htm]]) ([[2|https://www.nextinpact.com/dossier/734-cloud-souverain-deux-ans-apres-on-fait-le-point/2.htm]]) ([[3|https://www.nextinpact.com/dossier/734-cloud-souverain-deux-ans-apres-on-fait-le-point/3.htm]])|
|2012.09.06|Silicon.fr[>img[iCSF/flag_fr.png]]|>|[[Projet Andromède : Orange et Thales matérialisent leur alliance avec Cloudwatt|https://www.silicon.fr/projet-andromede-orange-et-thales-materialisent-leur-alliance-avec-cloudwatt-78219.html]]|
[img(50%,1px)[iCSF/BluePixel.gif]]
⇒ [[CloudSecurityAlliance/go/k1qa|https://CloudSecurityAlliance/go/k1qa]] [img[iCSF/flag_fr.png]]oc
[img(50%,1px)[iCSF/BluePixel.gif]]
<<QOTD RolledCloudwatt 1852 noclick norandom>>
[img(100px,auto)[iCSF/Cloudwatt.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_1.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_2.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_3.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_4.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_5.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_7.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_5.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_4.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_3.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_2.png]]
----
[img(100px,auto)[iCSF/Cloudwatt_1.png]]
!"//Can you arrest a decentralized autonomous organization that lives in outer space?//"
[>img(150px,auto)[iCSA/K1NBC.jpg]]Article de blog publié le 23 janvier 2020 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA
<<<
//One aspect of the modern world is that lawbreaking has gotten more and more ambiguous. If I ship a pile of electronic scooters to some random city and pay contractors to drop them off around the city, have I just committed some bizarre act of littering? What about creating a website that lets people list their spare bedroom for rent and connect with people who want to rent it, typically something that isn't regulated in most places. But what if people start subletting apartments via this site and essentially turn their apartments into short term hotels, an industry that tends to be highly regulated? Well it turns out it's pretty simple, regulators simply define new terms or redefine old terms and create new regulations and laws to cover these new activities ("But it's a horseless taxi! Totally different!").
The same logic has generally been used to apply to jurisdiction. Even where you have a missing jurisdiction ("the Zone of Death"), you usually have some legal entity responsible for what is going on (a person or a company) that does reside in some jurisdiction somewhere (e.g. ships in international waters are registered in a country). Even if they live outside your jurisdiction, at least it gives you someone or something to talk to and negotiate with.
But what if the legal entity is a smart contract running on a blockchain, controlled by a technical voting process that usually boils down to voting based on how many units of the entity is owned by a voting organization. Oh and ownership of this obviously support anonymous and pseudonymous modes, assuming they even have any record-keeping or KYC ("Know Your Customer") going on. A regulator could attempt to make contact with the owners of the DAO, if they can figure out who that is, and even then you'd still have to convince a majority of the DAO owners to vote in favor of whatever is being proposed. Again traditionally one way to deal with this is to talk to the Blockchain that runs the workload; however, as this is rapidly going away, it turns out that building security into these smart contract systems keeps not only the bad guys out, but also deflects regulation.
Conclusion: if you think things are weird and messy now, just wait until a billionaire starts tweeting via a communications platform in outer space. Oh wait:// [>img(300px,auto)[iCSA/K1NBC.png]]
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k1nb/]] sur le blog de la CSA
!"//The Six Pillars of DevSecOps: Collective Responsibility//"
<<<
//The DevSecOps Working Group identified and defined six focus areas critical to integrating DevSecOps into an organization, in accordance with the six pillars described in CSA's Reflexive Security Framework.
More detailed research and guidance across each of the six pillars of DevSecOps will be revisited and established over time in order to maintain industry specific standards.
This paper is part of a planned series and will focus on the area that is arguably the foundation for all others - collective responsibility. Fostering a sense of collective security responsibility is not only an essential element of driving security into a DevOps environment, but it is also one of the most challenging.
It requires cultivating a change to the organization's mindset, its ideas and its customs and behaviors regarding software security.
In this paper, we refer to this effort as building a security-supportive culture.//
<<<
--La date limite pour faire les commentaires est fixée au ''5 février 2020''.--
Le document a été publié le 21 février 2020+++*[»]> <<tiddler [[2020.02.21 - Publication : 'The Six Pillars of DevSecOps: Collective Responsibility']]>>===
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k1la/]] sur le site de la CSA
!"//Managing the Risk for Medical Devices Connected to the Cloud//"
<<<
//With the increased number of Internet of Things devices, Healthcare Delivery Organizations are experiencing a digital transformation bigger than anything in the past.
The new breed of connected medical devices brings the promise of improved patient care, better clinical data, improved efficiency, and reduced costs; however, they also bring increased security risks.
The goal of this paper is to present the concept of managing medical devices based on their proximity to the patient and introduce practices to secure the use of cloud computing for medical devices.//
<<<
La date limite pour faire les commentaires est fixée au ''14 février 2020''.
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k1ka/]] sur le site de la CSA
!!1 - Informations CSA de la semaine du 13 au 19 janvier 2020
* Blog : Les prévisions de ''Jim Reavis'' pour 2020+++*[»]> <<tiddler [[2020.01.17 - Blog : Les prévisions de Jim Reavis pour 2020]]>>===
* Blog : Dans les coulisses du groupe de travail CSA ''IoT''+++*[»]> <<tiddler [[2020.01.15 - Blog : 'Behind the Scenes: IoT Working Group']]>>===
* Appel à Commentaires : document "''Cloud Industrial IoT - ICS Security Glossary''"+++*[»]> <<tiddler [[2020.01.15 - Appel à commentaires : 'Cloud Industrial IoT - ICS Security Glossary']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.01.19 - Veille Hebdomadaire - 19 janvier]] avec seulement une quarantaine de liens dont
* A lire : Certificat ISO 27701 pour Azure+++*[»]>
|2020.01.13|//Microsoft Azure//|[[Azure is now certified for the ISO/IEC 27701 privacy standard|https://azure.microsoft.com/en-us/blog/azure-is-now-certified-for-the-iso-iec-27701-privacy-standard/?cdn=disable]]|Azure privacy ISO_27701|
===, Nouveau Benchmark CIS pour Kubernetes+++*[»]>
|2020.01.15|//Google Cloud//|[[Exploring container security: Announcing the CIS Google Kubernetes Engine Benchmark|https://cloud.google.com/blog/products/containers-kubernetes/gke-cis-benchmarks-deliver-security-best-practices]]|K8s Benchmark Best_Practices|
|2020.01.15|Center for Internet Security|![[CIS Kubernetes Benchmark version 1.5.0|https://www.cisecurity.org/benchmark/]]|K8s Benchmark Best_Practices|
===
* __Attaques__ : JhoneRAT+++*[»]>
|2020.01.16|Talos|[[JhoneRAT: Cloud based python RAT targeting Middle Eastern countries|https://blog.talosintelligence.com/2020/01/jhonerat.html]]|Attacks|
|2020.01.20|GBHackers on Security| → [[JhoneRAT - Hackers Launching New Cloud-based Python RAT to Steal Data From Google Drive, Twitter & Google Forms|https://gbhackers.com/jhonerat/]]|Attacks|
===
* __Divers__ : Annonce du Bug Bounty Kubernetes, conférence Cloud et Sécurité en 2020, impact sur les données lors de la faillite d'un CSP, Sécurité du Multi-cloud, extrait d'un livre sur les tests d'intrusion AWS avec Kali
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.01.19|
|2020.01.19|//Cloudhelix//|[[Multicloud Gets Real, Virtual Machines Reboot, Security Goes Vertical: Are You Ready for Cloud 2020|https://www.cbronline.com/cloud/cloud-2020-outlook/]]|Predictions|
|2020.01.19|Nino Crudele|![[Azure tools: Aziverso is being refactored|https://ninocrudele.com/azure-tools-aziverso-being-refactored]]|Azure Scanning|
|>|>|>|!2020.01.17|
|2020.01.17|8 Brains[>img[iCSF/flag_fr.png]]|[[Pratique de Sécurité dans les Architectures Microservices|https://8brains.ca/pratique-de-securite-dans-les-architectures-microservices/]]|Micro_Services|
|2020.01.17|Le MagIT[>img[iCSF/flag_fr.png]]|[[Azure AD Premium P1 ou P2 : lequel vous convient le mieux ?|https://www.lemagit.fr/conseil/Azure-AD-Premium-P1-ou-P2-lequel-vous-convient]]|AzureAD|
|2020.01.17|//Check Point//|[[Achieving Continuous Compliance at the Speed of Cloud|https://blog.checkpoint.com/2020/01/17/achieving-continuous-compliance-at-the-speed-of-cloud/]]|Compliance|
|2020.01.17|//Check Point//|[[Cloud Native Security: What it Means|https://blog.checkpoint.com/2020/01/17/cloud-native-security-what-it-means/]]|Cloud_Native|
|2020.01.17|//ParkMyCloud//|[[Cloud Certification Guide: How to Master & Showcase Your Expertise in AWS, Azure, & Google Cloud|https://www.parkmycloud.com/blog/cloud-certification/]]|Certifications|
|2020.01.17|//Compare the Cloud//|[[Cloud service provider: Which questions should you be asking your CSP?|https://www.comparethecloud.net/articles/cloud-service-provider-questions/]]|Misc|
|2020.01.17|//Rancher//|[[Find Security Vulnerabilities in Kubernetes Clusters|https://rancher.com/blog/2020/kubernetes-security-vulnerabilities/]]|K8s Flaws|
|2020.01.17|Cloud Security Alliance|[[CSA 2019 Year in Review and look into 2020 with Co-Founder & CEO Jim Reavis|https://www.buzzsprout.com/303731/2513809-csa-2019-year-in-review-and-look-into-2020-with-co-founder-ceo-jim-reavis]] ([[audio|https://episodes.buzzsprout.com/1yo09wjdy3o6dxermt10lnq3gaer]])|CSA Predictions|
|2020.01.17|//Group-IB//|[[Hunting for Nextcloud Cloud Storage Forensic Artifacts on Endpoints|https://www.group-ib.com/blog/nextcloud]]|NextCloud Forensics|
|>|>|>|!2020.01.16|
|2020.01.16|Maarten Goet|[[Detecting CVE-2020–0601 and other attempts to exploit known vulnerabilities using Azure Sentinel|https://medium.com/wortell/detecting-cve-2020-0601-and-other-attempts-to-exploit-known-vulnerabilities-using-azure-sentinel-652fbcc0364c]]|Vulnerability CVE-2020-0601 Azure|
|2020.01.16|ThreatStack|[[The Best Cloud Security Conferences to Attend in 2020|https://www.threatstack.com/blog/the-best-cloud-security-conferences-to-attend-in-2020]]|Conference|
|2020.01.16|InsiderPro|[[Why multicloud security is your next big challenge|https://www.idginsiderpro.com/article/3514669/why-multicloud-security-is-your-next-big-challenge.html]]|Multi_Cloud|
|2020.01.16|Security Infowatch|[[Debunking 4 of the biggest cloud myths|https://www.securityinfowatch.com/video-surveillance/hosted-managed-video-surveillance/article/21121726/debunking-4-of-the-biggest-cloud-myths]]|Misc|
|2020.01.16|Talos|[[JhoneRAT: Cloud based python RAT targeting Middle Eastern countries|https://blog.talosintelligence.com/2020/01/jhonerat.html]]|Attacks|
|2020.01.17|ZDNet| → [[JhoneRAT exploits cloud services to attack Middle Eastern countries|https://www.zdnet.com/article/jhonerat-exploits-microsoft-office-cloud-services-to-attack-middle-eastern-countries/]]|Attacks|
|2020.01.20|GBHackers on Security| → [[JhoneRAT - Hackers Launching New Cloud-based Python RAT to Steal Data From Google Drive, Twitter & Google Forms|https://gbhackers.com/jhonerat/]]|Attacks|
|2020.01.16|//Recorded Future//|[[How Security Intelligence Enhances Cloud Security|https://www.recordedfuture.com/cloud-security-intelligence/]]|Threat_Intelligence|
|2020.01.16|//PaloAlto Networks//|[[Getting Cloud Smart: Security for Hybrid and Public Federal Clouds|https://blog.paloaltonetworks.com/2020/01/cloud-federal-clouds/]]|Hybrid_Cloud Government|
|2020.01.16|//Microsoft//|[[Changing the Monolith - Part 2: Whose support do you need?|https://www.microsoft.com/security/blog/2020/01/16/changing-the-monolith-part-2-whose-support-do-you-need/]] (2/5)|Misc|
|2020.01.16|Maarten Goet|[[Detecting CVE-2020–0601 and other attempts to exploit known vulnerabilities using Azure Sentinel|https://medium.com/wortell/detecting-cve-2020-0601-and-other-attempts-to-exploit-known-vulnerabilities-using-azure-sentinel-652fbcc0364c]]|CVE-2020–0601|
|>|>|>|!2020.01.15|
|2020.01.15|TradePub|"Hands-on AWS Penetration Testing with Kali Linux" : chapitre [[Exploitation on the Cloud using Kali Linux|https://sf.tradepub.com/free-offer/aws-penetration-testing-with-kali-linux--free-sample-chapters/w_pacb109]]|PenTesting|
|2020.01.15|MSSP Alert|[[AWS Cloud Data Leak: UK Consulting Firms' Sensitive Information Exposed|https://www.msspalert.com/cybersecurity-breaches-and-attacks/aws-data-leak-uk-consulting-exposures/]]|Data_Leak AWS|
|2020.01.15|The Sneak Life|[[Une nouvelle ère de Sécurité du cloud marché est en croissance dans la demande énorme en 2020|https://www.thesneaklife.com/2020/01/15/une-nouvelle-ere-de-securite-du-cloud-marche-est-en-croissance-dans-la-demande-enorme-en-2020-trend-micro-inc-mcafee-llc-symantec-corporation-international-business-machines-corporation/]]|Market_Analysis|
|2020.01.15|//Microsoft Azure//|![[New Azure blueprint for CIS Benchmark|https://azure.microsoft.com/en-us/blog/new-azure-blueprint-for-cis-benchmark/]]|Azure Benchmark|
|2020.01.15|//Google Cloud//|[[Exploring container security: Announcing the CIS Google Kubernetes Engine Benchmark|https://cloud.google.com/blog/products/containers-kubernetes/gke-cis-benchmarks-deliver-security-best-practices]]|K8s Benchmark Best_Practices|
|2020.01.15|Center for Internet Security|![[CIS Kubernetes Benchmark version 1.5.0|https://www.cisecurity.org/benchmark/]]|K8s Benchmark Best_Practices|
|2020.01.15|//Catalogic Software//|[[Catalogic Software Announces KubeDR - Open Source Kubernetes Disaster Recovery|https://vmblog.com/archive/2020/01/15/catalogic-software-announces-kubedr-open-source-kubernetes-disaster-recovery.aspx]]|K8s DRP|
|2020.01.15|//PaloAlto Networks//|[[Your SaaS Security Checklist|https://blog.paloaltonetworks.com/2020/01/cloud-saas-security/]]|SaaS|
|2020.01.15|//Tripwire//|[[Key Cloud Security Challenges and Strategies to Overcome Them|https://www.tripwire.com/state-of-security/security-data-protection/cloud/key-cloud-security-challenges-strategies/]]|Strategies|
|2020.01.15|//Nuage Networks//|[[How SD-WAN Helps Achieve Data Security and Threat Protection|https://www.darkreading.com/cloud/how-sd-wan-helps-achieve-data-security-and-threat-protection-/a/d-id/1336724]]|SDWAN|
|2020.01.15|//StackRox//|[[Guide to Kubernetes Egress Network Policies|https://www.stackrox.com/post/2020/01/kubernetes-egress-network-policies/]]|K8s Filtering|
|2020.01.15|//AllCloud//|![[AllCloud Reveals Current and Emerging Trends in Cloud Infrastructure|https://allcloud.io/press_releases/allcloud-reveals-current-and-emerging-trends-in-cloud-infrastructure/]] ([[rapport|https://allcloud.io/go/2020-cloud-infrastructure-report/]])|Report AllCloud|
|>|>|>|!2020.01.14|
|2020.01.14|UK Authority|[[Home Office signs cloud deal with AWS|https://www.ukauthority.com/articles/home-office-signs-cloud-deal-with-aws/]]|Government AWS UK|
|2020.01.14|Blackblaze|[[A Sandbox in the Clouds: Software Testing and Development in Cloud Storage|https://www.backblaze.com/blog/a-sandbox-in-the-clouds-software-testing-and-development-in-cloud-storage/]]|Storage|
|2020.01.14|Kubernetes|![[Announcing the Kubernetes bug bounty program|https://kubernetes.io/blog/2020/01/14/kubernetes-bug-bounty-announcement/]]|K8s Bug_Bounty|
|2020.01.14|Cloud Native Computing Foundation| → [[Introducing the Kubernetes Bug Bounty Program|https://www.cncf.io/blog/2020/01/14/introducing-the-kubernetes-bug-bounty-program/]]|K8s Bug_Bounty|
|2020.01.14|HackerOne| → [[Kubernetes Bug Bounty Program|https://hackerone.com/kubernetes]]|K8s Bug_Bounty|
|2020.01.14|Silicon Angle| → [[CNCF launches Kubernetes bug bounty program |https://siliconangle.com/2020/01/14/cncf-launches-kubernetes-bug-bounty-program/]]|K8s Bug_Bounty|
|2020.01.14|International Journal of Cloud Computing| → [[Secure cloud computing using homomorphic construction|https://www.inderscience.com/info/inarticle.php?artid=104498]]|Homomorphic_Encryption|
|2020.01.17|TechXplore|[[Homomorphic encryption for cloud users|https://techxplore.com/news/2020-01-homomorphic-encryption-cloud-users.html]]|Homomorphic_Encryption|
|2020.01.14|//Microsoft//|[[The Changing Face of Cloud Threat Intelligence|https://www.securityweek.com/changing-face-cloud-threat-intelligence]]|CTI|
|2020.01.14|//G2//|[[Exploring the Future of Cloud Computing in 2020 and Beyond|https://learn.g2.com/future-of-cloud-computing]]|History|
|2020.01.14|//Kindite//|![[The Last Encryption Gap - Data in Use|https://blog.kindite.com/the-last-encryption-gap-data-in-use]]|Encryption|
|>|>|>|!2020.01.13|
|2020.01.13|AGEFI[>img[iCSF/flag_fr.png]]|[[Données en danger dans la faillite du cloud-provider|http://www.agefi.com/home/acteurs/detail/edition/online/article/donnees-en-danger-dans-la-faillite-du-cloud-provider-493333.html]]|CSP Failure|
|2020.01.13|Silicon[>img[iCSF/flag_fr.png]]|[[Orchestration des conteneurs : pour quels cas d'usage et avec quelles solutions ?|https://www.silicon.fr/avis-expert/orchestration-des-conteneurs-pour-quels-cas-dusage-et-avec-quelles-solutions]]|Containers|
|2020.01.13|CSO|[[Moving security operations to the cloud|https://www.csoonline.com/article/3512589/moving-security-operations-to-the-cloud.html]]|OpSec|
|2020.01.13|CISO Mag|[[5 Threat Predictions for 2020: Are You Prepared?|https://www.cisomag.com/threat-predictions-for-2020/]]|Predictions|
|2020.01.13|Hackin9|[[AWS Report - a tool for analyzing amazon resources|https://hakin9.org/aws-report-a-tool-for-analyzing-amazon-resources/]]|Tools AWS|
|2020.01.13|//Wallix//[>img[iCSF/flag_fr.png]]|[[Comment remédier aux ravages du Cloud Act ?|https://www.journaldunet.com/solutions/expert/72421/comment-remedier-aux-ravages-du-cloud-act.shtml]]|CLOUD_Act|
|2020.01.13|//Microsoft Azure//|[[Azure is now certified for the ISO/IEC 27701 privacy standard|https://azure.microsoft.com/en-us/blog/azure-is-now-certified-for-the-iso-iec-27701-privacy-standard/?cdn=disable]]|Azure privacy ISO_27701|
|2020.01.13|//PaloAlto Networks//|[[Why Cloud Security Seems So Hard, and How to Overcome These Challenges|https://blog.paloaltonetworks.com/2020/01/cloud-security-challenges/]]|Challenges|
|2020.01.13|//CipherCloud//|[[Prevent security misconfigurations in a multi-cloud environment|https://www.ciphercloud.com/prevent-security-misconfigurations-in-a-multi-cloud-environment/]]|Misconfigurations|
|2020.01.13|Cloud Security Podcast|[[Cloud Security journey of Dow Jones post the AWS Cloud Breach , with Jay Kelath, Product Security|https://www.cloudsecuritypodcast.tv/listen-to-the-episodes/jay-kelath]]|Podcast|
!"//2020 Predictions: Hear Me Now and Believe Me Later//"
[>img(150px,auto)[iCSA/K1HB3.jpg]][>img(150px,auto)[iCSA/K1HB2.jpg]]Article de blog publié le 17 janvier 2020 — Rédigé par Jim Reavis, Co-Founder et CEO de la CSA
<<<
//I am typing up my prediction blog using an invisible ink font, to reduce my embarrassment when 2021 rolls by. I know prediction articles can be a dime a dozen and prognosticators pick both easy and vague items to appear smarter than they are. I am all about that!
Before I give you my predictions, here are a few predictions others made about the year 2020:
* In 1994, RAND Corp predicted we would have ape chauffeurs.
* In 1957, Popular Mechanics said roads would be replaced by pneumatic tubes. Hyperloop isn't quite there yet.
* In 1955, Lewyt Vacuum Company said vacuums would be nuclear powered. Yikes!
* In a 1911 Lecture at the Royal College of Surgeons of England, it was predicted that human feet would become one big toe.
* In 1900, John Elfreth Watkins Jr., the curator at the Smithsonian, said C, X, and Q would not be part of the alphabet. He wouldn't be a fan of cloud computing.
My predictions won't be perfect, but they will be better than that. So, here we go.
[>img(150px,auto)[iCSA/JimReavis.jpg]]
''#1 We will see an increase in Cloud Breaches''. This is primarily a function of market adoption, more usage and more data in the cloud. It is going to be caused by "Bread and Butter" security issues:
* Misconfigured VMs, Containers, Firewalls & Storage Buckets
* Poorly managed credentials, keys, often found through "GitHub scraping."
* Lack of multifactor authentication & IdM strategy
* API insecurity
* Change control & patching deficiencies
''#2 Artificial Intelligence "Deepfake" Ransomware''. We have already seen Deepfake spearphishing, such as when a UK company was scammed out of $243k by a Deepfake voice message purporting to be that of their German CEO. Deepfakes are getting so good that they will make for a compelling click. I see them being deployed with worm technology and with ransomware being a logical payload.
''#3 2020 US Presidential Election Mischief''. Forget about state actors hacking the election or social media manipulation being used to change the results, that is above my pay grade. I am talking about security attacks on the rest of us due to this being the most controversial and passionate presidential election in modern times. I see three attacks happening. Widespread phishing attacks will be successful due to the high passions and hyperbole. Hacktivists will target businesses appearing to lean towards one party or another. I also see ransomware attacks on government agencies.
''#4 The Year of Serverless Security''. Serverless computing, such as Function-as-a-Service, is all the rage right now. It is easy to see why, you relieve the application developer from a great deal of server management considerations and the generous pricing structure from cloud service providers makes this compelling. We are still in the early days of understanding exactly how we secure Serverless. This can be exacerbated by developers designing applications in a way that expose its weaknesses, such as inadvertently creating frequent unexpected triggering events. Serverless Security will be a big topic, we will see new startups dealing with it and we will leave the year with a better perspective of when to use Serverless and how to secure it.
''#5 Cloud Portability''. Portability of applications in the cloud has become more difficult with each passing year. Cloud service providers have created so many valuable and proprietary services that developers love, leading to a world where applications tend to be tightly coupled with their underlying infrastructure-as-a-service. This is the market at work, and many enterprises I have talked to have said a loss of portability is a trade they are willing to make in exchange for having clear accountability from the provider. Still, I have a suspicion that by the end of the year, there will be an initiative to revisit portability from stakeholders that are concerned about the downsides of lock-in.
Well, I think we will leave it at five as I don't want to use my incredible powers to give you this year's Super Bowl winner. I wish you all a happy and prosperous new year, let's enjoy watching 2020 unfold together!//
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k1hb/]] sur le blog de la CSA.
⇒ Écouter [[l'interview|https://CloudSecurityAlliance.fr/go/k1hi/]] de Jim Reavis sur le même sujet
!"//CSA 2019 Year in Review and look into 2020//"
[>img(150px,auto)[iCSA/CSAsecUpd.jpg]]Podcast de la série "[[CSA Security Update]]" publié le 17 janvier 2020 — Invité : Jim Reavis, CEO CSA
<<<
//2019 was another great year for CSA and it sets the stage for an even greater year in 2020.
Listen to this insightful interview with Jim Reavis; Co-Founder and CEO of the Cloud Security Alliance as he provides a look back at the accomplishments and milestones achieved in 2019 and provides a look into the journey we will be taking in 2020.//
<<<
__Liens :__
* Annonce → https://www.buzzsprout.com/303731/2513809-csa-2019-year-in-review-and-look-into-2020-with-co-founder-ceo-jim-reavis
* Podcast → https://www.buzzsprout.com/303731/2513809-csa-2019-year-in-review-and-look-into-2020-with-co-founder-ceo-jim-reavis.mp3
!"//Cloud Industrial Internet of Things (IIoT) - Industrial Control Systems Security Glossary//"
<<<
//The Industrial Control Systems (ICS) Security Glossary is a reference document that brings together ICS and IT/OT related terms and definitions.
Bringing together the terms and definitions in this document is meant to minimize misinterpretation and provide a common ICS and IT/OT language.
A balance has been struck between length of the definitions and understandability with reliance on the reference source as the final arbiter.
The goal is to provide a common language to communicate, understand, debate, conclude, and present the results of the ICS WG's work.
The intended audience is everyone from the Board to security staff inside an organization to customers and third-party suppliers including cloud service providers.//
<<<
La date limite pour faire les commentaires est fixée au ''15 février 2020''.
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k1fa/]] sur le blog de la CSA
!"//Behind the Scenes: IoT Working Group with Mark Yanalitis//"
[>img(150px,auto)[iCSA/K1FBB.jpg]]Article de blog publié le 15 janvier 2020 — Rédigé par Mark Yanalitis et la CSA
<<<
//Here at CSA, our working groups are the core of what we do. From researching best practices, to tackling challenges on the horizon, they bring together security professionals from diverse backgrounds and experiences to collaborate on research that will benefit the entire industry.
In this blog series we will be interviewing different working group members to help give you an idea of what it looks like to participate in a working group. For our first blog we asked Mark Yanalitis to share his reason for joining the CSA Internet of Things Working Group and what his experience has been like.
__Interview with Mark Yanalitis__
Mark Yanalitis, MS MA CISSP is an independent security researcher, IoT work group member, and former teaching adjunct at Carnegie Mellon University Heinz College of Information Systems and Policy.
The Cloud Security Alliance (CSA) Internet of Things (IoT) work group preceded me. I was a late add. The work group already produced useful and polished works in the areas of IoT control matrix objectives, responses fulfilling National Institutes of Standards (NIST) request for public comment, and recently the distribution of the OWASP Firmware Security Testing Framework. A dedicated cadre of CSA professional backstop work groups, cross-pollinate efforts and manage the humble and essential coordination work. One of the regular challenges of national work groups is not necessarily having volunteer bench strength; it's working in a rapidly expanding data security and information privacy subject area while market adoption and technology uptake have a significant head start.
Many and varied IoT use cases exist for residential consumer, commercial, and industrial applications. Some "wouldn't it be great if" use cases existed but were in a state of dormancy. Industrial IoT (IIoT) embraced sensor-driven manufacturing line management and robotic process automation. The rapid and expansive growth in both mobile and cloud capability resulted in many existing and new IIoT use cases migrating into the commercial and consumer space while spurring the transformation of previously closed proprietary IIoT designs. The resulting rapid expansion of TCPIP and machine learning enabled sensors, assistants, toys, health devices, and home automation capability fundamentally changed threat landscapes, attack surfaces, and disclosure potentials.
The CSA IoT work group is one of several organizational bodies operating in the standards space. ENISA (European Union Agency for CyberSecurity), ESTI (EU Standards organization TC CYBER), IETF/IEEE, Internet Industry Consortium (IIC), NIST, OWASP, and UL (Underwriters Laboratories), represent major information outlets. As a researcher in this area of information security, membership in the CSA IoT work group allows me to make contributions as well as take in the perspectives of professionals who work directly in the IoT and IIoT work space. CSA IoT work group membership affords a low barrier to entry into the center of IoT data security and IoT privacy conversations, and like many other CSA venues and information outlets, CSA work group membership provides a high rate of return.//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k1fb/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 6 au 12 janvier 2020
* Annonce : Nouvelle conférence Cloud et Sécurité "[[SECtember]]" de la CSA+++*[»]> <<tiddler [[2020.01.09 - Nouvelle conférence SECtember de la CSA]]>>===
* Blog : 'Five ''Predictions'' to Impact Enterprise Network Security in 2020'+++*[»]> <<tiddler [[2020.01.10 - Blog : 'Five Predictions to Impact Enterprise Network Security in 2020']]>>===
* Blog : 'We Need More Women Mentors For a More Complete Cybersecurity Workforce'+++*[»]> <<tiddler [[2020.01.07 - Blog : 'We Need More Women Mentors For a More Complete Cybersecurity Workforce']]>>===
* Publication : première partie 'Critical Controls Implementation for Systems Applications and Product (SAP)'+++*[»]> <<tiddler [[2020.01.06 - Publication : 'Critical Controls Implementation for Systems Applications and Product (SAP)' (1/2)]]>>===
* Blog : 'Enterprise Architecture Cloud Delivery Model - CCM Mapping'+++*[»]> <<tiddler [[2020.01.06 - Blog : 'Enterprise Architecture Cloud Delivery Model - CCM Mapping']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.01.12 - Veille Hebdomadaire - 12 janvier]] avec seulement une quarantaine de liens dont
* A lire : Sur AWS, certains certificats expireront début mars 2020+++*[»]>
|2020.01.07|//AWS//|![[Urgent & Important - Rotate Your Amazon RDS, Aurora, and Amazon DocumentDB (with MongoDB compatibility) Certificates|https://aws.amazon.com/blogs/aws/urgent-important-rotate-your-amazon-rds-aurora-and-documentdb-certificates/]]|AWS Certificates|
|2020.01.08|CBR Online| → [[AWS to DB Users: Download Fresh Certs Urgently, or Risk Applications Breaking|https://www.cbronline.com/cloud/aws-certificate-update/]]|AWS Certificates|
|2020.01.09|Dark Reading| → [[AWS Issues 'Urgent' Warning for Database Users to Update Certs|https://www.darkreading.com/cloud/aws-issues-urgent-warning-for-database-users-to-update-certs/d/d-id/1336766]]|AWS Certificates|
|2020.01.10|Continuity Central| → [[Amazon AWS warns certain users to update certificates or face lost connectivity |https://www.continuitycentral.com/index.php/news/technology/4780-amazon-aws-warns-certain-users-to-update-certificates-or-face-lost-connectivity]]|AWS Certificates|
===
* __Attaques__ : Technique de mouvement latéral dans le Cloud+++*[»]>
|2020.01.06|SANS|![[Lateral traffic movement in Virtual Private Clouds|https://www.sans.org/reading-room/whitepapers/cloud/lateral-traffic-movement-virtual-private-clouds-39360]]|Attacks|
===
* __Divers__ : AzureAD, Phishing O365, quelques prévisions pour 2020
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.01.12|
|2020.01.12|//Active Directory Security//|[[What is Azure Active Directory?|https://adsecurity.org/?p=4211]]|AzureAD|
|>|>|>|!2020.01.11|
|2020.01.11|TechRadar|[[What is Amazon S3?|https://www.techradar.com/news/what-is-amazon-s3]]|AWS_S3|
|2020.01.11|Kelda|[[Kube Explained: Part 1 - How CI/CD and Microservices Led to Kubernetes|https://kelda.io/blog/kube-explained-part-1-how-ci-cd-and-microservices-led-to-kubernetes/]] (2/2)|CI_CD Kubernetes|
|2020.01.11|AppFleet|[[Advanced Docker Security with AppArmor|https://appfleet.com/blog/advanced-docker-security-with-apparmor/]]|Docker|
|>|>|>|!2020.01.10|
|2020.01.10|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Google Cloud muscle son stockage archive face à AWS et Azure|https://www.silicon.fr/google-cloud-stockage-archive-aws-azure-332259.html]]|Storage|
|2020.01.10|Help Net Security|[[Office 365 users: Beware of phishing emails pointing to Office Sway|https://www.helpnetsecurity.com/2020/01/10/phishing-office-sway/]]|O365 Attacks|
|2020.01.10|Bleeping Computer|[[Enables Security Defaults in Azure Active Directory|https://www.bleepingcomputer.com/news/microsoft/microsoft-enables-security-defaults-in-azure-active-directory/]]|AzureAD|
|2020.01.10|NextGov|[[Can the Continuous Diagnostics and Mitigation Program Secure a Cloud Smart Government?|https://www.nextgov.com/ideas/2020/01/can-continuous-diagnostics-and-mitigation-program-secure-cloud-smart-government/162367/]]|Misc|
|2020.01.10|Federal News Network|[[Cloud computing and remote workers can reduce cybersecurity|https://federalnewsnetwork.com/federal-drive/2020/01/cloud-computing-and-remote-workers-can-reduce-cybersecurity/]] ([[audio mp3|http://www.podcastone.com/downloadsecurity?url=aHR0cHM6Ly9wZHN0LmZtL2UvY2h0YmwuY29tL3RyYWNrL0UyRzg5NS9hdy5ub3hzb2x1dGlvbnMuY29tL2xhdW5jaHBvZC9mZWRlcmFsLWRyaXZlL21wMy8wMTEwMjBfSGF6YXJfd2ViX3ZuYW9fYmU5N2I4NWMubXAzP2F3Q29sbGVjdGlvbklkPTExNDYmYXdFcGlzb2RlSWQ9ODRlNzBlYTItOTFkOS00MThmLThmYmEtMmI1YWJlOTdiODVjKip8MTU3ODgwODU3ODkyMioqfA==.mp3]])|Misc|
|2020.01.10|The Register|[[UK Home Office opens AWS cash firehose even wider with £100m public cloud services deal|https://www.theregister.co.uk/2020/01/10/home_office_hands_aws_100m_for_public_cloud_services/]]|AWS UK|
|2020.01.10|Marteen Goet|[[Azure Sentinel: Hitchhikers Guide to the Cybersecurity Galaxy|https://github.com/maartengoet/presentations/blob/master/2020_01_azure_thursday_azure_sentinel.pdf]] (pdf) |Azure_Sentinel|
|2020.01.10|//Google Cloud//|[[Exploring container security: Navigate the security seas with ease in GKE v1.15|https://cloud.google.com/blog/products/containers-kubernetes/new-kubernetes-security-settings-2019]]|Containers|
|2020.01.10|//Cofense//|[[Phish Fryday - Cloud Services in Phishing Attacks|https://cofense.com/phish-fryday-cloud-services/]]|Attacks Phishing|
|2020.01.10|//Shared Assessments//|[[Ten Third Party Risk Management Trends to (Continuously) Monitor (and 7 resolutions to strengthen TPRM capabilities - and collaborations - in 2020)|https://sharedassessments.org/ten-third-party-risk-management-trends-to-continuously-monitor-and-7-resolutions-to-strengthen-tprm-capabilities-and-collaborations-in-2020/]]|Predictions|
|2020.01.10|//JumpCloud//|[[How To Extend Active Directory To The Cloud Without Azure|https://jumpcloud.com/blog/extend-ad-cloud-without-azure/]]|Active_Directory|
|2020.01.10|//Pen Test Partners//|[[IR & Forensics in the Cloud|https://www.pentestpartners.com/security-blog/ir-forensics-in-the-cloud/]]|Forensics|
|2020.01.10|//CloudPassage//|[[Securing Kubernetes Master and Workers|https://www.cloudpassage.com/blog/securing-kubernetes-master-and-workers/]]|K8s|
|2020.01.10|//Microsoft Azure//|[[Moving Windows Server to Microsoft Azure to Enable Compliance|https://azure.microsoft.com/en-us/resources/moving-windows-server-to-microsoft-azure-to-enable-compliance/]]|Azure Compliance|
|2020.01.10|//Microsoft Azure//|[[Choose an Azure compute service for your application|https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/compute-decision-tree]]|Azure|
|>|>|>|!2020.01.09|
|2020.01.09|Le MagIT[>img[iCSF/flag_fr.png]]|[[Comprendre comment fonctionne le réseau sous Kubernetes|https://www.lemagit.fr/conseil/Les-cles-pour-comprendre-comment-fonctionne-le-reseau-sous-Kubernetes]]|K8s|
|2020.01.09|SecureCloudBlog|[[Mad Scientists in the realms of IAM, Azure and Office 365!|https://securecloud.blog/2020/01/07/azure-ad-application-proxy-sso-and-authorization-notes-from-the-field/]]|Azure O365 IAM|
|2020.01.09|//Avanan//|[[Cybercriminals Use Microsoft Sway to Phish Office 365 Security and Your Well-Trained Users|https://www.avanan.com/blog/microsoft-sway-phishing]]|O365 Attacks|
|2020.01.09|//JDSupra//|[[Cloud Solutions Allowed for Encrypted, Unclassified Defense Data|https://www.jdsupra.com/legalnews/cloud-solutions-allowed-for-encrypted-52510/]]|Regulations Defense|
|2020.01.09|//Security Intelligence//|[[3 Multicloud Security Considerations for the Modern Enterprise|https://securityintelligence.com/posts/3-multicloud-security-considerations-for-the-modern-enterprise/]]|Multi_Cloud|
|2020.01.09|//Armor//|[[Cloud Security Tools: What You Need to Be Compliant and Secure|https://www.armor.com/blog/cloud-security-tools/]]|[[Tools|GitHub-Tools]]|
|2020.01.09|//StackRox//|[[Kubernetes Networking Demystified: A Brief Guide|https://www.stackrox.com/post/2020/01/kubernetes-networking-demystified/]]|K8s Networking|
|2020.01.09|//Microsoft//|[[Changing the Monolith - Part 1: Building alliances for a secure culture|https://www.microsoft.com/security/blog/2020/01/09/changing-the-monolith-part-1-building-alliances-for-a-secure-culture/]] (1/5)|Misc|
|>|>|>|!2020.01.08|
|2020.01.08|Le MagIT[>img[iCSF/flag_fr.png]]|[[Comment Azure AD complète Active Directory|https://www.lemagit.fr/conseil/Comment-Azure-AD-complete-Active-Directory]]|AzureAD|
|2020.01.08|SANS|[[Security Visibility in AWS: Authority, Access and Capability|https://www.sans.org/cyber-security-intelligence/2020/01/08/security-visibility-in-aws-authority-access-and-capability]]|AWS|
|2020.01.08|//Mnemonic//|[[Cloud security with an Angel|https://www.buzzsprout.com/652378/1876427-cloud-security-with-an-angel]] ([[mp3[https://www.buzzsprout.com/652378/1876427-cloud-security-with-an-angel.mp3]])|
|2020.01.08|//Microsoft//|[[Government data protection - earning and retaining the public's trust with Microsoft 365|https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/08/government-data-protection-earning-retaining-public-trust-microsoft-365/]]|Azure O365 Government|
|2020.01.08|//Cyware//|[[Attackers Pick up Nasty Phishing Tactic to Gain Full Access to Users' Data Stored in the Cloud|https://cyware.com/news/attackers-pick-up-nasty-phishing-tactic-to-gain-full-access-to-users-data-stored-in-the-cloud-eaefb105]]|Phishing|
|2020.01.08|//ShiftLeft//|[[Accomplishing SOC 2 Type II in the Cloud-Native Kubernetes Era|https://blog.shiftleft.io/accomplishing-soc-2-type-ii-in-the-cloud-native-kubernetes-era-7786ff8811c3]]|Compliance Kubernetes SOC_2|
|2020.01.08|//Panther Labs//|[[AWS Security Logging Fundamentals - S3 Bucket Access Logging|https://blog.runpanther.io/s3-bucket-access-logging/]]|AWS Logging|
|2020.01.08|//Alibaba Cloud//|[[Easy Command-Line Access with Cloud Shell|https://medium.com/@Alibaba_Cloud/easy-command-line-access-with-cloud-shell-8e497624106f]]|Misc|
|>|>|>|!2020.01.07|
|2020.01.07|Solutions Review|[[What Can You Expect for Cloud Computing in 2020?|https://solutionsreview.com/cloud-platforms/what-can-you-expect-for-cloud-computing-in-2020/]]|Predictions|
|2020.01.07|//Google Cloud//|[[Your guide to Kubernetes best practices|https://cloud.google.com/blog/products/containers-kubernetes/your-guide-kubernetes-best-practices]]|K8s Best_Practices|
|2020.01.07|//Microsoft//|[[Threat hunting in Azure Advanced Threat Protection (ATP)|https://www.microsoft.com/security/blog/2020/01/07/threat-hunting-azure-advanced-threat-protection/]]|Azure Threat_Protection|
|2020.01.07|//AWS//|![[Urgent & Important - Rotate Your Amazon RDS, Aurora, and Amazon DocumentDB (with MongoDB compatibility) Certificates|https://aws.amazon.com/blogs/aws/urgent-important-rotate-your-amazon-rds-aurora-and-documentdb-certificates/]]|AWS Certificates|
|2020.01.08|CBR Online| → [[AWS to DB Users: Download Fresh Certs Urgently, or Risk Applications Breaking|https://www.cbronline.com/cloud/aws-certificate-update/]]|AWS Certificates|
|2020.01.09|Dark Reading| → [[AWS Issues 'Urgent' Warning for Database Users to Update Certs|https://www.darkreading.com/cloud/aws-issues-urgent-warning-for-database-users-to-update-certs/d/d-id/1336766]]|AWS Certificates|
|2020.01.10|Continuity Central| → [[Amazon AWS warns certain users to update certificates or face lost connectivity |https://www.continuitycentral.com/index.php/news/technology/4780-amazon-aws-warns-certain-users-to-update-certificates-or-face-lost-connectivity]]|AWS Certificates|
|>|>|>|!2020.01.06|
|2020.01.07|TL;DR Security|[[#19 - Epic Post Next Week, Beyond Beyond Corp, Cloud Security Tools|https://tldrsec.com/blog/tldr-sec-021/]] |Weekly_Newsletter|
|2020.01.06|SANS|![[Lateral traffic movement in Virtual Private Clouds|https://www.sans.org/reading-room/whitepapers/cloud/lateral-traffic-movement-virtual-private-clouds-39360]]|Attacks|
|2020.01.06|Dark Reading|[[What Tools Will Find Misconfigurations in My AWS S3 Cloud Buckets?|https://www.darkreading.com/edge/theedge/what-tools-will-find-misconfigurations-in-my-aws-s3-cloud-buckets/b/d-id/1336720]]|AW3 S3|
|2020.01.06|Kamran Bilgrami|[[Ethical Hacking Lessons - Building Free Active Directory Lab in Azure|https://medium.com/@kamran.bilgrami/ethical-hacking-lessons-building-free-active-directory-lab-in-azure-6c67a7eddd7f]]|Azure Active_Directory|
|2020.01.06|//PagerDuty//|[[PagerDuty Focuses Incident Response Efforts on the Cloud|https://devops.com/pagerduty-focuses-incident-response-efforts-on-the-cloud/]]|Incident_Handling|
|2020.01.06|//Blissfully//|[[SaaS Security and Compliance for HR|https://www.blissfully.com/blog/saas-security-and-compliance-for-hr/]]|SaaS Compliance|
|2020.01.06|//InfraCloud//|[[How to setup Role based access to Kubernetes Cluster|https://www.infracloud.io/role-based-access-kubernetes/]]|K8s|
|2020.01.06|//Optiv//|[[Image Risks - Gaining Visibility into NIST SP 800-190, Part Three|https://www.optiv.com/blog/image-risks]] (3/6)
!"//Five Predictions to Impact Enterprise Network Security in 2020//"
[>img(150px,auto)[iCSA/K1ABF.jpg]]Article de blog publié le 10 janvier 2020 — Rédigé par+++*[Etay Bogner »]> https://linkedin.com/in/etaybogner/ ===, VP, Zero-Trust Products,+++*[Proofpoint »]> https://www.proofpoint.com/ ===
<<<
//Accelerating developments in security are playing a significant role in the evolution of enterprise networking. For years, the industry has relied on a hardware-centric, trust-based model that has become increasingly inflexible and insecure. Employees are no longer sitting in an office every day, working with local data center-based applications - there are now a wide range of popular cloud-based applications broadly deployed. It is not just that the perimeter is dissolving - security paradigms designed around the idea that users on the local area network (LAN) can be trusted are now considered high risk. As this trend continues into 2020, below are five enterprise security predictions expected to impact networking as business needs and threats both continue to evolve:
1. Security Stack Migration to the Cloud
:A fast-moving trend, expected to accelerate over the next 12 months, is that IT professionals will rely less on security protections delivered at the datacenter gateway. Instead, all security intelligence and updates will take place in the cloud. It has been going on for a long time, but now there is a consensus across the industry that the perimeter needs to be defined around the user and data rather than around offices. This means delivering security from the cloud, close to where user workspaces are located. This makes more sense than backhauling user traffic to the data center to consume security services there. Indeed, it eliminates the need to run after vulnerabilities and patch updates. For network security professionals, it's easier to manage one central policy rather than per-site.
2. Platforms Instead of Products
:IT is gravitating toward centralization. The idea behind a more comprehensive platform that enables security services to be chained is that it will remove the need for complex integrations. In the area of network connectivity, this approach must include both network as a service and security as a service. As large enterprises make the transition, it will require numerous points of presence (PoPs) around the world so that it will always be as close as possible to the user or office in order to provide lower latency. Gartner recently formalized this approach and named it Secure Access Service Edge or SASE, a digital business enabler in the name of speed and agility.
3. Developing Technology from the Bottom Up
:A large number of vendors have announced their support for the SASE approach for several reasons. First, it encourages vendor consolidation to simplify technology acquisition and management. There has always been a debate between buying security from a single vendor for the convenience or buying best-of-breed solutions from multiple vendors. There is an increasing demand for the convergence of these two approaches. Vendors often buy third-party products to make a complete offering, but the integration (if any) is often rough and cumbersome. The new SASE architecture is an opportunity to deliver a complete offering in a way that is efficient for both the vendor and the enterprise. However, it means developing the technology from the bottom up using modern cloud-scale solutions. Many vendors with large legacy product offerings will have a problem with this.
4. Zero-Trust - Increased Focus on Users and Data
:The term Zero-Trust was widely used in 2019. Coined originally by Forrester research in 2010, it referred to a methodology for micro-segmenting the network. Today it has been expanded to a complete ZTX security framework. It makes sense to look at security in terms of what users are doing and what information they are accessing, rather than solely in terms of where their device is connected.
:Zero-trust enables administrators to limit the attack surface, continuously verify that users are who say they are, and ensure they are only accessing the data they really need. For most organizations, this is a long transformational journey and we are only at the beginning.
:Software Defined Perimeters (SDPs) are a great first step. SDPs offer a simple holistic approach where remote users no longer connect to a physical site, but to a global Network as a Service (NaaS) that provides continuously available secure connectivity. SDPs leverage huge technological advances associated with the megatrend of providing all forms of IT functionality as a service. IT resources within the SDP are typically hidden from public discovery and access is restricted by policy as needed. This removal of IT computing and data assets from general public access reduces the surface area in defense against IT security attacks.
5. Greater Convergence of Networking and Security
:The network is now everywhere. Much of the time, the backbone is the internet itself. It is now time to think of the enterprise network as virtual rather than physical and to ensure that the perimeter follows the user no matter where they are. It is no longer possible to separate the network from the security stack. Industry thought leaders are converging architecture and standardizing around this approach.
:While the cloud is the first important step for network security, it is not enough. Cloud networking is essential to delivering those services effectively over a true "virtual private network."
//[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k1ab/]] sur le blog de la CSA
!"//Cloud Security Alliance Announces SECtember, a New Annual Conference for the Future of Cybersecurity//"
<<<
//[>img(200px,auto)[iCSA/202009US-Seattle.jpg]]SEATTLE - Jan. 9 2020 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today it is changing the way the cloud and cybersecurity industry meets with the launch of [[SECtember]]+++*[»]> https://csacongress.org/event/sectember-2020/ ===, a signature event focused on educating the industry on key issues and trends faced in cloud and cybersecurity. Held in CSA's home city of Seattle among the giants of cloud computing and the headquarters of several leaders within their respective industries, [[SECtember]] will feature in-depth training, networking opportunities and interactive sessions with global experts. ''The inaugural [[SECtember]] will be held Sept. 14-17, 2020'', at the Sheraton Grand Seattle.
"In 2009, CSA began defining cloud security before most organizations were in the cloud. In 2020, cloud computing is now the primary mode of computing around the world and is also the foundation for cybersecurity writ large and the means by which we secure all forms of computing, such as the Internet of Things. Seattle is well-established around the world as the center of cloud computing, and with the introduction of [[SECtember]], it can be the focal point of cybersecurity, as well. CSA is making a permanent commitment to bring this signature event to our home city on an annual basis, which is rapidly becoming a magnet for companies in the technology and cloud space," said Jim Reavis, CEO and co-founder, Cloud Security Alliance.
"[[SECtember]] will bring together thought leaders from five continents to provide a global perspective on strategic cloud and cybersecurity issues and will provide state-of-the-art educational activities. We have a great deal of pride in Seattle, and while the topic of our conference is serious, we guarantee that the event will also be fun," he added.
The annual event will offer attendees an enhanced roster of training, including courses covering the Certificate of Cloud Security Knowledge (CCSK) Foundation (1 day), CCSK Plus (2-day) along with CCSK Plus AWS and Azure, Cloud Governance & Compliance (1 day), Advanced Cloud Security Practitioner (2-day), and Certificate of Cloud Auditing Knowledge (2-day), as well as other training sessions currently in development.
//[...]
//CSA will issue a Call for Papers for [[SECtember]] on February 3.//
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k17b/]] sur le site de la CSA.
⇒ le site de la conférence ⇒ ''[[CloudSecurityAlliance.fr/go/k9ee/|https://CloudSecurityAlliance.fr/go/k9ee/]]''
!"//We Need More Women Mentors For a More Complete Cybersecurity Workforce//"
[>img(150px,auto)[iCSA/K17BW.jpg]]Article de blog publié le 7 janvier 2020 — Rédigé par+++*[Sivan Tehila »]> https://www.linkedin.com/in/sivan-tehila/ ===, Director of Solution Architecture,+++*[Perimeter 81 »]> https://www.perimeter81.com/ ===
<<<
//It seems like everyone wants to get into the field of cybersecurity. However, this isn't the case for women. The cybersecurity industry needs to rethink how to attract more women into the talent pool to bring more order into the gender balance.+++*[Research from Cybersecurity Ventures »]> https://cybersecurityventures.com/women-in-cybersecurity/ === shows that today women make up only 20% of the cybersecurity workforce. When it comes to recruiting women into the workforce, cybersecurity is clearly one of the worst industries for women to men ratios.
The lack of women in the cybersecurity workforce is diminishing the opportunities to fill out security positions.
The question is: how can the security industry successfully improve and increase the hiring of women in security? While there are many different challenges that women face in the security industry, I am here to highlight the different ways the security industry can improve their numbers of women in security moving forward.
__Starting at a Young Age__
The ongoing issue behind the massive gap between women and men in cybersecurity is starting from an initial perception of education at a young age. Until recently, women were not publicly shown as tech or security experts. Girls are being exposed to this idea at a very young age, and this vision and career choice continue with them when deciding which career they choose.
According to a study by+++*[Kaspersky Lab »]> https://usa.kaspersky.com/about/press-releases/2017_kaspersky-lab-study-most-women-decide-against-a-career-in-cybersecurity-before-age-16 ===, 45% of young women are not aware of the different cybersecurity career opportunities and one in six women thinks that a career in cybersecurity would be dull. The study even states that "a third of young women think that cybersecurity professionals are 'geeks' and a quarter think they are 'nerds.'"
Introducing young women to the numerous STEM topics can provide a spark of interest for potential career paths early on. In order to increase the number of women entering the security fields, there needs to be an industry-accepted shift when it comes to women in security. Additionally, it is important to expose women of all ages to positive female role models from within cybersecurity and similar fields in order to change the way they are perceived.
__A Career in Cyber Comes with Benefits__
The first step to increase women in security is to emphasize all the different benefits and pluses that come with a career in cybersecurity. By joining the cybersecurity field, there are endless benefits that come with the job, such as job security, high pay, scholarships, and incentives. While there are thousands of cybersecurity jobs needed to be filled, the industry is seeing organizations seeking diversity in their workplaces, which is presenting more women to be hired in these positions. Due to the demand for skilled security people, pay for a career in cybersecurity is very high when compared to different industries.
Another major reason why women should shift left and join the cybersecurity space is that it is a field that is challenging and intriguing. The cybersecurity space is constantly changing and evolving, providing the opportunity to learn and experience different sectors that are not available or do not exist within other fields and career choices.
This career path allows women to be captivated by the always-changing work lifestyle, which presents different junctures where women can provide their expertise in decision making and strategizing, which will go a long way for their company. While in the end, everyone who works in cybersecurity plays a key role in fighting against cyberattacks - one thing is clear, the industry needs more women and the skills they offer. These different career benefits and motivations will encourage women to take an interest in learning more about the field and choose a career in cybersecurity.
__Team Diversity is Necessary & Beneficial__
Gender diversity in the workplace is+++[proven »]> https://www.gallup.com/workplace/236543/business-benefits-gender-diversity.aspx === to increase performance and turn higher profits. The reason for this is that men and women have different ideas, insights, and perspectives, which gives teams a more balanced attitude and varied approach to problem-solving.
Additionally, many women can feel intimidated breaking into a field that is male-dominated. Seeing other women on the team and in the office will encourage more women to apply and join the cybersecurity space. If women make up more than half of the world's population, we should also make up at least half of the workforce.
__Women Mentors Needed__
While we are seeing an increase in women joining the cybersecurity field in the past few years, there is still a lack of women mentors in the field. According to a Kaspersky report, the majority of young women who work in security stated they rarely meet fellow women who work in the cybersecurity industry, and when they did meet women in the security workforce, it presented positive feedback on the industry.
So how can having female mentors in security bring more women into the field? Mentoring is important both from the point of view of helping to retain women in the industry, and attracting them to a career in security.
Publicizing different women security leaders and those upcoming in cybersecurity today as role models will encourage young women that cybersecurity is a potential career path. Organizations should take the time and effort to train and coach these role models so they can be mentors for younger women joining the organization and the industry. With the right mentorship and empowerment education, the cybersecurity industry can be one of the most intriguing career paths for women moving forward.
__Moving Forward__
Cybersecurity can be the ideal career path for anyone with the right skills, experience, and drive. By providing the right mix of female mentors in security and educating women in different career opportunities, organizations can take part in closing the skills gap by actively improving gender diversity within the industry. No matter what type of background each person comes from, they can play a huge role in closing the women in security gap in cybersecurity.
On a personal note, I find working in cybersecurity exciting, challenging, and constantly evolving. I wake up every morning and go into work knowing that I am helping protect people and businesses' important resources, as well as their privacy. I am constantly learning new things and developing new skills in a field that requires me to always be on my toes and keeps my mind engaged.//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k17b/]] sur le blog de la CSA
!"//Enterprise Architecture Cloud Delivery Model | CCM Mapping//"
[>img(150px,auto)[iCSA/K16BE.jpg]]Article de blog publié le 6 janvier 2020 — Rédigé par le groupe de travail "Enterprise Architecture"
<<<
//The Enterprise Architecture working group has been developing a Cloud Service Delivery Model mapping which aims to give businesses who are building out their cloud program an inside look into roles and responsibilities when it comes to IaaS, PaaS, and SaaS and specific areas within each.
This phased approach that links directly from the Cloud Controls Matrix ([[CCM]]), gives a quick glance and delivery model for identifying key areas within a business and determining whether they are the responsibility of the vendor or the cloud consumer.
__Helps eliminate assumptions when migrating to the cloud__
The best part of direct mappings like this built from the Cloud Controls Matrix, is the immense support it can generate for companies who may not quite understand the different complex areas of switching to a cloud environment. It makes it so there are never any assumptions on who within the business, or outside of the business, is responsible for certain delivery methods. Often roles and responsibilities become a blurred line when dealing with SLA's when venturing into the cloud, and the Enterprise Architecture working group is addressing these areas by eliminating the confusion within the realms of IaaS, PaaS, and SaaS developments. These three areas map directly to the Cloud Control Matrix's 16 current domains for full coverage.
How the mapping works
To give a quick overview of how this mapping will work, we will look at the first category of the [[CCM]] mapping portion, which in this case would be Application & Interface Security (AIS-01 Control ID from the [[CCM]]). The environment of choice would then be chosen; for instance, SaaS is going to act as our delivery method. We then cross-reference a table with a category of either CSP (Cloud Service Provider) or CSC (Cloud Service Consumer). For this case, there is a "1" annotating "yes" under CSP, and a "0" under CSC annotating a "no" response. These answers lead us to the sole responsibility for this deployment instance. Because application and programming interfaces are designed, developed, deployed, and tested by the vendor for SaaS, the security is ultimately agreed upon that it is the service provider's responsibility.
__Provides a full circle approach__
It may seem like a simplistic approach, but it is one that needs to be provided to consumers and businesses to really begin a course of action into adopting policy and structure for ownership responsibilities within the cloud. This EA delivery model, combined with other CSA items such as the [[CAIQ]] and the Cloud Controls Matrix, can develop a full circle approach to diving into the cloud and beginning to understand the approaches that are needed to become successful in understanding the knowledge surrounding it.
More easily put:
* The [[CAIQ]] would be the questions used to ask a vendor about specific items that a business may need to suffice a request for a service
* The [[CCM]] would then be used to assess the risk associated with cloud delivery models.
* Lastly the EA quick guide mapping would identify the roles and ownership capabilities.
Being able to reference architecture such as this cloud delivery model can allow for a baseline internally and give consumers the peace of mind that they are taking the correct approach.//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/k16b/]] sur le blog de la CSA
!"//Cloud Security Alliance Releases First in a Series of Critical Controls Implementation for SAP Guidelines//"
<<<
[>img(200px,auto)[iCSA/K16AC.png]]//Critical Controls Implementation for SAP
The Critical Controls Implementation for SAP is the first in a series of implementation documents that the CSA ERP Security Working Group aims to develop. These documents will focus on specific ERP technologies, starting with SAP. The Critical Controls Implementation for SAP document will be released in 2 parts. Part 1 will feature the first 10 controls with the second part featuring the rest at a later date. The document takes a technical and granular approach including information such as implementation checklists and SAP transaction numbers.//
<<<
Les 10 premiers controles sont :
# APP01 - //Secure Landscape//
# APP02 - //Baseline Secure Configurations//
# APP03 - //Security Vulnerabilities//
# INT01 - //Secure Integrations and API//
# DAT01 - //Continuous Monitoring//
# DAT02 - //Data Separation//
# DAT03 - //Data Encryption//
# BUS01 - //Inventory of Business Assets, Data and Processes//
# BUS02 - //Business Process Controls//
# BUS03 - //Continuous Compliance//
__Liens :__
* Annonce : ⇒ ''[[CloudSecurityAlliance.fr/go/k16a/|https://cloudsecurityalliance.fr/go/k16a/]]''
* Publication : ⇒ ''[[CloudSecurityAlliance.fr/go/k16p/|https://cloudsecurityalliance.fr/go/k16p/]]''
* Document "Top 20 Critical Controls for Cloud Enterprise Resource Planning (ERP) Customers" de juin 2019
**+++*[Annonce »]> <<tiddler [[2019.06.10 - Publication : Top 20 Critical Controls for Cloud Enterprise Resource Planning (ERP) Customers]]>>===
**+++*[Téléchargement »]>
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j6ax/|https://cloudsecurityalliance.fr/go/j6ax/]]''
===
[img(25%,1px)[iCSF/BluePixel.gif]]
!!1 - Informations CSA de la semaine du 30 décembre 2019 au 5 janvier 2020
* __''À lire''__ : ''Bilan 2019 et perspectives 2020'' pour le Chapitre Français de la CSA+++*[»]> <<tiddler [[2020.01.01 - Blog : Bilan 2019 et perspectives 2020]]>>===
* Actu : Appel à commentaires "''Compléments CCM V3.0.1 pour les spécifications sécurité de CloudOS''"+++*[»]> <<tiddler [[2019.12.12 - Appel à commentaires : document 'Compléments CCM V3.0.1 pour les spécifications sécurité de CloudOS']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2020.01.05 - Veille Hebdomadaire - 5 janvier]] avec seulement une trentaine de liens dont
* __Attaques__ : plus de MSSP impactés par Cloud Hopper+++*[»]>
|2019.12.30|Wall Street Journal|[[Ghosts in the Clouds: Inside China's Major Corporate Hack|https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061]]|Attacks APT Cloud_Hopper|
|2019.12.30|infoRisk Today| → [[Report: Cloud Hopper Attacks Affected More MSPs|https://www.inforisktoday.com/report-cloud-hopper-attacks-affected-more-msps-a-13565]]|Attacks APT Cloud_Hopper|
|2020.01.03|Forbes| → [[5 Key Security Lessons From The Cloud Hopper Mega Hack|
===
* Faille : Starbucks (clé API exposée)+++*[»]>
|2020.01.01|Security Affairs|[[Expert finds Starbucks API Key exposed online|https://securityaffairs.co/wordpress/95826/security/starbucks-api-key-exposed-online.html]]|API DataLeaks JumpCloud|
|2019.12.30|//HackerOne//| → [[JumpCloud API Key leaked via Open Github Repository.|https://hackerone.com/reports/716292]]|API DataLeaks JumpCloud|
|2020.01.03|CISO Mag| → [[Indian Researcher Finds Starbucks API Key Exposed Online|https://www.cisomag.com/indian-researcher-finds-starbucks-api-key-exposed-online/]]|API DataLeaks JumpCloud|
===
* Outils : S3Tk (pour AWS S3)+++*[»]>
|2020.01.04|KitPloit|[[S3Tk - A Security Toolkit For Amazon S3|https://www.kitploit.com/2020/01/s3tk-security-toolkit-for-amazon-s3.html]]|[[Tools|Outils-GitHub]] AWS|
===
* Publication : première version officielle du document OWASP "API Security Top 10 2019"+++*[»]>
|2019.12.31|OWASP|[[API Security Top 10 2019|https://github.com/OWASP/API-Security/raw/master/2019/en/dist/owasp-api-security-top-10.pdf]]|APIs OWASP|
|2020.01.01|DevOps.com| → [[Breaking Down the OWASP API Security Top 10, Part 1|https://devops.com/breaking-down-the-owasp-api-security-top-10-part-1/]] (1/2)|OWASP API|
|2020.01.03|DevOps.com| → [[Breaking Down the OWASP API Security Top 10, Part 2|https://devops.com/breaking-down-the-owasp-api-security-top-10-part-2/]] (2/2)|OWASP API|
|2019.12.31|Information Security Forum |[[Conquering the Cyber Security Challenges of the Cloud|https://www.cpomagazine.com/cyber-security/conquering-the-cyber-security-challenges-of-the-cloud/]]|Challenges|
===
* __Divers__ : containers, sondage Barracuda Networks, virtualisation, quelques prévisions pour 2020
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2020.01.04|
|2020.01.04|KitPloit|[[S3Tk - A Security Toolkit For Amazon S3|https://www.kitploit.com/2020/01/s3tk-security-toolkit-for-amazon-s3.html]]|[[Tools|Outils-GitHub]] AWS|
|2020.01.04|//AppFleet//|[[Automatically Scan Your Docker Images for Vulnerabilities With AWS ECR|https://appfleet.com/blog/automatic-vulnerability-scanning-for/]]|AWS Docker Scans|
|>|>|>|!2020.01.03|
|2020.01.03|Fedscoop|[[DHS conducting market research for cloud-based vulnerability disclosure platform|https://www.fedscoop.com/vulnerability-disclosure-cloud-platform-dhs-cisa/]]|Vulnerability_Disclosure|
|2020.01.03|Container Journal|[[Containers vs. VMs: A Closer Look|https://containerjournal.com/topics/container-ecosystems/containers-vs-vms-a-closer-look/]]|Containers VM|
|2020.01.03|//Zscaler//|[[Zscaler's SASE platform brings security and policy closer to the user in a cloud-delivered service|https://siliconangle.com/2020/01/03/zscalers-sase-platform-brings-security-and-policy-closer-to-the-user-in-a-cloud-delivered-service-cubeconversations/]] '[[vidéo|http://www.youtube.com/watch?v=pE_qlkJRuV0]])|SASE|
|2020.01.03|//Akku//|[[Navigating the World of Data Security in the Cloud: Steps to Ensure Compliance|https://www.akku.work/blog/steps-to-ensure-security-compliance/]]|Compliance|
|2020.01.03|//Netwrix//|[[Organizations May 'Uncloud' Over Security, Budgetary Concerns|https://www.darkreading.com/cloud/organizations-may-uncloud-over-security-budgetary-concerns/a/d-id/1336670]]|Misc|
|2020.01.03|//Gartner//|[[Global Cloud Security Market Size, Status and Forecast 2019-2025|https://garnerinsights.com/Global-Cloud-Security-Market-Size-Status-and-Forecast-2019-2025]]|Market_Analysis|
|>|>|>|!2020.01.02|
|2020.01.02|Federal News Network|[[Many agencies still not using FedRAMP for cloud providers, GAO says|https://federalnewsnetwork.com/federal-drive/2020/01/many-agencies-still-not-using-fedramp-for-cloud-providers-gao-says/]]|FedRAMP Compliance|
|2020.01.02|//Google//[>img[iCSF/flag_fr.png]]|[[Le Cloud en 2020 (et peut-être au-delà)|https://www.journaldunet.com/solutions/expert/72369/le-cloud-en-2020--et-peut-etre-au-dela.shtml]]|Misc|
|2020.01.02|//Optiv//|[[Extending the Hybrid Cloud Lab|https://www.optiv.com/blog/extending-hybrid-cloud-lab]] (2/7)|NIST_SP800-190 Containers|
|2020.01.02|//Extrahop//|[[2020 will be the year of the cloud breach predicts ExtraHop|https://www.continuitycentral.com/index.php/news/technology/4747-2020-will-be-the-year-of-the-cloud-breach-predicts-extrahop]]|Predictions|
|>|>|>|!2020.01.01|
|2020.01.01|DZone|[[Why I Don't Mind Having a European AWS Competitor|https://dzone.com/articles/why-i-dont-mind-to-have-an-european-aws-competitor]]|Sovereign_Cloud Europe|
|2020.01.01|Security Affairs|[[Expert finds Starbucks API Key exposed online|https://securityaffairs.co/wordpress/95826/security/starbucks-api-key-exposed-online.html]]|API DataLeaks JumpCloud|
|2019.12.30|//HackerOne//| → [[JumpCloud API Key leaked via Open Github Repository.|https://hackerone.com/reports/716292]]|API DataLeaks JumpCloud|
|2020.01.03|CISO Mag| → [[Indian Researcher Finds Starbucks API Key Exposed Online|https://www.cisomag.com/indian-researcher-finds-starbucks-api-key-exposed-online/]]|API DataLeaks JumpCloud|
|>|>|>||
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.12.31|
|2019.12.31|OWASP|[[API Security Top 10 2019|https://github.com/OWASP/API-Security/raw/master/2019/en/dist/owasp-api-security-top-10.pdf]]|APIs OWASP|
|2020.01.01|DevOps.com| → [[Breaking Down the OWASP API Security Top 10, Part 1|https://devops.com/breaking-down-the-owasp-api-security-top-10-part-1/]] (1/2)|OWASP API|
|2020.01.03|DevOps.com| → [[Breaking Down the OWASP API Security Top 10, Part 2|https://devops.com/breaking-down-the-owasp-api-security-top-10-part-2/]] (2/2)|OWASP API|
|2019.12.31|Information Security Forum |[[Conquering the Cyber Security Challenges of the Cloud|https://www.cpomagazine.com/cyber-security/conquering-the-cyber-security-challenges-of-the-cloud/]]|Challenges|
|2019.12.31|UK Authority|[[Scottish Government aims to boost national cloud take-up|https://www.ukauthority.com/articles/scottish-government-aims-to-boost-national-cloud-take-up/]]|Sovereign_Cloud|
|2019.12.31|VentureBeat|[[Protecting data on public clouds and edges with confidential computing|https://venturebeat.com/2019/12/31/protecting-public-cloud-and-edge-data-with-confidential-computing/]]|Confidential_Computing|
|2019.12.31|XaaS Journal|[[Survey says: Cloud Security Confidence is Growing|https://www.xaasjournal.com/survey-says-cloud-security-confidence-is-growing/]]|Survey|
|2020.01.01|CyberSecurity Insiders| → [[Cloud Security confidence surging up says Barracuda Networks|https://www.cybersecurity-insiders.com/cloud-security-confidence-surging-up-says-barracuda-networks/]]|Survey|
|2019.12.31|NextGov|[[Survey: Feds View Security as Biggest Hurdle to Cloud Adoption|https://www.nextgov.com/it-modernization/2019/12/survey-feds-view-security-biggest-hurdle-cloud-adoption/162155/]]|Survey|
|2019.12.31|//Microsoft//|[[Zero Hype|https://techcommunity.microsoft.com/t5/azure-active-directory-identity/zero-hype/ba-p/1061413]]|Zero_Trust|
|2019.12.31|//JumpCloud//|[[Manage O365 Users Without The Azure AD Console|https://jumpcloud.com/blog/manage-o365-without-azure/]]|O365 AzureAD|
|2019.12.31|//Spanning//|![[Spanning's Best of 2019|https://spanning.com/blog/spannings-best-of-2019/]]|Year_Recap|
|2019.12.31|//Fugue//|[[Fugue's Top 5 Posts of 2019: Cloud-Native Exploits and the Ways Engineers are Preventing Them|https://www.fugue.co/blog/fugues-top-5-posts-of-2019-cloud-native-exploits-and-the-ways-engineers-are-preventing-them]]|Year_Recap|
|2019.12.31|//Cubbit Cell//|[[Next-Generation of Cloud Computing: Distributed Cloud|https://www.interestingengineering.com/next-generation-of-cloud-computing-distributed-cloud]]|Misc|
|2019.12.31|//Kindite//|![[Best Cloud Encryption Practices|https://blog.kindite.com/best-cloud-encryption-practices]]|Encryption|
|>|>|>|!2019.12.30|
|2019.12.30|Wall Street Journal|[[Ghosts in the Clouds: Inside China's Major Corporate Hack|https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061]]|Attacks APT Cloud_Hopper|
|2019.12.30|infoRisk Today| → [[Report: Cloud Hopper Attacks Affected More MSPs|https://www.inforisktoday.com/report-cloud-hopper-attacks-affected-more-msps-a-13565]]|Attacks APT Cloud_Hopper|
|2020.01.03|Forbes| → [[5 Key Security Lessons From The Cloud Hopper Mega Hack|
|2019.12.30|GCN|[[How agencies can bake data security into IoT and disaster recovery|https://gcn.com/articles/2019/12/24/software-defined-perimeter-iot-dr.aspx]]|Disaster_Recovery|
|2019.12.30|Cryptosmith|[[Online Course in Cloud Security Basics|https://cryptosmith.com/2019/12/30/online-course-in-cloud-security-basics/]]|Training|
|2019.12.30|MSSP Alert|[[Cloud Service Providers: Emerging As MSSPs?|https://www.msspalert.com/cybersecurity-companies/mssps/cloud-service-providers-emerging-as-mssps/]]|MSSP|
|2019.12.30|MSSP Alert|[[Big MSP Suffers Ransomware Attack: Report|https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/big-msp-sodinokibi-attack/]]|Attack Ransomware CSP|
|2019.12.30|NextGov|[[After Two Years, JEDI is Finally Underway|https://www.nextgov.com/it-modernization/2019/12/after-two-years-jedi-finally-underway/162005/]]|JEDI|
|2019.12.30|//JumpCloud//|[[Identity-as-a-Service (IDaaS) Explained|https://jumpcloud.com/blog/idaas-explained/]]|IDaaS|
|2019.12.30|//MalwareBytes//|[[Explained: edge computing|https://blog.malwarebytes.com/explained/2019/12/explained-edge-computing/]]|Edge_Computing|
|2019.12.30|Informatique News[>img[iCSF/flag_fr.png]]|[[Les tendances 2020 du cloud computing|https://www.informatiquenews.fr/les-tendances-2020-du-cloud-computing-65996]]|Predictions|
<<QOTD Rolled1920 1852 noclick norandom>>
[img(150px,auto)[iCSF/Cloud2019.jpg]]
----
[img(150px,auto)[iCSF/Cloud2020.jpg]]
!1er janvier 2020 : Editorial
|ssTablN0|k
|<<tiddler Roll1920>>|Avec le changement d'année, voici venu le temps du bilan de l'année écoulée, et des bonnes résolutions pour l'année qui commence.
Voici donc le ''bilan 2019'' assez fourni du ''Chapitre Français'' de la ''Cloud Security Alliance'', ainsi que les ''perspectives et des propositions d'objectifs pour 2020''.
Des actions sont d'ors et déjà engagées et vous devriez voir les premiers effets au cours du premier trimestre.|
!!1 -- Bilan 2019
!!!1.1 -- Les actions du [[Chapitre Français]]
# participation à 2 salons et conférences : [>img(150px,auto)[iCSF/Cloud2019.jpg]]
## en mars 2019, participation à la "Cloud Computing Expo Europe" et plus particulièrement au cycle de conférence "Forum Securité@Cloud"+++*[»]> [img(auto,100px)[iCSF/ForumSecuriteCloud-2019.png]][img(auto,100px)[iCSF/CCWE-2019.png]]===
## en novembre 2019, participation au salon "Cloud & Cyber Security Paris" et plus particulièrement au cycle de conférence associé avec l'animation d'une table ronde+++*[»]> [img(200px,auto)[iCSF/CCSEP2019.png]]===
# participation à plusieurs groupes de travail de la [[Cloud Security Alliance]]
# participation à l'animation et à des formations dans le cadre du partenariat avec l'ISEP Formation Continue+++*[»]> <<tiddler [[Partenariats - ISEP-FC - Masteres Spécialisés]]>>=== pour
## le ''[[Mastères Spécialisés® Expertise Cloud Computing|https://cloudsecurityalliance.fr/go/McCC/]]'' pour la 7^^ème^^ fois
## le ''[[Mastères Spécialisés® Architecture Cybersécurité et Intégration|https://cloudsecurityalliance.fr/go/McCS/]]'' pour la 2^^ème^^ fois
!!!1.2 -- Le site Web [[CloudSecurityAlliance.fr|https://CloudSecurityAlliance.fr]]
# le site Web est mis à jour une à deux fois par semaine avec les dernières actualités, annonces, et publications de la CSA [>img(150px,auto)[iCSF/Cloud2019.jpg]]
# de gros efforts ont été faits sur ''le fond'' et la ''founiture d'informations pertinentes''
# des adaptations ont été faites tout au long de l'année, même si la forme va encore évoluer
# l'ajout d'une rubrique "''Références''"+++*[»]> <<tiddler [[Références]]>>=== avec :
## des documents pertinents publiés par des agences nationales ou internationales de sécurité telles que l'ACSC (AU), l'ANSSI, le BSI (DE), le Clou.gov (US), le DoD (US), l'ENISA (EU), le NCSC (UK)...
## des documents pertinents publiés par des entités ou des organismes traitant de la sécurité et du Cloud telles que : le CIS, la CNIL, GEANT, Horizon 2020, l'ISO, l'IETF, le MITRE, le NIST, l'OWASP, PCI DSS...
## des documents pertinents publiés par des Prestataires de Services Cloud tels que : Amazon (AWS), Google (GCP), Microsoft (Azure)
# l'ajout d'une rubrique "''Outils''"+++*[»]> <<tiddler [[Outils]]>>=== avec :
## des tableaux de bord de ''l'état de services Cloud'' et les pages "sécurité" des //fournisseurs d'énergie Cloud//+++*[»]> <<tiddler Outils##EtatServices>>===
## des listes d'outils disponibles sur ''GitHub''+++*[»]> <<tiddler Outils##GitHub>>===
## des listes de sites avec des ''challenges'' sécurité ou de composants à tester sur+++*[»]> <<tiddler Outils##Challenges>>===
## des références de ''sites''+++*[»]> <<tiddler Outils##Sites>>===
## des ''ports'' TCP ou UDP de références+++*[»]> <<tiddler Outils##Ports>>===
# l'intégration d'une partie des archives :
## complètes pour 2019
## presque complètes pour 2018
## très partielles pour les années précédentes
# la mise en place d'un réducteur/minimiseur de liens/URLs+++*[»]> liens en //''CloudSecurityAlliance.fr/go/XXXX''// ===
** la plupart des articles rédigés à partir de la mi-2019 de ce site l'utilisent
!!!1.3 -- Autres points positifs
# la ''lettre hebdomadaire''+++*[»]> <<tiddler [[Newsletters]]>>=== a été publiée toutes les semaines depuis son lancement, début Mars 2019
## vous pouvez la retrouver sur le site [[CloudSecurityAlliance.fr|https://CloudSecurityAlliance.fr]] (rubrique [[Newsletters]])
## elle est publiée tous les dimanches sur notre groupe LinkedIN "Cloud Security Alliance, French Chapter"
# la ''veille Web Cloud et Sécurité''+++*[»]> <<tiddler [[Veille Web]]>>=== a été publiée toutes les semaines depuis son lancement, début Mars 2019
## elle est publiée tous les dimanches sur le site [[CloudSecurityAlliance.fr|https://CloudSecurityAlliance.fr]] (rubrique [[Veille Web]])
# sur ''LinkedIN'', notre groupe "''Cloud Security Alliance, French Chapter''"+++*[»]> <<tiddler [[LinkedIN]]>>=== continue de croître avec près de 300 membres
!!!1.4 -- Quelques points négatifs
# aucun un "événement CSA" n'a été organisé en France [>img(150px,auto)[iCSF/Cloud2019.jpg]]
# le comité de pilotage du [[Chapitre Français]] n'a pas pu être réactivé, malgré quelques tentatives
# aucune formation ''CCSK''+++*[»]> <<tiddler [[CCSK]]>>===n'a été organisée, malgré quelques tentatives, mais cela pourrait déboucher en 2020
# très faible utilisation du compte ''Twitter''+++*[»]> <<tiddler [[Twitter]]>>===
... mais ce n'est que partie remise !
!!2 -- Et pour 2020
!!!2.1 -- Continuité des actions engagées
# la poursuite des publications actuelles : newsletters et veille Web hebdomadaires [>img(150px,auto)[iCSF/Cloud2020.jpg]]
# la poursuite des actions d'animation et de formation dans les Mastères Spécialisés de l'ISEP Formation Continue
# la poursuite de l'intégration des archives antérieures à 2018
!!!2.2 -- Relance des actions non engagées en 2019
# la réactivation du Comité de pilotage du [[Chapitre Français]] au cours du premier trimestre 2020 [>img(150px,auto)[iCSF/Cloud2020.jpg]]
# une utilisation plus forte du compte Twitter
# la préparation d'une formation CCSK en France
# l'organisation d'un événement "Sécurité du Cloud"
!!!2.3 -- Nouvelles actions
[>img(150px,auto)[iCSA/CircleCSA.png]]Après quelques tests complémentaires, un portail va être ouvert pour les membres du [[Chapitre Français]] et géré directement par la Cloud Security Alliance.
* ce portail est une plateforme de partage collaborative avec liste de diffusion, possibilité de partage de documents, ...
* nous serons parmi l'un des premiers Chapitres à l'utiliser avant son déploiement par la CSA à tous les autres
* plus d'informations seront communiquées pendant le premier trismestre 2020
!!!2.4 -- Dates à retenir
2 dates sont déjà à inscrire sur votre agenda [>img(150px,auto)[iCSF/Cloud2020.jpg]]
# ''18 et 19 mars 2020'' : "Forum Securité@Cloud" dans le cadre de la "Cloud Computing World Expo" à Paris, Porte de Versailles+++*[»]> <<tiddler [[Forum Sécurité@Cloud]]>>===
# ''17 et 18 novembre 2020'' : "Cloud & Cyber Security Paris" à Paris, Porte de Versailles
Quant au "CSA EMEA Congress", il devrait avoir lieu soit en octobre, soit en novembre 2020, à Bruxelles ou à Berlin.
!!3 -- Contacts
Si vous souhaitez participer activement au [[Chapitre Français]], ou simplement découvrir les travaux de la [[Cloud Security Alliance]], contactez nous
* par [[email|Contact]]
* via [[LinkedIn|https://www.linkedin.com/groups/3758242]]
* via l'espace [[Slack]]
[img[iCSF/flag_fr.png]]^^oc^^[img(50%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: "Bilan 2019 et perspectives 2020">>
!"//?Securing data and maintaining compliance in ServiceNow//"
[>img(150px,auto)[iCSA/K1RBS.jpg]]^^Article publié le 27 janvier sur le blog de la CSA, et après l'avoir été sur le site de CipherCloud.
Même s'il adresse un sujet intéressant, cet article à pour principal objectif de faire participer le lecteur à un Webcast (bis)
⇒ Lire [[l'article|https://cloudsecurityalliance.org/blog/2020/01/27/securing-data-and-maintaining-compliance-in-servicenow/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.ciphercloud.com/securing-data-and-maintaining-compliance-in-servicenow/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//?Prevent security misconfigurations in a multi-cloud environment//"
[>img(150px,auto)[iCSA/K1KBP.jpg]]^^Article publié le 20 janvier sur le blog de la CSA, sur le site de CipherCloud.
Même s'il adresse un sujet intéressant, cet article à pour principal objectif de faire participer le lecteur à un Webcast.
⇒ Lire [[l'article|https://cloudsecurityalliance.org/blog/2020/01/20/prevent-security-misconfigurations-in-a-multi-cloud-environment/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.ciphercloud.com/prevent-security-misconfigurations-in-a-multi-cloud-environment/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201912>>
<<tiddler fAll2Tabs10 with: VeilleM","_201912>>
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|Aucune alerte pour le moment|
|2019.12.26|//Check Point//|[[Kubernetes API Server Denial Of Service (CVE-2019-11253)|https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-1443.html]]|K8s Flaw|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Décembre 2019]]>>
<<tiddler fAll2LiTabs10 with: NewsL","201912>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Décembre 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Décembre 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201912>>
<<tiddler fAll2LiTabs13end with: Blog","201912>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Décembre 2019]]>>
<<tiddler fAll2LiTabs13end with: Publ","201912>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Décembre 2019]]>>
!!1 - Informations CSA de la semaine du 23 au 29 décembre 2019 [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* Actu : Appel à commentaires, document "''Compléments CCM V3.0.1 pour les spécifications sécurité de CloudOS''"+++*[»]> <<tiddler [[2019.12.12 - Appel à commentaires : document 'Compléments CCM V3.0.1 pour les spécifications sécurité de CloudOS']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.12.29 - Veille Hebdomadaire - 29 décembre]] avec plus de 30 liens
* Bilan 2019 et prévisions 2020 : //Alcide//, Computer Weekly, //Productiv//, Silicon Angle
* Etudes : //Coalfire//+++*[»]>
|2019.12.26|MSSP Alert|[[Study: Midmarket Businesses Face Cloud Migration Cyber Risks|https://www.msspalert.com/cybersecurity-research/midmarket-cyber-risks/]]|Study Risks|
|2019.12.11|//Coalfire//| → [[Penetration Risk Report|https://www.coalfire.com/Resources/White-Papers/2019-Coalfire-Penetration-Risk-Report]]|Study Risks|
===, ESG+++*[»]>
|2019.12.23|ESG|![[ESG Research Report: The rise of cloud-based security analytics and operations technologies|https://www.esg-global.com/research/esg-research-report-the-rise-of-cloud-based-security-analytics-and-operations-technologies]]|Report|
===
* __Divers__ : Effets des attaques contre le Cloud+++*[»]>
|2019.12.27|//Catchpoint//|![[Containing the ripple effect of cloud cyberattacks|https://www.scmagazine.com/home/opinion/executive-insight/containing-the-ripple-effect-of-cloud-cyberattacks/]]|Cyberattacks Best_Practices|
===, politique de conservation des données
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.12.29|
|2019.12.29|//Tripwire//|![[AWS vs. Azure vs. Google - What's the Difference from a Cloud Security Standpoint?|https://www.tripwire.com/state-of-security/security-data-protection/cloud/aws-azure-google-difference-cloud-security-standpoint/]]|AWS Azure GCP|
|2019.12.29|NBC News|[[How online 'cloud buckets' are exposing private photos and other sensitive data|https://www.nbcnews.com/tech/internet/how-online-cloud-buckets-are-exposing-private-photos-other-sensitive-n1105056]]|Data_Leaks|
|>|>|>|!2019.12.28|
|2019.12.28|Silicon Angle|[[Predictions 2020: Cloud, Kubernetes and cybersecurity will rule|https://siliconangle.com/2019/12/28/predictions-2020-cloud-kubernetes-cybersecurity-will-rule/]]|Predictions|
|2019.12.28|TechRadar Pro|[[Emerging technologies securing the cloud|https://www.techradar.com/news/emerging-technologies-securing-the-cloud]]|Misc|
|>|>|>|!2019.12.27|
|2019.12.27|Computer Weekly|[[Top 10 cloud stories of 2019|https://www.computerweekly.com/news/252475348/Top-10-cloud-stories-of-2019]]|Year_Recap|
|2019.12.27|arXiv.org|[[Towards Deep Federated Defenses Against Malware in Cloud Ecosystems|https://arxiv.org/pdf/1912.12370.pdf]]|Malware|
|2019.12.27|//Catchpoint//|![[Containing the ripple effect of cloud cyberattacks|https://www.scmagazine.com/home/opinion/executive-insight/containing-the-ripple-effect-of-cloud-cyberattacks/]]|Cyberattacks Best_Practices|
|2019.12.27|//Alibaba Cloud//|[[The Open Application Model from Alibaba's Perspective|https://medium.com/@Alibaba_Cloud/the-open-application-model-from-alibabas-perspective-2352f89ad845]]|Alibaba OAM|
|2019.12.27|//Productiv//|[[Productiv 2020 Predictions: SaaS applications in 2020|https://vmblog.com/archive/2019/12/27/productiv-2020-predictions-saas-applications-in-2020.aspx]]|Predictions|
|2019.12.27|//Whois API, Inc//|[[Mitigating Phishing Attacks on Cloud/File Storage Services through Domain Reputation API|http://www.circleid.com/posts/20191227_mitigating_phishing_cloud_file_storage_services_through_domain_rep/]]|Phishing|
|2019.12.27|Cloud.Gov|![[Security Incident Response Guide|https://cloud.gov/docs/ops/security-ir/]]|Incident_Response|
|2019.12.27|Cloud.Gov| → [[Security Incident Response checklist|https://cloud.gov/docs/ops/security-ir-checklist/]]|Incident_Response|
|2019.12.27|DZone|[[A Brief Guide to Kubernetes and Containers|https://dzone.com/articles/definitive-guide-to-kubernetes]]|K8s Containers|
|>|>|>|!2019.12.26|
|2019.12.26|Les Echos[>img[iCSF/flag_fr.png]]|[[La souveraineté européenne face au Cloud Act|https://www.lesechos.fr/idees-debats/cercle/opinion-la-souverainete-europeenne-face-au-cloud-act-1159010]]|CLOUD_Act Europe|
|2019.12.26|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Cloud : pourquoi adopter une politique de conservation des données|https://www.lemagit.fr/conseil/Cloud-pourquoi-adopter-une-politique-de-conservation-des-donnees]]|Data Policy|
|2019.12.26|IT World Canada|[[Videoconference system stored data in open AWS bucket, says new report|https://www.itworldcanada.com/article/videoconference-system-stored-data-in-open-aws-bucket-says-new-report/425319]]|Data_Leak|
|2019.12.26|CISO Mag|[[Securing the Hybrid Cloud Environment: A New Paradigm Using Zero Trust|https://www.cisomag.com/securing-the-hybrid-cloud-environment-a-new-paradigm-using-zero-trust/]]|Hybrid_Cloud Zero_Trust|
|2019.12.26|MSSP Alert|[[Study: Midmarket Businesses Face Cloud Migration Cyber Risks|https://www.msspalert.com/cybersecurity-research/midmarket-cyber-risks/]]|Study Risks|
|2019.12.11|//Coalfire//| → [[Penetration Risk Report|https://www.coalfire.com/Resources/White-Papers/2019-Coalfire-Penetration-Risk-Report]]|Study Risks|
|2019.12.26|SecureCloud.blog|[[Reddit Thread Answer: Azure AD - Autologon endpoint|https://securecloud.blog/2019/12/26/reddit-thread-answer-azure-ad-autologon-endpoint/]]|AzureAD|
|2019.12.26|//Check Point//|[[Kubernetes API Server Denial Of Service (CVE-2019-11253)|https://www.checkpoint.com/defense/advisories/public/2019/cpai-2019-1443.html]]|K8s Flaw|
|2019.12.26|//JumpCloud//|[[Bridge Active Directory To The Cloud|https://jumpcloud.com/blog/ad-cloud-bridge/]]|Active_Directory|
|2019.12.26|//Security Intelligence//|[[Demystifying Security in an Open, Hybrid Multicloud Environment|https://securityintelligence.com/posts/demystifying-security-in-an-open-hybrid-multicloud-environment/]]|Multi_Cloud|
|>|>|>|!2019.12.25|
|2019.12.25|Cyber Security Hub|[[Public Cloud Platforms - A Honey Pot For Threat Actors - Building An Understanding Of Risk And Configuration|https://www.cshub.com/cloud/articles/public-cloud-platforms-a-honey-pot-for-threat-actors]]|Risks HoneyPot|
|>|>|>|!2019.12.24|
|2019.12.24|01 Business[>img[iCSF/flag_fr.png]]|[[Cloud de confiance en France : la recette existe|https://www.linkedin.com/pulse/cloud-de-confiance-en-france-la-recette-existe-fr%C3%A9d%C3%A9ric-simottel/]]|Sovereign_Cloud|
|2019.12.24|Reddit|[[Synoptek Issues|https://www.reddit.com/r/sysadmin/comments/ef2egh/synoptek_issues/]]|Attack Ransomware CSP|
|2019.12.27|Krebs on Security| → [[Ransomware at IT Services Provider Synoptek|https://krebsonsecurity.com/2019/12/ransomware-at-it-services-provider-synoptek/]]|Attack Ransomware CSP|
|2019.12.24|Container Journal|[[5 Common Container Mistakes to Avoid|https://containerjournal.com/topics/container-management/5-common-container-mistakes-to-avoid/]]|Containers|
|2019.12.24|CSO|[[How to use Microsoft Compliance Score to improve data protection|https://www.csoonline.com/article/3490238/how-to-use-microsoft-compliance-score-to-improve-data-protection.html]]|O365 Compliance|
|2019.12.24|//Alcide//|[[Kubernetes Security Leader Alcide Releases 2020 Predictions: Kubernetes on the Edge, Intelligent and Automated K8s Security and the Rise of Distributed Tracing|https://vmblog.com/archive/2019/12/24/kubernetes-security-leader-alcide-releases-2020-predictions-kubernetes-on-the-edge-intelligent-and-automated-k8s-security-and-the-rise-of-distributed-tracing.aspx]]|Predictions|
|2019.12.24|//Alibaba Cloud//|[[From Confused to Proficient: Kubernetes Authentication and Scheduling|https://medium.com/@Alibaba_Cloud/from-confused-to-proficient-kubernetes-authentication-and-scheduling-39a058af5103]]|K8s Authentication|
|2019.12.24|//Alibaba Cloud//|[[From Confused to Proficient: Analysis of Failure to Delete a Kubernetes Cluster Namespace|https://medium.com/@Alibaba_Cloud/from-confused-to-proficient-analysis-of-failure-to-delete-a-kubernetes-cluster-namespace-62c31bc1a2ac]]|K8s|
|2019.12.24|DZone|[[6 Enterprise Kubernetes Takeaways from KubeCon San Diego|https://dzone.com/articles/6-enterprise-kubernetes-takeaways-from-kubecon-san]]|K8s Conference|
|2019.12.24|//Alibaba Cloud//|[[Six Typical Issues when Constructing a Kubernetes Log System|https://www.alibabacloud.com/blog/six-typical-issues-when-constructing-a-kubernetes-log-system_595670]]|K8s Logging|
|>|>|>|!2019.12.23|
|2019.12.23|Les Echos[>img[iCSF/flag_fr.png]]|[[Pour Tencent, l'Europe a déjà perdu la bataille du cloud|https://www.lesechos.fr/monde/europe/pour-tencent-leurope-a-deja-perdu-la-bataille-du-cloud-1158624]]|Sovereign_Cloud Europe|
|2019.12.23|Gartner|![[Say Hello to SASE (Secure Access Service Edge)|https://blogs.gartner.com/andrew-lerner/2019/12/23/say-hello-sase-secure-access-service-edge/]]|SASE|
|2019.12.23|Container Journal|[[OpenShift, Kubernetes and Docker: A Quick Comparison|https://containerjournal.com/topics/container-ecosystems/openshift-kubernetes-and-docker-a-quick-comparison/]]|Docker Kubernetes|
|2019.12.23|Avishay Bar|![[caponeme - Repository demonstrating the Capital One breach on your AWS account|https://github.com/avishayil/caponeme]]|Tools CapitalOne Demonstration|
|2019.12.23|//JumpCloud//|[[Active Directory for Cloud-Forward Sysadmins|https://jumpcloud.com/blog/active-directory-cloud-forward-sysadmins/]]|AzureAD|
|2019.12.23|//JumpCloud//|[[Sync Active Directory With AWS|https://jumpcloud.com/blog/sync-active-directory-with-aws/]]|AWS AzureAD|
|2019.12.23|//Data Insider//|[[What is a Cloud Access Security Broker?|https://digitalguardian.com/blog/what-cloud-access-security-broker]]|CASB|
|2019.12.23|//Security Intelligence//|[[Slowing Data Security Tool Sprawl in a Hybrid Multicloud World|https://securityintelligence.com/posts/slowing-data-security-tool-sprawl-in-a-hybrid-multicloud-world/]]|Hybrid_Cloud|
|2019.12.23|Transatel [>img[iCSF/flag_fr.png]]|[[Le cloud : enfer ou opportunité pour la sécurité ?|[https://www.linkedin.com/pulse/le-cloud-enfer-ou-opportunit%C3%A9-pour-la-s%C3%A9curit%C3%A9-valerian-perret/]]|Misc|
|2019.12.23|ESG|![[ESG Research Report: The rise of cloud-based security analytics and operations technologies|https://www.esg-global.com/research/esg-research-report-the-rise-of-cloud-based-security-analytics-and-operations-technologies]]|Report|
!!1 - Informations CSA de la semaine du 16 au 22 décembre 2019 [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* Actu : Fin du projet ''European Security Certification Framework (EU-SEC)''+++*[»]> <<tiddler [[2019.12.19 - Fin du projet European Security Certification Framework (EU-SEC)]]>>===
* Actu : Appel à commentaires, ''derniers jours'' pour répondre, document "''Cloud Incident Response Framework - A Quick Guide''"+++*[»]> <<tiddler [[2019.11.28 - Appel à commentaires : document 'Cloud Incident Response Framework - A Quick Guide']]>>===
* Actu : Appel à commentaires, ''derniers jours'' pour répondre, document "''Hybrid Cloud and Its Associated Risks''"+++*[»]> <<tiddler [[2019.11.28 - Appel à commentaires : document 'Hybrid Cloud and Its Associated Risks']]>>===
* Actu : Appel à commentaires, document "''Compléments CCM V3.0.1 pour les spécifications sécurité de CloudOS'''"+++*[»]> <<tiddler [[2019.12.12 - Appel à commentaires : document 'Compléments CCM V3.0.1 pour les spécifications sécurité de CloudOS']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.12.22 - Veille Hebdomadaire - 22 décembre]] avec plus de 60 liens
* __Attaques__ et Vulnérabilités : 0-day Dropbox, élévation de privilège dans AWS, //Cloud Shell// contre AWS
* Bilan 2019 et prévisions 2020 : BetaNews, CloudFoundry, Container Journal, DevOps.com, DZone, Kubernetes, Rancher, Solutions Review
* Rapports et Sondages : Precise Security, SANS
* Info ou Intox : début 2018, Google aurait envisagé de se désengager du Cloud s'il n'était pas numéro 2 sur le marché en 2023+++*[»]>
|2019.12.17|The Information|[[Google Brass Set 2023 as Deadline to Beat Amazon, Microsoft in Cloud|https://www.theinformation.com/articles/google-brass-set-2023-as-deadline-to-beat-amazon-microsoft-in-cloud]]|GCP Strategy|
|2019.12.17|Silicon Angle| → [[Google denies report it considered quitting cloud computing business|https://siliconangle.com/2019/12/17/google-denies-report-considered-quitting-cloud-computing-business/]]|GCP Strategy|
|2019.12.18|CRN| → [[Google considered killing its cloud: report|https://www.crn.com.au/news/google-considered-killing-its-cloud-report-535749]]|GCP Strategy|
|2019.12.17|CRN| → [[Google's Five-Year Plan For GCP Has Funding Strings Attached: Report|https://www.crn.com/news/cloud/google-reportedly-set-ambitious-goal-and-possible-deadline-for-gcp]]|GCP Strategy|
|2019.12.18|Computer Weekly| → [[Google declares report on alleged public cloud exit discussions 'inaccurate'|https://www.computerweekly.com/news/252475694/Google-declares-report-on-alleged-public-cloud-exit-discussions-inaccurate]]|GCP Strategy|
===
* __Divers__ : l'approche BeyondProd de Google pour les microservices+++*[»]>
|2019.12.17|//Google//|![[BeyondProd: A new approach to cloud-native security|https://cloud.google.com/security/beyondprod/]]|Cloud_Native|
|2019.12.18|Silicon.fr[>img[iCSF/flag_fr.png]]| → [[BeyondProd : l'approche de Google pour sécuriser les microservices|https://www.silicon.fr/beyondprod-google-microservices-330083.html]]|Cloud_Native|
|2019.12.19|//Duo Security//| → [[BeyondProd Lays Out Security Principles for Cloud-Native Applications|https://duo.com/decipher/beyondprod-lays-out-security-principles-for-cloud-native-applications]]|Cloud_Native|
===, Containers, Docker
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.12.22|
|2019.12.22|B2C|[[Cloud-Native Environments: A Challenge for Traditional Cyber Security Practices|https://www.business2community.com/cybersecurity/cloud-native-environments-a-challenge-for-traditional-cyber-security-practices-02269834]]|Cloud_Native|
|>|>|>|!2019.12.21|
|2019.12.21|BFM Business[>img[iCSF/flag_fr.png]]|[[Comment bâtir un cloud souverain de confiance ?|https://bfmbusiness.bfmtv.com/mediaplayer/video/comment-batir-un-cloud-souverain-de-confiance-2112-1210593.html]] (vidéo)|Sovereign_Cloud|
|>|>|>|!2019.12.20|
|2019.12.20|SANS|[[Workforce Automation and the Cloud: A Dichotomy|https://www.sans.org/cyber-security-intelligence/2019/12/20/workforce-automation-and-the-cloud-a-dichotomy]] ([[sondage après inscription|https://www.sans.org/reading-room/whitepapers/analyst/workforce-transformation-challenges-risks-opportunities-39340]])|Survey|
|2019.12.20|SecureCloud.blog|[[NodeJS Logging integration with Azure Log Analytics/Sentinel|https://securecloud.blog/2019/12/20/nodejs-logging-integration-with-azure-log-analytics-sentinel/]]|Azure Logging|
|2019.12.20|Healthcare IT News|[[Cybersecurity poses big challenges, but new cloud approaches hold promise|https://www.healthcareitnews.com/news/cybersecurity-poses-big-challenges-new-cloud-approaches-hold-promise]]|Challenges|
|2019.12.20|//Google Cloud//|[[Kubernetes Podcast in 2019: year-end recap|https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-podcast-in-2019-year-end-recap]]|K8s Year_Recap|
|2019.12.20|//Trendmicro//|![[Why Running a Privileged Container in Docker Is a Bad Idea|https://blog.trendmicro.com/trendlabs-security-intelligence/why-running-a-privileged-container-in-docker-is-a-bad-idea/]]|Docker Containers Privileges|
|2019.12.20|//Check Point//|[[8 Best Practices for Multi-Cloud Security|https://blog.checkpoint.com/2019/12/20/8-best-practices-for-multi-cloud-security/]]|Multi_Cloud Best_Practices|
|2019.12.20|//Summit Route//|![[re:Invent 2019 Security Review|https://summitroute.com/blog/2019/12/20/reinvent_2019_security_review/]]|AWS Conference|
|2019.12.20|ID Access Management|[[How to remove inactive users automatically via Access Reviews?|https://identityaccess.management/2019/12/20/how-to-remove-inactive-users-automatically-via-access-reviews/]]|O365 Access_Review|
|2019.12.20|//GitLab//|[[Introducing Token-Hunter|https://about.gitlab.com/blog/2019/12/20/introducing-token-hunter/]]|[[Tools|GitHub-Tools]]|
|2019.12.20|//CloudPassage//|[[Solving Public Cloud Security Challenges with Automation|https://www.cloudpassage.com/blog/solving-public-cloud-security-challenges-with-automation/]]|Public_Cloud|
|2019.12.20|//Panther Labs//|[[AWS Identity and Access Management (IAM) Fundamentals|https://blog.runpanther.io/aws-iam-fundamentals/]]|AWS IAM|
|>|>|>|!2019.12.19|
|2019.12.19|ENISA|Call 02/19 - Cloud Services: [[Call for expression of interest for an ad hoc Working Group|https://www.enisa.europa.eu/news/enisa-news/call-for-expression-of-interest-for-an-ad-hoc-working-group]] ([[Terms of Reference|https://www.enisa.europa.eu/topics/standards/adhoc_wg_calls/ahWG02/tor_ahwg02_cloud]])|ENISA|
|2019.12.19|BetaNews|[[Cloud predictions for 2020|https://betanews.com/2019/12/19/cloud-predictions-for-2020/]]|Predictions|
|2019.12.19|Solutions Review|[[20 Experts Share Predictions for Cloud in 2020 and Beyond|https://solutionsreview.com/cloud-platforms/20-experts-share-predictions-for-cloud-in-2020-and-beyond/]]|Predictions|
|2019.12.19|Solutions Review|[[11 Experts Share Predictions and Advice for Cloud Security in 2020|https://solutionsreview.com/cloud-platforms/11-experts-share-predictions-and-advice-for-cloud-security-in-2020/]]|Predictions|
|2019.12.19|Container Journal|[[Going to the Cloud? Go Containers|https://containerjournal.com/topics/container-ecosystems/going-to-the-cloud-go-containers/]]|Containers|
|2019.12.19|Sensors Tech Forum|[[On-Premise vs Cloud-to-Cloud Backup: the Best Solution for Your SaaS|https://sensorstechforum.com/on-premise-vs-cloud-cloud-backup/]]|SaaS Backup|
|2019.12.19|//Tripwire//|[[Top Cloud Security Resources: Certifications, Events and Social Media|https://www.tripwire.com/state-of-security/security-data-protection/cloud/top-cloud-security-resources-certifications-events-social-media/]]|Misc|
|2019.12.19|//Rancher//|[[Rancher Security: 2019 Recap|https://rancher.com/blog/2019/rancher-security-2019-recap/]]|Year_Recap|
|2019.12.19|//StackRox//|[[As Kubernetes Matures, Security Evolves into Safety|https://vmblog.com/archive/2019/12/19/stackrox-2020-predictions-as-kubernetes-matures-security-evolves-into-safety.aspx]]|Predictions|
|2019.12.19|//Caylent//|[[The Pros and Cons of Running Production Databases as Containers|https://caylent.com/the-pros-and-cons-of-running-production-databases-as-containers]]|Containers Databases|
|2019.12.19|//WatchGuard//|[[MSP Cloud Presence Concerns|https://www.msspalert.com/cybersecurity-guests/msp-cloud-presence-concerns/]]|MSSP|
|2019.12.19|//Apcela//|[[Prime Real Estate in the Cloud|http://www.circleid.com/posts/20191219_prime_real_estate_in_the_cloud/]]|Misc|
|2019.12.19|//Bishopfox//|![[Investigating PrivEsc Methods in AWS|https://know.bishopfox.com/research/privilege-escalation-in-aws]]|AWS Flaws|
|2019.12.19|//Bishopfox//| → [[Escalator to the Cloud: 5 Privesc Attack Vectors in AWS|https://know.bishopfox.com/blog/5-privesc-attack-vectors-in-aws]]|AWS Flaws|
|2019.12.19|//Cloud Foundry//|[[Cloud Foundry Foundation 2020 Predictions: Cloud Complexity Urges Developers to Seek Simplification|https://vmblog.com/archive/2019/12/19/cloud-foundry-foundation-2020-predictions-cloud-complexity-urges-developers-to-seek-simplification.aspx]]|Predictions|
|2019.12.19|//BishopFox Labs//|[[Escalator to the Cloud: 5 Privesc Attack Vectors in AWS|https://labs.bishopfox.com/tech-blog/5-privesc-attack-vectors-in-aws]]|AWS Attack_Vectors|
|>|>|>|!2019.12.18|
|2019.12.18|Infosecurity Mag|[[Year in Review: Cloud Security|https://www.infosecurity-magazine.com/blogs/year-review-cloud-security/]]|Year_Recap|
|2019.12.18|Infosecurity Mag|[[Data Leak Exposes Thousands of US Defense Contractor Staff|https://www.infosecurity-magazine.com/news/cloud-data-leak-thousands/]]|AWS S3 Data_Leak|
|2019.12.18|//Microsoft//|[[Data governance and retention in your Microsoft 365 tenant - a secure and highly capable solution|https://www.microsoft.com/security/blog/2019/12/18/data-governance-retention-microsoft-365-tenant-secure-highly-capable-solution/]]|Azure Tenant|
|2019.12.18|//Security Intelligence//|[[Cloud Security in 2020 Starts With Protecting Data Wherever It Resides|https://securityintelligence.com/posts/cloud-security-in-2020-starts-with-protecting-data-wherever-it-resides/]]|Predictions|
|2019.12.18|//Security Intelligence//|[[Cloud Security in 2020 Starts With Protecting Data Wherever It Resides|https://securityintelligence.com/posts/cloud-security-in-2020-starts-with-protecting-data-wherever-it-resides/]]|Misc|
|2019.12.18|//Threatpost//|[[Why Cloud, Collaboration Breed Insider Threats|https://threatpost.com/why-cloud-collaboration-insider-threats/151272/]]|Insider_Threats|
|2019.12.18|//Sysdig//|[[How to Monitor Kubernetes API Server|https://sysdig.com/blog/monitor-kubernetes-api-server/]]|K8s|
|2019.12.18|//NeuVector//|[[How Serverless Functions Work - Using AWS Lambda as an Example|https://neuvector.com/cloud-security/how-aws-lambda-serverless-works/]]|Serverless|
|2019.12.18|//Swimlane//|[[How to investigate alerts in Microsoft Azure with SOAR|https://swimlane.com/blog/investigate-alerts-in-microsoft-azure/]]|Azure Alerting|
|2019.12.18|//Precise Security//|[[MS Office Represents 73% Of The Most Commonly Exploited Applications Worldwide|https://www.precisesecurity.com/articles/ms-office-represents-73-of-the-most-commonly-exploited-applications-worldwide/]]|Report|
|2019.12.18|//Decoder.Cloud//|![[From dropbox(updater) to NT AUTHORITY\SYSTEM|https://decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/]]|Dropbox Flaws|
|2019.12.21|Bleeping Computer| → [[Dropbox Zero-Day Vulnerability Gets Temporary Fix|https://www.bleepingcomputer.com/news/security/dropbox-zero-day-vulnerability-gets-temporary-fix/]]|Dropbox Flaw|
|2019.12.21|GBHackers On Security| → [[Unpatched Dropbox for Windows Zero-Day Bug Let Hackers get SYSTEM Privileges|https://gbhackers.com/dropbox-windows/]]|Dropbox Flaw|
|2019.12.18|//Backblaze//|[[Backing Up the Death Star: How Cloud Storage Explains the Rise of Skywalker|https://www.backblaze.com/blog/backing-up-the-death-star-how-cloud-storage-explains-the-rise-of-skywalker/]]|Fun|
|2019.12.18|//Sentinel One//|[[Ransomware as a Service - What are Cryptonite, Recoil and Ghostly Locker?|https://www.sentinelone.com/blog/ransomware-as-a-service-what-are-cryptonite-recoil-and-ghostly-locker/]]|Ransomware|
|2019.12.18|Container Journal|[[Google Shares Best Practices for Securing Microservices|https://containerjournal.com/topics/container-security/google-shares-best-practices-for-securing-microservices/]]|Microservices Best_Practices|
|>|>|>|!2019.12.17|
|2019.12.17|Gov.UK|![[Managing technical lock-in in the cloud|https://www.gov.uk/guidance/managing-technical-lock-in-in-the-cloud]]|Guidance|
|2019.12.20|UK Authority| → [[GDS publishes guidance on avoiding cloud lock-in|https://www.ukauthority.com/articles/gds-publishes-guidance-on-avoiding-cloud-lock-in/]]|Guidance|
|2019.12.17|SANS|![[How to Build a Successful Cloud Security Program|https://www.sans.org/cyber-security-intelligence/2019/12/17/how-to-build-a-successful-cloud-security-program]]|Governance|
|2019.12.17|SANS|![[How to Leverage a CASB for Your AWS Environment|https://www.sans.org/reading-room/whitepapers/analyst/leverage-casb-aws-environment-39345]]|CASB AWS|
|2019.12.17|The Information|[[Google Brass Set 2023 as Deadline to Beat Amazon, Microsoft in Cloud|https://www.theinformation.com/articles/google-brass-set-2023-as-deadline-to-beat-amazon-microsoft-in-cloud]]|GCP Strategy|
|2019.12.17|Silicon Angle| → [[Google denies report it considered quitting cloud computing business|https://siliconangle.com/2019/12/17/google-denies-report-considered-quitting-cloud-computing-business/]]|GCP Strategy|
|2019.12.18|CRN| → [[Google considered killing its cloud: report|https://www.crn.com.au/news/google-considered-killing-its-cloud-report-535749]]|GCP Strategy|
|2019.12.17|CRN| → [[Google's Five-Year Plan For GCP Has Funding Strings Attached: Report|https://www.crn.com/news/cloud/google-reportedly-set-ambitious-goal-and-possible-deadline-for-gcp]]|GCP Strategy|
|2019.12.18|Computer Weekly| → [[Google declares report on alleged public cloud exit discussions 'inaccurate'|https://www.computerweekly.com/news/252475694/Google-declares-report-on-alleged-public-cloud-exit-discussions-inaccurate]]|GCP Strategy|
|2019.12.17|IoT for All|[[Five Reasons to Upgrade to MQTT 5|https://www.iotforall.com/mqtt-iot/]]|IOT MQTT|
|2019.12.17|//Nuageo//[>img[iCSF/flag_fr.png]]|[[A la découverte du Serverless Computing|https://www.nuageo.fr/2019/12/decouverte-serverless-computing/]]|Serverless FaaS|
|2019.12.17|//Microsoft//|[[Advancing Azure Active Directory availability|https://azure.microsoft.com/en-us/blog/advancing-azure-active-directory-availability/]]|AzureAD Availability|
|2019.12.17|//Google//|![[BeyondProd: A new approach to cloud-native security|https://cloud.google.com/security/beyondprod/]]|Cloud_Native|
|2019.12.18|Silicon.fr[>img[iCSF/flag_fr.png]]| → [[BeyondProd : l'approche de Google pour sécuriser les microservices|https://www.silicon.fr/beyondprod-google-microservices-330083.html]]|Cloud_Native|
|2019.12.19|//Duo Security//| → [[BeyondProd Lays Out Security Principles for Cloud-Native Applications|https://duo.com/decipher/beyondprod-lays-out-security-principles-for-cloud-native-applications]]|Cloud_Native|
|2019.12.17|//Fortinet//|[[Seven Critical Vulnerabilities Discovered in Portainer|https://www.fortinet.com/blog/threat-research/seven-critical-vulnerabilities-portainer.html]]|Flaw|
|2019.12.17|//Zscaler//|[[A True SASE Solution Requires a Cloud-First Architecture|https://www.zscaler.com/blogs/corporate/true-sase-solution-requires-cloud-first-architecture]]|Network SASE|
|2019.12.17|//CloudAcademy//|[[Azure Security: Best Practices You Need to Know|https://cloudacademy.com/blog/azure-security-best-practices-you-need-to-know/]]|AWS Best_Practices|
|2019.12.17|//Forescout//|[[Forescout Research Labs Discovers Multiple Vulnerabilities in DTEN Conferencing and Collaboration Systems|https://www.forescout.com/company/blog/dten-vulnerability/]]|Data_Leak|
|2019.12.17|SANS|[[How to Build a Successful Cloud Security Program|https://www.sans.org/blog/how-to-build-a-successful-cloud-security-program/]]|Policy|
|>|>|>|!2019.12.16|
|2019.12.16|Silicon.fr[>img[iCSF/flag_fr.png]]|[[CLOUD Act : les hyperscalers optent pour la garantie chiffrement|https://www.silicon.fr/cloud-act-hyperscalers-chiffrement-329847.html]]|CLOUD_Act|
|2019.12.16|DZone|[[Desktop on Cloud: Productive, Cost-Effective and More Secure|https://dzone.com/articles/desktop-on-cloud-productive-cost-effective-and-mor]]|Desktop-aaS|
|2019.12.16|DevOps.com|[[The Top Six Cloud Computing Trends of 2019|https://devops.com/the-top-six-cloud-computing-trends-of-2019/]]|Year_Recap|
|2019.12.16|Bleeping Computer|[[Over 435K Security Certs Can Be Compromised With Less Than $3,000|https://www.bleepingcomputer.com/news/security/over-435k-security-certs-can-be-compromised-with-less-than-3-000/]]|Certificates|
|2019.12.16|Container Journal|[[Predictions 2020: The Killer App for Edge Computing in 2020 will be Kubernetes|https://containerjournal.com/topics/container-ecosystems/predictions-2020-the-killer-app-for-edge-computing-in-2020-will-be-kubernetes/]]|K8s|
|2019.12.16|DZone|[[2020 Cloud and Containers Predictions|https://dzone.com/articles/2020-cloud-and-containers-predictions]]|Predictions|
|2019.12.16|Bleeping Computer|[[Google to Force OAuth in G Suite to Increase Security|https://www.bleepingcomputer.com/news/security/google-to-force-oauth-in-g-suite-to-increase-security/]]|GCP OAuth|
|2019.12.16|GCN|[[MITRE updates ATT&CK for the cloud|https://gcn.com/articles/2019/12/16/mitre-attack-cloud.aspx]]|MITRE_ATTACK|
|2019.12.16|//Offensi.com//|![[4 Google Cloud Shell bugs explained|https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/]] - bug [[#1|https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-1/]], [[#2|https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-2/]], [[#3|https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-3/]], [[#4|https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-bug-4/]]|GCP Flaws|
|2019.12.16|//Google Cloud//|[[Enabling a more secure cloud with our partners|https://cloud.google.com/blog/products/identity-security/making-your-cloud-more-secure-through-google-cloud-partners]]|GCP|
|2019.12.16|//Google Cloud//|[[Turning off less secure app access to G Suite accounts|https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html]]|GCP OAuth|
|2019.12.17|//Duo Security//| → [[Google to Restrict App Access to G Suite Accounts|https://duo.com/decipher/google-to-restrict-app-access-to-g-suite-accounts]]|GCP OAuth|
|2019.12.16|//CompareTheCloud|//|[[Cloud vs on-premise: striking a balance on security|https://www.comparethecloud.net/articles/cloud/cloud-vs-on-premise-striking-a-balance-on-security/]]|Misc|
|2019.12.16|//CompareTheCloud|//|[[Taking the fog out of cloud security|https://www.comparethecloud.net/articles/taking-the-fog-out-of-cloud-security/]]|Misc|
|2019.12.16|//AppSecCo//|[[New Security Training - Attack and Defence in the AWS Cloud|https://blog.appsecco.com/new-security-training-attack-and-defence-in-the-aws-cloud-ef67f1221d0a]]|AWS Training|
!"//European Cloud Security Project Leaves Rich Legacy of Materials for Cloud Stakeholders//"
<<<
[>img(200px,auto)[iCSF/EUSEC.jpg]]//CSA contributions led to development of multi-party recognition framework for cloud security certifications, continuous auditing-based certification, and Privacy Code of Conduct
Seattle - Dec. 19, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the European Security Certification Framework (EU-SEC) project has concluded. During the course of its three-year participation, CSA contributed to numerous initiatives to benefit cloud stakeholders, among them a multi-party recognition framework for cloud security certifications that has brought clarity to the compliance process, continuous audit-based certification that offers increased trust in the assurance process, and a Privacy Code of Conduct that helps cloud service providers understand GDPR readiness and demonstrate compliance.
The primary goal of EU-SEC is to improve trust in cloud services by creating a framework under which existing certification and assurance approaches can co-exist. The framework also adds an additional layer of trust, assurance and transparency by including continuous auditing-based certifications. It is targeted at cloud stakeholders wishing to improve the business value, efficiency and effectiveness of their approach to cloud security and privacy compliance. This includes auditors, cloud service providers, regulators, standard owners and cloud users.
In addition to all the work required to build the framework architecture, the project partners worked hard to produce a variety of materials to ensure the project outcomes remain at the disposal of cloud stakeholders. The resources include:
* White papers
* Videos
* Training packages
* Webinars
Jürgen Grossman, coordinator of the EU-SEC project said, "There have been many challenges over the last three years, but I am proud of the results that EU-SEC has achieved. These results have been obtained thanks to the hard work of all the partners who brought their expertise to the consortium. I'm confident the outcomes will benefit European cloud stakeholders."
The Cloud Security Alliance would like to encourage anyone interested in benefiting from the framework to get in touch via the website.
The EU-SEC project, which will come to an end on Dec. 31, 2019, received funding from the European Union's HORIZON Framework Program for research, technological development and demonstration under grant agreement #731845.
__About EU-SEC__
The project "European Security Certification Framework" (EU-SEC) aimed to create a European framework for certification schemes and evaluation concepts to secure cloud infrastructures. Within this framework, existing national and international certifications can co-exist. EU-SEC will improve the business value as well as the effectiveness and efficiency of existing cloud security certification schemes.//
<<<
__Liens :__
* Annonce : ⇒ ''[[CloudSecurityAlliance.fr/go/jcja/|https://cloudsecurityalliance.fr/go/jcja/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!!1 - Informations CSA de la semaine du 9 au 15 décembre 2019 [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* Actu : Appel à commentaires, document "''Cloud Incident Response Framework - A Quick Guide''"+++*[»]> <<tiddler [[2019.11.28 - Appel à commentaires : document 'Cloud Incident Response Framework - A Quick Guide']]>>===
* Actu : Appel à commentaires, document "''Hybrid Cloud and Its Associated Risks''"+++*[»]> <<tiddler [[2019.11.28 - Appel à commentaires : document 'Hybrid Cloud and Its Associated Risks']]>>===
* Actu : Appel à commentaires, document "''CloudAbuse Working Group Charter''"+++*[»]> <<tiddler [[2019.10.29 - Appel à commentaires : document 'CloudAbuse Working Group Charter']]>>===
* Actu : Appel à commentaires, document "''Compléments CCM V3.0.1 pour les spécifications sécurité de CloudOS'''"+++*[»]> <<tiddler [[2019.12.12 - Appel à commentaires : document 'Compléments CCM V3.0.1 pour les spécifications sécurité de CloudOS']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.12.15 - Veille Hebdomadaire - 15 décembre]] avec plus de 60 liens
* __Attaques__ et vulnérabilités : //Cloud Shell// contre Azure, phishing O365
* Rapports et Sondages : Archive360, INAP
* Bilan 2019 et prévisions 2020 : Lacework
* Podcast : la mini-série "dans le cloud en Islande, terre des data centers"
* __Divers__ : alertes AzureAD, amélioration de la protection Office 365, méthodologie de notation des prestataires Cloud par la MSPAlliance
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.12.15|
|2019.12.15|Marco Lancini|![[Cross Account Auditing in AWS and GCP|https://www.marcolancini.it/2019/blog-cross-account-auditing/]]|Audit AWS GCP|
|>|>|>|!2019.12.14|
|2019.12.14|DZone|[[CyberRange - The Open-Source AWS Cyber Range|https://www.kitploit.com/2019/12/cyberrange-open-source-aws-cyber-range.html]]|Exercise [[Tools|Outils]]|
|>|>|>|!2019.12.13|
|2019.12.13|CloudTweaks|[[Securing Multi-Cloud Manufacturing Systems In A Zero Trust World|https://cloudtweaks.com/2019/12/securing-multi-cloud-manufacturing-systems-in-a-zero-trust-world/]]|Zero_Trust|
|2019.12.13|DZone|[[Hazelcast Resilient to Kubernetes Zone Failures|https://dzone.com/articles/hazelcast-resilient-to-kubernetes-zone-failures]]|K8s Resilience|
|2019.12.13|Lacework|![[The Biggest Cloud Breaches of 2019 and How to Avoid them for 2020|https://www.lacework.com/top-cloud-breaches-2019/]]|Data_Breaches|
|2019.12.13|//Avanan//|[[Update - HTML Attachment Attack on Office 365|https://www.avanan.com/blog/html-attachment-attack-update-office365]]|O365 Attack|
|2019.12.13|//BitDefender//|[[For Cloud-native App Security, Few Companies Have Embraced DevSecOps|https://businessinsights.bitdefender.com/for-cloud-native-app-security-companies-have-embraced-devsecops]]|DevSecOps|
|2019.12.13|//Microsoft Azure//|[[Announcing Updates to the M365 Attack Simulator|https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/announcing-updates-to-the-m365-attack-simulator/ba-p/1065762]]|O365 Simulation Tools|
|>|>|>|!2019.12.12|
|2019.12.12|France Inter[>img[iCSF/flag_fr.png]]|[[Episode 4 : dans le cloud en Islande, terre des data centers|https://www.franceinter.fr/emissions/le-reportage-de-la-terre-au-carre/le-reportage-de-la-terre-au-carre-12-decembre-2019]] (4/4) ([[mp3|https://media.radiofrance-podcast.net/podcast09/20693-12.12.2019-ITEMA_22227984-0.mp3]])|Podcast|
|2019.12.12|US Government Accountability Office|GAO-20-126: [[Agencies Increased Their Use of the Federal Authorization Program, but Improved Oversight and Implementation Are Needed|https://www.gao.gov/products/GAO-20-126]] ([[pdf|https://www.gao.gov/assets/710/703193.pdf]])|Controls FedRAMP|
|2019.12.13|NextGov| → [[Audit: Cloud Use Up But Agencies Skirting FedRAMP|https://www.nextgov.com/it-modernization/2019/12/audit-cloud-use-agencies-skirting-fedramp/161886/]]|Controls FedRAMP|
|2019.12.12|DZone|[[What is the Difference Between Kubernetes and Docker Swarm|https://dzone.com/articles/what-is-the-difference-between-kubernetes-and-dock]]|K8s Swarm|
|2019.12.12|TechBeacon|[[5 critical features for cloud security controls|https://techbeacon.com/security/5-critical-features-cloud-security-controls]]|Controls|
|2019.12.12|SecureCloud.blog|[[Deep Diver - Azure AD Identity Protection (IPC) Alerts|https://securecloud.blog/2019/12/12/azure-ad-identity-protection-ipc-alerts/]]|AzureAD|
|2019.12.12|Dark Reading|[[Microsoft 'Campaign Views' Offers Full Look at Office 365 Attacks|https://www.darkreading.com/threat-intelligence/microsoft-campaign-views-offers-full-look-at-office-365-attacks/d/d-id/1336561]]|O365|
|2019.12.12|GBHackers on Security|[[Most Important Challenges of Cloud Migration In Your Organization With Cyber Security Principles - Guide|https://gbhackers.com/cloud-migration/]]|Migration|
|2019.12.12|//Managed Methods//|[[Next Gen Firewall & Cloud Security: What's The Difference?|https://managedmethods.com/blog/next-gen-firewall-cloud-security-whats-the-difference/]]|Firewalls|
|2019.12.12|//Sunguard//|[[Look before you leap: a guide to resilient hybrid cloud migration|https://www.continuitycentral.com/index.php/news/technology/4715-look-before-you-leap-a-guide-to-resilient-hybrid-cloud-migration]]|Hybrid_Cloud|
|2019.12.12|//Jumploud//|[[Rethink AD|https://jumpcloud.com/blog/rethink-ad/]]|Active_Directory|
|2019.12.12|GAO|[[Agencies Increased Their Use of the Federal Authorization Program, but Improved Oversight and Implementation Are Needed|https://www.gao.gov/products/GAO-20-126]]|FedRAMP US|
|2019.12.12|GAO| → [[Synthèse (pdf)|https://www.gao.gov/assets/710/703192.pdf]] et [[rapport complet (pdf)|https://www.gao.gov/assets/710/703193.pdf]]|FedRAMP US|
|>|>|>|!2019.12.11|
|2019.12.11|France Inter[>img[iCSF/flag_fr.png]]|[[Episode 3 : dans le cloud en Islande, terre des data centers|https://www.franceinter.fr/emissions/le-reportage-de-la-terre-au-carre/le-reportage-de-la-terre-au-carre-11-decembre-2019]] (3/4) ([[mp3|https://media.radiofrance-podcast.net/podcast09/20693-11.12.2019-ITEMA_22226935-1.mp3]])|Podcast|
|2019.12.11|Solutions Review|[[6 Key Capabilities for Cloud Managed Service Providers|https://solutionsreview.com/cloud-platforms/6-key-capabilities-for-cloud-managed-service-providers/]]|CSP|
|2019.12.11|KitPloit|[[Splunk Attack Range - A Tool That Allows You To Create Vulnerable Instrumented Local Or Cloud Environments To Simulate Attacks Against And Collect The Data Into Splunk|https://www.kitploit.com/2019/12/splunk-attack-range-tool-that-allows.html]]|Tools Exercise Splunk|
|2019.12.11|Dirk-jan Mollema|[[Updating adconnectdump - a journey into DPAPI|https://dirkjanm.io/updating-adconnectdump-a-journey-into-dpapi/]]|AzureAD Exploit|
|2019.12.11|//AWS//|[[10 things security teams should focus on, according to AWS' CISO|https://www.zdnet.com/article/10-things-security-teams-should-focus-on-according-to-aws-ciso/]]|Best_Practices|
|2019.12.11|//Microsoft//|[[The quiet evolution of phishing|https://www.microsoft.com/security/blog/2019/12/11/the-quiet-evolution-of-phishing/]]|O365 Phishing Report|
|2019.12.11|//Microsoft//|[[Microsoft Office 365 to Add Reply-All Mail Storm Protection|https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-to-add-reply-all-mail-storm-protection/]]|O365|
|2019.12.11|//Google Cloud//|[[What's new in Cloud Run for Anthos|https://cloud.google.com/blog/products/serverless/new-features-in-cloud-run-for-anthos-ga]]|GCP Anthos|
|2019.12.11|//Archive360//|[[More Than Sixty Percent of Enterprise IT Executives Plan to Retire Current SaaS Applications Amid Growing Security Fears|https://www.prnewswire.com/news-releases/more-than-sixty-percent-of-enterprise-it-executives-plan-to-retire-current-saas-applications-amid-growing-security-fears-300972934.html]] ([[Rapport|https://www.archive360.com/infographic-saas-security-survey]])|Survey SaaS|
|2019.12.13|Help Net Security| → [[SaaS security fears: Is your data exposed to potential risk?|https://www.helpnetsecurity.com/2019/12/13/saas-security-fears/]]|Survey SaaS|
|2019.12.11|//INAP//|[[Survey: The Top Challenges Facing IT Departments in 2020|https://www.inap.com/blog/survey-top-challenges-it-2020/]]|Survey|
|2019.12.11|//Panther Labs//|[[AWS Security Logging Fundamentals - CloudTrail|https://blog.runpanther.io/aws-cloudtrail-fundamentals/]]|AWS Logging|
|>|>|>|!2019.12.10|
|2019.12.10|France Inter[>img[iCSF/flag_fr.png]]|[[Episode 2 : dans le cloud en Islande, terre des data centers|https://www.franceinter.fr/emissions/le-reportage-de-la-terre-au-carre/le-reportage-de-la-terre-au-carre-10-decembre-2019]] (2/4) ([[mp3|https://media.radiofrance-podcast.net/podcast09/20693-10.12.2019-ITEMA_22225846-1.mp3]])|Podcast|
|2019.12.10|MSP Alliance|![[MSPAlliance Develops Cyber Risk Rating for Cloud and Managed Service Providers|https://www.mspalliance.com/mspalliance-develops-cyber-risk-rating-for-cloud-and-managed-service-providers/]]|CyberRating|
|2019.12.10|Container Journal|[[Kubernetes 1.17 Release Arrives|https://containerjournal.com/topics/container-ecosystems/kubernetes-1-17-release-arrives/]]|K8s|
|2019.12.10|Dark Reading|[[Data Leak Week: Billions of Sensitive Files Exposed Online|https://www.darkreading.com/cloud/data-leak-week-billions-of-sensitive-files-exposed-online/d/d-id/1336574]]|DataLeaks|
|2019.12.10||[[5 Ways To Monitor for an Account Takeover|https://dzone.com/articles/5-ways-to-monitor-for-an-account-takeover]]|Detection|
|2019.12.10|//Microsoft//|[[Introducing the integrated Microsoft Threat Protection solution (public preview)|https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Introducing-the-integrated-Microsoft-Threat-Protection-solution/ba-p/1059225]]|O365 Protection|
|2019.12.09|ZDnet| → [[Microsoft to help Office 365 customers track entire phishing?campaigns, not just lone emails|https://www.zdnet.com/article/microsoft-to-help-office-365-customers-track-entire-phishing-campaigns-not-just-lone-emails/]]|O365 Protection|
|2019.12.11|Bleeping computer| → [[Microsoft Threat Protection Released in Public Preview|https://www.bleepingcomputer.com/news/microsoft/microsoft-threat-protection-released-in-public-preview/]]|O365 Protection|
|2019.12.10|//NetSPI//|![[Azure Privilege Escalation via Cloud Shell|https://blog.netspi.com/attacking-azure-cloud-shell/]]|Azure Privilege_Escalation|
|2019.12.10|//Google Cloud//|[[Exploring container security: Performing forensics on your GKE environment|https://cloud.google.com/blog/products/containers-kubernetes/best-practices-for-performing-forensics-on-containers]]|Forensics Containers|
|2019.12.10|//Alibaba Cloud//|[[How to Build Your Own Serverless ECS Instance Monitor|https://medium.com/@Alibaba_Cloud/how-to-build-your-own-serverless-ecs-instance-monitor-d420d1408073]]|AWS Serverless|
|2019.12.10|//CipherCloud//|[[Loose Lips Sink Ships - Securing Slack with CASB+|https://www.ciphercloud.com/loose-lips-sink-ships-casb-and-slack-security/]]|Slack CASB|
|2019.12.10|//Check Point//|[[Instant Observability into Cloud Threats with CloudGuard IaaS and Google Cloud Packet Mirroring|https://blog.checkpoint.com/2019/12/10/cloudguard-iaas-integrates-with-google-cloud-packet-mirroring/]]|Networks|
|2019.12.10|//ThousandEyes//|[[Top 4 Monitoring Myths: Debunked|https://blog.thousandeyes.com/top-4-monitoring-myths-debunked/]]|Monitoring|
|2019.12.10|//Optiv//|[[Your Risk is Shifting to Places You Can't See|https://www.optiv.com/blog/your-risk-shifting-places-you-cant-see]] (1/7)|NIST_SP800-190 Containers|
|2019.12.10|//AWS//|[[How to get specific security information about AWS services|https://aws.amazon.com/blogs/security/how-to-get-specific-security-information-about-aws-services/]]|AWS|
|>|>|>|!2019.12.09|
|2019.12.09|France Inter[>img[iCSF/flag_fr.png]]|[[Episode 1 : dans le cloud en Islande, terre des data centers|https://www.franceinter.fr/emissions/le-reportage-de-la-terre-au-carre/le-reportage-de-la-terre-au-carre-09-decembre-2019]] (1/4) ([[mp3|https://media.radiofrance-podcast.net/podcast09/10212-09.12.2019-ITEMA_22224688-1.mp3]])|Podcast|
|2019.12.09|Economie Numérique[>img[iCSF/flag_fr.png]]|[[Le "Cloud de défense" - bientôt adopté par toutes les infrastructures militaires ?|http://blog.economie-numerique.net/2019/12/09/le-cloud-de-defense-bientot-adopte-par-toutes-les-infrastructures-militaires/]]|Sovereign_Cloud|
|2019.12.09|Informatique News[>img[iCSF/flag_fr.png]]|[[IBM décroche enfin la certification HDS, Hébergeur de données de santé|https://www.informatiquenews.fr/ibm-decroche-enfin-la-certification-hds-hebergeur-de-donnees-de-sante-65538]]|Healthcare France|
|2019.12.09|Zendata[>img[iCSF/flag_fr.png]]|[[Pourquoi et comment sécuriser correctement le déploiement d'Office 365|https://zendata.ch/fr/actualite/blog/item/2742-pourquoi-et-comment-securiser-correctement-le-deploiement-doffice-365]]|O365|
|2019.12.09|Bleeping Computer|[[Microsoft Office 365 ATP Now Helps Analyze Phishing Attacks|https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-atp-now-helps-analyze-phishing-attacks/]]|O365 Phishing|
|2019.12.09|Venture Beat|[[Microsoft adds 'campaign views' phishing intel to Office 365 Advanced Threat Protection|https://venturebeat.com/2019/12/09/microsoft-adds-campaign-views-phishing-intel-to-office-365-advanced-threat-protection/]]|O365 Phishing|
|2019.12.09|Security Week|[[New Office 365 Feature Provides Detailed Information on Email Attack Campaigns|https://www.securityweek.com/new-office-365-feature-provides-detailed-information-email-attack-campaigns]]|O365 Phishing|
|2019.12.09|CISO Mag|[[Buer, a New Loader Discovered in Several Malware Campaigns|https://www.cisomag.com/buer-loader-a-rising-superstar-of-the-dark-web/]]|Attacks Malware Docker|
|2019.12.09|TechBeacon|[[Data security and the cloud: 3 things your team needs to know|https://techbeacon.com/security/data-security-cloud-3-things-your-team-needs-know]]|Data_Protection|
|2019.12.09|TechCrunch|[[Over 750,000 applications for US birth certificate copies exposed online|https://techcrunch.com/2019/12/09/birth-certificate-applications-exposed/]]|DataLeaks AWS|
|2019.12.09|//PhishLabs//|[[Phishing Campaign Uses Malicious Office 365 App|https://info.phishlabs.com/blog/office-365-phishing-uses-malicious-app-persist-password-reset]]|O365 Attacks|
|2019.12.09|GBHackers on Security| → [[Microsoft Office 365 New Campaign Views to help Customers Tracking Attacks Targeting Organization and its Users|https://gbhackers.com/microsoft-office-365-campaign-views/]]|O365 Attacks|
|2019.12.10|Bleeping Computer| → [[Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps|https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/]]|O365|
|2020.01.09|Silicon Angle| → [[Office 365 hackers use malicious app to gain access to user accounts|https://siliconangle.com/2020/01/09/office-365-hackers-use-side-loaded-malicious-app-gain-access-user-accounts/]]|O365 Attacks|
|2019.12.09|//Threatpost//|[[GE, Dunkin', Forever 21 Caught Up in Broad Internal Document Leak|https://threatpost.com/ge-dunkin-forever21-internal-doc-leak/150920/]]|Data_Leaks|
|2019.12.09|//StackRox//|[[What's New in Kubernetes 1.17: A Deeper Look at New Features|https://www.stackrox.com/post/2019/12/whats-new-in-kubernetes-1.17-a-deeper-look-at-new-features/]]|K8s|
|2019.12.09|//FireEye//|[[Want a Secure Cloud? Open Your Eyes First|https://www.fireeye.com/blog/executive-perspective/2019/12/want-a-secure-cloud-open-your-eyes-first.html]]|Risks|
|2019.12.09|//HPE//|[[Security Strategies for Hybrid IT, Hybrid Cloud and Multicloud Environments|https://www.cloudtp.com/doppler/security-strategies-for-hybrid-it-hybrid-cloud-and-multicloud-environments/]]|Hybrid_Cloud|
|2019.12.09|//HPE//|[[The Hidden Opportunity of Security in the Public Cloud|https://www.cloudtp.com/doppler/the-hidden-opportunity-of-security-in-the-public-cloud/]]|Public_Cloud|
!CCM V3.0.1 addendum to CSA's research artifact 'Cloud OS Security Specification'
[>img(100px,auto)[iCSA/CSAdoc.png]]La date limite pour transmettre les commentaires est le 11 janvier 2020.
<<<
//The Cloud Security Alliance (CSA) would like to invite you to review and comment on the CCM V3.0.1 addendum to CSA's research artifact "''Cloud OS Security Specification''".
It aims to help organizations adhering to the Cloud OS Security Specification to also meet CCM requirements.
This is achieved by identifying compliance gaps in the Cloud OS Security Specification document in relation to the CCM.//
<<<
* Date limite pour les commentaires : le 11 janvier 2020
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/jccp|https://cloudsecurityalliance.fr/go/jccp/]]''
!"//The STAR Certification Journey//"
[>img(150px,auto)[iCSA/CSAsecUpd.jpg]]Podcast de la série "[[CSA Security Update]]" publié le 2 mars 2020 — Invité : Willibert Fabritius; Global Head of Information Security and Business Continuity, BSI Group
<<<
//The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.
The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.
Listen as we interview Willibert Fabritius; Global Head of Information Security and Business Continuity of BSI Group and take the journey with us down the road to Level 2 CSA STAR Certification including use cases on implementation and auditing best practices.//
<<<
__Liens :__
* Annonce → https://www.buzzsprout.com/303731/2265872-the-star-certification-journey-guest-willibert-fabritius-global-head-of-information-security-and-business-continuity-bsi-group
* Podcast → https://www.buzzsprout.com/303731/2265872-the-star-certification-journey-guest-willibert-fabritius-global-head-of-information-security-and-business-continuity-bsi-group.mp3
!!1 - Informations CSA de la semaine du 2 au 8 décembre 2019 [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* Publication : ''Recommandations Cloud'' pour les entités gouvernementales danoises+++*[»]> <<tiddler [[2019.12.07 - Publication : Recommandations Cloud pour les entités gouvernementales danoises]]>> ===
* Actu : Nouvelle certification ''Cloud Auditing Knowledge'' (''CCAK'')+++*[»]> <<tiddler [[2019.12.04 - Nouvelle certification 'Cloud Auditing Knowledge (CCAK)']]>> ===
* Actu : Appel à commentaires, document "''Cloud Incident Response Framework - A Quick Guide''"+++*[»]> <<tiddler [[2019.11.28 - Appel à commentaires : document 'Cloud Incident Response Framework - A Quick Guide']]>>===
* Actu : Appel à commentaires, document "''Hybrid Cloud and Its Associated Risks''"+++*[»]> <<tiddler [[2019.11.28 - Appel à commentaires : document 'Hybrid Cloud and Its Associated Risks']]>>===
* Actu : Appel à commentaires, document "''CloudAbuse Working Group Charter''"+++*[»]> <<tiddler [[2019.10.29 - Appel à commentaires : document 'CloudAbuse Working Group Charter']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.12.08 - Veille Hebdomadaire - 8 décembre]] avec plus de 60 liens
* À savoir : ''BlackDirect'' (//Microsoft and Azure Account Takeover//)+++*[»]>
|2019.12.02|//CyberArk//|[[BlackDirect: Microsoft Azure Account Takeover|https://www.cyberark.com/threat-research-blog/blackdirect-microsoft-azure-account-takeover/]]|Azure OAuth|
|2019.12.02|//CyberArk//| → Site Web [[BlackDirect|https://black.direct/]]|Azure OAuth|
|2019.12.02|//Threatpost//| → [[Microsoft OAuth Flaw Opens Azure Accounts to Takeover|https://threatpost.com/microsoft-oauth-flaw-azure-takeover/150737/]]|Azure OAuth|
|2019.12.05|CISO Mag| → [[Security Flaw in Microsoft Azure Lets Hackers Control Azure Accounts|https://www.cisomag.com/security-flaw-in-microsoft-azure-lets-hackers-control-azure-accounts/]]|Azure OAuth|
===
* Incidents : encore un prestataire victime de rançongiciel (CyrusOne), Mixcloud
* Annonces : ''AWS IAM Access Analyzer for S3'', Amazon Detective et AWS Nitro Enclaves, premier visa ANSSI ''SecNumCloud'' attribué à ''3Ds Outscale''
* Certification : Document de l'ENISA sur les certifications Cloud, en lien avec le groupe de travail ''CSPCERT''+++*[»]>
|2019.12.02|ENISA|![[Cybersecurity certification: lifting the EU into the cloud|https://www.enisa.europa.eu/news/enisa-news/cybersecurity-certification-lifting-the-eu-into-the-cloud]]|Certification|
|2019.12.02|ENISA| → [[CSPCERT WG - Recommendations for the implementation of the CSP Certification scheme|https://drive.google.com/file/d/1J2NJt-mk2iF_ewhPNnhTywpo0zOVcY8J/view]]|Certification|
===
* __Divers__ : sécurité d'AzureAD, groupes O365
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.12.08|
|2019.12.08|Christophe Parisel|[[Looking for privacy in AWS virtual private clouds|https://www.linkedin.com/pulse/looking-privacy-aws-virtual-private-clouds-christophe-parisel/]]|AWS VPC Privacy|
|2019.12.08|//Tripwire//|[[Moving to the Cloud: Motivations Behind the Migration|https://www.tripwire.com/state-of-security/security-data-protection/cloud/motivations-behind-migration-cloud/]]|Misc|
|2019.12.08|ID Access Management|[[How to apply access review on directory roles in Azure? - Part 2|https://identityaccess.management/2019/12/08/how-to-apply-access-review-on-enterprise-applications-in-azure-part-2/]]|Azure Access_Review|
|>|>|>|!2019.12.07|
|2019.12.07|ID Access Management|[[How to apply access review on directory roles in Azure? - Part 1|https://identityaccess.management/2019/12/07/how-to-apply-efficient-access-review-on-directory-roles-in-azure-part-1/]]|Azure Access_Review|
|>|>|>|!2019.12.06|
|2019.12.06|Maarten Goet|[[Azure Sentinel: advanced multistage attack detection - real machine learning for the real world|https://medium.com/wortell/advanced-multistage-attack-detection-real-machine-learning-for-the-real-world-2d9548276ea1]]|Azure_Sentinel|
|2019.12.06|ComputerWeekly|[[Security Think Tank: Is data more or less secure in the cloud?|https://www.computerweekly.com/opinion/Security-Think-Tank-Is-data-more-or-less-secure-in-the-cloud]]|Misconfigurations Controls|
|2019.12.06|DZone|[[10 Things You Should Expect From a Container Registry|https://dzone.com/articles/10-things-you-should-expect-from-a-container-regis]]|Container_Registry|
|2019.12.06|Infoworld|[[3 cloud security 'hacks' to consider today|https://www.infoworld.com/article/3488500/3-cloud-security-hacks-to-consider-today.html]]|Risks|
|2019.12.06|//PaloAlto Networks//|[[How Cloud Native Security Platforms Can Rescue Cloud Native|https://blog.paloaltonetworks.com/2019/12/cloud-native/]]|Cloud_Native|
|2019.12.06|//Auth0//|![[Guardians of the Cloud: Automating the Response to Security Events|https://auth0.com/blog/guardians-of-the-cloud-automating-response-to-security-events/]]|Events_Handling Automation|
|>|>|>|!2019.12.05|
|2019.12.05|Nino Crudele|![[Scan all public IP in Microsoft Azure using Azure CLI and Nmap|https://ninocrudele.com/scan-all-public-ip-in-microsoft-azure-using-azure-cli-and-nmap]]|Azure Scanning|
|2019.12.05|The Register|[[Kubernetes? 'I don't believe in one tool to rule the world,' says AWS' Sassy Jassy|https://www.theregister.co.uk/2019/12/05/kubernetes_aws_ceo/]]|K8s|
|2019.12.04|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud : les architectes réseau doivent faire preuve d'adaptabilité|https://www.silicon.fr/avis-expert/cloud-les-architectes-reseau-doivent-faire-preuve-dadaptabilite]]|Networks|
|2019.12.05|SecureCloudBlog|[[AAD Security made easy: Check your Azure AD Security with One-Liner (AZSK.AAD)|https://securecloud.blog/2019/12/04/aad-security-made-easy-check-youre-azure-ad-security-with-one-liner-azsk-aad/]]|AzureAD|
|2019.12.05|//SEKOIA//[>img[iCSF/flag_fr.png]]|[[Cloud Act : entre mythes et réalités|https://medium.com/@Sekoia_team/cloud-act-entre-mythes-et-r%C3%A9alit%C3%A9s-21eb1371a7ab]]|CLOUD_Act|
|2019.12.05|//CyrusOne//|[[Managed Service Division of CyrusOne Addresses Ransomware Incident|http://investor.cyrusone.com/news-releases/news-release-details/managed-service-division-cyrusone-addresses-ransomware-incident]]|Outage Ransomware CyrusOne|
|2019.12.05|ZDnet| → [[Ransomware attack hits major US data center provider|https://www.zdnet.com/article/ransomware-attack-hits-major-us-data-center-provider/]]|Outage Ransomware CyrusOne|
|2019.12.05|CIO Dive| → [[CyrusOne hit by REvil ransomware, impacting 6 managed service customers|https://www.ciodive.com/news/cyrusone-ransomware-REvil/568549/]]|Outage Ransomware CyrusOne|
|2019.12.06|Bleeping Computer| → [[U.S. Data Center Provider Hit by Ransomware Attack|https://www.bleepingcomputer.com/news/security/us-data-center-provider-hit-by-ransomware-attack/]]|Outage Ransomware CyrusOne|
|2019.12.05|//GoDaddy//|[[Securing the Cloud: The GoDaddy Way|https://fr.godaddy.com/engineering/2019/12/05/securing-the-cloud/]]|Implementation|
|2019.12.05|//Microsoft//|[[Auto renewal for Office 365 groups expiration policy now available|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Auto-renewal-for-Office-365-groups-expiration-policy-now/ba-p/1022398]]|O365|
|2019.10.24|//Microsoft//| → [[Configure the expiration policy for Office 365 groups|https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-lifecycle]]|O365|
|2019.12.05|//Eplexity//|[[Practical Approaches to Long-Term Cloud-Native Security|https://devops.com/practical-approaches-to-long-term-cloud-native-security/]]|Strategy|
|2019.12.05|//Gigamon//|[[What Is Hybrid Cloud? Advantages and Disadvantages|https://blog.gigamon.com/2019/12/05/what-is-hybrid-cloud-advantages-and-disadvantages/]]|Hybrid_Cloud|
|2019.12.05|//Managed Methods//|[[K-12 Content Filtering & Cloud Security: Why You Need Both|https://managedmethods.com/blog/k-12-content-filtering-cloud-security-why-you-need-both/]]|Filtering|
|2019.12.05|//Caylent//|[[How to use AWS Federated Identities with Amazon EKS|https://caylent.com/how-to-use-aws-federated-identities-with-amazon-eks]]|Federated_Identities AWS|
|2019.12.05|//INAP//|[[New Survey Reveals the Big 4 Reasons Behind Cloud Migrations and the Off-Premise Exodus|https://www.inap.com/blog/reasons-cloud-data-center-migrations/]]|Report|
|>|>|>|!2019.12.04|
|2019.12.04|Silicon.fr[>img[iCSF/flag_fr.png]]|[[SecNumCloud : l'ANSSI décerne le premier visa à 3DS Outscale|https://www.silicon.fr/secnumcloud-lanssi-decerne-le-premier-visa-a-3ds-outscale-328357.html]]|SecNumCloud Outscale|
|2019.12.04|L'Usine Digitale[>img[iCSF/flag_fr.png]]|[[Le Cloud de Dassault Systèmes labellisé Cloud de confiance par l'ANSSI|https://www.usine-digitale.fr/article/le-cloud-de-dassault-systemes-labellise-cloud-de-confiance-par-l-anssi.N910209]]|France|
|2019.12.04|!Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud, sécurité des données et conteneurs : les prédictions technologiques pour 2020|https://www.silicon.fr/avis-expert/cloud-securite-des-donnees-et-conteneurs-les-predictions-technologiques-pour-2020]]|Predictions|
|2019.12.04|Dark Reading|[[Navigating Security in the Cloud|https://www.darkreading.com/cloud/navigating-security-in-the-cloud/a/d-id/1336477]]|Best_Practices|
|2019.12.04|SecurityWeek|[[Cloud(y) with a Chance of a Data Breach|https://www.securityweek.com/cloudy-chance-data-breach]]|Risks|
|2019.12.04|//PaloAlto Networks//|[[Perimeter Is Where Your Workload Is: Creating Policy Abstracted from IP Addressing|https://blog.paloaltonetworks.com/2019/12/network-data-center-security/]]|Policy Implementation|
|2019.12.04|//Malware Bytes//|[[Explained: What is containerization?|https://blog.malwarebytes.com/explained/2019/12/explained-what-is-containerization/]]|Containers|
|2019.12.04|//Google Cloud//|[[Last month today: November on GCP|https://cloud.google.com/blog/products/gcp/last-month-today-november-2019-on-gcp]]|GCP|
|2019.12.04|//Check Point//|[[How is your Kubernetes Security Posture?|https://blog.checkpoint.com/2019/12/04/how-is-your-kubernetes-security-posture/]]|K8s Security_Posture|
|2019.12.04|//AWS//|[[Avoid ransomware by moving to the cloud, says AWS Public Sector boss|https://www.zdnet.com/article/avoid-ransomware-by-moving-to-the-cloud-says-aws-public-sector-boss/]]|AWS Ransomware|
|2019.12.04|//Tripwire//|[[PSA: Beware of Exposing Ports in Docker|https://www.tripwire.com/state-of-security/devops/psa-beware-exposing-ports-docker/]]|Docker Misconfiguration|
|2019.12.04|//FireEye//|[[FireEye's cloud security capabilities now available on AWS|https://www.helpnetsecurity.com/2019/12/04/fireeye-amazon-web-services/]]|FireEye AWS|
|2019.12.04|//Lifars//|![[How to mitigate your cloud computing risks|https://lifars.com/2019/12/are-you-working-in-a-secure-cloud-environment/]]|Risks|
|2019.12.04|//Microsoft//|[[Overview of the Microsoft 365 compliance center|https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center]]|O365 Compliance|
|2019.12.04|//Panther Labs//|[[Tutorial: EC2 Security Log Collection the Cloud-Native Way|https://blog.runpanther.io/cloud-native-security-log-collection/]]|AWS Logging|
|2019.12.04|//Salesforce Heroku//|![[Reverse Engineering and Exploiting Builds in the Cloud|https://www.blackhat.com/eu-19/briefings/schedule/#reverse-engineering-and-exploiting-builds-in-the-cloud-17287]] (BlackHat Europe 2019)|Containers Flaws|
|2019.12.04|//Salesforce Heroku//| → [[Reverse Engineering and Exploiting Builds in the Cloud|http://i.blackhat.com/eu-19/Wednesday/eu-19-Stalmans-Reverse-Engineering-And-Exploiting-Builds-In-The-Cloud-2.pdf]] (slides pdf)|Containers Flaws|
|>|>|>|!2019.12.03|
|2019.12.03|Container Journal|[[Report: Kubernetes Use on the Rise |https://containerjournal.com/topics/container-ecosystems/report-kubernetes-use-on-the-rise/]]|K8s|
|2019.12.03|CISO Mag|[["AWS" Hacker Attacks Online Music Service Mixcloud|https://www.cisomag.com/aws-hacker-attacks-online-music-service-mixcloud/]]|Attacks|
|2019.12.03|Dark Reading|[[Leveraging the Cloud for Cyber Intelligence|https://www.darkreading.com/cloud/leveraging-the-cloud-for-cyber-intelligence-/a/d-id/1336457]]|Cyber_Intelligence|
|2019.12.03|CSO|[[How to evaluate a CASB|https://www.csoonline.com/article/3454611/how-to-evaluate-a-casb.html]]|CASB|
|2019.12.03|SANS|[[How to Build a Threat Hunting Capability in AWS|https://www.sans.org/reading-room/whitepapers/analyst/build-threat-hunting-capability-aws-39300]]|Threat_Hunting|
|2019.12.03|//Microsoft//|[[Microsoft Security - a Leader in 5 Gartner Magic Quadrants|https://www.microsoft.com/security/blog/2019/12/03/microsoft-security-leader-5-gartner-magic-quadrants/]]|CASB|
|2019.12.03|//Microsoft//|[[Azure AD Domain Services classic migration now available|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-Domain-Services-classic-migration-now-available/ba-p/1024783]]|AzureAD|
|2019.12.03|//AWS//|[[New – EBS Direct APIs – Programmatic Access to EBS Snapshot Content|https://aws.amazon.com/fr/blogs/aws/new-programmatic-access-to-ebs-snapshot-content/]]|AWS_EBS APIs|
|2019.12.03|//AWS//|[[Easily Manage Shared Data Sets with Amazon S3 Access Points|https://aws.amazon.com/blogs/aws/easily-manage-shared-data-sets-with-amazon-s3-access-points/]] ([[podcast|https://d2908q01vomqb2.cloudfront.net/polly/da4b9237bacccdf19c0760cab7aec4a8359010b0amazon_polly_34136.mp3]])|AWS S3|
|2019.12.03|//AWS//| → [[AWS announces three new cloud security products|https://siliconangle.com/2019/12/03/aws-announces-three-new-products-focused-allowing-customers-operate-securely/]]|AWS S3|
|2019.12.03|//AWS//| → [[Amazon S3 Access Points|https://aws.amazon.com/s3/features/access-points/]]|AWS S3|
|2019.12.03|Silicon Angle| → [[With S3 Access Points, Amazon aims to make it easy to manage shared data|https://siliconangle.com/2019/12/03/amazon-makes-easy-manage-shared-data-s3-access-points/]]|AWS S3|
|2019.12.05|SecurityWeek| → [[AWS Unveils New Security Services and Capabilities|https://www.securityweek.com/aws-unveils-new-security-services-and-capabilities]]|AWS|
|2019.12.03|//Compare the Cloud//|[[Multi-cloud, Fog, Edge & Hybrid Computing - What's the Difference?|https://www.comparethecloud.net/articles/multi-cloud-fog-edge-hybrid-computing-whats-the-difference/]]|Multi_Cloud|
|2019.12.03|//Tuffin//|[[How to migrate apps and workloads to the cloud securely and efficiently|https://www.tufin.com/blog/cloud-migration-apps-workloads]]|Migration|
|2019.12.03|//Park my Cloud//|[[Cloud Control: Why Is It So Hard?|https://www.parkmycloud.com/blog/drivers-to-cloud/]]|Controls|
|2019.12.03|D/SRUPTION|[[Critical Considerations For Hybrid Cloud Infrastructure|https://disruptionhub.com/critical-considerations-for-hybrid-cloud-infrastructure/]]|Hybrid_Cloud|
|2019.12.03|Wall Street Journal|[[NSA to Issue Updated Cloud Security Guidance|https://www.wsj.com/articles/nsa-to-issue-updated-cloud-security-guidance-11575409110]]|Guidance|
|>|>|>|!2019.12.02|
|2019.12.02|ENISA|![[Cybersecurity certification: lifting the EU into the cloud|https://www.enisa.europa.eu/news/enisa-news/cybersecurity-certification-lifting-the-eu-into-the-cloud]]|Certification|
|2019.12.02|ENISA| → [[CSPCERT WG - Recommendations for the implementation of the CSP Certification scheme|https://drive.google.com/file/d/1J2NJt-mk2iF_ewhPNnhTywpo0zOVcY8J/view]]|Certification|
|2019.12.02|Bleeping Computer|[[Office 365 To Get Microsoft Recommended Security Profiles|https://www.bleepingcomputer.com/news/security/office-365-to-get-microsoft-recommended-security-profiles/]]|O365|
|2019.12.02|Center for Internet Security|[[CIS Debuts New Benchmarks, Hardened Images at AWS re:Invent|https://www.cisecurity.org/press-release/cis-debuts-new-benchmarks-hardened-images-at-aws-reinvent/]]|Hardening|
|2019.12.02|//AWS//|![[Monitor, review, and protect Amazon S3 buckets using Access Analyzer for S3|https://aws.amazon.com/blogs/storage/protect-amazon-s3-buckets-using-access-analyzer-for-s3/]]|AWS S3 Monitoring|
|2019.12.02|//AWS//| → [[Introducing Access Analyzer for Amazon S3 to review access policies|https://aws.amazon.com/about-aws/whats-new/2019/12/introducing-access-analyzer-for-amazon-s3-to-review-access-policies/]]|AWS S3 Monitoring|
|2019.12.03|Help Net Security| → [[Control access and permissions to AWS services and resources|https://www.helpnetsecurity.com/2019/12/03/aws-iam-access-analyzer/]]|AWS S3 Monitoring|
|2019.12.03|The Register| → [[AWS has new tool for those leaky S3 buckets so, yeah, you might need to reconfigure a few things|https://www.theregister.co.uk/2019/12/03/aws_s3_buckets/]]|AWS S3 Monitoring|
|2019.12.03|CloudPro| → [[AWS plugs leaky S3 buckets with CloudKnox integration|https://www.cloudpro.co.uk/it-infrastructure/security/8327/aws-plugs-leaky-s3-buckets-with-cloudknox-integration]]|AWS S3 Monitoring|
|2019.12.07|//BitDefender//| → [[Amazon Battles Leaky S3 Buckets with a New Security Tool|https://businessinsights.bitdefender.com/amazon-battles-leaky-s3-buckets-with-a-new-security-tool]]|AWS Tools|
|2019.12.02|//Security Intelligence//|[[Attain Embedded Cloud Security With a DevSecOps Approach|https://securityintelligence.com/posts/attain-embedded-cloud-security-with-a-devsecops-approach/]]|DevSecOps|
|2019.12.02|//CyberArk//|[[BlackDirect: Microsoft Azure Account Takeover|https://www.cyberark.com/threat-research-blog/blackdirect-microsoft-azure-account-takeover/]]|Azure OAuth|
|2019.12.02|//CyberArk//| → Site Web [[BlackDirect|https://black.direct/]]|Azure OAuth|
|2019.12.02|//Threatpost//| → [[Microsoft OAuth Flaw Opens Azure Accounts to Takeover|https://threatpost.com/microsoft-oauth-flaw-azure-takeover/150737/]]|Azure OAuth|
|2019.12.05|CISO Mag| → [[Security Flaw in Microsoft Azure Lets Hackers Control Azure Accounts|https://www.cisomag.com/security-flaw-in-microsoft-azure-lets-hackers-control-azure-accounts/]]|Azure OAuth|
|2019.12.02|//McAfee//|[[Data in the Cloud is Much More at Risk Than Enterprises May Think|https://www.cisomag.com/a-secure-bridge-to-the-cloud/]]|Risks|
|2019.12.02|//Cloudflare//|[[The Serverlist: Full Stack Serverless, Serverless Architecture Reference Guides, and more|https://blog.cloudflare.com/serverlist-10th-edition/]]|Serverless|
[>img(200px,auto)[iCSF/DKCFCS.png]]L'agence nationale de sécurité danoise, "Center for Cybersikkerhed", et le Conseil national de la numérisation ont publié un guide intitulé "//Vejledning til anvendelse af Cloudservices//" ou "Nouvelle orientation sur le Cloud pour les agences gouvernementales", avec un ensemble de directives.
!Contexte
[>img(80px,auto)[iCSF/DK.png]]Le document intègre des considérations commerciales, juridiques et de sécurité que les autorités devraient prendre en compte lors de l'utilisation de services Cloud.
Son but est de fournir un cadre d'utilisation et un processus de prise de décision pour savoir si les services Cloud peuvent être utilisés ou non.
Il passe donc en revue ce qu'est le Cloud, et les problèmes juridiques clés, explique comment aborder la sécurité des informations lors du transfert d'une application vers le Cloud, donne les moyens de d'évaluer les opportunités et les responsabilités liées à l'utilisation du Cloud.
Les 4 parties principales du document sont ainsi :
* Introduction aux services Cloud : les concepts de base, les modèles, leurs avantages et inconvénients
* Aspects commerciaux : besoins de l'entreprise en matière de vices Cloud, et ce que cela implique pour l'organisation.
* Aspects juridiques : sécurité des données, notamment lors du traitement de données à caractère personnel
* Aspects sécurité de l'information : exigences sécurité spécifiques apportés par les services Cloud
!Principaux éléments du guide
* Nécessité de clarifier les exigences de l'entité qui a le besoin et les implications organisationnelles des opérations et du développement basés sur le Cloud
* Évaluer les risques techniques, de sécurité, financiers, procéduraux, d'organisation et de compétence.
** Veiller à ce que les mesures de sécurité soient reflétées dans les exigences de la solution Cloud
** Permettre un contrôle adapté de la conformité du fournisseur aux exigences convenues et acceptées
** Prendre en compte les futures exigences
* Si des données à caractère personnel sont en jeu, prendre en compte certaines considérations particulières résultant du RGPD.
** L'évaluation des risques doit porter sur les risques liés au traitement de données à caractère personnel
** Mener une analyse d'impact si le niveau de risque pour les droits des personnes concernées est élevé
** Intégrer si nécessaire les aspects de localisation des données, avec éventuellement la localisation au Danemark
** Conclure un contrat de traitement de données, incluant notamment des conditions ou instructions de supervision, de déclaration d'assurance, de transfert dans des pays tiers, de localisation du traitement, ainsi que le retour et la suppression des données à la fin du contrat
** Utiliser, par exemple, la norme ISO 27701 qui permet de cartographier les liens entre les dispositions du RGD et la sécurité de l'information. Le cas échéant, s'appuyer sur les normes ISO 27001, 27002, 27017 et 27018.
Enfin, le guide rappelle aussi qu'il appartient à l'entité concernée de veiller à ce que les objectifs de sécurité soient atteints.
Même s'il est principalemnt destiné aux institutions publiques et gouvernementales, ce guide peut également s'appliqué dans le privé.
!Plan du guide
Le guide comporte 46 pages :[>img(200px,auto)[iCSF/JBTDK.png]]
|!1|>|!Introduction|
|!2|>|!Introduction aux services Cloud|
|!3|>|!Aspects commerciaux|
| |3.1|Besoins d'organisation et de compétences|
|~|3.2|Agilité et innovation|
|~|3.3|Dimensionnement|
|~|3.4|Dépendance au fournisseur|
|~|3.5|Gestion financière|
|!4|>|!Aspects juridiques|
| |4.1|Conditions spéciales pour le traitement des données personnelles|
|~|4.2|Contrats de traitement de données|
|~|4.3|Transferts en provenance de pays tiers|
|~|4.4|Évaluation d'impact|
|~|4.5|La condition de localisation requise par la loi sur la protection des données|
|~|4.6|Protection des données par la conception et par défaut|
|~|4.7|Autre législation|
|!5|>|!Aspects sécurité|
| |5.1|Évaluation des risques de la solution Cloud|
|~|5.2|Sécurité de traitement|
|~|5.3|Sécurité et nécessité de clarification|
|~|5.4|Sécurité des achats|
|~|5.5|Sécurité pendant le fonctionnement|
|~|5.6|Résiliation ou modification de la relation fournisseur|
|~|5.7|Gestion des mises à jour|
|~|5.8|Formation|
|~|5.9|Test et développement|
|!6|>|!Synthèse|
!Liens
* Annonce : ⇒ ''[[CloudSecurityAlliance.fr/go/jc7a/|https://cloudsecurityalliance.fr/go/jc7a/]]''
* Document (en danois, format PDF) : ⇒ ''[[CloudSecurityAlliance.fr/go/jc7p/|https://cloudsecurityalliance.fr/go/jc7p/]]''
[img[iCSF/flag_fr.png]][img(50%,1px)[iCSF/BluePixel.gif]]
!"//Cloud Security Alliance Announces Industry's First Credential for Cloud Auditing//"
<<<
[>img(200px,auto)[iCSA/CCAK.png]]//The Certificate of Cloud Auditing Knowledge ([[CCAK]]) allows professionals to demonstrate expertise in auditing cloud computing systems
Las Vegas - Dec. 4, 2019. The [[Cloud Security Alliance]] ([[CSA]]), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the Certificate of Cloud Auditing Knowledge ([[CCAK]]), the only credential for industry professionals that demonstrates expertise in the essential principles of auditing cloud computing systems. Set to be released in the second half of 2020, the [[CCAK]] aims to solve the current industry knowledge gap for IT audit and security professionals trained and certified for traditional on-premise IT auditing and assurance.
Designed to provide CISOs, security and compliance managers, internal and external auditors, and practitioners of tomorrow with the proven skillset to address the specific concerns that arise from the use of various forms of cloud services, the [[CCAK]] will provide a common baseline of expertise and shared nomenclature to ensure that IT auditors and other related stakeholders are communicating appropriately and accurately regarding the effectiveness of cloud security controls.
With its focus on cloud computing, the [[CCAK]] differs from traditional IT audit certification programs, which have many excellent elements, but were not developed with an understanding of cloud computing and its many nuances. An audited organization using cloud computing, for instance, will have a very different approach to satisfying control objectives, and a cloud tenant will certainly not have the same administrative access as in a legacy IT system and will employ a wide range of security controls that will be foreign to an audit and assurance professional grounded in traditional IT audit practices.
"Cloud computing represents a radical departure from legacy IT in virtually every respect. The new technology architecture, the nature of how cloud is provisioned, and the new shared responsibility model means that IT audits must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure," said Jim Reavis, co-founder and CEO, ''Cloud Security Alliance''. "Because CSA already has developed the most widely adopted cloud security audit criteria and organizational certification, we are uniquely positioned to lead efforts to ensure industry professionals have the requisite skill set for auditing cloud environments."
The [[CCAK]]'s holistic body of knowledge will be composed of the ''CSA'''s ''Cloud Controls Matrix'' ([[CCM]]), the fundamental framework of cloud control objectives; its companion ''Consensus Assessments Initiative Questionnaire'' ([[CAIQ]]), the primary means for assessing a cloud provider's adherence to ''CCM''; and the ''Security, Trust, Assurance & Risk'' ([[STAR]]) program, the global leader in cloud security audits and self-assessments, in addition to new material.
For more than 10 years, ''CSA'' has led the development of the trusted cloud ecosystem, which notably includes the ''STAR'' program and the Certificate of Cloud Security Knowledge ([[CCSK]]), the gold standard for measuring professional competency in cloud security. The [[CCAK]] and the [[CCSK]] will complement one another in that the [[CCSK]] provides the knowledge that enables an expert to secure cloud systems that will, in turn, be successfully scrutinized by an expert holding the [[CCAK]]. In many cases, an industry professional will be well served by obtaining both certificates.
Because the [[CCAK]] is intended to create a common cloud audit understanding, it's expected to become a mandatory requirement for IT auditors and highly recommended for IT managers and professionals, especially governance, risk management, compliance, and vendor/supply chain management.//
<<<
__Liens :__
* Annonce : ⇒ ''[[CloudSecurityAlliance.fr/go/jc4a/|https://cloudsecurityalliance.fr/go/jc4a/]]''
* Page dédiée au CCAK ⇒ ''[[CloudSecurityAlliance.fr/go/CCAK/|https://cloudsecurityalliance.fr/go/CCAK/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!!1 - Informations CSA de la semaine du 25 novembre au 1er décembre 2019 [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]
* Actu : Appel à commentaires, document "''Cloud Incident Response Framework - A Quick Guide''"+++*[»]> <<tiddler [[2019.11.28 - Appel à commentaires : document 'Cloud Incident Response Framework - A Quick Guide']]>>===
* Actu : Appel à commentaires, document "''Hybrid Cloud and Its Associated Risks''"+++*[»]> <<tiddler [[2019.11.28 - Appel à commentaires : document 'Hybrid Cloud and Its Associated Risks']]>>===
* Blog : 'Qu'est-ce que la Pseudo Crypto-Monnaie'+++*[»]> <<tiddler [[2019.11.25 - Blog : Qu'est-ce que la Pseudo Crypto-Monnaie]]>>===
* Actu : Derniers jours pour ''valider la traduction en français de 3 documents CSA'' (CCM, CAIQ et PLA CoC)+++*[»]> <<tiddler [[2019.11.13 - Demande de validation de la traduction en français de 3 documents CSA]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.12.01 - Veille Hebdomadaire - 1er décembre]] avec plus de 30 liens
* Bonnes pratiques et recommendations : Docker, Kubernetes
* Rapport : ''CIGREF'' sur la régulation du marché européen du Cloud+++^*[»]
|2019.11.18|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Services Cloud : Microsoft veut appliquer la conformité au RGPD partout|https://www.silicon.fr/services-cloud-microsoft-veut-appliquer-la-conformite-rgpd-partout-326317.html]]|Microsoft GDPR|
|2019.11.18|//Microsoft//| → [[Introducing more privacy transparency for our commercial cloud customers|https://blogs.microsoft.com/eupolicy/2019/11/18/introducing-privacy-transparency-commercial-cloud-customers/|https://blogs.microsoft.com/eupolicy/2019/11/18/introducing-privacy-transparency-commercial-cloud-customers/]]|Microsoft GDPR|
|2019.11.18|The Register| → [[You're about to gouda major change in Microsoft cloud security after Redmond agrees to go Dutch on data|https://www.theregister.co.uk/2019/11/18/microsoft_gdpr_moj_deal/]]|Microsoft GDPR|
|2019.11.18|CBR Online| → [[Microsoft Buckles Under EU Pressure: Changes Cloud Contracts to Reflect "Data Controller" Role|https://www.cbronline.com/news/microsoft-cloud-terms]]|Microsoft GDPR|
|2019.11.19|Le Monde Informatique[>img[iCSF/flag_fr.png]]| → [[Microsoft révise ses contrats de services cloud pour l'Union européenne|https://www.lemondeinformatique.fr/actualites/lire-microsoft-revise-ses-contrats-de-services-cloud-pour-l-union-europeenne-77118.html]]|Microsoft GDPR|
===
* __Divers__ :
** Cloud et résilience, Cloud et PRA, évaluation des prestataires Cloud
** AzureAD+++^*[»]
|2019.11.27|Sami Lamppu|![[Azure AD Identity Protection Detection Capabilities|https://samilamppu.com/2019/11/27/azure-ad-identity-protection-configuration-and-reporting/]] |AzureAD|
===
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.12.01|
|2019.12.01|KitPloit|[[CCAT - Cloud Container Attack Tool For Testing Security Of Container Environments|https://www.kitploit.com/2019/12/ccat-cloud-container-attack-tool-for.html]]|Tools Containers|
|2019.12.01|//Tripwire//|[[Security for Cloud Services: IaaS Deep Dive|https://www.tripwire.com/state-of-security/security-data-protection/cloud/security-cloud-services-iaas-deep-dive/]] (3/3)|IaaS|
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.11.30|
|2019.11.30|SANS|[[Cloud Storage Acquisition from Endpoint Devices|https://www.sans.org/blog/cloud-storage-acquisition-from-endpoint-devices/]]|Forensics|
|>|>|>|!2019.11.29|
|2019.11.29|Principauté de Monaco[>img[iCSF/flag_fr.png]]|![[Monaco étudie avec Amazon Web Services la création de son Cloud Souverain|https://www.gouv.mc/Actualites/Monaco-etudie-avec-Amazon-Web-Services-la-creation-de-son-Cloud-Souverain2]]|Sovereignty Monaco|
|2019.11.29|Center for Cybersikkerhed|![[Nouvelle directive sur le cloud pour les autorités publiques|https://fe-ddis.dk/cfcs/nyheder/arkiv/2019/Pages/cloudvejledning-for-offentlige-myndigheder.aspx]] |Guidelines Denmark|
|2019.11.29|Container Journal|[[Sysdig's Third Annual Container Usage Report Reveals That Container Lifespan Has Been Cut in Half |https://containerjournal.com/news/news-releases/sysdigs-third-annual-container-usage-report-reveals-that-container-lifespan-has-been-cut-in-half/]]|Containers Survey|
|2019.11.29|//Fortinet//|[[Four ways to develop a hybrid cloud security strategy|https://www.itworldcanada.com/sponsored/four-ways-to-develop-a-hybrid-cloud-security-strategy]]|Hybrid_Cloud|
|2019.11.29|//Sunguard//|![[Embedding resilience into your cloud-based modernisation strategy|https://www.continuitycentral.com/index.php/news/resilience-news/4674-embedding-resilience-into-your-cloud-based-modernisation-strategy]]|Resilience|
|>|>|>|!2019.11.28|
|2019.11.28|//DivvyCloud//|[[Forecasting the cloud security landscape in 2020|https://betanews.com/2019/11/28/forecasting-cloud-security-2020/]]|Predictions|
|2019.11.28|//Cloudonaut//|[[Checklist: Is your application ready for a container cluster?|https://cloudonaut.io/checklist-container-cluster-ecs-fargate/]]|Containers|
|2019.11.28|//Caylent//|[[AWS Transit Gateway Examined|https://caylent.com/aws-transit-gateway-examined]] (1/2)|AWS|
|>|>|>|!2019.11.27|
|2019.11.27|ZDnet|[[Predictions 2020: Cloud computing sees new alliances and new security concerns|https://news.hitb.org/content/predictions-2020-cloud-computing-sees-new-alliances-and-new-security-concerns]]|Predictions|
|2019.11.27|Container Journal|[[Securing Docker Containers: A Primer|https://containerjournal.com/topics/container-security/securing-docker-containers-a-primer/]]|Docker|
|2019.11.27|Sami Lamppu|![[Azure AD Identity Protection Detection Capabilities|https://samilamppu.com/2019/11/27/azure-ad-identity-protection-configuration-and-reporting/]] |AzureAD|
|2019.11.27|//Virtustream//[>img[iCSF/flag_fr.png]]|[[Etat des lieux du cloud dans le secteur de la santé|https://www.journaldunet.com/solutions/expert/72165/etat-des-lieux-du-cloud-dans-le-secteur-de-la-sante.shtml]]|Healthcare|
|2019.11.27|//Compare the Cloud//|[[A brief history of disaster recovery|https://www.comparethecloud.net/articles/a-brief-history-of-disaster-recovery/]] ([[vidéo|https://www.youtube.com/watch?v=BJ2g_1-m_mo]])|DRP DRaaS|
|2019.11.27|//Google Cloud//|[[Exploring container security: Day one Kubernetes decisions|https://cloud.google.com/blog/products/containers-kubernetes/security-considerations-for-google-kubernetes-engine]]|K8s Best_Practices|
|2019.11.27|//Alcide//|[[Prevent Costly Mistakes that Expose Your Kubernetes Service|https://blog.alcide.io/prevent-costly-mistakes-that-expose-your-kubernetes-service]]|K8s Best_Practices|
|2019.11.27|//Tresorit//|[[Choosing the Right Cloud Provider: The Importance of Security Assessments|https://www.infosecurity-magazine.com/blogs/choosing-the-right-cloud-provider/]]|Vendors Assessment|
|2019.11.27|//DeltaRisk//|[[How to Determine if SOC-as-a-Service is Right for Your Organization|https://deltarisk.com/blog/how-to-determine-if-soc-as-a-service-is-right-for-your-organization/]]|SOCaaS|
|>|>|>|!2019.11.26|
|2019.11.26|Solutions Numériques[>img[iCSF/flag_fr.png]]|[[Sécurité d'Office 365 : les entreprises doivent agir|https://www.solutions-numeriques.com/dossiers/securite-doffice-365-les-entreprises-doivent-agir/]]|O365|
|2019.11.26|Alain Bensoussan[>img[iCSF/flag_fr.png]]|[[Les contrats cloud Microsoft rattrapés par le RGPD|https://www.alain-bensoussan.com/avocats/les-contrats-cloud-microsoft-rattrapes-par-le-rgpd/2019/11/26/]]|Microsoft RGPD|
|2019.11.26|ZDnet|[[A hacking group is hijacking Docker systems with exposed API endpoints|https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/]]|Attacks Docker|
|2019.11.26|Silicon Angle|[[Vulnerable Docker instances targeted in cryptocurrency mining campaign|https://siliconangle.com/2019/11/27/vulnerable-docker-instances-targeted-cryptocurrency-mining-campaign/]]|Attacks Docker|
|2019.11.26|Silicon Angle|[[Designing security for an open-source, containerized, cloud-native world|https://siliconangle.com/2019/11/26/designing-security-for-an-open-source-containerized-cloud-native-world-kubecon/]] ([[vidéo|http://www.youtube.com/watch?v=i4Xo_OYSShk]])|Cloud_Native Containers|
|2019.11.26|Navisite|![[Best Practices to Leverage the Cloud for Disaster Recovery (pdf)|https://www.navisite.com/uk/blog/choosing-the-right-dr-strategy-highlights-from-vmworld-2018/]]|DRP|
|2019.11.26|Navisite|![[Why your current disaster recovery strategy may not cover compliance|https://drj.com/wp-content/uploads/2019/08/WP-Why-your-DR-strategy-may-not-cover-compliance-1-1-18.pdf]]|DRP Compliance|
|>|>|>|!2019.11.25|
|2019.11.25|LeMagIT[>img[iCSF/flag_fr.png]]|[[Sécurité du cloud : dix ans après le lancement de la CSA, les chantiers restent énormes|https://www.lemagit.fr/actualites/252474540/Securite-du-Cloud-dix-ans-apres-le-lancement-de-la-CSA-les-chantiers-restent-enormes]]|CSA trends|
|2019.11.25|CIGREF[>img[iCSF/flag_fr.png]]|![[SWIPO : Échec de la régulation du marché européen du cloud|https://www.cigref.fr/swipo-echec-regulation-marche-europeen-cloud]] ([[pdf|https://www.cigref.fr/wp/wp-content/uploads/2019/11/CP-SWIPO-Cigref-version-francaise-2019-11-25.pdf]])|Regulations SWIPO|
|2019.11.25|LeMagIT[>img[iCSF/flag_fr.png]]| → [[Pour le Cigref, la première tentative d'autorégulation du cloud en Europe est un "échec"|https://www.lemagit.fr/actualites/252474525/Pour-le-CIGREF-la-premiere-tentative-dautoregulation-du-cloud-en-Europe-est-un-echec]]|Regulations SWIPO|
|2019.11.26|Silicon.fr[>img[iCSF/flag_fr.png]]| → [[Cloud : le Cigref adoube les contrats IaaS mais critique le SaaS|https://www.silicon.fr/cloud-europeen-cigref-critique-saas-327207.html]]|Regulations SWIPO|
|2019.11.25|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Multicloud : la sécurité est le principal défi à relever|https://www.silicon.fr/multicloud-securite-principal-defi-327095.html]]|Misc|
|2019.11.25|Solutions Review|[[Google Announces New Security Capabilities for Google Cloud|https://solutionsreview.com/cloud-platforms/google-announces-new-security-capabilities-for-google-cloud/]]|GCP|
|2019.11.25|CBR On Line|[[An Idiot's Guide to Kubernetes|https://www.cbronline.com/feature/an-idiots-guide-to-kubernetes]]|K8s|
|2019.11.25|Techradar Pro|[[Amazon files official JEDI contract complaint|https://www.techradar.com/news/amazon-files-official-jedi-contract-complaint]]|JEDI|
|2019.11.25|eWeek|[[Recognizing the Right Stuff in Cloud Security|https://www.eweek.com/cloud/recognizing-the-right-stuff-in-cloud-security]]|Misc|
|2019.11.25|//Cisco//|[[Security's New Address: The Cloud|https://umbrella.cisco.com/blog/2019/11/25/securitys-new-address-the-cloud/]]|Gartner Network|
|2019.11.25|//Compare the Cloud//|[[Cloud Vendor Assessments - Done The Right Way|https://www.comparethecloud.net/articles/cloud-vendor-assessments-done-right/]]|Vendors Assessment|
|2019.11.25|//Heimdal//|[[What is the Zero Trust Model?|https://heimdalsecurity.com/blog/what-is-the-zero-trust-model/]]|Zero_Trust|
|2019.11.25|//DeltaRisk//|[[New G Suite Security Features Protect Against Rogue Apps|https://deltarisk.com/blog/new-g-suite-security-features-protect-against-rogue-apps/]]|GCP|
|2019.11.25|//AWS//|![[Ramp-Up Learning Guide available for AWS Cloud Security, Governance, and Compliance|https://aws.amazon.com/blogs/security/ramp-up-learning-guide-cloud-security-governance-compliance/]] ([[plan de formation|https://d1.awsstatic.com/training-and-certification/ramp-up-guides/RampUp_Security_102019_final.pdf]])|Training Upskilling|
!"//Cloud Security Alliance Announces Speakers for CSA Summit at RSA Conference 2020//"
[>img(100px,auto)[iCSA/K2OEC.png]]Le CSA Summit aura lieu le 24 février 2020 à San Francisco.
⇒ Lire [[l'article|https://cloudsecurityalliance.org/press-releases/2019/12/17/cloud-security-alliance-announces-speakers-for-csa-summit-at-rsa-conference-2020/]] sur le site de la Cloud Security Alliance.
⇒ Le site du [[CSA Summit|https://cloudsecurityalliance.org/events/csa-summit-at-rsa-conference-2020]] à la ''RSA Conference 2020''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//?CCPA is Ambiguous About Cloud. Your Response Shouldn't Be//"
[>img(100px,auto)[iCSA/JCIBC.jpg]]^^Article publié le 18 décembre sur le blog de la CSA, et après l'avoir été sur le site de Fugue.
⇒ Lire [[l'article|https://cloudsecurityalliance.org/blog/2019/12/18/ccpa-is-ambiguous-about-cloud-your-response-shouldn-t-be/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.fugue.co/blog/ccpa-is-ambiguous-about-cloud.-your-response-shouldnt-be]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//The Four Pillars of CASB: Visibility//"
[>img(100px,auto)[iCSA/JC4BT.jpg]]^^Article publié le 4 décembre sur le blog de la CSA, et après l'avoir été il y a plus de 6 semaines sur le site de Bitglass.
⇒ Lire [[l'article|https://cloudsecurityalliance.org/articles/the-four-pillars-of-casb-visibility/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/four-pillars-casb-visibility]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201911>>
<<tiddler fAll2Tabs10 with: VeilleM","_201911>>
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2019.11.19|//PaloAlto Networks//|![[Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271|https://unit42.paloaltonetworks.com/docker-patched-the-most-severe-copy-vulnerability-to-date-with-cve-2019-14271/]]|Docker CVE-2019-14271|
|2019.07.25|MITRE|[[CVE-2019-14271|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271]]|Docker CVE-2019-14271|
|2019.11.19|GBHackers on Security| → [[Most Critical Docker Vulnerability Let Hackers To Take Complete Control Over Host & All Containers Within It|https://gbhackers.com/docker-vulnerability/]]|Docker CVE-2019-14271|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Novembre 2019]]>>
<<tiddler fAll2LiTabs10 with: NewsL","201911>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Novembre 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Novembre 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201911>>
<<tiddler fAll2LiTabs13end with: Blog","201911>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Novembre 2019]]>>
<<tiddler fAll2LiTabs13end with: Publ","201911>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Novembre 2019]]>>
Un appel à commentaires dont la date de clôture est le ''27 décembre 2019'' : "''Cloud Incident Response Framework - A Quick Guide''".
<<<
//What this Quick Guide aims to do is to distill and give readers an overview of key contributions of the work currently undertaken in the CIR WG, towards a comprehensive CIR framework. The CIR WG hopes to take this opportunity to encourage volunteers to participate in the WG's efforts and provide valuable feedback to the ongoing work.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/jbsi/|https://cloudsecurityalliance.fr/go/jbsi/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
Un appel à commentaires dont la date de clôture est le ''27 décembre 2019'' : "''Hybrid Cloud and Its Associated Risks''".
<<<
//Cloud computing is flourishing. Hybrid clouds, especially, have been gaining more traction as cloud customers increasingly understand that using public clouds or private clouds alone poses certain limitations. Hybrid cloud is often the starting point for organizations to get started on the cloud journey and this document aims to describe the concept and value of hybrid clouds, highlight key application scenarios and point out security risks in the hybrid cloud.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/jbsh/|https://cloudsecurityalliance.fr/go/jbsh/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//What's a Pseudo Cryptocurrency?//"
[>img(150px,auto)[iCSA/JBLBD.jpg]]Article de blog publié le 25 novembre 2019 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA
<<<
//You may not have yet seen the term "pseudo cryptocurrency," in fact it (as of 2019-08-22) it only shows up 2030 Google search results and a quarter million without the quotes. So if nobody is using this term, why does it matter?
Currently, we have a number of established cryptocurrencies such as Bitcoin, Ethereum, Litecoin, Zcash, Mondero and so on. They tend to share two major characteristics:
* They are decentralized, meaning no single central authority controls them entirely
* Secondly, they can be used to represent value, with varying degrees of stability, or in the case of Bitcoin: buckle up!
The term pseudo cryptocurrency is not completely established yet but appears to be in use for two main reasons. You want to talk about a cryptocurrency that isn't decentralized enough and is part of a scammy initial coin offering. Or you want to talk about something that has many of the properties of the established cryptocurrencies but isn't a currency.
The first case isn't too interesting, there are many new cryptocurrency projects that are not decentralized or "pure" enough, and to be clear there is a place for these.
The second case is much more interesting, like most new technologies we started with a single ambitious use case ("replace all the banks! 2EZ!") that has morphed and grown to other use cases (e.g. inventory tracking and food safety) and we're even starting to see hybrid projects. Measuring and tracking value is a core activity for many businesses and projects. Still, you probably don't want to actually be a currency as this means you'll have to deal with the SEC (in America) or their local counterpart, and if you're really unlucky, you may end up in front of a Senate hearing getting grilled on just what exactly it is you're planning to do.
Many systems that store and distribute information (privately and publicly) can also allow you to conduct transactions with it. For example, a résumé or CV cannot be spent to buy a candy bar, but a good résumé or CV can definitely help you get a better job so you can buy more candy bars. You can't "spend" your résumé, but you can increase the value inherent in your résumé through training, experience, certifications and so on that can then be used to get a pay raise or a better job. Measuring that value is where the pseudo cryptocurrency comes in. Allowing the market to abstract the value into a standard form makes it much easier to examine and compare résumés. For people using the system, they can listen to what the market values and get certifications that actually provide them with more value.
You can read more about Blockchain in CSA's uses cases research report+++*[here]> <<tiddler [[2018.11.27 - Publication : Blockchain DLT Use Cases]]>> ===. Interested in reading more about Blockchain from the Seifried Files?//[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/jbpb/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 18 au 24 novembre 2019
* Publication : 4 documents CSA sur le ''RGPD''+++*[»]> <<tiddler [[2019.11.19 - Publication : 4 documents CSA sur le RGPD]]>>===
* Publication : Présentations au Forum CSA 2019 du Colorado+++*[»]> <<tiddler [[2019.11.18 - Publication : Présentations au Forum CSA 2019 du Colorado]]>>===
* Actu : Nouvelle ''demande de validation de la traduction en français de 3 documents CSA'' (CCM, CAIQ et PLA CoC)+++*[»]> <<tiddler [[2019.11.13 - Demande de validation de la traduction en français de 3 documents CSA]]>>===
* Actu : CCSK Plus Labs pour plate-forme Microsoft Azure+++*[»]> <<tiddler [[2019.11.20 - CCSK Plus Labs pour plate-forme Microsoft Azure]]>>===
!!2 - Veille Web Cloud et Sécurité
La+++*[Veille Web]> <<tiddler [[2019.11.24 - Veille Hebdomadaire - 24 novembre]]>>=== avec plus de 40 liens
* Alerte : analyse de la vulnérabilité ''Docker CVE-2019-14271''
* Incidents et pannes : plusieurs pannes Azure en Australie
* Outils : Benchmarking CIS pour AWS, Azure et GCP+++*[»]>
===
* Bonnes pratiques : sécurisation de cluster Kubernetes +++*[»]>
|2019.11.19|//Mobilise//|![[15 Kubernetes security best practice to secure your cluster|https://www.mobilise.cloud/15-kubernetes-security-best-practice-to-secure-your-cluster/]] |K8s Best_Practices|
===
* __Divers__ : répertoire de liens sur Dockers, Chaos Engineering pour Kubernetes, Threat Hunting pour AWS+++*[»]>
|2019.11.19|//AWS//|[[Enabling a Threat Hunting Capability in AWS (pdf)|https://pages.awscloud.com/rs/112-TZM-766/images/How-to-Build-a-Threat-Hunting-Capability-in-AWS_Whitepaper.pdf]]|Threat_Hunting|
|2019.11.21|//AWS//| → [[How to Build a Threat Hunting Capability in AWS (pdf)|https://pages.awscloud.com/rs/112-TZM-766/images/How-to-Build-a-Threat-Hunting-Capability-in-AWS_Slides.pdf]]|Threat_Hunting|
===
* Rapport : INAP, Information Security Forum+++*[»]>
|2019.11.19|Information Security Forum|[[ISF Releases Using Cloud Services Securely: Harnessing Core Controls|https://vmblog.com/archive/2019/11/19/isf-releases-using-cloud-services-securely-harnessing-core-controls.aspx]]|Best_Practices Controls|
|2019.11.19|Information Security Forum| → [[Using Cloud Services Securely: Harnessing Core Controls|https://www.securityforum.org/research/using-cloud-services-securely-harnessing-core-controls/]] ([[synthèse|https://www.securityforum.org/uploads/2019/11/ISF_Using-Cloud-Services-Securely_Executive-Summary-PWS-new.pdf]])|Best_Practices Controls|
===, TrendMicro
!3 - Conférences et Salons
* Le ''Cloud & Cyber Security Expo c'est cette semaine'' : ''mercredi 27 et jeudi 28 novembre'' à Paris, Porte de Versailles
** ''Troisième'' teaser et inscription gratuite+++*[»]> <<tiddler [[2019.11.22 - Cloud & Cyber Security Expo - Inscription et Extrait du Programme (3/3)]]>>===
** Animation d'une table ronde sur la ''Cyber-Résilence dans le Cloud''+++*[»]> <<tiddler [[2019.10.07 - Cloud & Cyber Security Expo les 27 et 28 novembre 2019]]>>===
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.11.26|
|2019.11.26|Informatique News[>img[iCSF/flag_fr.png]]|[[Google abandonne Cloud Print|https://www.informatiquenews.fr/google-abandonne-cloud-print-65041]]|GCP|
|2019.11.26|InfoSecurity Mag|[[DevOps, Cloud and Remote Workers Dominate 2020 Risks|https://www.infosecurity-magazine.com/news/devops-cloud-remote-workers/]]|Trends Risks|
|>|>|>|!2019.11.24|
|2019.11.24|//Tripwire//|[[Cloud Security Threats: Escaping the Egregious Eleven - Part Two|https://www.tripwire.com/state-of-security/featured/cloud-security-threats-escaping-egregious-eleven-part-two/]] (2/2)|CSA Threats|
|2019.11.24|//Tripwire//|[[Security for Cloud Services: PaaS Deep Dive|https://www.tripwire.com/state-of-security/security-data-protection/cloud/security-cloud-services-paas-deep-dive/]] (2/3)|PaaS|
|>|>|>|!2019.11.22|
|2019.11.22|Wired|[[1.2 Billion Records Found Exposed Online in a Single Server|https://www.wired.com/story/billion-records-exposed-online/]]|Data_Leak|
|2019.11.22|Data Viper| → [[Personal and Social information of 1.2 billion people Discovered in Massive Data Leak|https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/]]|Data_Leak|
|2019.11.22|CRN|[[Australia cops third Microsoft cloud outage in a week|https://www.crn.com.au/news/australia-cops-third-microsoft-cloud-outage-in-a-week-534452]]|Azure Outage Australia|
|2019.11.22|//Google//|How Kubernetes components communicate securely in your cluster [[pdf|https://static.sched.com/hosted_files/kccncna19/72/KubeCon%20NA%202019%20-%20How%20Kubernetes%20components%20communicate%20securely%20in%20your%20cluster%20-%2020191121.pdf]] et [[vidéo|https://www.youtube.com/watch?v=bXnVI_hUAbk]]|K8s|
|2019.11.22|//Blissfully//|[[What HR Needs to Know About SaaS Security|https://www.blissfully.com/blog/what-hr-needs-to-know-about-saas-security/]]|SaaS|
|>|>|>|!2019.11.21|
|2019.11.21|Bleeping Computer|[[Microsoft 365 Experiencing OneDrive and SharePoint Outages|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-experiencing-onedrive-and-sharepoint-outages/]]|O365 OneDrive Sharepoint Outage|
|2019.11.21|ComputerWeekly|[[Security Think Tank: Stopping data leaks in the cloud|https://www.computerweekly.com/opinion/Security-Think-Tank-Stopping-data-leaks-in-the-cloud]]|DataLeaks|
|2019.11.21|Federal News Network|[[Goodrich overcame naysayers, doubters to advance cloud security|https://federalnewsnetwork.com/ask-the-cio/2019/11/goodrich-overcame-naysayers-doubters-to-advance-cloud-security/]]|Misc|
|2019.11.21|IT Pro Poral|[[Monitoring multi-cloud environments|https://www.itproportal.com/features/monitoring-multi-cloud-environments/]]|Monitoring|
|2019.11.21|//Security Intelligence//|[[5 Cloud Security Considerations to Ensure a Successful Migration|https://securityintelligence.com/posts/5-cloud-security-considerations-to-ensure-a-successful-migration/]]|Migration|
|2019.11.21|//FireEye//|[[The Cloud Revolution and the Future of the SOC|https://www.fireeye.com/blog/products-and-services/2019/11/cloud-revolution-and-the-future-of-the-soc.html]] ([[podcast|https://www.hipcast.com/podcast/HqmqyRZs]] [[mp3|https://fireeyeinc.hipcast.com/download/fireeyeinc-20191119120146-2659.mp3]])|SOC|
|2019.11.21|//Caylent//|[[Top Secrets Management Tools Compared|https://caylent.com/top-secrets-management-tools-compared]]|Secrets_Management|
|2019.11.21|//Respond//|[[Who Needs a SIEM with All These Cloud Services Options?|https://respond-software.com/blog/siem-cloud-service-options/]]|SIEM|
|>|>|>|!2019.11.20|
|2019.11.20|Forbes|[[The Kubernetes Ship Has Set Sail: Is Your Security Team On Board?|https://www.forbes.com/sites/forbestechcouncil/2019/11/20/the-kubernetes-ship-has-set-sail-is-your-security-team-on-board/]]|K8s|
|2019.11.20|Infosec|[[Malware overview - Graboid|https://resources.infosecinstitute.com/malware-overview-graboid/]]|Graboid|
|2019.11.20|The Register|[[Cloud nine to cloud nein: Google beefs up punters' data encryption to fend off cyber-thieves|https://www.theregister.co.uk/2019/11/20/google_cloud_next/]]|GCP|
|2019.11.21|CRN| → [[Google Cloud unveils new security capabilities|https://www.crn.com.au/news/google-cloud-unveils-new-security-capabilities-534305]]|GCP|
|2019.11.20|David Balut|[[Useful training and mindset for becoming a Cloud Security Architect|https://dawidbalut.com/2019/11/20/useful-training-and-mindset-for-becoming-a-cloud-security-architect/]]|Training|
|2019.11.20|CRN|[[Microsoft blames networking build for 365 outage|https://www.crn.com.au/news/microsoft-blames-networking-build-for-365-outage-534278]]|Azure Outage Australia|
|2019.11.20|//Security Intelligence//|[[Reimagining Security for a Multicloud World|https://securityintelligence.com/posts/reimagining-security-for-a-multicloud-world/]]|Multi_Cloud|
|2019.11.20|//Check Point//|[[6 DevSecOps Sessions You Won't Want to Miss at AWS Re:Invent|https://blog.checkpoint.com/2019/11/20/6-devsecops-sessions-you-wont-want-to-miss-at-aws-reinvent/]]|DevSecOps|
|2019.11.20|//Google Cloud//|[[Advancing control and visibility in the cloud|https://cloud.google.com/blog/products/identity-security/new-security-tools-for-google-cloud-and-g-suite]]|GCP|
|2019.11.20|//INAP//|[[New Survey: IT Professionals Want to Embrace Cloud Services, Update IT Infrastructure and Expand Job Roles|https://www.inap.com/press-release/state-it-infrastructure-management-2019/]]|Report|
|2019.11.20|//INAP//| → [[New Survey Report: The State of IT Infrastructure Management|https://www.inap.com/blog/state-it-infrastructure-management-2019/]]|Report|
|>|>|>|!2019.11.19|
|2019.11.19|Information Security Forum|[[ISF Releases Using Cloud Services Securely: Harnessing Core Controls|https://vmblog.com/archive/2019/11/19/isf-releases-using-cloud-services-securely-harnessing-core-controls.aspx]]|Best_Practices Controls|
|2019.11.19|Information Security Forum| → [[Using Cloud Services Securely: Harnessing Core Controls|https://www.securityforum.org/research/using-cloud-services-securely-harnessing-core-controls/]] ([[synthèse|https://www.securityforum.org/uploads/2019/11/ISF_Using-Cloud-Services-Securely_Executive-Summary-PWS-new.pdf]])|Best_Practices Controls|
|2019.12.13|UK Authority| → [[Information Security Forum highlights threats to IoT and cloud|https://www.ukauthority.com/articles/information-security-forum-highlights-threats-to-iot-and-cloud/]]|Best_Practices Controls|
|2019.11.19|//PaloAlto Networks//|![[Docker Patched the Most Severe Copy Vulnerability to Date With CVE-2019-14271|https://unit42.paloaltonetworks.com/docker-patched-the-most-severe-copy-vulnerability-to-date-with-cve-2019-14271/]]|Docker CVE-2019-14271|
|2019.07.25|MITRE|[[CVE-2019-14271|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271]]|Docker CVE-2019-14271|
|2019.11.19|GBHackers on Security| → [[Most Critical Docker Vulnerability Let Hackers To Take Complete Control Over Host & All Containers Within It|https://gbhackers.com/docker-vulnerability/]]|Docker CVE-2019-14271|
|2019.11.19|CRN|[[Microsoft 365 outage strikes, lasts about four hours|https://www.crn.com.au/news/microsoft-365-outage-strikes-534267]]|Azure Outage Australia|
|2019.11.19|ZDnet|[[Nextcry : un ransomware s'attaque aux instances NextCloud|https://www.zdnet.fr/actualites/nextcry-un-ransomware-s-attaque-aux-instances-nextcloud-39894109.htm]]|NextCloud Ransomware|
|2019.11.19|//TrendMicro//|[[The New Norm - Trend Micro Security Predictions For 2020|https://www.trendmicro.com/vinfo/fr/security/research-and-analysis/predictions/2020]] ([[rapport (pdf)|https://documents.trendmicro.com/assets/rpt/rpt-the-new-norm-trend-micro-security-predictions-for-2020.pdf]]|Trends Report|
|2019.11.19|//Neuvector//|[[Serverless 101: When It Makes Sense and When It Doesn't|https://neuvector.com/cloud-security/why-serverless/]] (1/3)|Serverless|
|2019.11.19|NextGov|[[Flash Poll: Capturing the Power of Cloud|https://www.govexec.com/insights/reports/flash-poll-capturing-power-cloud/161239/]]|Survey|
|2019.11.19|//AWS//|[[Enabling a Threat Hunting Capability in AWS (pdf)|https://pages.awscloud.com/rs/112-TZM-766/images/How-to-Build-a-Threat-Hunting-Capability-in-AWS_Whitepaper.pdf]]|Threat_Hunting|
|2019.11.21|//AWS//| → [[How to Build a Threat Hunting Capability in AWS (pdf)|https://pages.awscloud.com/rs/112-TZM-766/images/How-to-Build-a-Threat-Hunting-Capability-in-AWS_Slides.pdf]]|Threat_Hunting|
|2019.11.19|//Mobilise//|![[15 Kubernetes security best practice to secure your cluster|https://www.mobilise.cloud/15-kubernetes-security-best-practice-to-secure-your-cluster/]] |K8s Best_Practices|
|>|>|>|!2019.11.18|
|2019.11.18|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Services Cloud : Microsoft veut appliquer la conformité au RGPD partout|https://www.silicon.fr/services-cloud-microsoft-veut-appliquer-la-conformite-rgpd-partout-326317.html]]|Microsoft GDPR|
|2019.11.18|//Microsoft//| → [[Introducing more privacy transparency for our commercial cloud customers|https://blogs.microsoft.com/eupolicy/2019/11/18/introducing-privacy-transparency-commercial-cloud-customers/|https://blogs.microsoft.com/eupolicy/2019/11/18/introducing-privacy-transparency-commercial-cloud-customers/]]|Microsoft GDPR|
|2019.11.18|The Register| → [[You're about to gouda major change in Microsoft cloud security after Redmond agrees to go Dutch on data|https://www.theregister.co.uk/2019/11/18/microsoft_gdpr_moj_deal/]]|Microsoft GDPR|
|2019.11.18|CBR Online| → [[Microsoft Buckles Under EU Pressure: Changes Cloud Contracts to Reflect "Data Controller" Role|https://www.cbronline.com/news/microsoft-cloud-terms]]|Microsoft GDPR|
|2019.11.19|Le Monde Informatique[>img[iCSF/flag_fr.png]]| → [[Microsoft révise ses contrats de services cloud pour l'Union européenne|https://www.lemondeinformatique.fr/actualites/lire-microsoft-revise-ses-contrats-de-services-cloud-pour-l-union-europeenne-77118.html]]|Microsoft GDPR|
|2019.11.18|DZone|![[The Complete Docker Collection|https://dzone.com/articles/the-complete-docker-collection-tutorials]]|Docker Tutorials|
|2019.11.18|DZone|[[Containers vs. Serverless|https://dzone.com/articles/containers-vs-serverless]]|Containers Serverless|
|2019.11.18|TechBeacon|[[Why you should shift your cloud security strategy up stack|https://techbeacon.com/security/why-you-should-shift-your-cloud-security-strategy-stack]]|Strategy|
|2019.11.18|Shivbihari Pandey|[[Million Users PII Leak Data Leak|https://medium.com/bugbountywriteup/million-users-pii-leak-attack-288c5e37b283]]|Data_Leak|
|2019.11.18|//Gremlin//|[[Simple Kubernetes Targeting for Your Chaos Experiments|https://www.gremlin.com/blog/simple-kubernetes-targeting-for-your-chaos-experiments/]]|K8s Chaos_Engineering|
|2019.11.18|BetaNews|[[Chaos engineering platform improves Kubernetes container reliability|https://betanews.com/2019/11/18/chaos-engineering-kubernetes/]]|K8s Chaos_Engineering|
|2019.11.18|//Threatpost//|[[Office 365 Admins Targeted in Ongoing Phishing Scam|https://threatpost.com/office-365-admins-phishing/150352/]]|O365 Phishing|
|2019.11.18|//Sysdig//|[[Announcing the Cloud Native Security Hub|https://sysdig.com/blog/cloud-native-security-hub/]]|Sharing Configurations|
|2019.11.18|//Cavirin//|![[Cavirin Free for CIS benchmark now available on AWS and GCP|https://www.helpnetsecurity.com/2019/11/18/cavirin-free/]]|Benchmarking|
|2019.11.18|//Cavirin//| → [[Cavirin Platform Comparison|https://www.cavirin.com/environments/cavirin-free.html]]|Benchmarking|
|2019.11.28|//Tripwire//|[[Security for Cloud Services: SaaS Deep Dive|https://www.tripwire.com/state-of-security/security-data-protection/cloud/security-cloud-services-saas-deep-dive/]] (1/3)|SaaS|
|2019.11.18|//DataDog//|[[8 Facts about Real-World Container Use|https://www.datadoghq.com/container-report/]]|Containers Survey|
|2019.11.18|//WatchGuard//|[[2020 Security Predictions: Ransomware Targets the Cloud|https://www.secplicity.org/2019/11/18/2020-security-predictions-ransomware-targets-the-cloud/]]|Ransomware|
|2019.11.18|Nino Crudele|![[The three most effective and dangerous cyberattacks to Azure and countermeasures (part 3 - The privilege escalation)|https://ninocrudele.com/the-three-most-effective-and-dangerous-cyberattacks-to-azure-and-countermeasures-part-3-the-privilege-escalation]] (3/3)|Azure Attacks CounterMeasurement||
|2019.11.18|//Microsoft Azure//|![[CVE-2019-1372 - Azure Stack Remote Code Execution Vulnerability|https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372]]|Azure Vulnerability CVE-2019-1372|
|2019.11.18|//CyberArk Conjur//|[[Four Ways to Keep Kubernetes' Secrets Secret|https://www.conjur.org/blog/four-ways-to-keep-kubernetes-secrets-secret/]]|K8s Secrets|
|2019.11.18|//Impidio//|[[Kubernetes RBAC Security Pitfalls|https://www.impidio.com/blog/kubernetes-rbac-security-pitfalls]]|K8s RBAC|
[>img(200px,auto)[iCSF/CCSEP2019.png]]Pour s'inscrire à la ''Cloud & Cyber Security Expo'' et disposer une deuxième aperçu du programme des conférences gratuites :
Suivez le lien ⇒ ''[[CloudSecurityAlliance.fr/go/jbls|https://CloudSecurityAlliance.fr/go/jbls]]''
[img(auto,60px)[iCSF/CCSA19h.jpg][https://CloudSecurityAlliance.fr/go/jbls]]
!CSA Congress EMEA 2019
[>img(250px,auto)[iCSA/201911DE-Berlin.jpg]]Après Amsterdam en 2012, et Madrid en 2016, le ''CSA Congress EMEA'' se déroulera à Berlin du 20 et 21 novembre 2019, après 2 jours de formations CSA
La [[Cloud Security Alliance]] est donc fière d'accueillir le Congrès 2019 de l'EMEA dans les locaux de son nouveau siège européen de Berlin.
Cette conférence de 4 jours comprendra 2 jours de formations, puis 2 jours de sessions de présentations et des possibilités de réseautage pour les professionnels de la sécurité du Cloud. Les participants pourront assister à un large éventail de présentations et de discussions sur des sujets d'actualité en matière de recherche, développement, pratiques et exigences liées à la sécurité dans le Cloud.
Cette année marque le dixième anniversaire de la CSA. Depuis sa création, la CSA s'est consacrée à la définition et à la sensibilisation aux bonnes pratiques afin d'assurer un environnement informatique dans le Cloud sécurisé partout dans le monde. Le congrès CSA EMEA est l'occasion pour nous de réfléchir aux expériences acquises par les entreprises et les fournisseurs alors que le Cloud est devenu le principal système informatique prédominant. Nous explorerons également de nouvelles frontières qui accélèrent le changement en matière de sécurité de l'information, telles que l'intelligence artificielle, le blockchain et l'IoT.
__Agenda :__[>img(250px,auto)[iCSA/JBICE.jpg]]
* Lundi 18 et mardi 19 novembre : formations
** ''RGPD'' : les 18 et 19
** ''CCSK'' : le 18
** ''Cloud Governance & Compliance Training Course'' : le 19
* Mercredi 20 et jeudi 21 novembre : le ''CSA Congress EMEA''
__Lieu :__
* Hotel Adlon Kempinski — Unter den Linden 77, 10117 Berlin, Germany
* Lien : ''[[CloudSecurityAlliance.fr/go/jBjH/|https://cloudsecurityalliance.fr/go/jBjH/]]''
__Appel à présentations :__ --[[ici|2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]-- clôturé.
Pour en savoir plus et s'inscrire :
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/jBjE/|https://cloudsecurityalliance.fr/go/jBjE/]]''
!Communiqué de presse "//CSA's Certificate of Cloud Computing Knowledge Plus Labs Are Now Available on Microsoft Azure Cloud Platform //"
[>img(200px,auto)[iCSA/J73CCSK.png]]
<<<
//Expansion gives Microsoft users equal access and functionality on the Azure platform
''SEATTLE and BERLIN - CSA EMEA CONGRESS - Nov. 20, 2019'' - The ''Cloud Security Alliance'' (''CSA''), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that the hands-on labs available as part of the ''Certificate of Cloud Security Knowledge'' ([[CCSK]]) ''Plus'' coursework are now available on the ''Microsoft Azure'' cloud platform. Previously available only on ''Amazon Web Services'' (''AWS''), now Microsoft users will have equal access and functionality on the Azure platform, expanding the number of users who can now benefit from ''CCSK'' training and demonstrate their technical knowledge, skills, and abilities to use controls tailored to the cloud effectively.
"We're extremely excited to be able to expand the availability of our ''CCSK Plus'' training to ''Microsoft Azure'' cloud platform users looking to establish a baseline of security best practices when dealing with a broad array of responsibilities, from cloud governance to configuring technical security controls" said Ryan Bergsma, Training Program Director, ''CSA''.
The lecture-only ''CCSK Foundation'' course begins with the fundamentals, then increases in complexity as it works through all 16 domains of the ''CSA Security Guidance'', recommendations from the ''European Union Agency for Network & Information Security'' (''ENISA''), and an overview of the ''Cloud Controls Matrix'' (''CCM'').
The ''CCSK Plus'' includes expanded material and offers extensive hands-on activities that reinforce classroom instruction. During the lab sessions, students engage in a scenario of bringing a fictional organization securely into the cloud, allowing them to apply their knowledge by performing a series of activities that would be required in a real-world ''Microsoft Azure'' cloud platform or ''AWS'' environments.
Regardless of whether a student opts to prepare with the ''CCSK Foundation'' or the 'CCSK Plus'' course, the vendor-neutral ''CCSK'' tests for a broad foundation of cloud security knowledge, covering such topics as architecture, governance, compliance, operations, encryption, and virtualization. Those interested in taking the exam can also choose to take advantage of a variety of ''CCSK'' training programs, including free self-study prep courses, in-person training sessions, and instructor-led online classes. To date, thousands of IT and security professionals have upgraded their skillsets and careers by obtaining the ''CCSK''.The exam is also covered under the U.S. Dept. of Veterans Affairs GI Bill®.
Among the benefits of earning the ''CCSK'' are:
* Proven competency in key cloud security issues through an organization that specializes in cloud research
* Increased employment opportunities by filling the skills-gap for cloud-certified professionals
* Demonstrated technical knowledge, skills, and abilities to use controls tailored to the cloud effectively
* Ability to establish a baseline of security best practices when dealing with a broad array of responsibilities, from cloud governance to configuring technical security controls
Serves as a complement to other credentials//
<<<
⇒ Lire le [[communiqué de presse|https://CloudSecurityAlliance.fr/go/jbka/]] sur le site de la CSA.
Dans le cadre du Congrès Européen du CSA, 4 nouveaux documents ont été publiés ou mis à jour :
* "''Beyond the General Data Protection Regulation (GDPR)''"
<<<
//Data residency insights from around the world. This study reveals the top data protection concerns and strategies of more than 800 senior business professionals from eight countries and a range of industries. Beyond the European Union's General Data Protection Regulation (GDPR) and other regulatory developments, enterprises think data privacy can create competitive advantage. What drives their decisions and investments in data management? Do they place their faith in cloud providers? Are they prepared to meet regulatory mandates and exceed customer expectations?//
<<<
** ⇒ https://cloudsecurityalliance.org/artifacts/beyond-the-general-data-protection-regulation-gdpr/
* "''Code of Conduct (CoC): Statement of Adherence 3rd Party Certification''"
<<<
//CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU's GDPR. The CSA PLA Code of Conduct for GDPR Compliance is designed to be an appendix to a Cloud Services Agreement to describe the level of privacy protection that a Cloud Service Provider will provide.//
<<<
** ⇒ https://cloudsecurityalliance.org/artifacts/code-of-conduct-coc-statement-of-adherence-3rd-party-certification/
* "''PLA Code of Conduct (CoC): Statement of Adherence Self-Assessment''"
<<<
//CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU's GDPR. The CSA PLA Code of Conduct for GDPR Compliance is designed to be an appendix to a Cloud Services Agreement to describe the level of privacy protection that a Cloud Service Provider will provide.//
<<<
** ⇒ https://cloudsecurityalliance.org/artifacts/pla-code-of-conduct-coc-statement-of-adherence-self-assessment/
* "''Guidance for submitting the CSA Code of Conduct (CoC) for GDPR Compliance Self-Assessment''"
<<<
//The CSA CoC for GDPR Compliance Self-Assessment is the voluntary publication of a CSP's self-assessment results based on the requirements specified in the PLA Code of Practice (CoP).//
<<<
** ⇒ https://cloudsecurityalliance.org/artifacts/guidance-for-submitting-the-csa-code-of-conduct-coc-for-gdpr-compliance-self-assessment/
!"//Colorado Chapter Forum 2019 Presentations//"
[>img(auto,150px)[iCSA/JB7-USCO.jpg]][>img(auto,150px)[iCSA/IB8-USCO.jpg]]Le ''Forum CSA du chapitre du Colorado'' s'est tenu à Denver le 7 novembre 2019.
Les 7 présentations sont maintenant disponibles en téléchargement :
* "''Change is Simply an Act of Survival''" par Bil Harmer
* "''Data Protection Controls for the Cloud''" par Toby Zimmerer
* "''Identity Round Robin Workshop Serverless''" par AWS Security
* "''Taking Compliance to the Cloud''" par Tim Weil
* "''Attackers Battle for Hijacked Resources''" par James Condon
* "''Are Your Cloud Servers Under Attack''" par Brian Hileman
* "''Shared Responsibility Model in the Age of Cloud''" par Janelle Hsia
Les présentations peuvent être téléchargées individuellement ou en une seule fois.
Lien de téléchargement du paquet complet ⇒ ''[[CloudSecurityAlliance.fr/go/jbip/|https://CloudSecurityAlliance.fr/go/jbip/]]
!!1 - Informations CSA de la semaine du 11 au 17 novembre 2019
* Publication : Nouvelle version 3.1 de la ''CAIQ''+++*[»]> <<tiddler [[2019.11.15 - Publication : CAIQ version 3.1]]>>===
* Blog : Évolution des Technologies et Simplification+++*[»]> <<tiddler [[2019.11.15 - Blog : Evolution des Technologies et Simplification]]>>===
* Blog : Les principales erreurs de configuration à éviter+++*[»]> <<tiddler [[2019.11.14 - Blog : 4 erreurs de configuration]]>>===
* Actu : Nouvelle ''demande de validation de la traduction en français de 3 documents CSA'' (CCM, CAIQ et PLA CoC)+++*[»]> <<tiddler [[2019.11.13 - Demande de validation de la traduction en français de 3 documents CSA]]>>===
!!2 - Veille Web Cloud et Sécurité
La+++*[Veille Web]> <<tiddler [[2019.11.17 - Veille Hebdomadaire - 17 novembre]]>>=== avec plus de 60 liens
* Rapports : Barracuda Networks, Blackblaze, Centrify, Firemon, ThousandEyes+++*[»]>
|2019.11.13|//ThousandEyes//|[[ThousandEyes Annual Research Report Reveals Notable Performance Variations Between AWS, GCP, Azure, Alibaba and IBM Cloud|https://vmblog.com/archive/2019/11/13/thousandeyes-annual-research-report-reveals-notable-performance-variations-between-aws-gcp-azure-alibaba-and-ibm-cloud.aspx]] ([[rapport|https://www.thousandeyes.com/resources/cloud-performance-benchmark-report-november-2019]])|Report|
===
* Conférence : future présentation sur les vulnérabilités liées aux APIs à la BlackHat Europe
* __Pannes__ et attaques : nouveaux prestataires Cloud attaqués par des ransomawares
* __Divers__ : retour sur la vulnérabilité "baseStricker" sur O365, Chaos Engineering pour Kubernetes, Phishing O365, traitement d'incidents
!3 - Conférences et Salons
* Le programme de la ''Cloud & Cyber Security Expo'' des ''27 et 28 novembre'' à Paris est partiellement disponible :
** ''Deuxième'' teaser et inscription gratuite+++*[»]> <<tiddler [[2019.11.01 - Cloud & Cyber Security Expo - Inscription et Extrait du Programme (2/3)]]>>===
** Animation d'une table ronde sur la ''Cyber-Résilence dans le Cloud''+++*[»]> <<tiddler [[2019.10.07 - Cloud & Cyber Security Expo les 27 et 28 novembre 2019]]>>===
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.11.17|
|2019.11.17|//Tripwire//|[[MITRE ATT&CK October Update: Extending to the Cloud|https://www.tripwire.com/state-of-security/security-data-protection/cloud/mitre-attck-extending-cloud/]]|MITRE|
|2019.11.17|//Tripwire//|[[How to Implement an Efficient Cloud Security Strategy: The Experts Guide|https://www.tripwire.com/state-of-security/security-data-protection/cloud/efficient-cloud-security-strategy-experts-guide/]]|Strategy|
|>|>|>|!2019.11.16|
|2019.11.16|Ars Technica|[[Breach affecting 1 million was caught only after hacker maxed out target's storage|https://arstechnica.com/information-technology/2019/11/breach-affecting-1-million-was-caught-only-after-hacker-maxed-out-targets-storage/]]|DataBreach InfoTrax|
|>|>|>|!2019.11.15|
|2019.11.15|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud du Pentagone : face à Microsoft, Amazon contre-attaque pour JEDI|https://www.silicon.fr/cloud-pentagone-microsoft-amazon-contre-attaque-jedi-326209.html]]|Government JEDI|
|2019.11.15|Informatique News[>img[iCSF/flag_fr.png]]| → [[Amazon conteste le choix d'Azure sur le contrat JEDI|https://www.informatiquenews.fr/amazon-conteste-le-choix-de-microsoft-sur-le-contrat-jedi-64729]]|Government JEDI|
|2019.11.15|Breaking Defense| → [[Amazon's Big JEDI Gamble ANALYSIS|https://breakingdefense.com/2019/11/amazons-big-jedi-gamble-analysis/]]|Government JEDI|
|2019.11.15|Container Journal|![[5 Ways to Chaos Test Kubernetes|https://containerjournal.com/topics/container-security/5-ways-to-chaos-test-kubernetes/]]|K8s Chaos_Engineering|
|2019.11.15|//Vanson Bourne//|[[Cloud services backup: survey finds major gap between perceptions and realities|https://www.continuitycentral.com/index.php/news/technology/4627-cloud-services-backup-survey-finds-major-gap-between-perceptions-and-cloud-realities]] ([[rapport .pdf|https://www.4sl.com/wp-content/uploads/2019/11/research-report-nov-2019.pdf]])|Backups|
|2019.11.15|Bleeping Computer|[[New NextCry Ransomware Encrypts Data on NextCloud Linux Servers|https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/]]|NextCloud Ransomware|
|2019.11.15|Nino Crudele|![[The three most effective and dangerous cyberattacks to Azure and countermeasures (part 2 - attack the Azure Storage Service)|https://ninocrudele.com/the-three-most-effective-and-dangerous-cyberattacks-to-azure-and-countermeasures-part-2-attack-the-azure-storage-service]] (2/3)|Azure Attacks CounterMeasurement||
|2019.11.15|Nino Crudele|![[The three most effective and dangerous cyberattacks to Azure and countermeasures (part 1 - attack all the public and private IP addresses in Azure)|https://ninocrudele.com/the-three-most-effective-and-dangerous-cyberattacks-to-azure-and-countermeasures-part-1-attack-all-the-public-and-private-ip-addresses-in-azure]] (1/3)|Azure Attacks CounterMeasurement||
|>|>|>|!2019.11.14|
|2019.11.14|Wall Street Journal|[[Amazon to Protest Pentagon Contract Award to Microsoft|https://www.wsj.com/articles/amazon-to-protest-pentagon-contract-award-to-microsoft-11573769321]]|Government JEDI|
|2019.11.14|Silicon Angle| → [[Amazon protests Pentagon's cloud contract award, citing 'unmistakable bias'|https://siliconangle.com/2019/11/14/amazon-protests-pentagons-cloud-computing-contract-award-citing-unmistakable-bias/]]|Government JEDI|
|2019.11.14|CBR Online|[[Codeanywhere Blames GCP Outage for Vanished Work|https://www.cbronline.com/news/codeanywhere-gcp-projects-missing]]|GCP Outage|
|2019.11.14|Medium|[[AWS Cyber Range - The Ultimate Cyber Lab Overview|https://medium.com/aws-cyber-range/aws-cyber-range-the-ultimate-cyber-lab-overview-3affcca1c842]]|Exercise Tools|
|2019.11.14|//ForePaas//[>img[iCSF/flag_fr.png]]|[[Prêt pour le cloud souverain 2.0 ?|https://www.journaldunet.com/solutions/expert/72072/pret-pour-le-cloud-souverain-2-0.shtml]]|Sovereign_Cloud|
|2019.11.14|//Microsoft//|![[Changing security incident response by utilizing the power of the cloud-DART tools, techniques, and procedures: part 1|https://www.microsoft.com/security/blog/2019/11/14/security-incident-response-utilizing-cloud-dart-tools-techniques-procedures-part-1/]] (1/3)|Incident_Response|
|2019.11.14|//PhishLabs//|[[Active Office 365 Credential Theft Phishing Campaign Targeting Admin Credentials|https://info.phishlabs.com/blog/active-office-365-phishing-campaign-targeting-admin-credentials]]|O365 Phishing|
|2019.11.16|Bleeping Computer| → [[Microsoft Office 365 Admins Targeted by Ongoing Phishing Campaign|https://www.bleepingcomputer.com/news/security/microsoft-office-365-admins-targeted-by-ongoing-phishing-campaign/]]|O365 Phishing|
|2019.11.14|//Tripwire//|[[Aligning SECaaS with Your Organization's Cloud Security Needs|https://www.tripwire.com/state-of-security/security-data-protection/cloud/aligning-secaas-organizations-cloud-security-needs/]]|SECaaS|
|2019.11.14|//Microsoft//|[[Azure Container Registry: Preview of diagnostic and audit logs|https://azure.microsoft.com/en-us/blog/azure-container-registry-preview-of-diagnostics-and-audit-logs/]]|Azure Containers Tools|
|2019.11.14|//LogRythm//|[[Examining the baseStriker Vulnerability|https://logrhythm.com/blog/examining-the-basestriker-vulnerability/]]|O365 Vulnerability baseStricker|
|2019.11.14|//Compare The Cloud//|[[Cloud and Web Application Security: Growing Confidence and Emerging Gaps|https://www.comparethecloud.net/articles/cloud-and-web-application-security-growing-confidence-and-emerging-gaps/]]|Confidence|
|2019.11.14|//Cyware//|![[Many public cloud infrastructures suffer from serious security loophole, researchers say|https://cyware.com/news/many-public-cloud-infrastructures-suffer-from-serious-security-loophole-researchers-say-4c79a693]]|Flaw|
|2019.11.14|//AlienVault//|[[Cybersecurity: top of mind Q and A|https://www.alienvault.com/blogs/security-essentials/cybersecurity-questions-and-answers]]|Misc|
|2019.11.14|//Sysdig//|[[Securing Google Cloud Run serverless workloads|https://sysdig.com/blog/securing-google-cloud-run/]]|GCP|
|2019.11.14|//Sensu//|[[Kubernetes 101|https://blog.sensu.io/kubernetes-101]]|K8s|
|2019.11.14|//Syxsense//|[[Worried about Cloud Security? Why On-Premise is More Dangerous|https://www.syxsense.com/why-on-premise-is-more-dangerous]]|Risks|
|2019.11.14|//Barracuda Networks//|[[Growing confidence and emerging gaps in cloud security|https://blog.barracuda.com/2019/11/14/growing-confidence-emerging-gaps-cloud-security/]]|Survey|
|2019.11.14|//Capsule8//|[[Don't Get Kicked Out! A Tale of Rootkits and Other Backdoors|https://capsule8.com/blog/dont-get-kicked-out-a-tale-of-rootkits-and-other-backdoors/]]|Rootkit Backdoor|
|>|>|>|!2019.11.13|
|2019.11.13|Economie Numérique[>img[iCSF/flag_fr.png]]|[[Cloud souverain français : vers un protectionnisme de la donnée ?|http://blog.economie-numerique.net/2019/11/13/cloud-souverain-francais-vers-un-protectionnisme-de-la-donnee/]]|Sovereign_Cloud|
|2019.11.13|ComputerWeekly|[[Taking responsibility for security in the cloud|https://www.computerweekly.com/feature/Taking-responsibility-for-security-in-the-cloud]]|Responsibility|
|2019.11.13|GBHackers on Security|[[Telegram MTProxy Used to Launch DDoS Attack Against Cloud Service Provider Arvan - Peaks Up to 5,000 Requests Per Second|https://gbhackers.com/telegram-mtproxy/]]|DDoS|
|2019.11.13|Breaking Defense|[[Can DoD Get Speed & Security With The Cloud?|https://breakingdefense.com/2019/11/can-dod-get-speed-security-with-the-cloud/]]|DevSecOps|
|2019.11.13|Silicon Angle|[[Google launches new service for monitoring multicloud networks|https://siliconangle.com/2019/11/13/google-launches-new-service-monitoring-multicloud-networks/]]|GCP|
|2019.11.13|//Avanan//|[[What Is a Cloud Access Security Broker (CASB)?|https://www.avanan.com/blog/what-is-a-casb]]|CASB|
|2019.11.13|//AlertLogic//|[[Managing Cybersecurity During Cloud Migration|https://blog.alertlogic.com/managing-cybersecurity-during-cloud-migration/]]|Migration|
|2019.11.13|//Nutanix//[>img[iCSF/flag_fr.png]]|[[Enterprise Cloud Index : 73 % des entreprises rapatrient leurs applications du cloud public vers le cloud privé|http://www.globalsecuritymag.fr/Enterprise-Cloud-Index-73-des,20191114,92735.html]]|Report|
|2019.11.13|//ThousandEyes//|[[ThousandEyes Annual Research Report Reveals Notable Performance Variations Between AWS, GCP, Azure, Alibaba and IBM Cloud|https://vmblog.com/archive/2019/11/13/thousandeyes-annual-research-report-reveals-notable-performance-variations-between-aws-gcp-azure-alibaba-and-ibm-cloud.aspx]] ([[rapport|https://www.thousandeyes.com/resources/cloud-performance-benchmark-report-november-2019]])|Report|
|2019.11.13|//ThousandEyes//|[[Top Takeaways from the Cloud Performance Benchmark|https://blog.thousandeyes.com/top-takeaways-cloud-performance-benchmark/]]|Performance|
|2019.11.18|CBR Online| → [[The Cloud Providers Ranked by Network Performance|https://www.cbronline.com/news/fastest-cloud-thousandeyes]]|Performance|
|2019.11.13|//Microsoft//|[[The refreshed Azure AD Identity Protection is now generally available|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/The-refreshed-Azure-AD-Identity-Protection-is-now-generally/ba-p/1002916]]|AzureAD|
|2019.11.13|//Microsoft//|[[Azure Container Registry: preview of repository-scoped permissions|https://azure.microsoft.com/en-us/blog/azure-container-registry-preview-of-repository-scoped-permissions/]]|Azure Container Registry|
|2019.11.13|//Akamai//|[[Security at the Edge - What is Gartner's SASE & why does it matter?|https://blogs.akamai.com/2019/11/security-at-the-edge-what-is-gartners-sase-why-does-it-matter.html]]|SASE|
|2019.11.13|DevOps|[[Five Microservices Worst Practices|https://devops.com/five-microservices-worst-practices/]]|Microservices Best_Practices|
|2019.11.13|//PaloAlto Networks//|![[10 Tenets of Effective SASE Solution to Secure Cloud-Enabled Organization|https://www.paloaltonetworks.com/resources/ebooks/the-10-tenets-of-an-effective-sase-solution]]|SASE|
|2020.11.13|//Lacework//|[[Container Security Essentials|https://www.lacework.com/container-security-essentials/]]|Containers|
|>|>|>|!2019.11.12|
|2019.11.12|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Les développeurs, insoupçonnés maillons faibles de la sécurité des clouds|https://www.lemondeinformatique.fr/actualites/lire-les-developpeurs-insoupconnes-maillons-faibles-de-la-securite-des-clouds-77046.html]]|DevSecOpsDev|
|2019.11.12|Information Security Forum|[[ISF Announces Release of Securing the IoT: Taming the Connected World|https://vmblog.com/archive/2019/11/12/isf-announces-release-of-securing-the-iot-taming-the-connected-world.aspx]]|IoT|
|2019.11.12|//Backblaze//|[[Backblaze Hard Drive Stats Q3 2019|https://www.backblaze.com/blog/backblaze-hard-drive-stats-q3-2019/]]|Reliability|
|2019.11.12|//Uptycs//|![[Conducting A Vulnerability Assessment: A Step-By-Step Guide For Linux Workloads In The Cloud|https://www.uptycs.com/blog/how-to-conduct-a-vulnerability-assessment]]|Vulnerability_Assessment|
|2019.11.12|//PaloAlto Networks//|[[Is CASB Alone Enough? Long Live SASE|https://blog.paloaltonetworks.com/2019/11/cloud-casb-sase/]]|SASE|
|2019.11.12|//Trustwave//|[[3 Multi-Cloud Environment Challenges to Overcome|https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/3-multi-cloud-environment-challenges-to-overcome/]]|Multi_Cloud|
|2019.11.12|//Lob//|[[Detecting Manual AWS Console Actions|https://arkadiyt.com/2019/11/12/detecting-manual-aws-console-actions/]]|AWS_Console|
|2019.11.12|//Sysdig//|[[Incident response in Kubernetes with Sysdig's Activity Audit|https://sysdig.com/blog/cloud-native-incident-response/]]|K8s Incident_Response|
|2019.11.12|//Centrify//[>img[iCSF/flag_fr.png]]|[[Comment sécuriser l'accès aux opérations de cloud : 5 conseils|https://www.undernews.fr/reseau-securite/comment-securiser-lacces-aux-operations-de-cloud-5-conseils.html]]|Zero_Trust|
|2019.11.12|//Cyberark//|[[New Open Source Offerings Simplify Securing Kubernetes|https://www.cyberark.com/blog/new-open-source-offerings-simplify-securing-kubernetes/]]|K8s Tools|
|2019.11.12|//Firemon//|[[State of the Firewall Report 2019: Zero-Touch Automation is More Headline than Reality, Network Complexity and Lack of Visibility Are Key Issues|https://www.firemon.com/state-of-the-firewall-report-2019/]] ([[rapport|https://www.firemon.com/2019-state-of-the-firewall-report/]])|Report|
|2019.11.12|//Fugue//|[[Cloud Network Security 101: AWS VPC Endpoints|https://www.fugue.co/blog/network-security-vpc-endpoints-101]]|VPC|
|2019.11.12|//3DS Outscale//[>img[iCSF/flag_fr.png]]|[[Failles Intel : des impacts à redouter chez 3DS OUTSCALE ?|https://blog.outscale.com/fr/failles-intel-des-impacts-a-redouter-chez-3ds-outscale]]|Flaws|
|>|>|>|!2019.11.11|
|2019.11.11|Help Net Security|![[Speeding MTTR when a third-party cloud service is attacked|Outage Best_Practices|
|2019.11.11|//XM Cyber//|![[Researchers Find New Approach in Attacking Cloud Infrastructure|https://xmcyber.com/researchers-find-new-approach-in-attacking-cloud-infrastructure/]]|APIs|
|2019.11.11|BlackHat Europe| → [[Inside Out - The Cloud Has Never Been So Close|https://www.blackhat.com/eu-19/briefings/schedule/index.html#inside-out---the-cloud-has-never-been-so-close-17797]]|APIs|
|2019.11.11|Dark Reading| → [[Researchers Find New Approach to Attacking Cloud Infrastructure|https://www.darkreading.com/cloud/researchers-find-new-approach-to-attacking-cloud-infrastructure/d/d-id/1336327]]|APIs|
|2019.11.11|//Heimdal//|[[Ransomware as a Service (RaaS) - A Contemporary Mal du siècle?|https://heimdalsecurity.com/blog/ransomware-as-a-service/]]|Ransomware|
|2019.11.11|//Smarter ASP//|[[Your hosting accounts are under attack|http://status.smarterasp.net/post/your-hosting-accounts-are-under-attack]]|Attack Ransomware|
|2019.11.11|//Cloud Management Insider//|[[SASE: A sassy future of network security in cloud defined by Gartner|https://www.cloudmanagementinsider.com/what-is-sase-secure-access-service-edge-gartner/]]|SASE|
|2019.11.11|ZDnet|[[Major ASP.NET hosting provider infected by ransomware|https://www.zdnet.com/article/major-asp-net-hosting-provider-infected-by-ransomware/]]|Attack Ransomware|
|2019.11.12|//MSSP Alert//| → [[Ransomware Attack Hits Web Hosting Provider SmarterASP|https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/smarterasp-hit/]]|Attack Ransomware|
|2019.11.11|//Centrify//|[[New Report from Centrify Reveals That the Majority of Organizations Still Misunderstand the Shared Responsibility Model for Cloud Security|https://www.centrify.com/about-us/news/press-releases/2019/reducing-risk-cloud-migration-report/]]|Report|
|2019.11.13|Help Net Security| → [[The leading challenge facing cloud migration projects is security|https://www.helpnetsecurity.com/2019/11/13/cloud-migration-projects/]]|Report|
|2019.11.11|//Zyxel//|[[The Role Of SaaS In Network Security|https://www.informationsecuritybuzz.com/articles/the-role-of-saas-in-network-security/]]|Network_Security|
|2019.11.11|//Edgewise Networks//|[[Thwarting Graboid and Protecting Containers with Zero Trust|https://www.cisomag.com/thwarting-graboid-and-protecting-containers-with-zero-trust/]]|Containers Zero_Trust|
|2019.11.11|//JumpCloud//|[[Why Use a Directory Service?|https://jumpcloud.com/blog/build-directory-service/]]|Directory|
|2019.11.11|//JumpCloud//|[[RADIUS Server In Azure|https://jumpcloud.com/blog/radius-server-azure/]]|Azure RADIUS|
!"//Consensus Assessment Initiative Questionnaire (CAIQ) v3.1//"
[>img(150px,auto)[iCSA/CAIQ31.png]]Publication de la nouvelle version ''CAIQ 3.1''
<<<
//Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1.
The CAIQ offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency.
It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM).
Therefore, it helps cloud customers to gauge the security posture of prospective cloud service providers and determine if their cloud services are suitably secure.
CAIQ v3.1 represents a minor update to the previous CAIQ v3.0.1.
In addition to improving the clarity and accuracy, it also supports better auditability of the CCM controls.
The new updated version aims to not only correct errors but also appropriately align and improve the semantics of unclear questions for corresponding CCM v3.0.1 controls.
In total, 49 new questions were added, and 25 existing ones were revised.
For this new CAIQ version, CSA took into account the combined comprehensive feedback that was collected over the years from its partners, the industry and the CCM working group.//
[...]
<<<
⇒ [[Détail|https://CloudSecurityAlliance.fr/go/jbfp/]] sur le site de la CSA.
⇒ Fichier [[XLSX|https://CloudSecurityAlliance.fr/go/jbfx/]] sur le site de la CSA.
!"//Keeping Up With Changing Technology by Reducing Complexity//"
[>img(150px,auto)[iCSA/JBFBK.jpg]]Article de blog publié le 14 novembre 2019 — Rédigé par John DiMaria, CSA Research Fellow, Assurance Investigatory Fellow, Cloud Security Alliance
<<<
//+++*[Fox News reported]> https://www.foxbusiness.com/industrials/boeing-should-reconsider-pilots-response-time-ntsb === that in answer to the previous Boeing 737 accidents, the Federal safety officials say, "Boeing should consider how cockpit confusion can slow the response of pilots who are dealing with the kind of problem that likely caused two airliners to crash in the past year."
"They suggest that Boeing underestimated the time it takes for pilots to diagnose and react when they are being bombarded by multiple, cascading warning alerts."
Think about it; they were bombarded by multiple, cascading warning alerts that taxed their ability to respond in a timely fashion. There were two issues there:
# Too much complexity was built into the system
# They underestimated the time it takes to diagnose and react.
''The more complex systems become, the less secure they become, even though security technologies improve.''
While there's nothing wrong with improving technology, we always need to consider the human element since leveraging multiple systems can create a fragmented environment. Underlying the current security failings is a critical, under appreciated problem -- fragmentation.
''Root Cause of Cost Increase & Poor Data Governance''
Fragmentation is at the heart of the ineffectiveness of our efforts to continue to improve. Fragmentation happens when we focus on individual parts without adequately appreciating their relation to the evolving whole. This unbalance is one of the root causes of the more obvious security issues of continued cost increases, poor data governance, and inadequate planning. Not addressing this problem is essential because fragmentation leads to well-intentioned actions that sometimes have unintended consequences that often make things worse.
''Unintended consequences of fragmentation:''
* Inefficiency
** Narrowly focused programs and services is an excellent strategy for reducing the security budget, but it is not a strategy for efficiently implementing an effective holistic information/cybersecurity system. Efficient strategic planning should analyze and prioritize based on a holistic analysis of risk. This analysis should include all applicable elements of people, process and technology. It should hone in on the critical scope and then implement the applicable controls that are justified based on that risk assessment.
* Ineffectiveness
** It is no fluke that technologically has advanced, yet security breaches continue to grow exponentially. Risk Based Securities mid-year report noted that 2019 is on track to be the "worst year on record" for breach activity. Spending more on the parts has not improved the whole. Today many of the efforts toward improving security are directed at narrow programs with insufficient attention to the larger scope they are trying to affect. Many times scope is the problem because the scope is not "fit for purpose." The lack of an integrative way of addressing security and implementing proper controls only addresses the short-term problems and may keep costs down (for the time being) but ignores the greater objective of addressing the total system within the context of the organization.
* Commoditization
** I was on a website of an organization that was claiming "X Security Controls will stop 85% of Cyber Attacks". Not "address," not "help mitigate" but STOP! Seriously? Further, if you implement X more of the controls, you'll prevent 97% of attacks.
** Treating security as a commodity can unintentionally deemphasize the seriousness and real scope of the issue. Especially when addressing cloud security, that can be a perilous road to go down. The cloud is a dynamic environment where things are always changing, especially security threats. You have to first understand what needs to be protected and from what. Risk assessment is a real-time living process and the controls change as the environment changes. Cybersecurity is not a science; at least not yet.
** Some advertised solutions focus on delivering their well-intentioned services without consideration of their effect on the whole system or the reality that scope and specific SLA's that change the way you approach cybersecurity strategy. They also ignore how many and what controls need to be put in place. The true urgency of cybersecurity is reduced when it is treated as a commodity. Conversely, other solutions take the approach that the more complexity, the better.
''How can we start being a part of the solution?''
The CSA Cloud Control Matrix ([[CCM]]), The Consensus Assessments Initiative Questionnaire ([[CAIQ]]) and the CSA [[STAR]] Program come together as an integrated approach that helps companies understand the fundamental problem of fragmentation and how to reduce it. And the first step towards reducing fragmentation, is simply reducing complexity. Viewing security as an evolving integrated system instead of only as fragmented parts or small insignificant scopes that are not fit for purpose, can help our industry to feel hope where now there is skepticism. ''Transparency, trust and information sharing instead of detachment and isolation. Professional and corporate shared responsibility instead of narrow self-interest''.
''Here is my challenge...''
* Listen to my+++*[Podcast interview with Doctor Ron Ross; Senior Fellow at NIST]> https://www.buzzsprout.com/303731/1298485-the-growing-complexity-around-cybersecurity-and-evolving-technology-guest-dr-ron-ross-nist === "The growing complexity around cybersecurity and evolving technology."
* Take a deep dive into the [[STAR]] Program and the [[STAR]] Registry and then take a self-assessment using the CAIQ.
//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/jbfb/]] sur le blog de la CSA
!"//4 Common Cloud Misconfigurations & What To Do About Them//"
[>img(150px,auto)[iCSA/JBEBF.jpg]]Article de blog publié le 14 novembre 2019 — Rédigé par Kevin Tatum, IT Security Engineer chez ExtraHop
<<<
//In a+++*[recent report]> https://cloudsecurity.mcafee.com/cloud/en-us/forms/white-papers/wp-cloud-adoption-risk-report-iaas.html ===, McAfee uncovered the rise of Cloud-Native Breaches and the state of multi-cloud adoption. We'll define the top 4 cloud misconfiguration goofs from their list, how they can affect your organization, and what to do about them.
When it comes to personal data, the mid-2010s were a bit of a reckoning. Your credit card information, health records, and even your love life became subject to breaches. Today, nearly everyone can relate to the hassle of switching out a debit or credit card, and these issues persist-especially as enterprises move their IaaS (Infrastructure as a Service) to the cloud.
In recent years, nearly 70 percent of exposed records - 5.4 billion total - were caused by unintentional internet exposure due to misconfigured services and portals - services like Amazon Simple Storage Service, known as S3. (+++*[Luckily, S3 misconfiguration is a very avoidable issue]> https://www.extrahop.com/company/blog/2018/get-safe-smart-secure-on-aws-s3/ ===.)
As McAfee found, most of these misconfigurations go unreported and, in many cases, unnoticed.
If only 1% of IaaS issues are reported, that means a whole slew of companies inadvertently leak data or fail to report for fear of bad PR. Worse, one-quarter of the McAfee survey respondents said it takes longer than 24 hours to correct misconfigurations.
In summary, McAfee highlights significant visibility, reporting, and misconfiguration errors that are preventable. Here are the top offenders in the McAfee list and the ways they can affect your organization, followed by a remedy for these common problems.
__''4 Common Security Group Setting Misconfigurations''__
__1 -- Unrestricted Outbound Access__
Outbound traffic should always use the principle of minimalist authority. Many AWS users only configure inbound ports in security groups, but outbound ports can also be a huge security risk. Limiting outbound traffic helps direct traffic to only the applications and servers that need to communicate. This helps reduce the risk and impact of internal network scans, lateral movement, and data exfiltration.
Your servers may only need SSH or RDP inbound ports to manage them. It's rare for one of those application servers to SSH to all of the other servers in the network. Many common hacker tactics use random ports for Command and Control actions, reverse shells, or to spread malware.
__2 -- Unrestricted Access to Non-HTTP/HTTPS Ports__
Web servers are designed to host websites and web services to the internet, and they can also host other services like SSH or RDP for management or databases. But it's important to block these from the whole internet. If these ports remain improperly configured, it can open you up to attackers looking to exploit or brute force the authentication. If you open up these ports to the internet, make sure they're limited to accept traffic from particular addresses such as your office.
__3 -- Unrestricted Inbound Access on Uncommon Ports__
Some services use a high numbered TCP or UDP port to obfuscate what is running in the environment, but security through obscurity never really works. It doesn't protect you from a determined hacker or even a random internet scan. Some services also open uncommon ports without really letting you know.
Does your web server have a statistics page? Do you have PHPMyAdmin running on port 8443? Are you leaking Apache Tomcat services on port 8080? You must restrict high-level ports to only the necessary systems, and usually, that is not the internet. PHPMyAdmin on the internet makes us shudder.
__4 -- Unrestricted ICMP Access__
ICMP is a useful protocol, but leaving it open to the internet can leave you vulnerable to more straightforward, older attacks. One of the most common uses of ICMP is to use ICMP Echo to verify that your servers are online and responsive.
ICMP Echo is an excellent diagnostic tool for IT professionals. Unfortunately, it's also a great tool for hackers. A quick ping scan of the internet using Nmap or Fping can let attackers know that you have a server online, which becomes ripe for a focused attack. There are several more complicated ways to find a server on the internet, so why do a bad actor's job for them?
Attackers can use ICMP for much more than finding servers, however. As an example, a ping flood overwhelms a server with too many ICMP messages. Though simple, a ping flood is an effective type of Denial of Service attack, which becomes even more effective when multiple attackers or botnets are involved to create a Distributed Denial of Service (DDoS).
The ping sweep and ping flood may be ancient methods, but they're still put to use because they work. Do yourself a favor and block ICMP.
__''How Network Detection and Response (NDR) Can Help''__
Most cloud environments have dozens, if not hundreds, of these security risks. And really, each server needs its own set of rules.
While the ability to quickly build servers and services in the cloud has its advantages, it also comes with some of the most significant security risks. When you use default rules, it's easy to miss one rule on a single server - and if an appropriate rule is overlooked, your whole environment can quickly be compromised.
One reason cloud security has lagged so far behind traditional security is that, until very recently, network traffic in the cloud was extremely difficult to capture and parse effectively. Monitoring network communications in real time through network detection and response (NDR) is the quickest and easiest way for security teams to stay on top of complex, dynamic environments, and without NDR in the cloud, SecOps struggled to maintain the same deep visibility and rapid threat detection as is possible on-premises.
With the advent of traffic mirroring in AWS and Azure, that gap has finally begun to close.//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/jbeb/]] sur le blog de la CSA
[>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]La [[Cloud Security Alliance]] a lancé la traduction de 3 outils majeurs dans 10 langues : allemand, danois, espagnol, italien, japonais, néerlandais, portugais, roumain, suédois, et ... français.
Il s'agit de feuilles Excel dans lesquelles il vous est demandé d'adapter les traductions ou de les commenter.
Pour chaque document, les 10 traductions sont dans un répertoire //Google Drive// dédié, et pour travailler sur la version française, il faut sélectionner le document commençant par "''FR-''"
Les 3 documents sont les suivants :
* "''Cloud Controls Matrix''" (CCM) : document "FR-CSA_CCM_v.3.0.1-09-01-2017_FINAL.xlsx"
: ⇒ ''[[CloudSecurityAlliance.fr/go/j99c/|https://cloudsecurityalliance.fr/go/j99c/]]''
* "''Consensus Assessments Initiative Questionnaire''" (CAIQ) : document "FR-CAIQ_v3.0.1-09-01-2017_FINAL.xlsx"
: ⇒ ''[[CloudSecurityAlliance.fr/go/j99q/|https://cloudsecurityalliance.fr/go/j99q/]]''
* "''Code of Conduct''" du "''Privacy Level Agreement''" (PLA CoC) : document "FR-CoC_GDPR_Annex_1_Compliance_Assessment_Template.xlsx"
: ⇒ ''[[CloudSecurityAlliance.fr/go/j99p/|https://cloudsecurityalliance.fr/go/j99p/]]''
La date limite initiale était fixée en octobre 2019, mais est maintenant repoussée au ''1er décembre 2019''.
[img(25%,1px)[iCSF/BluePixel.gif]]
!!1 - Informations CSA de la semaine du 4 au 10 novembre 2019
* Publication : Présentations du ''CSA Summit'' au congrès (ISC)²+++*[»]> <<tiddler [[2019.11.04 - Publication : Présentations du CSA Summit au congrès (ISC)²]]>>===
* Blog : ''CMMC'', un nouveau protocole pour la conformité DoD+++*[»]> <<tiddler [[2019.11.06 - Blog : CMMC, un nouveau protocole pour la conformité DoD]]>>===
* Blog : Google et la ''Suprématie Quantique''+++*[»]> <<tiddler [[2019.11.06 - Blog : Google et la Suprématie Quantique]]>>===
* Actu : Contribution CSA à deux documents de ''l'EU-SEC sur la certification''+++*[»]> <<tiddler [[2019.11.07 - Contribution CSA à deux documents de l'EU-SEC sur la certification]]>>===
!!2 - Veille Web Cloud et Sécurité
La+++*[Veille Web]> <<tiddler [[2019.11.10 - Veille Hebdomadaire - 10 novembre]]>>=== avec plus de 50 liens
* Rapports : Gurucul, Rancher Labs, Rick's Cloud (Rick Blaisdell), Sophos
* Conférences : présentations au BSidesCT 2019, annonces Microsoft à Ignite 2019
* __Divers__ : sécurité des containers, retour sur le SASE du Gartner
!3 - Conférences et Salons
* Le programme de la ''Cloud & Cyber Security Expo'' des ''27 et 28 novembre'' à Paris est partiellement disponible :
** ''Deuxième'' teaser et inscription gratuite+++*[»]> <<tiddler [[2019.11.01 - Cloud & Cyber Security Expo - Inscription et Extrait du Programme (2/3)]]>>===
** Animation d'une table ronde sur la ''Cyber-Résilence dans le Cloud''+++*[»]> <<tiddler [[2019.10.07 - Cloud & Cyber Security Expo les 27 et 28 novembre 2019]]>>===
* Les inscriptions pour le ''Congrès Européen'' des ''18 au 21 novembre'' à Berlin sont toujours ouverte+++*[»]> <<tiddler [[2019.09.04 - Annonce du programme du Congrès CSA EMEA en Novembre à Berlin]]>>===
** Contactez-nous pour avoir une réduction sur votre inscription.+++*[»]> → [img(200px,auto)[iCSF/Email-CSA_FR.png]]===
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.11.10|
|2019.11.10|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Focus sur l'orchestrateur Kubernetes et les conteneurs Docker|https://www.lemondeinformatique.fr/actualites/lire-focus-sur-l-orchestrateur-kubernetes-et-les-conteneurs-docker-77031.html]]|Docker Kubernetes|
|2019.11.10|BSidesCT 2019|[[Rethinking Privileged Access Management for Agile Clouds & Data Center Environments|http://www.irongeek.com/i.php?page=videos/bsidesct2019/2-01-rethinking-privileged-access-management-for-agile-clouds-data-center-environments-brian-gladstein]] ([[vidéo|http://www.youtube.com/watch?v=EMKDvB7zpf0]])|Conference Access_Management|
|2019.11.10|BSidesCT 2019|[[Event Injections: Sending Evil to the Cloud|http://www.irongeek.com/i.php?page=videos/bsidesct2019/1-02-event-injections-sending-evil-to-the-cloud-tal-melamed]] ([[vidéo|http://www.youtube.com/watch?v=NJOuXeFtgBU]])|Conference Attacks|
|2019.11.10|BSidesCT 2019|[[Building Castles in the Cloud: AWS Security and Self-Assessment|http://www.irongeek.com/i.php?page=videos/bsidesct2019/2-05-building-castles-in-the-cloud-aws-security-and-self-assessment-rami-mccarthy]] ([[vidéo|http://www.youtube.com/watch?v=W2I-b_b_-6M]])|Conference AWS|
|2019.11.10|Silicon Angle|![[As cloud security improves, a weak link emerges: people |https://siliconangle.com/2019/11/10/cloud-security-improves-weak-link-emerges-people/]]|Risks|
|>|>|>|!2019.11.08|
|2019.11.08|SANS|[[JumpStart Guide to Investigations and Cloud Security Posture Management in AWS|https://www.sans.org/reading-room/whitepapers/analyst/jumpstart-guide-investigations-cloud-security-posture-management-aws-39250]]|Investigation CSPM|
|2019.11.08|//TresorIT//|[[Should You Trust Your Cloud Storage Provider?|https://www.infosecurity-magazine.com/blogs/should-trust-cloud-storage-provider/]]|Storage|
|2019.11.08|//Sophos//|[[Exposed: Private Amazon S3 bucket exposure|https://news.sophos.com/en-us/2019/11/08/exposed-private-amazon-s3-bucket-exposure/]]|AWS Data_Leak|
|>|>|>|!2019.11.07|
|2019.11.07|Davis Wright Tremaine|[["CLOUD"s On the Horizon - How Law Enforcement Electronic Data Requests Are Going Global|https://www.dwt.com/blogs/privacy--security-law-blog/2019/11/global-law-enforcement-electronic-data-requests]]|Law_Enforcement|
|2019.11.07|The Hacker News|[[Gartner Says the Future of Network Security Lies with SASE|https://thehackernews.com/2019/11/network-security-sase.html]]|Network SASE|
|2019.11.07|//PaloAlto Networks//|[[Container Security: Vulnerability Management from Build to Run|https://blog.paloaltonetworks.com/2019/11/cloud-container-security/]]|Containers|
|2019.11.07|//Tripwire//|[[Thunder on the Horizon: 4 Security Threats for the Cloud|https://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/thunder-horizon-4-security-threats-cloud/]]|Threats|
|2019.11.07|//Fugue//|[[Securing Cloud Environments Against Advanced Misconfiguration Risk with Fugue Best Practices|https://www.fugue.co/blog/securing-cloud-environments-against-advanced-misconfiguration-risk-with-fugue-best-practices]]|Best_Practices Framework|
|2019.11.07|//Fugue//| → [[Fugue Releases Best Practices Framework to Protect Against Advanced Cloud Misconfiguration Attacks|https://vmblog.com/archive/2019/11/07/fugue-releases-best-practices-framework-to-protect-against-advanced-cloud-misconfiguration-attacks.aspx]]|Best_Practices Framework|
|2019.11.07|//Reduxio//|[[Cloud Storage: Where Private and Public Diverge|https://vmblog.com/archive/2019/11/07/cloud-storage-where-private-and-public-diverge.aspx]]|Storage|
|2019.11.07|//JumpCloud//|[[How Cloud Services Maximize Cybersecurity|https://jumpcloud.com/blog/best-practices/cybersecurity-cloud-services/]]|Misc|
|2019.11.07|//Cloudflare//[>img[iCSF/flag_fr.png]]|[[Quoi de neuf en Francophonie?|https://blog.cloudflare.com/fr/quoi-de-neuf-en-francophonie/]]|Cloudflare|
|2019.11.07|//DS Outscale//[>img[iCSF/flag_fr.png]]|![[Le C.L.O.U.D. Act : comment échapper au radar américain ?|https://blog.outscale.com/fr/le-cloud-act-comment-echapper-au-radar-americain]]|CLOUD_Act|
|>|>|>|!2019.11.06|
|2019.11.06|Cloud Native Computing Foundation|[[Cloud Native Chaos Engineering - Enhancing Kubernetes Application Resiliency|https://www.cncf.io/blog/2019/11/06/cloud-native-chaos-engineering-enhancing-kubernetes-application-resiliency/]]|K8s Chaos_Engineering Resilience|
|2019.11.06|Computer Weekly|[[Security Think Tank: Adapt security posture to your cloud model|https://www.computerweekly.com/opinion/Security-Think-Tank-Adapt-security-posture-to-your-cloud-model]]|Security_Posture|
|2019.11.06|//Rancher Labs//|[[Rancher Labs Industry Survey Shows Rapid Adoption of Containers and Kubernetes, But Challenges Remain|https://rancher.com/blog/2019/container-industry-survey-results]] ([[infographie|https://info.rancher.com/kubernetes-industry-survey-key-findings]])|Survey Kubernetes|
|2019.11.06|//Rancher Labs//| → [[Rancher Labs Industry Survey Highlights Rapid Adoption of Kubernetes for Production Workloads|https://www.businesswire.com/news/home/20191106005114/en/Rancher-Labs-Industry-Survey-Highlights-Rapid-Adoption]]|Survey Kubernetes|
|2019.11.08|Container Journal| → [[Survey Finds Kubernetes Clusters Are Multiplying|https://containerjournal.com/topics/container-ecosystems/survey-finds-kubernetes-clusters-are-multiplying/]]|Survey|
|2019.11.06|//Gurucul//|[[2020 Insider Threat Report|https://gurucul.com/2020-insider-threat-survey-report]]|Report Insider_Threats|
|2019.11.06|InfoSecurity Mag| → [[Cloud Covers Up Insider Threats|https://www.infosecurity-magazine.com/news/cloud-covers-up-insider-threats/]]|Report Insider_Threats|
|2019.11.06|Help Net Security| → [[SIEM complexity and cloud visibility put companies at risk|https://www.helpnetsecurity.com/2019/11/08/siem-complexity/]]|Report Insider_Threats|
|2019.11.06|//PaloAlto Networks//|[[The Next Generation of Network Security Is Cloud-Delivered|https://blog.paloaltonetworks.com/2019/11/cloud-next-generation-network-security/]]|Network SASE|
|2019.11.06|//Tripwire//|[[Cloud Security Threats: Escaping the Egregious Eleven - Part One|https://www.tripwire.com/state-of-security/security-data-protection/cloud/cloud-security-threats-egregious-eleven-part-one/]] (1/2)|CSA Threats|
|2019.11.04|//Microsoft//|[[Microsoft Cloud Security solutions provide comprehensive cross-cloud protection|https://www.microsoft.com/security/blog/2019/11/06/microsoft-cloud-security-solutions-provide-comprehensive-cross-cloud-protection/]]|Azure|
|2019.11.06|//ExtraHop//|[[Three Cloud Security Best Practices for 2020|https://www.sans.org/cyber-security-intelligence/2019/11/06/three-cloud-security-best-practices-for-2020]]|Best_Practices|
|2019.11.06|//ZScaler//|[[Why You Still Need a Firewall When Deploying Office 365|https://www.zscaler.com/blogs/corporate/why-you-still-need-firewall-when-deploying-office-365]]|O365|
|2019.11.05|//Bitglass//|[[Cloud Adoption 2019: A for Adoption|https://www.bitglass.com/blog/cloud-adoption-2019-a-for-adoption]] ([[téléchargement|https://pages.bitglass.com/CD-FY19Q4theCloudAdoptionReportof2019_LP.html]])|Report Bitglass|
|2019.11.06|Help Net Security|[[As more companies deploy cloud apps, they must also implement security tools|https://www.helpnetsecurity.com/2019/11/06/accessing-cloud-data-via-sso/]]|Report Bitglass|
|2019.11.06|//Microsoft//|[[Microsoft Cloud Security solutions provide comprehensive cross-cloud protection|https://www.microsoft.com/security/blog/2019/11/06/microsoft-cloud-security-solutions-provide-comprehensive-cross-cloud-protection/]]|Azure Protection|
|2019.11.06|//ExtraHop//|[[Three Cloud Security Best Practices for 2020|https://www.sans.org/blog/three-cloud-security-best-practices-for-2020/]]|Best_Practices|
|>|>|>|!2019.11.05|
|2019.11.05|Pawel Urbanek|![[How to hide AWS EC2 instances from network scanning bots using IPv6|https://pawelurbanek.com/ec2-scanner-bots-ipv6]]|AWS IPv6 Attacks|
|2019.11.05|DZone|[[How to Remediate Kubernetes Security Vulnerability: CVE-2019-11247|https://dzone.com/articles/how-to-remediate-kubernetes-security-vulnerability-1]]|CVE-2019-11247 Kubernetes|
|2019.11.05|//Sophos//|[[Sophos 2020 Threat Report|https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophoslabs-uncut-2020-threat-report.pdf]]|Report Attacks|
|2019.11.08|CIO| → [[Cyber criminals are exploiting android apps and misconfigured cloud platforms for attacks|https://www.cio.co.ke/cyber-criminals-are-exploiting-android-apps-and-misconfigured-cloud-platforms-for-attacks/]]|Report Attacks|
|2019.11.05|//Compare The Cloud//|[[DDoS attacks - Seven effects it has on cloud environments|https://www.comparethecloud.net/articles/ddos-attacks-seven-effects-it-has-on-cloud-environments/]]|Attacks DDoS|
|2019.11.05|//PaloAlto Networks//|[[A Firewall Admin's Introduction to Serverless Security|https://blog.paloaltonetworks.com/2019/11/cloud-serverless-security/]]|Serverless|
|2019.11.05|Computer Weekly|[[Security Think Tank: The cloud needs security by design|https://www.computerweekly.com/opinion/Security-Think-Tank-The-cloud-needs-security-by-design]]|Risks|
|>|>|>|!2019.11.04|
|2019.11.04|Rick Blaisdell|[[2019 State of the Cloud in SMBs|https://rickscloud.com/2019-state-of-the-cloud-in-smbs/]]|Report|
|2019.11.04|Bleeping Computer|[[Office 365 to Prevent Malicious Docs From Infecting Windows|https://www.bleepingcomputer.com/news/microsoft/office-365-to-prevent-malicious-docs-from-infecting-windows/]]|O365 Prevention|
|2019.11.04|Container Journal|[[Persistent Data Storage Integral for Containers|https://containerjournal.com/topics/container-networking/persistent-data-storage-integral-for-containers/]]|Containers Storage|
|2019.11.04|Help Net Security|[[Organizations fail to maximize use of Microsoft 365 security features|https://www.helpnetsecurity.com/2019/11/04/microsoft-365-security-features/]]|Survey SoftwareONE|
|2019.11.04|Christophe Parisel|[[How AWS and Azure are shaping the future of microservices|https://www.linkedin.com/pulse/how-aws-azure-shaping-future-microservices-christophe-parisel/]]|MicroServices|
|2019.11.04|//Microsoft//|[[Microsoft announces new innovations in security, compliance, and identity at Ignite|https://www.microsoft.com/security/blog/2019/11/04/microsoft-announces-new-innovations-in-security-compliance-and-identity-at-ignite/]]|Azure Tools|
|2019.11.04|Security Week| → [[Microsoft Unveils New Security Tools for Azure|https://www.securityweek.com/microsoft-unveils-new-security-tools-azure]]|Azure Tools|
|2019.11.04|Bleeping Computer| → [[Microsoft 365 Helps Improve Orgs' Security and Compliance Posture|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-helps-improve-orgs-security-and-compliance-posture/]]|Azure Tools|
|2019.11.04|Bleeping Computer| → [[Office 365 Breach Detection Capabilities Now in Public Preview|https://www.bleepingcomputer.com/news/microsoft/office-365-breach-detection-capabilities-now-in-public-preview/]]|Azure Tools|
|2019.11.04|Bleeping Computer| → [[Microsoft 365 Now Helps Find and Review Insider Security Threats|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-now-helps-find-and-review-insider-security-threats/ ]]|Azure Tools|
|2019.11.04|Venture Beat| → [[Microsoft announces security, identity, management, and compliance updates across Azure and Office|https://venturebeat.com/2019/11/04/microsoft-announces-security-identity-management-and-compliance-updates-across-azure-and-office/]]|Azure Tools|
|2019.11.04|Computer Weekly|[[Security Think Tank: Secure the cloud when negotiating contracts|https://www.computerweekly.com/opinion/Security-Think-Tank-Secure-the-cloud-when-negotiating-contracts]]|Misc|
|2019.11.04|Dark Reading|[[To Secure Multicloud Environments, First Acknowledge You Have a Problem|https://www.darkreading.com/cloud/to-secure-multicloud-environments-first-acknowledge-you-have-a-problem/a/d-id/1336219]]|Multi_Cloud|
|2019.11.04|//Microsoft//|[[What's new in Azure Active Directory at Microsoft Ignite 2019|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/What-s-new-in-Azure-Active-Directory-at-Microsoft-Ignite-2019/ba-p/827831]]|AzureAD|
|2019.11.04|//Spanning//|[[5 Steps to Securing your Office 365 Migration|https://spanning.com/blog/5-steps-securing-your-office-365-migration/]]|O365|
|2019.11.04|//Microsoft//|[[Book of News - Microsoft Ignite 2019|https://news.microsoft.com/wp-content/uploads/prod/sites/563/2019/11/Ignite-2019-Book-of-News.pdf]]|Azure|
|2019.11.04|//Forrester//|[[Predictions 2020: Cloud Computing|https://www.forrester.com/report/Predictions+2020+Cloud+Computing/-/E-RES157593]]|Predictions|
|2019.11.04|DevOps|[[Breaking Down the OWASP API Security Top 10, Part 1|https://devops.com/breaking-down-the-owasp-api-security-top-10-part-1/]] (1/2)|API|
!Communiqué de presse : "//CSA Contributes to Key How-To Guidance Documents for Multi-Party Recognition and Continuous Audit-Based Certification//"
<<<
[>img(200px,auto)[iCSF/EUSEC.jpg]]//Practical guidelines to innovative framework promoting trust in cloud services
BERLIN –– Nov. 7, 2019 - The ''Cloud Security Alliance'' (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the availability two guidance documents - "+++*[Implementing Multi-Party Recognition for Cloud Security Certifications]> lien → https://cdn0.scrvt.com/fokus/ccc72dd1f339f01e/440004d502fa/EU-SEC-Guidelines---Implementing-Multi-Party-Recognition-for-Cloud-Security-Certifications---ALL-GUIDES.pdf === and+++*[Implementing Continuous Audit-Based Certification]> lien → https://cdn0.scrvt.com/fokus/2dd3c180ea11ea69/1c925e3b6fb9/EU-SEC-Guidelines---Implementing-Continuous-Audit-Based-Certification.pdf === - designed for cloud stakeholders wishing to improve the business value, efficiency and effectiveness of their approach to cloud security certification schemes.
Since January 2017, CSA has been a key partner in the+++*[European Security Certification Framework (EU-SEC)]> lien → https://www.sec-cert.eu/ ===, a project funded by the European Commission under the H2020 program for research and innovation. The aim of EU-SEC is to create a framework under which existing certification and assurance approaches can co-exist, adding at the same time an additional layer of trust, assurance and transparency by including continuous auditing-based certifications.
"Compliance fatigue and lack of clarity is a tremendous problem in the cloud industry," said Daniele Catteddu, Global CTO at CSA. "The multi-party approach to cloud security certifications is a great way to tackle this as it minimizes the compliance burden for cloud service providers, as well as delivering a competitive advantage to auditors."
"I think this [Framework] is a big step towards managing compliance and providing a common framework to many large, complex and multi-site organizations," said Jatin Sehgal, Global Leader and Managing Partner, EY CertifyPoint.
Based on survey and analysis of the certification and standardization landscape which highlighted a number of issues in the ICT market in Europe, such as lack of trust and transparency, compliance fatigue and assurance gaps, the EU-SEC embarked on an ambitious path to create a framework which would assist cloud stakeholders navigating this complex and confusing field. The intervening years have been dedicated to developing this framework, leveraging the expertise of partners such as CSA.
The publication of the+++*[EU Cybersecurity Act (EUCA)]> lien → https://ec.europa.eu/digital-single-market/en/eu-cybersecurity-act === in June 2019, which shares EU-SEC's objective of increasing trust in ICT services, has reinforced and supported the work of EU-SEC.
The newly published how-to guidance documents bring together that expertise in a practical format for auditors, standard owners, cloud service providers and auditees who are looking to innovate their approach to certification and standardization.
In order to ensure the Framework remains relevant, CSA is inviting cloud stakeholders to complete a+++*[short survey]> lien → https://www.surveymonkey.com/r/EUSEC === on the certification and standardization landscape. The valuable contribution of auditors, standard owners and cloud service providers to this survey will provide CSA with an updated understanding of existing practices and feed into the development of the framework. The survey, which closes Nov. 28, can be found+++*[here]> lien → https://www.surveymonkey.com/r/EUSEC ===.//
<<<
__A noter :__
* Le guide d'implémentation est constitué de 3 parties : une pour les dépositaires du standard, une pour les entités auditrices, et un epour les entités auditées.
* Le sondage, accessible [[ici|https://CloudSecurityAlliance.fr/go/jb7s/]], est ouvert jusqu'au jeudi 28 novembre 2019.
⇒ Lire [[le communiqué de presse|https://CloudSecurityAlliance.fr/go/jb7p/]] sur le site de la CSA.
!"//Google's Potential Claim to the Throne of Quantum Supremacy: What Does it Mean for Cybersecurity?//"
[>img(150px,auto)[iCSA/JB6BW.jpg]]Article de blog publié le 6 novembre 2019 — Rédigé par Roberta Faux, Shamik Kacker, Bruno Huttner, John Hooks, Ron F. del Rosario et John Young
<<<
//__''A mysterious paper''__
A research paper titled "+++*[Quantum Supremacy Using a Programmable Superconducting Processor]> lien → https://www.nature.com/articles/s41586-019-1666-5 ===" briefly appeared last September 21, 2019 on NASA's Technical Report Server (TRS), but was later removed.
In the paper, researchers from+++*[Google AI Quantum Labs]> lien → https://ai.google/research/teams/applied-science/quantum/ === claimed supremacy in quantum computing by successfully running a series of ground-breaking experiments utilizing a processor with programmable superconducting qubits and completing an experiment within 200 seconds that normally would take a modern, state-of-the-art supercomputer approximately 10,000 years to complete.
Various research and scientific community websites were able to obtain+++*[a copy of the document prior to its removal]> lien → https://www.inverse.com/article/59507-full-quantum-supremacy-paper ===. Therefore, this document has been the subject of much debate, scrutiny and speculation for the past few weeks. It is very likely that the paper is currently under peer review and shall be available soon.
Whether it was a PR stunt to attract interest (it worked!) or an honest mistake, it is now official: Google published on October 23, the results of their quantum supremacy experiment in the Nature article Quantum supremacy using+++*[a programmable superconducting processor]> lien → https://www.nature.com/articles/s41586-019-1666-5 ===.
__''What is Quantum Supremacy?''__
Coined by John Preskill back in 2012, "Quantum Supremacy" describes the point where quantum computers can do things that classical computers can't, regardless of whether those tasks are useful. John is a Theoretical Physicist and Director of The Institute for Quantum Information and Matter (IQIM) at Caltech.
In the paper, Google AI Quantum Labs researchers claimed they were able to achieve this status in quantum computing through their experiments utilizing a physical quantum processor with sufficiently low error rates:
"We have performed random quantum circuit sampling in polynomial time with a physically realized quantum processor (with sufficiently low error rates), yet no efficient method is known to exist for classical computing machinery. As a result of these developments, quantum computing is transitioning from a research topic to a technology that unlocks new computational capabilities. We are only one creative algorithm away from valuable near-term applications."
Note however, that some naysayers doubt this claim. The mathematician, Gil Kalai fully expects that "quantum supremacy cannot be achieved at all". While accepting the importance of this work, Kalai argues that Google made a crucial mistake in their supremacy claims. IBM, who is also one of the main contenders in the quantum race and has built its own 53-qubit machine, was not slow to react as well. The IBM team published a counter-argument to Google's estimates, arguing that the calculation could be simulated in just 2.5 days on available supercomputers, not the 10,00 years which Google reported. Whether Google has demonstrated "quantum supremacy" or is merely on the verge of "quantum supremacy," this feat should be noted as a milestone.
__''Potential impact on current cryptographic systems''__
According to John Preskill, the experiment is a sort of "demonstration" at this early stage that Google researchers understand their quantum computing hardware and the next big step is to look for more practical applications in general computing.
Researchers also stated that the next focus should be on engineering quantum error correction technology in order to tackle problems with immediate implications to current computing paradigms such as Shor's Algorithm.
Published back in 1995 by AT&T Labs Researcher Peter Shor in his paper "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer", the so-called Shor's Algorithm is a quantum algorithm that causes an exponential speed-up when solving factoring, discrete logarithm (DLP), and elliptic curve discrete logarithm (ECDLP) problems. Modern public key cryptography, which underpins secure communication and e-commerce on the internet, relies on the difficulty of solving these problems with our current classical computing paradigm. Therefore, a fully-realized quantum computer running Shor's algorithm will easily circumvent our current cryptographic infrastructure. Note that Shor's algorithm is not the only quantum algorithm attacking cybersecurity. Grover's algorithms can compromise our symmetric cryptography (e.g. AES). However, as it only results in a quadratic speed-up, increasing the AES key size can provide adequate resistance against Grover's quantum attack.
Does it mean that Google's experiment means doom for cybersecurity today? Not quite. As expressed above, the first caveat is about quantum error correction technology. A brief technical aside is required here to explain what we are writing about.
Today, all quantum processors utilize physical qubits, which can be in a coherent superposition of zero and one. With this type of qubits, every operation introduces some error, basically reducing the quality of the qubit. This limits the total number of operations, which can be performed before you "lose" your qubits, or decohere. In order to go further and perform longer computations, we need to move to logical qubits. A logical qubit is built from a large number of physical qubits, which protect it and enable error-free computations. This is the field of quantum error correction technology. Note that a classical computer, which runs on classical bits (zeros and ones), runs naturally on logical bits. In order to run Shor's algorithm, a quantum computer has to implement logical qubits. Now back to our development...
Google's system is using physical qubits, with a sufficiently low error rate. This was apparently enough to demonstrate quantum supremacy. However, it will probably be a good number of years before a quantum computer can run long enough computations with logical qubits. The current estimates are between 5 to +10 years.
The second caveat is that, although current cybersecurity infrastructure relies on potentially unsafe cryptographic protocols, new developments are currently underway to address this issue. This is the task of quantum-safe cryptography.
__''Can we counter the quantum threat?''__
The fact that we still have a few years before quantum supremacy transforms into a real threat to cybersecurity should not lure us into a false sense of security. We can already record data today and decrypt it once a powerful enough quantum computer is available. Information exchanged today, which may still have value in several years, is already at threat. Even adapting our infrastructure to the threat will take several years.
[>img(200px,auto)[iCSA_/PEFTQCCST.png]]According to the October 2019 research "Quantum Threat Timeline" conducted by the Global Risk Institute, the transition to quantum-safe cryptography is a challenge itself, as it requires the development and deployment of hardware and software solutions, the establishment of standards, the migration of legacy systems, and more."
Fortunately, things are already moving. Post-Quantum or Quantum-safe algorithms are actively being developed to specifically address this looming threat of quantum computing in the security of modern communication systems. The NIST in the USA has launched a competition, wherein groups of researchers around the world propose post-quantum algorithms for different cryptographic purposes. The goal is to converge to a few of them, which will become standards between 2022 and 2024.
In an interesting twist, new solutions, such as Quantum Random Number Generators and Quantum Key Distribution, based on the same quantum effects, can already be deployed today to offer quantum-safe communications.
Within the Cloud Security Alliance (CSA), the Quantum-Safe Security (QSS) working group is a forum where companies and academic institutions meet to discuss these issues, and suggest solutions. It has written a number of white papers, which address most of the above topics in a non-technical format. The latest report discusses how to prepare enterprises for the quantum threat.//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/jb6q/]] sur le blog de la CSA
!"//CMMC - the New Protocol Droid for DoD Compliance//"
[>img(150px,auto)[iCSA/JB6BC.png]]Article de blog publié le 6 novembre 2019 — Rédigé par Doug Barbin, Cybersecurity Practice Leader chez Schellman & Company, LLC
<<<
//A long time ago in a galaxy exactly ours…There was 800-171.
For some time, the US Department of Defense has been working to revise its funding procurement procedures referred to as the Defense Acquisition Regulation Supplement, or DFARS.Most important among all the details are the included requirements in the regulations (under 252.204-7012), which mandate that defense contractors meet the NIST special publication (SP) 800-171 standard that deals with Controlled [but] Unclassified Information (CUI).
__Episode I - The Mandated Requirement__
NIST 800-171, unlike its broader cousin NIST 800-53, was written for non-government entries such as government contractors and service providers.With that being said, though NIST 800-171 is required for contractors, the DFARS regulation also necessitates the more comprehensive FedRAMP authorization for cloud service providers.
__Episode II - The Rise of CMMC__
The means to communicate NIST 800-171 compliance has always been inconsistent, with many service providers performing self-attestation, but earlier this year, the DoD made a presentation on a new model based on new revisions to the requirement. This new model includes a "certification" framework, and contractors and vendors who were once able to self-attest will now need third-party validation in 2020.
This proposed framework is called the+++*[Cybersecurity Maturity Model Certification, or CMMC]> lien → https://www.acq.osd.mil/cmmc/ ===.
The model, now on version 0.4, was most recently updated on August 30, 2019. For more details, see the +++*[August 30, 2019 briefing document]> lien → https://www.acq.osd.mil/cmmc/docs/cmmc-overview-brief-30aug19.pdf ===, as well as the latest +++*[Criteria v 0.4 - August 30, 2019]> lien → https://www.acq.osd.mil/cmmc/docs/cmmc-draft-model-30aug19.pdf ===.
In terms of requirements, v0.4 now includes additional descriptions of levels and practices including:
* 35 practices to achieve level 1 maturity or "Basic Cyber Hygiene"
* 115 additional practices to achieve level 2 maturity or "Intermediate Cyber Hygiene"
* 91 additional practices to achieve level 3 maturity or "Good Cyber Hygiene"
* 95 additional practices to achieve level 4 maturity or "Proactive"
* 34 additional practices to achieve level 5 maturity or "Advanced Progressive"
__Episode III - Oversight Awakens__
Lastly, on October 3rd DoD issued+++*[an RFI]> lien → https://www.fbo.gov/index?s=opportunity&mode=form&id=4a4b539a0e347e540b30b3121916031c&tab=core&_cview=0 === to solicit accreditation bodies for CMMC.Note that this is not for audit firms like Schellman, but for an accreditation body that will oversee and audit the auditors.Within the request for information, the DoD disclosed that the auditors will now be referred to as CMMC 3rd Party Assessment Organizations (C3PAOs).Yes, you heard that correctly, though there's been no word on Artoo Detoo.
__Episode IV - A New Requisite__
To summarize, here is what we know, based on the above data points:
* Version 0.4 further increased the number of required practices for each leader.
* The Undersecretary of Defense is expected to create an accreditation body to authorize C3PAOs.It would not be surprising should it come together similarly to FedRAMP, which requires 3PAOs to be accredited by A2LA.
* To date, there still has been no guidance released on the content or format of CMMC or C3PAO deliverables - everyone remains in a holding pattern there.
* CMMC validation by a third party is expected to be requested in RFIs starting in June of 2020 and in RFPs starting in the fall of 2020.
//[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/jb6d/]] sur le blog de la CSA
!"//CSA Summit at (ISC)² Security Congress 2019//"
[>img(200px,auto)[iCSA/JAR-MCO.jpg]]Le ''CSA Summit'' s'est tenu à Orlando le 27 octobre 2019, dans le cadre du congrès (ISC)².
Les 6 présentations sont maintenant disponibles en téléchargement :
* "''Diversify Defense - Improving Cybersecurity Through Smart Consolidation''" par Jeff Costlow, ExtraHop
* "''The Next Evolution of Cloud Based Attacks and How to Prevent It''" par Brian Johnson, DivvyCloud
* "''Tell Me a Story - The Art of Explaining Risks''" par Christine Vanderpool, Florida Crystals
* "''Rethinking the Traditional Cloud Vendor Assessment Model: Proactive vs Reactive Vendor Security''" par Michael Odenwald, Whistic
* "''Security Leaders as Change Leaders''" par Marnie Wilking, Wayfair
* "''Eight Ball For The Win: Key Cloud and Cybersecurity Trends for 2020''" par Jim Reavis, Cloud Security Alliance[>img(100px,auto)[iCSA/JARCCAK.png]]
** Jim Reavis a notamment annoncé le ''CCAK'' (Certificate of Cloud Auditing Knowledge) pour 2020.
Les présentations peuvent être téléchargées individuellement ou en une seule fois.
Lien de téléchargement du paquet complet ⇒ ''[[CloudSecurityAlliance.fr/go/jb4p/|https://CloudSecurityAlliance.fr/go/jb4p/]]
!!1 - Informations CSA de la semaine du 28 octobre au 3 novembre 2019
* Publication : Exigences pour les organismes procédant à l'audit et à la certification STAR+++*[»]> <<tiddler [[Publication : Exigences pour les organismes procédant à l'audit et à la certification STAR]]>>===
* Actu : Utilisation de SDP en anti-DDoS+++*[»]> <<tiddler [[2019.10.28 - Utilisation de SDP en anti-DDoS]]>>===
* Publication : Utilisation de SDP en anti-DDoS+++*[»]> <<tiddler [[2019.10.28 - Publication : Utilisation de SDP en anti-DDoS]]>>===
* Actu : Appel à commentaires, documents 'CloudAbuse Working Group Charter'+++*[»]> <<tiddler [[2019.10.29 - Appel à commentaires : document 'CloudAbuse Working Group Charter']]>>=== et 'Privacy Level Agreement Working Group Charter'+++*[»]> <<tiddler [[2019.10.29 - Appel à commentaires : document 'Privacy Level Agreement Working Group Charter']]>>===
!!2 - Veille Web Cloud et Sécurité
La+++*[Veille Web]> <<tiddler [[2019.11.03 - Veille Hebdomadaire - 3 novembre]]>>=== avec plus de 70 liens :
* __''À lire'' :__ Article "Cloud Storage Acquisition from Endpoint Devices" sur le site du SANS+++*[»]>
|2019.10.30|SANS|![[Cloud Storage Acquisition from Endpoint Devices|https://digital-forensics.sans.org/blog/2019/10/30/cloud-storage-endpoint-devices]]|Forensics Storage|
===
* Phishing Office 365 : plusieurs cas récents
* Retours d'expérience sur des pannes ou des incidents : Little "Chubby" (GCP), Capital One
* Rapports et sondages : Rick's Cloud (Rick Blaisdell), Securonix, Sysdig
* Cloud souverain : quelques éléments sur les efforts en France et en Europe
!3 - Conférences et Salons
* Le programme de la ''Cloud & Cyber Security Expo'' des ''27 et 28 novembre'' à Paris est partiellement disponible :
** ''Deuxième'' teaser et inscription gratuite+++*[»]> <<tiddler [[2019.11.01 - Cloud & Cyber Security Expo - Inscription et Extrait du Programme (2/3)]]>>===
** Animation d'une table ronde sur la ''Cyber-Résilence dans le Cloud''+++*[»]> <<tiddler [[2019.10.07 - Cloud & Cyber Security Expo les 27 et 28 novembre 2019]]>>===
* Les inscriptions pour le ''Congrès Européen'' des ''18 au 21 novembre'' à Berlin sont toujours ouverte+++*[»]> <<tiddler [[2019.09.04 - Annonce du programme du Congrès CSA EMEA en Novembre à Berlin]]>>===
** Contactez-nous pour avoir une réduction sur votre inscription.+++*[»]> → [img(200px,auto)[iCSF/Email-CSA_FR.png]]===
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.11.03|
|2019.11.03|//CloudSecurityPass//[>img[iCSF/flag_fr.png]]|[[CCSK en Français|https://cloudsecuritypass.com/ccsk/ccsk-certificate-of-cloud-security-knowledge/]]|CCSK|
|>|>|>|!2019.11.01|
|2019.11.01|BetaNews|[[How automation can contribute to cloud security [Q&A]|https://betanews.com/2019/11/01/automation-cloud-security-qa/]]|Automation|
|2019.11.01|CBR Online|[[Google Cloud's Little "Chubby" Outage|https://www.cbronline.com/news/google-cloud-outage-chubby]]|GCP Outage Lessons_Learnt|
|2019.11.01|ZDnet|[[Europe's cloud computing plan won't do much to scare the US giants|https://www.zdnet.com/article/europes-cloud-computing-plan-wont-do-much-to-scare-the-us-giants/]]|Sovereign_Cloud Europe|
|2019.11.01|//Protego//|[[State of Serverless and Security|https://www.protego.io/state-of-serverless-and-security/]] ([[infographie|https://ss-usa.s3.amazonaws.com/c/308465463/media/18915dbcb1e74090390480216989672/infographic%20survey.pdf]])|Survey Serveless|
|2019.11.01|//Fugue//|[[Securing Microsoft Azure Virtual Networks and Network Security Groups|https://www.fugue.co/blog/securing-microsoft-azure-virtual-networks-and-network-security-groups]]|Azure Networking|
|2019.11.01|//CloudCheckr//|[[5 Rules of Multi-Cloud Governance: What AWS, Azure, and Google Cloud Users Need to Know|https://cloudcheckr.com/multi-cloud/multi-cloud-governance/]]|Governance|
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.10.31|
|2019.10.31|SANS|[[EML attachments in O365 - a recipe for phishing|https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/]]|O365 Phishing|
|2019.10.31|DZone|[[Demystifying Security on AWS Cloud|https://dzone.com/articles/demystifying-security-on-aws-cloud]]|AWS|
|2019.10.31|SiliconAngle|[[Disaster recovery essential for data protection, and cloud makes it scalable|https://siliconangle.com/2019/10/31/disaster-recovery-essential-for-data-protection-datrium-cloud-scalable-dr-cubeconversations/]]|DRP|
|2019.10.31|Medium|[[Introducing The Multi-Cloud Cyber Range - Azure v0.01|https://medium.com/aws-cyber-range/introducing-the-multi-cloud-cyber-range-azure-v0-01-66fd13de3eef]]|Exercise Tools|
|2019.10.31|//Google Cloud//|[[Exploring container security: Use your own keys to protect your data on GKE|https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-use-your-own-keys-to-protect-your-data-on-gke]]|GCP Containers|
|2019.10.31|//Google Cloud//|[[Admin Insider: These 6 steps can help you address security threats in G Suite|https://cloud.google.com/blog/products/g-suite/admin-insider-these-6-steps-can-help-you-block-security-threats-in-g-suite]]|GCP Protection|
|2019.10.31|//Alibaba Cloud//|[[Thoughts on the Development of Secure Container Technology|https://medium.com/@Alibaba_Cloud/thoughts-on-the-development-of-secure-container-technology-8fb30670eea]]|Containers|
|2019.10.31|//Alibaba Cloud//|[[Next-Gen Enterprise Security Based on Cloud-Native Technology|https://medium.com/@Alibaba_Cloud/next-gen-enterprise-security-based-on-cloud-native-technology-6a6c28a6011e]]|Misc|
|2019.10.31|//Viruss//|[[3 Tips to Protect Yourself From the Office 365 Phishing Scams|http://www.viruss.eu/virus-news/3-tips-to-protect-yourself-from-the-office-365-phishing-scams-3/]]|O365 Phishing|
|2019.10.31|//Synology//|[[Behold: The 2019 cloud backup myth-buster|https://www.theregister.co.uk/2019/10/31/the_cloud_backup_myth_buster/]]|BackUps|
|2019.10.31|//Alcide//|[[Kubernetes Audit: Making Log Auditing a Viable Practice Again|https://blog.alcide.io/kubernetes-audit-making-log-auditing-a-viable-practice-again]]|K8s Audit Logging|
|2019.10.31|//Caylent//|[[Kubernetes Service Discovery|https://caylent.com/kubernetes-service-discovery]]|K8s Discovery|
|2019.10.31|//Google Cloud//|[[How GCP helps you take command of your threat detection|https://cloud.google.com/blog/products/identity-security/how-gcp-helps-you-take-command-of-your-threat-detection]]|GCP Detection|
|2019.10.31|//Armor//|[[Achieving PCI Compliance on AWS Is More Involved Than You Think|https://www.armor.com/blog/aws-pci-compliance/]]|AWS PCI_DSS Compliance|
|2019.10.31|//Lacework//|[[AWS Security Best Practices for 2020 You Need to Implement|https://www.lacework.com/aws-security-best-practices-2020/]]|AWS Best_Practices|
|2019.10.31|//Capsule8//|[[The Curious Case of a Kibana Compromise|https://capsule8.com/blog/the-curious-case-of-a-kibana-compromise/]]|Compromise|
|2019.10.31|//Managed Methods//|[[Top 4 Cloud Security Risks for K-12|https://managedmethods.com/blog/cloud-security-risks-for-k-12/]]|Risks|
|2019.10.31|//Google Cloud//|[[How Google adopted BeyondCorp: Part 4 (services)|https://security.googleblog.com/2019/10/how-google-adopted-beyondcorp-part-4.html]] (4/4)|Services|
|2019.10.31|Nino Crudele|[[Hackazure - anything bad and good about Azure Cybersecurity|https://ninocrudele.com/hackazure-anything-bad-and-good-about-azure-cybersecurity]]|Azure|
|2019.10.31|Thomas Naunheim|[[Improve security and usability of privileged access in Microsoft Azure|https://www.cloud-architekt.net/improve-security-and-usability-privileged-access-azure/]]|Azure|
|>|>|>|!2019.10.30|
|2019.10.30|Solutions Numériques[>img[iCSF/flag_fr.png]]|[[La France et l'Allemagne ont présenté la feuille de route du futur Cloud européen|https://www.solutions-numeriques.com/securite/la-france-et-lallemagne-ont-presente-la-feuille-de-route-du-futur-cloud-europeen/]]|Sovereign_Cloud|
|2019.10.30|SANS|![[Cloud Storage Acquisition from Endpoint Devices|https://digital-forensics.sans.org/blog/2019/10/30/cloud-storage-endpoint-devices]]|Forensics Storage|
|2019.10.30|SANS|[[How to Perform a Security Investigation in AWS A SANS Whitepaper|https://www.sans.org/reading-room/whitepapers/analyst/perform-security-investigation-aws-whitepaper-39230]]|Investigation|
|2019.10.30|Down the rabbit Hole|[[Contain(er) Your Security|http://podcast.wh1t3rabbit.net/dtsr-episode-368-container-your-security]] ([[podcast mp3|http://hwcdn.libsyn.com/p/d/a/f/daf7af50cae08cd8/DtSR_Episode_368_-_Container_Your_Security.mp3]])|Containers|
|2019.10.30|APNIC|[[Internet clouds are (also) unpredictable|https://blog.apnic.net/2019/10/30/internet-clouds-are-also-unpredictable/]]|Networking Latency|
|2019.10.30|//McAfee//|[[Office 365 Users Targeted by Voicemail Scam Pages|https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/office-365-users-targeted-by-voicemail-scam-pages/]]|O365 Phishing|
|2019.10.31|Bleeping Computer| → [[New Office 365 Phishing Scams Using Audio Voicemail Recordings|https://www.bleepingcomputer.com/news/security/new-office-365-phishing-scams-using-audio-voicemail-recordings/]]|O365 Phishing|
|2019.10.31|HepNet Security| → [[Office 365 users targeted with fake voicemail alerts in suspected whaling campaign|https://www.helpnetsecurity.com/2019/10/31/office-365-voicemail-phishing/]]|O365 Phishing|
|2019.10.31|//Threatpost//| → [[Fake Voicemail/Office 365 Attack Targets Enterprise Execs|https://threatpost.com/enterprise-big-fish-fake-voicemail-office-365-attack/149730/]]|O365 Phishing|
|2019.10.30|3DS Outscale[>img[iCSF/flag_fr.png]]|![[Le Cloud Act en une infographie par 3DS Outscale|https://www.informatiquenews.fr/le-cloud-act-en-une-infographie-par-eds-outscale-64243]]|CLOUD_Act|
|2019.10.30|//Securonix//|[[More than 1 in 3 Enterprises Say Cloud Apps Are the Most Vulnerable to Insider Threat|https://www.securonix.com/press-release/more-than-1-in-3-enterprises-say-cloud-apps-are-the-most-vulnerable-to-insider-threat/]] ([[2019 Insider Threat Survey Report|https://www.securonix.com/resources/2019-insider-threat-survey-report/]])|Report Securonix|
|2019.10.30|Dark Reading| → [[Security Pros Fear Insider Attacks Stem from Cloud Apps|https://www.darkreading.com/cloud/security-pros-fear-insider-attacks-stem-from-cloud-apps/d/d-id/1336215]]|Report Securonix|
|2019.10.30|//Google Cloud//|[[Cloud storage data protection that fits your business|https://cloud.google.com/blog/products/storage-data-transfer/cloud-storage-data-protection-that-fits-your-business]]|GCP Storage|
|2019.10.30|//McAfee//|[[3 Tips to Protect Yourself From the Office 365 Phishing Scams|https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/office-365-phishing/]]|O365 Phishing|
|2019.10.30|//Protego//|[[Cloud Native Application Security - What You Need To Know|https://www.protego.io/what-you-need-to-know-about-cloud-native-security/]]|Cloud_Native|
|2019.10.30|//Microsoft//|[[Tutorial: Configure secure LDAP for an Azure Active Directory Domain Services managed domain|https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps]]|AzureAD LDAP|
|2019.10.30|//Nuage Networks//|[[SD-WAN Security - Challenges and Solution|https://www.nuagenetworks.net/blog/sd-wan-security-challenges-and-solution/]]|SDWAN|
|>|>|>|!2019.10.29|
|2019.10.28|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Un projet franco-allemand jette les bases d'un cloud européen|https://www.lemondeinformatique.fr/actualites/lire-un-projet-franco-allemand-jette-les-bases-d-un-cloud-europeen-76933.html]]|Sovereign_Cloud|
|2019.10.28|Informatique News[>img[iCSF/flag_fr.png]]|[[Les licences Microsoft 365 peuvent poser des problèmes de conformité|https://www.informatiquenews.fr/les-licences-microsoft-365-peuvent-poser-des-problemes-de-conformite-64215]]|O365 License|
|2019.11.01|The Register| → [[Microsoft sees sense, will give Office 365 admins veto rights on self-service Power tools|https://www.theregister.co.uk/2019/11/01/microsoft_power_platform_u_turn/]]|O365 License|
|2019.11.01|Informatique News[>img[iCSF/flag_fr.png]]| → [[Microsoft fait marche arrière sur son "Self-Service" pour Power Platform|https://www.informatiquenews.fr/microsoft-fait-marche-arriere-sur-son-self-service-pour-power-platform-64263]]|O365 License|
|2019.10.29|Container Journal|[[Top 10 Container and Kubernetes Security Questions to Ask Your Team|https://containerjournal.com/features/top-10-container-and-kubernetes-security-questions-to-ask-your-team/]]|Containers Kubernetes|
|2019.10.29|DZone|[[Docker Explained - An Introductory Guide To Docker|https://dzone.com/articles/docker-explained-an-introductory-guide-to-docker]]|Docker|
|2019.10.29|Dark Reading|[[Why Cloud-Native Applications Need Cloud-Native Security|https://www.darkreading.com/cloud/why-cloud-native-applications-need-cloud-native-security/a/d-id/1336187]]|Cloud_Native|
|2019.10.29|Euractiv|[[European cloud network to start in late 2020|https://www.euractiv.com/section/digital/news/european-cloud-network-to-start-in-late-2020/]]|Sovereign_Cloud Europe|
|2019.10.29|Synergy Research|[[Amazon, Microsoft, Google and Alibaba Strengthen their Grip on the Public Cloud Market|https://www.srgresearch.com/articles/amazon-microsoft-google-and-alibaba-strengthen-their-grip-public-cloud-market]]|Report|
|2019.10.30|Informatique News[>img[iCSF/flag_fr.png]]| → [[Cloud : quatre leaders sur un marché concentré|https://www.informatiquenews.fr/cloud-quatre-leaders-sur-un-marche-concentre-64230]]|Report|
|2019.10.29|TMCnet|[[Capital One AWS Breach is a Headache for Consumers, the Bank and now Amazon|https://blog.tmcnet.com/blog/rich-tehrani/security/capital-one-aws-breach-is-a-headache-for-consumers-the-bank-and-now-amazon.html]]|CapitalOne Outage Lessons_Learnt|
|2019.10.29|//Sysdig//|[[Sysdig 2019 Container Usage Report: New Kubernetes and security insights|https://sysdig.com/blog/sysdig-2019-container-usage-report/]]|Report Containers Kubernetes|
|2019.10.29|Container Journal| → [[Sysdig Report Shines Light on Container Usage Patterns|https://containerjournal.com/topics/container-ecosystems/sysdig-report-shines-light-on-container-usage-patterns/]]|Report Containers Kubernetes|
|2019.10.29|//Anchore//|[[Benefits of Static Image Inspection and Policy Enforcement|https://anchore.com/benefits-static-image-inspection/]]|Containers|
|2019.10.29|//AlienVault//|[[Was the largest breach in history a misconfiguration problem?|https://www.alienvault.com/blogs/security-essentials/was-the-largest-breach-in-history-a-misconfiguration-problem]]|Misconfigurations|
|2019.10.29|//JumpCloud//|[[Azure MFA|https://jumpcloud.com/blog/azure-mfa/]]|Azure Authentication|
|2019.10.29|//Alert Logic//|[[Streamline Cybersecurity for Cloud Applications and Data on Azure|https://blog.alertlogic.com/streamline-cybersecurity-for-cloud-applications-and-data-on-azure/]]|Azure|
|2019.10.29|//Microsoft Azure//|[[Gartner names Microsoft a Leader in the 2019 Cloud Access Security Broker (CASB) Magic Quadrant|https://www.microsoft.com/security/blog/2019/10/29/gartner-microsoft-leader-2019-cloud-access-security-broker-casb-magic-quadrant/]]|CASB|
|>|>|>|!2019.10.28|
|2019.10.28|Silicon.fr[>img[iCSF/flag_fr.png]]|[[DevOps : une autre gestion du risque… et de la productivité|https://www.silicon.fr/devops-risque-productivite-311933.html]]|DevOps Risks|
|2019.10.28|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud : avec JEDI, Microsoft devient le fournisseur clé du Pentagone|https://www.silicon.fr/jedi-cloud-microsoft-fournisseur-cle-pentagone-311937.html]]|Government JEDI|
|2019.10.28|Federal News Network| → [[JEDI to Microsoft? It ain't over yet|https://federalnewsnetwork.com/tom-temin-commentary/2019/10/jedi-to-microsoft-it-aint-over-yet/]]|Government JEDI|
|2019.10.28|Redmond Channel Partner| → [[How Permanent Is Microsoft's Shocking JEDI Win?|https://rcpmag.com/blogs/scott-bekker/2019/10/microsoft-shocking-jedi-win.aspx]]|Government JEDI|
|2019.10.28|Direction Informatique[>img[iCSF/flag_fr.png]]|[[Avons-nous raison d'être frileux envers le cloud?|https://www.directioninformatique.com/avons-nous-raison-detre-frileux-envers-le-cloud/80472]]|Misc|
|2019.10.28|Rick Blaisdell|[[2019 State of the Cloud in the Enterprise|https://rickscloud.com/2019-state-of-the-cloud-in-the-enterprise/]]|Report|
|2019.10.28|VMblog|[[Cloud-Native DevSecOps: How to Secure Your Cloud|https://vmblog.com/archive/2019/10/28/cloud-native-devsecops-how-to-secure-your-cloud.aspx]]|DevSecOps|
|2019.10.28|The Register|[[Amazon is saying nothing about the DDoS attack that took down AWS, but others are|https://www.theregister.co.uk/2019/10/28/amazon_ddos_attack/]]|AWS Outage Aftermath|
|2019.10.28|Help Net Security|[[DevOps firewall: How pre-configuring your cloud deployment can ensure compliance|https://www.helpnetsecurity.com/2019/10/28/devops-firewall/]]|DevSecOps|
|2019.10.28|Bank Info Security|[[Two Data Leaks Expose Millions of Records|https://www.bankinfosecurity.com/two-data-leaks-expose-millions-records-a-13299]]|Data_Leaks|
|2019.10.28|Jordan Potti|[[Offensive Cloud Distribution|https://github.com/jordanpotti/OffensiveCloudDistribution]] (to distribute large security scans across numerous cloud instances)|[[Tools|Outils-GitHub]]|
|2019.10.28|Sarah Gray|[[Security Best Practices - AWS Virtual Workshop|https://www.youtube.com/watch?v=mNUFa6wGEEk]] (vidéo de 1h30)|AWS Workshop|
|2019.10.28|//Dirk-jan Mollema//|[[I’m in your cloud…|https://dirkjanm.io/assets/raw/Im%20in%20your%20cloud%20bluehat-v1.0.pdf]]|!|
|2019.10.28|//AWS//[>img[iCSF/flag_fr.png]]|[[Annonce de l'analyse d'image pour Amazon ECR|https://aws.amazon.com/fr/about-aws/whats-new/2019/10/announcing-image-scanning-for-amazon-ecr/]]|AWS Images|
|2019.10.28|Catchpoint|[[Four Ways to Mitigate the Impact of DNS Attacks|https://blog.catchpoint.com/2019/10/28/four-ways-to-mitigate-the-impact-of-dns-attacks/]]|AWS DDoS Outage|
|2019.10.28|//Microsoft//|[[Customize networking for DR drills: Azure Site Recovery|https://azure.microsoft.com/en-us/blog/customize-networking-for-dr-drills-azure-site-recovery/]]|Azure DRP|
|2019.10.28|//Microsoft//|[[IoT security will set innovation free: Azure Sphere general availability scheduled for February 2020|https://www.microsoft.com/security/blog/2019/10/28/iot-innovation-azure-sphere-general-availability-february-2020/]]|Azure_Sphere IoT|
|2019.10.28|//Zscaler//|[[Rethinking Office 365 Security and Networking Infrastructure|https://www.cbronline.com/opinion/office-365-networking-zscaler]]|O365 Architecture|
[>img(200px,auto)[iCSF/CCSEP2019.png]]Pour s'inscrire à la ''Cloud & Cyber Security Expo'' et disposer une deuxième aperçu du programme des conférences gratuites :
Suivez le lien ⇒ ''[[CloudSecurityAlliance.fr/go/jb1r|https://CloudSecurityAlliance.fr/go/jb1r]]''
[img(auto,60px)[iCSF/CCSA19h.jpg][https://CloudSecurityAlliance.fr/go/jb1r]]
!"//Cloud Security Alliance Health Information Management Working Group Co-Chair Dr. Jim Angle to Present at HIMSS//"
^^//Dr. Jim Angle, manager of Network Security - Vulnerability Management at Trinity Health and co-chair of CSA's Health Information Management Working Group, will be presenting "''Managing the Risk for Medical Devices Connected to the Cloud''" at the+++*[HIMSS Global Health Conference & Exhibition]> https://www.himssconference.org/ === (Orlando) on March 11 at 2:30 p.m. In his talk, Dr. Angle will share some of his key insights that laid the groundwork for the white paper of the same name by CSA's Health Information Management (HIM) Working Group, sharing with attendees how to apply the IoT Security Controls Framework to highly sensitive medical systems that support critical services.//
⇒ Lire le [[communiqué de presse|https://cloudsecurityalliance.org/press-releases/2019/11/20/cloud-security-alliance-health-information-management-working-group-co-chair-dr-jim-angle-to-present-at-himss/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//The Four Pillars of CASB: Threat Protection//"
[>img(100px,auto)[iCSA/JBIBT.png]]^^Article publié le 18 novembre sur le blog de la CSA, et après l'avoir été il y a plus de 2 mois sur le site de Bitglass.
⇒ Lire [[l'article|https://cloudsecurityalliance.org/blog/2019/11/18/the-four-pillars-of-casb-threat-protection/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/four-pillars-casb-threat-protection]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Digital Transformation, Cybersecurity, Cloud Apps, and Cloud Security//"
[>img(100px,auto)[iCSA/JBIBD.jpg]]^^Article publié le 18 novembre sur le blog de la CSA, et après l'avoir été il y a plus de 2 mois sur le site de Bitglass.
⇒ Lire [[l'article|https://cloudsecurityalliance.org/blog/2019/11/21/digital-transformation-cybersecurity-cloud-apps-and-cloud-security/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/digital-transformation-cybersecurity-cloud-apps-cloud-security]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Traduction en japonais de 2 documents du CSA//"
^^Traductions publiées le 18 novembre 2019 :[>img(100px,auto)[iCSA/J86PT.jpg]][>img(100px,auto)[iCSA/J14PG.png]]
* "Guideline on Effectively Managing Security Service in the Cloud"
** ⇒ Lien de [[téléchargement|https://cloudsecurityalliance.org/artifacts/guideline-on-effectively-managing-security-service-in-the-cloud-japanese-translation/]]
* "Top Threats to Cloud Computing: Egregious Eleven"
** ⇒ Lien de [[téléchargement|https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-egregious-eleven-japanese-translation/]]
^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//CSA Announces Advanced Cloud Security Practitioner Training, a Highly Technical Hands-on Course for Technical Security Professionals//"
[>img(100px,auto)[iCSA/J73CCSK.png]]^^Annonce du 4 novembre pour une formation "Advanced Cloud Security Practitioner Training" les 10 et 11 décembre 2019 à Kansas City, Missouri.
Le formateur sera ''[[Rich Mogull|https://securosis.com/about/team]]'', qui est non seulement très compétent, mais aussi très pédagogue.
⇒ Lire [[l'annonce|https://CloudSecurityAlliance.fr/go/jb4a/]] sur le site de la ''Cloud Security Alliance''
⇒ Pour les [[détails et s'inscrire|https://CloudSecurityAlliance.fr/go/jb4i/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//3 Technical Benefits of Service Mesh, and Security Best Practices//"
[>img(100px,auto)[iCSA/JB4B3.jpg]]^^Bien que publié le 4 novembre 2019 sur le blog de la CSA, cet article l'a déjà été il y a plus d'un mois, le 26 septembre 2019 sur le site de Portshift.
⇒ Lire [[l'article|https://CloudSecurityAlliance.fr/go/jb4z/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://CloudSecurityAlliance.fr/go/jb4x/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201910>>
<<tiddler fAll2Tabs10 with: VeilleM","_201910>>
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|Aucune alerte pour le moment|
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Octobre 2019]]>>
<<tiddler fAll2LiTabs10 with: NewsL","201910>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Octobre 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Octobre 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201910>>
<<tiddler fAll2LiTabs13end with: Blog","201910>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Octobre 2019]]>>
<<tiddler fAll2LiTabs13end with: Publ","201910>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Octobre 2019]]>>
!CloudAbuse Working Group Charter
Charte du groupe de travail "Cloud Abuse".[>img(100px,auto)[iCSA/CSAdoc.png]]
La date limite pour transmettre les commentaires est le 29 novembre 2019.
<<<
//The mission of the CloudAbuse working group is to promote operational security and aid in the timely sharing of indicators of abuse across all the member's services.
This mission is conducted through private information sharing within a community of trusted representatives of each member organization.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/jatc|https://cloudsecurityalliance.fr/go/jatc/]]''
!Privacy Level Agreement Working Group Charter
Charte du groupe de travail "Open Certification Framework" (OCF)[>img(100px,auto)[iCSA/CSAdoc.png]]
La date limite pour transmettre les commentaires est le 29 novembre 2019.
<<<
//The Cloud Security Alliance would like to invite you to review and comment on the updated Privacy Level Agreement Working Group Charter.
The Privacy Level Agreement (PLA) Working Group was originally established in 2011 with the objective to define good practices and tools to help both CSPs and cloud users in their journey toward the compliance with relevant European Union privacy legislations.
The draft CSA Code of Conduct and Certification are currently under the revision of the relevant Data Protection Authorities.
The goal of CSA is, clearly to obtain the approval of both of them by the European Data Protection Board.
The current version of the PLA CoP (V3.2) doesn't thought cover the requirements of the GDPR Art.46 on international data transfer.
Given the importance of the topic in the cloud market, the CSA has decided to take action and revise the current versions of its CoC and Certification so to be able to use them as tools for international data transfer.
Moreover, in its mission to support both CSPs and customers to overcome their cloud security and privacy challenges, the CSA has also decided to initiate an analysis of other relevant Privacy and Data Protection regulations applicable to the cloud market and define, on the basis of the results already achieved, new tools and best practices for global privacy compliance.
In summary, the extension of the scope of existing CSA's best practice and tools for GDPR compliance to international data transfer and global privacy compliance, would be the main goals of the new PLA WG.
This is your opportunity to provide feedback and identify any critical areas that we might miss in our working group's focus.
The open review and comments period starts today and ends on November 29, 2019.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/jatp|https://cloudsecurityalliance.fr/go/jatp/]]''
!Document "//Requirements for Bodies Providing STAR Certification//"
[>img(200px,auto)[iCSA/JATPR.png]]Publication de ce qui semble être un document de travail (avec quelques erreurs mineures) qui s'inspire de l'ISO ISO/IEC 27006:2015 qui porte sur les exigences pour les organismes procédant à l'audit et à la certification des systèmes de management de la sécurité de l'information.
__Extraits :__
<<<
//1 - General
* 1.1 - This document outlines how to conduct a STAR certification assessment to the Cloud Controls Matrix (CCM) as part of an ISO/IEC 27001 assessment.
* 1.2 - The controls set out in the CCM can be considered additional
//[...]//
4 - Requirements on a certification body
* 4.1 - A certification body must be a CSA Corporate Member in good standing
* 4.2 - A certification body conducting CCM assessments shall be ISO/IEC 27006 accredited by an IAF member accreditation body for delivery of ISO/IEC 27001 assessments.
* 4.3 - A certification body shall comply with all the requirements of ISO/IEC 27006 as well as this documents requirements when conducting a CCM assessment.
//[...]//
5 Competency requirements
* 5.1 - All assessors must be able to present evidence of passing an accredited lead auditor
course for ISO/IEC 27001 or be a qualified and experienced ISO/IEC 27001 assessor
for an IAF member accredited ISO/IEC 27001 certification body.
//[...]//
9 - Audit and Certification
9.1 - An assessment cycle will follow the assessment cycle for ISO/IEC 27001.
//[...]
<<<
//⇒ télécharger le ''[[document|https://CloudSecurityAlliance.fr/go/jasr/]]
!Article "//Cloud Security Alliance Releases Anti-DDoS: Software-Defined Perimeter As a DDoS Prevention Mechanism//"
[>img(200px,auto)[iCSA/JASPS.png]]
<<<
//Document examines the operationalization of Software-Defined Perimeter as prevention mechanism against three well-known types of Distributed Denial of Service attacks
ORLANDO - (ISC)2 Security Congress - Oct. 28, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released new research on Anti-DDoS: Software-Defined Perimeter as a DDos Prevention Mechanism. Produced by CSA's Software-Defined Working (SDP) Group, this paper sheds light on the use of a SDP as a tool to prevent Distributed Denial-of-Service (DDoS) attacks. It demonstrates the efficiency and effectiveness of a SDP against several well-known attacks including HTTP Flood, TCP SYN, and UDP Reflection.
The document focuses on protecting private services, such as private business applications, employee or customer portals, and email servers, which are well-suited to being protected from DDoS attacks by a Software-Defined Perimeter. Utilizing the Seven Layer OSI Model, various scenarios are laid out based on where the aforementioned attacks may be targeted (i.e. applications, transportation, and networks), which security professionals can use as guides for securing their own enterprise systems.
"Denial of Service attacks are - and continue to be - a problem. With the adoption of cloud services, the threat of network attacks against application infrastructure increases, since traditional perimeter-defense techniques cannot adequately protect servers," said Juanita Koilpillai, co-chair, CSA Software-Defined Perimeter Working Group, and CEO and President of Waverley Labs. "This document, the latest from the SDP Working Group, was created to aid those responsible for the evaluation, design, deployment, or operation of DDoS prevention solutions within their enterprise."
Typically performed against public-facing services running on the internet, such as web servers and DNS servers, DDoS attacks attempt to overwhelm a target and prevent it from delivering its services to legitimate users. SDPs are resilient against these types of attacks, however, because they utilize a computationally lightweight mechanism (SPA) to distinguish between authorized and unauthorized users, even from remote systems. Because the vast majority of DDoS traffic is initiated by unauthorized users, SDP gateways can reject it without incurring a heavy computational load on the server.
The Software-Defined Perimeter Working Group was created with the goal of developing a solution to stop network attacks against application infrastructure. Those interested in learning more about the group or participating in future research should visit the Software-Defined Perimeter Working Group page.//
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/jasa/]] sur le site de la CSA.
!Document "//Software-Defined Perimeter as a DDoS Prevention Mechanism//"
[>img(200px,auto)[iCSA/JASPS.png]]__Extraits__
<<<
//__''Goals:''__
The primary goal of this document is to increase the awareness and understanding of SDP as a tool to prevent DDoS attacks by demonstrating its efficiency and effectiveness against several wellknown attacks, including HTTP Flood, TCP SYN, and UDP Reflection.//
[...]
//__''SDP as a DDoS Defense Mechanism:''__
The techniques described above to detect, divert, filter and analyze are suitable for a large volume of packets associated with DDoS attacks. Many small malformed packets associated with resource depletion DDoS attacks typically bypass these techniques as they are hard to detect. However, these techniques are expensive and more frequently than not filter out good packets. SDPs are architected to allow ONLY good packets through while dropping all bad packets. In general, with SDPs, hosts are hidden, clients coordinate with (typically with multiple) perimeters so that good packets known to SDPs and upstream routers can be informed about bad packets to block. For the purpose of showing how SDPs can be used as a DDoS defense mechanism, we will use the open source reference implementation as an example. In the reference implementation, clients (users on devices) are cryptographically signed into the perimeter.//
[...]
//__''Summary:''__
The goal of this paper is to increase the awareness and understanding of SDP as a tool to prevent DDoS attacks by demonstrating its efficiency and effectiveness against several well- known attacks.
To that end we presented in the Introduction definitions of DDoS and DoS attacks. Then in the next section DDoS Attack Vectors, we presented a table DDoS attack Vectors by OSI and TCP/IP layers.
From this table we selected as our focus three well-known attacks:
# Layer 7 Application - HTTP Flood Attacks
# Layer 4 Transport - SYN "TCP" Flood
# Layer 3 Network - UDP Reflection Attacks
After selecting the vectors and attacks of focus we explained them conceptually in detail. This was followed by a section DDoS Attack Mitigations via Non SDP Defenses where we described non SDP mitigations that are available for use at various OSI layers.
We followed this up with SDP as DDoS Defense Mechanism. Here we first described the sequence of events that are followed to set up and configure SDP as a DDoS defense. Then we enumerated the protections afforded by the setup including
# Invisible services behind a deny-all SDP Gateway;
# Authenticating users on devices prior to opening up the firewall to establish connections;
# Using a dynamic firewall mechanism, to allow or which allows SDP to drop packets as fast as the switches serve them up during a DDoS attack.
Finally, we looked at the following three attacks using SDP as a defense mechanism:
# HTTP Flood Attack & SDP Defense
# TCP SYN Flood Attack & SDP Defense
# UDP Reflection Attack & SDP Defense
//
<<<
__Table des Matières__//
<<<
* Introduction
** DDoS and DoS Attacks Defined
** Goals
** Target Audience
** DDoS Attack Vectors
** DDoS Attack Vectors by OSI and TCP/IP Model Layer
** DDoS Attack Mitigations (via Non SDP Defenses)
* SDP as a DDoS Defense Mechanism
* HTTP Flood Attack & SDP Defense
** Battlefield
** Attack Explained
** Defense Explained
* TCP SYN Flood Attack and SDP Defense
** Battlefield
** Attack Explained
** Defense Explained
* UDP Reflection Attack & SDP Defense
** Battlefield
** Attack Explained
** Defense Explained
* Summary
* Glossary
* Other Reading
* Appendix
** Appendix 1: OSI & TCP/IP Layers & Logical Protocols
** Appendix 2: DDoS Attacks by OSI & TCP/IP Layers
** Appendix 3: DDoS & Other Attack Monitoring Maps
** Appendix 4: DDoS Biggest Attacks
<<<
//⇒ télécharger le ''[[document|https://CloudSecurityAlliance.fr/go/jasp/]]
!!1 - Informations CSA de la semaine du 21 au 27 octobre 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : ''Corporate Contractors and the Requirement for Zero-Trust Network Access''+++*[»]> <<tiddler [[2019.10.21 - Blog : 'Corporate Contractors and the Requirement for Zero-Trust Network Access']]>>===
* Actu : Gouvernance du risque et certification européenne au Congrès CSA EMEA en Novembre à Berlin+++*[»]> <<tiddler [[2019.10.24 - Gouvernance du risque et certification européenne au Congrès CSA EMEA en Novembre à Berlin]]>>===
* __''À lire'' :__ ''Modèle MITRE ATT&CK adapté au Cloud''+++*[»]> <<tiddler [[2019.10.25 - Modèle MITRE ATT&CK adapté au Cloud]]>>===
!!2 - Veille Web Cloud et Sécurité
La+++*[Veille Web]> <<tiddler [[2019.10.27 - Veille Hebdomadaire - 27 octobre]]>>=== avec plus de 60 liens :
* __Pannes__ ou attaques : Amazon AWS, Google GCP
* Fuites de données : Adobe Cloud, AutoClerk (fonctionnaires et militaires américains)
* Annonces : attribution du contrat JEDI pour le DoD à ... Microsoft (pour le moment)
* Rapports : Skybox Security
* __Divers__ : Docker, Kubernetes, sécurité des containers, Zero Trust et Microsoft 365+++*[»]>
|2019.10.27|Thomas Naunheim|![[Implementing Zero Trust with Microsoft 365 (Study collection)|https://www.cloud-architekt.net/implementing-zero-trust-with-microsoft-365/]]|O365 Zero_Trust|
===
!3 - Conférences et Salons
* Le programme de la ''Cloud & Cyber Security Expo'' des ''27 et 28 novembre'' à Paris est partiellement disponible :
** Teaser et inscription gratuite+++*[»]> <<tiddler [[2019.10.11 - Cloud & Cyber Security Expo - Inscription et Extrait du Programme (1/3)]]>>===
** Animation d'une table ronde sur la ''Cyber-Résilence dans le Cloud''+++*[»]> <<tiddler [[2019.10.07 - Cloud & Cyber Security Expo les 27 et 28 novembre 2019]]>>===
* Les inscriptions pour le ''Congrès Européen'' des ''18 au 21 novembre'' à Berlin sont toujours ouverte+++*[»]> <<tiddler [[2019.09.04 - Annonce du programme du Congrès CSA EMEA en Novembre à Berlin]]>>===
** Contactez-nous pour avoir une réduction sur votre inscription.+++*[»]> → [img(200px,auto)[iCSF/Email-CSA_FR.png]]===
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.10.27|
|2019.10.27|Thomas Naunheim|![[Implementing Zero Trust with Microsoft 365 (Study collection)|https://www.cloud-architekt.net/implementing-zero-trust-with-microsoft-365/]]|O365 Zero_Trust|
|2019.10.27|//Lacework//|[[NIST Cybersecurity Framework and Your Cloud|https://www.lacework.com/nist-cybersecurity-framework/]]|NIST_CSF|
|>|>|>|!2019.10.25|
|2019.10.25|Comparitech|[[7 million Adobe Creative Cloud accounts exposed to the public|https://www.comparitech.com/blog/information-security/7-million-adobe-creative-cloud-accounts-exposed-to-the-public/]]|DataLeak Adobe|
|2019.10.25|Bleeping Computer| → [[7.5 Million Records of Adobe Creative Cloud User Data Exposed|https://www.bleepingcomputer.com/news/security/75-million-records-of-adobe-creative-cloud-user-data-exposed/]]|DataLeak Adobe|
|2019.10.25|BetaNews| → [[Adobe exposed personal data of 7.5 million Creative Cloud users in unsecured database|https://betanews.com/2019/10/26/adobe-creative-cloud-data-leak/]]|DataLeak Adobe|
|2019.10.28|Security Week| → [[Adobe Exposed Creative Cloud Customer Information|https://www.securityweek.com/adobe-exposed-creative-cloud-customer-information]]|DataLeak Adobe|
|2019.10.25|The Register|[[You're flowing it wrong: Bad network route between Microsoft, Apple blamed for Azure, O365 MFA outage|https://www.theregister.co.uk/2019/10/25/microsoft_outage_explainer/]]|Outage O365|
|2019.10.25|DoD|!JEDI Cloud : [[Contracts For Oct. 25, 2019|https://www.defense.gov/Newsroom/Contracts/Contract/Article/1999639/]]|Government JEDI|
|2019.10.25|Silicon Angle| → [[In a big surprise, Pentagon grants Microsoft $10B JEDI cloud contract over Amazon|https://siliconangle.com/2019/10/25/surprise-move-pentagon-grants-microsoft-jedi-cloud-contract-amazon/]]|Government JEDI|
|2019.10.25|GeekWire| → [[Amazon 'surprised' after Pentagon awards coveted $10 billion JEDI cloud contract to rival Microsoft|https://www.geekwire.com/2019/microsoft-awarded-pentagons-10b-jedi-cloud-contract-huge-win-rival-amazon/]]|Government JEDI|
|2019.10.25|Federal News Network| → [[Microsoft wins DoD's controversial JEDI Cloud contract|https://federalnewsnetwork.com/defense-main/2019/10/microsoft-wins-dods-jedi-cloud-contract/]]|Government JEDI|
|2019.10.25|Defense One| → [[Microsoft Wins Massive JEDI Cloud Contract|https://www.defenseone.com/business/2019/10/microsoft-wins-massive-jedi-cloud-contract/160890/]]|Government JEDI|
|2019.10.26|The Register| → [[Pentagon beams down $10bn JEDI contract to Microsoft: Windows giant beats off Bezos|https://www.theregister.co.uk/2019/10/26/microsoft_wins_jedi_deal/]]|Government JEDI|
|2019.10.26|Security Week| → [[Pentagon Awards $10 Billion Cloud Contract to Microsoft, Snubbing Amazon|https://www.securityweek.com/pentagon-awards-10-billion-cloud-contract-microsoft-snubbing-amazon]]|Government JEDI|
|2019.10.27|BetaNews| → [[Microsoft awarded Pentagon's controversial JEDI contract|https://betanews.com/2019/10/27/microsoft-wins-jedi-contract/]]|Government JEDI|
|2019.10.25|DZone|[[Why MQTT Has Become the De-Facto IoT Standard|https://dzone.com/articles/why-mqtt-has-become-the-de-facto-iot-standard]]|MQTT|
|2019.10.25|CIO Dive|[[Senators press AWS on cloud security, call for FTC investigation|https://www.ciodive.com/news/senators-press-aws-on-cloud-security-call-for-ftc-investigation/565751/]]|CapitalOne Outage Lessons_Learnt|
|2019.10.25|Club Cloud Computing|![[Risks of containers: overview of a threat model|https://www.youtube.com/watch?v=d0dxjs34YGo]] (vidéo)|Video|
|2019.10.25|//Google Cloud//|[[Exploring Container Security: Vulnerability management in open-source Kubernetes|https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-vulnerability-management-in-open-source-kubernetes]]|containers Kubernetes Flaw|
|2019.10.25|//Lacework//|[[NIST Cybersecurity Framework and Your Cloud|https://www.lacework.com/nist-cybersecurity-framework/]]|NIST|
|2019.10.25|//Threatpost//|[[Is AWS Liable in Capital One Breach?|https://threatpost.com/capital-one-breach-senators-aws-investigation/149567/]]|CapitalOne Lessons_Learnt|
|2019.10.25|//BSSI//|[[Retour sur la Hack.lu - Jour 3|https://blog.bssi.fr/retour-sur-la-hack-lu-jour-3/]]|Containers|
|>|>|>|!2019.10.24|
|2019.10.24|Hack.lu|![[Who contains the containers|https://cfp.hack.lu/hacklu19/talk/VJSHEV/]]|Containers|
|2019.10.24|RootShell.be| → [[Hack.lu 2019 Day #3 Wrap-Up|https://blog.rootshell.be/2019/10/24/hack-lu-2019-day-3-wrap-up/]]|Containers|
|2019.10.23|Container Journal|[[Kubernetes Without Scale: Setting up a Personal Cluster, Part 2|https://containerjournal.com/topics/container-ecosystems/kubernetes-without-scale-setting-up-a-personal-cluster-part-2/]] (2/2)|K8s|
|2019.10.24|DZone|[[Kubernetes vs. Docker: Comparing The Two Container Orchestration Giants!|https://dzone.com/articles/kubernetes-vs-docker-comparing-the-two-container-o]]|Orchestration Kubernetes Docker|
|2019.10.24|CSO Online|[[5 cloud security basics and best practices|https://www.csoonline.com/article/3446458/5-cloud-security-basics-and-best-practices.html]]|Best_Practices|
|2019.10.24|//ThreatStack//|[[How to Create a Security Risk Assessment for Containers in 5 Steps|https://www.threatstack.com/blog/create-a-security-risk-assessment-for-containers-in-5-steps]]|Containers Risk_Assessment|
|2019.10.24|//CloudCheckr//|[[7 Ways to Improve Your Cloud Computing Return on Investment|https://cloudcheckr.com/cloud-cost-management/7-ways-to-improve-your-cloud-computing-return-on-investment-roi/]]|AWS|
|2019.10.24|//Containous//|[[13 Criteria for Choosing the Best Ingress Controller for Your Kubernetes Deployment|https://vmblog.com/archive/2019/10/24/13-criteria-for-choosing-the-best-ingress-controller-for-your-kubernetes-deployment.aspx]]|K8s|
|2019.10.24|//Alcide//|[[Pod Security Policy|https://blog.alcide.io/pod-security-policy]]|Security_Policy|
|2019.10.24|//Skybox Security//|[[Cloud Infrastructure Vulnerabilities to Increase 50%, According to Skybox Security Report|https://www.prnewswire.com/news-releases/cloud-infrastructure-vulnerabilities-to-increase-50-according-to-skybox-security-report-300944494.html]] ([[rapport|https://lp.skyboxsecurity.com/WICD-2019-10-Cloud-Threat-Trends-Report_Reg.html]])|Report Skybox|
|2019.10.24|//Skybox Security//| → [[Cloud Trends Report Infographic 2019|https://lp.skyboxsecurity.com/WICD-2019-10-Cloud-Threat-Trends-Infographic_03-Infographic.html]] ([[pdf|https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Cloud_Trends_Infographic.pdf]])|Report Skybox|
|2019.10.28|Help Net Security| → [[IaaS cloud vulnerabilities expected to increase 50% over 2018 figures|https://www.helpnetsecurity.com/2019/10/28/iaas-cloud-vulnerabilities-2019/]]|Report Skybox|
|2019.10.24|//Google//|![[Advancing customer control in the cloud|https://cloud.google.com/blog/topics/inside-google-cloud/advancing-customer-control-in-the-cloud]]|CLOUD_Act|
|2019.10.24|//Google//|![[Data incident response process|https://cloud.google.com/security/incident-response/]]|Incident_Response|
|2019.10.24|//Panther Labs//|[[Tutorial: Securing Multi-Account Access on AWS|https://blog.runpanther.io/secure-multi-account-aws-access/]]|AWS Authentication|
|>|>|>|!2019.10.23|
|2019.10.23|DZone|[[Docker Container - Volume and Data Recovery|https://dzone.com/articles/docker-container-volume-mount-and-data-recovery]]|Docker|
|2019.10.23|Container Journal|[[Kubernetes Without Scale: Reasons to Run a Personal Cluster, Part 1|https://containerjournal.com/topics/container-ecosystems/kubernetes-without-scale-reasons-to-run-a-personal-cluster/]] (1/2)|K8s|
|2019.10.23|VMblog|[[Using DRaaS to Mitigate the Damage of Ransomware|https://vmblog.com/archive/2019/09/23/using-draas-to-mitigate-the-damage-of-ransomware.aspx]]|DRaaS Mitigation|
|2019.10.23|Eversheds Sutherland|[[Legal Alert: The CLOUD Act - A cross-border data access agreement rises from the fog|https://us.eversheds-sutherland.com/NewsCommentary/Legal-Alerts/226041/Legal-Alert-The-CLOUD-Act-A-cross-border-data-access-agreement-rises-from-the-fog]]|CLOUD_Act|
|2019.10.23|//Google Cloud//|[[Find and fix misconfigurations in your Google Cloud resources|https://cloud.google.com/blog/products/identity-security/find-and-fix-misconfigurations-in-your-google-cloud-resources]] (6/6)|GCP Misconfigurations|
|>|>|>|!2019.10.22|
|2019.10.22|The Register|[[Bezos DDoS'd: Amazon Web Services' DNS systems knackered by hours-long cyber-attack|https://www.theregister.co.uk/2019/10/22/aws_dns_ddos/]]|AWS DDoS Outage|
|2019.10.23|Catchpoint|! → [[AWS Users Blindsided by DDoS Attacks|https://blog.catchpoint.com/2019/10/23/aws-ddos-attacks/]]|AWS DDoS Outage|
|2019.10.23|TechRadar| → [[AWS hit by major DDoS attack|https://www.techradar.com/news/aws-hit-by-major-ddos-attack]]|AWS DDoS Outage|
|2019.10.23|IT Pro| → [[AWS servers hit by sustained DDoS attack|https://www.itpro.co.uk/amazon-web-services-aws/34679/aws-servers-hit-by-sustained-ddos-attack]]|AWS DDoS Outage|
|2019.10.23|CBR Online| → [[AWS Hit by DDoS Attack - Google Cloud Issues Unrelated|https://www.cbronline.com/news/aws-ddos-attack]]|AWS DDoS Outage|
|2019.10.24|Dark Reading| → [[Eight-Hour DDoS Attack Struck AWS Customers|https://www.darkreading.com/cloud/eight-hour-ddos-attack-struck-aws-customers/d/d-id/1336165]]|AWS DDoS Outage|
|2019.10.24|Security Week| → [[DDoS Attack Hits Amazon Web Services|https://www.securityweek.com/ddos-attack-hits-amazon-web-services]]|AWS DDoS Outage|
|2019.10.24|InfoSec Mag| → [[AWS Left Reeling After Eight-Hour DDoS|https://www.infosecurity-magazine.com/news/aws-customers-hit-by-eighthour-ddos/]]|AWS DDoS Outage|
|2019.10.22|Ajay Kumar|[[What is Azure Security Center and its Capabilities?|https://medium.com/@intouchajay/what-is-azure-security-center-and-its-capabilities-cf19edbd6983]]|Azure|
|2019.10.22|//TrendMicro//|![[The Shared Responsibility Model|https://blog.trendmicro.com/the-shared-responsibility-model/]]|Shared_Responsibility|
|2019.10.22|//Sophos//|[[Storing your stuff securely in the cloud|https://nakedsecurity.sophos.com/2019/10/22/storing-your-stuff-securely-in-the-cloud/]]|Misc|
|2019.10.22|//Digital Ocean//|[[Issues with accessing S3/RDS resources inside Droplets across all regions|https://status.digitalocean.com/incidents/1z3kmlvz69v6]]|Outage|
|2019.10.22|//Google Cloud//|[[Google Cloud Networking Incident #19020|https://status.cloud.google.com//incident/cloud-networking/19020]]|Outage GCP|
|2019.10.22|//ExtraHop//|[[4 Common Cloud Misconfigurations & What To Do About Them|https://www.extrahop.com/company/blog/2019/4-common-cloud-misconfigurations-and-what-to-do-about-them/]]|Misconfigurations|
|2019.10.22|//Tripwire//|[[Guide to Container Security - Everything You Need to Know|https://www.tripwire.com/state-of-security/devops/guide-container-security/]]|Containers Best_Practices|
|2019.10.22|//Microsoft//|[[Users can now check their sign-in history for unusual activity|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Users-can-now-check-their-sign-in-history-for-unusual-activity/ba-p/916066]]|AzureAD|
|2019.10.22|Security Week|[[New Azure AD Feature Detects Unauthorized Access Attempts|https://www.securityweek.com/new-azure-ad-feature-detects-unauthorized-access-attempts]]|AzureAD|
|2019.10.22|//Security Discovery//|[[Religious Website and Software Provider Leaks Customer and Credit Card Data for Many Months|https://securitydiscovery.com/cloversites/]]|DataLeak ElasticSearch|
|2019.10.22|//Uptycs//|[[3 Cloud Computing Security Issues & How To Get Them Under Control|https://www.uptycs.com/blog/cloud-computing-and-security]]|Misc|
|>|>|>|!2019.10.21|
|2019.10.21|CIGREF[>img[iCSF/flag_fr.png]]|[[Cloud de confiance : les entreprises membres du Cigref proposent à l'État leur collaboration|https://www.cigref.fr/cloud-de-confiance-entreprises-membres-du-cigref-proposent-a-etat-leur-collaboration]]|Sovereign_Cloud|
|2019.10.21|(ISC)2|[[PCI Compliance in AWS - Simplified|https://blog.isc2.org/isc2_blog/2019/10/pci-compliance-in-aws-simplified.html]]|AWS PCI_DSS|
|2019.10.21|DZone|[[Designing Your First App in Kubernetes: A Summary|https://dzone.com/articles/designing-your-first-app-in-kubernetes-a-summary]]|K8s|
|2019.10.21|VPNmentor|[[Report: Travel Reservations Platform Leaks US Government Personnel Data|https://www.vpnmentor.com/blog/us-travel-military-leak/]]|Data_Leaks ElasticSearch|
|2019.10.21|ZDnet| → [[Open database leaked 179GB in customer, US government, and military records|https://www.zdnet.com/article/autoclerk-database-leaked-customer-government-and-military-personal-records/]]|Data_Leaks ElasticSearch|
|2019.10.22|InfoSecurity Mag| → [[US Military Personnel Exposed in Latest Cloud Data Leak|https://www.infosecurity-magazine.com/news/military-personnel-exposed-latest/]]|Data_Leaks ElasticSearch|
|2019.10.22|DataBreach Today| → [[Unsecure Database Exposed US Military Personnel Data: Report - Exposed Database Owned by AutoClerk Hotel Reservation Management System|https://www.databreachtoday.co.uk/unsecure-database-exposed-us-military-personnel-data-report-a-13280]]|Data_Leaks ElasticSearch|
|2019.10.22|The Register| → [[Messed Western: Vuln hunters say hotel giant's Autoclerk code exposed US soldiers' info, travel plans, passwords|https://www.theregister.co.uk/2019/10/22/autoclerk_army_data/]]|Data_Leaks ElasticSearch|
|2019.10.21|InfoSec Institute|[[Lessons learned: The Capital One breach|https://resources.infosecinstitute.com/lessons-learned-the-capital-one-breach/]]|CapitalOne|
|2019.10.21|CSO|[[Top cloud security controls you should be using|https://www.csoonline.com/article/3208905/top-cloud-security-controls-you-should-be-using.html]]|Controls|
|2019.10.21|CRN AU|[[Senate pushes fix to allow US access to local clouds|https://www.crn.com.au/news/senate-pushes-fix-to-allow-us-access-to-local-clouds-532613]]|CLOUD_Act|
|2019.10.21|//Heimdal//|[[New Microsoft Phishing Campaign Targets Office365 Users|https://heimdalsecurity.com/blog/new-microsoft-phishing-campaign-targets-office365-users/]]|O365 Phishing|
|2019.10.21|//Microsoft//|[[Unverified Sender|https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/unverified-sender-feature]]|O365 Mail|
|2019.10.21|Bleeping Computer| → [[Office 365 Now Warns About Suspicious Emails with Unverified Senders|https://www.bleepingcomputer.com/news/microsoft/office-365-now-warns-about-suspicious-emails-with-unverified-senders/]]|O365 Mail|
|2019.10.21|//eXemplify//|[[Why There May Be Room for Cloud Solutions in Your Compliance Strategy|http://www.exemplifygroup.com/why-there-may-be-room-for-cloud-solutions-in-your-compliance-strategy/]]|Compliance|
|2019.10.21|//Efficient IP//|[[Cloud to the Edge Brings IP Space Complexity|https://www.efficientip.com/cloud-edge/]]|Misc|
|2019.10.21|//Microsoft//|[[Run a disaster recovery drill for Azure VMs to a secondary Azure region|https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-dr-drill]]|Azure DRP|
|2019.10.21|//Okta//|[[An Illustrated Guide to OAuth and OpenID Connect|https://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc]]|OAuth OpenID||
[>img(150px,auto)[iCSF/MITRE.png]]Début octobre 2019, le [[MITRE]] a publié une extension du cadre ''MITRE ATT&CK'' pour le Cloud.
Ainsi, 36 techniques ont été ajoutées ou mises à jour pour couvrir le comportement d'attaquants contre les plates-formes Cloud.
Le ''MITRE ATT&CK Cloud'' est ainsi décliné pour :
* les plates-formes IaaS : Amazon Web Services (AWS), Microsoft Azure (Azure) et Google Cloud Platform (GCP)
* les plates-formes SaaS
* deux environnements plus spécifiques : Azure Active Directory (Azure AD) et Office 365
A noter :[>img(auto,50px)[iCSF/MITRE_ATTACK.png]]
* La matrice ''ATT&CK Cloud'' et ses déclinaisons peuvent être prises en compte séparément du reste de la matrice ''ATT&CK Enterprise''.
* La définition du mouvement latéral a été étendue afin d'intégrer l'accès et l'interaction avec le Cloud.
* La liste actuelle des plates-formes cloud sera étendue dans le courant de l'année prochaine.
Les différents élements sont les suivants :
* MITRE ATT&CK+++*[»]> <<tiddler [[MITRE ATTACK]]>>===
* MITRE ATT&CK Cloud+++*[»]> <<tiddler [[MITRE ATTACK Cloud]]>>===
* MITRE ATT&CK Cloud IaaS+++*[»]> <<tiddler [[MITRE ATTACK Cloud IaaS]]>>===
* MITRE ATT&CK Cloud SaaS+++*[»]> <<tiddler [[MITRE ATTACK Cloud SaaS]]>>===
* MITRE ATT&CK Cloud AzureAD+++*[»]> <<tiddler [[MITRE ATTACK Cloud AzureAD]]>>===
* MITRE ATT&CK Cloud O365+++*[»]> <<tiddler [[MITRE ATTACK Cloud O365]]>>===
Lien → https://attack.mitre.org/matrices/enterprise/cloud/<<tiddler [[arOund0C]]>>
[>img(300px,auto)[iCSA/JBICE.jpg]]__"''Cloud Security Alliance 2019 EMEA Congress Adds Focus on Risk Governance and European Cloud Certification Enablement''"__
Quelques précisions sur 2 sessions du prochain [[Congrès CSA EMEA|2019.11.20 - CSA Congress EMEA 2019 - Berlin]] qui se déroulera du 18 au 21 novembre 2019 à Berlin.
<<<
//__William Ochs, Rolf Becker will share insight from 60 years combined experience in banking and cybersecurity risks__
Berlin, Germany - Oct. 24, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced additions to its speaker line-up and session highlights for its [[upcoming CSA EMEA Congress (Berlin, Nov. 18-21, 2019)|2019.11.20 - CSA Congress EMEA 2019 - Berlin]]. Rolf Becker, Cloud Business Office Risk Governance, UBS Business Solutions AG, and Prof. William Ochs, EMEA Cloud Certification Enablement Manager for Cisco and co-chair of CSP CERT, will bring the issues surrounding risk governance and cloud certification enablement to the forefront, sharing their expertise after 30 years each in banking and cybersecurity, respectively. Registration is now open with special discounts being offered through November 1.
Those attending the [[2019 CSA EMEA Congress|2019.11.20 - CSA Congress EMEA 2019 - Berlin]] will also be privy to the inside scoop from some of the top cloud security media, learning about the elements behind a breaking story, research required, the missing pieces, challenges and how journalists might re-write the story over again.
"CSA has led the industry in research and development of best practices surrounding the General Data Protection Regulation (GDPR) and how it relates to cloud security. This year's ''CSA EMEA Congress'' will continue to build on lessons learned 18 months after GDPR's implementation as part of our ongoing mission to help both customers and cloud providers navigate the confluence of security, privacy, governance and compliance," said Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance.
Focusing on two tracks — ''Cloud Privacy, Governance, and Compliance'' and ''Best Practices in Cybersecurity'' — attendees will have the chance to hear from some of the leading cloud and privacy thought leaders and policy makers.
The following panels and speakers have been added to the agenda:
* ''The European Cloud Certification Scheme: Forward Together''. Presenter: Prof. William Ochs, EMEA Cloud Certification Enablement Manager, Cisco and co-chair of CSP CERT.
** This session will review the origins of the European-wide Cloud Certification scheme, its security levels, and provide participants with both the current state of codification efforts and a picture of the next steps currently underway within both ENISA and the EU Commission. Alignment of the certification, with respect to CSA, will also be discussed. Participants will be prepared with a current understanding of CSPCERT's recommended steps for the EU Commission and ENISA, whom are key EU stakeholders with respect to cloud security certification strategies.
* ''Risk Governance on Cloud Adoption and Information Security in a Tightly Regulated Environment''. Presenter: Rolf Becker, UBS Business Solutions AG, Cloud Business Office Risk Governance.
** Cloud adoption is an enabler for efficiency, scalability, flexibility, and survival critical in a rapidly changing business environment. Attendees will learn how risk governance is an enabler for cloud adoption within highly regulated industries, such as financial services, and how it simultaneously helps organizations comply with regulatory and client demands for transparency and control.
* Panel: ''Press Perception of Cloud Technology''.
** With increased security threats to cloud technology and services quickly demanding the attention and reporting from the nation's top media, there is a lot to translate and comprehend to understand this highly complex and technical industry. In this session, some of the most credible and knowledgeable media in cloud reporting come together for a friendly discussion on cloud reporting greatness, grief and grunts. They'll pull back the curtain on some of their most recent reporting to help the audience understand the elements behind a breaking story, research required, the missing pieces, challenges and how they might re-write the story all over again. Attendees will also get a sneak peek into stories in development for the next cloud news item.
//
<<<
Pour en savoir plus et s'inscrire :
* Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/jaoa/|https://cloudsecurityalliance.fr/go/jaoa/]]''
* Détails et inscription ⇒ ''[[CloudSecurityAlliance.fr/go/jBjE/|https://cloudsecurityalliance.fr/go/jBjE/]]''
!"//Corporate Contractors and the Requirement for Zero-Trust Network Access//"
[>img(150px,auto)[iCSA/JALBC.jpg]]Article de blog publié le 21 octobre 2019 — Rédigé par Etay Bogner, VP, Zero-Trust Products Proofpoint, auparavant PDG de Meta Networks
<<<
//It's not a stretch to say that most industries and organizations today have contractors in the mix who need remote access to the company's network. Yet the traditional virtual private network (VPN) method of enabling access for corporate contractors — as well as other third parties such as vendors, partners, and customers — has a key flaw. The VPN model, by design, requires companies to place excessive trust in every contractor and third party who taps into the network, when a "zero trust" approach is really what's needed.
What I mean by that is that contractors generally only require access to specific applications on the network to conduct company business, not to have free reign over the whole enchilada. Companies take security risks by enabling their team of remote contractors to have excessive access. To limit those risks, IT administrators are wise to upgrade from a conventional VPN approach and adopting a software-defined perimeter (SDP) security model that enables the principles of zero-trust security. What it means to have zero-trust network access is that the solution not only provides segmented access for every user, but also verifies and audits that access.
Here's an example of what this might look like in practice if you have two remote contractors — let's call them A and B. With zero-trust SDP architecture, Remote Contractor A might have her access restricted to a single cloud-based application, as well as one application in the data center. Meanwhile, Remote Contractor B might only be able to access one application at headquarters. Neither Remote Contractor A nor Remote Contractor B are greenlighted to access the full corporate network/data center, but instead receive very finely grained access, as granted by IT, based on each manager's and/or department's project requirements.
As you can imagine, there are a number of clear benefits in providing zero-trust network access for all of your corporate contractors. Below is a summary of four of the key advantages:
# ''Risk reduction''. VPNs create a high-risk situation in terms of providing network access to remote contractors, as VPNs were not designed with this particular use case in mind. Alternatively, using a zero-trust SDP network allows for the creation of boundaries around any application based on identity and context. An SDP approach also allows an enterprise to ensure that each contractor's device follows a customized policy that's enforced. Meanwhile, any resources that a specific contractor is unauthorized to access remain invisible to the contractor, which reduces the surface for potential attacks.
# ''App-specific access, not full network access''. On a related note, the SDP allows your company to outline security policies at a granular level, associating specific remote contractors with the exact applications and/or services that they require. This is a huge security advantage compared to VPNs, which roll out free access to the entire corporate network. SDP can accomplish this goal easily since each contractor's user device can be assigned its own authenticated, unique identity, which then gets verified and authorized for every packet in real-time. Segmenting and securing access means that IT can designate each contractor the exact access he or she requires for a specific job to a limited subset of applications. This helps avoid potential security risks as mentioned above, as well as operational overhead.
# ''Easy management''. VPN configuration is notoriously complex, but an SDP approach allows for much simpler processes and management. You can use one cloud console to manage access policies for all enterprise resources in the cloud or data center. You can also easily tackle tasks like:
** Onboarding new remote contractors
** Assigning role-based policies
** Sending a link to enable remote contractors to access a specific application from their browser
In particular, the onboarding of new contractors can be a real headache with a traditional VPN client, requiring annoying configuration issues and time-consuming troubleshooting, which can quickly become unsustainable if you're not managing contractors' devices. Fully onboarding a new remote contractor could potentially take days or even weeks in this circumstance, presenting impediments to your enterprise's ability to focus on key parts of your business. These distractions vanish when you switch to an SDP solution.
# ''Superior experience for contractors''. No more VPN headaches for your remote contractors; SDP allows for a much more consistent and reliable experience with easy, transparent, worldwide access. The central management of a zero-trust network, which covers all of your applications and data, as well as all of your contractors and other third parties, assures not only granular security for the enterprise, but also a positive experience for users that will help improve retention of remote contractors.
If you have a widely distributed workforce or work with remote contractors in any capacity, consider the above benefits when weighing whether to continue with a legacy-style VPN, or switch to an architecture that's user-centric and zero-trust. The latter offers secure, granular, controlled access to specific parts of your network or software platform and can be enforced consistently no matter where contractors are based or working — huge benefits in today's increasingly distributed work environment.//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/jalb/]] sur le blog de la CSA.
⇒ https://blog.cloudsecurityalliance.org/2019/10/21/corporate-contractors-and-the-requirement-for-zero-trust-network-access/
!!1 - Informations CSA de la semaine du 14 au 20 octobre 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : ''Introducing Reflexive Security for integrating security, development and operations''+++*[»]> <<tiddler [[2019.10.14 - Blog : 'Introducing Reflexive Security for integrating security, development and operations']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.10.20 - Veille Hebdomadaire - 20 octobre]] avec plus de 50 liens :
* __''À lire'' :__ Document "''Trusted Cloud: Microsoft Azure security, privacy, compliance, resiliency, and protected IP''"+++*[»]>
|2019.10.16|//Microsoft Azure//|[[Trusted Cloud: security, privacy, compliance, resiliency, and IP|https://azure.microsoft.com/en-us/blog/trusted-cloud-security-privacy-compliance-resiliency-and-ip/]] ([[document|http://download.microsoft.com/download/1/6/0/160216AA-8445-480B-B60F-5C8EC8067FCA/WindowsAzure-SecurityPrivacyCompliance.pdf]])|Compliance Resilience|
===
* Alerte : malware ''Graboid'' visant des containers Docker+++*[»]>
|2019.10.16|//PaloAlto Networks//|![[Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub|https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/]]|Docker
CryptoJacking
Attacks|
|2019.10.16|Bleeping Computer| → [[Unsecured Docker Hosts Attacked by New Graboid Cryptojacking Worm|https://www.bleepingcomputer.com/news/security/unsecured-docker-hosts-attacked-by-new-graboid-cryptojacking-worm/]]|~|
|2019.10.16|Dark Reading| → [[Cryptojacking Worm Targets and Infects 2,000 Docker Hosts|https://www.darkreading.com/cloud/cryptojacking-worm-targets-and-infects-2000-docker-hosts/d/d-id/1336104]]|~|
|2019.10.16|DataBreach Today| → [['Graboid' Cryptojacking Worm Spreads Through Containers|https://www.databreachtoday.com/graboid-crytopjacking-worm-spreads-through-containers-a-13256]]|~|
|2019.10.16|//Threatpost//| → [[Docker Containers Riddled with Graboid Crypto-Worm|https://threatpost.com/docker-containers-graboid-crypto-worm/149235/]]|~|
===, analyse de 2 vulnérabilités Kubernetes+++*[»]>
|2019.10.16|//PaloAlto Networks//|![[Analysis of Two Newly Patched Kubernetes Vulnerabilities|https://blog.paloaltonetworks.com/2019/10/cloud-kubernetes-vulnerabilities/]]|K8s CVE-2019-11253 CVE-2019-16276|
|2019.10.16|//Threatpost//| → [[Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS|https://threatpost.com/kubernetes-bugs-authentication-bypass-dos/149265/]]|K8s CVE-2019-11253 CVE-2019-16276|
===
* __Pannes__ : authentification O365 (18 oct.)+++*[»]>
|2019.10.18|Bleeping Computer|[[Microsoft 365 Authentication Outage, Users Unable to Login|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-authentication-outage-users-unable-to-login/]]|Outage
O365|
|2019.10.18|//Microsoft//| → [[Admins who are unable to access the admin center can find updates on the MFA outage MO193431 through status.office.com|https://mobile.twitter.com/MSFT365Status/status/1185211082941648897]]|~|
|2019.10.18|Redmond Channel Partner| → [[Azure AD Outage Linked to Multifactor Authentication Issues|https://rcpmag.com/articles/2019/10/18/azure-ad-outage-linked-to-mfa.aspx]]|~|
|2019.10.25|The Register| → [[You're flowing it wrong: Bad network route between Microsoft, Apple blamed for Azure, O365 MFA outage|https://www.theregister.co.uk/2019/10/25/microsoft_outage_explainer/]]|~|
===
* __Divers__ : Cloud Souverain et "Cloud de Confiance", sécurisation de containers Docker
!3 - Conférences et Salons
* Le programme de la ''Cloud & Cyber Security Expo'' des ''27 et 28 novembre'' à Paris est partiellement disponible :
** Premier teaser et inscription gratuite+++*[»]> <<tiddler [[2019.10.11 - Cloud & Cyber Security Expo - Inscription et Extrait du Programme (1/3)]]>>===
** Animation d'une table ronde sur la ''Cyber-Résilence dans le Cloud''+++*[»]> <<tiddler [[2019.10.07 - Cloud & Cyber Security Expo les 27 et 28 novembre 2019]]>>===
* Les inscriptions pour le ''Congrès Européen'' des ''18 au 21 novembre'' à Berlin sont toujours ouverte+++*[»]> <<tiddler [[2019.09.04 - Annonce du programme du Congrès CSA EMEA en Novembre à Berlin]]>>===
** Contactez-nous pour avoir une réduction sur votre inscription.+++*[»]> → [img(200px,auto)[iCSF/Email-CSA_FR.png]]===
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.10.19|
|2019.10.19|//JumpCloud//|[[Top Cloud Directory Service|https://jumpcloud.com/blog/top-cloud-directory-service/]]|Directories|
|>|>|>|!2019.10.18|
|2019.10.18|Bleeping Computer|[[Microsoft 365 Authentication Outage, Users Unable to Login|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-authentication-outage-users-unable-to-login/]]|Outage O365|
|2019.10.18|//Microsoft//| → [[Admins who are unable to access the admin center can find updates on the MFA outage MO193431 through status.office.com|https://mobile.twitter.com/MSFT365Status/status/1185211082941648897]]|Outage O365|
|2019.10.18|Redmond Channel Partner| → [[Azure AD Outage Linked to Multifactor Authentication Issues|https://rcpmag.com/articles/2019/10/18/azure-ad-outage-linked-to-mfa.aspx]]|Outage O365|
|2019.10.18|Security Boulevard|[[Hybrid Cloud's Impact on Financial Services Security|https://securityboulevard.com/2019/10/hybrid-clouds-impact-on-financial-services-security/]]|Misc|
|2019.10.18|JDSupra|[[Singapore Issues Guidelines on Personal Data Protection and Cloud Services|https://www.jdsupra.com/legalnews/singapore-issues-guidelines-on-personal-30298/]]|Singapore Regulations|
|2019.10.18|CBR Online|[[The Security Risks of Cloud Computing Start With You|https://www.cbronline.com/feature/security-risks-of-cloud-computin]]|Risks|
|2019.10.18|Container Journal|[[Multi-Cloud, Hybrid Cloud and Kubernetes|https://containerjournal.com/topics/container-ecosystems/multi-cloud-hybrid-cloud-and-kubernetes/]]|K8s Hybrid_Cloud|
|!2019.10.18|Intelligent CISO|[[Reclaiming the Cloud How Cisos Can Ensure Security in Cloud Initiatives|https://www.intelligentciso.com/2019/10/18/reclaiming-the-cloud-how-cisos-can-ensure-security-in-cloud-initiatives/]]|Governance|
|>|>|>|!2019.10.17|
|2019.10.17|Anton Chuvakin|[[Move to Cloud: A Chance to Finally Transform Security?|https://medium.com/anton-on-security/move-to-cloud-a-chance-to-finally-transform-security-e9614aae4f9c]]|Misc|
|2019.10.17|Infosec Island|[[Myth Busters: How to Securely Migrate to the Cloud|http://www.infosecisland.com/blogview/25225-Myth-Busters-How-to-Securely-Migrate-to-the-Cloud.html]]|Migration|
|2019.10.17|Bleeping Computer|[[Microsoft Adds Azure AD Sign-In History to Detect Unusual Activity|https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-azure-ad-sign-in-history-to-detect-unusual-activity/]]|AzureAD Detection|
|2019.10.17|FedScoop|[[Pentagon developing JEDI cloud deployment security guidance|https://www.fedscoop.com/pentagon-jedi-security-guidance/]]|Government JEDI|
|2019.10.17|Solutions Review|[[8 Cloud Security Questions Your Business Needs to Ask|https://solutionsreview.com/cloud-platforms/8-cloud-security-questions-your-business-needs-to-ask/]]|Misc|
|2019.10.17|//Managed Methods//|[[5 Ways To Detect A Cloud Account Takeover|https://managedmethods.com/blog/5-ways-to-detect-a-cloud-account-takeover/]]|Detection|
|2019.10.17|//Panda Security//|[[48% of corporate data is now stored on the cloud|https://www.pandasecurity.com/mediacenter/security/cloud-security-encryption/]]|Storage|
|2019.10.17|//Radware//|[[Radware Unveils WAF for Kubernetes|https://containerjournal.com/topics/container-security/radware-unveils-waf-for-kubernetes/]]|K8s WAF|
|2019.10.17|//CompareTheCloud|//|[[6 Pros and Cons of Cloud Storage for Business|https://www.comparethecloud.net/articles/6-pros-and-cons-of-cloud-storage-for-business/]]|Storage|
|2019.10.17|//Google Cloud//|[[Best practices for a more secure login in Google Cloud|https://cloud.google.com/blog/products/identity-security/best-practices-for-a-more-secure-login-in-google-cloud]]|GCP Authentication|
|2019.10.17|//AWS//|![[Denial of Service Attack Mitigation on AWS|https://aws.amazon.com/answers/networking/aws-ddos-attack-mitigation/]]|AWS DDoS Mitigation|
|2019.10.17|//Panther Labs//|[[Announcing Panther: A Cloud-Native, Continuous Security Monitoring Platform|https://blog.runpanther.io/run-panther/]]|SIEM Tools|
|>|>|>|!2019.10.16|
|2019.10.16|Sky News|[[Job applicants worried as hundreds of thousands of CVs exposed online|https://news.sky.com/story/job-applicants-worried-as-hundreds-of-thousands-of-cvs-exposed-online-11836935]]|DataBreach AWS Misconfiguration|
|2019.10.17|SiliconAngle| → [[250,000 resumes exposed in latest case of misconfigured cloud storage|https://siliconangle.com/2019/10/17/250000-resumes-exposed-latest-case-misconfigured-aws-cloud-storage/]]|DataBreach AWS Misconfiguration|
|2019.10.17|SC Magazine| → [[Open AWS buckets expose more than 200K CVs at two online recruitment firms|https://www.scmagazine.com/home/security-news/cloud-security/open-aws-buckets-expose-more-than-200k-cvs-at-two-online-recruitment-firms/]]|DataBreach AWS Misconfiguration|
|2019.10.16|Open Web Foundation|[[Rudr: A Kubernetes implementation of the Open Application Model specification|https://github.com/oam-dev/rudr]]|K8s Tools|
|2019.10.16|Open Web Foundation| → [[Open Application Model|https://openappmodel.io/]]|K8s Tools|
|2019.10.17|//Alibaba Cloud//| → [[Announcing the Open Application Model (OAM), an Open Standard for Developing and Operating Applications on Kubernetes and Other Platforms|https://medium.com/@Alibaba_Cloud/announcing-the-open-application-model-oam-an-open-standard-for-developing-and-operating-909c4fa16a6]]|K8s Tools OAM|
|2019.10.16|CBR Online|[[Sovereign Cloud: Where in the World is Public Sector Data Stored?|https://www.cbronline.com/opinion/sovereign-cloud]]|Sovereign_Cloud|
|2019.10.16|//PaloAlto Networks//|![[Graboid: First-Ever Cryptojacking Worm Found in Images on Docker Hub|https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/]]|Docker CryptoJacking Attacks Graboid|
|2019.10.16|Bleeping Computer| → [[Unsecured Docker Hosts Attacked by New Graboid Cryptojacking Worm|https://www.bleepingcomputer.com/news/security/unsecured-docker-hosts-attacked-by-new-graboid-cryptojacking-worm/]]|Docker CryptoJacking Attacks Graboid|
|2019.10.16|Dark Reading| → [[Cryptojacking Worm Targets and Infects 2,000 Docker Hosts|https://www.darkreading.com/cloud/cryptojacking-worm-targets-and-infects-2000-docker-hosts/d/d-id/1336104]]|Docker CryptoJacking Attacks Graboid|
|2019.10.16|DataBreach Today| → [['Graboid' Cryptojacking Worm Spreads Through Containers|https://www.databreachtoday.com/graboid-crytopjacking-worm-spreads-through-containers-a-13256]]|Docker CryptoJacking Attacks Graboid|
|2019.10.16|//Threatpost//| → [[Docker Containers Riddled with Graboid Crypto-Worm|https://threatpost.com/docker-containers-graboid-crypto-worm/149235/]]|Docker CryptoJacking Attacks Graboid|
|2019.10.16|//Tripwire//|[[Revisiting The Concepts of Disaster Recovery and Risk as Organizations Move Their Infrastructure To The Cloud|https://www.tripwire.com/state-of-security/security-data-protection/cloud/revisiting-the-concepts-of-disaster-recovery-and-risk-as-organizations-move-their-infrastructure-to-the-cloud/]]|DRP|
|2019.10.16|//PaloAlto Networks//|![[Analysis of Two Newly Patched Kubernetes Vulnerabilities|https://blog.paloaltonetworks.com/2019/10/cloud-kubernetes-vulnerabilities/]]|K8s CVE-2019-11253 CVE-2019-16276|
|2019.10.16|//Threatpost//| → [[Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS|https://threatpost.com/kubernetes-bugs-authentication-bypass-dos/149265/]]|K8s CVE-2019-11253 CVE-2019-16276|
|2019.10.16|//Microsoft Azure//|[[Trusted Cloud: security, privacy, compliance, resiliency, and IP|https://azure.microsoft.com/en-us/blog/trusted-cloud-security-privacy-compliance-resiliency-and-ip/]] ([[document|http://download.microsoft.com/download/1/6/0/160216AA-8445-480B-B60F-5C8EC8067FCA/WindowsAzure-SecurityPrivacyCompliance.pdf]])|Compliance Resilience|
|2019.10.16|//Forcepoint//|[[Exploring SaaS security best practices|https://www.forcepoint.com/blog/insights/exploring-saas-security-best-practices]]|Misc|
|2019.10.16|//Cloud Academy//|[[AWS Security: Bastion Hosts, NAT instances and VPC Peering|https://cloudacademy.com/blog/aws-bastion-host-nat-instances-vpc-peering-security/]]|Bastion|
|>|>|>|!2019.10.15|
|2019.10.15|Ajay Kumar|[[How CASB Can Help Cloud Security Concerns?|https://medium.com/@intouchajay/how-casb-can-help-cloud-security-concerns-710b77941e19]]|CASB|
|2019.10.15|Security Week|![[Securing All Cloud Deployments With a Single Strategy|https://www.securityweek.com/securing-all-cloud-deployments-single-strategy]]|Strategy|
|2019.10.15|//AT&T Cybersecurity//|[[Security monitoring for managed cloud Kubernetes|https://www.alienvault.com/blogs/labs-research/security-monitoring-for-managed-cloud-kubernetes]]|K8s Monitoring|
|2019.10.15|//CyberArk//|[[Keeping up with cloud threats|https://www.professionalsecurity.co.uk/products/cyber/keeping-up-with-cloud-threats/]]|Threats|
|>|>|>|!2019.10.14|
|2019.10.14|Les Echos[>img[iCSF/flag_fr.png]]|[[La France cherche son "cloud de confiance"|https://www.lesechos.fr/tech-medias/hightech/la-france-cherche-son-cloud-de-confiance-1139875]]|Sovereign_Cloud|
|2019.10.14|Wojciech|[[Fun with Amazon S3 - Leaks and bucket takeover attack|https://medium.com/@woj_ciech/fun-with-amazon-s3-leaks-and-bucket-takeover-attack-ddb17da1c431]]|AWS Data_Leaks S3|
|2019.10.14|0x00sec|![[Securing Docker Containers|https://0x00sec.org/t/securing-docker-containers/16913/1]]|Docker Best_Practices|
|2019.10.14|Infosec Institute|[[AWS vs. Azure vs. Cloud+: To specialize, generalize or both?|https://resources.infosecinstitute.com/aws-vs-azure-vs-cloud-plus/]]|Training Certification|
|2019.10.14|Dark Reading|[[When Using Cloud, Paranoia Can Pay Off|https://www.darkreading.com/cloud/when-using-cloud-paranoia-can-pay-off/d/d-id/1336075]]|Misc|
|2019.10.14|Dirk-jan Mollema|[[Office 365 network attacks - Gaining access to emails and files via an insecure Reply URL|https://dirkjanm.io/office-365-network-attacks-via-insecure-reply-url/]]|O365 Exploit|
|2019.10.14|//Vera//|[[Mitigating Cloud Misconfiguration Risks to Your Data|https://vmblog.com/archive/2019/10/14/mitigating-cloud-misconfiguration-risks-to-your-data.aspx]]|Risks|
|2019.10.14|//JumpCloud//|[[GPOs "as-a-Service"|https://jumpcloud.com/blog/gpos-as-a-service/]]|GPO|
|2019.10.14|//Viruss//|[[Defining Cloud Security - Is It the Endpoint, Your Data, or the Environment?|http://www.viruss.eu/virus-news/defining-cloud-security-is-it-the-endpoint-your-data-or-the-environment/]]|Misc|
|2019.10.14|//Tripwire//|[[Private Cloud vs Public Cloud Security Challenges|https://www.tripwire.com/state-of-security/security-data-protection/cloud/private-public-cloud-security-challenges/]]|Challenges|
|2019.10.14|//Securosis//|[[Enterprise DevSecOps: Security Test Integration and Tooling|https://securosis.com/blog/enterprise-devsecops-security-test-integration-and-tooling]]|DevSecOps|
!"//Introducing Reflexive Security for integrating security, development and operations//"
[>img(150px,auto)[iCSA/JAEBI.jpg]]Article de blog publié le 14 octobre 2019 — Rédigé par le groupe de travail CSA DevSecOps
<<<
//Organizations today are confronted with spiraling compliance governance costs, a shortage of information security professionals, and a disconnect between strategic security and operational security. Due to these challenges, more and more companies value agility and integrated operations. In short, a security management program must now deliver more for less to match the needs of becoming cost efficient.
How can organizations accomplish this task? In order to answer that question, CSA recently published a document defining ''Reflexive Security'', a new framework that addresses today's increasing risks and cybersecurity threats.
[>img(250px,auto)[iCSA/J87PS.png]]__Information Security Management through Reflexive Security - Six Pillars in the Integration of Security, Development and Operations__+++*[»]> <<tiddler [[2019.08.07 - Publication : 'Six Pillars of DevSecOps']]>>===
This document provides a flexible framework that:
* Focuses on collaboration and integration
* Is outcome-oriented
* Provides a "reflexive" response to risks.
The word "Reflexive" comes from the reflexive relation in mathematical sets, where every element in such a relation is related to itself. In Reflexive Security, every action taken is related to the context of the security at hand and needs of the organization itself.
__Reflexive Security versus ISMS__
While the information security management system (ISMS) approach is well-defined by the International Standard ISO/IEC 27001, organizations who thrive with agile development or other collaborative-oriented processes have found it valuable to use the Reflexive Security framework. They value it for its non-prescriptive, holistic, needs-based, and interactive approach, especially with their existing activities that are already tightly-integrated.
Reflexive Security builds on the examples from Agile development and DevOps movements, and is solely focused on a collaborative and integrated environment. It is especially suited for cloud environments, which are crucial for facilitating efficiencies for development and operation teams. Compared to the ISMS approach, Reflexive Security is like using Agile software development versus the Waterfall mindset.
Reflexive Security also emphasizes security across organizational roles that reacts to external and internal threats. Similar to the body's immune system, Reflexive Security values the balance of decentralization and centralization over a top-down leadership approach. This is so responsibilities and activities of information security management are infused to all members of the organization.
The document describes the core principles of Reflexive Security in "Six Pillars," which leads to the "Six Benefits," and also explores a number of strategies for the fulfillment of this framework.
__The Six Pillars of Reflexive Security (abbreviated as "RAMPAC"):__
* ''Responsible collectively'': Security leadership plays a shepherding role for information security within an organization; everyone is responsible for an organization's security.
* ''Pragmatic'': Security should provide value, not a hindrance.
* ''Align and bridge'': Organizational risks and requirements must be fully aligned in order to derive maximum effectiveness and value from security processes.
* ''Automate'': Automated security practices are the core of optimizing process efficiency.
* ''Measure and improve'': Performance that cannot be measured cannot be improved.
* ''Collaborate and integrate'': Arguably the most important Pillar. Security can only be achieved through collaboration, not confrontation. A security-aware and collaborative culture is necessary for everyone to feel comfortable reporting potential anomalies.
__The Six Benefits of Reflexive Security:__
* ''Human-centric'': Security is integrated and internalized as an aspect of everyone's work, and requires mind-share within every employee.
* ''Elastic'': Growing maturity of a Reflexive Security approach could lead to achievement of formal ISMS requirements, while being flexible enough to only target critical areas for maximum value based on actual risks.
* ''Apt and holistic'': Focused on business needs and responding to the actual risk context faced by the organization when compared to traditional information security management.
* ''Resilient'': Security no longer relies on a single security function, but security practices are integrated with business processes and embedded throughout the organization.
* ''Tailored'': Prioritized approach to provision stronger protection to core or more vulnerable processes over those less exploitable.
* ''Dynamic'': The protection of business goals is performed by integrating security with business processes, allowing the organization to react faster and more effectively to threats and incidents.
__Key Takeaways__
Reflexive Security is an information security management strategy that is dynamic, interactive, holistic, and effective. It represents cultural practices extrapolated from existing collaborative concepts and practices, and provides a set of widely implicating and easily understandable principles that affect an organization's cybersecurity posture. This approach is especially suitable for organizations operating under resource and personnel constraints in today's fast-paced and challenging cybersecurity landscape.//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/jaeb/]] sur le blog de la CSA.
!!1 - Informations CSA de la semaine du 7 au 13 octobre 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : ''Cloud Penetration Testing the Capital One Breach''+++*[»]> <<tiddler [[2019.10.10 - Blog : 'Cloud Penetration Testing the Capital One Breach']]>>===
* Blog : ''It's all about the Data! - Preventative Security''+++*[»]> <<tiddler [[2019.10.08 - Blog : 'It's all about the Data! - Preventative Security']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.10.13 - Veille Hebdomadaire - 13 octobre]] avec plus de 70 liens :
* __''À consulter'' :__ "Azure Benchmark" du CIS+++*[»]>
|2019.10.10|//Microsoft//|[[CIS Azure Security Foundations Benchmark open for comment|https://azure.microsoft.com/en-us/blog/cis-azure-security-foundations-benchmark-open-for-comment/]] ([[draft|https://azure.microsoft.com/mediahandler/files/resourcefiles/azure-cloud-security-benchmark-draft/azure-cloud-security-benchmark-draft.pdf]])|Azure CIS_Benchmark|
|2019.10.10|Center for Internet Security| → [[CIS Microsoft Azure Foundations Benchmark v1.0.0 Now Available|https://www.cisecurity.org/blog/cis-microsoft-azure-foundations-benchmark-v1-0-0-now-available/]] ([[téléchargement|https://www.cisecurity.org/benchmark/azure/]])|Azure CIS_Benchmark|
===
* Sécurité des Managed Service Providers : un appel à commentaires sur un document du ''NIST'' et quelques pistes d'amélioration par MalwareBytes
* Rapports et sondages : FireEye, Thales
* __Divers__ : CLOUD Act en Australie et en Suisse, réduction de la surface d'attaque
!3 - Conférences et Salons
* Le programme de la ''Cloud & Cyber Security Expo'' des ''27 et 28 novembre'' à Paris est partiellement disponible :
** Premier teaser et inscription gratuite+++*[»]> <<tiddler [[2019.10.11 - Cloud & Cyber Security Expo - Inscription et Extrait du Programme (1/3)]]>>===
** Animation d'une table ronde sur la ''Cyber-Résilence dans le Cloud''+++*[»]> <<tiddler [[2019.10.07 - Cloud & Cyber Security Expo les 27 et 28 novembre 2019]]>>===
* Les inscriptions pour le ''Congrès Européen'' des ''18 au 21 novembre'' à Berlin sont toujours ouverte+++*[»]> <<tiddler [[2019.09.04 - Annonce du programme du Congrès CSA EMEA en Novembre à Berlin]]>>===
** Contactez-nous pour avoir une réduction sur votre inscription.+++*[»]> → [img(200px,auto)[iCSF/Email-CSA_FR.png]]===
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.10.12|
|2019.10.12|CyberDefense Mag|[[What Can You Do To Secure Your Data In The Cloud?|https://www.cyberdefensemagazine.com/what-can-you-do/]]|Risks|
|2019.10.12|//BitDefender//|[[Organizations Fail to Implement Cloud Security Basics - And it Bites Them|https://businessinsights.bitdefender.com/organizations-fail-to-implement-cloud-security-basics]]|Threats Guidance|
|>|>|>|!2019.10.11|
|2019.10.11|Security Boulevard|[[The Progression to Cloud Directory Services|https://securityboulevard.com/2019/10/the-progression-to-cloud-directory-services/]]|Directories|
|2019.10.11|Silicon Republic|[[AWS's Abby Fuller on balancing progress with security|https://www.siliconrepublic.com/enterprise/abby-fuller-amazon-web-services-cloud]]|Misc|
|2019.10.11|//Duo Security//|![[Imperva Breach Stemmed From Compromised Internal Compute Instance|https://duo.com/decipher/imperva-breach-stemmed-from-compromised-internal-compute-instance]]|DataBreach Imperva Analysis|
|2019.10.11|//MalwareBytes//|![[Securing the managed service provider (MSP)|https://blog.malwarebytes.com/business-2/2019/10/securing-the-managed-service-provider-msp/]]|MSP|
|>|>|>|!2019.10.10|
|2019.10.11|DZone|[[Top 5 Security Practices for AWS Backup|https://dzone.com/articles/top-5-security-practices-for-aws-backup]]|AWS Backups|
|2019.10.11|//OVHcloud//|[[Looking Back at OVHCloud Summit 2019|https://www.ovh.com/blog/looking-back-at-ovhcloud-summit-2019/]]|OVHcloud|
|2019.10.10|Silicon.fr[>img[iCSF/flag_fr.png]]| → [[OVH affirme son identité cloud et joue l'alternative de confiance|https://www.silicon.fr/ovh-cloud-confiance-263407.html]]|OVHcloud|
|>|>|>|!2019.10.10|
|2019.10.10|AllNews.ch[>img[iCSF/flag_fr.png]]|[[CLOUD Act américain: l'ASB demande des clarifications|https://www.allnews.ch/content/r%C3%A9glementation/cloud-act-am%C3%A9ricain-l%E2%80%99asb-demande-des-clarifications]]|CLOUD_Act Switzerland|
|2019.10.10|Dark Reading|[[Network Security Must Transition into the Cloud Era|https://www.darkreading.com/cloud/network-security-must-transition-into-the-cloud-era/a/d-id/1335978]]|Networking|
|2019.10.10|nixCraft|[[Set Up a Basic Iptables Firewall on Amazon Linux AMI|https://www.cyberciti.biz/faq/set-up-a-basic-iptables-firewall-on-amazon-linux-ami/]]|AWS AMI Firewall|
|2019.10.10|The Last Watchdog|[[CASBs help companies meet 'shared responsibility' for complex, rising cloud risks|https://www.lastwatchdog.com/my-take-casbs-help-companies-meet-shared-responsibility-for-complex-rising-cloud-risks/]]|CASB Shared_Responsibility|
|2019.10.10|CBR Online|![[Does Containerisation Spell the End for Virtualisation?|https://www.cbronline.com/news/kubernetes-and-containerisation]]|K8s Containers|
|2019.10.10|Cloud Native Computing Foundation|[[How to make containers an architect's best friend|
|2019.10.10|Open Access Government|[[Top five areas of focus for CISOs when it comes to the cloud and cybersecurity|https://www.openaccessgovernment.org/cisos-cloud-and-cybersecurity/75363/]]|Guidance|
|2019.10.10|//Microsoft Azure//|[[16 new built-in roles - including Global reader - now available in preview|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/16-new-built-in-roles-including-Global-reader-now-available-in/ba-p/900749]]|AzureAD|
|2019.10.11|Bleeping Computer| → [[Microsoft Improves Azure Active Directory Security with New Roles|https://www.bleepingcomputer.com/news/microsoft/microsoft-improves-azure-active-directory-security-with-new-roles/]]|AzureAD|
|2019.10.10|//Managed Methods//|[[How Cloud DLP Fits Into Your Cybersecurity Infrastructure|https://managedmethods.com/blog/cloud-dlp-your-cybersecurity-infrastructure/]]|DLP|
|2019.10.10|//eXemplify//|[[The 4 Industries That Get the Most Out of Cloud Security|http://www.exemplifygroup.com/the-4-industries-that-get-the-most-out-of-cloud-security/]] (infographie)|Misc|
|2019.10.10|//CloudCheckr//|[[Why the Best Financial Services Are Turning to the Cloud for Risk Management|https://cloudcheckr.com/cloud-cost-management/why-the-best-financial-services-are-turning-to-the-cloud-for-risk-management/]]|Risks|
|2019.10.10|//Alibaba Cloud//|[[Building a Serverless Application on Alibaba Cloud (Part 1)|https://medium.com/@Alibaba_Cloud/building-a-serverless-application-on-alibaba-cloud-part-1-91a439e5a949]] (1/2)|Alibaba Serverless|
|2019.10.10|//Alibaba Cloud//|[[Building a Serverless Application on Alibaba Cloud (Part 2)|https://medium.com/@Alibaba_Cloud/building-a-serverless-application-on-alibaba-cloud-part-2-d710e722cf8e]] (2/2)|Alibaba Serverless|
|2019.10.10|//Threatstack//|[[20 DevSecOps Pros Reveal the Most Important Considerations in Building a DevSecOps Pipeline|https://www.threatstack.com/blog/20-devsecops-pros-reveal-the-most-important-considerations-in-building-a-devsecops-pipeline]]|DevSecOps|
|2019.10.10|//Securosis//|[[Enterprise DevSecOps: How Security Works With Development|https://securosis.com/blog/enterprise-devsecops-how-security-works-with-development]]|DevSecOps|
|2019.10.10|//Cloudbric//|[[A Guide to PCI Compliance in the Cloud|https://www.cloudbric.com/blog/2019/10/pci-compliance-cloud-guide/]]|PCI_DSS Compliance|
|2019.10.10|//Microsoft//|[[CIS Azure Security Foundations Benchmark open for comment|https://azure.microsoft.com/en-us/blog/cis-azure-security-foundations-benchmark-open-for-comment/]] ([[draft|https://azure.microsoft.com/mediahandler/files/resourcefiles/azure-cloud-security-benchmark-draft/azure-cloud-security-benchmark-draft.pdf]])|Azure CIS_Benchmark|
|2019.10.10|Center for Internet Security| → [[CIS Microsoft Azure Foundations Benchmark v1.0.0 Now Available|https://www.cisecurity.org/blog/cis-microsoft-azure-foundations-benchmark-v1-0-0-now-available/]] ([[téléchargement|https://www.cisecurity.org/benchmark/azure/]])|Azure CIS_Benchmark|
|2019.10.10|//ExtraHop//|[[Boost Your Security in AWS|https://www.extrahop.com/company/blog/2019/essential-aws-security-features-to-know/]]|AWS|
|>|>|>|!2019.10.09|
|2019.10.09|Bleeping Computer|[[Beware of Fake Amazon AWS Suspension Emails for Unpaid Bills|https://www.bleepingcomputer.com/news/security/beware-of-fake-amazon-aws-suspension-emails-for-unpaid-bills/]]|AWS Phishing|
|2019.10.09|CyberSecurity Insiders|[[Cloud Security breach leads to a leak of 957,000 patient records|https://www.cybersecurity-insiders.com/cloud-security-breach-leads-to-a-leak-of-957000-patient-records/]]|Data_Breaches Misconfigurations|
|2019.10.09|DevOps.com|[[Common Cloud Security Mistakes and How to Avoid Them|https://devops.com/common-cloud-security-mistakes-and-how-to-avoid-them/]]|Risks Guidance|
|2019.10.09|Container Journal|[[Demystifying Persistent Storage Myths for Stateful Workloads in Kubernetes|https://containerjournal.com/topics/container-networking/demystifying-persistent-storage-myths-for-stateful-workloads-in-kubernetes/]]|Persistence Kubernetes|
|2019.10.09|The Register|[[US charges Singapore coin miner with conning cloud firms out of compute time|https://www.theregister.co.uk/2019/10/09/singapore_coin_miner_charged/]]|CryptoMining|
|2019.10.09|//Rapid7//|![[Avoiding the Zombie Cloud Apocalypse: How to Reduce Exposure in the Cloud|https://blog.rapid7.com/2019/10/09/avoiding-the-zombie-cloud-apocalypse-how-to-reduce-exposure-in-the-cloud/]]|Zombies|
|2019.10.09|//Kaspersky//|[[Protecting public clouds from common vulnerabilities|https://www.kaspersky.com/blog/vulnerabilities-in-public-clouds/28905/]]|Public_Cloud RDP SSH|
|2019.10.09|//Alibaba Cloud//|[[SSH Tunnelling With Alibaba Cloud To Expose A Local Environment|https://medium.com/@Alibaba_Cloud/ssh-tunnelling-with-alibaba-cloud-to-expose-a-local-environment-7dccfeabc5a6]]|Alibaba SSH|
|>|>|>|!2019.10.08|
|2019.10.08|Silicon.fr[>img[iCSF/flag_fr.png]]|![[Cloud souverain : quels candidats pour les trois contrats|https://www.silicon.fr/cloud-souverain-candidats-263205.html]]|Sovereign_Cloud|
|2019.10.08|NIST|![[Improving Cybersecurity of Managed Service Providers|https://www.nccoe.nist.gov/projects/building-blocks/managed-service-providers]] ([[draft|https://www.nccoe.nist.gov/sites/default/files/library/project-descriptions/msp-ic-project-description-draft.pdf]], [[commentaires|https://www.nccoe.nist.gov/sites/default/files/library/msp-comments.xlsx]])|NIST MSP|
|2019.10.09|MSSP Alerts| → [[MSP Cybersecurity Initiative: NIST, NCCoE Seek Comments|https://www.msspalert.com/cybersecurity-news/msp-cybersecurity-initiative-nist-nccoe-seek-comments/]]|NIST MSP|
|2019.10.08|RIPE|[[Internet Clouds are (also) Unpredictable: A Study on the Effects of Recent Traffic Engineering Trends In Cloud Provider Networks|https://labs.ripe.net/Members/marco_chiesa/internet-clouds-are-also-unpredictable]]|Networking Latency|
|2019.10.08|Security Week|[[Cloud is Creating Security and Network Convergence|https://www.securityweek.com/cloud-creating-security-and-network-convergence]]|Misc|
|2019.10.08|Marcel Afrahim|[[Sesame Street Store & Volusion customers are comprised; how the cookie monster is stealing credit card info|https://medium.com/@marcelx/sesame-street-volusion-customers-are-comprised-how-the-cookie-monster-is-stealing-cc-numbers-21eb51ec613b]]|Supply-Chain_Attack DataBreach GCP|
|2019.10.08|ZDnet| → [[Hackers breach Volusion and start collecting card details from thousands of sites|https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/]]|Supply-Chain_Attack DataBreach GCP|
|2019.10.08|Security Boulevard|[[Public Cloud Transformation: Keys to Data Security|https://securityboulevard.com/2019/10/public-cloud-transformation-keys-to-data-security/]]|Misc|
|2019.10.08|InformationAge|[[Cyber security for IoT and edge computing|https://www.information-age.com/cyber-security-for-iot-and-edge-computing-123485616/]]|IoT|
|2019.10.08|SecureCloudBlog|[[Advisories 1-2: Azure AD and Common WS-Trust MFA Bypass explained|https://securecloud.blog/2019/10/08/advisories-1-2-azure-ad-and-common-ws-trust-mfa-bypass-explained/]]|AzureAD Attack|
|2019.10.07|ITnews AU|[[Australia, US negotiate CLOUD Act data swap pact|https://www.itnews.com.au/news/australia-us-negotiate-cloud-act-data-swap-pact-532005]]|CLOUD_Act Australia|
|2019.10.08|Help Net Security|[[Organizations need tools that support DevOps security|https://www.helpnetsecurity.com/2019/10/08/devops-security-tools/]]|Report Trendmicro|
|2019.10.08|NextGov|[[Do You Know What's Hiding in the Cloud?|https://www.nextgov.com/ideas/2019/10/do-you-know-whats-hiding-cloud/160442/]]|Misc|
|2019.10.08|//Threatpost//|[[Intimate Details on Healthcare Workers Exposed as Cloud Security Lags|https://threatpost.com/intimate-details-healthcare-workers-exposed-cloud-security/149007/]]|Risks|
|2019.10.08|//Thales//|![[Organizations worldwide failing to adequately protect sensitive data in the cloud|https://www.thalesesecurity.com/about-us/newsroom/news-releases/thales-study-organizations-worldwide-failing-adequately-protect]]|Report Thales|
|2019.10.08|//Thales//| → [[infographie '2019 Cloud Security Study|https://go.thalesesecurity.com/rs/480-LWA-970/images/2019-Ponemon-Cloud-Security-in.pdf]] et [[rapport '2019 Cloud Security Study|https://go.thalesesecurity.com/rs/480-LWA-970/images/2019-Cloud-Security-Report-sd.pdf]]|Report Thales|
|2019.10.08|Info Security Mag| → [[Global Study Finds Orgs Are Failing to Protect Data in the Cloud|https://www.infosecurity-magazine.com/news/orgs-failing-protect-data-cloud/]]|Report Thales|
|2019.10.08|VMblog| → [[Thales Study: Organizations Worldwide Failing to Adequately Protect Sensitive Data in the Cloud|https://vmblog.com/archive/2019/10/08/thales-study-organizations-worldwide-failing-to-adequately-protect-sensitive-data-in-the-cloud.aspx]]|Report Thales|
|2019.10.10|Help Net Security| → [[Only 32% of organizations employ a security-first approach to cloud data storage|https://www.helpnetsecurity.com/2019/10/10/cloud-data-storage-security/]]|Report Thales|
|2019.10.08|//FireEye//|[[FireEye Email Threat Update: How Attackers are Getting Ahead in the Cloud|https://www.fireeye.com/blog/products-and-services/2019/10/how-attackers-are-getting-ahead-in-the-cloud.html]] ([[détails|https://www.fireeye.com/solutions/ex-email-security-products/power-of-one.html]])|Report FireEye Threats|
|2019.10.08|Security Week| → [[Email Attacks Using Cloud Services are Increasing|https://www.securityweek.com/email-attacks-using-cloud-services-are-increasing]]|Report FireEye Threats|
|2019.10.08|//LogRhythm//|[[Six Tips for Securing Your Azure Cloud Environment|https://logrhythm.com/six-tips-for-securing-your-azure-cloud-environment/]]|Azure Best_Practices|
|2019.10.08|//Gremlin//|![[After the Retrospective: Heroku Incident #1892|https://www.gremlin.com/blog/heroku-incident-1892/]]|Lessons_Learnt AWS Heroku|
|>|>|>|!2019.10.07|
|2019.10.07|Journal du Net[>img[iCSF/flag_fr.png]]|[[Stockage : mieux protéger ses données avec le modèle flash-to-flash-to-cloud|https://www.journaldunet.com/solutions/expert/71828/stockage---mieux-proteger-ses-donnees-avec-le-modele-flash-to-flash-to-cloud.shtml]]|Storage Flash|
|2019.10.07|ZDnet|[[Australia inches closer to compelling access to US data under CLOUD Act|https://www.zdnet.com/article/australia-inches-closer-to-compelling-access-to-us-data-under-cloud-act/]]|CLOUD_Act Australia|
|2019.10.07|Technopedia|[[How Cloud Computing is Changing Cybersecurity|https://www.techopedia.com/how-cloud-computing-is-changing-cybersecurity/2/33941]]|Challenges|
|2019.10.07|Maarten Goet|[[Azure Sentinel: designing access and authorizations that meet the enterprise needs|https://medium.com/wortell/azure-sentinel-designing-access-and-authorizations-that-meet-the-enterprise-needs-501bfdafaa5f]]|Azure Sentinel|
|2019.10.07|DZone|![[The Complete Kubernetes Collection [Tutorials and Tools]|https://dzone.com/articles/the-complete-kubernetes-collection-tutorials-and-tools]]|K8s Tools Tutorials|
|2019.10.07|Solutions review|[[5 Tips for Designing a Flawless Cloud Security Policy|https://solutionsreview.com/cloud-platforms/5-tips-for-designing-a-flawless-cloud-security-policy/]]|Security_Policy|
|2019.10.07|Darknet.org.uk|[[LambdaGuard - AWS Lambda Serverless Security Scanner|https://www.darknet.org.uk/2019/10/lambdaguard-aws-lambda-serverless-security-scanner/]]|Tools LambdaGuard|
|2019.10.07|//Cloud Management Insider//|[[Cloud Cryptography - A foolproof solution for your cloud security|https://www.cloudmanagementinsider.com/cloud-cryptography/]]|Cryptography|
|2019.10.07|//Trendmicro//|[[Trend Micro Survey Finds Lack of IT Security Input In DevOps Introduces Cyber Risk for 72% of Companies|https://devops.com/trend-micro-survey-finds-lack-of-it-security-input-in-devops-introduces-cyber-risk-for-72-of-companies/]]|Report Trendmicro|
|2019.10.07|//Microsoft Azure//|[[Customer Provided Keys with Azure Storage Service Encryption|https://azure.microsoft.com/en-us/blog/customer-provided-keys-with-azure-storage-service-encryption/]]|Azure Encryption|
|2019.10.07|//Alcide//|[[Cloud-native applications need a unified continuous security approach|https://www.helpnetsecurity.com/2019/10/07/cloud-native-applications-security/]]|Misc|
|2019.10.07|//Zscaler//[>img[iCSF/flag_fr.png]]|[[L'avenir de la prévention contre la perte de données est dans le Cloud|http://www.globalsecuritymag.fr/L-avenir-de-la-prevention-contre,20191007,91390.html]]|DLP|
|2019.10.07|//ExtraHop//|[[Your Enterprise is Cloud-First. Is Your Security?|https://www.extrahop.com/company/blog/2019/cloud-native-security-infographic/]]|Survey|
[>img(200px,auto)[iCSF/CCSEP2019.png]]Pour s'inscrire à la ''Cloud & Cyber Security Expo'' et disposer une premier aperçu du programme des conférences gratuites :
Suivez le lien ⇒ ''[[CloudSecurityAlliance.fr/go/jabr|https://CloudSecurityAlliance.fr/go/jabr]]''
[img(auto,60px)[iCSF/CCSA19h.jpg][https://CloudSecurityAlliance.fr/go/jabr]]
!"//Cloud Penetration Testing the Capital One Breach//"
[>img(200px,auto)[iCSA/JAABC.jpg]]Article de blog publié le 10 octobre 2019 — Rédigé par Alexander Getsin, Lead Author for Cloud Penetration Testing Playbook
<<<
//''Aligning the Capital One breach with the CSA Cloud Penetration Testing Playbook''
In March 2019, Capital One suffered a unique cloud breach. 140,000 Social Security numbers and 80,000 linked bank account numbers were exposed, along with some 1 million Canadian Social Insurance Numbers. It isn't the numbers that make the breach special and worth learning about.
The initial point of compromise in this breach was a misconfigured proxy (modSecuritymodProxy, a Web Application Firewall), employed by Capital One. The attacker used the misconfigured instance to steal credentials from the meta-data service of the cloud instance. This is arguably the first high-profile breach using this technique. Capital One had to deal with a novel attack that employed a cutting-edge technique exclusive to cloud environments. Despite their impressive efforts at cloud security, their chances were slim in this case.
Just a few months ago, the Cloud Security Alliance's (CSA) Top Threats Working Group published the+++*[Cloud Penetration Testing Playbook]> <<tiddler [[2019.07.12 - Publication : 'Cloud Penetration Testing Playbook']]>>===. This playbook identifies this very attack technique. The playbook also describes 94 other public cloud attack vectors, concerns, considerations and test cases for testing and attacking public cloud environments and systems.
''What was the Breach?''
The initial compromise technique employed in this breach was the abuse of a particular feature of a misconfigured proxy (a web application firewall) employed by Capital One. The nginx server hosting the web application firewall accepts web requests meant for backend applications, processes and fulfills or responds to them as a proxy does. This specific nginx misconfiguration allowed requests to the meta-data service at 169.254.169.254.
AWS infrastructure services and consumers use the meta-data service to store environment variables. Some of the many variables and data stored in the AWS meta-data service (similar to GCP and Azure) are the temporary STS credentials that allow the instance to assume any role that has been passed to it. Anyone familiar with curl or a proxy client (such as Burp proxy) can generate requests to this meta-data service if they have local access to the instance, or if the instance is misconfigured to serve web requests to its local meta-data service.
The latter was the case: the vulnerable nginx WAF proxied web requests to itself and also served any other requests. The attacker called its iam/info meta-data to get available role names and then the temporary credentials meta-data to obtain the actual credentials at
> {{{ http://169.254.169.254/latest/meta-data/iam/security-credentials/role-name }}}
At that point, the attacker was in. Amongst other privileges, the role associated with the WAF instance had S3 bucket privileges. It's easy AWS CLI work from there.
''What Made this Breach Special?''
This is arguably the first high-profile breach using this technique. It is novel and special in a few other ways:
* The breach depended on a misconfiguration of a non-cloud component (the WAF software) to target an attack vector unique to cloud instances
* An ex-employee of the cloud service provider targeted clients of the cloud service provider
The more important point is that Capital One had to deal with a previously unexplored attack. AWS recognizes Capital One as a leader in cloud usage with impressive efforts at security. The fact that an ex-engineer of the CSP exploited the technical weakness only stands to show how exclusive the knowledge required, and how hard to counter this attack was.
This incident highlights increasingly sophisticated attacks that attackers can use to compromise cloud environments. The CSA Top Threats Working Group playbook provides guidance on how to test for such misconfigurations in your cloud infrastructure, reducing the knowledge gap.
''What's the Cloud Penetration Testing Playbook?''
The Cloud Penetration Testing Playbook represents a collective effort to provide guidance for the penetration testing of systems in public cloud environments. It provides a set of testing objectives, as well as legal and compliance concerns. The overall document aims to educate key decision-makers on the complexities of penetration testing in a multi-stakeholder and vulnerabilities within a multi-layered information technology stack.
While this resource is activity-specific (penetration testing), it outlines the various methods by which attackers can and do target cloud environments. To protect information systems, defenders should be aware of the methods including those used by the Capital One threat actor.. The playbook covers most of the aspects and methodology of similar attack:
__Initial compromise employed by the Capital One threat actor involved a misconfigured proxy server exposing temporary credentials residing in its meta-data service.__
Covered in ''Pg 13'' (of the Cloud Penetration Testing Playbook)
* c. Test for spoofing of user identity and other entities
* v. Steal credentials from meta-data of proxy or http forwarding servers (credentials in AWS meta-data)
__Data exfiltration via export of EC2 snapshots__
Covered in ''Pg 14'' (of the Cloud Penetration Testing Playbook)
* f. Test for Information disclosure (privacy breach or data leak)
* ix. Steal virtual machine images and snapshots from storage accounts; analyze them for sensitive data (likeAzure vm vhd snapshots
__Data exfiltration via download of S3 bucket objects__
Covered in ''Pg 14'' (of the Cloud Penetration Testing Playbook)
* f. Test for Information disclosure (privacy breach or data leak)iv. Exfiltrate data from publicly accessible datastore services (S3, RDS, RDS snapshots, Redshift clusters, elastic search domains) or private stores with cli / dumps (s3 aws cli get, dynamodump), and/or configure them accordingly for exfiltration).
''What Should You Do About This?''
This knowledge is now available. The playbook is a resource that CSA and Top Threats Working Group will continue to improve on.//[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/jaac/]] sur le blog de la CSA.
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//It's all about the Data! - Preventative Security//"
[>img(200px,auto)[iCSA/JA8BI.jpg]]Article de blog publié le 8 octobre 2019 — Rédigé par John DiMaria, Assurance Investigatory Fellow, CSA
<<<
//I have always said I am a "data guy." Decisions made with data eliminate all bias, opinions, and ad hoc decisions that cause potential costly moves.
In my most recent podcast interview with Phillip Merrick, CEO of Fugue, he discussed how vendors sometimes use security events in order to sell fear, uncertainty, and doubt (FUD) to sell products. Nothing wrong with keeping up with world events and learning from others' mistakes, but there is a difference between prevention and reaction.
''Reactive Security''
Think about it. Smoke alarms go off after something happens; usually, a fire that causes smoke to rise and enter the alarm. At that point, running out of the building is the standard "reaction." Sure, there are all kinds of incidents that can scare you and make you run out and buy the latest technology to warn you when there is a fire, and even call 911 for you. But while you definitely need smoke alarms, doesn't it make sense to do a full evaluation of your premises and see what you can do to prevent that fire in the first place? Then, even if a fire does happen, there is a good chance the damage will be less than if you had done nothing at all. Even if you did just buy all the latest and greatest technology, how you know you addressed the critical areas unless you did a full evaluation first?
Preventative Security
The point is, why not spend your budget dollars wisely by using good data-driven decisions. A smart strategy means less complexity. Evaluate where you are at, give yourself credit for what you already have in place and spend dollars wisely on the areas that have little or no protection and/or areas that could use improvement. The fire department can provide you with a checklist or questionnaire pointing out things you should evaluate before you spend money so you know what you really need (and what you don't). Whereas a company that wants to sell you equipment can give you a hundred reasons why you should by their product, even before they know if you even need it.
Security is similar. Evaluate where you are at today, draw out where you need to be tomorrow, and act on the differences - simple, smart, and cost-effective (not to mention a valuable budget justification).
''CSA's Questionnaire to Assess Cloud Compliance''
Think of the Consensus Assessments Initiative Questionnaire (CAIQ) as fulfilling the same purpose as the fire risk questioner. It allows you to evaluate where you are at today in meeting internationally accepted cloud-specific controls. The CAIQ is based upon the Cloud Controls Matrix (CCM) and provides a set of Yes/No questions a cloud consumer or cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix. It's vendor-neutral, and some of the improvements may not even require technology, but if they do, you'll be a smarter shopper.
[>img(500px,auto)[iCSA/JA8BI.png]]As I mentioned above - simple, smart and cost effective. Once you feel you are ready and have addressed any gaps, you can submit your CAIQ to the STAR Registry and join the other 600 plus cloud service providers that have chosen to post their completed questionnaire for not only their customers to see, but potential clients as well, increasing the level of transparency and trust. The great thing is, it is scalable, and you can build on that initial step by graduating to STAR Continuous. STAR Continuous improves upon that "point in time" or "point over a period of time" analysis by requiring that the CAIQ be updated every 30 days, increasing the level of assurance.
If you feel it is an advantage or requirement to go even further, again, you can progress to STAR Level 2; Third-Party certification or attestation and even Level 3; continuous monitoring. See the "STAR Levels" figure on the right.
Following are costs due to non-compliance as per an Independent survey conducted by Ponemon Institute on behalf of Globalscape+++*[»]>
→ http://dynamic.globalscape.com/files/Whitepaper-The-True-Cost-of-Compliance-with-Data-Protection-Regulations.pdf
===
These costs, as shown in this report, are 2.71 times the cost of compliance:
* Business disruption
* Productivity losses
* Revenue losses
* Fines, penalties and
* settlement costs
''Evaluate if you are compliant.''
If you are, give yourself credit and let the world know and continue to improve and advance as applicable. If not, act on the differences, fill the gaps, and then let the world know and continue to improve and consider the other levels of STAR based on your business needs and compliance requirements.//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/ja8b/]] sur le blog de la CSA.
[img(25%,1px)[iCSF/BluePixel.gif]]
!Participation au Salon ''Cloud & Cyber Security Paris'' les 27 et 28 novembre 2019
[>img(200px,auto)[iCSF/CCSEP2019.png]]Le [[Chapitre Français]] de la [[Cloud Security Alliance]] animera :
* la table-ronde "''Cyber-résilience : anticiper, maître-mot de la sécurité''"
* le mercredi 27 novembre 2019, entre 13h05 et 13h45.
Le salon se déroulera sur 2 jours : les ''mercredi 27 et jeudi 28 novembre 2019 à Paris, Porte de Versailles''
L'entrée donne accès aux cinq espaces du Salon :
* Cloud Expo Europe, DevOps Live, Cloud & Cyber Security Expo, Data Centre World, et Big Data World
[img[iCSF/JBRSC.png]]
|ssTabl99|k
| !
Pour une invitation gratuite, suivez le lien → [[CloudSecurityAlliance.fr/go/CCSEP19|https://CloudSecurityAlliance.fr/go/CCSEP19]]
|
Pour en savoir plus sur le salon :
<<<
//__''Cloud & Cyber Security Expo Paris 27-28 novembre 2019, Paris Porte de Versailles''__
Nous avons la chance de vivre dans un monde numérique ouvert et interconnecté. Mais comment éviter les dangers auquel il nous expose ?
Devenu un rassemblement incontournable d'experts cybersécurité en France, Cloud & Cyber Security Expo Paris vous donnera les clés pour mettre en place une infrastructure numérique plus sûre et sécurisée dans votre département ou votre société.
Protéger votre entreprise, c'est aussi protéger vos clients et votre pérennité. Vous apprendrez à mieux détecter, prévenir et gérer les multiples menaces en matière de cybersécurité.
Venez rencontrer Sophos, Darktrace , Rohde & Schwarz CyberSecurity, Tenable, Guardicore, Hermitage Solutions, Gemalto, ITrust, Okta, BSI Group et bien d'autres !
250 experts de l'industrie seront également présents lors d'études de cas, tables rondes et conférences pour vous guider et vous inspirer : Groupe Servier, Dailymotion, Groupe Casino, Rémy Cointreau, Médiamétrie, Carrefour Banque & Assurance, EDF Renouvelables ...
Ne prenez pas le risque de passer à côté !//
<<<
!!1 - Informations CSA de la semaine du 30 septembre au 6 octobre 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Actu : prolongation jusqu'au ''25 octobre'' pour commenter la traduction en français de 3 documents CSA+++*[»]> <<tiddler [[2019.09.19 - Demande de validation la traduction en français de 3 documents CSA]]>>===
* Blog : ''Why you can't have backdoored crypto that is secure''+++*[»]> <<tiddler [[2019.10.03 - Blog : 'Why you can't have backdoored crypto that is secure']]>>===
* Actu : Appel à commentaires, document ''Critical Controls Implementation for SAP''+++*[»]> <<tiddler [[2019.10.03 - Appel à commentaires : document 'Critical Controls Implementation for SAP']]>>===
* Actu : Lancement d'un ''forfait CCSK''+++*[»]> <<tiddler [[2019.10.03 - Lancement d'un forfait CCSK]]>>===, le ''Foundation Exam Bundle''+++*[»]> <<tiddler [[2019.10.03 - Forfait CCSK 'Foundation Exam Bundle]]>>===
* Publication : document ''Guidelines for CPAs Providing CSA STAR Attestation v2''+++*[»]> <<tiddler [[2019.10.04 - Publication : 'Guidelines for CPAs Providing CSA STAR Attestation v2']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.10.06 - Veille Hebdomadaire - 6 octobre]] avec une cinquantaine de liens, dont :
* __''À lire'' :__ où l'on repartle du Cloud souverain avec ''Dassault Systèmes'' et ''OVH''+++*[»]>
|2019.10.03|Reuters|[[France recruits Dassault Systemes, OVH for alternative to U.S. cloud firms|https://www.reuters.com/article/us-france-dataprotection/france-recruits-dassault-systemes-ovh-for-alternative-to-u-s-cloud-firms-idUSKBN1WI189]]|Sovereign_Cloud|
|2019.10.03|Silicon.fr[>img[iCSF/flag_fr.png]]| → [[Cloud souverain : Bruno Lemaire relance Dassault Systèmes et OVH|https://www.silicon.fr/cloud-souverain-bruno-lemaire-relance-dassault-systemes-et-ovh-262679.html]]|Sovereign_Cloud|
===
* __Divers__ : les zombies du Cloud+++*[»]>
|2019.10.02|//Fugue//|[[Zombie Cloud Infrastructure is a Major Security Risk|https://www.fugue.co/blog/zombie-cloud-infrastructure-is-a-major-security-risk]]|Risks Infrastructure Zombies|
===, comparaison PaaS et KaaS (Kubernetes as a Service)+++*[»]>
|2019.09.30|Container Journal|[[PaaS vs. KaaS: A Primer|https://containerjournal.com/topics/container-ecosystems/paas-vs-kaas-a-primer/]]|PaaS KaaS|
===
* Sondages : ''Insight''+++*[»]>
|2019.09.30|Insight| → [[2019 Europe Index Intelligent Technology™ d'Insight|https://fr.insight.com/content/dam/insight-web/en_GB/images/2019/09/index-intelligent-technology-insight-france.pdf]]|Report|
|2019.10.02|Global Security Mag[>img[iCSF/flag_fr.png]]| → [[Selon l'Insight Intelligent Technology Index 2019, Les services cloud inutilisés coûtent 9,6 millions d'euros aux entreprises|http://www.globalsecuritymag.fr/Selon-l-Insight-Intelligent,20190926,91105.html]]|Survey ITI|
===
* Rapports : évaluation Microsoft Azure pour les services du gouvernement australien+++*[»]>
|2019.10.02|//Microsoft Azure//|[[Over 100 Azure services support PROTECTED Australian government data|https://azure.microsoft.com/en-us/blog/over-100-azure-services-support-protected-australian-government-data/]]|Azure Government Australia|
|2019.10.02|//Microsoft Azure//| → [[Australia specific assessment and compliance reports, FAQs and White Papers|https://servicetrust.microsoft.com/viewpage/AustraliaV3]]|Azure Government Australia|
|2019.10.02|//Microsoft Azure//| → [[2019 Microsoft Azure IRAP (Information Security Registered Assessor Program) Assessment Report|https://servicetrust.microsoft.com/viewpage/AustraliaV3?command=Download&downloadType=Document&downloadId=ffcb3aeb-475e-4f23-8a8f-2fc7dac18d68&tab=d1b1d320-3d79-11e9-9157-b7b7eba45f26&docTab=d1b1d320-3d79-11e9-9157-b7b7eba45f26_GRC_Assessment_Reports]]|Azure Government Australia|
===
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.10.06|
|2019.10.06|//Tripwire//|[[Automating Secure Configuration Management in the Cloud|https://www.tripwire.com/state-of-security/security-data-protection/cloud/automating-secure-configuration-management-cloud/]]|Misc|
|2019.10.06|//Tripwire//|[[Secure Configuration in Cloud - IaaS, PaaS and SaaS Explained|https://www.tripwire.com/state-of-security/security-data-protection/cloud/secure-configuration-cloud-iaas-paas-saas/]]|Challenges|
|2019.10.06|//Alcide//|[[Kubernetes Network Policies Best Practices|https://blog.alcide.io/kubernetes-network-policies-best-practices]]|K8s|
|2019.10.06|Alexandre Blanc|[[A backup strategy against ransomwares and threats (part 3)|https://www.linkedin.com/pulse/backup-strategy-against-ransomwares-threats-part-3-alexandre/]] (3/3)|Backups Ransomware|
|2019.10.06|Redmond Channel Partner|[[Multifactor Authentication for All at Heart of Azure AD Changes|https://rcpmag.com/articles/2019/11/06/multifactor-authentication-for-all-azure-ad.aspx]]|AzureAD MFA|
|>|>|>|!2019.10.04|
|2019.10.04|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[OVH-Outscale : le cloud souverain vraiment ressuscité ?|https://www.lemondeinformatique.fr/actualites/lire-ovh-outscale-le-cloud-souverain-vraiment-ressuscite-76657.html]]|Sovereign_Cloud France|
|2019.10.04|FCW|[[US, UK reach CLOUD Act agreement|https://fcw.com/articles/2019/10/04/cloud-act-uk-deal-johnson.aspx]]|CLOUD_Act|
|2019.10.04|IT World Canada|[[Using the Cloud Securely: A conversation between two cybersecurity leaders|https://www.itworldcanada.com/sponsored/using-the-cloud-securely-a-conversation-between-two-cybersecurity-leaders]] ([[podcast .mp3|https://i.itworldcanada.com/wp-content/uploads/2019/10/Box-Audio-Mixdown-1.mp3]])|Misc|
|2019.10.04|SecureCloudBlog|[[Azure AD - Add Custom claims for WS-Federation applications|https://securecloud.blog/2019/10/03/azure-ad-add-custom-claims-for-ws-federation-applications/]]|AzureAD|
|2019.10.04|DevOps.com|[[ESG Survey Sees Long DevSecOps Road Ahead|https://devops.com/esg-survey-sees-long-devsecops-road-ahead/]]|Report ESG|
|2019.10.04|//Risk Recon//|[[5 Risk Factors for Deciding Where to Host Cloud-Eligible Assets|https://blog.riskrecon.com/5-risk-factors-for-deciding-where-to-host-cloud-eligible-assets]]|Risks Hosting|
|2019.10.04|//Fraktal//|[[A Practical Framework for DevSecOps|https://medium.com/fraktal/practical-framework-for-devsecops-dd7fd9e63866]]|DevSecOps|
|>|>|>|!2019.10.03|
|2019.10.03|Reuters|[[France recruits Dassault Systemes, OVH for alternative to U.S. cloud firms|https://www.reuters.com/article/us-france-dataprotection/france-recruits-dassault-systemes-ovh-for-alternative-to-u-s-cloud-firms-idUSKBN1WI189]]|Sovereign_Cloud|
|2019.10.03|Silicon.fr[>img[iCSF/flag_fr.png]]| → [[Cloud souverain : Bruno Lemaire relance Dassault Systèmes et OVH|https://www.silicon.fr/cloud-souverain-bruno-lemaire-relance-dassault-systemes-et-ovh-262679.html]]|Sovereign_Cloud|
|2019.10.03|DZone|![[How To Avoid Data Breaches In The Cloud|https://dzone.com/articles/how-to-avoid-data-breaches-in-the-cloud]]|Data_Breaches|
|2019.10.03|GovLoop|[[Survey Findings: The State of Cloud Adoption|https://www.govloop.com/survey-findings-the-state-of-cloud-adoption/]]|Survey|
|2019.10.03|The Register|[[Are your Office 365 biz accounts secure? Don't find out the hard way... There are tools to keep staff, customers safe|https://www.theregister.co.uk/2019/10/03/office_365_security_compliance/]]|O365 Compliance|
|2019.10.03|Bleeping Computer|[[Office 365 Admins Can Now Block Malicious Microsoft Query IQY Files|https://www.bleepingcomputer.com/news/microsoft/office-365-admins-can-now-block-malicious-microsoft-query-iqy-files/]]|O365|
|2019.10.02|//Microsoft Azure//|[[All your creds are belong to us!|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/All-your-creds-are-belong-to-us/ba-p/855124]]|Authentication|
|2019.10.03|//Fugue//|[[Cloud Security Posture Management: Benefits and Uses|https://www.fugue.co/blog/cloud-security-posture-management-benefits-and-uses]]|Security_Posture Misconfigurations|
|2019.10.03|//Managed Methods//|[[Where Cloud Security Fits In Your Cybersecurity Infrastructure|https://managedmethods.com/blog/cybersecurity-infrastructure-cloud-security/]]|Infrastructure|
|2019.10.03|//ThreatStack//|[[Cloud Security Professional Development & Educational Resource Roundup|https://www.threatstack.com/blog/cloud-security-professional-development-educational-resource-roundup]]|Education|
|2019.10.03|//Google Cloud//|[[4 steps to stop data exfiltration with Google Cloud|https://cloud.google.com/blog/products/identity-security/4-steps-to-stop-data-exfiltration-with-google-cloud]] (5/6)|GCP Exfiltration|
|2019.10.03|//Google Cloud//|[[Take time for discovery and assessment - and consider a partner - for a successful cloud migration|https://cloud.google.com/blog/products/cloud-migration/take-time-for-discovery-and-assessment-and-consider-a-partner-for-a-successful-cloud-migration]]|Migration|
|2019.10.03|//AWS//|[[Amazon Elasticsearch Service provides option to mandate HTTPS|https://aws.amazon.com/about-aws/whats-new/2019/10/amazon-elasticsearch-service-provides-option-to-mandate-https/]] ([[details|https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-data-protection.html]])|AWS|
|2019.10.03|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Un Office 365 sécurisé, une perle rare ?|https://www.riskinsight-wavestone.com/2019/10/office-365/]]|O365|
|>|>|>|!2019.10.02|
|2019.10.02|Les Echos[>img[iCSF/flag_fr.png]]|[[Cloud Act : halte à la désinformation !|https://www.lesechos.fr/idees-debats/cercle/cloud-act-halte-a-la-desinformation-140599]]|CLOUD_Act|
|2019.10.02|Dark Reading|[[Controlling Data Leakage in Cloud Test-Dev Environments|https://www.darkreading.com/cloud/controlling-data-leakage-in-cloud-test-dev-environments/a/d-id/1335909]]|Data_Leaks|
|2019.10.02|TechTarget|[[Healthcare cybersecurity threatened by cloud misconfigurations|https://searchhealthit.techtarget.com/news/252471750/Healthcare-cybersecurity-threatened-by-cloud-misconfigurations]]|Misconfigurations|
|2019.10.02|DZone|[[Overview of AWS Security Tools and Processes|https://dzone.com/articles/aws-overview-of-security-processes]]|AWS|
|2019.10.02|CyberDefense Mag|[[Cloud Security Essentials - Session Monitoring|https://www.cyberdefensemagazine.com/cloud-security-essentials/]]|Monitoring|
|2019.10.02|CyberDefense Mag|[[Why Zero Trust is the Right Security Model for the Cloud|https://www.cyberdefensemagazine.com/why-zero-trust-is-the-right-security-model-for-the-cloud/]]|Zero_Trust|
|2019.10.02|//Microsoft Azure//|![[Over 100 Azure services support PROTECTED Australian government data|https://azure.microsoft.com/en-us/blog/over-100-azure-services-support-protected-australian-government-data/]]|Azure Government Australia|
|2019.10.02|//Microsoft Azure//| → [[Australia specific assessment and compliance reports, FAQs and White Papers|https://servicetrust.microsoft.com/viewpage/AustraliaV3]]|Azure Government Australia|
|2019.10.02|//Microsoft Azure//| → [[2019 Microsoft Azure IRAP (Information Security Registered Assessor Program) Assessment Report|https://servicetrust.microsoft.com/viewpage/AustraliaV3?command=Download&downloadType=Document&downloadId=ffcb3aeb-475e-4f23-8a8f-2fc7dac18d68&tab=d1b1d320-3d79-11e9-9157-b7b7eba45f26&docTab=d1b1d320-3d79-11e9-9157-b7b7eba45f26_GRC_Assessment_Reports]]|Azure Government Australia|
|2019.10.02|//Box//|[[Box debuts new security controls, other enhancements to workflow automation tools|https://siliconangle.com/2019/10/02/box-debuts-new-security-controls-enhancements-workflow-automation-tools/]]|Box|
|2019.10.02|//Google//[>img[iCSF/flag_fr.png]]|[[Eric Haddad, Google Cloud : nous mettons notre priorité sur la security-by-design et de privacy-by-design|http://www.globalsecuritymag.fr/Eric-Haddad-Google-Cloud-nous,20191003,91138.html]]|GCP Security_by_Design|
|2019.10.02|//Google Cloud//|[[Archive media for the long term with preservation masters|https://cloud.google.com/blog/products/storage-data-transfer/archive-media-for-the-long-term-with-preservation-masters]]|Storage|
|2019.10.02|//Fugue//|![[Zombie Cloud Infrastructure is a Major Security Risk|https://www.fugue.co/blog/zombie-cloud-infrastructure-is-a-major-security-risk]]|Risks Infrastructure Zombies|
|2019.10.02|//Security Intelligence//|[[6 Steps to Modernize Your On-Premises Identity and Access Management Architecture|https://securityintelligence.com/posts/6-steps-to-modernize-your-on-premises-identity-and-access-management-architecture/]]|IAM|
|2019.10.02|//Cyware//|[[Understanding and Preparing for Container security threats|https://cyware.com/news/understanding-and-preparing-for-container-security-threats-26031da9]]|Containers Threats|
|2019.10.02|//McAfee//|[[Security is Shifting to a Unified Cloud Edge|https://securingtomorrow.mcafee.com/business/cloud-security/security-is-shifting-to-a-unified-cloud-edge/]]|Misc|
|2019.10.02|Alexandre Blanc|[[A backup strategy against ransomwares and threats (part 2)|https://www.linkedin.com/pulse/backup-strategy-against-ransomwares-threats-part-2-alexandre/]] (2/3)|Backups Ransomware|
|2019.10.02|DEV|[[Anatomy of AWS Lambda|https://dev.to/sosnowski/anatomy-of-aws-lambda-1i1e]]|AWS_Lambda|
|>|>|>|!2019.10.01|
|2019.10.01|IT Word Canada|[[Canadian government data is getting cloudier, signaling a 'massive leap of faith' in public cloud, says Microsoft|https://www.itworldcanada.com/article/canadian-government-data-is-getting-cloudier-signaling-a-massive-leap-of-faith-in-public-cloud-says-microsoft/422307]]|Misc|
|2019.10.01|Trenches of IT|[[How I Passed the AWS Certified Security - Specialty|https://www.trenchesofit.com/2019/10/01/how-i-passed-aws-security/]]|Training AWS|
|2019.10.01|Help Net Security|[[Managing and monitoring privileged access to cloud ecosystems|https://www.helpnetsecurity.com/2019/10/01/cloud-pam/]]|Access_Controls|
|2019.10.01|//Gigamon//|[[What Is a Private Cloud? Your Data with a Room of Its Own|https://blog.gigamon.com/2019/10/01/what-is-private-cloud-your-data-with-a-room-of-its-own/]]|Private_Cloud|
|2019.10.01|//ThreatStack//|[[The Top 3 Security Mistakes SaaS Companies are Making|https://www.threatstack.com/blog/the-top-3-security-mistakes-saas-companies-are-making]]|SaaS|
|2019.10.01|//JumpCloud//|[[Benefits of Cloud-Based RADIUS Servers|https://jumpcloud.com/blog/benefits-cloud-radius-servers/]]|Radius|
|2019.10.01|//JumpCloud//|[[Security-as-a-Service: IAM|https://jumpcloud.com/blog/secaas-iam/]]|IAM|
|2019.10.01|//Netwrix//|[[The Capital One Hack: 3 Questions about Data Security in the Cloud|https://blog.netwrix.com/2019/10/01/the-capital-one-hack-3-questions-about-data-security-in-the-cloud/]]|CapitalOne Lessons_Learnt|
|2019.10.01|Alexandre Blanc|[[A backup strategy against ransomwares and threats (part 1)|https://www.linkedin.com/pulse/backup-strategy-against-ransomwares-threats-part-1-alexandre/]] (1/3)|Backups Ransomware|
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.09.30|
|2019.09.30|Container Journal|![[PaaS vs. KaaS: A Primer|https://containerjournal.com/topics/container-ecosystems/paas-vs-kaas-a-primer/]]|
|2019.09.30|Help Net Security|[[DevSecOps is emerging as the main methodology for securing cloud-native applications|https://www.helpnetsecurity.com/2019/09/30/securing-cloud-native-applications/]]|DevSecOps|
|2019.09.30|KitPloit|[[Terraform AWS Secure Baseline|https://www.kitploit.com/2019/09/terraform-aws-secure-baseline-terraform.html]]|Tools AWS Terraform|
|2019.09.30|ZDnet|[[Docker is in deep trouble|https://www.zdnet.com/article/docker-is-in-deep-trouble/]]|Docker|
|2019.10.02|Informatique News[>img[iCSF/flag_fr.png]]| → [[En difficulté, Docker cherche de nouveaux financements|ttps://www.informatiquenews.fr/en-difficulte-docker-cherche-de-nouveaux-financements-63772]]|Docker|
|2019.09.30|CyberSecurity Hub|[[Cloud Security: A CISO Guide|https://www.cshub.com/cloud/articles/cloud-security-a-ciso-guide]]|Risks|
|2019.09.30|JDSupra|[[Luxembourg Cloud computing rules for investment fund managers: a reminder of the obligations 6 months before their Cloud Register must be drawn up|https://www.jdsupra.com/legalnews/luxembourg-cloud-computing-rules-for-47103/]]|Luxembourg|
|2019.09.30|Insight| → [[2019 Europe Index Intelligent Technology™ d'Insight|https://fr.insight.com/content/dam/insight-web/en_GB/images/2019/09/index-intelligent-technology-insight-france.pdf]]|Report|
|2019.10.02|Global Security Mag[>img[iCSF/flag_fr.png]]| → [[Selon l'Insight Intelligent Technology Index 2019, Les services cloud inutilisés coûtent 9,6 millions d'euros aux entreprises|http://www.globalsecuritymag.fr/Selon-l-Insight-Intelligent,20190926,91105.html]]|Survey ITI|
|2019.09.30|//Google Cloud//|[[Detect and respond to high-risk threats in your logs with Google Cloud|https://cloud.google.com/blog/products/identity-security/detect-and-respond-to-high-risk-threats-in-your-logs-with-google-cloud]] (4/6)|GCP Threats Detection|
|2019.09.30|//Rapid7//|[[You Can Have It Both Ways with AppSec: Security and Speed|https://blog.rapid7.com/2019/09/30/you-can-have-it-both-ways-with-appsec-security-and-speed/]]|SAST DAST|
|2019.09.30|//Spanning//|[[Why Multi-Factor Authentication (MFA) Is a Must-Have in the Microsoft World and Beyond|https://spanning.com/blog/why-multi-factor-authentication-is-a-must-have/]]|O365 MFA|
!"//Guidelines for CPAs Providing CSA STAR Attestation v2//"
Document annoncé comme publié le 20 septembre 2019, mais daté du 27 septembre 2019 et mis en ligne le 3 octobre 2019.
<<<
[>img(200px,auto)[iCSA/J9KAG.png]]//This document provides guidance for CPAs in conducting a STAR Attestation. This document is not meant to replace any American Institute of Certified Public Accountant (AICPA) Standards or AICPA Service Organization Control® (SOC) related guidance. Refer to [[aicpa.org/soc|http://www.aicpa.org/soc]] for information about SOC and how to obtain SOC related standards and guidance.//
<<<
__Table des matières :__
<<<
* Part 1 - Professional Requirements
## General
## Requirements for engagement performance
## Competency requirements
## Scope of Attestation
## Criteria establishment and selection
* Part 2 - Additional CSA Guidelines
## CSA Competency
## Scope
## Submitting materials to CSA
<<<
⇒ ''[[CloudSecurityAlliance.fr/go/ja4s/|https://CloudSecurityAlliance.fr/go/ja4s/]]
!"//Why you can't have backdoored crypto that is secure//"
[>img(150px,auto)[iCSA/JA3BW.jpg]]Article de blog publié le 3 octobre 2019 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA
<<<
//So as you have probably seen some parts of the US government are again making noise about end-to-end encryption.
We've seen this before (clipper chip, key escrow, etc., etc.). The new twist is that they appear to be trying a thin end of the wedge approach, banning end-to-end encryption in consumer applications (like Whatsapp, Signal and so on) but large corporations will be allowed to have end-to-end encryption to protect their systems.
Let's ignore the whole consumer vs. corporate argument for a minute (does the CSA qualify? Would we be allowed to have internally secure communications? What about small and medium businesses? What about people who are self-employed?).
So in order to be effective against an attacker that steals your laptop or cell phone, the encryption system also needs to be effective against a nation-state that takes (e.g. at the border, legally) your laptop or cell phone. Is this a lawful matter with a warrant and judicial transparency? Or is this part of a widespread crackdown by a repressive regime on pro-democracy supporters? Security can either be controlled by the end-user(s) involved in some specific communication/data processing, or it can also be controlled by some third party (e.g., the data processing platform). If a third party is involved, then that third party can choose to reveal the data without consent or even knowledge in most cases of the end parties, due to a lawful warrant, or because they decided to monetize your data and sell it to advertisers. Once you lose technical control of your encryption and privacy you are at risk of a number of attacks, ranging from bribery and theft from the third party to that third party going bankrupt and your data assets being auctioned off to the highest bidder.
This is why the CSA is actively exploring and engineering Blockchain solutions that involve end-to-end privacy and technical controls that are placed in the hands of the end-users, because anything less is just a data breach away from failure.//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/ja3b/]] sur le blog de la CSA.
[img(25%,1px)[iCSF/BluePixel.gif]]
Un appel à commentaires dont la date de clôture est le ''3 novembre 2019'' : "''Critical Controls Implementation for SAP''".
<<<
//The Critical Controls Implementation for SAP is the first in a series of implementation documents that the CSA ERP Security Working Group aims to develop. These documents will focus on specific ERP technologies, starting with SAP. The Critical Controls Implementation for SAP document will be released in 2 parts. Part 1 will feature the first 10 controls with the second part featuring the rest at a later date. The document takes a technical and granular approach including information such as implementation checklists and SAP transaction numbers.//
<<<
__Extrait :__
<<<
The Critical Controls Implementation for SAP is the first document in a series of implementation documents we hope to develop that focuses on specific ERP technologies. The documents will be released in 2 parts. The first part of the document will provide controls implementation guidance for the following controls:
* APP01 - Secure Landscape
* APP02 - Baseline Secure Configurations
* APP03 - Security Vulnerabilities
* INT01 - Secure Integrations and API
* DAT01 - Continuous Monitoring
* DAT02 - Data Separation
* DAT03 - Data Encryption
* BUS01 - Inventory of Business Assets, Data and Processes
* BUS02 - Business Process Controls
* BUS03 - Continuous Compliance
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/ja3c/|https://cloudsecurityalliance.fr/go/ja3c/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(300px,auto)[iCSA/CCSK_cwet.jpg]]La [[Cloud Security Alliance]] annonce le lancement d'un forfait CCSK .
<<<
//__''CSA Announces Availability of Certificate of Cloud Security Knowledge Foundation Exam Bundle''__
Exam bundle makes it even easier to demonstrate knowledge in key areas of cloud security
SEATTLE - October 3, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the availability of the Certificate of Cloud Security Knowledge (CCSK) Foundation Exam bundle. Now, those looking to demonstrate their competency in key cloud security areas such as governance and compliance can take the ''CCSK Foundation'' self-paced online course and receive an exam token for just $795 (a $890 value).
"There is a tremendous skills gap facing modern enterprises today, and cost shouldn't be an impediment to furthering one's career in a high-growth field with a rising demand for security professionals who can demonstrate a deep knowledge of cloud security," said Ryan Bergsma. "We're proud to be able to provide today'sinfosec leaders with an affordable option to advancement."
After purchasing the ''CCSK Foundation'' Exam bundle, students will be able to access the training for 60 days (with an automatic 30-day extension on request and further extensions at CSA's discretion). Tokens are valid for two years and include two attempts. The bundle includes seven modules:
# ''CCSK Foundation'' Introduction.
** A preview of the ''CSA CCSK Foundation Course'' content and class structure, along with the study materials that will be used throughout the course.
# Cloud Architecture.
** The fundamentals of cloud computing, including definitions, architectures, and the role of virtualization. Key topics include fundamental characteristics, cloud service and delivery models, and the Shared Responsibilities Model.
# Infrastructure Security for Cloud.
** Core infrastructure security- including networks, management interfaces, and administrator credentials. Students will also learn about virtual networking and workload security, including the basics of containers and serverless.
# Managing Cloud Security and Risk.
** Considerations and tools for risk assessment, governance, legal issues and compliance. Students will learn important considerations for managing security for cloud computing and be introduced to important CSA risk tools.
# Data Security for Cloud.
** Data security lifecycle, cloud storage models, data security issues and managing encryption. This module covers information lifecycle management for the cloud and how to apply security controls, with an emphasis on public cloud.
# Securing Cloud Applications, Users and Related Technologies.
** Identity management and application security for cloud deployments. Topics in this module include federated identity and different IAM applications, secure development, and managing application security in and for the cloud.
# Cloud Security Operations.
** Evaluating, selecting, and managing cloud computing providers. This module also discusses the role of Security as a Service providers and the impact of cloud on incident response.
The vendor-neutral CCSK tests for a broad foundation of cloud security knowledge, covering such topics as architecture, governance, compliance, operations, encryption, and virtualization. The CCSK exam body of knowledge is the CSA Security Guidance v4, the CSA Cloud Control Matrix and the ENISA Cloud Computing Risk Assessment report. Those interested in taking the exam can also choose to take advantage of a variety of CCSK training programs, including free self-study prep courses, in-person training sessions, and instructor-led online classes. Since it was launched in 2010, thousands of IT and security professionals have upgraded their skillsets and enhanced their careers by obtaining the CCSK.//
<<<
[img(25%,1px)[iCSF/BluePixel.gif]]
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/ja3a/|https://cloudsecurityalliance.fr/go/ja3a/]]''
* Le forfait est décrit [[ici|2019.10.03 - Forfait CCSK 'Foundation Exam Bundle']].
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(100px,auto)[iCSA/CCSK_cwet.jpg]]Le forfait "''Foundation Exam Bundle''" comprend la formation en ligne pour les 7 modules et un jeton pour passer l'examen.
<<<
//Teaches the fundamentals of cloud security including: architecture, data security, managing risk and more. This course comes with a test token for students to take the CCSK exam.
* [>img(100px,auto)[iCSA/CCSK_0.jpg]]''Introduction: CCSK Foundation Introduction''
** Introduction to the CSA CCSK Foundation Course content and class structure. During this module you will be introduced to your instructor, Rich Mogull and familiarize yourself with the study materials you'll be using throughout the course.
* [>img(100px,auto)[iCSA/CCSK_1.jpg]]''Module 1: Cloud Architecture''
** The fundamentals of cloud computing, including definitions, architectures, and the role of virtualization. Key topics include fundamental characteristics, cloud service and delivery models, and the Shared Responsibilities Model.
* [>img(100px,auto)[iCSA/CCSK_2.jpg]]''Module 2: Infrastructure Security for Cloud''
** Core infrastructure security- including networks, management interfaces, and administrator credentials. Students will also learn about virtual networking and workload security, including the basics of containers and serverless.
* [>img(100px,auto)[iCSA/CCSK_3.jpg]]''Module 3: Managing Cloud Security and Risk''
** Considerations and tools for risk assessment, governance, legal issues and compliance. Students will learn important considerations for managing security for cloud computing and be introduced to important CSA risk tools.
* [>img(100px,auto)[iCSA/CCSK_4.jpg]]''Module 4: Data Security For Cloud''
** Data security lifecycle, cloud storage models, data security issues and managing encryption. This module covers information lifecycle management for the cloud and how to apply security controls, with an emphasis on public cloud.
* [>img(100px,auto)[iCSA/CCSK_5.jpg]]''Module 5: Securing Cloud Applications, Users and Related Technologies''
** Identity management and application security for cloud deployments. Topics in this module include federated identity and different IAM applications, secure development, and managing application security in and for the cloud.
* [>img(100px,auto)[iCSA/CCSK_6.jpg]]''Module 6: Cloud Security Operations''
** Evaluating, selecting, and managing cloud computing providers. This module also discusses the role of Security as a Service providers and the impact of cloud on incident response.
//
<<<
[img(25%,1px)[iCSF/BluePixel.gif]]
* Lien → * Lien ⇒ ''[[CloudSecurityAlliance.fr/go/ja3k/|https://cloudsecurityalliance.fr/go/ja3k/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Guardians of the Cloud: The Latest Security Findings//"
[>img(100px,auto)[iCSA/JA7BG.jpg]]^^Bien que publié le 7 octobre 2019 sur le blog de la CSA, cet article l'a déjà été il y a presque 3 mois, le 17 juillet 2019 sur le site de Bitglass.
⇒ Lire [[l'article|https://CloudSecurityAlliance.fr/go/ja7z/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://CloudSecurityAlliance.fr/go/ja7x/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//What to Expect at the 2019 Colorado Chapter Forum//"
[>img(100px,auto)[iCSA/JA2BW.jpg]]^^Annonce de la réunion du chapitre du Colorado et de son programme. Elle se tiendra le jeudi 7 novembre 2019 à Denver, et sera suivie d'une formation CCSK le lendemain.
⇒ Lire [[l'article|https://blog.cloudsecurityalliance.org/2019/10/02/what-to-expect-at-the-2019-colorado-chapter-forum/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Cloud Security Posture Management: Why You Need It Now//"
[>img(100px,auto)[iCSA/JA1BC.jpg]]^^Bien que publié le 1er octobre 2019 sur le blog de la CSA, cet article l'a déjà été il y a 2 mois, le 5 août 2019 sur le site de Bitglass.
⇒ Lire [[l'article|https://CloudSecurityAlliance.fr/go/ja1z/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://CloudSecurityAlliance.fr/go/ja1x/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201909>>
<<tiddler fAll2Tabs10 with: VeilleM","_201909>>
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2019.05.30|!MITRE|[[CVE-2019-12491|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12491]]: ^^OnApp allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors^^|OnApp CVE-2019-12491|
|2019.06.07|//OnApp//|[[OnApp General Security Advisory|https://docs.onapp.com/rn/general-security-advisory]]|CVE-2019-12491 OnApp|
|2019.09.26|//Skylight//|[[All Your Cloud Are Belong To Us (CVE-2019-12491)|https://skylightcyber.com/2019/09/26/all-your-cloud-are-belong-to-us-cve-2019-12491/]]|CVE-2019-12491 OnApp|
|2019.09.26|MotherBoard| → [[Thousands of Cloud Computing Servers Could Be Owned With 'Very Simple' Attack, Researchers Say|https://www.vice.com/en_us/article/ywanev/thousands-of-cloud-computing-servers-could-be-owned-with-very-simple-attack-researchers-say]]|CVE-2019-12491 OnApp|
|2019.09.26|Dark Reading| → [[Cloud Vulnerability Could Let One Server Compromise Thousands|https://www.darkreading.com/cloud/cloud-vulnerability-could-let-one-server-compromise-thousands/d/d-id/1335943]]|CVE-2019-12491 OnApp|
|>|!|>||
|2019.09.08|!MITRE|[[CVE-2019-16097|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16097]]: ^^core/api/user.go [...] allows non-admin users to create admin accounts via the POST /api/users API^^|Harbor CVE-2019-16097|
|2019.09.18|//PaloAlto Networks//|[[Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)|https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/]]|Harbor CVE-2019-16097|
|2019.09.19|Bleeping Computer| → [[Critical Bug In Harbor Container Registry Gives Admin Access|https://www.bleepingcomputer.com/news/security/critical-bug-in-harbor-container-registry-gives-admin-access/]]|Harbor CVE-2019-16097|
|2019.09.20|GBHackers on Security| → [[Critical Vulnerability in Harbor let Hackers to Escalate Privilege by Sending Malicious Request|https://gbhackers.com/critical-vulnerability-harbor/]]|Harbor CVE-2019-16097|
|2019.09.02|Harbor|[[Disallow creating an admin user when registration #8917|https://github.com/goharbor/harbor/pull/8917]]|CVE-2019-16097 Patch|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Septembre 2019]]>>
<<tiddler fAll2LiTabs10 with: NewsL","201909>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Septembre 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Septembre 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201909>>
<<tiddler fAll2LiTabs13end with: Blog","201909>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Septembre 2019]]>>
<<tiddler fAll2LiTabs13end with: Publ","201909>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Septembre 2019]]>>
!!1 - Informations CSA de la semaine du 23 au 29 septembre 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Actu : Il ne reste plus que 3 jours pour commenter la traduction en français de 3 documents CSA+++*[»]> <<tiddler [[2019.09.19 - Demande de validation la traduction en français de 3 documents CSA]]>>===
* Blog : ''How Blockchain Might Save Us All''+++*[»]> <<tiddler [[2019.09.27 - Blog : 'How Blockchain Might Save Us All']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.09.29 - Veille Hebdomadaire - 29 septembre]] avec une soixantaine de liens :
* __''À lire'' :__ Démarche ayant amené Amazon a renforcer la sécurité de ses buckets S3+++*[»]>
|2019.09.23|Help Net Security|![[How data breaches forced Amazon to update S3 bucket security|https://www.helpnetsecurity.com/2019/09/23/s3-bucket-security/]]|AWS S3|
===
* __''À lire'' :__ Recommandations sécurité sur Office 365 de l'Agence nationale de Cyber Sécurité finlandaise+++*[»]>
|2019.09.23|NCSC-FI|![[Protection against Microsoft Office 365 credential phishing and data breaches|https://www.kyberturvallisuuskeskus.fi/en/ohjeet]] ([[guide .pdf|https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/publication/T_MS365_eng_200919.pdf]])|O365 Best_Practices|
|2019.09.23|Bleeping Computer| → [[Finnish Govt. Releases Guide on Securing Microsoft Office 365|https://www.bleepingcomputer.com/news/security/finnish-govt-releases-guide-on-securing-microsoft-office-365/]]|O365 Best_Practices|
===
* Alerte : CVE-2019-12491 affectant ''OnApp'' la plate-forme d'orchestration utilisée par de très nombreux prestataires Cloud+++*[»]> <<tiddler [[2019.09.30 - Alertes]]>>===
* Rapports et sondages : "''Cloud-Native Breaches''" (ESG)+++*[»]>
|2019.09.24|//ESG//|[[You Might Be Cloud-First, But Security Is Still an Afterthought|https://www.businesswire.com/news/home/20190924005500/en/Cloud-First-Security-Afterthought]]|Report ESG DevSecOps|
|2019.09.24|//Capsule8//| → [[Retooling CyberSecurity Programs for the Cloud-first Era|https://info.capsule8.com/retooling-cybersecurity-programs-for-the-cloud]]|Report ESG DevSecOps|
|2019.09.24|DevOps.com| → [[DevSecOps Becomes a Higher Cloud-Native Priority|https://devops.com/devsecops-becomes-a-higher-cloud-native-priority/]]|Report ESG DevSecOps|
|2019.09.25|Help Net Security| → [[Security capabilities are lagging behind cloud adoption|https://www.helpnetsecurity.com/2019/09/25/security-capabilities-cloud-adoption/]]|Report ESG DevSecOps|
===, "''Cloud Security Intelligence''" (Coalfire)+++*[»]>
|2019.09.25|//Coalfire//|![[Cloud Security Intelligence Report|https://www.coalfire.com/Resources/White-Papers/Cloud-Security-Intelligence-Report]]|Study Threats|
===, "''Cloud-Native Breaches''" (McAfee)+++*[»]>
|2019.09.24|//McAfee//|[[McAfee Report Demonstrates Cloud-Native Breaches Differ Greatly From Malware Attacks of the Past|https://www.businesswire.com/news/home/20190924005213/en/McAfee-Report-Demonstrates-Cloud-Native-Breaches-Differ-Greatly]]|Report McAfee|
|2019.09.24|//McAfee//| → [[Cloud-Native: The Infrastructure-as-a-Service (IaaS) Adoption and Risk Report|https://www.mcafee.com/enterprise/en-us/forms/gated-form.html?docID=be66d487-f531-4484-ba0c-558b534ff779&esheet=52099611&newsitemid=20190924005213]]|Report McAfee|
|2019.09.24|Dark Reading| → [[Cloud-Native Breaches Differ Greatly from Malware Attacks of the Past: McAfee Report|https://www.darkreading.com/cloud/cloud-native-breaches-differ-greatly-from-malware-attacks-of-the-past-mcafee-report/d/d-id/1335890]]|Report McAfee|
|2019.09.24|Help Net Security| → [[99% of misconfiguration incidents in the cloud go unnoticed|https://www.helpnetsecurity.com/2019/09/25/cloud-misconfiguration-incidents/]]|Report McAfee|
===
* Offres produits : annonce Microsoft d'Azure Sentinel+++*[»]>
|2019.09.25|//Microsoft Azure//|[[Azure Sentinel - the cloud-native SIEM that empowers defenders is now generally available|https://www.microsoft.com/security/blog/2019/09/24/azure-sentinel-cloud-native-siem-empowers-defenders-generally-available/]]|Azure SIEM|
===
|>|>|>|!Alerte|
|2019.09.08|MITRE|[[CVE-2019-12491|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12491]]: ^^OnApp allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors^^|OnApp CVE-2019-12491|
|2019.09.26|//Skylight//|[[All Your Cloud Are Belong To Us (CVE-2019-12491)|https://skylightcyber.com/2019/09/26/all-your-cloud-are-belong-to-us-cve-2019-12491/]]
→ Voir ci-dessous|CVE-2019-12491 OnApp|
|>|>|>||
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.09.29|
|2019.09.29|Christophe Parisel|![[An overview of security postures in Azure and AWS|https://www.linkedin.com/pulse/overview-security-postures-azure-aws-christophe-parisel/]] |Security_Posture Azure AWS|
|2019.09.29|Forbes|[[New Cybersecurity Companies Have Their Heads In The Cloud|https://www.forbes.com/sites/jonmarkman/2019/09/29/new-cybersecurity-companies-have-their-heads-in-the-cloud/]]|Misc|
|2019.09.29|//DivvyCloud//|[[Securing Your Cloud to Support Successful Mergers & Acquisitions|https://divvycloud.com/blog/cloud-security-mergers-acquisitions/]]|Misc|
|>|>|>|!2019.09.28|
|2019.09.28|Cyber Defense Mag|[[Why Cyber Security is Redefining SMEs' Business Operations on the Cloud|https://www.cyberdefensemagazine.com/why-cyber-security/]]|SMEs|
|>|>|>|!2019.09.27|
|2019.09.27|Bleeping Computer|[[Office 365 to Get Automated Incident Response for Hacked Accounts|https://www.bleepingcomputer.com/news/microsoft/office-365-to-get-automated-incident-response-for-hacked-accounts/]]|O365 automation Incidents|
|2019.09.27|Security Boulevard|[[A Seismic Shift for Decrypted Visibility in the Cloud|https://securityboulevard.com/2019/09/a-seismic-shift-for-decrypted-visibility-in-the-cloud/]]|Encryption|
|2019.09.27|//MarketResearch//[>img[iCSF/flag_fr.png]]|[[Le marché mondial des services de sécurité basés sur le cloud devrait gagner en popularité dans le monde entier d'ici 2025|https://www.loftvpro.com/le-marche-mondial-des-services-de-securite-bases-sur-le-cloud-devrait-gagner-en-popularite-dans-le-monde-entier-dici-2025/]]|Market|
|2019.09.27|//Veracode//|[[Live From Gartner Security & Risk Mgmt Summit: How to Approach Container Security|https://www.veracode.com/blog/security-news/live-gartner-security-risk-mgmt-summit-how-approach-container-security]]|Containers|
|2019.09.27|//BlueCat//|[[How to start achieving visibility in the cloud|https://www.helpnetsecurity.com/2019/09/27/visibility-in-the-cloud/]]|Visibility|
|2019.09.27|//Oracle Cloud//|[[Multicloud is the New On-Prem|https://www.linkedin.com/pulse/multicloud-new-on-prem-matthew-o-keefe-ph-d-/]]|Multi_Cloud|
|2019.09.27|//Cloud Academy//|[[AWS Security Groups: Instance Level Security|https://cloudacademy.com/blog/aws-security-groups-instance-level-security/]]|AWS|
|>|>|>|!2019.09.26|
|2019.09.26|Solutions Numériques[>img[iCSF/flag_fr.png]]|[[IAM/IDaaS, la clé d'une approche "Zero Trust"|https://www.solutions-numeriques.com/dossiers/iam-idaas-la-cle-dune-approche-zero-trust/]]|IAM IDaaS|
|2019.09.26|Cyber Defense Mag|[[Escaping the Gravitational Pull of Data Insecurity|https://www.cyberdefensemagazine.com/escaping-the-gravitational/]]|Data Regulations|
|2019.09.26|//Skylight//|![[All Your Cloud Are Belong To Us (CVE-2019-12491)|https://skylightcyber.com/2019/09/26/all-your-cloud-are-belong-to-us-cve-2019-12491/]]|CVE-2019-12491 OnApp|
|2019.09.26|MotherBoard| → [[Thousands of Cloud Computing Servers Could Be Owned With 'Very Simple' Attack, Researchers Say|https://www.vice.com/en_us/article/ywanev/thousands-of-cloud-computing-servers-could-be-owned-with-very-simple-attack-researchers-say]]|CVE-2019-12491 OnApp|
|2019.09.26|Dark Reading| → [[Cloud Vulnerability Could Let One Server Compromise Thousands|https://www.darkreading.com/cloud/cloud-vulnerability-could-let-one-server-compromise-thousands/d/d-id/1335943]]|CVE-2019-12491 OnApp|
|2019.09.26|Dark Reading|[[Why You Need to Think About API Security|https://www.darkreading.com/application-security/why-you-need-to-think-about-api-security/a/d-id/1335861]]|APIs|
|2019.09.26|Dark Reading|[[Why Clouds Keep Leaking Data|https://www.darkreading.com/edge/theedge/why-clouds-keep-leaking-data/b/d-id/1335921]]|Data_Leaks CSA|
|2019.09.26|Kitploit|[[Kube-Alien - Tool To Launches Attack on K8s Cluster from Within|https://www.kitploit.com/2019/09/kube-alien-tool-to-launches-attack-on.html]]|[[Tools|Outils-GitHub]]|
|2019.09.26|//Zscaler//|[[Phishing attacks abusing appspot.com and web.app domains on Google Cloud|https://www.zscaler.com/blogs/research/phishing-attacks-abusing-appspotcom-and-webapp-domains-google-cloud]]|Phishing GCP|
|2019.09.26|//CloudCheckr//|[[Understanding the Shared Responsibility Model for Cloud Security|https://cloudcheckr.com/cloud-security/shared-responsibility-model/]]|Shared_Responsibility|
|2019.09.26|//DivvyCloud//|[[Lion Air Data Breach! Another Misconfigured S3 Bucket|https://divvycloud.com/blog/lion-air-data-breach-another-misconfigured-s3-bucket/]]|Data_Leak AWS_S3 Malindo|
|2019.09.26|//Threatpost//|[[CISOs: Support Vendor Security Ops for Best Cloud Results|https://threatpost.com/cisos-support-vendor-security-ops-for-best-cloud-results/148665/]]|SaaS Survey McKinsey|
|2019.09.26|//Microsoft Azure//|[[How to prevent phishing attacks that target your customers with DMARC and Office 365|https://www.microsoft.com/security/blog/2019/09/26/how-to-prevent-phishing-attacks-dmarc-office-365/]]|O365 Phishing Prevention|
|2019.09.26|//WeScale//[>img[iCSF/flag_fr.png]]|![[Le guide de Chaos Engineering : Partie 1|https://blog.wescale.fr/2019/09/26/le-guide-de-chaos-engineering-part-1/]] (1/3)|Chaos_Engineering|
|2019.09.26|//StackRox//|![[12 Kubernetes configuration best practices|https://www.stackrox.com/post/2019/09/12-kubernetes-configuration-best-practices/]]|K8s Best_Practices|
|2019.09.26|BuildAzure|[[Security of Azure Container Registry Image Promotion Flow|https://buildazure.com/security-azure-container-registry-image-promotion/]]|Azure Registry|
|>|>|>|!2019.09.25|
|2019.09.25|Bleeping Computer|[[Microsoft Phishing Attack Uses Google Redirects to Evade Detection|https://www.bleepingcomputer.com/news/security/microsoft-phishing-attack-uses-google-redirects-to-evade-detection/]]|O365 Phishing|
|2019.09.25|FedScoop|[[Energy is using cyber risk assessments to make cloud decisions|https://www.fedscoop.com/energy-cyber-risk-cloud-budgeting/]]|Risk_Management FAIR|
|2019.09.25|Cybersecurity Insiders|[[CCSP and CCSK: Which Cloud Security Credential Is Right For You?|https://www.cybersecurity-insiders.com/ccsp-and-ccsk-which-cloud-security-credential-is-right-for-you/]]|CCSK|
|2019.09.25|BetaNews|[[How to use Windows 10's Cloud Download recovery feature|https://betanews.com/2019/09/25/windows-10-cloud-download/]]|Misc|
|2019.09.25|Infosec Institute|[[CCSP exam and CBK changes in August|https://resources.infosecinstitute.com/ccsp-exam-and-cbk-changes-in-august/]]|Training|
|2019.09.25|NextGov|[[How Federal Agencies Can Be More Proactive About Cloud Security|https://www.nextgov.com/ideas/2019/09/how-federal-agencies-can-be-more-proactive-about-cloud-security/160073/]]|Risks|
|2019.09.25|TechradarPro|[[Choosing the right cloud container platform|https://www.techradar.com/news/choosing-the-right-cloud-container-platform]]|Containers|
|2019.09.25|Channel Daily News|[[Who should the CISO report to, and other CloudSec 2019 takeaways|https://channeldailynews.com/news/who-should-the-ciso-report-to-and-other-cloudsec-2019-takeaways/68969]]|Misc|
|2019.09.25|//Microsoft Azure//|[[Azure Sentinel - the cloud-native SIEM that empowers defenders is now generally available|https://www.microsoft.com/security/blog/2019/09/24/azure-sentinel-cloud-native-siem-empowers-defenders-generally-available/]]|Azure SIEM Sentinel|
|2019.09.26|//Microsoft Azure//| → [[Azure Sentinel general availability: A modern SIEM reimagined in the cloud|https://azure.microsoft.com/en-us/blog/azure-sentinel-general-availability-a-modern-siem-reimagined-in-the-cloud/]]|Azure SIEM Sentinel|
|2019.02.28|//Microsoft Azure//| → [[Announcing new cloud-based technology to empower cyber defenders|https://blogs.microsoft.com/blog/2019/02/28/announcing-new-cloud-based-technology-to-empower-cyber-defenders/]]|Azure SIEM Sentinel|
|2019.09.25|//Microsoft Azure//|[[Top 5 use cases to help you make the most of your Cloud Access Security Broker|https://www.microsoft.com/security/blog/2019/09/25/top-5-use-cases-cloud-access-security-broker/]] (1/4)|CASB|
|2019.02.25|//Microsoft Azure//|![[Ensuring secrecy orders are the exception not the rule when the government seeks data owned by our customers|https://blogs.microsoft.com/on-the-issues/2019/09/25/ensuring-secrecy-orders-are-the-exception-not-the-rule-when-the-government-seeks-data-owned-by-our-customers/]]|Regulations|
|2019.09.26|Ars technica| → [[Microsoft: Customers are entitled to know about federal data requests|https://arstechnica.com/tech-policy/2019/09/microsoft-battles-feds-over-gag-orders-in-law-enforcement-data-requests/]]|Regulations|
|2019.09.25|//Bitglass//|[[The Four Pillars of CASB: Identity|https://www.bitglass.com/blog/four-pillars-casb-identity]]|CASB|
|2019.09.25|//Proofpoint//|[[Cloud Attacks Prove Effective Across Industries in the First Half of 2019|https://www.proofpoint.com/us/threat-insight/post/cloud-attacks-prove-effective-across-industries-first-half-2019]]|Report Proofpoint|
|2019.09.25|UnderNews[>img[iCSF/flag_fr.png]]| → [[85 % des organisations ont subi au moins une cyberattaque via le cloud au cours du premier semestre 2019|https://www.undernews.fr/reseau-securite/85-des-organisations-ont-subi-au-moins-une-cyberattaque-via-le-cloud-au-cours-du-premier-semestre-2019.html]]|Report Proofpoint|
|2019.09.25|//Markerbench//|[[Why CISOs should Care About Cloud "Drift"|http://www.markerbench.com/blog/2019/09/25/drifting-along/]]|Misc|
|2019.09.25|//Puppet//|[[2019 State of DevOps Report|https://puppet.com/resources/whitepaper/state-of-devops-report]]|Report Puppet DevOps|
|2019.09.25|//Puppet//|[[2019 State of DevOps Report Reveals Shifting Security Left is Insufficient; Organizations Must Fundamentally Change How They Work Earlier in the Software Delivery Cycle|https://www.globenewswire.com/news-release/2019/09/25/1920660/0/en/2019-State-of-DevOps-Report-Reveals-Shifting-Security-Left-is-Insufficient-Organizations-Must-Fundamentally-Change-How-They-Work-Earlier-in-the-Software-Delivery-Cycle.html]]|Report Puppet DevOps|
|2019.09.25|//Coalfire//|![[Cloud Security Intelligence Report|https://www.coalfire.com/Resources/White-Papers/Cloud-Security-Intelligence-Report]]|Study Threats|
|>|>|>|!2019.09.24|
|2019.09.24|Cybersecurity Insiders|[[Why IaaS requires cloud security automation|https://www.cybersecurity-insiders.com/why-iaas-requires-cloud-security-automation/]]|IaaS Automation|
|2019.09.24|Solutions Reviews|[[Cloud Compliance: How to Maintain Compliance in Your Cloud Deployment|https://solutionsreview.com/cloud-platforms/cloud-compliance-how-to-maintain-compliance-in-your-cloud-deployment/]]|Compliance|
|2019.09.24|//ESG//|[[Enterprise Strategy Group Study Finds Very Few Companies Are Securing the Majority of Their Cloud-Native Apps With DevSecOps Practices|https://www.businesswire.com/news/home/20190926005105/en/Enterprise-Strategy-Group-Study-Finds-Companies-Securing]]|Report ESG DevSecOps|
|2019.09.24|//Data Theorem//|[[Security for DevOps - Enterprise Survey Report, September 2019|https://www.datatheorem.com/resources/reports/esg-security-for-devops]]|Report ESG DevSecOps|
|2019.09.24|//ESG//|[[You Might Be Cloud-First, But Security Is Still an Afterthought|https://www.businesswire.com/news/home/20190924005500/en/Cloud-First-Security-Afterthought]]|Report ESG DevSecOps|
|2019.09.24|//Capsule8//| → [[Retooling CyberSecurity Programs for the Cloud-first Era|https://info.capsule8.com/retooling-cybersecurity-programs-for-the-cloud]]|Report ESG DevSecOps|
|2019.09.24|DevOps.com| → [[DevSecOps Becomes a Higher Cloud-Native Priority|https://devops.com/devsecops-becomes-a-higher-cloud-native-priority/]]|Report ESG DevSecOps|
|2019.09.25|Help Net Security| → [[Security capabilities are lagging behind cloud adoption|https://www.helpnetsecurity.com/2019/09/25/security-capabilities-cloud-adoption/]]|Report ESG DevSecOps|
|2019.09.26|Dark Reading| → [[Cloud-Native Applications: Shift to Serverless is Underway|https://www.darkreading.com/cloud/cloud-native-applications-shift-to-serverless-is-underway/d/d-id/1335931]]|Report ESG DevSecOps|
|2019.09.26|InfoSecurity Mag| → [[Secure DevOps Practices Expected to Increase for Cloud Apps|https://www.infosecurity-magazine.com/news/secure-devops-cloud-apps/]]|Report ESG DevSecOps|
|2019.09.24|//McAfee//|[[McAfee Report Demonstrates Cloud-Native Breaches Differ Greatly From Malware Attacks of the Past|https://www.businesswire.com/news/home/20190924005213/en/McAfee-Report-Demonstrates-Cloud-Native-Breaches-Differ-Greatly]]|Report McAfee|
|2019.09.24|//McAfee//| → [[Cloud-Native: The Infrastructure-as-a-Service (IaaS) Adoption and Risk Report|https://www.mcafee.com/enterprise/en-us/forms/gated-form.html?docID=be66d487-f531-4484-ba0c-558b534ff779&esheet=52099611&newsitemid=20190924005213]]|Report McAfee|
|2019.09.24|Dark Reading| → [[Cloud-Native Breaches Differ Greatly from Malware Attacks of the Past: McAfee Report|https://www.darkreading.com/cloud/cloud-native-breaches-differ-greatly-from-malware-attacks-of-the-past-mcafee-report/d/d-id/1335890]]|Report McAfee|
|2019.09.24|Help Net Security| → [[99% of misconfiguration incidents in the cloud go unnoticed|https://www.helpnetsecurity.com/2019/09/25/cloud-misconfiguration-incidents/]]|Report McAfee|
|2019.09.24|//PaloAlto Networks//|[[5 Considerations Before Building Your Own Cloud Security Tool|https://blog.paloaltonetworks.com/2019/09/cloud-security-tool/]]|[[Tools|GitHub-Tools]]|
|2019.09.24|//McAfee//|[[McAfee Cloud Adoption and Risk Report - Uncovering the scale of risk in the cloud|https://www.mcafee.com/enterprise/en-us/solutions/lp/cloud-adoption-risk.html]] ou [[ici|https://cloudsecurity.mcafee.com/cloud/en-us/forms/white-papers/wp-cloud-adoption-risk-report-2019-banner-cloud-mfe.html]]|Report McAfee|
|2019.09.24|//Digital Shadows//|![[SecDevOps: Continued Database Exposures Point to Growing Challenges|https://www.digitalshadows.com/blog-and-research/secdevops-continued-database-exposures-point-to-growing-challenges/]]|DevSecOps BreachesData_|
|2019.09.24|//Digital Shadows//| → [[Timeline of Inadvertant Data Breaches (2017-2019)|https://www.slideshare.net/digitalshadows/inadvertant-data-breaches]]|Data_Breaches|
|2019.09.24|//Threatstack//|[[16 Kubernetes Experts Share the Most Interesting Current Trends to Look for in Kubernetes|https://www.threatstack.com/blog/16-kubernetes-experts-share-the-most-interesting-current-trends-to-look-for-in-kubernetes]]|K8s Trends|
|2019.09.24|//Pupuweb//|[[5 Essentials for Hybrid Identity Management and Security|https://pupuweb.com/essentials-hybrid-identity-management-security/]]|IAM|
|2019.09.24|//Clever Cloud//[>img[iCSF/flag_fr.png]]|![[Le grand retour du "cloud souverain": une histoire de gouvernance et de protectionnisme|https://www.frenchweb.fr/le-grand-retour-du-cloud-souverain-une-histoire-de-gouvernance-et-de-protectionnisme/376626]]|Sovereign_Cloud|
|2019.09.24|Dev.to|[[Best Practices for Event-Driven Microservice Architecture|https://dev.to/heroku/best-practices-for-event-driven-microservice-architecture-2lh7]]|Misc|
|>|>|>|!2019.09.23|
|2019.09.23|NCSC-FI|![[Protection against Microsoft Office 365 credential phishing and data breaches|https://www.kyberturvallisuuskeskus.fi/en/ohjeet]] ([[guide .pdf|https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/publication/T_MS365_eng_200919.pdf]])|O365 Best_Practices|
|2019.09.23|Bleeping Computer| → [[Finnish Govt. Releases Guide on Securing Microsoft Office 365|https://www.bleepingcomputer.com/news/security/finnish-govt-releases-guide-on-securing-microsoft-office-365/]]|O365 Best_Practices|
|2019.09.23|Help Net Security|![[How data breaches forced Amazon to update S3 bucket security|https://www.helpnetsecurity.com/2019/09/23/s3-bucket-security/]]|AWS S3|
|2019.09.23|Container Journal|[[Harbor Container Registry Project Advances|https://containerjournal.com/topics/container-management/harbor-container-registry-project-advances/]]|Harbor|
|2019.09.23|CloudTweaks|[[Implementing Serverless Microservices Architecture on AWS|https://cloudtweaks.com/2019/09/implementing-serverless-microservices-architecture/]]|Serverless|
|2019.09.23|Finextra|[[Sibos 2019: Cloud services- huge burden of security responsibility|https://www.finextra.com/newsarticle/34457/sibos-2019-cloud-services--huge-burden-of-security-responsibility]]|Shared_Responsibility|
|2019.09.23|Cybersecurity Insiders|[[Controlling Access Is a Key Component of Security for Hybrid IT|https://www.cybersecurity-insiders.com/controlling-access-is-a-key-component-of-security-for-hybrid-it/]]|Access_Controls|
|2019.09.23|The Next Web|[[More than 60% of Ethereum nodes run in the cloud, mostly on Amazon Web Services|https://thenextweb.com/hardfork/2019/09/23/ethereum-nodes-cloud-services-amazon-web-services-blockchain-hosted-decentralization/]]|AWS Blockchain|
|2019.09.23|//Microsoft Azure//|[[How to develop your service health alerting strategy|https://azure.microsoft.com/en-us/blog/how-to-develop-your-service-health-alerting-strategy/]]|Monitoring|
|2019.09.23|//Clearswift//|[[Big brands don't guarantee big security: how to bolster your information security in the cloud|https://www.clearswift.com/blog/2019/09/23/big-brands-don%E2%80%99t-guarantee-big-security-how-bolster-your-information-security-cloud]]|Risks|
|2019.09.23|//Qualys//|[[Empower your Cloud Ops Teams - Publish Qualys CloudView Security Assessment Reports to their Slack Channel|https://blog.qualys.com/news/2019/09/23/empower-your-cloud-ops-teams-publish-qualys-cloudview-security-assessment-reports-to-their-slack-channel]]|SecOps|
|2019.09.23|//Arbor//|[[How Cybercrime-as-a-Service Is Growing the Black Market|https://www.armor.com/blog/how-cybercrime-as-a-service-is-growing-the-black-market/]]|Crimeware|
!"//How Blockchain Might Save Us All//"
[>img(150px,auto)[iCSA/J9RBH.jpg]]Article de blog publié le 27 septembre 2019 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA
<<<
//I've been seeing a lot of articles claiming that Blockchain will save us from hackers, and ransomware, and all sorts of other Cyber-Shenanigans. So… will Blockchain save us all? Yes, well ... sort of, it's complicated.
Let's start with a story:
__''The evolution of web browsers''__
Web browsers. Through the 1990's and 2000's the web browser became a dominant piece of software. Through the late 2000's the dominance of JavaScript became obvious, with high speed Internet it became possible to deliver multi megabyte web pages (currently cnn.com is 1.4 megabytes, YoutTube is 1.9 and even the "lean" front page of google.com is 0.45). But the performance of running JavaScript in the web browser… well let's be honest. It was becoming awful. So awful in fact that it was beginning to impact Google, who wanted to deliver rich web pages and services using JavaScript, but… the experience was so slow and awful people were getting turned off of it. Now if you're the scale of Google the solution is simple: you engineer and release a really fast web browser with a really fast JavaScript engine (V8).
This has two main effects:
* It gives people a choice of a fast web browser and…
* It shames all the other slow web browsers into improving, or being so bad that they get left behind.
__''…and the evolution of Blockchain''__
[>img(150px,auto)[iCSA/J7OBU.jpg]]I can't help but feel that Blockchain is sort of having the same effect. For example backups. A critical component of information security is having backups. Without backups you can't recover from an attack to a known good state very easily (even if the attacker didn't delete records did he modify any? Do you have anything to compare to?). Blockchain solves the backup problem in two simple ways: everyone has a full copy of the data if they want, and the data itself has protections that will show if it was tampered or modified. Even better I can be reasonably certain I have ALL the data and that it is up to date (it's 3am, do you know if your backups are up to date?).
When it comes to ransomware the biggest problem we see again and again is that the data that got encrypted is now effectively gone because nobody has a proper backup of it that can be recovered easily, if at all. Now to be clear I don't think we should switch every data storage medium over to some Blockchain based version (I also don't think Bitcoin is going to suddenly replace the world's banking system), but I do think we should maybe ask "why can't we have some of the benefits of Blockchain in our other data storage and processing systems?"
You can read more about Blockchain uses cases in CSA's latest research report [[here|2019.07.31 - Publication : 'Documentation of Relevant Distributed Ledger Technology and Blockchain Use Cases v2']]//
[...]
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/j9rb/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 16 au 22 septembre 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Actu : Demande de validation la traduction en français de 3 documents CSA+++*[»]> <<tiddler [[2019.09.19 - Demande de validation la traduction en français de 3 documents CSA]]>>===
* Blog : ''CAIQ V3 Updates''+++*[»]> <<tiddler [[2019.09.17 - Blog : 'CAIQ V3 Updates']]>>===
* Publ : ''Consensus Assessment Initiative Questionnaire (CAIQ) v3.1''+++*[»]> <<tiddler [[2019.09.17 - Publication : 'Consensus Assessment Initiative Questionnaire (CAIQ) v3.1']]>>===
* Actu : Appel à commentaires sur le document ''Best Practices in Implementing a Secure Microservices Architecture''+++*[»]> <<tiddler [[2019.09.16 - Appel à commentaires : document 'Best Practices in Implementing a Secure Microservices Architecture']]>>===
* Blog : ''Sidechains, beacon chains and why we shouldn't give up on Blockchain performance quite yet''+++*[»]> <<tiddler [[2019.09.18 - Blog : Sidechains, beacon chains and why we shouldn't give up on Blockchain performance quite yet]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.09.22 - Veille Hebdomadaire - 22 septembre]] avec plus de 70 liens :
* __''À lire'' :__ Bilan sur la ''panne Amazon S3 du 28 février 2017''+++*[»]>
|2019.09.16|Gremlin|![[The 2017 Amazon S3 Outage|https://www.gremlin.com/blog/the-2017-amazon-s-3-outage/]]|AWS Outage Lessons_Learnt|
===
* __''À lire'' :__ ''évaluer la sécurité de ses containers et de Kubernetes''+++*[»]>
|2019.09.18|Container Journal|![[10 Questions To Assess Your Container and Kubernetes Security|https://containerjournal.com/topics/container-security/10-questions-to-assess-your-container-and-kubernetes-security/]]|Containers Kubernetes|
===
* ''Alertes'' : ''goHarbor.io''+++*[»]> <<tiddler [[2019.09.30 - Alertes]]>>===
* Rapports et sondages : ''Virtustream''+++*[»]>
|2019.09.19|//Virtustream//|[[Services Experts to Accelerate Cloud Migrations and Drive Productivity Gains|https://www.businesswire.com/news/home/20190919005138/en/New-Research-Finds-70-Enterprises-Cloud-Managed]]|Report MSP|
|2019.09.20|//Virtustream//[>img[iCSF/flag_fr.png]]| → [[70% des entreprises font appel à des experts en service cloud managés pour accélérer les migrations|http://www.globalsecuritymag.fr/70-des-entreprises-font-appel-a,20190920,90905.html]]|Report MSP|
===
* Piratages et fuites de données : Erreurs de ''configurations''+++*[»]>
|2019.09.20|//PaloAlto Networks//|![[Top 3 AWS Critical Cloud Misconfigurations and How to Remediate|https://blog.paloaltonetworks.com/2019/09/cloud-aws-critical-cloud-misconfigurations/]]|AWS Misconfigurations|
|2019.09.17|Cyber Security Hub|[[Behind The Data Breach: Understanding Cloud Security And Misconfigurations|https://www.cshub.com/cloud/articles/behind-the-data-breach-understanding-cloud-security-and-misconfigurations]]|Misconfigurations|
|2019.09.16|//PaloAlto Networks//|[[Top 10 Configuration Risks or Mistakes in Amazon Web Services (AWS) Deployment|https://pupuweb.com/configuration-risks-mistakes-aws/]]|AWS Risks Misconfigurations|
=== avec l'exemple de Malindo/Lion Air (S3)+++*[»]>
|2019.09.17|Bleeping Computer|[[Millions of Lion Air Passenger Records Exposed and Exchanged on Forums|https://www.bleepingcomputer.com/news/security/millions-of-lion-air-passenger-records-exposed-and-exchanged-on-forums/]]|Data_Leak AWS_S3 Malindo|
|2019.09.18|South China Morning Post| → [[Malindo Air confirms data breach, exposing millions of passengers' personal data|https://www.scmp.com/news/asia/southeast-asia/article/3027780/malindo-air-confirms-data-breach-exposing-millions]]|Data_Leak AWS_S3 Malindo|
|2019.09.18|Malindo| → [[Press Statement on Data Breach|https://www.malindoair.com/news-events/2019/09/18/Press-Statement-on-Data-Breach]]|Data_Leak AWS_S3 Malindo|
|2019.09.19|Malindo| → [[Data breach investigation details|https://www.malindoair.com/news-events/2019/09/19/Data-breach-investigation-details]]|Data_Leak AWS_S3 Malindo|
|2019.09.19|Dark Reading| → [[Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3|https://www.darkreading.com/attacks-breaches/lion-air-the-latest-to-get-tripped-up-by-misconfigured-aws-s3-/d/d-id/1335864]]|Data_Leak AWS_S3 Malindo|
|2019.09.19|InfoSecurity Mag| → [[Lion Air Breach Hits Millions of Passengers|https://www.infosecurity-magazine.com/news/lion-air-breach-hits-millions-of/]]|Data_Leak AWS_S3 Malindo|
|2019.09.20|Information Security Newspaper| → [[Lion Air Group data breach: 35 million passenger data is leaked from AWS servers|https://www.securitynewspaper.com/2019/09/20/lion-air-group-data-breach-35-million-passenger-data-is-leaked-from-aws-servers/]]|Data_Leak AWS_S3 Malindo|
|2019.09.20|ZDnet| → [[AWS says servers secure following Malindo Air data breach|https://www.zdnet.com/article/aws-says-servers-secure-following-malindo-air-data-breach/]]|Data_Leak AWS_S3 Malindo|
=== et de la fuite de données en Equateur
* __Divers__ : Cloud et posture sécurité, annonces Oracle et Google (Anthos), conteneurs et bonnes pratiques, ..
|>|>|>|!Alerte|
|2019.09.08|MITRE|[[CVE-2019-16097|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16097]]: ^^core/api/user.go [...] allows non-admin users to create admin accounts via the POST /api/users API^^|Harbor CVE-2019-16097|
|2019.09.18|//PaloAlto Networks//|[[Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to Admin (CVE-2019-16097)|https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/]]|Harbor CVE-2019-16097|
|2019.09.19|Bleeping Computer| → [[Critical Bug In Harbor Container Registry Gives Admin Access|https://www.bleepingcomputer.com/news/security/critical-bug-in-harbor-container-registry-gives-admin-access/]]|Harbor CVE-2019-16097|
|2019.09.20|GBHackers on Security| → [[Critical Vulnerability in Harbor let Hackers to Escalate Privilege by Sending Malicious Request|https://gbhackers.com/critical-vulnerability-harbor/]]|Harbor CVE-2019-16097|
|2019.09.02|Harbor|[[Disallow creating an admin user when registration #8917|https://github.com/goharbor/harbor/pull/8917]]|CVE-2019-16097 Patch|
|>|!|>||
|>|>|>||
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.09.22|
|2019.09.22|nixCraft|[[Amazon Linux AMI update installed packages for security|https://www.cyberciti.biz/faq/amazon-linux-ami-update-installed-packages-for-security/]]|AWS AMI|
|2019.09.22|KitPloit|[[ArmourBird CSF - Container Security Framework|https://www.kitploit.com/2019/09/armourbird-csf-container-security.html]]|[[Tools|Outils-GitHub]] ArmourBird_CSF|
|2019.09.22|//Tripwire//|[[Building a Foundation for "Smart" Steel Factories with Fog Computing, the Cloud and Cybersecurity|https://www.tripwire.com/state-of-security/ics-security/foundation-smart-steel-factories-fog-cloud-cybersecurity/]]|Smart_Factory|
|>|>|>|!2019.09.20|
|2019.09.20|GBHackers on Security|[[How Does World's Highly Secured Google Network Works? Google's Effort & Dedication|https://gbhackers.com/google-dedicate-cyber-security/]]|Google|
|2019.09.20|Security Boulevard|[[Debunking the 5 Biggest Cloud Security Myths|https://securityboulevard.com/2019/09/debunking-the-5-biggest-cloud-security-myths/]]|Risks|
|2019.09.20|Solutions Review|[[How Do You Adapt Security When You Move to the Cloud?|https://solutionsreview.com/cloud-platforms/how-do-you-adapt-security-when-you-move-to-the-cloud/]]|Recommendations|
|2019.09.20|Redmond Channel Partner|[[Microsoft Readies Raft of Updates to Office 365 and Azure Tools|https://rcpmag.com/articles/2019/09/20/office-365-azure-tools-updates.aspx]]|O365 Azure|
|2019.09.20|IT Pro[>img[iCSF/flag_fr.png]]|[[L'adoption du Cloud va plus vite que l'évolution de la sécurité|https://www.itpro.fr/ladoption-du-cloud-va-bien-plus-vite-que-levolution-de-la-securite/]]|Report Symantec|
|2019.09.20|//Sekurigi//[>img[iCSF/flag_fr.png]]|[[Plan de Reprise d'Activites : Le Cloud à la Rescousse ?|https://www.sekurigi.com/2019/09/plan-de-reprise-dactivites-le-cloud-a-la-rescousse/]]|BCP DRP|
|2019.09.20|//PaloAlto Networks//|![[Top 3 AWS Critical Cloud Misconfigurations and How to Remediate|https://blog.paloaltonetworks.com/2019/09/cloud-aws-critical-cloud-misconfigurations/]]|AWS Misconfigurations|
|2019.09.20|//Google Cloud//|[[How to deploy a Windows container on Google Compute Engine|https://cloud.google.com/blog/products/containers-kubernetes/how-to-deploy-a-windows-container-on-google-compute-engine]]|Containers Windows|
|2019.09.20|//Gartner//|![[The Future of Network Security Is in the Cloud|https://www.zscaler.com/gartner-secure-access-service-edge-sase]]|Gartner Network|
|2019.09.20|//Zscaler//| → [[New Report from Gartner Research: The Future of Network Security Is in the Cloud|https://www.zscaler.com/blogs/corporate/new-report-gartner-research-future-network-security-cloud]]|Gartner Network|
|2019.09.20|//Zscaler//[>img[iCSF/flag_fr.png]]| → [[L'avenir de la prévention contre la perte de données est dans le cloud|https://www.informatiquenews.fr/lavenir-de-la-prevention-contre-la-perte-de-donnees-est-dans-le-cloud-didier-guyomarch-zscaler-63501]]|DLP|
|2019.09.20|//Iland//|[[Use Office 365 Backup to Protect Data from Ransomware, Insider Threats and Accidents|https://pupuweb.com/office-365-backup-protect-data-ransomware-insider-threats-accidents/]]|O365|
|2019.09.20|//JumpCloud//|[[Cloud LDAP Solution|https://jumpcloud.com/blog/cloud-ldap-solution/]]|LDAP|
|2019.09.20|//CyberArk//|[[Eight Ways to Create a Pod|https://www.cyberark.com/threat-research-blog/eight-ways-to-create-a-pod/]]|K8s|
|2019.09.20|//NuData//|[[Q&A: How cloud computing protects Canadians against hackers|http://www.digitaljournal.com/tech-and-science/technology/q-a-how-cloud-computing-protects-canadians-against-hackers/article/558298]]|Threats|
|2019.09.20|//Outpost24//|[[Top vulnerability trends and how to fix them|https://outpost24.com/blog/Top-vulnerability-trends-and-how-to-fix-them]]|Report Outpost|
|>|>|>|!2019.09.19|
|2019.09.19|Compare The Cloud|[[Top five considerations to consider when migrating security to the cloud|https://www.comparethecloud.net/articles/top-five-considerations-to-consider-when-migrating-security-to-the-cloud/]]|Migration|
|2019.09.19|Security Boulevard|[[CLOUD Act, GDPR Changing Data Protection Game|https://securityboulevard.com/2019/09/cloud-act-gdpr-changing-data-protection-game/]]|CLOUD_Act GDPR|
|2019.09.19|The Register| → [[German Government Report Digital Sovereignty|https://www.theregister.co.uk/2019/09/19/german_government_report_digital_sovereignty/]]|Sovereignty Germany|
|2019.09.20|CBR Online|[[Is the German Government Set to Kiss Goodbye to Microsoft, Amid "Digital Sovereignty" Fears?|https://www.cbronline.com/news/germany-digital-sovereignty-bmi]]|Sovereignty Germany|
|2019.09.19|//F5 Networks//[>img[iCSF/flag_fr.png]]|[[Bonnes pratiques de sécurité pour les conteneurs logiciels|http://www.globalsecuritymag.fr/Bonnes-pratiques-de-securite-pour,20190919,90894.html]]|Containers|
|2019.09.19|//Alliancy//[>img[iCSF/flag_fr.png]]|[[Cloud et cybersécurité : deux systèmes antagoniques ?|https://www.alliancy.fr/expertise/cloud/2019/09/19/cloud-et-cybersecurite-2-systemes-antagoniques]]|Misc|
|2019.09.19|//Google Cloud//|[[3 steps to detect and remediate security anomalies with Cloud Anomaly Detection|https://cloud.google.com/blog/products/identity-security/3-steps-to-detect-and-remediate-security-anomalies-with-cloud-anomaly-detection]] (3/6)|Detection|
|2019.09.19|//Trendmicro//|[[Beyond The Standard CISO Cloud Security Guide|https://blog.trendmicro.com/beyond-the-standard-ciso-cloud-security-guide/]]|Strategy|
|2019.09.19|//Managed Methods//|[[CASB 2.0: Cloud Security, Visibility and Control|https://managedmethods.com/blog/casb-2-0-cloud-security-visibility-and-control/]]|CASB|
|2019.09.19|//Trustwave//|[[Overcoming Security Policy Management Hurdles in the Cloud|https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/overcoming-security-policy-management-hurdles-in-the-cloud/]]|Policy|
|2019.09.19|//Bitglass//|[[How to tackle security in the cloud era|https://www.teiss.co.uk/cyber-security-cloud/]]|Best_Practices|
|2019.09.19|//Nucleaus Cyber//|[[Sharing Data Inside and Outside of the (Drop)Box|https://vmblog.com/archive/2019/09/19/sharing-data-inside-and-outside-of-the-drop-box.aspx]]|Dropbox|
|2019.09.19|//ThreatStack//|[[10 Automated Testing Tools That Threat Stack Uses - and Why|https://www.threatstack.com/blog/10-automated-testing-tools-that-threat-stack-uses-and-why]]|[[Tools|GitHub-Tools]]|
|2019.09.19|//McAfee//|[[Detecting and Preventing Insider Threats in the Cloud|https://www.skyhighnetworks.com/cloud-security-blog/detecting-and-preventing-insider-threats-in-the-cloud/]]|Insider_Threats|
|2019.09.19|//Fugue//|[[Cloud Network Security 101: AWS Security Groups vs NACLs|https://www.fugue.co/blog/cloud-network-security-101-aws-security-groups-vs-nacls]]|AWS Access_Controls|
|2019.09.19|//Caylent//|[[AWS CloudWatch Container Insights|https://caylent.com/aws-cloudwatch-container-insights]]|AWS Containers|
|2019.09.19|//Virtustream//|[[Services Experts to Accelerate Cloud Migrations and Drive Productivity Gains|https://www.businesswire.com/news/home/20190919005138/en/New-Research-Finds-70-Enterprises-Cloud-Managed]]|Report MSP|
|2019.09.20|//Virtustream//[>img[iCSF/flag_fr.png]]| → [[70% des entreprises font appel à des experts en service cloud managés pour accélérer les migrations|http://www.globalsecuritymag.fr/70-des-entreprises-font-appel-a,20190920,90905.html]]|Report MSP|
|2019.09.19|//Outpost24//|![[Top 10 Cloud security myths infographic|https://outpost24.com/blog/Top-10-Cloud-security-myths-infographic]]|Myths|
|>|>|>|!2019.09.18|
|2019.09.18|Container Journal|![[10 Questions To Assess Your Container and Kubernetes Security|https://containerjournal.com/topics/container-security/10-questions-to-assess-your-container-and-kubernetes-security/]]|Containers Kubernetes|
|2019.09.18|Container Journal|[[Kubernetes 1.16 Update Tackles Stability and Scale|https://containerjournal.com/topics/container-ecosystems/kubernetes-1-16-update-tackles-stability-and-scale/]]|K8s|
|2019.09.18|Redmond Channel Partner|[[Microsoft Unveils Service To Keep Azure Connections Private|https://rcpmag.com/articles/2019/09/18/microsoft-azure-connections-private.aspx]]|Azure|
|2019.09.18|//Rapid7//|[[Cloud Security Fundamentals: Strategies to Secure Cloud Environments|https://blog.rapid7.com/2019/09/18/cloud-security-fundamentals-strategies-to-secure-cloud-environments/]]|Strategy Best_Practices|
|2019.09.18|Silicon.fr[>img[iCSF/flag_fr.png]]|[[CLOUD Act : pour AWS, la parade est dans le chiffrement des données|https://www.silicon.fr/cloud-act-aws-chiffrement-des-donnees-260865.html]]|CLOUD_Act AWS Encryption|
|2019.09.18|Fortinet[>img[iCSF/flag_fr.png]]|[[Quatre concepts essentiels pour la sécurité du cloud|https://cyberexperts.tech/quatre-concepts-essentiels-pour-la-securite-du-cloud/]]|Misc|
|2019.09.18|//Cameyo//|[[Removing Yet Another Barrier to Cloud Migration: RDP Security|https://cameyo.com/removing-yet-another-barrier-to-cloud-migration-rdp-security/]]|RDP|
|2019.09.18|//CloudKnox//|[[Are you prepared for the next cloud infrastructure cyber-attack?|https://cloudknox.io/are-you-prepared-for-the-next-cloud-infrastructure-cyber-attack/]]|Preparedness|
|>|>|>|!2019.09.17|
|2019.09.17|Dark Reading|![[Five Common Cloud Configuration Mistakes|https://www.darkreading.com/cloud/five-common-cloud-configuration-mistakes/a/d-id/1335768]]|Miconfigurations|
|2019.09.17|Help Net Security|[[Five ways to manage authorization in the cloud|https://www.helpnetsecurity.com/2019/09/17/manage-authorization-in-the-cloud/]]|Authorization|
|2019.09.17|Security Boulevard|[[Who's Financially Responsible for Cybersecurity Breaches?|https://securityboulevard.com/2019/09/whos-financially-responsible-for-cybersecurity-breaches/]]|Breaches|
|2019.09.17|Cyber Security Hub|[[Behind The Data Breach: Understanding Cloud Security And Misconfigurations|https://www.cshub.com/cloud/articles/behind-the-data-breach-understanding-cloud-security-and-misconfigurations]]|Misconfigurations|
|2019.09.17|CIO Dive|[[Skepticism slows cloud and SaaS adoption|https://www.ciodive.com/news/skepticism-slows-cloud-and-saas-adoption/563017/]]|SaaS|
|2019.09.17|ComputerWeekly|[[Top five cloud storage pitfalls|https://www.computerweekly.com/feature/Top-five-cloud-storage-pitfalls]]|Storage|
|2019.09.17|Compare The Cloud|[[A guide to cloud-based Digital Asset Management|https://www.comparethecloud.net/articles/a-guide-to-cloud-based-digital-asset-management/]]|Asset_Management|
|2019.09.17|Infosec Institute|[[SSCP versus CCSP: Cloud security or systems security?|https://resources.infosecinstitute.com/sscp-versus-ccsp-cloud-security-or-systems-security/]]|Training|
|2019.09.17|The Register|[[VMware on AWS: Low-risk option or security blanket for those who don't like change?|https://www.theregister.co.uk/2019/09/17/vmware_on_aws_why_and_why_not/]]|AWS VMware|
|2019.09.17|Bleeping Computer|[[Millions of Lion Air Passenger Records Exposed and Exchanged on Forums|https://www.bleepingcomputer.com/news/security/millions-of-lion-air-passenger-records-exposed-and-exchanged-on-forums/]]|Data_Leak AWS_S3 Malindo|
|2019.09.18|South China Morning Post| → [[Malindo Air confirms data breach, exposing millions of passengers' personal data|https://www.scmp.com/news/asia/southeast-asia/article/3027780/malindo-air-confirms-data-breach-exposing-millions]]|Data_Leak AWS_S3 Malindo|
|2019.09.18|Malindo| → [[Press Statement on Data Breach|https://www.malindoair.com/news-events/2019/09/18/Press-Statement-on-Data-Breach]]|Data_Leak AWS_S3 Malindo|
|2019.09.19|Malindo| → [[Data breach investigation details|https://www.malindoair.com/news-events/2019/09/19/Data-breach-investigation-details]]|Data_Leak AWS_S3 Malindo|
|2019.09.19|Dark Reading| → [[Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3|https://www.darkreading.com/attacks-breaches/lion-air-the-latest-to-get-tripped-up-by-misconfigured-aws-s3-/d/d-id/1335864]]|Data_Leak AWS_S3 Malindo|
|2019.09.19|InfoSecurity Mag| → [[Lion Air Breach Hits Millions of Passengers|https://www.infosecurity-magazine.com/news/lion-air-breach-hits-millions-of/]]|Data_Leak AWS_S3 Malindo|
|2019.09.20|Information Security Newspaper| → [[Lion Air Group data breach: 35 million passenger data is leaked from AWS servers|https://www.securitynewspaper.com/2019/09/20/lion-air-group-data-breach-35-million-passenger-data-is-leaked-from-aws-servers/]]|Data_Leak AWS_S3 Malindo|
|2019.09.20|ZDnet| → [[AWS says servers secure following Malindo Air data breach|https://www.zdnet.com/article/aws-says-servers-secure-following-malindo-air-data-breach/]]|Data_Leak AWS_S3 Malindo|
|2019.09.17|//Tripwire//|![[Concerns and Challenges Towards an Effective Cloud Security|https://www.tripwire.com/state-of-security/security-data-protection/cloud/concerns-challenges-towards-effective-cloud-security/]]|Security_Posture|
|2019.09.17|//StackRox//|[[Why securing Kubernetes and containers can't come 'after the app'|https://siliconangle.com/2019/09/17/why-securing-kubernetes-and-containers-cant-come-after-the-app-sumoilluminate-startupoftheweek/]]|K8s|
|2019.09.17|//Alston & Bird//|[[Proposed Regulations Classifying Cloud Transactions and Digital Content Released|https://www.alston.com/en/insights/publications/2019/09/proposed-regulations-classifying-cloud]]|Regulations|
|2019.09.17|//CloudRanger//|[[Self-service Disaster Recovery for AWS environments|https://cloudranger.com/self-service-disaster-recovery-for-aws-environments/]]|AWS DRaaS|
|2019.09.17|//Rhino Security Labs//|[[Abusing VPC Traffic Mirroring in AWS|https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/]]|AWS|
|2019.09.17|//Microsoft Azure//|[[SAP on Azure Architecture - Designing for security|https://azure.microsoft.com/en-us/blog/sap-on-azure-architecture-designing-for-security/]]|Azure SAP|
|2019.09.17|//Microsoft Azure//|[[Announcing Azure Private Link|https://azure.microsoft.com/en-us/blog/announcing-azure-private-link/]]|Azure|
|2019.09.17|//NetSparker//|[[7 Crucial Components of Cyber Incident Recovery|https://www.netsparker.com/blog/web-security/incident-recovery/]]|Recovery|
|2019.09.17|//Caylent//|[[50+ Useful Kubernetes Tools|https://caylent.com/50-useful-kubernetes-tools]]|K8s Tools|
|2019.09.17|//Google Cloud//|[[How Google adopted BeyondCorp: Part 3 (tiered access)|https://security.googleblog.com/2019/09/how-google-adopted-beyondcorp-part-3.html]] (3/4)|Tiered_Access|
|2019.09.17|Nino Crudele|[[Advanced Security automation in Microsoft Azure|https://ninocrudele.com/advanced-security-automation-in-microsoft-azure]]|Azure Automation|
|2020.02.27|//Cloud Academy//|[[Cloud Migration Risks & Benefits|https://cloudacademy.com/blog/cloud-migration-benefits-risks/]]|Risks|
|>|>|>|!2019.09.16|
|2019.09.16|IT Expresso[>img[iCSF/flag_fr.png]]|![[CLOUD Act : pourquoi ça vous concerne|https://www.itespresso.fr/cloud-act-pourquoi-ca-vous-concerne-210997.html]]|CLOUD_Act|
|2019.09.16|ZDNet[>img[iCSF/flag_fr.png]]|[[Le cloud hybride, une approche intéressante pour la sécurité des données et de la continuité d'activité|https://www.zdnet.fr/actualites/le-cloud-hybride-une-approche-interessante-pour-la-securite-des-donnees-et-de-la-continuite-d-activite-39890677.htm]]|Hybrid_Cloud|
|2019.09.16|Gremlin|![[The 2017 Amazon S3 Outage|https://www.gremlin.com/blog/the-2017-amazon-s-3-outage/]]|AWS Outage Lessons_Learnt|
|2019.09.16|DZone|[[Getting Started With AWS Networking Services - Part 2|https://dzone.com/articles/getting-started-with-aws-networking-services-part]] (2/2)|AWS|
|2019.09.16|The Hacker News|[[How Cloud-Based Automation Can Keep Business Operations Secure|https://thehackernews.com/2019/09/how-cloud-based-automation-can-keep.html]]|M%isc|
|2019.09.16|NextGov|[[Agencies to Security Industry: Automate Cloud Compliance Faster|https://www.nextgov.com/ideas/2019/09/agencies-security-industry-automate-cloud-compliance-faster/159895/]]|Compliance|
|2019.09.16|VPNmentor|[[Report: Ecuadorian Breach Reveals Sensitive Personal Data|https://www.vpnmentor.com/blog/report-ecuador-leak/]]|DataLeak ElasticSearch Ecuador|
|2019.09.16|ZDNet| → [[Database leaks data on most of Ecuador's citizens, including 6.7 million children|https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/]]|DataLeak ElasticSearch Ecuador|
|2019.09.20|CyberSecurity Hub| → [[Incident Of The Week: Cloud Misconfiguration Exposes 20 Million Ecuador Citizen Records|https://www.cshub.com/data/articles/incident-of-the-week-cloud-misconfiguration-exposes-20-million-ecuador-citizen-records]]|DataLeak ElasticSearch Ecuador|
|2019.09.16|Dirk-jan Mollema|[[Azure AD privilege escalation - Taking over default application permissions as Application Admin|https://dirkjanm.io/azure-ad-privilege-escalation-application-admin/]]|AzureAD Exploit|
|2019.09.16|//PaloAlto Networks//|[[Top 10 Configuration Risks or Mistakes in Amazon Web Services (AWS) Deployment|https://pupuweb.com/configuration-risks-mistakes-aws/]]|AWS Risks Misconfigurations|
|2019.09.16|//AWS//|[[You all know why you should encrypt your cloud data - now learn where and how…|https://www.theregister.co.uk/2019/09/16/aws_encryption_webinar/]]|AWS Encryption|
|2019.09.16|//Google Cloud//|[[Anthos simplifies application modernization with managed service mesh and serverless for your hybrid cloud|https://cloud.google.com/blog/topics/hybrid-cloud/anthos-simplifies-application-modernization-with-managed-service-mesh-and-serverless-for-your-hybrid-cloud]]|GCP Anthos|
|2019.09.17|Container Journal| → [[Google Extends Scope of Anthos Cloud Platform|https://containerjournal.com/topics/container-management/google-extends-scope-of-anthos-cloud-platform/]]|GCP Anthos|
|2019.09.16|//Avanan//|[[5 Reasons Microsoft Safe Links Make Office 365 Less Safe|https://www.avanan.com/resources/microsoft-atp-safe-links]]|O365|
|2019.09.16|//Oracle Cloud//|[[Oracle Cloud Automates Security for Critical Workloads|https://www.prnewswire.com/news-releases/oracle-cloud-automates-security-for-critical-workloads-300918989.html]]|Oracle|
[>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]La [[Cloud Security Alliance]] a lancé la traduction de 3 outils majeurs dans 10 langues : allemand, danois, espagnol, italien, japonais, néerlandais, portugais, roumain, suédois, et ... français.
Il s'agit de feuilles Excel dans lesquelles il vous est demandé d'adapter les traductions ou de les commenter.
Pour chaque document, les 10 traductions sont dans un répertoire //Google Drive// dédié, et pour travailler sur la version française, il faut sélectionner le document commençant par "''FR-''"
Les 3 documents sont les suivants :
* "''Cloud Controls Matrix''" (CCM) : document "FR-CSA_CCM_v.3.0.1-09-01-2017_FINAL.xlsx"
: ⇒ ''[[CloudSecurityAlliance.fr/go/j99c/|https://cloudsecurityalliance.fr/go/j99c/]]''
* "''Consensus Assessments Initiative Questionnaire''" (CAIQ) : document "FR-CAIQ_v3.0.1-09-01-2017_FINAL.xlsx"
: ⇒ ''[[CloudSecurityAlliance.fr/go/j99q/|https://cloudsecurityalliance.fr/go/j99q/]]''
* "''Code of Conduct''" du "''Privacy Level Agreement''" (PLA CoC) : document "FR-CoC_GDPR_Annex_1_Compliance_Assessment_Template.xlsx"
: ⇒ ''[[CloudSecurityAlliance.fr/go/j99p/|https://cloudsecurityalliance.fr/go/j99p/]]''
La date limite initialement fixée au 2 octobre 2019 a été repoussée au ''25 octobre 2019''.
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Sidechains, beacon chains and why we shouldn't give up on Blockchain performance quite yet//"
[>img(150px,auto)[iCSA/J8QBO.png]]Article de blog publié le 18 septembre 2019 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA
<<<
//If you've been in IT you've probably learned one of the simple lessons:
* Scaling out is hard and can be expensive, but scaling up is easy and even more expensive. In simple terms if you can scale out you can keep costs down, ideally at a linear growth rate (e.g. handling twice as much web traffic by simply buying a second server).
* Scaling up is often easier, you want code to run twice as fast, simply get a computer that has a much faster CPU (both capability and clock rate wise), but scaling up quickly hits boundaries (like what's the fastest single system you can buy).
* What usually ends up happening is you try to identify as many spots as possible where you can turn serial operations into parallel operations, and do them not only on multiple systems, but at the same time.
__''Scaling for Blockchain''__
Blockchains are no different. The majority of current Blockchain technologies are sold as decentralized and massively parallel, and they are. But while most current Blockchain technologies create multiple blocks at the same time, only one block is picked or "wins consensus" at which point all the other work is thrown out, and a new block is started on (so not very efficient). Bitcoin is an extreme example with each block taking about 10 minutes to create. So despite having millions of systems mining for a valid Bitcoin it can only do a total of 1 block every 10 minutes (worse, this is a chosen value for a variety of economic reasons, in other words an arbitrary limitation that probably won't change much in the future). Even if you are mining large blocks to improve throughput this 10 minute creation time introduces a major amount of latency; payments that are processed on the main Bitcoin Blockchain take at least 10 minutes to clear and sometimes longer. Imagine trying to use a Bitcoin payment system at the supermarket and having to wait 10 or more minutes for the payment system to tell you if the payment went through or not before you can leave with your groceries. The technology and choices used by the Ethereum Blockchain are better, with blocks taking 10 to 19 seconds to create, but this is still a lot longer than most electronic payment systems take to process and approve a payment.
__''Using Side Chains (or shared chains)''__
[>img(50%,auto)[Ethereum 2.0 overall architecture. Original diagram by Hsiao-Wei Wang|iCSA/J9IBS.png]]The obvious solution is to not only allow for more parallel block creation but to pick more than one winner. There are a number of names for the various strategies here but they are often referred to as side chains or shard chains, or more technology specific names like Ethereum's "beacon chain" proposal. As you can see from the diagram below the beacon chain is a non trivial matter, if you want to understand it there are a number of good write ups on it.
So yet again we have a classic bad news/good news situation. The bad news is that the current Blockchain technology doesn't scale very well, typically has high latencies, and low throughput. The good news is that the fundamental concept of Blockchain (an immutable distributed ledger technology with distributed consensus mechanisms) is good, and people are working on the scaling, latency and throughput, and more.//
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/j9ib/]] sur le blog de la CSA
!Mise à jour de CAIQ en version 3.1
<<<
[>img(200px,auto)[iCSA/J9HBC.png]]//Cloud Security Alliance (CSA) would like to present the next version of the [[Consensus Assessments Initiative Questionnaire (CAIQ)]] v3.1.
The CAIQ offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM). Therefore, it helps cloud customers to gauge the security posture of prospective cloud service providers and determine if their cloud services are suitably secure.
CAIQ v3.1 represents a minor update to the previous CAIQ v3.0.1. In addition to improving the clarity and accuracy, it also supports better auditability of the CCM controls. The new updated version aims to not only correct errors but also appropriately align and improve the semantics of unclear questions for corresponding CCM v3.0.1 controls. In total, 49 new questions were added, and 25 existing ones were revised.
For this new CAIQ version, CSA took into account the combined comprehensive feedback that was collected over the years from its partners, the industry and the [[CCM working group|https://cloudsecurityalliance.org/research/working-groups/cloud-controls-matrix/]].//
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/j9hc/]] sur le blog de la CSA.
⇒ [[Consensus Assessments Initiative Questionnaire (CAIQ) v3.1|https://CloudSecurityAlliance.fr/go/j9hq/]]
!"//Consensus Assessment Initiative Questionnaire (CAIQ) v3.1'//"
<<<
[>img(200px,auto)[iCSA/J9HBC.png]]//The Consensus Assessment Initiative Questionnaire (CAIQ) provides industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency. It helps cloud customers gauge the security posture of prospective cloud service providers to determine if their cloud services are suitably secure.
The CAIQ v3.1 is an update to the existing CAIQ that fixes errors, non-alignment or unclear questions. To participate in this review, please review ONLY questions in Column E. Let us know if they continue to be unclear, incorrect or align poorly with the corresponding CCM control.
We are not accepting suggestions for completely new questions.//
<<<
⇒ ''[[CloudSecurityAlliance.fr/go/j9hq/|https://CloudSecurityAlliance.fr/go/j9hq/]]
!//Best Practices in Implementing a Secure Microservices Architecture//[>img(100px,auto)[iCSA/CSAdoc.png]]
Un appel à commentaires dont la date de clôture est le ''16 octobre 2019'' : "''Best Practices in Implementing a Secure Microservices Architecture''".
<<<
//Application containers and a microservices architecture are being used to design, develop, and deploy applications leveraging agile software development approaches such as Development Operations. Security needs to be embedded into these software development approaches. This document serves to identify best practices in securing microservices in the engineering of trustworthy secure systems through the lens of the Developer, Operator, and Architect.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j9gb/|https://cloudsecurityalliance.fr/go/j9gb/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!!1 - Informations CSA de la semaine du 9 au 15 septembre 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Actu : Demande de ''validation de la traduction en français'' de 3 documents documents CSA : ''Cloud Controls Matrix'' (''CCM'')+++*[»]> <<tiddler [[2019.09.09 - Traduction de la 'Cloud Controls Matrix' (CCM)]]>>===, ''Consensus Assessments Initiative Questionnaire'' (''CAIQ'')+++*[»]> <<tiddler [[2019.09.09 - Traduction du 'Consensus Assessments Initiative Questionnaire' (CAIQ)]]>>===, et ''Code of Conduct'' du ''Privacy Level Agreement'' (''PLA CoC'')+++*[»]> <<tiddler [[2019.09.09 - Traduction du 'Code of Conduct' du 'Privacy Level Agreement' (PLA CoC)]]>>===
* Blog : ''Egregious 11 Meta-Analysis Part 3: Weak Control Plane and DoS''+++*[»]> <<tiddler [[2019.09.12 - Blog : 'Egregious 11 Meta-Analysis Part 3: Weak Control Plane and DoS']]>>===
* Blog : article "''Open API Survey Report''"+++*[»]> <<tiddler [[2019.09.11 - Blog : 'Open API Survey Report']]>>===
* Publ : document "''Gap Analysis Report on Mapping CSA's Cloud Controls Matrix to 'Guideline on Effectively Managing Security Service in the Cloud'''"+++*[»]> <<tiddler [[2019.09.05 - Publication : Gap Analysis Report on Mapping CSA's Cloud Controls Matrix to 'Guideline on Effectively Managing Security Service in the Cloud']]>>===
* Publ : document "''Mapping of 'The Guidelines' Security Recommendations to CCM''"+++*[»]> <<tiddler [[2019.09.05 - Publication : Mapping of 'The Guidelines' Security Recommendations to CCM]]>>===
* Actu : Les formations lors du ''Congrès CSA EMEA'' en Novembre à Berlin+++*[»]> <<tiddler [[2019.09.12 - Les formations lors du Congrès CSA EMEA en Novembre à Berlin]]>>===
* Actu : Le ''CCSK'' est une certification reconnue par le Ministère des Anciens Combattants américain+++*[»]> <<tiddler [[2019.09.10 - Le CCSK est une certification reconnue par le Ministère des Anciens Combattants américain]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.09.15 - Veille Hebdomadaire - 15 septembre]] avec une quarantaine de liens :
* __''À lire'' :__ Thèse professionnelle du Mastere Spécialisé ISEP "Expert Cloud Computing"+++*[»]> <<tiddler [[Partenariats - ISEP-FC - Masteres Spécialisés]]>>=== sur la commercialisation des données dans le Cloud (//Nuageo//)+++*[»]>
|2019.09.12|//Nuageo//|[[Vos données, leur valeur et le bon Cloud pour les vendre|https://www.nuageo.fr/2019/09/donnees-valeur-cloud-vendre/]]|Data Management|
|2019.09.12|ISEP| → Thèse [[Le Cloud Computing peut-il aider l'entreprise à commercialiser ses données ?|https://formation-continue.isep.fr/theses-professionnelles/]] dans le cadre du [[Mastere Spécialisé ISEP 'Expert Cloud Computing'|Partenariats - ISEP-FC - Masteres Spécialisés]]|Data Management|
===
* __Pannes__ : ''Box''
* Rapports et sondages : Publication par l'''OWASP'' du draft "''API Security Top 10''"+++*[»]>
|2019.09.13|OWASP|[[API Security Top 10 Release Candidate is Here!|https://www.owasp.org/index.php/OWASP_API_Security_Project]] ([[document PDF|https://www.owasp.org/images/5/59/API_Security_Top_10_RC.pdf]])|APIs|
|2019.09.12|Dark Reading| → [[APIs Get Their Own Top 10 Security List|https://www.darkreading.com/application-security/apis-get-their-own-top-10-security-list/d/d-id/1335786]]|APIs|
===
* __Divers__ : Brexit+++*[»]>
|2019.09.12|The Register|![[Cloud, internet biz will take a Yellowhammer to the head in 'worst case' no-deal Brexit|https://www.theregister.co.uk/2019/09/12/cloud_providers_yellowhammer_brexit/]] (rapport [[YellowHammer|https://regmedia.co.uk/2019/09/11/latest_yellowhammer_planning.pdf]])|Brexit|
===, bonnes pratiques de sécurisation Cloud (//CyberArk//+++*[»]>
|2019.09.12|//CyberArk//|![[Best Practices for Securing Cloud-Based Applications and Infrastructure|https://www.cyberark.com/blog/best-practices-for-securing-cloud-based-applications-and-infrastructure/]]|Best_Practices|
===), réflexions sur la sécurité d'Office 365 (//Fox-IT//+++*[»]>
|2019.09.11|//Fox IT//|![[Office 365: prone to security breaches?|https://blog.fox-it.com/2019/09/11/office-365-prone-to-security-breaches/]]|O365 Risks Detection|
===), CCAT (outil de sécurisation de containers+++*[»]>
|2019.09.09|The Daily Swig|[[Open source tool helps test security of cloud containers|https://portswigger.net/daily-swig/open-source-tool-helps-test-security-of-cloud-containers]]|[[Tools|Outils-GitHub]] CCAT|
|[[Cloud Container Attack Tool (CCAT)|https://github.com/RhinoSecurityLabs/ccat]]|[[RhinoSecurity|https://rhinosecuritylabs.com/]]|Tool for testing security of container environment|
===)
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.09.15|
|2019.09.15|Christophe Parisel|[[Data exfiltration from AWS and Azure PaaS|https://www.linkedin.com/pulse/data-exfiltration-from-aws-azure-paas-christophe-parisel/]]|Exfiltration AWS Azure|
|>|>|>|!2019.09.14|
|2019.09.14|Global Security Mag[>img[iCSF/flag_fr.png]]|[[Club de la Presse Informatique B2B : Le Cloud plus sécurisé que le fait maison !|http://www.globalsecuritymag.fr/Club-de-la-Presse-Informatique-B2B,20190911,90599.html]]|Trends|
|>|>|>|!2019.09.13|
|2019.09.13|OWASP|[[API Security Top 10 Release Candidate is Here!|https://www.owasp.org/index.php/OWASP_API_Security_Project]] ([[document PDF|https://www.owasp.org/images/5/59/API_Security_Top_10_RC.pdf]])|APIs|
|2019.09.12|Dark Reading| → [[APIs Get Their Own Top 10 Security List|https://www.darkreading.com/application-security/apis-get-their-own-top-10-security-list/d/d-id/1335786]]|APIs|
|2019.09.13|Help Net Security|[[The rise of modern applications, DevSecOps and the intelligence economy|https://www.helpnetsecurity.com/2019/09/13/multi-cloud-adoption-growth/]]|Report Sumo_Logic|
|2019.09.13|//CCSI//|[[Expert Opinion on Avoiding Common Cloud Protection Pitfalls|https://www.ccsinet.com/blog/avoiding-cloud-pitfalls/]]|Recommendations|
|2019.09.13|//MalwareBytes//|[[Hacking with AWS: incorporating leaky buckets into your OSINT workflow|https://blog.malwarebytes.com/researchers-corner/2019/09/hacking-with-aws-incorporating-leaky-buckets-osint-workflow/]]|OSINT AWS|
|2019.09.13|//VMblog//|[[Top 7 Cloud Computing Security Threats|https://vmblog.com/archive/2019/09/13/top-7-cloud-computing-security-threats.aspx]]|Threats|
|>|>|>|!2019.09.12|
|2019.09.12|The Register|![[Cloud, internet biz will take a Yellowhammer to the head in 'worst case' no-deal Brexit|https://www.theregister.co.uk/2019/09/12/cloud_providers_yellowhammer_brexit/]] (rapport [[YellowHammer|https://regmedia.co.uk/2019/09/11/latest_yellowhammer_planning.pdf]])|Brexit|
|2019.09.12|Network World|[[IBM z15 mainframe, amps-up cloud, security features|https://www.networkworld.com/article/3438542/ibm-z15-mainframe-amps-up-cloud-security-features.html]]|Mainframes|
|2019.09.12|//Nuageo//[>img[iCSF/flag_fr.png]]|[[Vos données, leur valeur et le bon Cloud pour les vendre|https://www.nuageo.fr/2019/09/donnees-valeur-cloud-vendre/]]|Data Management|
|~|ISEP|Thèse [[Le Cloud Computing peut-il aider l'entreprise à commercialiser ses données ?|https://formation-continue.isep.fr/theses-professionnelles/]] dans le cadre du [[Mastere Spécialisé ISEP 'Expert Cloud Computing'|Partenariats - ISEP-FC - Masteres Spécialisés]]|~|
|2019.09.12|//Managed Methods//|[[8 Business Challenges A CASB Solves|https://managedmethods.com/blog/casb-solves-business-challenges/]]|CASB|
|2019.09.12|//Google Cloud//|[[Catch web app vulnerabilities before they hit production with Cloud Web Security Scanner|https://cloud.google.com/blog/products/identity-security/catch-web-app-vulnerabilities-before-they-hit-production-with-cloud-web-security-scanner]] (2/6)|[[Tools|GitHub-Tools]]|
|2019.09.11|//Google Cloud//| → [[How to use Cloud Security Scanner - Getting Started with Cloud Security Command Center (vidéo)|https://www.youtube.com/watch?v=goJ_G2ygdSA]]|[[Tools|GitHub-Tools]]|
|2019.09.12|//Box//|[[Incident Report for Box|https://status.box.com/incidents/fhx3xs37vvgf?u=bdr8lqbn0f1q]]|Outage Box|
|2019.09.12|//CyberArk//|![[Best Practices for Securing Cloud-Based Applications and Infrastructure|https://www.cyberark.com/blog/best-practices-for-securing-cloud-based-applications-and-infrastructure/]]|Best_Practices|
|2019.09.12|//CloudCheckr//|[[Government Cloud Services vs. Agency Data Centers|https://cloudcheckr.com/uncategorized/government-cloud-services-vs-data-centers/]]|Government|
|2019.09.12|//Microsoft//|[[Cloud backup and recovery for the Microsoft Authenticator app on Android now available |https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Cloud-backup-and-recovery-for-the-Microsoft-Authenticator-app-on/ba-p/566369]]|Microsoft Authentication|
|2019.09.12|ZDnet| → [[Microsoft Authenticator on Android gets cloud backup and recovery|https://www.zdnet.com/article/microsoft-authenticator-on-android-gets-cloud-backup-and-recovery/]]|Microsoft Authentication|
|2019.09.12|//Imperva//|[[APIs Ease Customer Interaction - and External Attacks. Here's how to Protect Them|https://www.imperva.com/blog/apis-ease-customer-interaction-and-external-attacks-heres-how-to-protect-them/]]|APIs|
|2019.09.12|//AppSecCo//|[[Presenting a modern cloud based vulnerable Android app - VyAPI|https://blog.appsecco.com/vyapi-the-modern-cloud-based-vulnerable-hybrid-android-app-ee300a9d60ed]]|[[Tools|Outils-GitHub]]|
|2019.09.12|//AppSecCo//|[[The Story of how I made a vulnerable Android App VyAPI|https://blog.appsecco.com/vyapi-the-story-of-a-vulnerable-hybrid-android-app-aee44f6d1f2d]]|[[Tools|Outils-GitHub]]Misc.|
|2019.09.12|//Rancher Labs//|[[Your Guide to Container Security|https://rancher.com/complete-guide-container-security/]]|Containers|
|2019.09.12|Nino Crudele|[[HACKAZURE - How To - Global scan of all public IP addresses on Azure|https://ninocrudele.com/hackazure-how-to-global-scan-of-all-public-ip-addresses-on-azure]]|Azure Scanning|
|2019.09.12|Nino Crudele|[[HACKAZURE - Azure Bastion - What you need to know|https://ninocrudele.com/hackazure-azure-bastion-what-you-need-to-know]]|Azure Bastion|
|>|>|>|!2019.09.11|
|2019.09.11|L'Informaticien[>img[iCSF/flag_fr.png]]|![[Le Cloud Made in France|https://www.linformaticien.com/dossiers/le-cloud-made-in-france.aspx]]|France|
|2019.09.11|Place de l'IT[>img[iCSF/flag_fr.png]]|[[Alain Bouillé, Cesin: "Le multi-cloud au cœur des préoccupations de cybersécurité"|https://placedelit.com/interview-alain-bouille-cesin-multi-cloud-cybersecurite/]]|Multi_Cloud|
|2019.09.11|VMblog|[[Benefits and Challenges of a Cloud Digital Asset Management Infrastructure|https://vmblog.com/archive/2019/09/11/benefits-and-challenges-of-a-cloud-digital-asset-management-infrastructure.aspx]]|Asset_Management|
|2019.09.09|Bleeping Computer|[[Microsoft to Improve Office 365 Phishing Email Notifications|https://www.bleepingcomputer.com/news/security/microsoft-to-improve-office-365-phishing-email-notifications/]]|O365 Phishing|
|2019.09.11|Cloud Native Computing Foundation|[[Kubernetes IoT Edge WG: Identifying Security Issues at the Edge|https://www.cncf.io/blog/2019/09/11/kubernetes-iot-edge-wg-identifying-security-issues-at-the-edge/]]|K8s IoT|
|2019.09.11|CBR Online|[[Slack Rolls Out European Data Residency|https://www.cbronline.com/news/slack-european-data-residency]]|Slack GDPR|
|2019.09.11|//Fox IT//|![[Office 365: prone to security breaches?|https://blog.fox-it.com/2019/09/11/office-365-prone-to-security-breaches/]]|O365 Risks Detection|
|2019.09.11|//Park My Cloud//|[[How Much Do the Differences Between Cloud Providers Actually Matter?|https://www.parkmycloud.com/blog/cloud-providers/]]|Misc|
|2019.09.11|//Menlo Security//|[[Internet Isolation Cloud: Introducing a New Paradigm|https://www.menlosecurity.com/blog/internet-isolation-cloud-introducing-a-new-paradigm]]|Isolation|
|2019.09.11|//Tuffin//|[[Restoring the balance between agility and security in the cloud|https://www.itproportal.com/features/restoring-the-balance-between-agility-and-security-in-the-cloud/]]|Recommendations|
|2019.09.11|//Rancher Labs//|[[DevOps and Containers, On-Prem or in the Cloud|https://rancher.com/devops-containers-prem-cloud/]]|DevSecOps Containers|
|2019.09.11|//Rancher Labs//|![[Container Security Tools Breakdown|https://rancher.com/container-security-tools-breakdown/]] (mise à jour)|Containers Tools|
|2019.09.11|//Rancher Labs//|[[Introduction to Container Security|https://rancher.com/blog/2018/2018-09-12-introduction-to-container-security-1/]]|Containers|
|2019.09.11|//Rancher Labs//|[[Comparing 10 Docker Container Monitoring Solutions for Rancher|https://rancher.com/comparing-10-container-monitoring-solutions-rancher/]]|Containers Monitoring|
|2019.09.11|//Rancher Labs//|[[What is a CaaS? Containers as a Service, Defined|https://rancher.com/caas-containers-service-defined/]] (mise à jour)|Containers|
|2019.09.11|//Rancher Labs//|[[An Introduction to Containers|https://rancher.com/blog/2019/an-introduction-to-containers/]] (mise à jour)|Containers|
|2019.09.11|//Rancher Labs//|![[101 More Security Best Practices for Kubernetes|https://rancher.com/blog/2019/2019-01-17-101-more-kubernetes-security-best-practices/]]|K8s Best_Practices|
|2019.09.11|//Rancher Labs//|[[Kubernetes vs Docker Swarm: Comparison of Two Container Orchestration Tools|https://rancher.com/blog/2019/kuberntes-versus-docker-swarm/]] (mise à jour)|Orchestration Kubernetes Docker_Swarm|
|2019.09.11|//Rancher Labs//|[[Containers vs. Serverless Computing|https://rancher.com/containers-vs-serverless-computing/]] (mise à jour)|Containers Serveless|
|2019.09.11|//Rancher Labs//|[[The Similarities and Differences Between Windows and Linux Containers|https://rancher.com/the-similarities-and-differences-between-windows-and-linux-containers/]] (mise à jour)|Containers|
|2019.09.11|//Rancher Labs//|[[Playing Catch-up with Docker and Containers|https://rancher.com/playing-catch-docker-containers/]] (mise à jour)|Docker Containers|
|>|>|>|!2019.09.10|
|2019.09.10|DZone|[[Getting Started With AWS Networking Services - Part 1|https://dzone.com/articles/understanding-aws-networking]] (1/2)|AWS|
|2019.09.10|ZDnet|[[Microsoft: Office 365 gets automated response to phishing, nasty links, malware|https://www.zdnet.com/article/microsoft-office-365-gets-automated-response-to-phishing-nasty-links-malware/]]|O365 ATP|
|2019.09.10|Security Boulevard|[[How Security Can Lead in Cloud-Dependent Business Innovation|https://securityboulevard.com/2019/09/how-security-can-lead-in-cloud-dependent-business-innovation/]]|Misc|
|2019.09.10|Container Journal|[[Kubernetes in the Enterprise: A Primer|https://containerjournal.com/topics/container-ecosystems/kubernetes-in-the-enterprise-a-primer/]]|K8s|
|2019.09.10|Help Net Security|[[Office 365 security: Automated incident response based on playbooks|https://www.helpnetsecurity.com/2019/09/10/office-365-incident-response/]]|O365 Incident_Response|
|2019.09.10|NextGov|[[DISA is Merging Its Cyber Operations Into a Single Cloud-Based Platform|https://www.nextgov.com/cybersecurity/2019/09/disa-merging-its-cyber-operations-single-cloud-based-platform/159739/]]|Government|
|2019.09.10|SANS|[[How to Build a Threat Detection Strategy in Amazon Web Services (AWS)|https://www.sans.org/reading-room/whitepapers/analyst/build-threat-detection-strategy-amazon-web-services-aws-39155]]|AWS Detection|
|2019.09.10|//Microsoft//|[[Monitoring on Azure HDInsight part 4: Workload metrics and logs|https://azure.microsoft.com/en-us/blog/monitoring-on-azure-hdinsight-part-4-workload-metrics-and-logs/]] (4/4)|Azure Monitoring|
|2019.09.10|//Thales Security//|[[What will be your decisive moment to secure your cloud applications in a Zero Trust world?|https://blog.thalesesecurity.com/2019/09/10/what-will-be-your-decisive-moment-to-secure-your-cloud-applications-in-a-zero-trust-world/]]|Zero_Trust|
|2019.09.10|//CyberSecurity Help//|[[Command injection in Docker (CVE-2019-13139)|https://www.cybersecurity-help.cz/vdb/SB2019091002]]|CVE-2019-13139|
|2019.09.10|//Netwrix//|[[70% of educational orgs don't have an appropriate cloud security budget|https://www.helpnetsecurity.com/2019/09/10/education-cloud-security-budget/]]Report Netwrix|
|2019.09.10|//ManagedMethods//|[[5 Cloud Application Security Best Practices|https://managedmethods.com/blog/cloud-application-security-best-practices/]]|Best_Practices|
|2019.09.09|//BitDefender//|[[Top Inherent Risks with Cloud Security|https://businessinsights.bitdefender.com/top-risks-inherent-with-cloud-security]]|Risks|
|2019.09.10|//DivvyCloud//|[[Remediating Misconfigurations to Keep Your Cloud Out of the News|https://divvycloud.com/blog/remediating-misconfigurations-keeping-your-cloud-out-of-news/]]|Misconfigurations|
|2019.09.10|//Outpost24//|[[Cloud security: an inconvenient truth about IT transformation|https://outpost24.com/blog/Cloud-security-an-inconvenient-truth-about-IT-transformation]]|Misc|
|2019.09.10|//Security Intelligence//|[[Podcast: Cloud Security and the Road to Transformation|https://securityintelligence.com/media/podcast-cloud-security-and-the-road-to-transformation/]] ([[audio|https://soundcloud.com/securityintelligence/cloud-security-and-the-road-to-transformation]])|Misc|
|2019.09.10|//HiveMQ//|[[Role Based Access Control to Secure an MQTT Broker|https://www.hivemq.com/blog/rbac-for-the-control-center-with-ese/]]|MQTT|
|2019.09.10|//Insight France//[>img[iCSF/flag_fr.png]]|[[Le cloud est perçu comme un atout pour la sécurité|https://www.informatiquenews.fr/le-cloud-est-percu-comme-un-atout-pour-la-securitedaniel-gonzalez-insight-france-63273]]|Misc|
|2019.09.10|//Rubrik//|[[Backup as a platform busts a move in multicloud, ransomware and GDPR|https://siliconangle.com/2019/09/10/backup-as-a-platform-busts-multicloud-ransomware-gdpr-moves-vmworld-startupoftheweek/]]|Backup GDPR|
|2019.09.10|//McAfee//|[[Modernizing FedRAMP is Essential to Enhanced Cloud Security|https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/modernizing-fedramp-is-essential-to-enhanced-cloud-security/]]|Regulations FedRAMP|
|2019.09.10|//Shared Assessments//|[[What 'Virtual' Means When Conducting Assessments|https://sharedassessments.org/what-virtual-means-when-conducting-assessments/]]|Misc|
|2019.09.10|SANS|[[How to Build a Threat Detection Strategy in Amazon Web Services (AWS)|https://www.sans.org/reading-room/whitepapers/analyst/build-threat-detection-strategy-amazon-web-services-aws-39155]]|Analysis Misc.|
|>|>|>|!2019.09.09|
|2019.09.09|The Daily Swig|[[Open source tool helps test security of cloud containers|https://portswigger.net/daily-swig/open-source-tool-helps-test-security-of-cloud-containers]]|[[Tools|Outils-GitHub]] CCAT|
|2019.09.09|Insider Pro|[[Cloud security: Inside the shared responsibility model|https://www.idginsiderpro.com/article/3437042/cloud-security-inside-the-shared-responsibility-model.html]]|Shared_Responsibility CapitalOne|
|2019.09.09|Silicon Angle|[[Google Cloud gets rootkit-resistant Kubernetes nodes, better SAP support|https://siliconangle.com/2019/09/09/google-cloud-gets-rootkit-resistant-kubernetes-nodes-better-sap-support/]]|GCP Kubernetes|
|2019.09.09|Medium|[[Cyber Range v2–09.06.2019|https://medium.com/aws-cyber-range/cyber-range-v2-09-06-2019-1e128f48e2c5]]|Exercise Tools|
|2019.09.09|//Microsoft//|[[Automated incident response in Office 365 ATP now generally available|https://www.microsoft.com/security/blog/2019/09/09/automated-incident-response-office-365-atp-now-generally-available/]]|O365 Advanced_Threat_Protection|
|2019.09.09|Bleeping Computer| → [[Office 365 ATP Automated Incident Response Now Generally Available|https://www.bleepingcomputer.com/news/microsoft/office-365-atp-automated-incident-response-now-generally-available/]]|O365 Advanced_Threat_Protection|
|2019.09.09|Security Week| → [[Microsoft Makes Automated Incident Response in Office 365 ATP Generally Available|https://www.securityweek.com/microsoft-makes-automated-incident-response-office-365-atp-generally-available]]|O365 Advanced_Threat_Protection|
|2019.09.09|//Synopsys//|[[Ask the experts: What's the top security risk during cloud migration?|https://www.synopsys.com/blogs/software-security/top-cloud-security-risks/]]|Risks|
|2019.09.09|//Alibaba Cloud//|[[Kubernetes Eviction Policies for Handling Low RAM and Disk Space Situations - Part 1|https://medium.com/@Alibaba_Cloud/kubernetes-eviction-policies-for-handling-low-ram-and-disk-space-situations-part-1-1a2068d7e856]] (1/2)|K8s|
|2019.09.09|//Alibaba Cloud//|[[Kubernetes Eviction Policies for Handling Low RAM and Disk Space Situations - Part 2|https://medium.com/@Alibaba_Cloud/kubernetes-eviction-policies-for-handling-low-ram-and-disk-space-situations-part-2-d63596aec9d2]] (2/2)|K8s|
|2019.09.09|//Mobiquity//|[[The Call for Continuous Security|https://www.mobiquity.com/resources/the-call-for-continuous-security]]|Misc|
|2019.09.09|//D2SI//[>img[iCSF/flag_fr.png]]|[[Sécurité sur le Cloud : quelle politique de conformité et de remédiation ?|https://blog.d2si.io/2019/09/09/securite-cloud-conformite/]]|Compliance|
|2019.09.09|//Bitglass//|[[The Four Pillars of CASB: Threat Protection|https://www.bitglass.com/blog/four-pillars-casb-threat-protection]]|CASB|
|2019.09.09|//DivvyCloud//|[[Remediating Misconfigurations to Keep Your Cloud Out of the News|https://divvycloud.com/blog/remediating-misconfigurations-keeping-your-cloud-out-of-news/]]|Misconfigurations|
|2019.09.09|//Microsoft//|![[Manage emergency access accounts in Azure AD|https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-emergency-access]]|AzureAD Mitigation|
|2019.10.21|//Microsoft//|[[About Site Recovery|https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview]]|Azure DRP|
!"Cloud Security Alliance EMEA Congress 2019 to Host Career-Advancing Cloud Security and Privacy Training Opportunities"
<<<
[>img(auto,100px)[iCSA/J91GCLACT.png]][>img(auto,100px)[iCSA/J91GDPRTrain.png]][>img(auto,100px)[iCSA/J73CCSK.png]]//Attendees can take advantage of top-ranked courses on CCSK Foundation, GDPR Lead Auditor, and Cloud Governance and Compliance Training
Berlin, Germany - Sept. 12, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, is pleased to offer three exclusive training opportunities at CSA EMEA Congress (Berlin, Nov. 18-21, 2019). Attendees interested in furthering their cloud and information security careers by becoming a GDPR lead auditor, deepening their understanding of CSA's Cloud Control Matrix (CCM), or preparing to take the Certificate of Cloud Security Knowledge (CCSK) exam can take advantage of some of the industry's highest-rated training courses while attending the conference.
"It's imperative that cloud security practitioners stay current on the latest threats and accordingly, the most sophisticated ways in which to guard against them," said Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance. "CSA's training courses are among the industry's best - in fact, CRN recently rated the CCSK as among the seven must-have cloud security certificates+++*[»]> https://www.crn.com/slide-shows/cloud/7-must-have-cloud-security-certifications-in-2019/3 ===. This year's CSA Congress EMEA affords those looking to advance their knowledge of cloud security with two excellent training opportunities, while those interested in qualifying to audit against the CSA PLA Code of Practice can take a deep dive."
* ''CCSK Foundation Training''+++*[»]> https://cloudsecurityalliance.org/education/ccsk/ === (Nov. 18) (€870)
** This class provides students a comprehensive 1-day review of cloud security fundamentals and prepares them to take the CCSK exam. Starting with a detailed description of cloud computing, the course covers all major domains in CSA's "Security Guidance for Critical Areas of Focus in Cloud Computing v4.0"+++*[»]> https://cloudsecurityalliance.org/guidance/ === and the recommendations from the European Network and Information Security Agency. This class is geared toward security professionals but is also useful for anyone looking to expand their knowledge of cloud security. The class fee includes the cost of the exam voucher, a €357.26 (US$395) value.
* ''Cloud Governance & Compliance Training''+++*[»]> https://knowledge.cloudsecurityalliance.org/cloud-governance-compliance=== (Nov. 19) (€785)
** The "Cloud Governance & Compliance" (CGC) training is a 1-day course on tools and mechanisms for governance and compliance and has a specific focus on the CSA Cloud Control Matrix, CSA's cloud security control framework. The CCM is specifically designed to provide fundamental security principles that guide cloud service vendors toward the most secure practices and to assist prospective cloud customers in assessing the overall security posture of cloud providers.
* ''GDPR Lead Auditor Training Course'' (Nov. 18-19) (€2,000).
** This training is specifically designed to instruct and certify internal and third-party auditors on how to audit against the requirements of the "CSA PLA Code of Practice"+++*[»]> https://gdpr.cloudsecurityalliance.org/resource/csa-code-of-conduct-for-gdpr-compliance/ ===, the CSA technical specification for GDPR compliance, and its related certification and code of conduct (CoC). Among the areas covered are:
*** __GDPR Fundamentals and CSA CoC:__ Objectives, Scope and Methodology
*** __CoC Controls 1-5:__ CSP declaration of compliance & accountability, CSP relevant contacts, ways in which data will be processed, recordkeeping and data transfer
*** __CoC Controls 6-10:__ data security, monitoring, personal data breach, data portability & migration, and restriction of processing
*** __CoC Controls 11-15:__ data retention/restitution/deletion, cooperation with the cloud customers, legally required disclosure, remedy for cloud customers and CSP insurance policy
*** __CoC Governance and Adherence Mechanisms__
//[img(25%,1px)[iCSF/BluePixel.gif]]
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j9cc/|https://CloudSecurityAlliance.fr/go/j9cc/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Egregious 11 Meta-Analysis Part 3: Weak Control Plane and DoS//"
[>img(200px,auto)[iCSA/J9SBE.jpg]]Troisième article de la série, publié le 12 septembre 2019 — Rédigé par Victor Chin, Research Analyst, CSA
<<<
//This is the ''third'' blog post in the series where we analyze the security issues in the new iteration of the Top Threats to Cloud Computing report. Each blog post features a security issue that is being perceived as less relevant and one that is being perceived as more relevant.
In this report, we found that traditional cloud security issues stemming from concerns about having a third-party provider are being perceived as less relevant. While more nuanced issues specific to cloud environments are being perceived as more problematic. With this in mind, we will be examining Shared Technology Vulnerabilities and Limited Cloud Usage Visibility further.
Please note that the Top Threats to Cloud Computing reports are not meant to be the definitive list of security issues in the cloud. Rather, the studies measures what industry experts perceive the key security issues to be.
__''Weak Control Plane''__
Weak control plane featured at the 8th position in the latest iteration of the Top Threats to Cloud Computing report. A weak cloud control plane refers to when a cloud service does not provide adequate or sufficient security controls to meet the security requirements of the customer. One example of a weak control plane is the lack of two-factor authentication and the ability to enforce its usage. Like the other debuting security issues, a weak control plane is something that a customer might only realize after they have migrated to the cloud.
__A key difference between traditional IT and Cloud__
A key difference between traditional IT and cloud service applications that might help explain why weak control planes are becoming a problem in cloud services. In traditional IT environments, customer-controlled applications and their security features were designed with the customer as the main user. The application is hosted on the customer's infrastructure and configured by the customer. The customer has full visibility and control over the application and is thus also responsible for its security. The main role of the IT provider would be to continually provide patches or updates to the application to ensure that bugs and vulnerabilities are fixed.
The situation for cloud services is different because the cloud service is never fully 'shipped off' to the customer. The cloud service will always be hosted by the cloud service provider. Hence, they not only have to design a suite of security controls in the cloud service that is useable by their customers. They also have to consider the security mechanism and features that protect the cloud service and the virtual infrastructure that hosts it. Furthermore, due to the nature of cloud services, customers generally cannot use their security tools or technologies to augment the cloud service (i.e. filtering incoming network traffic). Both sets of security controls must meet the security, regulatory and compliance requirements of their various customers. With increasingly more enterprises adopting a 'cloud-first' policy, cloud service providers are faced with the situation of satisfying various technical security requirements of their many customers. Hence, it is not surprising that some enterprises might find the current security controls inadequate for their business needs.
__Fulfilling regulatory and security requirements__
To sidestep such issues, prospective customers have to do their due diligence when considering cloud migration. Customers have to ensure that the cloud services they wish to use can fulfill their regulatory and security requirements. Prospective cloud customers can use the Cloud Security Alliance's Consensus Assessment Initiative Questionnaire (CAIQ)[2] to that end. The CAIQ is aligned with the Cloud Controls Matrix (CCM) and helps document what security controls exist in IaaS, PaaS and SaaS offerings, providing security control transparency. Furthermore, after cloud migration, customers should continue to monitor their regulatory and compliance landscape and communicate any changes to the cloud service providers. Having an open communication channel helps ensure that cloud service providers can make timely changes to the cloud service to align with changing customer security, compliance, and regulatory requirements.
__''Denial of Service''__
Denial of Service was rated 8th and then 11th in the last two iterations of the Top Threats report. In the latest Egregious 11 report, Denial of Service has dropped off the list. Denial of Service can take many forms. It can refer to a network attack such as a Distributed Denial of Service (DDoS) attack or system failure caused by a system administrator.
Denial of Service (like many other security issues that have dropped off the list), is a security concern stemming from the fact that cloud services are a form of third-party in nature. In the early days of cloud computing, it was natural that enterprises were concerned about service availability when considering cloud migration. These enterprises had valid concerns about the cloud service providers' network bandwidth as well as their compute and storage capacities. However, over the years, cloud service providers have significantly invested in their infrastructure and now have almost unrivaled bandwidth and processing capabilities. At the same time, cloud service providers have built sophisticated DDoS protection for their customers. For example, Amazon Web Services (AWS) has AWS Shield[3], Microsoft Azure as Azure DDoS Protection[4] and Google Cloud Platform (GCP) has Google Cloud Armor[5].
In spite of all the infrastructure investment and the tools available to help customers mitigate DDoS attacks, other forms of denial of service can still happen. These denial of service incidents are often not malicious but rather occur due to mistakes by the cloud service provider. For example, in May 2019, Microsoft Azure and Office 365 experienced a three-hour outage due to a DNS configuration blunder[6]. Unfortunately, no amount of infrastructure investment or tools can prevent such incidents from happening. Customers have to realize that by migrating to the cloud, they are relishing full control of certain aspects of their IT. They have to trust that the cloud service provider has put in place the necessary precautions to reduce, as much as possible, the occurrence of such incidents.//
[...]
[1] https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-egregious-eleven
[2] https://cloudsecurityalliance.org/artifacts/consensus-assessments-initiative-questionnaire-v3-0-1/
[3] https://aws.amazon.com/shield/
[4] https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview
[5] https://cloud.google.com/armor/
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/j9ce/]] sur le blog de la CSA
!"//Open API Survey Report//"
[>img(200px,auto)[iCSA/J9BBO.jpg]]Publié le 11 septembre 2019 — Rédigé par l'__Open API CSA Working Group__
<<<
//Cloud Security Alliance completed its first-ever Open API Survey Report, in an effort to see exactly where the industry stood on the knowledge surrounding Open APIs as well as how business professionals and consumers were utilizing them day to day. The key traits taken from the survey will be noted within this blog post to give the reader an idea of our current state of Open API knowledge and function. Moving forward, source code for security and open platforms has become increasingly shareable. As source code becomes more shareable between companies, it is giving way to new and robust manners which can be leveraged to improve upon what we already know.
The survey was meant to be used as a means to see:
* What the outlook and future of Open API's are
* The gaps we can notice from people actually using them
* How they can become more useful for better security posture and development
* How Open APIs can be used for emerging technologies.
Interoperability is key within this survey. Businesses like the idea of using Open-API's because of their ability to work with systems already in place, and the ability to edit them to specific needs of a business. However, with this comes a lack of common education on where to go for implementing them, or how their security functions work internally from the original source.
[<img(400px,auto)[iCSA/J9BB1.png]]Unfolding within this survey, however, was one thing that stood out the most among all of the questions and answers. Was anyone aware of best practices guide concerning Open APIs? The number was quite staggering, with 84% saying no. This immediately raises a red flag. The one thing we are using the most within development lifecycles and to build new products, doesn't have a well-known guidance supporting its usage and implementation into business models.
As we move towards a future of open banking and other items that will be played at the hand of Open APIs, it is noticed that 44.74% of respondents to this survey have already implemented some form of an Open API.
[>img(400px,auto)[iCSA/J9BB2.png]]The Open API platforms businesses are currently using or planning to use in the future were Key management/organization with 28%, and Open API Universal banking (PSD2) coming in a very close second. With the growth of online banking, however, this number for Universal Banking is more than likely going to grow the most in the coming years compared to other areas of specific interest.
Building off of this question, we next asked if SaaS apps have proper security guarding them. 57% of the responses answered No. Of those 57% who answered No, 40% answered that they already have implemented Open API within their own workspace. Being already familiar with the existence of an Open API, we can confidently assume that security posture with SaaS apps are lacking security features. Because of the free availability of these programs, this can be looked at as no single guideline for secure functions being implemented through each use of a specific API. Lack of guideline and security input from development teams is a vital part of this missing function.
[<img(400px,auto)[iCSA/J9BB3.png]]A staggering 94% responded "Yes" that security vendors should, in fact, be maintaining the Open-API's for SaaS vendors in an effort to push real-time updates. Half of that group is within the category of also already having a strong implementation of currently used open- API's, which also has suggested that the biggest benefit to their organization is interoperability.
Something to note from this data set specifically, is that of all of the "yes" answers above are presently split down the middle that the future of Open API's in speaking to security will lie more dominantly in the IoT devices and B2C/AI categories.
According to the study:
* 71% - Lack of knowledge on how to get started with Open API framework
* 89% - Not enough information on securing Open API's
* 73% - Not enough information on how to implement Open API's or where to look for a checklist for security posture.
These all flow together to form a larger picture –> "How do we do this and where do we go?" A lack of guidance and policy surrounding these items is creating confusion beyond just implementing different open API's.
[>img(400px,auto)[iCSA/J9BB4.png]]We had our respondents rate the best to the worst for organizations to implement security across SaaS vendors which included forward and reverse proxies, webhook integration, and other. As you can see from the image above, forward and reverse proxy scored 22% within the category as being the worst choice (1). Looking at the rows from 1 to 5, webhooks framework yielded the highest positive average ratio for the best choice for implementing security across SaaS vendors.
It is important to note that webhook integration was the strongest choice for security posture and integration into a business environment. Though there were only 13% saying that they strongly agree, 52% were able to agree that a webhook integration is critical to the expansion of an existing framework. Of that group of 52%, more than 60% of their organizations either are working with universal banking initiatives or key management.
There is much left to be developed within the realm of securing Open APIs and giving the reigns to who should actually be responsible for such a job. With Universal Banking becoming dominant internationally and moving into North America, the focus needs to shift to the idea of an interoperable and flexible framework that can give enterprises a knowledge base for building their programming architecture outwards.//
<<<
⇒ Lire [[l'original|https://CloudSecurityAlliance.fr/go/j9bo/]] sur le blog de la CSA
!"CSA's Certificate of Cloud Security Knowledge Exam Is Now Covered Under the U.S. Dept. of Veterans Affairs GI Bill™"
<<<
[>img(auto,100px)[iCSA/J73CCSK.png]]//Eligible U.S. Veterans can now take advantage of opportunity to deepen their cloud security knowledge as part of GI Bill's educational benefits
SEATTLE - September 10, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that the cost of the Certificate of Cloud Security Knowledge (CCSK) exam is now covered under the U.S. Department of Veterans Affairs GI Bill®, meaning that eligible U.S. Veterans and qualifying family members will be reimbursed for the full cost of the exam.
Called the "mother of all cloud computing certifications" by CIO.com, the vendor-neutral CCSK tests for a broad foundation of cloud security knowledge, covering such topics as architecture, governance, compliance, operations, encryption, and virtualization and serves as the foundation for those seeking to demonstrate a deep-seated knowledge and competency with cyber, information, software and cloud computing infrastructure security.
"As enterprises and consumers move greater amounts of sensitive information to the cloud, employers are struggling to find information security leaders who have the necessary breadth and depth of knowledge to establish cloud security programs that protect sensitive information," said Jim Reavis, Co-founder and CEO, Cloud Security Alliance. "We are extremely proud to be able to offer U.S. Veterans the opportunity to further, or even launch, their careers in an exciting and growing field with high demand for qualified professionals."
"There is a tremendous skills gap when it comes to cloud-savvy, information security professionals," said Ryan Bergsma, Training Program Director, CSA. "The CCSK certificate is widely recognized as the standard of cloud security expertise and is the natural next step for those who are looking to learn how to best secure data in the cloud."
Demonstrated expert knowledge of cloud computing and associated security issues is very valuable both to the expert and to our nation. The U.S. military and the organizations who serve its mission have a strong need for these skills. Increasingly, cloud computing and cloud security are vital to national security. Individuals who have this expertise can expect to have a direct impact to our national security and to have additional career opportunities.
Since it was launched in 2010, thousands of IT and security professionals have upgraded their skillsets and enhanced their careers by obtaining the CCSK.Among the benefits of earning the CCSK are:
* Proven competency in key cloud security issues through an organization that specializes in cloud research
* Increased employment opportunities by filling the skills-gap for cloud-certified professionals
* Demonstrated technical knowledge, skills, and abilities to effectively use controls tailored to the cloud
* Ability to establish a baseline of security best practices when dealing with a broad array of responsibilities, from cloud governance to configuring technical security controls
* Serves as a complement to other credentials
The CCSK exam body of knowledge is the CSA Security Guidance v4, the CSA Cloud Control Matrix and the ENISA Cloud Computing Risk Assessment report. Those interested in taking the exam can take advantage of a variety of training programs available through CSA, from free self-study prep courses and self-paced online courses to in-person training sessions and instructor-led online classes.
Since 1944, the GI Bill has helped qualifying Veterans and their family members pay for all or some of the costs associated with college, graduate school and professional training. Now eligible Veterans can receive reimbursement of up to $2,000 per test (but not more than the VA-approved cost of the test) and receive benefits if they need to retake it. Those seeking reimbursement will need to provide the name of the exam (CCSK), the date the test was taken, the exam fee ($395), a copy of their test results (visit https://ccsk.cloudsecurityalliance.org/en/attempts and click on the given test result), and CSA's address (1151 Ellis Street, Bellingham, WA 98225), along with personal information listed here.
GI Bill® is a registered trademark of the U.S. Department of Veterans Affairs (VA). More information about education benefits offered by VA is available at the official U.S. government Web site at https://www.benefits.va.gov/gibill.//
[img(25%,1px)[iCSF/BluePixel.gif]]
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j9ak/|https://CloudSecurityAlliance.fr/go/j9ak/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(100px,auto)[iCSA/CCM.png]]Un appel à commentaires a été lancé pour la relecture de la traduction de la ''CCM'' réalisée par le CSA.
La date de clôture est le 2 octobre 2019.
<<<
//Cloud Security Alliance (CSA) would like to invite you to review and comment on the translated version of the Cloud Control Matrix (CCM) v3.0.1. CSA in the context of an agreement with OneTrust has proceeded towards the translation of the CCM in 10 languages in order to facilitate its easier adoption by organizations at the corresponding countries.
Provided translations are in the following languages:
* Spanish (ES), German (DE), ''French (FR)'', Italian (IT), Japanese (JA), Danish (DA), Dutch (NL), Portuguese (PT), Romanian (RO), Swedish (SV).
To provide your comments (right click on cell + add comment). The objective of the review is to make sure that the terminology and semantics of controls' specifications within the aforementioned tools are maintained per each provided translation set of languages.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j99c/|https://cloudsecurityalliance.fr/go/j99c/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(100px,auto)[iCSA/CAIQ301.png]]Un appel à commentaires a été lancé pour la relecture de la traduction de la ''CAIQ'' réalisée par le CSA.
La date de clôture est le 2 octobre 2019.
<<<
//Cloud Security Alliance (CSA) would like to invite you to review and comment on the translated version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.0.1. CSA in the context of an agreement with OneTrust has proceeded towards the translation of the aforementioned tools in 10 languages in order to facilitate their easier adoption by organizations at the corresponding countries.
Provided translations are in the following languages:
* Spanish (ES), German (DE), ''French (FR)'', Italian (IT), Japanese (JA), Danish (DA), Dutch (NL), Portuguese (PT), Romanian (RO), Swedish (SV).
To provide your comments (right click on cell + add comment). The objective of the review is to make sure that the terminology and semantics of controls' specifications within the aforementioned tools are maintained per each provided translation set of languages.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j99q/|https://cloudsecurityalliance.fr/go/j99q/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(300px,auto)[iCSA/CSAGDPRCoC.jpg]]Un appel à commentaires a été lancé pour la relecture de la traduction de la ''CAIQ'' réalisée par le CSA.
La date de clôture est le 2 octobre 2019.
<<<
//Cloud Security Alliance (CSA) would like to invite you to review and comment on the translated version of the Privacy Level Agreement Code of Conduct (PLA CoC) v3.1. CSA in the context of an agreement with OneTrust has proceeded towards the translation of the aforementioned tools in 10 languages in order to facilitate their easier adoption by organizations at the corresponding countries.
Provided translations are in the following languages:
* Spanish (ES), German (DE), ''French (FR)'', Italian (IT), Japanese (JA), Danish (DA), Dutch (NL), Portuguese (PT), Romanian (RO), Swedish (SV).
To provide your comments (right click on cell + add comment). The objective of the review is to make sure that the terminology and semantics of controls' specifications within the aforementioned tools are maintained per each provided translation set of languages.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j99p/|https://cloudsecurityalliance.fr/go/j99p/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!!1 - Informations CSA de la semaine du 1er au 8 septembre 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Actu : Annonce du programme du ''Congrès CSA EMEA'' du 11 au 21 Novembre à Berlin+++*[»]> <<tiddler [[2019.09.04 - Annonce du programme du Congrès CSA EMEA en Novembre à Berlin]]>>===
* Blog : ''How to Share the Security Responsibility Between the CSP and Customer''+++*[»]> <<tiddler [[2019.09.05 - Blog : How to Share the Security Responsibility Between the CSP and Customer]]>>===
* Publication : ''STAR Level and Scheme Requirements''+++*[»]> <<tiddler [[2019.09.04 - Publication : STAR Level and Scheme Requirements]]>>===
* Actu: Appel à commentaires, document ''Software-Defined Perimeter as a DDoS Prevention Mechanism''+++*[»]> <<tiddler [[2019.08.19 - Appel à commentaires : document 'Software-Defined Perimeter as a DDoS Prevention Mechanism']]>>=== (dernière semaine)
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.09.08 - Veille Hebdomadaire - 8 septembre]] avec plus de 60 liens :
* __''À lire'' :__ rapport CyberCube & Guy Carpenter "''Looking Beyond the Clouds: A US Cyber Insurance Industry Catastrophe Loss Study''"+++*[»]>
|2019.09.05|//CyberCube//|![[Guy Carpenter and CyberCube Report Reveals Potential Impact of Cyber Catastrophe Scenarios on U.S. Cyber Insurance Industry|https://www.cybcube.com/2019/09/guy-carpenter-licenses-first-of-its-kind-cyber-risk-modeling-platform-from-cybercube-following-strategic-alliance-2/]]|Report Major_Outage|
|2019.09.05|//CyberCube//|Rapport "[[Looking Beyond the Clouds: A U.S. Cyber Insurance Industry Catastrophe Loss Study|https://go.guycarp.com/lookingbeyondtheclouds]]|Report Major_Outage|
|2019.09.06|InfoSecurity Mag| → [[Catastrophic Incident at OS Provider Could Cost US Insurers $24bn|https://www.infosecurity-magazine.com/news/catastrophic-incident-os-cost-us/]]|Report Major_Outage|
===
* __Pannes__ : ''AWS''+++*[»]>
|2019.09.04|The Register|[[AWS celebrates Labor Day weekend by roasting customer data in US-East-1 BBQ|https://www.theregister.co.uk/2019/09/04/aws_power_outage_data_loss/]]|Outage AWS|
|2019.09.04|Bleeping Computer| → [[Amazon AWS Outage Shows Data in the Cloud is Not Always Safe|https://www.bleepingcomputer.com/news/technology/amazon-aws-outage-shows-data-in-the-cloud-is-not-always-safe/]]|Outage AWS|
===
* Rapports et sondages : ''CyberCube''+++*[»]>
|2019.09.05|//CyberCube//|![[Guy Carpenter and CyberCube Report Reveals Potential Impact of Cyber Catastrophe Scenarios on U.S. Cyber Insurance Industry|https://www.cybcube.com/2019/09/guy-carpenter-licenses-first-of-its-kind-cyber-risk-modeling-platform-from-cybercube-following-strategic-alliance-2/]]|Report Major_Outage|
|2019.09.05|//CyberCube//|Rapport "[[Looking Beyond the Clouds: A U.S. Cyber Insurance Industry Catastrophe Loss Study|https://go.guycarp.com/lookingbeyondtheclouds]]|Report Major_Outage|
|2019.09.06|InfoSecurity Mag| → [[Catastrophic Incident at OS Provider Could Cost US Insurers $24bn|https://www.infosecurity-magazine.com/news/catastrophic-incident-os-cost-us/]]|Report Major_Outage|
===, ''McKinsey''+++*[»]>
|2019.09.06|//McKinsey//|![[Securing software as a service|https://www.mckinsey.com/business-functions/risk/our-insights/Securing-software-as-a-service]]|Survey McKinsey SaaS|
===, ''Netwrix''+++*[»]>
|2019.09.05|//Netwrix//|[[2019 Netwrix Cloud Data Security Report|https://www.netwrix.com/2019cloudsecurityreport.html]]|Report Netwrix|
|2019.09.02|//Netwrix//| → [[Netwrix Survey: 98% of Educational Institutions Are Not Hiring Dedicated Staff to Improve Cloud Security|https://vmblog.com/archive/2019/09/05/netwrix-survey-98-of-educational-institutions-are-not-hiring-dedicated-staff-to-improve-cloud-security.aspx]]|Report Netwrix|
|2019.09.02|//Netwrix//[>img[iCSF/flag_fr.png]]| → [[Enquête Netwrix : 98 % des établissements d'enseignement n'engagent pas de personnel spécialisé pour améliorer la sécurité du cloud|http://www.globalsecuritymag.fr/Enquete-Netwrix-98-des,20190905,90448.html]]|Report Netwrix|
===, ''Nominet''+++*[»]>
|2019.09.04|//Nominet//|Sondage [[Cyber-Security and the Cloud|https://nominetcyber.com/cyber-security-and-the-cloud/]] ([[pdf|http://media.ntxcyber.com/wp-content/uploads/2019/08/Cloud-security-report_2019.pdf]])|Survey Nominet|
|2019.09.04|VMblog| → [[CISOs now think cloud is safer than on-premise, but security fears remain|https://vmblog.com/archive/2019/09/03/cisos-now-think-cloud-is-safer-than-on-premise-but-security-fears-remain.aspx]]|Survey Nominet|
|2019.09.04|Dark Reading| → [[Multicloud Businesses Face Higher Breach Risk|https://www.darkreading.com/cloud/multicloud-businesses-face-higher-breach-risk/d/d-id/1335719]] ([[rapport|https://media.ntxcyber.com/wp-content/uploads/2019/08/Cloud-security-report_2019.pdf]])|Survey Nominet|
===, ''Spanning''+++*[»]>
|2019.09.05|//Spanning//|[[2019 Cloud and Disaster Recovery Survey: 3 Key Takeaways|https://spanning.com/blog/2019-cloud-disaster-recovery-survey-3-key-takeaways/]] ([[rapport PDF|https://spanning.com/downloads/Spanning-Report-Unitrends-Survey-2019-Growing-Usage-SaaS-Data-Protection.pdf]])|Report Spanning DRP|
===
* Piratages et fuites de données : fuite de données de Monster+++*[»]>
|2019.09.05|TechCrunch|[[Monster.com says a third party exposed user data but didn't tell anyone|https://techcrunch.com/2019/09/05/monster-exposed-user-data-years/]]|DataLeak Monster|
|2019.09.05|Silicon Angle| → [[Monster.com user resumes exposed on misconfigured cloud server|https://siliconangle.com/2019/09/05/monster-com-user-resumes-exposed-misconfigured-third-party-server/]]|DataLeak Monster|
===, utilisation de Cloudflare Workers par le malware Astaroth+++*[»]>
|2019.09.01|Medium|[[Threat Actor behind Astaroth is now using Cloudflare Workers to bypass your Security Solutions|https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c]]|Cloudflare Malicious_Infrastructure|
|2019.09.01|Bleeping Computer| → [[Astaroth Trojan Uses Cloudflare Workers to Bypass AV Software|https://www.bleepingcomputer.com/news/security/astaroth-trojan-uses-cloudflare-workers-to-bypass-av-software/]]|Cloudflare Malicious_Infrastructure|
===
* __Divers__ : AWS et segmentation réseau, réflexions sur les challenges du Cloud Security Posture Management, décommissionnement dans le Cloud
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.09.08|
|2019.09.08|Marco Lancini|[[The Cloud Security Reading List #2|https://cloudseclist.com/issues/issue-2/]]|Weekly_Newsletter|
|>|>|>|!2019.09.07|
|2019.09.07|//Cloud Management Insider//|[[Top 5 Cloud Computing Security Issues; and How they are used by Hackers|https://www.cloudmanagementinsider.com/top-5-cloud-computing-security-issues-and-strategies-used-by-hackers/]]|Report ISC2|
|>|>|>|!2019.09.06|
|2019.09.06|NTP Pool|[[NTP Pool servers on Kubernetes on Packet|https://news.ntppool.org/2019/09/ntp-pool-servers-on-kubernetes-on-packet/]]|K8s NTP|
|2019.09.06|GovLoop|[[1st Federal CISO: I'm 'very uncomfortable' with DoD's JEDI Cloud|https://www.govloop.com/1st-federal-ciso-im-very-uncomfortable-with-dods-jedi-cloud/]]|Government JEDI|
|2019.09.06|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Face au cloud, les RSSI gardent leurs distances|https://www.lemondeinformatique.fr/actualites/lire-face-au-cloud-les-rssi-gardent-leurs-distances-76344.html]]|Governance|
|2019.09.06|//Cloud Management Insider//|[[How VPN provides a secure tunnel to your cloud?|https://www.cloudmanagementinsider.com/vpn-for-cloud-computing/]]|VPN|
|2019.09.06|//AppDynamics//|[[Slowdown is the New Outage (SINTO)|https://www.appdynamics.com/blog/aiops/slowdown-new-outage-sinto/]]|Outage|
|2019.09.06|//Blissfully//|![[SaaS App Deprovisioning Checklist to Keep Your Company Secure|https://www.blissfully.com/blog/saas-app-deprovisioning-checklist/]]|SaaS Deprovisioning|
|2019.09.06|//McKinsey//|![[Securing software as a service|https://www.mckinsey.com/business-functions/risk/our-insights/Securing-software-as-a-service]]|Survey McKinsey SaaS|
|>|>|>|!2019.09.05|
|2019.09.02|Sécurité & Défense Mag[>img[iCSF/flag_fr.png]]|[[Les enjeux stratégiques du Cloud de confiance|https://sd-magazine.com/securite-numerique-cybersecurite/les-enjeux-strategiques-du-cloud-souverain]]|Sovereign_Cloud|
|2019.09.05|TechCrunch|[[Monster.com says a third party exposed user data but didn't tell anyone|https://techcrunch.com/2019/09/05/monster-exposed-user-data-years/]]|DataLeak Monster|
|2019.09.05|Silicon Angle| → [[Monster.com user resumes exposed on misconfigured cloud server|https://siliconangle.com/2019/09/05/monster-com-user-resumes-exposed-misconfigured-third-party-server/]]|DataLeak Monster|
|2019.09.05|NHS|[[NHS SBS launches cloud procurement framework|https://www.ukauthority.com/articles/nhs-sbs-launches-cloud-procurement-framework/]]|Procurement|
|2019.09.05|NHS| → [[Cloud Solutions framework|https://www.sbs.nhs.uk/fas-cloud-solutions]]|Procurement|
|2019.09.05|JDSupra|[[The Systemic Importance of Cloud-Based Service Providers to Banks|https://www.jdsupra.com/legalnews/the-systemic-importance-of-cloud-based-96893/]]|Storage|
|2019.09.05|//CyberCube//|![[Guy Carpenter and CyberCube Report Reveals Potential Impact of Cyber Catastrophe Scenarios on U.S. Cyber Insurance Industry|https://www.cybcube.com/2019/09/guy-carpenter-licenses-first-of-its-kind-cyber-risk-modeling-platform-from-cybercube-following-strategic-alliance-2/]]|Report Major_Outage|
|2019.09.05|//CyberCube//|Rapport "[[Looking Beyond the Clouds: A U.S. Cyber Insurance Industry Catastrophe Loss Study|https://go.guycarp.com/lookingbeyondtheclouds]]|Report Major_Outage|
|2019.09.06|InfoSecurity Mag| → [[Catastrophic Incident at OS Provider Could Cost US Insurers $24bn|https://www.infosecurity-magazine.com/news/catastrophic-incident-os-cost-us/]]|Report Major_Outage|
|2019.09.05|//Netwrix//|[[2019 Netwrix Cloud Data Security Report|https://www.netwrix.com/2019cloudsecurityreport.html]]|Report Netwrix|
|2019.09.02|//Netwrix//| → [[Netwrix Survey: 98% of Educational Institutions Are Not Hiring Dedicated Staff to Improve Cloud Security|https://vmblog.com/archive/2019/09/05/netwrix-survey-98-of-educational-institutions-are-not-hiring-dedicated-staff-to-improve-cloud-security.aspx]]|Report Netwrix|
|2019.09.02|//Netwrix//[>img[iCSF/flag_fr.png]]| → [[Enquête Netwrix : 98 % des établissements d'enseignement n'engagent pas de personnel spécialisé pour améliorer la sécurité du cloud|http://www.globalsecuritymag.fr/Enquete-Netwrix-98-des,20190905,90448.html]]|Report Netwrix|
|2019.09.05|//Alibaba Cloud//|[[Kubernetes Pod Disruption Budgets (PDB)|https://medium.com/@Alibaba_Cloud/kubernetes-pod-disruption-budgets-pdb-1aeaf2a97f05]]|K8s|
|2019.09.05|//CyberArk//|[[Attacking the Cluster Remotely|https://www.cyberark.com/threat-research-blog/kubernetes-pentest-methodology-part-2/]] (2/3)|Kubernetes PenTesting|
|2019.09.05|//Spanning//|[[2019 Cloud and Disaster Recovery Survey: 3 Key Takeaways|https://spanning.com/blog/2019-cloud-disaster-recovery-survey-3-key-takeaways/]] ([[rapport PDF|https://spanning.com/downloads/Spanning-Report-Unitrends-Survey-2019-Growing-Usage-SaaS-Data-Protection.pdf]])|Report Spanning DRP|
|2019.09.05|//Motley Fool//|[[FireEye's Significant Challenges Despite its Growing Cloud Business|https://www.fool.com/investing/2019/09/05/fireeyes-significant-challenges-despite-its-growin.aspx]]|Trends|
|2019.09.05|//Arcserve//|[[Hybrid or Multi-cloud? Picking the Right Cloud Strategy for an Organization's IT Needs|https://cloudtweaks.com/2019/09/hybrid-or-multi-cloud-strategy/]]|Hybrid_Cloud Multi_Cloud|
|2019.09.05|//PaloAlto Networks//|[[The Zero Trust Approach for the Cloud|https://blog.paloaltonetworks.com/2019/09/cloud-zero-trust-approach/]]|Zero_Trust|
|2019.09.02|//Google Cloud//[>img[iCSF/flag_fr.png]]|[[Gouvernance des données dans le cloud : comment l'aborder|http://www.globalsecuritymag.fr/Gouvernance-des-donnees-dans-le,20190905,90461.html]]|Governance Data|
|>|>|>|!2019.09.04|
|2019.09.04|//Nominet//|Sondage [[Cyber-Security and the Cloud|https://nominetcyber.com/cyber-security-and-the-cloud/]]|Survey Nominet|
|2019.09.04|VMblog| → [[CISOs now think cloud is safer than on-premise, but security fears remain|https://vmblog.com/archive/2019/09/03/cisos-now-think-cloud-is-safer-than-on-premise-but-security-fears-remain.aspx]]|Survey Nominet|
|2019.09.04|Dark Reading| → [[Multicloud Businesses Face Higher Breach Risk|https://www.darkreading.com/cloud/multicloud-businesses-face-higher-breach-risk/d/d-id/1335719]] ([[rapport|https://media.ntxcyber.com/wp-content/uploads/2019/08/Cloud-security-report_2019.pdf]])|Survey Nominet|
|2019.09.04|Continuity Central| → [[Cloud is safer than on-premise say that majority of security leaders|https://www.continuitycentral.com/index.php/news/technology/4384-cloud-is-safer-than-on-premise-say-that-majority-of-security-leaders]]|Survey Nominet|
|2019.09.04|CloudTech| → [[Cloud security woes strike again - and it's double trouble for multi-cloud users, research finds|https://www.cloudcomputing-news.net/news/2019/sep/04/cloud-security-woes-strike-again-and-its-double-trouble-multi-cloud-users-research-finds/]]|Survey Nominet|
|2019.09.06|TechNewsWorld| → [[Multi-Cloud Strategy May Pose Higher Security Risk: Study|https://www.technewsworld.com/story/Multi-Cloud-Strategy-May-Pose-Higher-Security-Risk-Study-86229.html]]|Survey Nominet|
|2019.09.04|Redmond|[[Microsoft Azure and Office 365 Services Go Down in Texas Service Area|https://redmondmag.com/articles/2018/09/04/azure-office-365-down-in-texas.aspx]]|Outage Azure O365|
|2019.09.04|The Register|[[AWS celebrates Labor Day weekend by roasting customer data in US-East-1 BBQ|https://www.theregister.co.uk/2019/09/04/aws_power_outage_data_loss/]]|Outage AWS|
|2019.09.04|Bleeping Computer| → [[Amazon AWS Outage Shows Data in the Cloud is Not Always Safe|https://www.bleepingcomputer.com/news/technology/amazon-aws-outage-shows-data-in-the-cloud-is-not-always-safe/]]|Outage AWS|
|2019.09.04|//StorageCraft//[>img[iCSF/flag_fr.png]]|[[Les entreprises rapatrient désormais leurs données depuis le cloud : mais où les stocker ?|https://www.journaldunet.com/solutions/expert/71655/les-entreprises-rapatrient-desormais-leurs-donnees-depuis-le-cloud---mais-ou-les-stocker.shtml]]|Storage|
|2019.09.04|//Vectra//|[[Security pros need more and better visibility into their cloud networks|https://www.helpnetsecurity.com/2019/09/04/cloud-networks-visibility/]]|Misc|
|2019.09.04|//Security Intelligence//|[[Making the Case for Network Segmentation in AWS|https://securityintelligence.com/posts/making-the-case-for-network-segmentation-in-aws/]]|AWS Segmentation|
|2019.09.04|//McAfee//|[[Securing Sensitive Data In the Cloud|https://www.skyhighnetworks.com/cloud-security-blog/securing-sensitive-data-in-the-cloud/]]|Insider_Threats|
|2019.09.04|//Optiv//|[[Service Providers and PCI Compliance, Part 1 - Cloud Services and Your Obligations|https://www.optiv.com/blog/service-providers-and-pci-compliance-part-1-cloud-services-and-your-obligations]] (1/3)|Compliance PCI_DSS|
|2019.09.04|//Smallstep//|[[Embarrassingly easy private certificate management for VMs on AWS, GCP, and Azure|https://smallstep.com/blog/embarrassingly-easy-certificates-on-aws-azure-gcp/]]|Certificates AWS Azure GCP|
|2019.09.04|//Microsoft//|[[Automated investigation and response (AIR) in Office 365|https://docs.microsoft.com/en-us/office365/securitycompliance/automated-investigation-response-office]]|O365 Investigations|
|2019.09.04|//StackRox//|[[5 Kubernetes RBAC Mistakes You Must Avoid|https://www.stackrox.com/post/2019/09/5-kubernetes-rbac-mistakes-you-must-avoid/]]|K8s|
|>|>|>|!2019.09.03|
|2019.09.03|Christophe Parisel|[[Aftermath of the Capital One incident on AWS|https://www.linkedin.com/pulse/aftermath-capital-one-incident-aws-christophe-parisel/]]|CapitalOne Incident Lessons_Learnt|
|2019.09.03|Randy Westergren|[[A Closer Look at Recent HTTP/2 Vulnerabilities Affecting K8s and Other Implementations|https://randywestergren.com/a-closer-look-at-recent-http-2-vulnerabilities-affecting-k8s-and-other-implementations/]]|K8s CVE-2019-9511→9518|
|2019.09.03|DevOps.com|[[From DevOps to DevSecOps: Owning Cloud Security|https://devops.com/from-devops-to-devsecops-owning-cloud-security/]]|DevSecOps|
|2019.09.03|CSO Online|[[ICS as a cloud service is coming: Will the benefits outweigh the risks?|https://www.csoonline.com/article/3434532/ics-as-a-service-icsaas-is-coming-will-the-benefits-outweigh-the-risks.html]]|ICS|
|2019.09.03|Solutions Review|[[The 12 Best Managed Cloud Security Services Providers|https://solutionsreview.com/cloud-platforms/the-12-best-managed-cloud-security-services-providers/]]|MSSP|
|2019.09.03|Infosec Institute|[[Should you take the CCSP/SSCP before the CISSP?|https://resources.infosecinstitute.com/should-you-take-the-ccsp-sscp-before-the-cissp/]]|Certification|
|2019.09.03|//Azure//|[[Reduce disaster recovery time with Azure Site Recovery|https://azure.microsoft.com/en-us/blog/reduce-disaster-recovery-time-with-azure-site-recovery/]]|DRP|
|2019.09.03|//ParkMyCloud//|[[How Much Should Enterprises Worry About Vendor Lock-in in Public Cloud?|https://www.parkmycloud.com/blog/vendor-lock-in/]]|Reversibility|
|2019.09.03|//Fugue//|![[Cloud Security Posture Management Challenge: Baselining vs. Scripts and Bots|https://www.fugue.co/blog/cloud-security-posture-management-challenge-baselining-vs.-scripts-and-bots]]|Security_Posture|
|2019.09.03|//Idaptive//|![[How to Prevent Office 365 Account Lockouts|https://www.idaptive.com/blog/Prevent-Office-365-Account-Lockouts/]]|O365|
|>|>|>|!2019.09.02|
|2019.09.02|MISC[>img[iCSF/flag_fr.png]]|[[L'édito de MISC n°105|https://www.miscmag.com/ledito-de-misc-n105/]]|Governance|
|2019.09.02|CBR Online|[[Why the UK Government's Re-Evaluation of its Cloud First Policy is a Sign of the Times|https://www.cbronline.com/opinion/cloud-first-uk-govt]]|Government Strategy|
|2019.09.02|Bleeping Computer|[[Windows 10 Gets a Cloud Reset Feature, Here's How it Works|https://www.bleepingcomputer.com/news/microsoft/windows-10-gets-a-cloud-reset-feature-here-s-how-it-works/]]|Windows_10|
|2019.09.02|Silicon Angle|[[UK travel company exposes customer calls on misconfigured cloud storage|https://siliconangle.com/2019/09/02/uk-travel-company-exposes-customer-calls-misconfigured-cloud-storage/]]|AWS Data_Leak|
|2019.09.02|InfoQ|[[How to Use Chaos Engineering to Break Things Productively|https://www.infoq.com/articles/chaos-engineering-security-networking/]]|Chaos_Engineering|
|2019.09.02|Rick Blaisdell|[[IoT and its impact on the business world - Part I|https://rickscloud.com/iot-and-its-impact-on-the-business-world-part-i/]]|IoT|
|2019.09.02|SilverLining|!Silver Lining podcast [[Chapter 7: Creating Trust in Cloud|https://silverlining.media/chapter-7-creating-trust-in-cloud/]]|Podcast|
|2019.09.02|//Compliant Cloud//|[[Where's my data gone?|https://compliantcloud.com/wheres-my-data-gone-data-integrity/]]|Integrity|
|2019.09.02|//Verizon//|![[Verizon White Paper: CISO's Guide to Cloud Security|http://rafeeqrehman.com/2019/09/02/verizon-white-paper-cisos-guide-to-cloud-security/]]|CISO|
|2019.09.02|//Compare The Cloud//|[[Why companies are ditching the cloud for hybrid|https://www.comparethecloud.net/articles/why-companies-are-ditching-the-cloud-for-hybrid/]]|Hybrid_Cloud|
|2019.09.02|//Fugue//|[[Why "Cloud Security 101" Isn't So Simple After All|https://www.cyberdefensemagazine.com/why-cloud-security-101/]]|Misc|
|2019.09.02|//Cloudbric//|[[My cloud WAF service provider suffered a data breach…how can I protect myself?|https://www.cloudbric.com/blog/2019/09/cloud-waf-service-provider-suffered-data-breach-protection/]]|DataBreach Imperva|
|2019.09.02|//Palo Alto Networks//|[[Gaining Persistency on Vulnerable Lambdas|https://unit42.paloaltonetworks.com/gaining-persistency-vulnerable-lambdas/]]|AWS Lambda|
|>|>|>|!2019.09.01|
|2019.09.01|Marco Lancini|[[The Cloud Security Reading List #1|https://cloudseclist.com/issues/issue-1/]]|Weekly_Newsletter|
|2019.09.01|Medium|[[Threat Actor behind Astaroth is now using Cloudflare Workers to bypass your Security Solutions|https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c]]|Cloudflare Malicious_Infrastructure|
|2019.09.01|Bleeping Computer| → [[Astaroth Trojan Uses Cloudflare Workers to Bypass AV Software|https://www.bleepingcomputer.com/news/security/astaroth-trojan-uses-cloudflare-workers-to-bypass-av-software/]]|Cloudflare Malicious_Infrastructure|
|2019.09.01|//Ctera//[>img[iCSF/flag_fr.png]]|[[Comment faire face à l'évolution constante des menaces de sécurité dans le Cloud (Ctera)|https://www.eurocloud.fr/faire-face-a-levolution-constante-menaces-de-securite-cloud-ctera/]]|Threats|
!"//How to Share the Security Responsibility Between the CSP and Customer//"
[>img(200px,auto)[iCSA/J82BC.jpg]]Publié le 5 septembre 2019 — Rédigé par Dr. Kai Chen, Chief Security Technology Officer, Consumer BG, Huawei Technologies Co. Ltd
<<<
//The behemoths of cloud service providers (CSPs) have released shared security responsibility related papers and articles, explaining their roles and responsibilities in cloud provisioning. Although they share similar concepts, in reality, there are different interpretations and implementations among CSPs.
While there are many cloud security standards to help guide CSPs in fulfilling their security responsibilities, the cloud customers still find it challenging to design, deploy, and operate a secure cloud service. "''Guideline on Effectively Managing Security Service in the Cloud''"+++*[»]> <<tiddler [[2019.01.04 - Publication : Guideline on Effectively Managing Security Service in the Cloud]]>>=== (referred to as the 'Guideline') developed by CSA's ''Cloud Security Services Management (CSSM) Working Group'' provides an easy-to-understand guidance for cloud customers. It covers how to design, deploy, and operate a secure cloud service for different cloud service models, namely IaaS, PaaS, and SaaS. Cloud customers can use it to help ensure the secure running of service systems.
In the Guideline, the shared security responsibility figure was developed with reference to Gartner's shared security responsibility model
{{floatC{
[img(600px,auto)[iCSA/J95B1.png]].
Staying Secure in the Cloud Is a Shared Responsibility, Gartner
→ https://www.gartner.com/doc/3277620/staying-secure-cloud-shared-responsibility
Security responsibility division between CSPs and cloud customers in different cloud service models.
}}}
It illustrates the security handoff points for IaaS, PaaS, and SaaS cloud models. The handoff point moves up the stack across the models.
While there are differences in the security responsibility across the models, some responsibilities are common to all cloud service models:
''CSPs' Common Security Responsibilities''
* Physical security of the infrastructure, including but not limited to: equipment room location selection; power supply assurance; cooling facilities; protection against fire, water, shock, and theft; and surveillance (for details about the security requirements, see related standards)
* Security of computing, storage, and network hardware
* Security of basic networks, such as anti-distributed denial of service and firewalls
* Cloud storage security, such as backup and recovery
* Security of cloud infrastructure virtualization, such as tenant resource isolation and virtualization resource management
* Tenant identity management and access control
* Secure access to cloud resources by tenant
* Security management, operating monitoring, and emergency response of infrastructure
* Formulating and rehearsing service continuity assurance plans and disaster recovery plans for infrastructure
''Cloud Customers' Common Security Responsibilities''
* User identity management and access control of service systems
* Data security (in the European General Data Protection Regulation (GDPR) mode, cloud customers control the data and should be responsible for data security while CSPs only process the data and should take security responsibilities granted by data controllers.)
* Security management and control of terminals that access cloud services, including hardware, software, application systems, and device rights
Besides that, the Guideline contains chapters that describe the technical requirements for the security assurance of cloud service systems and provides an implementation guide based on the existing security technologies, products, and services. It also illustrates security assurance technologies, products, and services that CSPs and customers should provide in different cloud service models as mentioned previously.
{{floatC{
[img(600px,auto)[iCSA/J95B2.png]]
Security responsibilities between CSPs and cloud customers
}}}
''Mapping of the Guideline with CCM''
To help provide an overview to end users about the similarities and differences between the security recommendations listed in the Guideline and the ''Cloud Controls Matrix'' (CCM) controls, the CSSM working group conducted a mapping of CCM version 3.0.1 to the Guideline.
The ''Mapping of "Guideline on Effectively Managing Security Service in the Cloud" Security Recommendations to CCM'' was a one-way mapping, using the CCM as base, done in accordance with the ''Methodology for the Mapping of the Cloud Controls Matrix''.
The mapping document is supplemented with a detailed ''gap analysis report'' that breaks down the gaps in each CCM domain and provides recommendations to readers.
"This mapping work brings users of the Guideline a step closer to being CCM compliant, beneficial to organizations looking to extrapolate existing security controls to match another framework, standard or best practice," said Dr. Chen Kai, Chief Security Technology Officer, Consumer BG, Huawei Technologies Co. Ltd., and chair of the CSSM Working Group.
Users of the Guideline will be able to bridge lacking areas with ease based on the gap analysis. By understanding what it takes to go from the Guideline to CCM, the mapping work complements the Guideline to help users achieve holistic security controls.
Download the gap analysis report on mapping to the CSA's Cloud Controls Matrix(CCM) now.
Learn more about the Cloud Services Management Working Group here.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/09/05/how-to-share-the-security-responsibility-between-the-csp-and-customer/]] sur le blog de la CSA
!"//Gap Analysis Report on Mapping CSA's Cloud Controls Matrix to 'Guideline on Effectively Managing Security Service in the Cloud'//"
[>img(200px,auto)[iCSA/J95PG.png]]Document publié le 5 septembre 2019.
<<<
//The report summarizes the mapping of CCM v3.0.1 to 'Guideline on Effectively Managing Security Services in the Cloud' and provides gap analysis on the results.//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j95g/|https://CloudSecurityAlliance.fr/go/j95g/]]''
!"//Mapping of 'The Guidelines' Security Recommendations to CCM//"
Document publié le 5 septembre 2019.[>img(100px,auto)[iCSA/CSAdoc.png]]
<<<
//This document contains the additional controls that serves to bridge the gap between CCM V3.0.1 and the controls within 'Guideline on Effectively Managing Security Services in the Cloud' published by Cloud Security Services Working Group.//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j95m/|https://CloudSecurityAlliance.fr/go/j95m/]]''
!"//STAR Level and Scheme Requirements//"
Document publié le 4 septembre 2019.
__Extrait :__
<<<
//CSA Security Trust, Assurance and Risk ([[STAR]]™) is the industry's most powerful program for security assurance in the cloud. STAR™ encompasses key principles of transparency, rigorous auditing, and harmonization of standards. The STAR™ program provides multiple benefits, including indications of best practices and validation of security posture of cloud offerings. STAR™ is based on the following foundation tools:
* The CSA Cloud Controls Matrix ([[CCM]])+++*[»]> <<tiddler [[CCM]]>>===
* The Consensus Assessments Initiative Questionnaire ([[CAIQ]])+++*[»]> <<tiddler [[CAIQ]]>>===
* The CSA Code of Conduct for GDPR Compliance+++*[»]> <<tiddler [[RGPD]]>>===
//[...]//
One of most essential features of the STAR™ program is its registry that documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry is designed for users of cloud services to assess their cloud providers, security providers and advisory and assessment services firms in order to make the best procurement decisions.//
<<<
__Table des matières__[>img(500px,auto)[iCSA/OCF-1.png]]
<<<
# STAR Introduction
# STAR Levels Overview
# Level 1
** STAR Self-Assessment
** GDPR CoC Self-Assessment (Privacy)
# Level 2
** CSA STAR Attestation
** CSA STAR Certification
** CSA C-STAR Assessment
** GDPR CoC Certification (Privacy)
# Level 3
** CSA STAR-Continuous
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j94s/|https://CloudSecurityAlliance.fr/go/j94s/]]''
[>img(300px,auto)[iCSA/JBICE.jpg]]La [[Cloud Security Alliance]] a annoncé le programme du prochain [[Congrès CSA EMEA|2019.11.20 - CSA Congress EMEA 2019 - Berlin]] qui se déroulera du 18 au 21 novembre 2019 à Berlin : "Cloud Security Alliance to Address Convergence of Privacy and Security at 2019 EMEA Congress".
<<<
//''__Andreas Könen__, __Udo Helmbrecht__, and __Pearse O'Donohue__ join thought leaders from BSI, European Privacy Association, Adobe, and Google Cloud as speakers''
Berlin, Germany - Sept. 4, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today announced the speaker line-up and session highlights for its upcoming CSA EMEA Congress (Berlin, Nov. 18-21, 2019). Headlining the event will be two of the most prominent cloud and Internet of Things (IoT) policy makers - __Andreas Könen__, Director General CI, Cyber and Information Security, German Federal Ministry of the Interior, Building and Community (BMI), and __Pearse O'Donohue__, Director, Future Networks Directorate, European Commission - DG CONNECT. __Udo Helmbrecht__. Executive Director, ENISA, will also be on hand and will speak to how cybersecurity certification can foster the EU cybersecurity market.
In his address - ''Cyber Security Act and IT-Security Law 2.0'' - Könen will discuss how developments in security labelling, emerging technologies and the expected rapid growth of the IoT have forced enterprises and governments to rethink security requirements and how to implement them and provide insights into the Cyber Security Act and the German IT Security Law 2.0.
This year's event will focus on two tracks - ''Cloud Privacy, Governance'', and ''Compliance and Best Practices in Cybersecurity'' - and offer attendees the chance to earn CPE credits. Over the course of two days, attendees will learn, among other things, how to:
* go beyond classic vendor risk-assessment practices and take advantage of continuous data-driven security intelligence methods
* real-world, practical advice on automating third-party privacy and security risk programs
* cut through the complexity of today's compliance with a multi-party recognition framework for cloud security
"This year's CSA EMEA Congress examines the convergence of security and privacy a little more than a year after the implementation of the General Data Protection Regulation. The event promises to offer attendees an in-depth examination of what we as cloud professionals have learned over the past 16 months as well as what technologies are shaping our industry's future," said __Daniele Catteddu__, Chief Technology Officer, Cloud Security Alliance.
Attendees will benefit from panels and presentations featuring companies leading the development of cutting-edge advancements in cloud security and data privacy, including:
# ''Cloud Computing Security in the NIS Directive''.
** Presenter: __Dr. Marnix Dekker__, Cybersecurity Expert, European Union Agency for Network and Information Security (ENISA)
# ''From Spreadsheets to Streamlined: Automating the Third-Party Vendor Risk Lifecycle''.
** Presenter: __Ian Evans__, Managing Director, OneTrust
# ''CSA Security Trust Assurance and Risk (STAR)''.
** Presenter: __Daniele Catteddu__, Chief Technology Officer, CSA
# ''How Cybersecurity Certification Can Foster the EU Cybersecurity Market''.
** Presenter: __Dr. Udo Helmbrecht__. Executive Director, ENISA
# ''The Community Draft of the Revised C5''.
** Presenter: __Dr. Patrick Grete__, Cloud Security Expert, Federal Office for Information Security (BSI)
# ''Trust in Cloud by Certification''.
** Presenter: __Damir Savanovic__, Senior Innovation Analyst, CSA
# ''Taking Control of IoT: An Enterprise Perspective''.
** Presenter: __Hillary Baron__, Research Analyst and Program Manager, CSA
# ''Track: Cloud Privacy, Governance and Compliance''
** ''Cloud Security Alliance Code of Conduct for GDPR Compliance''.
*** Presenter: __Paolo Balboni__, Founding Partner, ICT Legal Consulting, and President, European Privacy Association
** ''What's Up with Data Breaches Notifications Under the GDPR''.
*** Presenter: __Dorotea Alessandra De Marco__, Senior Official, Italian Data Protection Authority
** ''Trust but Verify''.
*** Presenter: __Gillian Hamilton__, Strategic Trust Lead, Google Cloud
** ''Bolster Your Incident Response Plan Across Privacy & Security Teams''.
*** Presenter: __Ian Evans__, Managing Director, OneTrust
** ''The GDPR and the NIS Directive One Year On: Security Obligations on Cloud Service Providers''.
*** Presenter: __Jenny Gershkovich__, Information Security Lead Vendor Security Services, ABN AMRO Bank N.V.
*** Presenter: __Isabella Oldani__, Research Coordinator, "Legal and Privacy in the Cloud" Cloud Security Alliance-Italian Chapter
*** Presenter: __Marco Tullio Giordano__, Attorney-at-law, Data Protection Officer and ISO27001 Lead Auditor
*** Presenter: __Massimo Simbula__, founder, Studio Legale Simbula Law Firm
# ''Track: Best Practices in Cybersecurity''
** ''Leveraging Osquery for DFIR at Scale''.
*** Presenter: __Sohini Mukherjee__, Security Researcher, Adobe
** ''Works Councils, Your Best Friends (Really!)''.
*** Presenter: __Mark Wijnhoven__, Global Legal and Privacy Lead, Phillips Group Security
** ''Using Cloud Services Securely - A Practical Viewpoint''.
*** Presenter: __Benoit Heynderickx__, Research Analyst, Information Security Forum
** ''How to Scale Vendor Security Management''.
*** Presenter: __Jenny Gershkovich__, Information Security Lead Vendor Security Services, ABN AMRO Bank N.V.
** ''Secure Cloud Adoption by Spanish Organizations''.
*** Presenter: __Mariano Benito__, CISO, GMV Soluciones Globales Internet Secure
** ''Digital Transformation Requires Security Transformation''.
*** Presenter: __Neil Thacker__, CISO EMEA, Netskope
** ''Cloud Octagon Model for SaaS Risk Assessments''.
*** Presenter: __Jim de Haas__, Cloud Security Wizard, ABN AMRO Bank
** ''Vendor Risk Assessment - A Discussion with Cloud Leaders'' (Panel).
*** Moderator: __Chris Niggel__, Director of Security and Compliance, Okta Vendor Risk Assessment
//
<<<
__Inscription :__
* Lien → https://www.eventbrite.co.uk/e/csa-emea-congress-2019-tickets-55612125364
* Inscription standard : 350 € jusqu'au 1er novembre, frais de 20,24€
* Inscription tardive : 500 € du 2 au 21 novembre, frais de 28,49 €
* Etudiants et fonctionnaires : 50 €, frais de 3,75 €
* Formation "CCSK Foundation" : 870 €, frais de 48,84 €
* Formation "CGC" : 785 €, frais de 44,17 €
* Formation GDPR : 2.000 €, frais de 110,99 €
[img(25%,1px)[iCSF/BluePixel.gif]]
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j94c/|https://cloudsecurityalliance.fr/go/j94c/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Announcing the Security@ San Francisco 2019 Agenda//"
[>img(100px,auto)[iCSA/J9PBA.jpg]]^^Publiée le 25 septembre 2019, l'annonce du programme de la conférence "Security@ San Francisco" du 15 octobre 2019
⇒ Lire [[l'article|https://CloudSecurityAlliance.fr/go/j9pb/]] sur le blog de la Cloud Security Alliance^^
!"//Glass Class: Three Essential Requirements for Securing IaaS//"
[>img(100px,auto)[iCSA/J94BS.jpg]]^^Bien que publié le 23 septembre 2019 sur le blog de la CSA, cet article l'a déjà été il y a 5 semaines, le 14 août 2019 sur le site de Bitglass.
⇒ Lire [[l'article|https://CloudSecurityAlliance.fr/go/j9nz/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://CloudSecurityAlliance.fr/go/j9nx/]]^^
!"//The Four Pillars of CASB: Data Protection//"
[>img(100px,auto)[iCSA/J9GBT.jpg]]^^Bien que publié le 16 septembre 2019 sur le blog de la CSA, cet article l'a déjà été il y a 3 semaines, le 26 août 2019 sur le site de Bitglass.
⇒ Lire [[l'article|https://CloudSecurityAlliance.fr/go/j9gz/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://CloudSecurityAlliance.fr/go/j9gx/]]^^
!"//Cloud Security Roadmap for 2019 & Beyond//"
[>img(100px,auto)[iCSA/J9ABC.jpg]]^^Bien que publié le 10 septembre 2019 sur le blog de la CSA, cet article l'a déjà été il y a une semaine, le 3 septembre 2019 sur le site de ExtraHop.
Il ne s'agit que d'une incitation à télécharger, après inscription, un rapport d'IDC intitulé ""//Cloud SecurityRoadMap: Identifying Limitations to the Shared Responsibility Model as well as Requirements and Best Practices//" et publié le 26 août 2019.
⇒ Lire [[l'article|https://CloudSecurityAlliance.fr/go/j9az/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://CloudSecurityAlliance.fr/go/j9ax/]]^^
!"//What Executives Should Know About the Capital One Breach//"
[>img(100px,auto)[iCSA/J99BW.jpg]]^^Bien que publié le 9 septembre 2019 sur le blog de la CSA, cet article l'a déjà été il y a 3 semaines, le 14 août 2019 sur le site de Fugue.
Il faisait partie des articles déjà mentionnés dans notre veille datée du 18 août 2019
⇒ Lire [[l'article|https://CloudSecurityAlliance.fr/go/j99z/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://CloudSecurityAlliance.fr/go/j99x/]]^^
!"//Security Spotlight: iPhones Susceptible to a Hack via Text//"
[>img(100px,auto)[iCSA/J94BS.jpg]]^^Bien que publié le 4 septembre 2019 sur le blog de la CSA, cet article l'a déjà été il y a 2 semaines, le 21 août 2019 sur le site de Bitglass.
⇒ Lire [[l'article|https://CloudSecurityAlliance.fr/go/j94z/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://CloudSecurityAlliance.fr/go/j94x/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201908>>
<<tiddler fAll2Tabs10 with: VeilleM","_201908>>
<<tiddler fAll2LiTabs10 with: NewsL","201908>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Août 2019]]>>
|!Août|!Sources|!Titres et Liens|!Keywords|
|2019.08.13|Netflix|[[NFLX-2019-002: HTTP/2 Denial of Service Advisory|https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md]]|K8s CVE-2019-9511→9518|
|2019.08.13|CERT/CC|[[VU#605641: HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion|https://www.kb.cert.org/vuls/id/605641/]]|K8s CVE-2019-9511→9518|
||Mitre|Data Dribble→ [[CVE-2019-9511|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511]]|K8s|
||Mitre|Ping Flood → [[CVE-2019-9512|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512]]|K8s|
||Mitre|Resource Loop → [[CVE-2019-9513|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513]]|K8s|
||Mitre|Reset Flood → [[CVE-2019-9514|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514 ]]|K8s|
||Mitre|Settings Flood → [[CVE-2019-9515|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515 ]]|K8s|
||Mitre|0-Length Headers Leak (Nginx variant) → [[CVE-2019-9516|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516]]|K8s|
||Mitre|Internal Data Buffering → [[CVE-2019-9517|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517]]|K8s|
||Mitre|Empty Frames Flood → [[CVE-2019-9518|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518]]|K8s|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Août 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Août 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201908>>
<<tiddler fAll2LiTabs13end with: Blog","201908>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Août 2019]]>>
<<tiddler fAll2LiTabs13end with: Publ","201908>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Août 2019]]>>
!!1 - Informations CSA de la semaine du 26 au 31 août 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : ''Egregious 11 Meta-Analysis Part 2: Virtualizing Visibility''+++*[»]> <<tiddler [[2019.08.28 - Blog :' Egregious 11 Meta-Analysis Part 2: Virtualizing Visibility']]>>===
* Blog : '''On-Chain vs Off-Chain governance. What are the rules to Calvinball?'''+++*[»]> <<tiddler [[2019.08.26 - Blog : 'On-Chain vs Off-Chain governance. What are the rules to Calvinball?']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.08.31 - Veille Hebdomadaire - 31 août]] avec plus de 60 liens :
* __''À lire'' :__ "''Kubernetes #Fails''"+++*[»]>
|2019.08.27|DZone|![[Kubernetes #Fails|https://dzone.com/articles/kubernetes-fails]]|K8s|
===, "''Scalable infrastructure for investigations and incident response''"+++*[»]>
|2019.08.30|//Microsoft//|![[Scalable infrastructure for investigations and incident response|https://msrc-blog.microsoft.com/2019/08/30/scalable-infrastructure-for-investigations-and-incident-response/]]|Incident_Handling Infrastructure|
=== et ''futur de la sécurité réseau dans le Cloud avec le SASE (//Secure Access Service Edge//) du Gartner''"+++*[»]>
|2019.08.30|//Gartner//|[[G00441737: The Future of Network Security Is in the Cloud|https://www.gartner.com/doc/reprints?id=1-6QW0Z4A&ct=190528]] et [[ici|https://www.gartner.com/doc/reprints?id=1-1OG9EZYB&ct=190903]]|Gartner Network SASE G00441737|
===
* Piratages et fuites de données : fuite de données ''Imperva'' pour certains clients du "''Cloud WAF''" (ex ''Incapsula'')+++*[»]>
|2019.08.27|//Imperva//|[[Imperva Security Update|https://www.imperva.com/blog/ceoblog/]]|DataBreach Imperva|
|2019.08.27|Krebs on Security| → [[Cybersecurity Firm Imperva Discloses Breach|https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/]]|DataBreach Imperva|
===
* __Pannes__ : Reddit suite à une panne AWS
* Vulnérabilités : ''Kubernetes'' avec un retour sur la CVE-2019-11245+++*[»]>
|2019.08.28|//Twistlock//|[[Non-root containers, Kubernetes CVE-2019-11245 and why you should care|https://www.twistlock.com/labs-blog/non-root-containers-kubernetes-cve-2019-11245-care/]]|K8s CVE-2019-11245|
=== et un PoC de Spoofing DNS+++*[»]>
|2019.08.29|//Aqua Security//|![[DNS Spoofing on Kubernetes Clusters|https://blog.aquasec.com/dns-spoofing-kubernetes-clusters]]|K8s DNS_Spoofing|
===
* Formation : promotion temporaire pour une offre commerciale de formation Azure tierce et __non certifiante__+++*[»]>
|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ce lien vers une offre COMMERCIALE et PROMOTIONNELLE est fourni à titre INFORMATIF et n'est pas sponsorisé.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — La formation NON CERTIFIANTE, N'a PAS été suivie, et n'est NI conseillée, NI recommandée, NI validée par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à VOTRE décision de suivre le lien et à ses conséquences.@@|
|2019.08.29|//TheNextWeb//|[[This Microsoft Azure training will take your from zero to in-demand data hero|https://thenextweb.com/offers/2019/08/29/this-microsoft-azure-training-will-take-your-from-zero-to-in-demand-data-hero/]]|Training Azure|
===
* __Divers__ : impact(s) potentiel(s) lié(s) au (potentiel) ''Brexit''+++*[»]>
|2019.08.30|BetaNews|[[GDPR and Brexit - Is your cloud provider ready for the UK 'being treated like a third country'?|https://betanews.com/2019/08/30/gdpr-and-brexit/]]|GDPR Brexit|
===
!!Veille Hebdomadaire - 31 août 2019
|!Août|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.08.31|
|2019.08.31|Bleeping Computer|[[Reddit Experiencing Outage Due to Amazon AWS Issue|https://www.bleepingcomputer.com/news/technology/reddit-experiencing-outage-due-to-amazon-aws-issue/]]|Outage AWS Reddit|
|>|>|>|!2019.08.30|
|2019.08.30|MISC[>img[iCSF/flag_fr.png]]|[[Gros plan sur la sécurité des environnements cloud Amazon Web Services|https://www.miscmag.com/gros-plan-sur-la-securite-des-environnements-cloud-amazon-web-services/]]|AWS|
|2019.08.30|BetaNews|[[GDPR and Brexit - Is your cloud provider ready for the UK 'being treated like a third country'?|https://betanews.com/2019/08/30/gdpr-and-brexit/]]|GDPR Brexit|
|2019.08.30|DZone|[[Survey Reveals Rapid Growth in Kubernetes Usage, Security Still a Concern|https://dzone.com/articles/survey-reveals-rapid-growth-in-kubernetes-usage-se]]|K8s Report|
|2019.08.30|Infosec Island|[[Three Strategies to Avoid Becoming the Next Capital One|http://www.infosecisland.com/blogview/25219-Three-Strategies-to-Avoid-Becoming-the-Next-Capital-One.html]]|Incident CapitalOne Lessons_Learnt|
|2019.08.30|TechRepublic|[[How the Cloud Security Alliance helps businesses identify and mitigate cybersecurity risks|https://www.techrepublic.com/article/how-the-cloud-security-alliance-helps-businesses-identify-and-mitigate-cybersecurity-risks/]]|CSA|
|2019.08.30|The Register|[[Microsoft's cloudy Windows Virtual Desktop: It fills a gap, but there are plenty of annoyances|https://www.theregister.co.uk/2019/08/30/microsofts_cloudy_windows_virtual_desktop_fills_a_gap_but_with_plenty_of_annoyances/]]|Virtual_Desktop|
|2019.08.30|Solutions Review|[[5 Cloud Security Mistakes That Could Ruin Your Business|https://solutionsreview.com/cloud-platforms/5-cloud-security-mistakes-that-could-ruin-your-business/]]|Mistakes|
|2019.08.30|Krebs on Security|[[Phishers are Angling for Your Cloud Providers|https://krebsonsecurity.com/2019/08/phishers-are-angling-for-your-cloud-providers/]]|Third_Party Phishing CSP|
|2019.08.30|Verdict|[[Teletext Holidays data breach exposes 212,000 customer call recordings|https://www.verdict.co.uk/teletext-holidays-data-breach-customer-call/]]|AWS Data_Leak|
|2019.09.02|The Register| → [[Teletext Holidays a) exists and b) left 200k customer call recordings exposed in S3 bucket|https://www.theregister.co.uk/2019/09/02/teletext_holidays_200k_call_recordings_s3_bucket/]]|AWS Data_Leak|
|2019.08.30|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Institutions financières : le moment est-il venu de confier la conformité au cloud ?|https://www.silicon.fr/avis-expert/institutions-financieres-le-moment-est-il-venu-confier-la-conformite-au-cloud]]|Compliance|
|2019.08.30|//Microsoft//|![[Scalable infrastructure for investigations and incident response|https://msrc-blog.microsoft.com/2019/08/30/scalable-infrastructure-for-investigations-and-incident-response/]]|Incident_Handling Infrastructure|
|2019.08.30|//Microsoft//| → [[Powershell Scripts to automatically deploy an image of a prebuilt VM to every region you require|https://github.com/microsoft/Scalable-Infrastructure-for-Investigation-and-Incident-Response]]|Incident_Handling Infrastructure|
|2019.08.30|//Google Cloud//|[[Kubernetes security audit: What GKE and Anthos users need to know|https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-security-audit-what-gke-and-anthos-users-need-to-know]]|K8s Audit|
|2019.08.30|//Lacework//|[[Avoid Gaps in Native Cloud Security Tools With a Comprehensive Security Approach, Part 2|https://www.lacework.com/integrate-cloud-security-tools/]] (2/2)|Strategy|
|2019.08.30|//Gartner//|![[G00441737: The Future of Network Security Is in the Cloud|https://www.gartner.com/doc/reprints?id=1-6QW0Z4A&ct=190528]] et [[ici|https://www.gartner.com/doc/reprints?id=1-1OG9EZYB&ct=190903]]|Gartner Network SASE G00441737|
|>|>|>|!2019.08.29|
|2019.08.29|GSA|[[GSA and DOD Award Defense Enterprise Office Solutions Cloud Contract|https://www.gsa.gov/about-us/newsroom/news-releases/gsa-and-dod-award-defense-enterprise-office-solutions-cloud-contract]]|DoD O365|
|2019.08.29|Silicon Angle| → [[DOD awards $7.6B Microsoft Office 365 cloud contract to General Dynamics and partners|https://siliconangle.com/2019/08/29/dod-awards-7-6b-office-365-contract-general-dynamics-partners/]]|DoD O365|
|2019.08.30|Breaking Defense| → [[DoD 'Office' Functions Move To Cloud In Multi-Billion-Dollar Contract|https://breakingdefense.com/2019/08/dod-office-functions-move-to-cloud-in-multi-billion-dollar-contract/]]|Misc|
|2019.08.29|Bleeping Computer|[[Starbucks Abandons Azure Site, Exposed Subdomain to Hijacking|https://www.bleepingcomputer.com/news/security/starbucks-abandons-azure-site-exposed-subdomain-to-hijacking/]]|Azure DNS Incident|
|2019.08.29|DZone|[[Kubernetes Evolution|https://dzone.com/articles/kubernetes-evolution]]|K8s|
|2019.08.29|//AppSecCo//|[[Getting shell and data access in AWS by chaining vulnerabilities|https://blog.appsecco.com/getting-shell-and-data-access-in-aws-by-chaining-vulnerabilities-7630fa57c7ed]]|AWS Flaws|
|2019.08.29|//Idaptative//|[[Next-Gen Access and Zero Trust are the PB&J of Security|https://www.idaptive.com/blog/Next-Gen-Access-Zero-Trust-PBJ-Security/]]|Zero_Trust|
|2019.08.29|//Google Cloud//|[[Now in beta: Managed Service for Microsoft Active Directory (AD)|https://cloud.google.com/blog/products/identity-security/now-in-beta-managed-service-for-microsoft-active-directory-ad]]|GCP Active_Directory|
|2019.08.29|Dark Reading| → [[Google Cloud Releases Beta of Managed Service to Microsoft AD|https://www.darkreading.com/cloud/google-cloud-releases-beta-of-managed-service-to-microsoft-ad/d/d-id/1335687]]|GCP Active_Directory|
|2019.08.29|Compare The Cloud|[[Don't let the FUD cloud the cloud|https://www.comparethecloud.net/articles/dont-let-the-fud-cloud-the-cloud/]]|Misc|
|2019.08.29|//JumpCloud//|[[How to Create a Secure Cloud Identity|https://jumpcloud.com/blog/create-secure-cloud-identity/]]|IAM|
|2019.08.29|//TheNextWeb//|[[This Microsoft Azure training will take your from zero to in-demand data hero|https://thenextweb.com/offers/2019/08/29/this-microsoft-azure-training-will-take-your-from-zero-to-in-demand-data-hero/]]|Training Azure|
|2019.08.29|//Aqua Security//|![[DNS Spoofing on Kubernetes Clusters|https://blog.aquasec.com/dns-spoofing-kubernetes-clusters]]|K8s DNS_Spoofing|
|2019.08.29|//Synetis//[>img[iCSF/flag_fr.png]]|![[SecNumCloud et ISO / IEC 27001 : Quelle norme pour la sécurité du Cloud ?|https://www.synetis.com/secnumcloud-et-iso-iec-27001-quelle-norme-pour-la-securite-du-cloud/]]|Standards SecNumCloud ISO27001|
|>|>|>|!2019.08.28|
|2019.08.28|//DivvyCloud//|[[Financial Services Organizations Don't Need To Fear The Cloud|https://www.forbes.com/sites/forbestechcouncil/2019/08/28/financial-services-organizations-dont-need-to-fear-the-cloud/]]|Misc|
|2019.08.28|DZone|[[Kubernetes Concerns|https://dzone.com/articles/kubernetes-concerns]]|K8s|
|2019.08.28|DZone|[[The Top Ten Cloud Tools From AWS|https://dzone.com/articles/top-10-aws-services]]|AWS|
|2019.08.28|DataCenter Mag|[[Transformation digitale : le SD-WAN peut-il aider à renforcer la sécurité des applications cloud-firs|https://datacenter-magazine.fr/transformation-digitale-le-sd-wan-peut-il-aider-a-renforcer-la-securite-des-applications-cloud-firs/]]|SDWAN|
|2019.08.28|Bloomberg|[[Cloud Security Boom Creates New Crop of Tech Darlings|https://www.bloomberg.com/news/articles/2019-08-28/young-guns-of-cybersecurity-emerge-as-winners-in-shift-to-cloud]]|Misc|
|2019.08.28|TechRepublic|[[How to use Harbor to scan Docker images for vulnerabilities|https://www.techrepublic.com/article/how-to-use-harbor-to-scan-docker-images-for-vulnerabilities/]]|Docker Prevention|
|2019.08.28|Security Boulevard|[[Hybrid vs. Cloud-Based Web Security: Anatomy of a Breach|https://securityboulevard.com/2019/08/hybrid-vs-cloud-based-web-security-anatomy-of-a-breach/]]|Breach|
|2019.08.28|//Security Intelligence//|[[Considering Container Security? 6 Ways to Make a Case for Containerization|https://securityintelligence.com/articles/considering-container-security-6-ways-to-make-a-case-for-containerization/]]|Containers|
|2019.08.28|//JumpCloud//|[[Can I Move Active Directory to the Cloud?|https://jumpcloud.com/blog/ad-to-the-cloud/]]|Active_Directory|
|2019.08.28|//Zscaler//|[[To flip the security model, start with "yes"|https://www.zscaler.com/blogs/corporate/flip-security-model-start-yes]]|Misc|
|2019.08.28|//Twistlock//|[[Non-root containers, Kubernetes CVE-2019-11245 and why you should care|https://www.twistlock.com/labs-blog/non-root-containers-kubernetes-cve-2019-11245-care/]]|K8s CVE-2019-11245|
|2019.08.28|//AWS//|[[Summary of the Amazon EC2 and Amazon EBS Service Event in the Tokyo (AP-NORTHEAST-1) Region|https://aws.amazon.com/message/56489/]]|Outage AWS|
|>|>|>|!2019.08.27|
|2019.08.27|Wall Street Jounal|[[Human Error Often the Culprit in Cloud Data Breaches|https://www.wsj.com/articles/human-error-often-the-culprit-in-cloud-data-breaches-11566898203]]|Risks|
|2019.08.27|DZone|[[The IAM Conundrum |https://dzone.com/articles/the-iam-conundrum-1]]|IAM AWS|
|2019.08.27|DZone|![[Kubernetes #Fails|https://dzone.com/articles/kubernetes-fails]]|K8s|
|2019.08.27|Times of Israël[>img[iCSF/flag_fr.png]]|[[Israël lance un appel d'offre pour un énorme centre de données en cloud|https://fr.timesofisrael.com/israel-lance-un-appel-doffre-pour-un-enorme-centre-de-donnees-en-cloud/]]|Sovereign_Cloud|
|2019.08.27|//FireEye//|[[Automated Threat Remediation for Office 365 Is Now a Few Clicks Away (Part Two)|https://www.fireeye.com/blog/products-and-services/2019/08/automated-threat-remediation-for-office-365-is-now-a-few-clicks-away-part-two.html]] (2/2)|O365 Remediation|
|2019.08.27|Solutions Review|[[6 Devastating Cloud Migration Mistakes You Need to Avoid|https://solutionsreview.com/cloud-platforms/6-devastating-cloud-migration-mistakes-you-need-to-avoid/]]|Migration|
|2019.08.27|JDSupra|[[Alert: Treasury Department Issues Proposed Rules on Cloud Transactions, Other Digital Content|https://www.jdsupra.com/legalnews/alert-treasury-department-issues-76043/]]|Regulations|
|2019.08.27|//eXemplify//|[[Data in the Cloud: How a Valuable Tool Can Also Be a Risk|http://www.exemplifygroup.com/data-in-the-cloud-how-a-valuable-tool-can-also-be-a-risk/]]|Risks|
|2019.08.27|//Tripwire//|[[Who Is Responsible for Your Cloud Security?|https://www.tripwire.com/state-of-security/security-data-protection/cloud/responsible-cloud-security/]]|Responsibility|
|2019.08.27|Forbes|[[The Cloud Is Now For Mission-Critical Enterprise Systems|https://www.forbes.com/sites/forbestechcouncil/2019/08/27/the-cloud-is-now-for-mission-critical-enterprise-systems/]]|Reliability|
|2019.08.27|//Imperva//|[[Imperva Security Update|https://www.imperva.com/blog/ceoblog/]]|DataBreach Imperva|
|2019.08.27|Krebs on Security| → [[Cybersecurity Firm Imperva Discloses Breach|https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/]]|DataBreach Imperva|
|2019.08.27|Silicon Angle| → [[Imperva 'security incident' exposes customer data|https://siliconangle.com/2019/08/27/imperva-security-incident-exposes-cloud-waf-customer-data/]]|DataBreach Imperva|
|2019.08.27|Security Week| → [[Imperva Notifies Cloud WAF Customers of Security Incident|https://www.securityweek.com/imperva-notifies-cloud-waf-customers-security-incident]]|DataBreach Imperva|
|2019.08.27|//Threatpost//| → [[Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates|https://threatpost.com/imperva-firewall-breach-api-keys-ssl-certificates/147743/]]|DataBreach Imperva|
|2019.08.27|CBR Online| → [[Imperva Hacked: Customer API Keys, SSL Certificates Stolen|https://www.cbronline.com/news/imperva-hacked]]|DataBreach Imperva|
|2019.08.27|//Lacework//|[[Avoid Gaps in Native Cloud Security Tools With a Comprehensive Security Approach, Part 1|https://www.lacework.com/native-cloud-security-gaps/]] (1/2)|Strategy|
|2019.08.27|//Azure//|[[Latency is the new currency of the Cloud: Announcing 31 new Azure edge sites|https://azure.microsoft.com/en-us/blog/latency-is-the-new-currency-of-the-cloud-announcing-31-new-azure-edge-sites/]]|Latency|
|2019.08.27|//Fortinet//|[[Securing Your Dynamic Cloud Strategy|https://www.fortinet.com/blog/industry-trends/secure-your-dynamic-cloud-strategy.html]]|Misc|
|2019.08.27|NextCloud|[[Amid escalating trade disputes, EU governments choose independence from US cloud providers|https://nextcloud.com/press/pr20190827/]]|NextCloud|
|2019.08.29|ZDnet[>img[iCSF/flag_fr.png]]| → [[Nextcloud : le ministère de l'Intérieur opte pour une solution libre|https://www.zdnet.fr/actualites/nextcloud-le-ministere-de-l-interieur-opte-pour-une-solution-libre-39889691.htm]]|NextCloud|
|>|>|>|!2019.08.26|
|2019.08.26|Journal du Net[>img[iCSF/flag_fr.png]]|[[Gouvernance des données dans le cloud : comment l'aborder|https://www.journaldunet.com/solutions/expert/71621/gouvernance-des-donnees-dans-le-cloud---comment-l-aborder.shtml]]|Governance|
|2019.08.26|CIO Dive|![[Gartner: A 10-step cookbook for building a cloud strategy|https://www.ciodive.com/news/gartner-a-10-step-cookbook-for-building-a-cloud-strategy/561315/]]|Strategy|
|2019.08.26|BetaNews|[[How cloud-based training can help address the cybersecurity skills gap [Q&A]|https://betanews.com/2019/08/26/cloud-training-security-qa/]]|Training|
|2019.08.26|DZone|[[How to Implement Kubernetes|https://dzone.com/articles/keys-to-implementing-kubernetes]]|K8s|
|2019.08.26|Compliant Cloud|![[Periodic Review for outsourced cloud-based computerised systems, applications and infrastructure|https://compliantcloud.com/periodic-review-for-outsourced-cloud-based-computerised-systems-applications-and-infrastructure/]]|Compliance|
|2019.08.26|!DisruptOps|[[What You Need to Know About AWS Security Monitoring, Logging, and Alerting|https://disruptops.com/what-you-need-to-know-about-aws-security-monitoring-logging-and-alerting/]]|AWS Monitoring Logging|
|2019.08.26|//Cloud Management Insider//|[[Security Guidelines for cloud-native Chatbots|https://www.cloudmanagementinsider.com/security-guidelines-cloud-chatbots/]]|Chatbots|
|2019.08.26|//Alibaba Cloud//|[[Container Security: A Look at Rootless Containers|https://medium.com/datadriveninvestor/container-security-a-look-at-rootless-containers-7c2ea6f6842]]|Containers|
|2019.08.26|//Google Cloud//|[[5 steps to improve your cloud security posture with Cloud Security Command Center|https://cloud.google.com/blog/products/identity-security/5-steps-to-improve-your-cloud-security-posture-with-cloud-security-command-center]] (1/6)|Security_Posture|
|2019.08.26|//Bitglass//|[[The Four Pillars of CASB: Data Protection|https://www.bitglass.com/blog/four-pillars-casb-data-protection]] (1/4)|CASB|
|2019.08.26|//Deloitte//|[[Data modernization and the cloud|https://www2.deloitte.com/us/en/insights/topics/analytics/data-modernization-and-cloud-migration-initiatives.html]]|Report Deloitte|
|2019.08.31|ZDnet| → [[Cloud needs a modern data foundation, modern data needs a cloud foundation|https://www.zdnet.com/article/cloud-needs-a-modern-data-foundation-modern-data-needs-a-cloud-foundation/]]|Report Deloitte|
|2019.09.03|ZDnet[>img[iCSF/flag_fr.png]]| → [[Analyse : le cloud a besoin d'une base de données moderne, et les données modernes ont besoin du cloud|https://www.zdnet.fr/actualites/analyse-le-cloud-a-besoin-d-une-base-de-donnees-moderne-et-les-donnees-modernes-ont-besoin-du-cloud-39889899.htm]]|Report Deloitte|
!"//Egregious 11 Meta-Analysis Part 2: Virtualizing Visibility//"
[>img(200px,auto)[iCSA/J9SBE.jpg]]Deuxième article de la série, publié le 28 août 2019 — Rédigé par Victor Chin, Research Analyst, CSA
<<<
//This is the second blog post in the series where we analyze the security issues in the new iteration of the Top Threats to Cloud Computing report. Each blog post features a security issue that is being perceived as less relevant and one that is being perceived as more relevant.
In this report, we found that traditional cloud security issues stemming from concerns about having a third-party provider are being perceived as less relevant. While more nuanced issues specific to cloud environments are being perceived as more problematic. With this in mind, we will be examining Shared Technology Vulnerabilities and Limited Cloud Usage Visibility further.
Please note that the Top Threats to Cloud Computing reports are not meant to be the definitive list of security issues in the cloud. Rather, the studies measures what industry experts perceive the key security issues to be.
__Shared Technology Vulnerabilities__
Shared Technology Vulnerabilities generally refers to vulnerabilities in the virtual infrastructure where resources are shared amongst tenants. Over the years, there have been several vulnerabilities of that nature with the most prominent being the VENOM (CVE-2015-3456)~~[1]~~ vulnerability that was disclosed in 2015. Shared Technology Vulnerabilities used to be high up on the list of problematic issues. For example, in the first two iterations of the report, Shared Technology Vulnerabilities were rated at 9th and 12th. In the latest iteration of the report, it has dropped off entirely and is no longer perceived by as relevant. It had a score of 6.27 (our cutoff was 7 and above) and ranked 16 out of the 20 security issues surveyed.
Virtualization itself is not a new cloud technology, and its benefits are well known. Organizations have been using virtualization technology for many years as it helps to increase organizational IT agility, flexibility, and scalability while generating cost savings. For example, organizations would only have to procure and maintain one physical asset. That physical IT asset is then virtualized so that its resources are shared across the organization. As the organization owns and manages the entire IT stack, it also has visibility and control over the virtualization technology.
In cloud environments, the situation is markedly different. Virtualization technology (like hypervisors) is generally considered underlying technology that is owned and managed by the cloud service provider. Consequently, the cloud customer has limited access or visibility into the virtualization layer.
[>img(400px,auto)[iCSA/J9SBE.png]]For example, the figure on the right is an architectural representation of the three cloud service models. Underlying technology in an Infrastructure-as-a-Service (IaaS) service model refers to APIs (blue) and anything else below it. Those components are under the control and management of the CSP. At the same time, anything above the APIs (blue) is under the control and management of the cloud customer. For Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS), underlying technology refers to anything underneath Integration & Middleware and Presentation Modality and Presentation Platform, respectively.
Naturally, in the early days of cloud computing, such vulnerabilities were a significant concern for customers. Not only did they have limited access and visibility into the virtualization layer, but the cloud services were also all multi-tenant systems which contained the data and services of other customers of the CSPs.
Over time, it seems like the industry has grown to trust the cloud service providers when it comes to Shared Technology Vulnerabilities. Cloud adoption is at its highest with many organizations adopting a 'Cloud First' policy. However, there is still no industry standard or existing framework that formalizes vulnerability notifications for CSPs, even when a vulnerability is found in the underlying cloud infrastructure. For example, when there is a vulnerability disclosure for a particular hypervisor, (e.g. XEN) an affected CSP does not have to provide any information to its customers. For more information on this issue, please read my other blogpost on cloud vulnerabilities.
That said, it is of note that many recent cloud breaches are the result of misconfigurations by cloud customers. For example, in 2017, Accenture left at least four Amazon S3 buckets set to public and exposed mission-critical infrastructure data. As cloud services developed, the major CSPs have, for the most part, provided sufficient security controls to enable cloud customers to properly configure their environments.
Nevertheless, virtualization technology is a critical component to any cloud service, and vulnerabilities in the virtualization layer can have severe consequences. Cloud customers must remain vigilant when it comes to Shared Technology Vulnerabilities.
__Limited Cloud Usage Visibility__
In the latest Top Threats to Cloud Computing report, Limited Cloud Usage Visibility made its debut in the 10th position.
Limited Cloud Usage Visibility refers to when organizations experience a significant reduction in visibility over their information technology stack. This is due to two main factors. Firstly, unlike in traditional IT environments, the enterprise does not own or manage the underlying cloud IT infrastructure. Consequently, they are not able to fully implement security controls or monitoring tools with as much depth and autonomy as they did with a traditional IT stack. Instead, cloud customers often have to rely on logs provided to them by the cloud providers. Sometimes, these logs are not as detailed as the customer would like it to be.
Secondly, cloud services are highly accessible. They can generally be accessed from the public internet and do not have to go through a company VPN or gateway. Hence, the effectiveness of some traditional enterprise security tools is reduced. For instance, network traffic monitoring and perimeter firewalls are not as effective as they cannot capture network traffic to cloud services that originate outside the organization. For many organizations, such monitoring capabilities are becoming more critical as they begin to host business-critical data and services in the cloud.
To alleviate the issue, enterprises can start using more cloud-aware technology or services to provide more visibility and control of the cloud environment. However, most of the time, the level of control and granularity cannot match that of a traditional IT environment. This lack of visibility and control is something that enterprises moving to the cloud have to get used to. There will be some level of risk associated to it, and it is a risk that they have to accept or work around. Organizations that are not prepared for this lack of visibility in the cloud might end up not applying the proper mitigations. That or they will find themselves unable to fully realize the cost savings of a cloud migration.
[...]
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456 //
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/08/13/egregious-11-meta-analysis-part-1-insufficient-due-diligence-and-cloud-security-architecture-and-strategy/]] sur le blog de la CSA
!"//On-Chain vs Off-Chain governance. What are the rules to Calvinball?//"
[>img(150px,auto)[iCSA/J8QBO.png]]Article de blog publié le 26 août 2019 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA
<<<
//If you don't know what Calvin and Hobbes is you can skip the next bit, but it is amusing.
Calvinball is a game invented by Calvin and Hobbes. Calvinball has no rules; the players make up their own rules as they go along, making it so that no Calvinball game is like another.Rules cannot be used twice (except for the rule that rules cannot be used twice), and any plays made in one game may not be made again in any future games. The game may involve wickets, mallets, volleyballs, and additional sports-related equipment.
If you are familiar with Blockchain governance then the rules to Calvinball may sound eerily similar.
Anytime we build a complex system it will need to be governed by rules. This is especially true for any complex system that involves humans and may need to be modified in the future. In effect, you will not only need rules to govern the system, but rules to govern the rules governing the system. Do you require a 51% majority vote to make a change? How many voters have to participate for a decision to be valid? What defines a voter? What defines a vote? How long are votes held for, how are they announced, who is allowed to initiate a vote?
This was the part where I started discussing on-chain vs. off-chain governance models and various technical aspects of them. But I realized it doesn't matter that much, ultimately what it boils down to is a few core questions:
* Where are the rules defined?
* How are the rules changed?
* Who enforces the current rules?
* How do you create consensus?
* How do you handle disagreements?
* How do you build the incentives to support the above?
Whether or not this happens on chain or off chain we have one ultimate question: How do you build the incentives to support the above? Do you give the miners power? The holders of the tokens? The governance board for the Blockchain?
In general when it comes to building consensus and handling disagreements the least worst solution we have found is democracy, people vote, feel heard, and hopefully both the winners and the losers accept the results and continue on with their lives. When people refuse to accept the results we have problems, for example a Blockchain with a significant and passionate group that is opposed to a change may hard fork, effectively taking their ball and going elsewhere with it. Alternatively I have seen Blockchains attempt to create safety valves, for example allowing people who disagree with a change to close out their position and exit the market in an orderly manner, minimizing the chances of a hard fork.
Because ultimately Blockchain and any complex system that relies upon network effects to create value must foster and encourage consensus between the participants or else it risks pushing people away, and it's not like there aren't hundreds of other Blockchain projects people can //
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/08/26/on-chain-vs-off-chain-governance-what-are-the-rules-to-calvinball/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 19 au 25 août 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Actu: Appel à commentaires, document ''Software-Defined Perimeter as a DDoS Prevention Mechanism''+++*[»]> <<tiddler [[2019.08.19 - Appel à commentaires : document 'Software-Defined Perimeter as a DDoS Prevention Mechanism']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.08.25 - Veille Hebdomadaire - 25 août]] avec plus de 90 liens :
* Alertes: plusieurs vulnérabilités Kubernetes+++*[»]> <<tiddler [[2019.08.31.Alert]]>>===
* Piratages et fuites de données : encore plusieurs commentaires suites de l'attaques contre Capital One dont la Banque Centrale Européenne (''BCE'')et Patrice Bernard
* Rapports et sondages : ''(ISC)^^2^^'', ''Kaspersky'', ''Outpost24'', ''Report Ocean'', ''Tripwire'', ''Vade Secure''
* __Attaques__ : encore du phishing utilisant des ressources dans le Cloud
* Panne : Claranet (UK), GitHub, Google
* __Divers__ : création de la communauté ''Confidential Computing Consortium'' par la Linux Foundation
!!Veille Hebdomadaire - 25 août 2019
|!Août|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!Vulnérabilités Kubernetes|
|2019.08.13|Netflix|[[NFLX-2019-002: HTTP/2 Denial of Service Advisory|https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md]]|K8s CVE-2019-9511→9518|
|2019.08.23|Security Week| → [[Kubernetes Patches Recent HTTP/2 Vulnerabilities|https://www.securityweek.com/kubernetes-patches-recent-http2-vulnerabilities]]|K8s Flaws|
|2019.08.23|Packt pub| → [[A security issue in the net/http library of the Go language affects all versions and all components of Kubernetes|https://hub.packtpub.com/a-security-issue-in-the-net-http-library-of-the-go-language-affects-all-versions-and-all-components-of-kubernetes/]]|K8s Flaws|
|2019.08.22|//PaloAlto Networks//| → [[Kubernetes - Vulnerable to Denial-of-Service Attacks|https://blog.paloaltonetworks.com/2019/08/cloud-kubernetes-vulnerable-denial-service-attacks/]]|K8s Flaws|
|2019.08.20|Bleeping Computer| → [[Severe Flaws in Kubernetes Expose All Servers to DoS Attacks|https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/]]|K8s Flaws|
|>|>|>|!Incident CapitalOne|
|2019.08.24|Fortune| → [[Even After Capital One's Breach, Don't Doubt the Cloud - Cyber Saturday|https://fortune.com/2019/08/24/even-after-capital-ones-breach-dont-doubt-the-cloud-cyber-saturday/]]|Risks|
|2019.08.23|Dark Reading|! → [[Capital One Breach: What Security Teams Can Do Now|https://www.darkreading.com/endpoint/capital-one-breach-what-security-teams-can-do-now/a/d-id/1335475]]|Incident CapitalOne AWS MITRE_ATT&CK Lessons_Learnt|
|2019.08.19|//CloudPassage//| → [[Preventing a Capital One Cloud Data Breach|https://blog.cloudpassage.com/2019/08/21/preventing-a-capital-one-cloud-data-breach/]]|Incident CapitalOne Lessons_Learnt|
|2019.08.20|CIO Dive| → [[Onus for cloud security falls on customers, but AWS could do more, CISO says|https://www.ciodive.com/news/onus-for-cloud-security-falls-on-customers-but-aws-could-do-more-ciso-say/561269/]]|Incident CapitalOne AWS|
|2019.08.19|Banque Centrale Européenne|![[ECB Says the Next European Bank Hack Is Just a Matter of Time|https://www.bloomberg.com/news/articles/2019-08-19/ecb-says-the-next-european-bank-hack-is-just-a-matter-of-time]]|Threats CapitalOne|
|2019.08.19|Patrice Bernard|! → [[Et le cloud devint bouc émissaire|http://cestpasmonidee.blogspot.com/2019/08/et-le-cloud-devint-bouc-emissaire.html]]|CapitalOne Lessons_Learnt|
|2019.08.19|Security Week| → [[AWS: No Significant Issues at Other Alleged Targets of Capital One Hacker|https://www.securityweek.com/aws-no-significant-issues-other-alleged-targets-capital-one-hacker]]|Incident CapitalOne AWS|
|2019.08.19|//Duo Security//| → [[AWS Promises to Scan for Misconfigured Servers|https://duo.com/decipher/aws-promises-to-scan-for-misconfigured-servers]]|Incident CapitalOne AWS|
|>|>|>|!2019.08.25|
|2019.08.25|//Infoblox//|[[Cloud and IPv6|https://community.infoblox.com/t5/IPv6-CoE-Blog/Cloud-and-IPv6/ba-p/3510]]|IPv6|
|>|>|>|!2019.08.24|
|2019.08.24|Secure Reading|[[Securing Cloud Data: Role of Encryption in the Cloud|https://securereading.com/securing-cloud-data-role-of-encryption-in-the-cloud/]]|Encryption|
|>|>|>|!2019.08.23|
|2019.08.23|Le Big Data[>img[iCSF/flag_fr.png]]|[[Cloud : quelles sont les principales menaces et comment s'en protéger|https://www.lebigdata.fr/cloud-menaces]]|CSA Threats|
|2019.08.23|Computer Weekly|[[Majority of organisations struggling with cloud security|https://www.computerweekly.com/news/252469101/Majority-of-organisations-struggling-with-cloud-security]]|Misc|
|2019.08.23|VMblog|[[Who Guards Cloud: Major Cloud Computing Risks and How to Protect It|https://vmblog.com/archive/2019/08/23/who-guards-cloud-major-cloud-computing-risks-and-how-to-protect-it.aspx]]|Risks|
|2019.08.23|The Next Web|[[AWS issues are causing erratic cryptocurrency market data in Asia|https://thenextweb.com/hardfork/2019/08/23/aws-issues-are-causing-erratic-cryptocurrency-market-data-in-asia/]]|Outage AWS Impacts|
|2019.08.23|//Lacework//|[[Lacework Resolves the Container Security Gap|https://www.lacework.com/lacework-container-security/]]|Containers|
|2019.08.23|//Microsoft//|[[Azure AD Mailbag: Tips for Azure AD reporting and monitoring your day-to-day activities |https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-Mailbag-Tips-for-Azure-AD-reporting-and-monitoring-your/ba-p/566498]]|AzureAD Monitoring|
|2019.08.23|//IBM//|[[Quantum Security|https://www.ibm.com/thought-leadership/institute-business-value/report/quantumsecurity]]|Quantum_Computing|
|2019.08.23|Gigabit| → [[Will quantum computing revolutionise cybersecurity? IBM thinks so |https://www.gigabitmagazine.com/cloud-computing/will-quantum-computing-revolutionise-cybersecurity-ibm-thinks-so]]|Quantum_Computing|
|2019.08.23|Dark Reading| → [[IBM Announces Quantum Safe Encryption|https://www.darkreading.com/application-security/ibm-announces-quantum-safe-encryption/d/d-id/1335632]]|Quantum_Computing|
|2019.08.23|//OCD-Tech//|[[Vulnerabilities in the Cloud: Whose Responsibility is it Anyways?|https://ocd-tech.com/2018/08/23/vulnerabilities-in-the-cloud-whose-responsibility-is-it-anyways/]]|Vulnerabilities Responsibility|
|2019.08.23|//Cloudonaut//|[[Complete AWS IAM Reference|https://iam.cloudonaut.io/]]|AWS IAM|
|>|>|>|!2019.08.22|
|2019.08.22|Infosec Institute|[[AWS Security Monitoring Checklist|https://resources.infosecinstitute.com/aws-security-monitoring-checklist/]]|AWS Monitoring|
|2019.08.22|Bleeping Computer|[[GitHub Experienced Widespread Major Services Outage|https://www.bleepingcomputer.com/news/technology/github-experienced-widespread-major-services-outage/]]|Outage GitHub|
|2019.08.22|Computer Weekly|[[Cyber attackers exploiting poor cloud security|https://www.computerweekly.com/news/252469000/Cyber-attackers-exploiting-poor-cloud-security]]|Threats|
|2019.08.22|Container Journal|[[Do VPNs Have a Place in Container Security?|https://containerjournal.com/topics/container-security/do-vpns-have-a-place-in-container-security/]]|Containers VPN|
|2019.08.22|Healthcare IT News|[[CISO security tips for managing hybrid cloud deployments|https://www.healthcareitnews.com/news/ciso-security-tips-managing-hybrid-cloud-deployments]]|Hybrid_Cloud|
|2019.08.22|infoRisk Today|[[Cloud Security: Mess It Up and It's on You|https://www.inforisktoday.com/cloud-security-mess-up-its-on-you-a-12942]]|Governance|
|2019.08.22|DZone|[[Serverless on GCP: A Comprehensive Guide|https://dzone.com/articles/serverless-on-gcp]]|GCP Serverless|
|2019.08.22|Techtarget|[[Use modern cloud security best practices|https://searchcloudcomputing.techtarget.com/tip/Use-modern-cloud-security-best-practices]]|Best_Practices|
|2019.08.22|//Aqua Security//[>img[iCSF/flag_fr.png]]|[[la sécurité doit être intégrée dès la phase de conception des architectures|http://www.globalsecuritymag.fr/Rani-Osnat-Aquasec-la-securite,20190823,89916.html]]|Containers|
|2019.08.22|//Vade Secure//[>img[iCSF/flag_fr.png]]|[[Le phishing visant Facebook monte en flèche au 2e trimestre 2019, tandis que Microsoft demeure la marque la plus ciblée|http://www.globalsecuritymag.fr/Le-phishing-visant-Facebook-monte,20190822,90087.html]]|Report Vade_Secure|
|2019.08.22|//Tripwire//|![[Survey: 84% of Security Pros Said Their Organizations Struggled to Maintain Security Configurations in the Cloud|https://www.tripwire.com/state-of-security/security-data-protection/cloud/survey-84-of-security-pros-said-their-organizations-struggled-to-maintain-security-configurations-in-the-cloud/]]|Report SANS|
|2019.08.22|//Outpost24//|[[37% Of Organisations Have Suffered A Cyberattack On Cloud Environments Due To The Lack Of Basic Cloud Security Hygiene|https://www.informationsecuritybuzz.com/study-research/37-of-organisations-have-suffered-a-cyberattack-on-cloud-environments-due-to-the-lack-of-basic-cloud-security-hygiene/]]|Report Outpost24|
|2019.08.22|//Sonatype//|[[Building Microservice Architecture on Kubernetes|https://blog.sonatype.com/microservice-architecture-on-kubernetes]]|K8s MicroServices|
|2019.08.22|//Akamai//|[[How to Provide Secure Access to AWS Workloads|https://blogs.akamai.com/2019/08/how-to-provide-secure-access-to-aws-workloads.html]]|Access_Controls|
|2019.08.22|//McAfee//|[[19 Cloud Security Best Practices for 2019|https://securingtomorrow.mcafee.com/business/cloud-security/top-19-cloud-security-best-practices/]]|Best_Practices|
|2019.08.22|//Google Cloud//|[[Got microservices? Service mesh management might not be enough|https://cloud.google.com/blog/products/api-management/got-microservices-service-mesh-management-might-not-be-enough]]|APIs|
|2019.08.22|//Caylent//|[[Securing Your Kubernetes Pipeline|https://caylent.com/securing-your-kubernetes-pipeline/]]|K8s|
|2019.08.22|//eXemplify//|[[Infographic: The Cloud and IoT Working Together|http://www.exemplifygroup.com/cloud-iot-infographic/]]|IoT|
|>|>|>|!2019.08.21|
|2019.08.21|(ISC)2|![[2019 Cloud Security Report|https://www.isc2.org/resource-center/reports/cloud-security-report]]|Report ISC2|
|2019.08.21|Confidential Computing Consortium|![[New Cross-Industry Effort to Advance Computational Trust and Security for Next-Generation Cloud and Edge Computing|https://confidentialcomputing.io/2019/08/21/new-cross-industry-effort-to-advance-computational-trust-and-security-for-next-generation-cloud-and-edge-computing/]]|Trust_Initiative|
|2019.08.21|GeekWire| → [[Microsoft, Google, Red Hat and others join forces for cloud security in 'confidential computing' group|https://www.geekwire.com/2019/microsoft-google-red-hat-others-join-forces-cloud-security-confidential-computing-group/]]|Trust_Initiative|
|2019.08.21|Computer Weekly| → [[Tech firms join forces to boost cloud security|https://www.computerweekly.com/news/252469010/Tech-firms-join-forces-to-boost-cloud-security]]|Trust_Initiative|
|2019.08.23|Help Net Security| → [[New cross-industry consortium aims to accelerate confidential computing adoption|https://www.helpnetsecurity.com/2019/08/23/accelerate-confidential-computing-adoption/]]|Trust_Initiative|
|2019.08.21|CIO Review|[[Knowing your Provider's Capabilities is Critical to Cloud Security|https://sdn.cioreview.com/cxoinsight/knowing-your-provider-s-capabilities-is-critical-to-cloud-security-nid-24427-cid-147.html]]|CSP|
|2019.08.21|The Register|[[Welcome to Hollywood, Claranet-style: You've (not) got mail, or hosted sites for that matter|https://www.theregister.co.uk/2019/08/21/claranet_celebrates_wednesday_with_a_good_old_fashioned_outage/]]|Outage Claranet|
|2019.08.21|MeriTalk|[[Special Report: Zero Trust Necessary for Cloud Security|https://www.meritalk.com/articles/special-report-zero-trust-necessary-for-cloud-security/]]|Zero_Trust|
|2019.08.21|MSSP Alert|[[AWS Cloud Security: Web Application Firewall Statement|https://www.msspalert.com/cybersecurity-breaches-and-attacks/aws-wap-statement/]]|AWS Prevention|
|2019.08.21|//HiveMQ//|[[IoT Security in the cloud - How to integrate IoT Device Authentication and Authorization with HiveMQ and AWS|https://www.hivemq.com/blog/iot-security-hivemq-ese-aurora/]]|IoT AWS|
|2019.08.21|//Box//|[[Introducing intelligent, frictionless content security with Box Shield|https://blog.box.com/box-shield-intelligent-frictionless-content-security]]|Detection Box|
|2019.08.21|SiliconAngle| → [[Box adds stricter access controls and threat detection capabilities|https://siliconangle.com/2019/08/21/box-adds-stricter-access-controls-threat-detection-capabilities/]]|Detection Box|
|2019.08.21|Dark Reading| → [['Box Shield' Brings New Security Controls|https://www.darkreading.com/cloud/box-shield-brings-new-security-controls-/d/d-id/1335593]]|Detection Box|
|2019.08.21|//Radware//|[[How to Choose a Cloud DDoS Scrubbing Service|https://blog.radware.com/security/ddos/2019/08/how-to-choose-a-cloud-ddos-scrubbing-service/]]|DDoS|
|2019.08.21|//Lacework//|[[Developing a Security-First Model for Cloud Compliance|https://www.lacework.com/security-first-cloud-compliance/]]|Compliance|
|2019.08.21|//Keysight//[>img[iCSF/flag_fr.png]]|[[Quatre priorités pour sécuriser le cloud|https://www.informatiquenews.fr/quatre-priorites-pour-securiser-le-cloud-lora-ohaver-keysight-technologies-62987]]|Misc|
|2019.08.21|//Fugue//|[[Why You Need Automated Remediation for AWS Security Groups and VPCs|https://www.fugue.co/blog/why-you-need-automated-remediation-for-aws-security-groups-and-vpcs]]|Remediation AWS|
|2019.08.21|//JumpCloud//|[[Google Cloud Identity vs Active Directory|https://jumpcloud.com/blog/google-cloud-identity-vs-active-directory/]]|GCP Active_Directory|
|2019.08.21|//Black Hills//|![[Securing the Cloud: A Story of Research, Discovery, and Disclosure|https://www.blackhillsinfosec.com/securing-the-cloud-a-story-of-research-discovery-and-disclosure/]]|AWS EMR|
|>|>|>|!2019.08.20|
|2019.08.20|NCSC UK|[[Cloud security made easier with Serverless|https://www.ncsc.gov.uk/blog-post/cloud-security-made-easier-with-serverless]]|Serverless|
|2019.08.20|Solutions Review|[[6 Questions to Ask Before Choosing a Cloud Managed Service Provider|https://solutionsreview.com/cloud-platforms/6-questions-to-ask-before-choosing-a-cloud-managed-service-provider/]]|Cloud_Managed_Service_Provider|
|2019.08.20|DZone|[[Cloud-Native Best Business Practices (Part 4): Automatic Backup and Disaster Recovery|https://dzone.com/articles/cloud-native-best-business-practices-part-4-automa]] (4/7)|Best_Practices|
|2019.08.20|DevOps|[[Autonomous Security in Containers|https://devops.com/autonomous-security-in-containers/]]|Containers|
|2019.08.20|//HiveMQ//|[[MQTT Topics & Best Practices - MQTT Essentials: Part 5|https://www.hivemq.com/blog/mqtt-essentials-part-5-mqtt-topics-best-practices/]] (5/5)|MQTT|
|2019.08.20|//Threatpost//|[[How to Prepare for Misconfigurations Clouding the Corporate Skies|https://threatpost.com/how-to-prepare-for-misconfigurations-that-cloud-the-corporate-skies/147538/]]|Misconfigurations|
|2019.08.20|//Managed Methods//|[[Use this 7 step data loss prevention checklist to help plan and tackle your DLP strategy|https://managedmethods.com/blog/data-loss-prevention-checklist/]]|DLP|
|2019.08.20|//Aryaka//|[[Building and Maintaining an SD-WAN is Complex and Time Consuming - Aryaka's Third Annual Global State of the WAN Report Reveals New Insights|https://vmblog.com/archive/2019/08/20/building-and-maintaining-an-sd-wan-is-complex-and-time-consuming-aryaka-s-third-annual-global-state-of-the-wan-report-reveals-new-insights.aspx]] ([[rapport|https://info.aryaka.com/state-of-the-wan-report-2019.html]]|Report Aryaka|
|2019.08.20|//Zscaler//|[[Four security hurdles with SD-WAN (and how to avoid them)|https://www.zscaler.com/blogs/corporate/four-security-hurdles-sd-wan-and-how-avoid-them]]|SD-WAN|
|2019.08.20|//Immuniweb//[>img[iCSF/flag_fr.png]]|[[Étude : L'état de la sécurité des applications parmi les 100 premières start-up mondiales fintech|http://www.globalsecuritymag.fr/Etude-L-etat-de-la-securite-des,20190820,89999.html]]|Report Immuniweb|
|2019.08.20|//Tripwire//|[[Forensics in the Cloud: What You Need to Know|https://www.tripwire.com/state-of-security/security-data-protection/cloud/forensics-cloud-need-to-know/]]|Forensics|
|2019.08.20|//Naked Security by Sophos//|[[Serious Security: Phishing in the cloud - the freemium way|https://nakedsecurity.sophos.com/2019/08/20/serious-security-phishing-in-the-cloud-the-freemium-way/]]|Phishing|
|2019.08.20|//Azure//|[[Azure Security Center single click remediation and Azure Firewall JIT support|https://azure.microsoft.com/en-us/blog/azure-security-center-single-click-remediation-and-azure-firewall-jit-support/]]|Azure|
|2019.08.20|//Microsoft //|[[One simple action you can take to prevent 99.9 percent of attacks on your accounts|https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/]]|Authentication MFA|
|2019.08.20|//Qualys//|[[If You Don't Have Visibility, You Don't Have Security|https://www.infosecisland.com/blogview/25217-If-You-Dont-Have-Visibility-You-Dont-Have-Security.html]]|Asset Management|
|2019.08.20|//CyberArk//[>img[iCSF/flag_fr.png]]|[[La chaine logistique, nouvelle cible des hackers|http://www.globalsecuritymag.fr/La-chaine-logistique-nouvelle,20190820,90013.html]]|Supply_Chain|
|2019.08.20|//Rapid7//|[[How Attackers Can Harvest Users' Microsoft 365 Credentials with New Phishing Campaign|https://blog.rapid7.com/2019/08/20/how-attackers-can-harvest-users-microsoft-365-credentials-with-new-phishing-campaign/]]|Phishing O365|
|2019.08.21|Bleeping Computer| → [[Phishing Attacks Scrape Branded Microsoft 365 Login Pages|https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/]]|Phishing O365|
|2019.08.20|//Backblaze//|[[What's the Diff: Private Cloud vs Public Cloud|https://www.backblaze.com/blog/private-cloud-vs-public-cloud/]]|Misc|
|2019.08.20|//CyberArk//|[[Four Things Security Can Do to Keep Up with DevOps CI/CD|https://www.cyberark.com/blog/four-things-security-can-do-to-keep-up-with-devops-ci-cd/]] (4/5)|DevSecOps|
|2019.08.20|//Thales//|[[The rise of hybrid cloud poses new security challenges - are you prepared?|https://blog.thalesesecurity.com/2019/08/20/the-rise-of-hybrid-cloud-poses-new-security-challenges-are-you-prepared/]]|Hybrid_Cloud|
|2019.08.20|//CCSI//|[[Secure SD-WAN Needs to Support Your Cloud On-Ramp Strategy|https://www.ccsinet.com/blog/secure-sdwan-cloud-strategy/]]|SD-WAN|
|2019.08.20|//FireEye//|[[Automated Threat Remediation for Office 365 Is Now a Few Clicks Away (Part One)|https://www.fireeye.com/blog/products-and-services/2019/08/automated-threat-remediation-for-office-365-a-few-clicks-away-part-one.html]] (1/2)|O365 Remediation|
|2019.08.20|//Veeam//[>img[iCSF/flag_fr.png]]|[[La sauvegarde fait plus que jamais partie intégrante de l'équation de la sécurité dans une ère de risques exceptionnels pour les entreprises|http://www.globalsecuritymag.fr/La-sauvegarde-fait-plus-que-jamais,20190819,89964.html]]|Backups|
|2019.08.20|//Veeam//[>img[iCSF/flag_fr.png]]|[[Les 6 principales raisons d'utiliser un service de sauvegarde dans le cloud (BaaS)|https://www.informatiquenews.fr/les-6-principales-raisons-dutiliser-un-service-de-sauvegarde-dans-le-cloud-baas-62962]]|Backups|
|2019.08.20|//Cyber Security Cloud//|[[Cyber Security Cloud Developed "Cyneural", A New Cyber Attack Detecting AI Engine Using Deep Learning|https://www.benzinga.com/pressreleases/19/08/n14303266/cyber-security-cloud-developed-cyneural-a-new-cyber-attack-detecting-ai-engine-using-deep-learning]]|Detection Deep_Learning|
|2019.08.20|//Clouonaut//|[[EC2 Instance Connect is an insecure default!|https://cloudonaut.io/ec2-instance-connect-is-an-insecure-default/]]|AWS Authentication|
|2019.08.20|SANS|[[JumpStart Guide for SIEM in AWS|https://www.sans.org/reading-room/whitepapers/analyst/jumpstart-guide-siem-aws-39110]]|Analysis Misc.|
|2019.08.20|//Google Cloud//|[[How Google adopted BeyondCorp: Part 2|https://security.googleblog.com/2019/08/how-google-adopted-beyondcorp-part-2.html]] (2/4)|Misc|
|2019.08.20|//Microsoft//[>img[iCSF/flag_fr.png]]|![[Définir le nuage natif|https://docs.microsoft.com/fr-fr/dotnet/architecture/cloud-native/definition]]|Cloud_Native|
|2019.08.20|//Microsoft//| → [[Defining cloud native|https://docs.microsoft.com/en-us/dotnet/architecture/cloud-native/definition]]|Cloud_Native|
|>|>|>|!2019.08.19|
|2019.08.19|Google|[[Google Cloud Console Incident #19008|https://status.cloud.google.com/incident/developers-console/19008]]|Outage Google|
|2019.08.19|Bleeping Computer| → [[Gmail Is Down, Displays "Something Went Wrong" Errors|https://www.bleepingcomputer.com/news/google/gmail-is-down-displays-something-went-wrong-errors/]]|Outage Google|
|2019.08.19|DZone|[[Kubernetes RBAC, Monitoring, Logging, Storage: What You Need to Know for Enterprise Use|https://dzone.com/articles/kubernetes-rbac-monitoring-logging-storage-what-yo]]|K8s|
|2019.08.19|Compare The Cloud|[[Cloud Hosting vs Shared Hosting - The Pros and Cons|https://www.comparethecloud.net/articles/cloud-hosting-vs-shared-hosting-the-pros-and-cons/]]|Hosting|
|2019.08.19|JDSupra|[[Proposed Regulations on Cross-Border Cloud Transactions and other Digital Content Transactions|https://www.jdsupra.com/legalnews/proposed-regulations-on-cross-border-56056/]]|Regulations|
|2019.08.19|Dark Reading|[[Global Cyber Alliance Launches Cybersecurity Development Platform for Internet of Things (IoT) Devices|https://www.darkreading.com/risk/global-cyber-alliance-launches-cybersecurity-development-platform-for-internet-of-things-%28iot%29-devices/d/d-id/1335568]]|IoT|
|2019.08.19|isBuzz news|[[How To Overcome 3 Key Challenges Of Shared Responsibility In The Cloud|https://www.informationsecuritybuzz.com/articles/how-to-overcome-3-key-challenges-of-shared-responsibility-in-the-cloud-2/]]|Shared_Responsibility|
|2019.08.19|//HiveMQ//|[[Top 10 Criteria for Selecting a MQTT Broker|https://www.hivemq.com/blog/top-10-mqtt-broker-criteria/]]|MQTT|
|2019.08.19|//InfoSec Island//|[[5 Limitations of Network-Centric Security in the Cloud|http://www.infosecisland.com/blogview/25216-5-Limitations-of-Network-Centric-Security-in-the-Cloud.html]]|Network_Security|
|2019.08.19|//Kaspersky//|[[IT threat evolution Q2 2019. Statistics|https://securelist.com/it-threat-evolution-q2-2019-statistics/92053/]]|Trends|
|2019.08.19|//JumpCloud//|[[Cloud OpenLDAP|https://jumpcloud.com/blog/cloud-openldap/]]|Authentication LDAP|
|2019.08.19|//Report Ocean//|[[Global Cloud Access Security Brokers Market Development, History, Current Industry Analysis and Estimated Forecast|https://scoopjunction.com/global-cloud-access-security-brokers-market-development-history-current-industry-analysis-and-estimated-forecast/36712/]]|Report CASB|
|2019.08.19|//Rapid7//|[[Automating the Cloud: AWS Security Done Efficiently|https://blog.rapid7.com/2019/08/19/automating-the-cloud-aws-security-done-efficiently/]]|AWS Automation|
|2019.08.19|//Aqua Security//|[[Trivy Vulnerability Scanner Joins the Aqua Family|https://blog.aquasec.com/trivy-vulnerability-scanner-joins-aqua-family]]|Containers Tools|
|2019.08.19|FedScoop|[[Why government is slow to endorse frameworks for quantifying cybersecurity risk|https://www.fedscoop.com/cybersecurity-risk-management-doe-dot/]]|Risk_Management FAIR|
[>img(100px,auto)[iCSA/CSAdoc.png]]Un appel à commentaires dont la date de clôture est le ''16 septembre 2019'' : "''Software-Defined Perimeter as a DDoS Prevention Mechanism''".
<<<
//The primary goal of this document is to increase the awareness and understanding of SDP as a tool to prevent DDoS attacks by demonstrating its efficiency and effectiveness against several well known attacks, including HTTP Flood, TCP SYN, and UDP Reflection.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j8jc/|https://cloudsecurityalliance.fr/go/j8jc/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!!1 - Informations CSA de la semaine du 12 au 18 août 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : ''Egregious 11 Meta-Analysis Part 1: (In)sufficient Due Diligence and Cloud Security Architecture and Strategy''+++*[»]> <<tiddler [[2019.08.13 - Blog : 'Egregious 11 Meta-Analysis Part 1: (In)sufficient Due Diligence and Cloud Security Architecture and Strategy']]>>===
* Publication : ''What is personal data under the GDPR?''+++*[»]> <<tiddler [[2019.08.14 - Publication : 'What is personal data under the GDPR?']]>>===
!!2 - Veille Web Clo1ud et Sécurité
La [[Veille Web|2019.08.18 - Veille Hebdomadaire - 18 août]] avec plus de 60 liens :
* Piratages et fuites de données : toujours des commentaires sur l'incident chez ''Capital One''
* Rapports et sondages : ''CloudPassage'', ''Fortinet''
* __Divers__ : recherche de composants mal configurés dans le Cloud, détection de dysfonctionnements, plan de réponse à un incident cloud ou lié à des containers, le programme ''Cloud Smart'' américain
!!3 - Agenda
* Une première version du planning du congrès CSA de Berlin est disponible → [[CloudSecurityAlliance.fr/go/jBjE/|https://cloudsecurityalliance.fr/go/jBjE/]]
!!Veille Hebdomadaire - 18 août 2019
|!Août|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.08.17|
|2019.08.17|Framboise314[>img[iCSF/flag_fr.png]]|[[Un cluster de Raspberry Pi avec Kubernetes|https://www.framboise314.fr/un-cluster-de-raspberry-pi-avec-kubernetes/]]|K8s RaspberryPi|
|2019.08.17|ZDnet|[[Cloud security is too important to leave to cloud providers|https://www.zdnet.com/article/cloud-security-is-too-important-to-leave-to-cloud-providers/]]|CSA|
|>|>|>|!2019.08.16|
|2019.08.16|CBR Online|[[You Can Now Trigger a Kernel Panic on AWS EC2 Instances by API|https://www.cbronline.com/news/aws-kernel-panic-diagnostic-interrupt]]|AWS APIs Issue|
|2019.08.16|Security Boulevard|[[What Unique Cloud Document Indicators Can Reveal About Data Loss Risk|https://securityboulevard.com/2019/08/what-unique-cloud-document-indicators-can-reveal-about-data-loss-risk/]]|Data_Loss|
|2019.08.16|DISA|[[DISA streamlines approach to cloud authorizations|https://disa.mil/NewsandEvents/2019/cloud-authorizations]]|Authorization US|
|2019.08.16|NextGov| → [[It's Official: Defense Department Will Use Other Agencies' Cloud Security Assessments|https://www.nextgov.com/cybersecurity/2019/08/its-official-defense-department-will-use-other-agencies-cloud-security-assessments/159241/]]|Authorization US|
|2019.08.16|//Roger Halbheer//|[[How to leverage "Secure Access Workstations" for the Cloud|https://www.halbheer.ch/security/2019/08/16/how-to-leverage-secure-access-workstations-for-the-cloud/]]|Secure_Access|
|>|>|>|!2019.08.15|
|2019.08.15|CyberDefense Mag|[[What's the Matter with S3?|https://www.cyberdefensemagazine.com/whats-the-matter-with-s3/]]|S3|
|2019.08.15|NextGov|[[Accelerating Cloud Computing in Government Requires New Management Approach|https://www.nextgov.com/ideas/2019/08/accelerating-cloud-computing-government-requires-new-management-approach/159202/]]|Government|
|2019.08.15|Federal News Network|[[DHS letting its components, 'smart' strategy guide its own cloud journey|https://federalnewsnetwork.com/cloud-computing/2019/08/dhs-letting-its-components-smart-strategy-guide-its-own-cloud-journey/]]|CloudSmart|
|2019.08.15|NextGov|[[Cloud Smarter|https://www.nextgov.com/cio-briefing/2019/08/cloud-smarter/159163/]]|CloudSmart|
|2019.08.15|GovLoop|[[DoD's JEDI Cloud: How It Might Impact Your Agency|https://www.govloop.com/dods-jedi-cloud-how-it-might-impact-your-agency/]]|Government JEDI|
|2019.08.15|JD Supra|[[IRS Issues Proposed Regulations Classifying Cloud Transactions and Transfers of Digital Content for U.S. Federal Income Tax Purposes|https://www.jdsupra.com/legalnews/irs-issues-proposed-regulations-19290/]]|Regulations|
|2019.08.15|Dark Reading|[[7 Biggest Cloud Security Blind Spots|https://www.darkreading.com/cloud/7-biggest-cloud-security-blind-spots/d/d-id/1335493]]|Threats|
|2019.08.15|TechRepublic|[[How to SSH into an AWS instance|https://www.techrepublic.com/article/how-to-ssh-into-an-aws-instance/]]|AWS SSH|
|2019.08.15|//Security Intelligence//|[[3 Barriers to Identity and Access Management (IAM) Modernization|https://securityintelligence.com/posts/3-barriers-to-identity-and-access-management-iam-modernization/]]|IDaaS IAM|
|2019.08.15|//Azure//|[[Azure Ultra Disk Storage: Microsoft's service for your most I/O demanding workloads|https://azure.microsoft.com/en-us/blog/azure-ultra-disk-storage-microsoft-s-service-for-your-most-i-o-demanding-workloads/]]|Misc|
|2019.08.15|//Azure//|[[Announcing the general availability of Azure Ultra Disk Storage|https://azure.microsoft.com/en-us/blog/announcing-the-general-availability-of-azure-ultra-disk-storage/]]|Misc|
|2019.08.15|//Rapid7//|[[Responding to Cloud-Based Security Incidents with InsightConnect: AWS Security Hub|https://blog.rapid7.com/2019/08/15/responding-to-cloud-based-security-incidents-with-insightconnect-aws-security-hub/]] (3/3)|Incident_Handling AWS|
|2019.08.15|//Avanan//|[[MetaMorph HTML Obfuscation Phishing Attack|https://www.avanan.com/resources/metamorph-html-obfuscation-phishing-attack]]|Phishing O365|
|>|>|>|!2019.08.14|
|2019.08.14|GBHackers on Security|[[MaaS - Rent an Android Malware "Cerberus" From Underground Forums To Control Any Android Device Remotely|https://gbhackers.com/android-malware-cerberus/]]|MaaS|
|2019.08.14|Security Boulevard|[[The Cloud, Outages and You: Who's Responsible for What?|https://securityboulevard.com/2019/08/the-cloud-outages-and-you-whos-responsible-for-what/]]|Shared_Responsibility|
|2019.08.14|Solutions Review|[[How to Design a Flawless Cloud Security Strategy|https://solutionsreview.com/cloud-platforms/how-to-design-a-flawless-cloud-security-strategy/]]|Strategy|
|2019.08.14|CIO Dive|[[5 cloud dos and don'ts|https://www.ciodive.com/news/5-cloud-dos-and-donts/560878/]]|Strategy|
|2019.08.14|CSO|[[Securing Your Multi-Cloud Strategy|https://www.csoonline.com/article/3432121/securing-your-multi-cloud-strategy.html]]|Multi_Cloud|
|2019.08.14|Forbes|[[Shadow IT: You Can't Protect What You Can't See|https://www.forbes.com/sites/insights-ibmresiliency/2019/08/14/shadow-it-you-cant-protect-what-you-cant-see/]]|Shadow_IT|
|2019.08.14|DZone|[[End-to-End Tests: Managing Containers in Kubernetes|https://dzone.com/articles/end-to-end-tests-managing-containers-in-kubernetes]]|K8s|
|2019.08.14|The Federal Register|[[Classification of Cloud Transactions and Transactions Involving Digital Content|https://www.federalregister.gov/documents/2019/08/14/2019-17425/classification-of-cloud-transactions-and-transactions-involving-digital-content]]|Legal|
|2019.08.14|GovLoop|[[DoD's JEDI Cloud: The Saga So Far|https://www.govloop.com/dods-jedi-cloud-the-saga-so-far/]]|Government JEDI|
|2019.08.14|Dark Reading|[[Microservices Flip App Security on Its Head|https://www.darkreading.com/cloud/microservices-flip-app-security-on-its-head/a/d-id/1335483]]|MicroServices|
|2019.08.14|Wire19|[[10 biggest threats to cloud computing - 2019 Report|https://wire19.com/10-biggest-threats-to-cloud-computing-2019-report/]]|CSA Report|
|2019.08.14|//Predica.pl//|[[Cloud Governance (pdf)|https://predica.pl/wp-content/uploads/2019/08/Cloud-Governance-min.pdf]]|Governance|
|2019.08.14|//CloudPassage//|[[What the 2019 AWS Security Report Tells Us About Preventing a Cloud Data Breach|https://blog.cloudpassage.com/2019/08/14/2019-aws-security-report/]] ([[rapport|https://pages.cloudpassage.com/AWS-Cloud-Security-Report.html]])|Report AWS CloudPassage|
|2019.08.14|//Alibaba Cloud//|[[Why You Should Use Reverse Proxies on Alibaba Cloud|https://medium.com/@Alibaba_Cloud/why-you-should-use-reverse-proxies-on-alibaba-cloud-11eb6e5c5c42]]|Architecture|
|2019.08.14|//Alibaba Cloud//|[[How to Install and Configure VNC on an Alibaba Cloud ECS Instance|https://medium.com/@Alibaba_Cloud/how-to-install-and-configure-vnc-on-an-alibaba-cloud-ecs-instance-f8bb6cfbe76f]]|Remote_Access|
|2019.08.14|//Fugue//|[[What Executives Should Know About the Capital One Breach|https://www.fugue.co/blog/what-executives-should-know-about-the-capital-one-breach]]|Incident CapitalOne|
|2019.08.14|//PivotPoint Security//|[[Analysis of the Capital One Breach|https://www.pivotpointsecurity.com/blog/analysis-of-the-capital-one-breach/]]|Incident CapitalOne|
|2019.08.14|//VirSec//|[[Capital One Experiences Third Largest Financial Hack from AWS Insider|https://virsec.com/capital-one-experiences-third-largest-financial-hack-from-aws-insider/]]|Incident CapitalOne|
|2019.08.14|//Azure//|[[Geo Zone Redundant Storage in Azure now in preview|https://azure.microsoft.com/en-gb/blog/geo-zone-redundant-storage-in-azure-now-in-preview/]]|Azure Resilience|
|2019.08.15|//Azure//| → [[Geo-redundant storage (GRS): Cross-regional replication for Azure Storage|https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs]]|Azure Resilience|
|2019.08.15|CBR Online| → [[Azure Aims for Resilience in Face of Regional Catastrophe|https://www.cbronline.com/news/azure-redundancy-gzrs]]|Azure Resilience|
|>|>|>|!2019.08.13|
|2019.08.13|NCSC UK|![[Offline backups in an online world|https://www.ncsc.gov.uk/blog-post/offline-backups-in-an-online-world]]|Backups|
|2019.08.13|MSP Alliance|[[The MSP's Survival Guide to Cloud Nationalism|https://members.mspalliance.com/the-msps-survival-guide-to-cloud-nationalism/]] (inscription requise)|MSP|
|2019.08.13|TechBeacon|[[Zero-trust in a cloud-native world: Best practices emerge|https://techbeacon.com/security/zero-trust-cloud-native-world-best-practices-emerge]]|Zero_Trust|
|2019.08.13|Federal News Network|[[Air Force cloud had 54 vulnerabilities before hackers found them|https://federalnewsnetwork.com/air-force/2019/08/air-force-cloud-had-54-vulnerabilities-before-hackers-found-them/]]|Bug_Bounty|
|2019.08.13|Defense One| → [[New Tool Reveals Big Vulnerabilities In Mobile Apps That Use Multiple Clouds|https://www.defenseone.com/technology/2019/08/new-tool-reveals-big-vulnerabilities-mobile-apps-use-multiple-clouds/159133/]]|Conference Mobile|
|2019.08.13|//AWS//|[[Amazon Letter to Sen Wyden RE Consumer Data|https://www.wyden.senate.gov/imo/media/doc/081319%20Amazon%20Letter%20to%20Sen%20Wyden%20RE%20Consumer%20Data.pdf]] (pdf)|Incident CapitalOne AWS|
|2019.08.16|Cyberscoop| → [[Amazon Web Services finds no 'significant issues' at other companies allegedly breached by Paige Thompson|https://www.cyberscoop.com/capital-one-aws-companies-wyden-letter/]]|Incident CapitalOne AWS|
|2019.08.13|//Security Intelligence//|[[Bypass the Cost of Ownership With Security-as-a-Service (SECaaS)|https://securityintelligence.com/posts/bypass-the-cost-of-ownership-with-security-as-a-service-secaas/]]|SECaaS|
|2019.08.13|//Rapid7//|[[Cloud Security Primer: The Basics You Need to Know|https://blog.rapid7.com/2019/08/13/cloud-security-primer-the-basics-you-need-to-know/]]|Misc|
|2019.08.13|//Rhino Security Labs//|[[Bypassing IP Based Blocking with AWS API Gateway|https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/]]|APIs|
|2019.08.13|//Lacework//|[[Cloud Anomaly Detection and Vulnerability Assessment Needs to Yield Actionable Alerts|https://www.lacework.com/cloud-anomaly-detection-alerts/]]|Detection|
|2019.08.13|//Clearswift//|[[Capital One Data Breach: A reminder to lock your back door|https://www.clearswift.com/blog/2019/08/13/capital-one-data-breach-reminder-lock-your-back-door]]|Incident CapitalOne|
|2019.08.13|//BitDefender//|[[Best Practices for Cloud Workload Protection - Redesigning Cybersecurity for Cloud-First Businesses|https://businessinsights.bitdefender.com/best-practices-for-cloud-workload-protection-redesigning-cybersecurity-for-cloud-first-businesses]]|CWPP Workload Protection|
|2019.08.13|//Cofense//|[[Phishing Campaigns Imitating CEOs Bypass Microsoft Gateway to Target Energy Sector|https://cofense.com/phishing-campaigns-imitating-ceos-bypass-microsoft-gateway-target-energy-sector/]]|Phishing|
|2019.08.13|//Fortinet//|[[The Bi-Directional Cloud Highway: Critical Insights into Today's Cloud Infrastructures|https://www.fortinet.com/blog/industry-trends/ihs-markit-fortinet-cloud-report-insights.html]]|Report Fortinet|
|2019.08.16|Solutions Review| → [[74% of Companies Move Apps To the Cloud, Then Back On-Premise|https://solutionsreview.com/cloud-platforms/74-of-companies-move-apps-to-the-cloud-then-back-on-premise/]]|Report Fortinet|
|>|>|>|!2019.08.12|
|2019.08.12|iNSYNQ|![[Company Update Concerning the Megacortex Ransomware Attack|https://blog.insynq.com/blog/company-update-concerning-the-megacortex-ransomware-attack]]|Attacks Ransomware iNSYNQ|
|2019.08.16|The Daily Swig| → [[Hosted accountancy software firm iNSYNQ offers ransomware post-mortem|https://portswigger.net/daily-swig/hosted-accountancy-software-firm-insynq-offers-ransomware-post-mortem]]|Attacks Ransomware iNSYNQ|
|2019.08.12|Alliancy[>img[iCSF/flag_fr.png]]|[[Le cloud fait sauter les verrous du partage de données|https://www.alliancy.fr/expertise/cloud/2019/08/12/le-cloud-fait-sauter-les-verrous-du-partage-de-donnees]]|Data_Sharing|
|2019.08.12|Breaking Defense|[[Big Data For Big Wars: JEDI vs. China & Russia|https://breakingdefense.com/2019/08/big-data-for-big-wars-jedi-vs-china-russia/]]|Government JEDI|
|2019.08.12|Silicon|[[Understanding hybrid cloud security across your enterprise|https://www.silicon.co.uk/cloud/understanding-hybrid-cloud-security-277901]]|Hybrid_Cloud|
|2019.08.12|CS Hub|[[Moving To The Cloud: Considerations Beyond The Bottom Line|https://www.cshub.com/cloud/articles/moving-to-the-cloud-considerations-beyond-the-bottom-line]]|Migration|
|2019.08.12|Hackernoon|![[Severe Truth About Serverless Security and Ways to Mitigate Major Risks|https://hackernoon.com/severe-truth-about-serverless-security-and-ways-to-mitigate-major-risks-cd3i3x6f]]|FaaS Serverless Risks|
|2019.08.12|Georgia Tech|[[Smartphone Apps May Connect to Vulnerable Backend Cloud Servers|https://www.news.gatech.edu/2019/08/12/smartphone-apps-may-connect-vulnerable-backend-cloud-servers]]|Conference Mobile|
|2019.08.13|USENIX Security Symposium| → The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends ([[Présentation|https://www.usenix.org/sites/default/files/conference/protected-files/sec19_slides_alrawi.pdf]], [[rapport|https://admin.govexec.com/media/sec19-alrawi_0.pdf]])|Conference Mobile|
|2019.08.19|Diginomica| → [[Cloud-based app backends - a rat's nest of mobile phone security vulnerabilities|https://diginomica.com/cloud-based-app-backends-rats-nest-mobile-phone-security-vulnerabilities]]|Conference Mobile|
|2019.08.12|//PaloAlto Networks//|![[Hunting the Public Cloud for Exposed Hosts and Misconfigurations|https://unit42.paloaltonetworks.com/hunting-the-public-cloud-for-exposed-hosts-and-misconfigurations/]]|Report PaloAlto Misconfigurations|
|2019.08.15|The Register| → [[Fancy a career exposing cloud data leaks? Great news, companies are still largely clueless|https://www.theregister.co.uk/2019/08/16/cloud_security_sucks/]]|Report PaloAlto Misconfigurations|
|2019.08.12|//Lacework//|[[Developing a Cloud & Container Incident Response Plan|https://www.lacework.com/cloud-container-incident-response-plan/]]|Container Incident_Response|
|2019.08.12|//Lacework//|[[A Quick Guide to Container Orchestration Vulnerabilities|https://www.lacework.com/guide-container-orchestration-vulnerabilities/]]|Container Flaws|
|2019.08.12|//Chef//|[[Cloud Security Assessments in AWS|https://blog.chef.io/2019/08/12/cloud-security-assessments-in-aws/]]|AWS Assessment|
!"//What is personal data under the GDPR?//"[>img(100px,auto)[iCSA/CSAdoc.png]]
<<<
//A fundamental concept of the European General Data Protection Regulation (GDPR), which came into force May last year, is personal data.//
<<<
⇒ https://gdpr.cloudsecurityalliance.org/resource-center/what-is-personal-data-under-the-gdpr
⇒ http://www.csa-gdpr-build.s3-website-us-east-1.amazonaws.com/artifact/What-is-personal-data-under-the-GDPR.pdf
!"//Egregious 11 Meta-Analysis Part 1: (In)sufficient Due Diligence and Cloud Security Architecture and Strategy//"
[>img(200px,auto)[iCSA/J8DBE.jpg]]Premier article d'une série, publié le 13 août 2019 — Rédigé par Victor Chin, Research Analyst, CSA
<<<
On August 6th, 2019, the CSA Top Threats working group released the third iteration of the Top Threats to Cloud Computing report.
This time the report highlights eleven egregious security issues based on the survey of 241 industry experts. The following security issues from the previous iteration ("The Treacherous Twelve") appeared again in the latest report.
* Data Breaches
* Account Hijacking
* Insider Threats
* Insecure Interfaces and APIs
* Abuse and Nefarious Use of Cloud Services
At the same time, five new security issues below made their debuts.
* Misconfiguration and Insufficient Change Control
* Lack of Cloud Security Architecture and Strategy
* Weak Control Plane
* Metastructure and Applistructure Failures
* Limited Cloud Usage Visibility made their debuts.
[...]
Before we go into the meta-analysis of The Egregious Eleven, it is important to note that the Top Threats to Cloud Computing reports focus on identifying prominent security issues in the industry based on perception. It is not meant to be the definitive list of security issues in the cloud - instead, the study measures what industry experts perceive the key security issues to be.
__The Overarching Trends__
Throughout the three iterations of the report, one particular trend has been increasingly more prominent. Traditional cloud security issues stemming from concerns about having a third-party provider are being perceived as less relevant. Some examples of such issues are Data Loss, Denial of Service, and Insufficient Due Diligence. While more nuanced issues pertaining specifically to cloud environments are increasingly being perceived as more problematic. These include Lack of Cloud Security Architecture and Strategy, Weak Control Plane and Metastructure and Applistructure Failures.
__Most and Least Relevant Security Issues__
Over the next few weeks, we will examine and try to account for the trend mentioned earlier. Each blog post will feature a security issue that is being perceived as less relevant and one that is being perceived as more relevant. In the first post, we will take a closer look at Insufficient Due Diligence and Lack of Cloud Security Architecture and Strategy.
__(In)sufficient Due Diligence__
Insufficient Due Diligence was rated 8th and 9th in the first and second iteration of the Top Threats to Cloud Computing report, respectively. In the current report, it has completely dropped off. Insufficient Due Diligence refers to prospective cloud customers conducting cloud service provider (CSP) evaluations to ensure that the CSPs meets the various business and regulatory requirements. Such concerns were especially pertinent during the early years of cloud computing, where there were not many resources available to help cloud customers make that evaluation.
__Frameworks to Improve Cloud Procurement__
Since then, many frameworks and projects have been developed to make cloud procurement a smooth journey. The Cloud Security Alliance (CSA), for example, has several tools to help enterprises on their journey of cloud procurement and migration.
* The Consensus Assessment Initiative Questionnaire ([[CAIQ]]) is a set of questions tailored to helped cloud customers evaluate the security posture of prospective cloud providers. It is based on CSA's Cloud Controls Matrix (CCM), which is a cloud security controls framework.
* The CAIQ and CCM are further supported by the Security, Trust and Assurance Registry ([[STAR]]) program, which is a multi-level assurance framework. The STAR program makes CSP information such as completed CAIQs (Level 1) and third-party audit certifications (Level 2) publicly accessible.
Around the world, we see many similar frameworks and guidances being developed. For example:
* The Federal Risk and Authorization Management Program (FedRAMP) in the US
* Multi-Tier Cloud Security (MTCS) Certification Scheme in Singapore
* The European Security Certification Framework (EU-SEC) in the European Union.
With so many governance, risk and compliance support programs being developed globally, it is understandable that Insufficient Due Diligence has fallen off the Top Threats to Cloud Computing list.
__Examining Lack of Cloud Security Architecture and Strategy__
Lack of Cloud Security Architecture and Strategy was rated third in The Egregious Elven. Large organizations migrating their information technology stack to the cloud without considering the nuances of IT operations in the cloud environment are creating a significant amount of business risk for themselves. Such organizations fail to plan for the shortcomings that they will experience operating their IT stack in the cloud. Moving workloads to the cloud will result in organizations having less visibility and control over their data and the underlying cloud infrastructure. Coupled with the self-provisioning and on-demand nature of cloud resources, it becomes very easy to scale up cloud resources - sometimes, in an insecure manner. For example, in 2019, Accenture left at least 4 cloud storage buckets unsecured and publicly downloadable. In highly complex and scalable cloud environments without proper cloud security architecture and processes, such misconfigurations can occur easily. For cloud migration and operations to go smoothly, such shortcomings must be accounted for. Organizations can engage a Cloud Security Access Broker (CASB) or use cloud-aware technology to provide some visibility into the cloud infrastructure. Being able to monitor your cloud environment for misconfigurations or exposures will be extremely critical when operating in the cloud.
On a different note, the fact that a Lack of Cloud Security Architecture and Strategy is high up in the Top Threats to Cloud Computing is evidence that organizations are actively migrating to the cloud. These nuanced cloud security issues only crop up post-migration and will be the next tranche of problems for which solutions must be found.
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/08/13/egregious-11-meta-analysis-part-1-insufficient-due-diligence-and-cloud-security-architecture-and-strategy/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 5 au 11 août 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : ''Enjeux et bonnes pratiques dans la sécurisation des conteneneurs et des micro-services''+++*[»]> <<tiddler [[2019.08.08 - Blog : Enjeux et bonnes pratiques dans la sécurisation des conteneneurs et des micro-services]]>>===
* Blog : ''A la découverte des principales menaces du Cloud avec Jim Reavis''+++*[»]> <<tiddler [[2019.08.08 - Blog : A la découverte des principales menaces du Cloud avec Jim Reavis]]>>===
* Publication : ''Les 6 fondements du DevSecOps''+++*[»]> <<tiddler [[2019.08.07 - Publication : 'Six Pillars of DevSecOps']]>>===
* Blog : ''Cloud et cyber-harcèlement''+++*[»]> <<tiddler [[2019.08.07 - Blog : Cloud et cyber-harcèlement]]>>===
* Publication : ''Les 11 menaces les plus sérieuses affectant le Cloud''+++*[»]> <<tiddler [[2019.08.06 - Publication : 'Top Threats to Cloud Computing: Egregious Eleven']]>>===
* Blog : ''Projet Libra de Facebook''+++*[»]> <<tiddler [[2019.08.05 - Blog : Projet Libra de Facebook]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.08.11 - Veille Hebdomadaire - 11 août]] avec plus de 90 liens :
* Piratages et fuites de données : des précisions et des commentaires suite aux attaques contre ''Capital One'' et ''iNSYNQ'', risques de fuites dans AWS EBS
* Rapports et sondages : ''FileCloud'', ''Kubernetes'' (rapport d'audit), ''Vectra'', ''Wipro''
* __Attaques__ : phishing
* __Divers__ : les présentations données lors de la conférence ''BlackHat'', ''Azure Security Lab'', le jeu Cloud de l'été de ''Nuageo''
!!Veille Hebdomadaire - 11 août 2019
|!Août|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.08.11|
|2019.08.11|DEF CON 27|[[I'm In Your Cloud... Pwning Your Azure Environement|https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Mollema]]|AWS AzureAD Exploit|
|2019.08.11|DEF CON 27|[[Owning The Cloud Through Server-Side Request Forgery|https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Sadeghipour]]|Exploit SSRF|
|2019.08.11|AWS & PowerShell|[[Taking Advantage of AWS Access Advisor by Building a Custom Excel Report with PowerShell|https://www.awspsblog.org/2019/08/11/taking-advantage-of-aws-access-advisor-by-building-a-custom-excel-report-with-powershell/]]|AWS|
|2019.08.11|//CyStack//|[[Subdomain takeover - Chapter two: Azure Services|https://blog.cystack.net/subdomain-takeover-chapter-two-azure-services/]]|!DNS AWS|
|>|>|>|!2019.08.10|
|2019.08.10|Defense One|[[Pentagon Officials Explain Why the Controversial JEDI Cloud Is Crucial for Future Ops|https://www.defenseone.com/technology/2019/08/pentagon-reveals-why-controversial-jedi-cloud-crucial-future-ops/159088/]]|Government JEDI|
|>|>|>|!2019.08.09|
|2019.08.09|Bleeping Computer|[[Microsoft 365 to Get Enhanced Suspicious Content Submission|https://www.bleepingcomputer.com/news/security/microsoft-365-to-get-enhanced-suspicious-content-submission/]]|O365|
|2019.08.09|Bleeping Computer|[[Microsoft Office Phishers Move to Enterprise AWS Landing Pages|https://www.bleepingcomputer.com/news/security/microsoft-office-phishers-move-to-enterprise-aws-landing-pages/]]|AWS Phishing|
|2019.08.09|Krebs On Security|![[iNSYNQ Ransom Attack Began With Phishing Email|https://krebsonsecurity.com/2019/08/insynq-ransom-attack-began-with-phishing-email/]]|Attacks Ransomware iNSYNQ|
|2019.08.09|CRN| → [[iNSYNQ Ransomware Attack Started With Phishing Email: Report|https://www.crn.com/news/cloud/insynq-ransomware-attack-started-with-phishing-email-report]]|Attacks Ransomware iNSYNQ|
|2019.08.09|CBR Online|[[Default Access for 'Everyone'? New AWS Data Lake Service's Settings Raise Red Flags for Security Experts|https://www.cbronline.com/news/default-access-for-everyone-new-aws-lake-formation-service-configurations-raise-eyebrows]]|AWS|
|2019.08.09|ZDnet|[[Microsoft is phasing out the Basic edition of Azure Active Directory|https://www.zdnet.com/article/microsoft-is-phasing-out-the-basic-edition-of-azure-active-directory/]]|AzureAD EndOfLife|
|2019.08.09|UKAuthority|[[Scotland gets cloud procurement framework|https://www.ukauthority.com/articles/scotland-gets-cloud-procurement-framework/]]|Government Scotland|
|2019.08.09|DEF CON 27|[[More Keys Than A Piano: Finding Secrets In Publicly Exposed Ebs Volumes|https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Morris]]|AWS Data_Leak|
|2019.08.09|TechCrunch| → [[Hundreds of exposed Amazon cloud backups found leaking sensitive data|https://techcrunch.com/2019/08/09/aws-ebs-cloud-backups-leak/]]|AWS Data_Leak|
|2019.08.09|//Security Intelligence//|[[How Implementing Cloud Identity Can Improve Security and Data Privacy|https://securityintelligence.com/articles/how-implementing-cloud-identity-can-improve-security-and-data-privacy/]]|IAM|
|2019.08.09|//Rackspace//|[[A Fresh Look for Rackspace's Open Cloud Academy|https://blog.rackspace.com/fresh-look-rackspaces-open-cloud-academy-technical-training]]|Education Training|
|2019.08.09|//CyberDB//|[[Serverless Security: Best Practices to Secure your Serverless Infrastructure|https://www.cyberdb.co/serverless-security-best-practices/]]|Serverless Best_Practices|
|2019.08.09|//Microsoft Azure//|![[Overview of the CIS Microsoft Azure Foundations Benchmark blueprint sample|https://docs.microsoft.com/en-us/azure/governance/blueprints/samples/cis-azure-1.1.0/]]|Azure Benchmark|
|>|>|>|!2019.08.08|
|2019.08.08|AccountingToday|![[Inside the Insynq attack: 'We had to assume they were listening'|https://www.accountingtoday.com/news/inside-the-insynq-ransomware-attack-we-had-to-assume-they-were-listening]]|Attacks Ransomware iNSYNQ|
|2019.08.08|SecurityWeek|[[Vulnerability in Kubernetes Allows Access to Custom Resources|https://www.securityweek.com/vulnerability-kubernetes-allows-access-custom-resources]]|CVE-2019-11247 Kubernetes|
|2019.08.08|Container Journal| → [[CRD Vulnerability Cause for Kubernetes Concern|https://containerjournal.com/2019/08/09/crd-vulnerability-cause-for-kubernetes-concern/]]|CVE-2019-11247 Kubernetes|
|2019.08.08|NextGov|[[GSA Cyber Expert Offers Tips on Cloud Security|https://www.nextgov.com/cybersecurity/2019/08/gsa-cyber-expert-offers-tips-cloud-security/159046/]]|Best_Practices|
|2019.08.08|Brink|[[The Threat from the Cloud: How Cyber Intruders Exploit Third Parties|https://www.brinknews.com/the-threat-from-the-cloud-how-cyber-intruders-exploit-third-parties/]]|Third_Party|
|2019.08.08|Information Security Newspaper|[[Simple reasons why the Microsoft Azure cloud isn't secure|https://www.securitynewspaper.com/2019/08/08/simple-reasons-why-the-microsoft-azure-cloud-isnt-secure/]]|Azure RDP|
|2019.08.08|BlackHat|[[Securing Apps in the Open-By-Default Cloud|https://www.blackhat.com/us-19/briefings/schedule/#securing-apps-in-the-open-by-default-cloud-16428]] ([[slides|us-19-Howes-Securing-Apps-In-The-Open-By-Default-Cloud.pdf]])|Best_Practices BlackHat|
|2019.08.08|BlackHat|[[A Compendium of Container Escapes|https://www.blackhat.com/us-19/briefings/schedule/#preventing-authentication-bypass-a-tale-of-two-researchers-17041]] ([[slides|http://i.blackhat.com/USA-19/Thursday/us-19-Edwards-Compendium-Of-Container-Escapes.pdf]])|Containers BlackHat|
|2019.08.08|BlackHat|[[DevSecOps : What, Why and How|https://www.blackhat.com/us-19/briefings/schedule/#devsecops--what-why-and-how-17058]] ([[slides|http://i.blackhat.com/USA-19/Thursday/us-19-Shrivastava-DevSecOps-What-Why-And-How.pdf]])|DevSecOps BlackHat|
|2019.08.08|//Nuageo//[>img[iCSF/flag_fr.png]]|[[On the road to the Cloud - Le jeu de l'été Nuageo|https://www.nuageo.fr/2019/08/le-jeu-de-lete-nuageo-2019/]]|Fun|
|2019.08.08|//FileCloud//|[[FileCloud Releases Inaugural Annual Enterprise Cloud & Data Security Report|https://vmblog.com/archive/2019/08/08/filecloud-releases-inaugural-annual-enterprise-cloud-data-security-report.aspx]] ([[rapport|https://www.getfilecloud.com/annual-enterprise-cloud-data-security-report/]])|Report FileCloud|
|2019.08.08|BetaNews| → [[Half of companies won't move mission critical workloads to the cloud|https://betanews.com/2019/08/08/mission-critical-workloads-not-cloud/]]|Report FileCloud|
|2019.08.08|//Google Cloud//|[[Awarding Google Cloud Vulnerability Research|https://security.googleblog.com/2019/08/awarding-google-cloud-vulnerability.html]]|Vulnerability_Reward|
|2019.08.08|//PaloAlto Networks//|[[From 'DevOps vs. SecOps' to DevSecOps|https://blog.paloaltonetworks.com/2019/08/devops-vs-secops-devsecops/]]|DevSecOps|
|2019.08.08|//Symantec//|[[How to Protect Yourself in the Cloud: Tips and Best Practices|https://www.symantec.com/blogs/expert-perspectives/how-protect-yourself-cloud-tips-and-best-practices]]|Report Kubernetes AuditBest_Practices|
|2019.08.08|//Proofpoint//|[[Phishing Actor Using XOR Obfuscation Graduates to Enterprise Cloud Storage on AWS|https://www.proofpoint.com/us/threat-insight/post/phishing-actor-using-xor-obfuscation-graduates-enterprise-cloud-storage-aws]]|Phishing AWS Azure|
|2019.08.08|BetaNews| → [[Russian phishing campaign using AWS to host landing pages designed to avoid detection|https://www.techrepublic.com/article/russian-phishing-campaign-using-aws-to-host-landing-pages-designed-to-avoid-detection/]]|Phishing AWS Azure|
|2019.08.08|TechRepublic| → [[Russian phishing campaign using AWS to host landing pages designed to avoid detection|https://www.techrepublic.com/article/russian-phishing-campaign-using-aws-to-host-landing-pages-designed-to-avoid-detection/]]|Phishing AWS Azure|
|2019.08.08|//ThreatPost//| → [[Phishing Attacks Enlist Amazon AWS, Microsoft Azure in Ploys|https://threatpost.com/phishing-amazon-aws-s3-cloud-buckets/147111/]]|Phishing AWS Azure|
|2019.08.08|//Tripwire//|[[Best Practices for IT Security Teams in the Age of Cloud|https://www.tripwire.com/state-of-security/security-data-protection/cloud/best-practices-security-teams-cloud/]]|Best_Practices|
|2019.08.08|//Managed Methods//|[[Top Data Loss Prevention Methods For Cloud Applications|https://managedmethods.com/blog/data-loss-prevention-methods-for-cloud-apps/]]|DLP|
|2019.08.08|//G2//|[[Securely Migrating to the Cloud|https://learn.g2.com/cloud-migration]]|Migration|
|2019.08.08|//Sensu//|[[How Kubernetes works|https://blog.sensu.io/how-kubernetes-works]]|K8s|
|2019.08.08|//CyberArk//|[[Kubernetes Pentest Methodology Part 1|https://www.cyberark.com/threat-research-blog/kubernetes-pentest-methodology-part-1/]] (1/3)|Kubernetes PenTesting|
|2019.08.08|//WeScale//[>img[iCSF/flag_fr.png]]|[[Observabilité, résilience et expérience au secours des systèmes chaotiques|https://blog.wescale.fr/2019/08/08/observabilite-resilience-et-experience-au-secours-des-systemes-chaotiques/]]|Chaos_Engineering|
|2019.08.08|//Cloudonaut//|[[Review: AWS Backup - A centralized place for managing backups?|https://cloudonaut.io/review-aws-backup/]]|AWS Backups|
|>|>|>|!2019.08.07|
|2019.08.07|!CSA|[[CSA Releases "The Six Pillars of DevSecOps" Report|https://cloudsecurityalliance.org/articles/csa-releases-the-six-pillars-of-devsecops-report/]]|CSA DevSecOps|
|2019.08.07|CBR Online| → [[DevSecOps: The Six Pillars of Secure Code Deployment|https://www.cbronline.com/list/devsecops-guide-six-pillars]]|CSA DevSecOps|
|2019.08.07|BlackHat|![[Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)|https://www.blackhat.com/us-19/briefings/schedule/#attacking-and-defending-the-microsoft-cloud-office---azure-ad-14553]] (slides [[ici|https://adsecurity.org/?p=4179]] et [[là|http://i.blackhat.com/USA-19/Wednesday/us-19-Metcalf-Attacking-And-Defending-The-Microsoft-Cloud.pdf]])|Azure Attacks BlackHat|
|2019.08.07|BlackHat|[[Internet-Scale Analysis of AWS Cognito Security|https://www.blackhat.com/us-19/briefings/schedule/#internet-scale-analysis-of-aws-cognito-security-15829]]|AWS BlackHat|
|2019.08.07|BlackHat|[[Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine|https://www.blackhat.com/us-19/briefings/schedule/#exploiting-the-hyper-v-ide-emulator-to-escape-the-virtual-machine-15862]]|Azure Hyper-V BlackHat|
|2019.08.07|BlackHat|[[The Path Less Traveled: Abusing Kubernetes Defaults|https://www.blackhat.com/us-19/briefings/schedule/#the-path-less-traveled-abusing-kubernetes-defaults-17049]]|K8s BlackHat|
|2019.08.07|BlackHat|[[Controlled Chaos: The Inevitable Marriage of DevOps & Security|https://www.blackhat.com/us-19/briefings/schedule/#controlled-chaos-the-inevitable-marriage-of-devops--security-15273]] ([[slides|http://i.blackhat.com/USA-19/Wednesday/us-19-Shortridge-Controlled-Chaos-The-Inevitable-Marriage-Of-DevOps-And-Security.pdf]])|DevSecOps Chaos_Engineering BlackHat|
|2019.08.07|ComputerWeekly|[[The $10bn question: Why is the US government's JEDI cloud contract taking so long to award?|https://www.computerweekly.com/news/252468011/The-10bn-question-Why-is-the-US-governments-decade-long-cloud-contract-taking-so-long-to-award]]|Government JEDI|
|2019.08.07|TechRepublic|[[How the Air Force used a bug bounty program to hack its own cloud server|https://www.techrepublic.com/article/how-the-air-force-used-a-bug-bounty-program-to-hack-its-own-cloud-server/]]|Bug_Bounty|
|2019.08.07|GovLoop|[[There Are No Such Things as 'Average' Cloud Users|https://www.govloop.com/theres-no-such-thing-as-average-cloud-users/]]|Misc|
|2019.08.07|//Vectra//|![[Vectra research reveals that the most significant ransomware threat is the malicious encryption of shared network files in cloud service providers|https://www.vectra.ai/news/spotlight-ransomware]] ([[rapport|http://www.vectra.ai/spotlight-ransomware]] et [[infographie|http://www.vectra.ai/spotlight-ransomware]])|Report Vectra|
|2019.08.07|BetaNews| → [[Biggest ransomware threat is encryption of shared cloud files|https://betanews.com/2019/08/07/biggest-ransomware-threat-is-encryption-of-shared-cloud-files/]]|Report Vectra|
|2019.08.07|Dark Reading| → [[Enterprises Must Be Wary of Ransomware Targeting Network File Shares & Cloud Assets|https://www.darkreading.com/attacks-breaches/enterprises-must-be-wary-of-ransomware-targeting-network-file-shares-andcloud-assets/d/d-id/1335466]]|Report Vectra|
|2019.08.07|ComputerWeekly| → [[Shared files in the cloud are a top ransomware target|https://www.computerweekly.com/news/252468021/Shared-files-in-the-cloud-are-a-top-ransomware-target]]|Report Vectra|
|2019.08.07|//Akamai//|[[Top 10 Best Practices for Securing Cloud Workflows|https://blogs.akamai.com/2019/08/top-10-best-practices-for-securing-cloud-workflows.html]]|Best_Practices|
|2019.08.07|//Azure//|[[Better security with enhanced access control experience in Azure Files|https://azure.microsoft.com/en-us/blog/better-security-with-enhanced-access-control-experience-in-azure-files/]]|Azure Access_Controls|
|2019.08.07|//Azure//|[[Disaster recovery of Azure disk encryption (V2) enabled virtual machines|https://azure.microsoft.com/en-us/blog/disaster-recovery-of-azure-disk-encryption-v2-enabled-virtual-machines/]]|Azure Encryption|
|2019.08.07|//Google Cloud//|[[How secure are your APIs? Apigee API security reporting can help|https://cloud.google.com/blog/products/apigee/how-secure-are-your-apis-apigee-api-security-reporting-can-help]]|API|
|2019.08.07|//Google Cloud//|[[Cloud IAP enables context-aware access to VMs via SSH and RDP without bastion hosts|https://cloud.google.com/blog/products/identity-security/cloud-iap-enables-context-aware-access-to-vms-via-ssh-and-rdp-without-bastion-hosts]]|Access_Controls|
|2019.08.07|Bleeping Computer| → [[Google's Cloud IAP Now Generally Available for Cloud VM Clients|https://www.bleepingcomputer.com/news/security/googles-cloud-iap-now-generally-available-for-cloud-vm-clients/]]|Access_Controls|
|2019.08.07|//AssuranceSoftware//|[[Don't Underestimate the Need for Tight Cloud Security|https://www.assurancesoftware.com/product-blog/dont-underestimate-the-need-for-tight-cloud-security]]|Best_Practices|
|2019.08.07|//Lacework//|[[Enhancing Native Kubernetes Security|https://www.lacework.com/enhancing-native-kubernetes-security/]]|K8s Risks Protection|
|2019.08.07|//Azure//|![[A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response|https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/]]|Azure Hyper-V CVE-2019-0887|
|2019.08.07|//Threatpost//| → [[Black Hat 2019: Microsoft Protocol Flaw Leaves Azure Users Open to Attack|https://threatpost.com/black-hat-2019-microsoft-protocol-flaw-leaves-azure-users-open-to-attack/147045/]]|Azure Hyper-V CVE-2019-0887|
|2019.08.07|//Checkpoint & Microsoft//|! → [["He Said, She Said - Poisoned RDP Offense and Defense"|https://www.blackhat.com/us-19/briefings/schedule/#he-said-she-said--poisoned-rdp-offense-and-defense-15602]] ([[présentation|http://i.blackhat.com/USA-19/Wednesday/us-19-Baril-He-Said-She-Said-Poisoned-RDP-Offense-And-Defense.pdf]] et [[rapport|http://i.blackhat.com/USA-19/Wednesday/us-19-Baril-He-Said-She-Said-Poisoned-RDP-Offense-And-Defense-wp.pdf]])|Azure Hyper-V CVE-2019-0887 BlackHat|
|2019.08.07|//Spanning//|[[Forming a Backup Strategy: 4 Steps to Follow|https://spanning.com/blog/backup-strategy-4-steps-to-follow/]]|Backups|
|2019.08.07|//Active Directory Security//|[[Slides Posted for Black Hat USA 2019 Talk: Attacking & Defending the Microsoft Cloud|https://adsecurity.org/?p=4179]] ([[présentation .pdf|https://adsecurity.org/wp-content/uploads/2019/08/2019-BlackHat-US-Metcalf-Morowczynski-AttackingAndDefendingTheMicrosoftCloud.pdf]])|
|>|>|>|!2019.08.06|
|2019.08.06|!CSA|[[CSA Releases New Research - Top Threats to Cloud Computing: Egregious Eleven|https://cloudsecurityalliance.org/articles/csa-releases-new-research-top-threats-to-cloud-computing-egregious-eleven/]]|CSA Threats|
|2019.08.06|SecurityWeek| → [[Cloud Providers Improving Security, But Users Need to Up Their Game|https://www.securityweek.com/cloud-providers-improving-security-users-need-their-game]]|CSA Threats|
|2019.08.06|TechRepublic| → [[How to prevent the top 11 threats in cloud computing|https://www.techrepublic.com/article/how-to-prevent-the-top-11-threats-in-cloud-computing/]]|CSA Threats|
|2019.08.06|The Register| → [[Cloud computing's no PICNIC*: Yep, biggest security risks down to customer, not provider|https://www.theregister.co.uk/2019/08/06/the_biggest_security_risks_in_cloud_computing_are_in_the_enterprise_not_in_the_cloud/]]|CSA Threats|
|2019.08.06|Cloud Native Computing Foundation|![[Open Sourcing the Kubernetes Security Audit|https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/]] ([[Rapport|https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf]] et 2 [[livres|https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/AtredisPartners_Attacking_Kubernetes-v1.0.pdf]] [[blancs|https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20White%20Paper.pdf]])|Report Kubernetes Audit|
|2019.08.06|Kubernetes|! → [[Kubernetes 3rd Party Security Audit Findings #81146|https://github.com/kubernetes/kubernetes/issues/81146]]|Report Kubernetes Audit|
|2019.08.06|Kubernetes|! → [[Security audit WG disclosure process #3982|https://github.com/kubernetes/community/issues/3982]]|Report Kubernetes Audit|
|2019.08.06|SiliconAngle| → [[Security audit reveals 34 vulnerabilities in Kubernetes code|https://siliconangle.com/2019/08/06/34-vulnerabilities-uncovered-security-audit-kubernetes-code/]]|K8s Audit|
|2019.08.06|//PaloAlto Networks//| → [[Kubernetes Penetration Test Report: Insights and Twistlock Response|https://blog.paloaltonetworks.com/2019/08/kubernetes-penetration-test/]]|K8s Audit|
|2019.08.07|Container Journal| → [[CNCF Completes Kubernetes Cybersecurity Audit|https://containerjournal.com/2019/08/07/cncf-completes-kubernetes-cybersecurity-audit/]]|K8s Audit|
|2019.08.07|SDX Central| → [[Kubernetes Looks Inside and Finds Security Holes|https://www.sdxcentral.com/articles/news/kubernetes-looks-inside-and-finds-security-holes/2019/08/]]|K8s Audit|
|2019.08.08|//Snyk//|[[Kubernetes open sourced their security audit. What can we learn?|https://snyk.io/blog/kubernetes-open-sourced-their-security-audit-what-can-we-learn/]]|K8s Audit|
|2019.08.06|(ISC)2|[[Why Certified Cloud Security Professionals are in Higher Demand Than Ever|https://blog.isc2.org/isc2_blog/2019/08/why-certified-cloud-security-professionals-are-in-higher-demand-than-ever.html]]|Education Certification|
|2019.08.06|TechBeacon|[[The state of container security: Tools, policy trail the technology|https://techbeacon.com/security/state-container-security-tools-policy-trail-technology]]|Containers|
|2019.08.06|DZone|[[A Glance at Cloud Monitoring: Strategy, Types and Benefits|https://dzone.com/articles/a-glance-at-cloud-monitoring-strategy-types-and-be]]|Monitoring|
|2019.08.06|//Pure Storage//[>img[iCSF/flag_fr.png]]|[[Flash-to-Flash-to-Cloud : le nouveau modèle de protection des données|https://cyberexperts.tech/flash-to-flash-to-cloud-le-nouveau-modele-de-protection-des-donnees/]]|Protection|
|2019.08.06|//Wipro//|[[Wipro's Third Annual State of Cybersecurity Report Finds Organizations Focusing on IoT and Cloud While Developing Cyber Defense Systems|https://www.businesswire.com/news/home/20190806005558/en/Wipro%E2%80%99s-Annual-State-Cybersecurity-Report-Finds-Organizations]] ([[rapport|https://www.wipro.com/applications/form/the-state-of-cybersecurity-report-2019/]])|Report Wipro|
|2019.08.06|//Qualys//|[[Embracing the cloud and meeting its security demands|https://www.helpnetsecurity.com/2019/08/06/embracing-the-cloud/]]|Misc|
|2019.08.06|//CCSI//|[[BYOD, the Cloud, and CASB, the best combination since PB&J|https://www.ccsinet.com/blog/byod-casb-combination/]]|CASB|
|2019.08.06|//Alibaba Cloud//|[[Best Practices of Log Analysis and Monitoring by Using Kubernetes Ingress|https://medium.com/@Alibaba_Cloud/best-practices-of-log-analysis-and-monitoring-by-using-kubernetes-ingress-2650b9181bff]]|K8s Logging|
|2019.08.06|//Alcide//|[[Secret-Hunting in Kubernetes|https://blog.alcide.io/secret-hunting-in-kubernetes]]|K8s|
|>|>|>|!2019.08.05|
|2019.08.05|Les Echos[>img[iCSF/flag_fr.png]]|[[Le cloud du ministère de l'Intérieur, un accélérateur de la transformation numérique|https://www.lesechos.fr/thema/transformation-services-publics/le-cloud-du-ministere-de-linterieur-un-accelerateur-de-la-transformation-numerique-1122281]]|Misc|
|2019.08.05|//Microsoft//|![[Azure Security Lab: a new space for Azure research and collaboration|https://msrc-blog.microsoft.com/2019/08/05/azure-security-lab-a-new-space-for-azure-research-and-collaboration/]]|Azure Bug_Bounty|
|2019.08.05|Bleeping Computer| → [[Microsoft Invites Researchers to Hack Their Azure Security Lab|https://www.bleepingcomputer.com/news/security/microsoft-invites-researchers-to-hack-their-azure-security-lab/]]|Azure Bug_Bounty|
|2019.08.05|Dark Reading| → [[Microsoft Opens Azure Security Lab, Raises Top Azure Bounty to $40K|https://www.darkreading.com/cloud/microsoft-opens-azure-security-lab-raises-top-azure-bounty-to-%2440k/d/d-id/1335441]]|Azure Bug_Bounty|
|2019.08.05|//Akamai//|[[Top 10 Practices for Securing Cloud Workloads|https://blogs.akamai.com/2019/08/top-10-practices-for-securing-cloud-workloads.html]]|Workloads|
|2019.08.05|//Duo Security//|[[5 Best Practices to Secure Microsoft O365 Accounts|https://duo.com/blog/5-best-practices-to-secure-microsoft-o365-accounts]]Best_Practices O365|
|2019.08.05|//Alibaba Cloud//|[[New Thoughts on Cloud Native: Why Are Containers Everywhere?|https://medium.com/@Alibaba_Cloud/new-thoughts-on-cloud-native-why-are-containers-everywhere-ada1b7264b64]]|Containers|
|2019.08.05|//eXemplify//|[[Seven Steps to Secure Cloud Migration|http://www.exemplifygroup.com/seven-steps-to-secure-cloud-migration/]]|Migration|
|2019.10.21|//Microsoft//|[[Set up disaster recovery for Azure VMs|https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication]]|Azure DRP|
|>|>|>|!Incident CapitalOne (2019.07.29)|
|2019.08.05|//Rhino Security Labs//|! → [[The Capital One Breach & "cloud_breach_s3" CloudGoat Scenario|https://rhinosecuritylabs.com/aws/capital-one-cloud_breach_s3-cloudgoat/]]|DataBreach Capital_One|
|2019.08.05|Business Insider| → [[Security researchers warned for years about the cloud-security flaw used in the massive Capital One hack, but Amazon apparently leaves it up to customers to protect|http://www.businessinsider.fr/us/capital-one-hack-vulnerability-on-cloud-amazon-known-for-years-2019-8]]|DataBreach Capital_One|
|2019.08.05|TechTarget| → [[Capital One hack highlights SSRF concerns for AWS|https://searchsecurity.techtarget.com/news/252467901/Capital-One-hack-highlights-SSRF-concerns-for-AWS]]|DataBreach Capital_One|
|2019.08.05|//CloudPassage//| → [[Capital One Data Breach: Non-Technical Tips To Not Be A Headline|https://blog.cloudpassage.com/2019/08/08/capital-one-data-breach/]]|DataBreach Capital_One|
|2019.08.05|//DarkTrace//| → [[Back to square one: The Capital One breach proved we must rethink cloud security|https://www.darktrace.com/en/blog/back-to-square-one-the-capital-one-breach-proved-we-must-rethink-cloud-security/]]|DataBreach Capital_One|
|2019.08.09|GeekWire| → [[Amazon and Capital One face legal backlash after massive hack affects 106M customers|https://www.geekwire.com/2019/amazon-capital-one-face-lawsuits-massive-hack-affects-106m-customers/]]|DataBreach Capital_One|
|2019.08.09|//BitSight//| → [[Cloud Security: Lessons Learned from the Capital One Data Breach|https://www.bitsight.com/blog/cloud-security-lessons-learned-from-capital-one-data-breach]]|DataBreach Capital_One|
!"//Uncovering the CSA Top Threats to Cloud Computing with Jim Reavis//"
[>img(150px,auto)[iCSA/J88BU.jpg]]Article de blog publié le 8 août 2019 — Rédigé par Greg Jensen, Senior Principal Director - Security Cloud Business Group, Oracle
<<<
//For the few that attend this year's ''BlackHat conference'' kicking off this week in Las Vegas, many will walk away with an in depth understanding and knowledge on risk as well as actionable understandings on how they can work to implement new strategies to defend against attacks. For the many others who don't attend, Cloud Security Alliance has once again developed their [[CSA Top Threats to Cloud Computing: The Egregious 11|2019.08.06 - Publication : 'Top Threats to Cloud Computing: Egregious Eleven']].
I recently sat down with the CEO and founder of CSA, Jim Reavis, to gain a deeper understanding on what leaders and practitioners can learn from this year's report that covers the [[top 11 threats to cloud computing - The Egregious 11|2019.08.06 - Publication : 'Top Threats to Cloud Computing: Egregious Eleven']].
//''Greg Jensen''// — Jim, for those who have never seen this, what is the CSA Top Threats to Cloud report and who is your target reader?
//''Jim Raevis''// — The CSA Top Threats to Cloud Computing is a research report that is periodically updated by our research team and working group of volunteers to identify high priority cloud security risks, threats and vulnerabilities to enable organizations to optimize risk management decisions related to securing their cloud usage. The Top Threats report is intended to be a companion to CSA's Security Guidance and Cloud Controls Matrix best practices documents by providing context around important threats in order to prioritize the deployment of security capabilities to the issues that really matter.
Our Top Threats research is compiled via industry surveys as well as through qualitative analysis from leading industry experts. This research is among CSA's most popular downloads and has spawned several translations and companion research documents that investigate cloud penetration testing and real world cloud incidents. Top Threats research is applicable to the security practitioner seeking to protect assets, executives needing to validate broader security strategies and any others wanting to understand how cloud threats may impact their organization. We make every effort to relate the potential pitfalls of cloud to practical steps that can be taken to mitigate these risks.
//''Greg''// — Were there any findings in the Top Threats report that really stood out for you?
//''Jim''// — Virtually all of the security issues we have articulated impact all different types of cloud. This is important as we find a lot of practitioners who may narrow their cloud security focus on either Infrastructure as a Service (IaaS) or Software as a Service (SaaS), depending upon their own responsibilities or biases. The cloud framework is a layered model, starting with physical infrastructure with layers of abstraction built on top of it. SaaS is essentially the business application layer built upon some form of IaaS, so the threats are applicable no matter what type of cloud one uses. Poor identity management practices, such as a failure to implement strong authentication, sticks out to me as a critical and eminently solvable issue. I think the increased velocity of the "on demand" characteristic of cloud finds its way into the threat of insufficient due diligence and problems of insecure APIs. The fastest way to implement cloud is to implement it securely the first time.
//''Greg''// — What do you think are some of the overarching trends you've noticed throughout the last 3 iterations of the report?
//''Jim''// — What has been consistent is that the highest impact threats are primarily the responsibility of the cloud user. To put a bit of nuance around this as the definition of a "cloud user" can be tricky, I like to think of this in three categories: a commercial SaaS provider, an enterprise building its own "private SaaS" applications on top of IaaS or a customer integrating a large number of SaaS applications have the bulk of the technical security responsibilities. So much of the real world threats that these cloud users grapple with are improper configuration, poor secure software development practices and insufficient identity and access management strategies.
//''Greg''// — Are you seeing any trends that show there is increasing trust in cloud services, as well as the CSP working more effectively around Shared Responsibility Security Model?
//''Jim''// — The market growth in cloud is a highly quantifiable indicator that cloud is becoming more trusted. "Cloud first" is a common policy we see for organizations evaluating new IT solutions, and it hasn't yet caused an explosion of cloud incidents, although I fear we must see an inevitable increase in breaches as it becomes the default platform.
We have been at this for over 10 years at CSA and have seen a lot of maturation in cloud during that time. One of the biggest contributions we have seen from the CSPs over that time is the amount of telemetry they make available to their customers. The amount and diversity of logfile information customers have today does not compare to the relative "blackbox" that existed when we started this journey more than a decade ago.
Going back to the layered model of cloud yet again, CSPs understand that most of the interesting applications customers build are a mashup of technologies. Sophisticated CSPs understand this shared responsibility for security and have doubled down on educational programs for customers. Also, I have to say that one of the most rewarding aspects of being in the security industry is observing the collegial nature among competing CSPs to share threat intelligence and best practices to improve the security of the entire cloud ecosystem.
One of the initiatives CSA developed that helps promulgate shared responsibility is the CSA ''Security, Trust, Assurance & Risk'' ([[STAR]]) Registry. We publish the answers CSPs provide to our assessment questionnaire so consumers can objectively evaluate a CSP's best practices and understand the line of demarcation and where their responsibility begins.
//''Greg''// — How does the perception of threats, risks and vulnerabilities help to guide an organization's decision making & strategy?
//''Jim''// — This is an example of why it is so important to have a comprehensive body of knowledge of cloud security best practices and to be able to relate it to Top Threats. A practitioner must be able to evaluate using any risk management strategy for a given threat, e.g. risk avoidance, risk mitigation, risk acceptance, etc. If one understand the threats but not the best practices, one will almost always choose to avoid the risk, which may end up being a poor business decision. Although the security industry has gotten much better over the years, we still fight the reputation of being overly conservative and obstructing new business opportunities over concerns about security threats. While being paranoid has sometimes served us well, threat research should be one of a portfolio of tools that helps us embrace innovation.
//''Greg''// — What are some of the security issues that are currently brewing/underrated that you think might become more relevant in the near future?
//''Jim''// — I think it is important to understand that malicious attackers will take the easy route and if they can phish your cloud credentials, they won't need to leverage more sophisticated attacks. I don't spend a lot of time worrying about sophisticated CSP infrastructure attacks like the Rowhammer direct random access memory (DRAM) leaks, although a good security practitioner worries a little bit about everything. I try to think about fast moving technology areas that are manipulated by the customer, because there are far more customers than CSPs. For example, I get concerned about the billions of IoT devices that get hooked into the cloud and what kinds of security hardening they have. I also don't think we have done enough research into how blackhats can attack machine learning systems to avoid next generation security systems.
Our Israeli chapter recently published a fantastic research document on the ''12 Most Critical Risks for Serverless Applications''+++*[»]> <<tiddler [[2019.02.11 - Publication : 'The 12 Most Critical Risks for Serverless Applications']]>> ===. Containerization and Serverless computing are very exciting developments and ultimately will improve security as they reduce the amount of resource management considerations for the developer and shrink the attack surface. However, these technologies may seem foreign to security practitioners used to a virtualized operating system and it is an open question how well our tools and legacy best practices address these areas.
The future will be a combination of old threats made new and exploiting fast moving new technology. CSA will continue to call them as we see them and try to educate the industry before these threats are fully realized.
//''Greg''// — Jim, it's been great hearing from you today on this new Top Threats to Cloud report. Hats off to the team and the contributors for this year's report. Has been great working with them all!//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/08/08/uncovering-the-csa-top-threats-to-cloud-computing-w-jim-reavis/]] sur le blog de la CSA
!"//Challenges & Best Practices in Securing Application Containers and Microservices//"
[>img(150px,auto)[iCSA/J88BC.jpg]]Article de blog publié le 7 août 2019 — Rédigé par Anil Karmel, Co-Chair, CSA Application Containers and Microservices (ACM) Working Group
<<<
//Application Containers have a long and storied history, dating back to the early 1960s with virtualization on mainframes up to the 2000s with the release of Solaris and Linux Containers (LXC). The rise of Docker in the early 2010s elevated the significance of Application Containerization as an efficient and reliable means to develop and deploy applications. Coupled with the rise of Microservices as an architectural pattern to decompose applications into fundamental building blocks, these two approaches have become the de facto means for how modern applications are delivered.
As with any new standard, challenges arise in how to secure application containers and microservices. The National Institute of Standards and Technology's (NIST) Cloud Security Working Group launched a group focused on developing initial guidance around this practice area. The Cloud Security Alliance partnered with NIST on development of this guidance and focused on maturing the same culminating in the release of two foundational artifacts, "Challenges in Securing Application Containers and Microservices" and "Best Practices in Securing Application Containers." CSA's Application Container and Microservices Working Group continues the charge laid by NIST to develop additional guidance around best practices in securing Microservices.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/08/08/challenges-best-practices-in-securing-application-containers-and-microservices/]] sur le blog de la CSA
|!Août|!Sources|!Titres et Liens|!Synthèse|
|2019.08.09|CSA|[[CSA Releases "The Six Pillars of DevSecOps" Report|https://cloudsecurityalliance.org/articles/csa-releases-the-six-pillars-of-devsecops-report/]]|Paper identifies areas critical to successful DevSecOps integration within an organization|
|2019.08.09|CSA|[[CSA Releases New Research - Top Threats to Cloud Computing: Egregious Eleven|https://cloudsecurityalliance.org/articles/csa-releases-new-research-top-threats-to-cloud-computing-egregious-eleven/]]|Research shows traditional security issues falling by the wayside while those stemming from senior management decisions of increasing concern|
!"//The Cloud in the Fight Against Cyber-Bullying//"
[>img(150px,auto)[iCSA/J87BT.jpg]]Article de blog publié le 7 août 2019 — Rédigé par le Cybersecurity International Institute (CSI)
<<<
//The CSI Institute (→ [[Cybersecurity International Institute|https://www.csii.gr/]]) is a non-governmental and not-for-profit organization. Our goal is to contribute to the information, education, and, overall practical awareness of citizens in new technologies, online safety, and cybersecurity issues. In this context, we aim to enhance the scientific research in the field of modern technology, with an emphasis on cybercrime and online threats (viruses, etc.).
The antibullying project is an original and innovative action, exclusively established by the CSI Institute. It is, in fact, the first global innovation of its kind as there has been no such action internationally that could impact the community worldwide. The initiative will focus on supporting awareness, education and prevention of bullying and cyber-bullying in all Greek schools as a first implementation step
The project aims to develop a communication window with teens and pre-teens in the whole country, to reduce the dramatic dimensions of bullying and cyberbullying. As many people might know, some of the countless negative effects of bullying and cyberbullying include depression, anxiety, social phobia, loneliness, isolation, panic attacks, difficulty in concentrating and attention, substance use, eating disorders, online grooming, trafficking, tendencies and behaviors of self-injury, and even suicidal intentions.
In the antibullying project, students from every class of schools throughout the country will be elected as (Anti-Bullying) Ambassadors. Their role will be to pass on the knowledge they acquire from the CSI Institute to their environment. They will also report any dangerous activities or behaviors within the school or digital environment to the dedicated digital center that has been set up. In this way, students will receive first-aid psychological assistance and support from our specialized scientists. The target group for this action is students from Greece, ranging in ages from the third grade of primary school to the third grade of senior high school. The aim is to inform, educate, and raise awareness in the educational system of Greece and then expand this operation internationally (starting from Europe and then continue globally).
This action has generated a great deal of interest among many international organizations, and its initially calculated to cost 150,000 euros. This number includes the cost of setting up the whole project (computer systems, digital cloud platforms, and the yearly staff expenses for the experts that will be hired).
This action will be undertaken by any organization or group that shows an interest in supporting its full implementation and function. Once implemented, the minimum cost per year will be approximately 90,000 euros. Additional costs will include: the daily wages of the six specialized scientists, the maintenance of the digital platform and any travels nationally and internationally, where there is increased interest due to multiple cases of bullying.
Our final goal is to have a positive impact internationally and reduce the number of bullying and cyber-bullying incidents, as well as their harmful effects.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/08/05/facebook-project-libra-the-good-the-bad-the-ugly-and-why-you-should-care%ef%bb%bf/]] sur le blog de la CSA
!"//Six Pillars of DevSecOps//"
<<<
[>img(150px,auto)[iCSA/J87PS.png]]//In our current state of cyber security, there has been a large growth of application flaws that bypass the continuing addition of security frameworks to ensure overall health of a project life cycle. Reducing the complexity during development cycles as well as being given the resources to build a trusted environment are key to future success. This is where DevSecOps takes shape. DevSecOps is the integration of continuous security principles, processes, and technology into DevOps culture, practices, and workflows. The Six Pillars of DevSecOps sets forth to introduce concepts that can be utilized and help companies grow with. With use cases to follow by, this paper allows industry professionals to take the concepts and apply them to their own environments.//
<<<
__Périmètre :__
<<<
//This document defines the six focus areas of DevSecOps critical to implementing and integrating DevSecOps into an organization.
The DevSecOps pillars provided in this document are meant to provide a holistic framework that blends the traditionally siloed operations: development, infrastructure operations, and information security, into a cohesive group that facilitates creation of secure software.// [...]
* //Pillar 1 Collective Responsibility//
* //Pillar 2 Collaboration and Integration//
* //Pillar 3 Pragmatic Implementation//
* //Pillar 4 Bridging Compliance and Development//
* //Pillar 5 Automation//
* //Pillar 6 Measure, Monitor, Report and Action//
<<<
__Conclusion :__
<<<
//The CSA DevSecOps Working Group concludes that the focus areas described in this document is able to address weaknesses in secure software development in the context of DevSecOps and will act as a building block for the future dynamic and creation of a properly implemented DevSecOps environment.
Each of the pillars will be addressed in depth in subsequent separate whitepapers.//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j87p/|https://CloudSecurityAlliance.fr/go/j87p/]]''
!"//Top Threats to Cloud Computing: Egregious Eleven//"
<<<
[>img(150px,auto)[iCSA/J86PT.jpg]]//The report provides organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies.//
<<<
__Synthèse :__
<<<
//The Top Threats reports have traditionally aimed to raise awareness of threats, risks and vulnerabilities in the cloud. Such issues are often the result of the shared, on-demand nature of cloud computing.
In this fourth installment, we again surveyed 241 industry experts on security issues in the cloud industry. This year our respondents rated 11 salient threats, risks and vulnerabilities in their cloud environments. The Top Threats Working Group used the survey results along with its expertise to create the final 2019 report.
The latest report highlights the Egregious Eleven (ranked in order of significance per survey results with applicable previous rankings)://
# //Data Breaches//
# //Misconfiguration and Inadequate Change Control//
# //Lack of Cloud Security Architecture and Strategy//
# //Insufficient Identity, Credential, Access and Key Management//
# //Account Hijacking//
# //Insider Threat//
# //Insecure Interfaces and APIs//
# //Weak Control Plane//
# //Metastructure and Applistructure Failures//
# //Limited Cloud Usage Visibility//
# //Abuse and Nefarious Use of Cloud Services//
<<<
__Conclusion :__
<<<
//As cloud business models and security tactics evolve, this report raises awareness of critical security issues such as data breaches, misconfiguration and identity, and access management. Other threats highlight lack-of-control hurdles that users may experience with CSPs, such as limited cloud usage visibility and weak control plane. These issues can lead to data breaches or leaks beyond the traditional landscape, as seen in many past cases.
Considering that user interfaces and APIs are the modern way to consume services, it is concerning that there are still significant challenges when it comes to securing these features.
The cloud - with its complexity - is also the perfect place for attackers to hide. It is also, unfortunately, an ideal launchpad for attacks. Last but not least, insider threats make it more challenging to protect organizations from data loss.
All of these pitfalls require more industry attention and research.
This Top Threats in Cloud Computing report suggests an interesting and somewhat new perspective on cloud security. This new outlook focuses on configuration and authentication, and shifts away from the traditional focus on information security (e.g., vulnerabilities and malware). Regardless, these security issues are a call to action for developing and enhancing cloud security awareness, configuration, and identity management.//
<<<
⇒ Communiqué de presse ⇒ ''[[CloudSecurityAlliance.fr/go/j86p/|https://CloudSecurityAlliance.fr/go/j86p/]]''
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j86b/|https://CloudSecurityAlliance.fr/go/j86b/]]''
!"//Facebook Project Libra - the good, the bad, the ugly and why you should care?//"
[>img(150px,auto)[iCSA/J85BF.jpg]]Article de blog publié le 5 août 2019 — Rédigé par Kurt Seifried, Chief Blockchain Officer, CSA
<<<
//From the Seifried Files
So you've probably heard by now that Facebook will be creating a crypto-currency called "Project Libra" and if you haven't well, now you know.
So first let's cover what is good about this. Facebook has announced Project Libra as a Stablecoin, its value will be pegged to a basket of stable "real world" currencies (I'm guessing something like a mix of USD, Euro and Yen), so speculation won't really be a thing. Lessons from other stablecoin launches have clearly been learned by Facebook, this one will be using OpenSource technology, it will actually be "owned" by the "Libra Foundation" which is headquartered in Switzerland. We already have the typical mix of white papers talking about the Libra blockchain, the on-chain software that will be used to enforce the chain governance, rules, smart contracts and so on. As is typical there's not an actual running production instance, just the test network, and the software hasn't yet been formally audited or put through a formal verification process, but it will be. Essentially Facebook is using every signal possible to show this as a legitimate and trustworthy crypto-currency that can be used for payments.
To be honest the technology and governance structure looks fine, there's nothing really new or significantly different which I think is a good thing, Project Libra is designed to provide a stablecoin that can be used as a payment system, something you don't really need or want a lot of new surprises and excitement in.
So are there any real downsides to Project Libra? Probably the biggest one is that Facebook is pushing this forwards, despite setting up an association with a goal of 100 major participants (companies, banks, NGO's, etc.) this project is still heavily tied to Facebook, and many people have a love-hate relationship with Facebook.
There's nothing really ugly about Libra either, but one aspect I'm curious to see play out is how tradable digital assets sold via Libra will handle pricing discrimination. Many companies would rather sell digital assets (like in game skins) at a discount in developing countries as opposed to not selling anything at all. For digital assets that can be exchanged or traded in game this could present an arbitrage opportunity for end users and secondary markets may develop, and as we've seen companies often hate this, because secondary markets are often lucrative (and frustrating for users, opportunities for fraud abound).
But there is one thing that Facebook brings to the crypto-currency table that almost nobody else can (apart from maybe Linkedin or Google…) which is KYC.
KYC is Know Your Customer, it's literally knowing who the account holder(s) are, their identity, location, address, which jurisdiction they are in and so on. This helps prevent things like identity theft and financial fraud, and also ties into the AML side of crypto-currency regulation. Anti-Money Laundering is exactly what it sounds like, and also ties into terrorist and other criminal funding activities.
Facebook has arguably the world's largest social graph, and the deepest knowledge of many people (many people essentially stream their entire life, and the lives of their families on Facebook). Facebook can easily verify who people are (and in many cases they already have via your phone number and so on) in a way that almost nobody else can. This combined with Facebook's reach (they can simply add Libra capability to their website and mobile client and boom, hundreds of millions of people have access to it instantly) gives them a potential advantage no other crypto-currency has ever had.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/08/05/facebook-project-libra-the-good-the-bad-the-ugly-and-why-you-should-care%ef%bb%bf/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 29 juillet au 4 août 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog: ''CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings''+++*[»]> <<tiddler [[2019.08.02 - Blog : CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings]]>>===
* Publication : ''Information Security Management through Reflexive Security''+++*[»]> <<tiddler [[2019.08.01 - Publication : 'Information Security Management through Reflexive Security']]>>===
* Blog : ''Quantum Technology Captures Headlines in the Wall Street Journal''+++*[»]> <<tiddler [[2019.08.01 - Blog : 'Quantum Technology Captures Headlines in the Wall Street Journal']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.08.04 - Veille Hebdomadaire - 4 août]] avec plus de 80 liens dont :
* Piratages et fuites de données : Incident Capital One et analyse de l'origine liée (ou non) à AWS, fuite de bucket AWS en Inde, attaque contre des comptes O365
* Rapports et sondages : Gartner, Netskope, Netwrix, Stackrox, Thycotic
* __Pannes__ : O365, Slack
* __Divers__ : Azure et conformité NIST SP 800-53, la KillChain contre AWS, prévention contre les fuites liées aux buckets S3, CASB
!!Veille Hebdomadaire - 4 août 2019
|!Août|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.08.04|
|2019.08.04|Les Echos[>img[iCSF/flag_fr.png]]|[[Les régulateurs bancaires américains en alerte sur le cloud|https://www.lesechos.fr/finance-marches/banque-assurances/les-regulateurs-bancaires-americains-en-alerte-sur-le-cloud-1122165]]|Regulations|
|2019.08.04|The Korea Times|[[Concerns growing over AWS cloud security in Korea|http://www.koreatimes.co.kr/www/tech/2019/08/133_273271.html]]|Risks|
|2019.08.04|//Sophos//|[[Seven Best Practices for Securing the Public Cloud|http://www.globalsecuritymag.com/Seven-Best-Practices-for-Securing,20190804,89601.html]]|Best_Practices|
|>|>|>|!2019.08.03|
|2019.08.03|Bleeping Computer|[[Misconfigured JIRA Servers Leak Info on Users and Projects|https://www.bleepingcomputer.com/news/security/misconfigured-jira-servers-leak-info-on-users-and-projects/]]|DataLeak Jira|
|>|>|>|!2019.08.02|
|2019.08.02|CERT-EU|[[Massive breach at Capital One, purportedly due to a cloud misconfiguration|https://media.cert.europa.eu/static/MEMO/2019/TLP-WHITE-CERT-EU-MEMO-190802-1.pdf]]|DataBreach Capital_One|
|2019.08.02|DisruptOps|![[Breaking Attacker Kill Chains in AWS: IAM Roles|https://disruptops.com/breaking-attacker-kill-chains-in-aws-iam-roles/]]|KillChain AWS|
|2019.08.02|DZone|[[CASBs: It's Time To Remove The Broker|https://dzone.com/articles/casbs-its-time-to-remove-the-broker]]|CASB|
|2019.08.02|DevOps.com|![[Top 5 AWS Security Mistakes: Leaky S3 Buckets|https://devops.com/top-5-aws-security-mistakes-leaky-s3-buckets/]]|AWS S3|
|2019.08.02|MSSP Alert|[[40,000 Cloud Container Platforms Left Unsecured|https://www.msspalert.com/cybersecurity-research/40000-cloud-container-platforms-left-unsecured/]]|Misconfigurations|
|2019.08.02|//Gigamon//|[[Securing Beyond Shared Responsibility - Cloud Traffic Visibility|https://blog.gigamon.com/2019/08/02/securing-beyond-shared-responsibility-cloud-traffic-visibility/]]|Shared_Responsibility|
|2019.08.02|//IBM//|[[IBM's CTO, Cloud Platform Services, on "Cloud Paks", Containers, Paas-Bashing and Mainframes|https://www.cbronline.com/qa/bala-rajaraman-cto-ibm-cloud-platform-services]]|Misc|
|2019.08.02|//Akamai//|[[Security Fundamentals Are Key To Successful Cloud Migration|https://blogs.akamai.com/2019/08/security-fundamentals-are-key-to-successful-cloud-migration.html]]|Zero_Trust|
|>|>|>|!2019.08.01|
|2019.08.01|Les Echos[>img[iCSF/flag_fr.png]]|[[Une page se tourne pour le cloud souverain français|https://www.lesechos.fr/tech-medias/hightech/une-page-se-tourne-pour-le-cloud-souverain-francais-1118112]]|Sovereign_Cloud Cloudwatt|
|2019.08.01|Wall Street Journal|[[Fed Examined Amazon's Cloud in New Scrutiny for Tech|https://www.wsj.com/articles/fed-examined-amazons-cloud-in-new-scrutiny-for-tech-11564693812]]|AWS|
|2019.08.01|DZone|[[Your Cloud Application Security Checklist|https://dzone.com/articles/your-cloud-application-security-checklist]]|Misc|
|2019.08.01|Office of Inadequate Security|[[A misconfigured AWS bucket exposed personal and counseling logs of almost 300,000 Indian employees|https://www.databreaches.net/a-misconfigured-aws-bucket-exposed-personal-and-counseling-logs-of-almost-300000-indian-employees/]]|DataBreaches|
|2019.08.01|isBuzzNews|[[Practicing Safe Containerisation|https://www.informationsecuritybuzz.com/articles/practicing-safe-containerisation/]]|Containers|
|2019.08.01|FCW|[[Nuclear weapons security agency moving apps to cloud|https://fcw.com/articles/2019/08/01/nnsa-cloud-rockwell.aspx]]|Misc|
|2019.08.01|//Netwrix//|[[Lack of Budgets for Cloud Security Initiatives Slows Down Cloud Adoption for Government|https://vmblog.com/archive/2019/08/01/netwrix-survey-lack-of-budgets-for-cloud-security-initiatives-slows-down-cloud-adoption-for-government.aspx]]|Report Netwrix|
|2019.08.01|//Netwrix//| → [[2019 Netwrix Cloud Data Security Report|https://www.netwrix.com/2019cloudsecurityreport.html]]|Report Netwrix|
|2019.08.01|//Netwrix//[>img[iCSF/flag_fr.png]]| → [[Les budgets de sécurité du cloud insuffisants ralentissent son adoption dans le secteur public|https://cyberexperts.tech/les-budgets-de-securite-du-cloud-insuffisants-ralentissent-son-adoption-dans-le-secteur-public/]]|Report Netwrix|
|2019.08.01|//Azure//|![[New Azure Blueprint simplifies compliance with NIST SP 800-53|https://azure.microsoft.com/en-us/blog/new-azure-blueprint-simplifies-compliance-with-nist-sp-800-53/]]|Azure Compliance NIST|
|2019.08.01|//Azure//|[[Introducing Azure Dedicated Host|https://azure.microsoft.com/en-us/blog/introducing-azure-dedicated-host/]] ([[site dédié "ADH"|https://aka.ms/ADHWebsite]]=|Azure Isolation|
|2019.08.01|//Thycotic//|[[Security as a Service (Saas) on the Rise - 2019 Global Research Report|https://thycotic.com/resources/security-as-a-service-global-research-report/]]|Report Thycotic|
|2019.08.02|InfoSecurity Mag| → [[70% of Orgs Will Use Security-as-a-Service by 2021|https://www.infosecurity-magazine.com/news/orgs-securityasaservice-by-2021/]]|Report Thycotic|
|2019.08.01|//Managed Methods//|[[CASBs: Is It Time To Remove The "Broker" From Cloud Access Security Broker?|https://managedmethods.com/blog/casbs-time-to-remove-the-broker/]]|CASB|
|2019.08.01|//Security Intelligence//|[[The Secret to a Secure Multicloud Enterprise Is Open Source|https://securityintelligence.com/posts/the-secret-to-a-secure-multicloud-enterprise-is-open-source/]]|Multi_Cloud|
|2019.08.01|//Cruise//|[[Secrets Management in a Cloud Agnostic World|https://medium.com/cruise/secrets-management-3a7c47fe81b]]|Secrets_Management|
|2019.08.01|//CompliantCloud//|[[The Crossover of Data Integrity and Data Privacy in the Cloud|https://compliantcloud.com/data-integrity-data-privacy-cloud-life-science/]]|Integrity Privacy|
|2019.08.01|//Aporeto//|[[Hardening Cloud Security|https://www.aporeto.com/blog/hardening-cloud-security/]]|Hardening|
|2019.08.01|//Aqua Security//|[[Kubernetes Pod Escape Using Log Mounts|https://blog.aquasec.com/kubernetes-security-pod-escape-log-mounts]]|K8s Logging|
|2019.08.01|//Akamai//|[[4 Critical Elements Your Next Security Solution Must Have|https://blogs.akamai.com/2019/08/4-critical-elements-your-next-security-solution-must-have.html]]|Misc|
|>|>|>||
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.07.31|
|2019.07.31|ZDnet[>img[iCSF/flag_fr.png]]|[[Cloudwatt : arrêt du service en février prochain|https://www.zdnet.fr/actualites/cloudwatt-arret-du-service-en-fevrier-prochain-39888593.htm]]|Sovereign_Cloud Cloudwatt|
|2019.07.31|Rainbowtabl.es|[[Honda Motor Company leaks database with 134 million rows of employee computer data|https://rainbowtabl.es/2019/07/31/honda-motor-company-leak/]]|DataLeak ElasticSearch|
|2019.07.31|Bleeping Computer| → [[Unsecured Database Exposes Security Risks in Honda's Network|https://www.bleepingcomputer.com/news/security/unsecured-database-exposes-security-risks-in-hondas-network/]]|DataLeak ElasticSearch|
|2019.07.31|Dark Reading|[[Google Cloud Debuts New Security Capabilities|https://www.darkreading.com/cloud/google-cloud-debuts-new-security-capabilities/d/d-id/1335405]]|GCP|
|2019.07.31|CSO Online|[[Is the cloud lulling us into security complacency?|https://www.csoonline.com/article/3412006/is-the-cloud-lulling-us-into-security-complacency.html]]|Governance|
|2019.07.31|DZone|[[Cloud-Native Best Business Practices (Part 3) - Open Source|https://dzone.com/articles/cloud-native-best-business-practices-part-3-open-s]] (3/7)|Best_Practices|
|2019.07.31|ZDnet|[[Brazilian firms struggle with cloud security immaturity|https://www.zdnet.com/article/brazilian-firms-struggle-with-cloud-security-immaturity/]]|Report Symantec|
|2019.07.31|//Google Cloud//|[[Titan Security Keys: now available in Japan, Canada, France, and the UK|https://gsuiteupdates.googleblog.com/2019/07/titan-security-key-expansion.html]]|GCP Authentication|
|2019.07.31|//Google Cloud//|[[Defend high-risk users with the Advanced Protection Program for enterprise beta|https://gsuiteupdates.googleblog.com/2019/07/advanced-protection-program-enterprise.html]]|GCP|
|2019.07.31|Dark Reading| → [[Google Cloud Debuts New Security Capabilities|https://www.darkreading.com/cloud/google-cloud-debuts-new-security-capabilities/d/d-id/1335405]]|GCP|
|2019.07.31|//Rapid7//|[[Do You Have Containers in Your Environment? Using Container Discovery to Be Sure|https://blog.rapid7.com/2019/07/31/do-you-have-containers-in-your-environment-using-container-discovery-to-be-sure/]]|Containers Discovery|
|2019.07.31|//Blissfully//|[[SaaS Vendor Renewal Process: A Checklist for IT|https://www.blissfully.com/blog/saas-vendor-renewal-process-checklist/]]|SaaS Contracting|
|2019.07.31|//AtScale//|[[Orchestrating security policies across your hybrid cloud with intelligent data virtualization|https://www.helpnetsecurity.com/2019/07/31/intelligent-data-virtualization/]]|Misc|
|2019.07.31|//IbexLabs//|[[Fault Tolerance And Redundancy For Cloud Computing|https://www.ibexlabs.com/fault-tolerance-and-redundancy-for-cloud-computing/]]|Redundancy|
|2019.07.31|//Detectify//|[[Bypassing Cloudflare WAF with the origin server IP address|https://blog.detectify.com/2019/07/31/bypassing-cloudflare-waf-with-the-origin-server-ip-address/]]|Firewall|
|2019.07.31|//One Cloud Please//|![[S3 Bucket Namesquatting - Abusing predictable S3 bucket names|https://onecloudplease.com/blog/s3-bucket-namesquatting]]|AWS_S3 Attack|
|>|>|>|!2019.07.30|
|2019.07.30|Bleeping Computer|[[Outlook Is Down, Users Are Experiencing Sign-in Failures|https://www.bleepingcomputer.com/news/technology/outlook-is-down-users-are-experiencing-sign-in-failures/]]|Outage O365|
|2019.07.30|CSO Online|[[What is a CASB? What you need to know before you buy|https://www.csoonline.com/article/3104981/what-is-a-cloud-access-security-broker-and-why-do-i-need-one.html]]|CASB|
|2019.07.30|SecurityWeek|[[Microsoft Makes Azure Security Center for IoT Generally Available|https://www.securityweek.com/microsoft-makes-azure-security-center-iot-generally-available]]|Azure IoT|
|2019.07.30|Numerama[>img[iCSF/flag_fr.png]]|[[Paris sait les risques du Cloud Act, mais ne peut pas dissuader les Français d'aller sur Google ou Facebook|https://www.numerama.com/politique/537429-paris-sait-les-risques-du-cloud-act-mais-ne-peut-pas-dissuader-les-francais-daller-sur-google-ou-facebook.html]]|CLOUD_Act|
|2019.07.30|CompareTheCloud|[[Changing from network access to application access|https://www.comparethecloud.net/articles/changing-from-network-access-to-application-access/]]|Access_Controls|
|2019.07.30|CSO Online|[[6 lessons from Venmo's lax approach to API security|https://www.csoonline.com/article/3410044/6-lessons-from-venmos-lax-approach-to-api-security.html]]|Data_Leak APIs|
|2019.07.30|MSSP Alert|[[AWS Cloud Cybersecurity: Customer Errors Threaten Amazon's Credibility|https://www.msspalert.com/cybersecurity-news/aws-cloud-cybersecurity-configuration-errors/]]|AWS Misconfigurations|
|2019.07.31|//Digital Shadows//|[[The Account Takeover Kill Chain: A Five Step Analysis|https://www.digitalshadows.com/blog-and-research/the-account-takeover-kill-chain-a-five-step-analysis/]]|KillChain|
|2019.07.30|//Lastline//|[[8 IaaS Cloud Security Challenges You Should Be Aware Of|https://www.lastline.com/blog/8-iaas-cloud-security-challenges-you-should-be-aware-of/]]|IaaS Risks|
|2019.07.30|//Cyware//|[[Community Psychiatric Clinic responds to incident involving unauthorized access to Office 365 accounts|https://cyware.com/news/community-psychiatric-clinic-responds-to-incident-involving-unauthorized-access-to-office-365-accounts-2a548992]]|O365 Incident|
|2019.07.30|//Stackrox//|[[Kubernetes and Container Security and Adoption Trends|https://www.stackrox.com/kubernetes-adoption-and-security-trends-and-market-share-for-containers/]]|Report Containers|
|2019.07.30|VMblog| → [[StackRox Report Reveals Security Concerns Have Increased Despite Rapid Adoption of Containers and Kubernetes|https://vmblog.com/archive/2019/07/30/stackrox-report-reveals-security-concerns-have-increased-despite-rapid-adoption-of-containers-and-kubernetes.aspx]]|Report Containers|
|2019.07.30|SecurityWeek| → [[Security a Top Concern as Containerization Gathers Pace|https://www.securityweek.com/security-top-concern-containerization-gathers-pace]]|Report Containers|
|2019.07.30|BetaNews| → [[Organizations struggle with container security|https://betanews.com/2019/07/30/container-security-struggle/]]|Report Containers|
|2019.09.03|//Tripwire//| → [[Survey Reveals Kubernetes Usage Skyrocketing, but Security Concerns Remain|https://www.tripwire.com/state-of-security/devops/kubernetes-usage-skyrocketing-security-concerns-remain/]]|Report Containers|
|2019.07.31|//Netskope//|[[Netskope Cloud Report - August 2019|https://resources.netskope.com/cloud-reports/netskope-cloud-report-august-2019]]|Report Netskope|
|2019.08.01|Solutions Review| → [[Cloud Services Accounts for 85% of Enterprise Web Traffic|https://solutionsreview.com/cloud-platforms/cloud-services-accounts-for-85-of-enterprise-web-traffic/]]|Report Netskope|
|2019.08.01|BetaNews| → [[85 percent of enterprise web traffic is cloud services|https://betanews.com/2019/08/01/enterprise-web-traffic-cloud/]]|Report Netskope|
|2019.07.30|//Radware//|[[Security Considerations for Cloud Hosted Services|https://blog.radware.com/security/cloudsecurity/2019/07/security-considerations-for-cloud-hosted-services/]]|Hosting|
|2019.07.30|//TAG Cyber//|[[More Benefits, Risks, and Insurance Issues in the Cloud|https://threatvector.cylance.com/en_us/home/more-benefits-risks-and-insurance-issues-in-the-cloud.html]]|Risks Insurance|
|2019.07.30|//Google Cloud//|[[3 questions to ask before moving your organization's content to the cloud|https://cloud.google.com/blog/topics/perspectives/3-questions-to-ask-before-moving-your-organizations-content-to-the-cloud]]|Misc|
|2019.07.30|//DivvyCloud//|[[PERSPECTIVE: Automation Is the Antidote for Government Agencies Plagued by Cyberattacks|https://www.hstoday.us/subject-matter-areas/cybersecurity/perspective-automation-is-the-antidote-for-government-agencies-plagued-by-cyberattacks/]]|Automation|
|2019.07.30|//Gartner//|[[6 Steps for Planning a Cloud Strategy|https://www.gartner.com/smarterwithgartner/6-steps-for-planning-a-cloud-strategy/]]|Strategy|
|>|>|>|!2019.07.29|
|2019.07.29|Capital One|[[Capital One Announces Data Security Incident|https://press.capitalone.com/phoenix.zhtml]]|DataBreach Capital_One|
|2019.07.29|Washington Post| → [[Capital One looked to the cloud for security. But its own firewall couldn't stop a hacker.|https://www.washingtonpost.com/technology/2019/07/30/capital-one-looked-cloud-security-its-own-firewall-couldnt-stop-hacker/]]|DataBreach Capital_One|
|2019.07.29|The New York Times| → [[Capital One Data Breach Compromises Data of Over 100 Million|https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html]]|DataBreach Capital_One|
|2019.07.29|Bloomberg| → [[Capital One Says Breach Hit 100 Million Individuals in U.S.|https://www.bloomberg.com/news/articles/2019-07-29/capital-one-data-systems-breached-by-seattle-woman-u-s-says]]|DataBreach Capital_One|
|2019.07.29|MSSP Alert| → [[Capital One Data Breach Details: 10 Things to Know|https://www.msspalert.com/cybersecurity-breaches-and-attacks/capital-one-details/]]|DataBreach Capital_One|
|2019.07.30|Krebs On Security| → [[Capital One Data Theft Impacts 106M People|https://krebsonsecurity.com/2019/07/capital-one-data-theft-impacts-106m-people/]]|DataBreach Capital_One|
|2019.07.30|//Threatpost//| → [[Former AWS Engineer Arrested as Capital One Admits Massive Data Breach|https://threatpost.com/aws-arrest-data-breach-capital-one/146758/]]|DataBreach Capital_One|
|2019.07.30|MSSP Alert| → [[AWS Cloud Cybersecurity: Customer Errors Threaten Amazon's Credibility|https://www.msspalert.com/cybersecurity-news/aws-cloud-cybersecurity-configuration-errors/]]|DataBreach Capital_One|
|2019.07.30|//Lacework//| → [[How Capital One Illustrates the Need for Cloud Configuration Visibility|https://www.lacework.com/capital-one-cloud-configuration-visibility/]]|DataBreach Capital_One|
|2019.07.30|CIO Dive| → [[5 things to know about Capital One's breach|https://www.ciodive.com/news/5-things-to-know-about-capital-ones-breach/559909/]]|DataBreach Capital_One|
|2019.07.30|J Cole Morrison| → [[The Technical Side of the Capital One AWS Security Breach|https://start.jcolemorrison.com/the-technical-side-of-the-capital-one-aws-security-breach/]]|DataBreach Capital_One|
|2019.07.30|Laureen Weinstein| → [[Another Breach: What Capital One Could Have Learned from Google's "BeyondCorp"|https://lauren.vortex.com/2019/07/30/another-breach-what-capital-one-could-have-learned-from-googles-beyondcorp]]|DataBreach Capital_One|
|2019.07.30|Evan Johnson| → [[Preventing The Capital One Breach|https://ejj.io/blog/capital-one]]|DataBreach Capital_One|
|2019.07.31|//Digital Shadows//| → [[Capital One Breach: What we know and what you can do|https://www.digitalshadows.com/blog-and-research/capital-one-breach-what-we-know-and-what-you-can-do/]]|DataBreach Capital_One|
|2019.07.31|//Duo Security//| → [[Capital One Breach Does Not Mean the Cloud is Insecure|https://duo.com/decipher/capital-one-breach-does-not-mean-the-cloud-is-insecure]]|DataBreach Capital_One|
|2019.08.01|The Last Watchdog| → [[ROUNDTABLE: Huge Capital One breach shows too little is being done to preserve data privacyThe Last Watchdog|https://www.lastwatchdog.com/roundtable-huge-capital-one-breach-shows-too-little-is-being-done-to-preserve-data-privacy/]]|DataBreach Capital_One|
|2019.08.01|//Fugue//|! → [[A Technical Analysis of the Capital One Cloud Misconfiguration Breach|https://www.fugue.co/blog/a-technical-analysis-of-the-capital-one-cloud-misconfiguration-breach]]|DataBreach Capital_One|
|2019.08.02|Dark Reading| → [[Capital One: What We Should Learn This Time|https://www.darkreading.com/cloud/capital-one-what-we-should-learn-this-time/d/d-id/1335426]]|DataBreach Capital_One|
|2019.08.02|CIO Dive| → [[Capital One breach raises questions about security and cloud-first strategies|https://www.ciodive.com/news/capital-one-breach-raises-questions-about-security-and-cloud-first-strategi/560129/]]|DataBreach Capital_One|
|2019.08.02|Krebs On Security| → [[What We Can Learn from the Capital One Hack|https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/]]|DataBreach Capital_One|
|2019.07.29|Bleeping Computer|[[Slack Experiencing Large-Scale Outage Caused by Messaging Issue|https://www.bleepingcomputer.com/news/technology/slack-experiencing-large-scale-outage-caused-by-messaging-issue/]]|Outage Slack|
|2019.07.29|DZone|![[Did I Just See Google Cloud Go Back in Time?|https://dzone.com/articles/did-i-just-see-google-cloud-go-back-in-time]]|History|
|2019.07.29|DZone|[[Step-by-Step Guide: Establishing Container Networking|https://dzone.com/articles/step-by-step-guide-establishing-container-networki]]|Containers|
|2019.07.29|Bleeping Computer|[[Microsoft Adds IoT Device Protection to Azure Security Center|https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-iot-device-protection-to-azure-security-center/]]|Azure IoT|
|2019.07.29|IoT for all|[[Cloud-Native Environments: A Challenge for Traditional Cybersecurity Practices|https://www.iotforall.com/cloud-native-environments-challenge-traditional-cybersecurity-practices/]]|Misc|
|2019.07.29|CISO Mag|[[Debunking five myths in cloud security|https://www.cisomag.com/debunking-five-myths-in-cloud-security/]]|Misc|
|2019.07.29|The Register|[[Microsoft preps to purge its cloud access security broker of shonky crypto protocols TLS 1.0, 1.1|https://www.theregister.co.uk/2019/07/29/tls_microsoft_cloud_security/]]|Cryptography|
|2019.07.29|The Register|[[We need you for a multi-cloud sanity check: Which providers do you use and need, and how do you choose them?|https://www.theregister.co.uk/2019/07/29/cloud_provider_survey/]]|Survey|
|2019.07.29|Help Net Security|[[Cloud adoption and security are not mutually exclusive|https://www.helpnetsecurity.com/2019/07/29/cloud-adoption-and-security/]]|Misc|
|2019.07.29|Container Journal|[[Cluster Monitoring With Prometheus Operator|https://containerjournal.com/2019/07/29/cluster-monitoring-with-prometheus-operator/]]|K8s|
|2019.07.29|Security Scoreboard|[[Benefits of Continuous Compliance Monitoring in the Cloud|https://securityscorecard.com/blog/benefits-continuous-compliance-monitoring-in-cloud]]|Compliance Monitoring|
|2019.07.29|CyberSecurity Hub|[[Cloud Security Market Report: Exploring The Right Enterprise Strategy|https://www.cshub.com/cloud/reports/cloud-security-market-report-exploring-the-right-enterprise-strategy]]|Report|
|2019.07.29|Technology Decisions|[[Cloud customers still making basic security mistakes|https://www.technologydecisions.com.au/content/cloud-and-virtualisation/article/cloud-customers-still-making-basic-security-mistakes-1251148303]]|Best_Practices|
|2019.07.29|CBR Online|[[What Is DevOps Security - and Does it Drive Secure Deployments?|https://www.cbronline.com/feature/devops-security]]|DevSecOps|
|2019.07.29|CircleID|[[Gartner Says Worldwide IaaS Public Cloud Services Market Grew 31.3% in 2018|http://www.circleid.com/posts/20190729_worldwide_iaas_public_cloud_services_market_in_2018/]]|IaaS|
|2019.07.29|//Threatpost//|[[Cloud Security Concerns Loom for 93% of Businesses Adopting Apps and BYOD|https://threatpost.com/cloud-security-concerns-loom-for-93-of-businesses-adopting-apps-and-byod/146739/]]|BYOD|
|2019.07.29|//CloudPassage//|[[Why IaaS requires cloud security automation|https://blog.cloudpassage.com/2019/07/29/iaas-requires-cloud-security-automation/]]|IaaS Automation|
|2019.07.29|//Security Intelligence//|![[Cloud Provider Relationships Don't Last, So Protect Your Data With an Exit Plan|https://securityintelligence.com/posts/cloud-provider-relationships-dont-last-so-protect-your-data-with-an-exit-plan/]]|Reversibility|
|2019.07.29|//PaloAlto Networks//|[[Advantages of Cloud-Delivered Security for U.S. Govt Agencies|https://blog.paloaltonetworks.com/2019/07/cloud-delivered-security-benefits-govt-agencies/]]|Government|
|2019.07.29|//Imperva//|[[Enabling Faster DDoS Mitigation for Cloud Assets|https://www.imperva.com/blog/enabling-faster-ddos-mitigation-for-cloud-assets/]]|DDoS Mitigation|
|2019.07.29|Techrepublic|[[Is homomorphic encryption ready to deliver confidential cloud computing to enterprises?|https://www.techrepublic.com/article/is-homomorphic-encryption-ready-to-deliver-confidential-cloud-computing-to-enterprises/]]|Homomorphic_Encryption|
|2019.07.29|//Azure//|[[Announcing general availability for the Azure Security Center for IoT|https://azure.microsoft.com/en-us/blog/announcing-general-availability-for-the-azure-security-center-for-iot/]]|Azure IoT|
|2019.07.29|//Inovex//|[[Unraveling Kubernetes Security Tools|https://www.inovex.de/blog/kubernetes-security-tools/]]|K8s|
!"//CCM v3.0.1-080319//"
[>img(150px,auto)[iCSA/J83PC.jpg]]__"''CCM v3.0.1 version du 3 août 2019''"__
<<<
//The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.//
<<<
⇒ Téléchargement (après inscription, mais ''indisponible pour le moment'') ⇒ ''[[CloudSecurityAlliance.fr/go/j83c/|https://CloudSecurityAlliance.fr/go/j83c/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//CSA CCM v3.0.1 Addendum for AICPA, NIST and FedRAMP Mappings//"
[>img(150px,auto)[iCSA/J83PC.jpg]]__"''CSA CCM v3.0.1 Addendum - AICPA TSC 2017''"__
<<<
//This document is an addendum to the CCM V3.0.1 that contain controls mapping between the CSA CCM and the AICPA TSC 2017. The document aims to help AICPA TSC 2017 compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in AICPA TSC 2017 in relation to the CCM. This document contains the following information:
* Controls Mapping
* Gap Analysis
* Gap Identification (i.e. Partial, Full or No Gap)
//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j83a/|https://CloudSecurityAlliance.fr/go/j83a/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//CSA CCM v3.0.1 Addendum - NIST 800-53 Rev 4 Moderate//"
[>img(150px,auto)[iCSA/J83PC.jpg]]__"''CSA CCM v3.0.1 Addendum - NIST 800-53 Rev 4 Moderate''"__
<<<
//This document is an addendum to the CCM V3.0.1 that contain controls mapping between the CSA CCM and the NIST 800-53 R4 Moderate Baseline. The document aims to help NIST 800-53 R4 Moderate compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in NIST 800-53 in relation to the CCM. This document contains the following information:
* Controls Mapping
* Gap Analysis
* Gap Identification (i.e. Partial, Full or No Gap)
//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j83n/|https://CloudSecurityAlliance.fr/go/j83n/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//CCM v3.0.1 Addendum - FedRAMP Moderate//"
[>img(150px,auto)[iCSA/J83PC.jpg]]__"''CCM v3.0.1 Addendum - FedRAMP Moderate''"__
<<<
//This document is an addendum to the CCM V3.0.1 that contain controls mapping between the CSA CCM and the FedRAMP R4 Moderate Baseline. The document aims to help FedRAMP compliant organizations meet CCM requirements. This is achieved by identifying compliance gaps in FedRAMP in relation to the CCM. This document contains the following information:
* Controls Mapping
* Gap Analysis
* Gap Identification (i.e. Partial, Full or No Gap)
//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j83f/|https://CloudSecurityAlliance.fr/go/j83f/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//CCM v3.0.1. Update for AICPA, NIST and FedRAMP Mappings//"
[>img(150px,auto)[iCSA/J82BC.jpg]]Article de blog publié le 2 août 2019 — Rédigé par Victor Chin et Lefteris Skoutaris, Research Analysts, CSA
<<<
//The CSA Cloud Controls Matrix (CCM) Working Group is glad to announce the new update to the CCM v3.0.1. This minor update will incorporate the following mappings:
* Association of International Certified Professional Accountants (AICPA) Trust Services Criteria (TSC) 2017
* National Institute of Standards and Technology (NIST) 800-53 R4 Moderate
* Federal Risk Authorization and Management Program (FedRAMP) Moderate
A total of four documents will be released. The updated CCM (CCM v3.0.1-03-08-2019) will be released to replace the outdated CCM v3.0.1-12-11-2017. Additionally, three addendums will be released for AICPA TSC 2017, NIST 800-53 R4 Moderate and FedRAMP moderate, separately. The addendums will contain gap analyses and also control mappings. We hope that organizations will find these documents helpful in bridging compliance gaps between the CCM, AICPA TSC 2017, FedRAMP and NIST 800-53 R4 Moderate.
With the release of this update the CCM Working Group will be concluding all CCM v3 work and refocusing our efforts on CCM v4.
The upgrade of CCM v3 to the next version 4 has been made imperative due to the evolution of the cloud security standards, the need for more efficient auditability of the CCM controls and integration into CCM of the security requirements deriving from the new cloud technologies introduced.
In this context, a CCM task force has already been established to take on this challenge and drive CCM v4 development. The CCM v4 working group is comprised of CSA's community volunteers comprised of industry's leading experts in the domain of cloud computing and security. This endeavor is supported and supervised by the [[CCM co-chairs and strategic advisors|https://cloudsecurityalliance.org/research/working-groups/cloud-controls-matrix]] who will ensure that the CCM v4 vision requirements and development plan are successfully implemented.
Some of the core objectives that drive CCM v4 development include:
* Improving the auditability of the controls
* Providing additional implementation and assessment guidance to organizations
* Improve interoperability and compatibility with other standards
* Ensuring coverage of requirements deriving from new cloud technologies (e.g., microservices, containers) and emerging technologies (e.g., IoT)
//[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/08/02/ccm-v3-0-1-update-for-aicpa-nist-and-fedramp-mappings/]] sur le blog de la CSA
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j82m/|https://CloudSecurityAlliance.fr/go/j82m/]]'' (format XLSX)
!"//Quantum Technology Captures Headlines in the Wall Street Journal//"
[>img(150px,auto)[iCSA/J81BQ.jpg]]Article de blog publié le 1er août 2019 — Rédigé par le groupe de travail "Quantum-Safe Security"
<<<
//Last month, we celebrated the 50th anniversary of the Apollo 11 moon landing. Apollo, which captured the imagination of the whole world, epitomizes the necessity for government involvement in long term, big science projects. What started as a fierce race between the USA and the USSR at the apex of the cold war ended up as a peaceful mission, "one giant leap for mankind".
This "Leap" was just one of many steps that lead to the US, Russia, Japan, Europe and Canada sharing the International Space Station for further space exploration. The parallel with the quantum computer, which recently made headlines in the Wall Street Journal, is striking gauntlet to be picked up. A foreign power, in this case China, developed advanced quantum technologies passing its western counterparts and warrants a competitive response. Here again, the US policymakers rise to the challenge and call for a significant investment in quantum technologies (as presented in the WSJ article: [[In a White House Summit on Quantum Technology, Experts Map Next Steps|https://CloudSecurityAlliance.fr/go/j81q/]]).
Quantum technologies may not capture the imagination of so many star-gazing children as space. However, show them a golden "chandelier" of a quantum computer, tell them that it operates at temperatures colder than space, explain that it can do more optimization calculations than all classical computers combined, and we might get some converts. We will need these engineers, developers and professions we have not yet thought of to get the full and profound impacts that are likely with quantum computers. If history is any guide, the currently expected applications in pharmaceuticals, finance and transportation mentioned in the WSJ are only a small portion of the real potential. Just these fields will require education on the quantum technologies at a broad level, as called for by the bipartisan participants to the White House Summit on Quantum Technologies. In addition, the threat of the quantum computer on our existing cybersecurity infrastructure (again reported in the WSJ: [[The Day When Computers Can Break All Encryption Is Coming|https://CloudSecurityAlliance.fr/go/j81b/]]), is real today. Sensitive digital data can already be recorded today and decrypted once a powerful-enough quantum computer is available.
This brings us back to the cold war space race, now with many potential players shielded in the obscurity of cyberspace. Let's hope that, as with Apollo, the end result will be improvement for humankind. The international effort, led by the National Institute of Standards and Technology (NIST), to develop new quantum-resistant algorithms, as well as the development of quantum technologies, such as quantum random number generation and quantum-key distribution (QKD), to counter the very threat of the quantum computer, are steps in the right direction.
CSA's quantum-safe security working group has produced several research papers addressing many aspects of quantum-safe security that were discussed in both of these articles. These documents can help enterprises to better understand the quantum threat and steps they can start taking to address this coming threat.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/07/30/organizations-must-realign-to-face-new-cloud-realities/]] sur le blog de la CSA
!"//Information Security Management through Reflexive Security//"
<<<
[>img(150px,auto)[iCSA/J81PI.png]]//This document defines "Reflexive Security" as a new security management approach that is built upon the interrelationships between security, development and operations necessary for protecting the security stance and the deliverables of an organization.//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j81r/|https://CloudSecurityAlliance.fr/go/j81r/]]''
!"//It's Time for Security Leadership to Embrace the Cloud-First Future//"
[>img(100px,auto)[iCSA/J89BA.jpg]]^^Bien que publié le 9 août 2019 sur le blog de la CSA, cet article l'a déjà été il y a 1 mois, le 1er août 2019 sur le site de Fugue.
Il faisait partie des articles déjà mentionnés dans notre [[veille datée du 4 août|2019.08.04 - Veille Hebdomadaire - 4 août]] et signalé comme "à lire".
A noter que si le fait que l'article ait déjà été publié est enfin mentioné, le lien fourni est erroné...
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/08/09/a-technical-analysis-of-the-capital-one-cloud-misconfiguration-breach/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.fugue.co/blog/a-technical-analysis-of-the-capital-one-cloud-misconfiguration-breach]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201907>>
<<tiddler fAll2Tabs10 with: VeilleM","_201907>>
<<tiddler fAll2LiTabs10 with: NewsL","201907>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Juillet 2019]]>>
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|>|>|>| Aucune alerte |
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Juillet 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Juillet 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201907>>
<<tiddler fAll2LiTabs13end with: Blog","201907>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Juillet 2019]]>>
<<tiddler fAll2LiTabs13end with: Publ","201907>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Juillet 2019]]>>
!"//Use Cases for Blockchain Beyond Cryptocurrency//"
[>img(150px,auto)[iCSA/J7VBU.jpg]]Article de blog publié le 24 juillet, retiré le 25 juillet, puis publié définitivement le 31 juillet 2019
<<<
[<img(150px,auto)[iCSA/J7OBU.jpg]]//CSA's newest white paper, Documentation of Relevant Distributed Ledger Technology and Blockchain Use Cases v2 is a continuation of the efforts made in v1. The purpose of this publication is to describe relevant use cases beyond cryptocurrency for the application of these technologies.
In the process of outlining several use cases across discrete economic application sectors, we covered multiple industry verticals, as well as some use cases which cover multiple verticals simultaneously. For this document, we considered a use case as relevant when it provides the potential for any of the following:
* disruption of existing business models or processes;
* strong benefits for an organization, such as financial, improvement in speed of transactions, auditability, etc.;
* large and widespread application; and
* concepts that can be applied in real-world scenarios.
From concept to the production environment, we also identified six separate stages of maturity to get a better assessment of how much work has been done within the scope and how much more work remains to be done.
# Concept
# Proof of concept
# Prototype
# Pilot
# Pilot production
# Production
Some of the industry verticals which we identified are finance, supply chain, media/entertainment, and insurance, all of which are ripe for disruption from a technological point of view.
The document also clearly identified the expected benefits from the adoption of DLTs/blockchain in these use cases, type of DLT, use of private vs public blockchain, infrastructure provider-CSP and the type of services (IaaS, PaaS, SaaS). Identification of some other key features in the use case implementations such as Smart Contracts and Distributed Databases have also been outlined.
The working group hopes this document will be a valuable reference to all key stakeholders in the blockchain/DLT ecosystem, as well as contribute to its maturity.//
<<<
[img(25%,1px)[iCSF/BluePixel.gif]]
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/07/31/use-cases-for-blockchain-beyond-cryptocurrency/]] sur le blog de la CSA. /% 25 -> 31 %/
!"//Documentation of Relevant Distributed Ledger Technology and Blockchain Use Cases v2//"
<<<
[>img(150px,auto)[iCSA/J7OBU.jpg]]//Thanks to the rise in popularity of Bitcoin cryptocurrency, the innovative technologies of Blockchain and other systems of distributed ledger technology (DLT) have proven their ability to increase security of data during transactions and provide immutable long-term data storage. This document provides several use cases for this DLT technology outside of cryptocurrencies.//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j7vb/|https://CloudSecurityAlliance.fr/go/j7vb/]]''
!"//Organizations Must Realign to Face New Cloud Realities//"
[>img(150px,auto)[iCSA/J7UBO.jpg]]Article de blog publié le 30 juillet 2019 — Rédigé par Jim Reavis, Co-founder and Chief Executive Officer, CSA
<<<
//While cloud adoption is moving fast, many enterprises still underestimate the scale and complexity of cloud threats
Technology advancements often present benefits to humanity while simultaneously opening up new fronts in the on-going and increasingly complex cyber security battle. We are now at that critical juncture when it comes to the cloud: While the compute model has inherent security advantages when properly deployed, the reality is that any fast-growth platform is bound to see a proportionate increase in incidents and exposure.
The Cloud Security Alliance (CSA) is a global not-for-profit organization that was launched 10 years ago as a broad coalition to create a trusted cloud ecosystem. A decade later, cloud adoption is pervasive to the point of becoming the default IT system worldwide. As the ecosystem has evolved, so have the complexity and scale of cyber security attacks. That shift challenges the status quo, mounting pressure on organizations to understand essential technology trends, the changing threat landscape and our shared responsibility to rapidly address the resultant issues.
> {{{ A decade later, cloud adoption is pervasive to the point of becoming the default IT system worldwide. As the ecosystem has evolved, so have the complexity and scale of cyber security attacks. }}}
There are real concerns that organizations have not adequately realigned for the cloud compute age and in some cases, are failing to reinvent their cyber defense strategies. Symantec's inaugural Cloud Security Threat Report (CSTR) is a landmark report that shines a light on the current challenges and provides a useful roadmap that can help organizations improve and mature their cloud security strategy. The report articulates the most pressing cloud security issues of today, clarifies the areas that should be prioritized to improve an enterprise security posture, and offers a reality check on the state of cloud deployment.
Cloud in the Fast Lane
What the CSTR reveals and the CSA can confirm is that cloud adoption is moving too fast for enterprises, which are struggling with increasing complexity and loss of control. According to the Symantec CSTR, over half (54%) of respondents agree that their organization's cloud security maturity is not keeping pace with the rapid expansion of new cloud apps.
The report also revealed that enterprises underestimate the scale and complexity of cloud threats. For example, the CSTR found that most commonly investigated incidents included garden variety data breaches, DDOS attacks and cloud malware injections. However, Symantec internal data shows that unauthorized access accounts for the bulk of cloud security incidents (64%), covering both simple exploits as well as sophisticated threats such as lateral movement and cross-cloud attacks. Companies are beginning to recognize their vulnerabilities–nearly two thirds (65%) of CSTR respondents believe the increasing complexity of their organization's cloud infrastructure is opening them up to entirely new and dangerous threat vectors.
For example, identity-related attacks have escalated in the cloud, making proper identity and access management the fundamental backbone of security across domains in a highly virtualized technology stack. The speed with which cloud can be "spun up" and the often-decentralized manner in which it is deployed magnifies human errors and creates vulnerabilities that attackers can exploit. A lack of visibility into detailed cloud usage hampers optimal policies and controls.
> {{{ The report also revealed that enterprises underestimate the scale and complexity of cloud threats. }}}
As CSA delved into this report, we found strong alignment with the best practices research and education we advocate. As the CSTR reveals, a Zero Trust strategy, building out a software-defined perimeter, and adopting serverless and containerization technologies are critical building blocks for a mature cloud security posture.
The CSTR also advises organizations to develop robust governance strategies supported by a Cloud Center of Excellence (CCoE) to rally stakeholder buy-in and get everyone working from the same enterprise roadmap. Establishing security as a continuous process rather than front-loading efforts at the onset of procurement and deployment is a necessity given the frenetic pace of change.
As the CSTR suggests and we can confirm, security architectures must also be designed with an eye towards scalability, and automation and cloud-native approaches like DevSecOps are essential for minimizing errors, optimizing limited man power and facilitating new controls.
While there is a clear strategy for securing cloud operations, too few companies have embarked on the changes. Symantec internal data reports that 85% are not using best security practices as outlined by the Center for Internet Security (CIS). As a result, nearly three-quarters of respondents to the CSTR said they experienced a security incident in cloud-based infrastructure due to this immaturity.
> {{{ The CSTR is a pivotal first step in increasing that awareness. }}}
The good news is that the users of cloud have a full portfolio of solutions, including multi-factor authentication, data loss prevention, encryption and identity and authentication tools, at their disposal to address cloud security threats along with new processes and an educated workforce. The bad news is that many users of cloud are not aware of the full magnitude of their cloud adoption, the demarcation of the shared responsibility model and the inclination to rely on outdated security best practices. The CSTR is a pivotal first step in increasing that awareness.
Cloud is and will continue to be the epicenter of IT, and increasingly the foundation for cyber security. Understanding how threat vectors are shifting in cloud is fundamental to overhauling and modernizing an enterprise security program and strategy. CSA recommends the Symantec CSTR report be read widely and we look forward to future updates to its findings.
Download 2019 Cloud Security Threat Report >> https://resource.elq.symantec.com/LP=7326?inid=symc_cloud-security-threat-report_cstr_to_leadgen_form_LP-7326_cstr&CID=70138000001FlejAAC
Interested in learning more? You can watch our CloudBytes webinar with Jim Reavis, Co-Founder & CEO at Cloud Security Alliance, and Kevin Haley, Director Security Technology and Response at Symantec as they discuss the key findings from the 2019 Cloud Security Threat Report. Watch it here >>
//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/07/30/organizations-must-realign-to-face-new-cloud-realities/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 22 au 28 juillet 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : ''Etat d'avancement du programme pilote FedSTAR''+++*[»]> <<tiddler [[2019.07.24 - Blog : Etat d'avancement du programme pilote FedSTAR]]>>===
* Actu : ''Best Practices for Implementing a Secure Application Container Architecture''+++*[»]> <<tiddler [[2019.07.26 - 'Cloud Security Alliance Releases Best Practices for Implementing a Secure Application Container Architecture']]>>===
* Publication : ''Best Practices for Implementing a Secure Application Container Architecture''+++*[»]> <<tiddler [[2019.07.26 - Publication : 'Best Practices for Implementing a Secure Application Container Architecture']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.07.28 - Veille Hebdomadaire - 28 juillet]] avec plus de 80 liens :
* Piratages et fuites de données : fuite FormGet, phishing O365, suites de l'attaque contre iNSYNQ
* Rapports et sondages : Checkpoint, Cyren/Osterman, PaloAlto Networks, RiskRecon/Cyentia, SkyBox, et Symantec
* __Divers__ : suite du CLOUD Act, SSO et IAM dans le Cloud, importance des contrats Cloud, outils de tests, DarkWeb et MaaS
!!Veille Hebdomadaire - 28 juillet 2019
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.07.28|
|2019.07.28|ITwire|[[Email attacks having a major impact on businesses: study|https://www.itwire.com/security/email-attacks-having-a-major-impact-on-businesses-study.html]]|Report Barracuda|
|>|>|>|!2019.07.27|
|2019.07.27|Packt|![[Understanding security features in the Google Cloud Platform (GCP)|https://hub.packtpub.com/understanding-security-features-in-the-google-cloud-platform-gcp/]]|GCP|
|>|>|>|!2019.07.26|
|2019.07.26|CERT-EU|[[Cloud hosting firm iNSYNQ hit byransomware attack|https://media.cert.europa.eu/static/MEMO/2019/TLP-WHITE-CERT-EU-MEMO-190726-1.pdf]]|Attacks Ransomware iNSYNQ|
|2019.07.26|Infosec Institute|[[Amazon Inspector: A cloud-based vulnerability assessment tool|https://resources.infosecinstitute.com/amazon-aws-inspector-walkthrough/]]|AWS Control|
|2019.07.26|Solutions Review|[[7 Cloud Security Best Practices to Keep Your Cloud Environment Secure|https://solutionsreview.com/cloud-platforms/7-cloud-security-best-practices-to-keep-your-cloud-environment-secure/]]|Best_Practices|
|2019.07.26|Forbes|[[Why Invest In Cloud-Based Machine Learning For Cybersecurity?|https://www.forbes.com/sites/extrahop/2019/07/26/why-invest-in-cloud-based-machine-learning-for-cybersecurity/]]|MachineLearning|
|2019.07.26|Center for Internet Security|[[Cleaning Out Your Old Data and Devices|https://www.cisecurity.org/newsletter/cleaning-out-your-old-data-and-devices/]]|Cleaning|
|2019.07.26|The Register|[[Don't fall into the trap of thinking you're safe and secure in the cloud. It could become a right royal pain in the SaaS|http://go.theregister.com/feed/www.theregister.co.uk/2019/07/26/secure_saas_in_the_smb/]]|SaaS|
|2019.07.26|//RiskRecon / Cyentia//|![[RiskRecon and Cyentia Institute: Definitive Study on Cloud Security Risk Quantifies Global Industry Exposure and Reveals Predictors of Cloud Success|https://blog.riskrecon.com/company/news-releases/definitive-study-on-cloud-security-risk-quantifies-global-industry-exposure]] ([[rapport|https://www.riskrecon.com/cloud-risk-surface-report]]|Report RiskRecon|
|2019.07.26|//TechBeacon / HP//|[[How to secure your cloud infrastructure: The 3 planes of OpSec|https://techbeacon.com/security/how-secure-your-cloud-infrastructure-3-planes-opsec]]|OpSec|
|2019.07.26|//Google Cloud//|[[Least privilege for Cloud Functions using Cloud IAM|https://cloud.google.com/blog/products/application-development/least-privilege-for-cloud-functions-using-cloud-iam/]]|GCP IAM|
|2019.07.26|//JumpCloud//|[[What is AWS SSO?|https://jumpcloud.com/blog/aws-sso/]]|AWS SSO|
|2019.07.26|BetaNews|[[Microsoft's web-based Outlook 365 is leaking users' IP addresses in emails|https://betanews.com/2019/07/26/microsoft-office-outlook-365-ip-leak/]]|O365 Data_Leak|
|2019.07.26|//Anchore//|[[Federal Container Security Best Practices - Unifying Configuration Management and Container Security with Anchore Enterprise|https://anchore.com/federal-container-security-best-practices-unifying-configuration-management-and-container-security-with-anchore-enterprise/]]|Containers Best_Practices|
|2019.07.26|SANS|[[How to Protect Enterprise Systems with Cloud-Based Firewalls|https://www.sans.org/reading-room/whitepapers/analyst/protect-enterprise-systems-cloud-based-firewalls-39085]]|Analysis Misc.|
|2019.07.26|//Cloud Academy//|[[How to Use & Install the AWS CLI|https://cloudacademy.com/blog/how-to-use-aws-cli/]]|AWS CLI|
|>|>|>|!2019.07.25|
|2019.07.25|CNet[>img[iCSF/flag_fr.png]]|[[Cloud computing : connaître les risques et savoir l'utiliser|https://www.cnetfrance.fr/produits/cloud-computing-connaitre-les-risques-et-savoir-l-utiliser-39762624.htm]]|Risks|
|2019.07.25|Les Numériques[>img[iCSF/flag_fr.png]]|[[Apple, Google, Microsoft, Dropbox... Quels sont les meilleurs services cloud ?|https://www.lesnumeriques.com/vie-du-net/apple-google-microsoft-dropbox-quels-sont-les-meilleurs-services-cloud-a138185.html]]|Misc|
|2019.07.25|CyberDefense Mag|[[Adapting Security Policies to Fit the Cloud Computing Era|https://www.cyberdefensemagazine.com/adapting-security-policies/]]|Security_Policy|
|2019.07.25|Bleeping Computer|[[Microsoft Office 365 Webmail Exposes User's IP Address in Emails|https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-webmail-exposes-users-ip-address-in-emails/]]|O365 Data_Leak|
|2019.07.25|TechCrunch|[[FormGet security lapse exposed thousands of sensitive user-uploaded documents|https://techcrunch.com/2019/07/25/formget-security-lapse-exposed-documents/]]|AWS S3 Bucket Data_Leak|
|2019.07.26|Cyware| → [[FormGet exposed company documents and customer data due to unsecured AWS S3 storage bucket|https://cyware.com/news/formget-exposed-company-documents-and-customer-data-due-to-unsecured-aws-s3-storage-bucket-5002fc3f]]|AWS S3 Bucket Data_Leak|
|2019.07.25|Solutions Review|[[What Is Software as a Service? A Beginner's Guide to SaaS|https://solutionsreview.com/cloud-platforms/what-is-software-as-a-service-a-beginners-guide-to-saas/]]|SaaS|
|2019.07.25|Cloud Native Computing Foundation|[[The 10 Most Viewed Videos from Past KubeCon + CloudNativeCons|https://www.cncf.io/blog/2019/07/25/the-10-most-viewed-videos-from-past-kubecon-cloudnativecons/]]|K8s Conference|
|2019.07.25|FCW|[[Contracting, cloud essential to modernizing House IT|https://fcw.com/articles/2019/07/25/house-it-modernization.aspx]]|Contracting|
|2019.07.25|AccountingWeb|[[How to Manage Your Vendors for Better Security|https://www.accountingweb.com/technology/trends/how-to-manage-your-vendors-for-better-security]]|Third_Party|
|2019.07.25|Chef|![[Secure Your Cloud Estate with Continuous Audits|https://blog.chef.io/2019/07/25/secure-your-cloud-estate-with-continuous-audits/]]|Continuous_Audit|
|2019.07.25|LeMagIT[>img[iCSF/flag_fr.png]]|[[PRA en cloud : à quoi faut-il s'attendre ?|https://www.lemagit.fr/conseil/PRA-en-cloud-a-quoi-faut-il-sattendre]]|DRP|
|2019.07.25|//Check Point//|[[From Supply Chain to Email, Mobile and the Cloud, No Environment is Immune to Cyber Attacks|https://www.globenewswire.com/news-release/2019/07/25/1888032/0/en/Check-Point-Research-From-Supply-Chain-to-Email-Mobile-and-the-Cloud-No-Environment-is-Immune-to-Cyber-Attacks.html]]|Report Checkpoint|
|2019.07.25|//Check Point//| → [[Cyber Attack Trends: Annual Report 2019 1H (téléchargement)|https://pages.checkpoint.com/cyber-attack-2019-trends.html]]|Report Checkpoint|
|2019.07.25|IT Social[>img[iCSF/flag_fr.png]]| → [[Cloud public : une sécurité à renforcer|https://itsocial.fr/enjeux/cloud-computing/cloud-public-prive-hybride/cloud-public-securite-a-renforcer-2/]]|Public_Cloud|
|2019.07.25|//Managed Methods//|[[Cloud Application Security Checklist|https://managedmethods.com/blog/cloud-application-security-checklist/]]|Checklist|
|2019.07.25|//RedScan//|[[The rise of Office 365 phishing scams: How one compromised account can cost millions|https://www.cloudcomputing-news.net/news/2019/jul/25/rise-office-365-phishing-scams-how-one-compromised-account-can-cost-millions/]]|O365 Phishing|
|2019.07.25|//Azure//|[[Azure publishes guidance for secure cloud adoption by governments|https://azure.microsoft.com/en-us/blog/azure-publishes-guidance-for-secure-cloud-adoption-by-governments/]] ([[document|https://aka.ms/AzureWWPS]])|Azure Guidance Government|
|2019.07.25|//Lastline//|[[Built-in Cloud Security Controls Essential to Securing an Expanded Network, Assert CISOs|https://www.lastline.com/blog/built-in-cloud-security-controls-essential-to-securing-an-expanded-network-assert-cisos/]]|Controls|
|2019.07.25|//CloudCheckr//|[[Your Organization's Role in the Shared Responsibility Model|https://cloudcheckr.com/document/shared-responsibility-model/]] (après inscription)|Shared_Responsibility|
|2019.07.25|//JumpCloud//|[[Azure AD LDAP Server|https://jumpcloud.com/blog/azure-ad-ldap-server/]]|AzureAD LDAP|
|>|>|>|!2019.07.24|
|2019.07.24|CERT-EU|[[Hacking groups compete for cryptojacking cloud-based infrastructure|https://media.cert.europa.eu/static/MEMO/2019/TLP-WHITE-CERT-EU-MEMO-190514-1.pdf]]|CryptoJacking|
|2019.07.24|CERT-EU|[[Docker breach exposes a significant number of accounts|https://media.cert.europa.eu/static/MEMO/2019/TLP-WHITE-CERT-EU-MEMO-190430-1.pdf]]|Breach Docker|
|2019.07.24|DZone|![[AWS Resources That Should Be Backed Up|https://dzone.com/aricles/aws-resources-that-should-be-backed-up-and-how-to]]|AWS BackUps|
|2019.07.24|DZone|[[Serverless Multi-Tier Architecture on AWS|https://dzone.com/articles/serverless-multi-tier-architecture-on-aws]]|AWS Serverless|
|2019.07.24|DZone|[[Cloud vs. On-Premise Software Deployment - What's Right for You? |https://dzone.com/articles/cloud-vs-on-premise-software-deployment-whats-righ]]|Misc|
|2019.07.24|DZone|[[Top 10 AWS Architect Interview Questions 2019|https://dzone.com/articles/top-10-aws-architect-interview-questions-2019]]|AWS|
|2019.07.24|TechRepublic|[[How to prevent unsigned Docker images from being pulled|https://www.techrepublic.com/article/how-to-prevent-unsigned-docker-images-from-being-pulled/]]|Docker|
|2019.07.24|//PaloAlto Networks//|![[Cloudy with a Chance of Entropy|https://www.paloaltonetworks.com/resources/research/unit42-cloud-with-a-chance-of-entropy]] ([[rapport|https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/research/unit42-cloud-with-a-chance-of-entropy]])|Report PaloAlto Misconfigurations|
|2019.07.24|SiliconAngle| → [[Report finds 34M vulnerabilities across AWS, Google Cloud and Azure|https://siliconangle.com/2019/07/24/report-finds-34m-vulnerabilities-across-aws-google-cloud-azure/]]|AWS Azure GCP Containers Flaws|
|2019.07.25|Global Security Mag[>img[iCSF/flag_fr.png]]| → [[PaloAlto Networks identifie plus de 34 millions de vulnérabilités dans les ressources AWS, Azure et GCP|http://www.globalsecuritymag.fr/Palo-Alto-Networks-identifie-plus,20190725,89448.html]]|AWS Azure GCP Containers Flaws|
|2019.07.26|CSO| → [[Over a quarter of cloud loads have been compromised by cryptojackers|https://www.cso.com.au/article/664586/over-quarter-cloud-loads-been-compromised-by-cryptojackers/]]|AWS Azure GCP Containers Flaws|
|2019.07.24|//Avanan//|[[Office 365 Credential Validator Phishing Attack|https://www.avanan.com/resources/office-365-credential-validator-phishing-attack]]|O365 Phishing|
|2019.07.24|Help Net Security| → [[Phishers targeting Office 365 admins have a new trick up their sleeve|https://www.helpnetsecurity.com/2019/07/24/phishers-targeting-office-365-admins/]]|O365 Phishing|
|2019.07.24|//Rapid7//|[[Why the Modern SIEM Is in the Cloud|https://blog.rapid7.com/2019/07/24/why-the-modern-siem-is-in-the-cloud/]]|SIEM|
|2019.07.24|//ResearchAndMarkets//|[[Global Cyber Security Markets to 2025 - Growing Use of Cloud-Based Security Solutions|https://www.globenewswire.com/news-release/2019/07/24/1887393/0/en/Global-Cyber-Security-Markets-to-2025-Growing-Use-of-Cloud-Based-Security-Solutions.html]]|Report|
|2019.07.24|//SkyBox Security//|[[Cloud Container Vulnerabilities Soar, According to Report|https://www.bloomberg.com/press-releases/2019-07-24/skybox-security-cloud-container-vulnerabilities-soar-according-to-report]]|Report SkyBox|
|2019.07.25|Le Big Data[>img[iCSF/flag_fr.png]]| → [[Containers Cloud : les risques de cybersécurité ont crû 240% en 2 ans|https://www.lebigdata.fr/containers-cloud-risques-cybersecurite]]|Report SkyBox|
|2019.07.25|Forbes| → [[Why Cloud Computing Cyber Security Risks Are On The Rise: Report|https://www.forbes.com/sites/jeanbaptiste/2019/07/25/why-cloud-computing-cyber-security-risks-are-on-the-rise-report/]]|Report SkyBox|
|2019.07.24|//Alibaba Cloud//|[[8220 Mining Group Now Uses Rootkit to Hide Its Miners|https://medium.com/@Alibaba_Cloud/8220-mining-group-now-uses-rootkit-to-hide-its-miners-15d6c571cdb3]]|CryptoMining|
|2019.07.24|SANS|[[JumpStart Guide for Cloud-Based Firewalls in AWS|https://www.sans.org/reading-room/whitepapers/analyst/jumpstart-guide-cloud-based-firewalls-aws-39080]]|Analysis Misc.|
|>|>|>|!2019.07.23|
|2019.07.23|Journal du Net[>img[iCSF/flag_fr.png]]|[[Les participants des Rencontres du Cloud en interviews|https://www.journaldunet.com/solutions/cloud-computing/1441766-interviews-les-rencontres-du-cloud/]]|Conference|
|2019.07.23|Bleeping Computer|[[Microsoft to Improve Office 365 Malicious Email Analysis|https://www.bleepingcomputer.com/news/security/microsoft-to-improve-office-365-malicious-email-analysis/]]|O365 Detection|
|2019.07.23|CBR Online|[[Docker Enterprise 3.0: What's New?|https://www.cbronline.com/news/docker-enterprise-3-0-whats-new]]|Docker|
|2019.07.23|DZone|[[Understanding Dockerfile|https://dzone.com/articles/understanding-dockerfile]]|Docker|
|2019.07.23|GeekWire|[[Microsoft-owned LinkedIn is moving to the public cloud, and guess which platform it's choosing?|https://www.geekwire.com/2019/microsoft-owned-linkedin-moving-public-cloud-guess-platform-choosing/]]|Azure LinkedIn|
|2019.07.23|SecurityWeek|[[Attackers Turn Elasticsearch Databases Into DDoS Bots|https://www.securityweek.com/attackers-turn-elasticsearch-databases-ddos-bots]]|Attacks ElasticSearch|
|2019.07.23|CyberSecurity Insiders|[[Ways to help keep Cloud Security intact in the finance industry|https://www.cybersecurity-insiders.com/ways-to-help-keep-cloud-security-intact-in-the-finance-industry/]]|Misc|
|2019.07.23|//OVH//[>img[iCSF/flag_fr.png]]|[[Pourquoi il faut choisir le cloud européen|https://www.lesechos.fr/idees-debats/cercle/pourquoi-il-faut-choisir-le-cloud-europeen-1039819]]|CLOUD_Act|
|2019.07.23|//Rhino Security Labs//|[[AWS IAM Privilege Escalation|https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Escalation]]|AWS IAM Privilege_Escalation|
|2019.07.23|//SecurityIntelligence / IBM//|[[What's New in the 2019 Cost of a Data Breach Report|https://securityintelligence.com/posts/whats-new-in-the-2019-cost-of-a-data-breach-report/]]|Report DataBreach|
|2019.07.23|//MDSec//|![[Introducing the Office 365 Attack Toolkit|https://www.mdsec.co.uk/2019/07/introducing-the-office-365-attack-toolkit/]]|O365 Tools|
|2019.07.23|//NetApp//|[[Challenges and Solutions of File Services in the Cloud Architecture|https://pupuweb.com/file-services-cloud-computing/]]|Misc|
|2019.07.23|//PaloAlto Networks//|[[4 Practical Steps for 'Shift Left' Security|https://blog.paloaltonetworks.com/2019/07/4-practical-steps-shift-left-security/]]|DevSecOps|
|2019.07.23|//Managed Methods//|[[Cloud Application Security Architecture for SaaS Security|https://managedmethods.com/blog/cloud-application-security-architecture/]]|Architecture|
|2019.07.23|//CyberDB//|[[Ten tips for better AWS cyber security|https://www.cyberdb.co/ten-tips-better-aws-cyber-security/]]|AWS Best_Practices|
|>|>|>|!2019.07.22|
|2019.07.22|DisruptOps|[[Dev, Sec and Ops: Communications Breakdown|https://disruptops.com/dev-sec-and-ops-communications-breakdown/]]|DevSecOps|
|2019.07.22|MSSP Alert|[[Hackers Attacking Misconfigured AWS S3 Cloud Buckets|https://www.msspalert.com/cybersecurity-breaches-and-attacks/aws-s3-bucket-data-leaks/]]|AWS_S3 Data_Leaks|
|2019.07.22|Dechert|[[Actual Impact of 2018 U.S. CLOUD Act Still Hazy|https://info.dechert.com/10/12598/july-2019/actual-impact-of-2018-u.s.-cloud-act-still-hazy.asp?sid=0a005ac3-1df4-43c4-a944-f723188079ce]]|CLOUD_Act|
|2019.07.22|Fox Rothschild|![[EU Agencies Issue Joint Response On Impact Of US CLOUD Act|https://dataprivacy.foxrothschild.com/2019/07/articles/european-union/gdpr/eu-agencies-issue-joint-response-on-impact-of-us-cloud-act/]]|CLOUD_Act|
|2019.07.22|Dark Reading|[[How Cybercriminals Break into the Microsoft Cloud|https://www.darkreading.com/cloud/how-cybercriminals-break-into-the-microsoft-cloud/d/d-id/1335314]]|Azure Attacks Conference|
|2019.07.22|Rick Blaisdell|[[Multi-cloud strategy: battle of the clouds or the strongest alliance ever?|https://rickscloud.com/multi-cloud-strategy-battle-of-the-clouds-or-the-strongest-alliance-ever/]]|Multi_Cloud|
|2019.07.22|DZone|[[Microsoft Azure vs. Amazon Web Services: A Cloud Platform Comparison|https://dzone.com/articles/microsoft-azure-vs-amazon-web-services-a-cloud-pla]]|AWS Azure|
|2019.07.22|KitPloit|[[Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers |https://www.kitploit.com/2019/07/dockernymous-script-used-to-create.html]]|Docker Tools|
|2019.07.22|SiliconAngle|[[Zscaler transforms IT security from "castle and moat" to direct access via the cloud |https://siliconangle.com/2019/07/22/zscaler-transforms-security-castle-moat-direct-access-via-the-cloud-cubeconversations/]]|Misc|
|2019.07.22|//iNSYNQ//|![[Update: We're beginning to turn on customer desktops|https://blog.insynq.com/blog/update-were-beginning-to-turn-on-customer-desktops]]|Attacks Ransomware iNSYNQ|
|2019.07.22|SC Magazine| → [[Cloud-hosting firm iNSYNQ shut down by MegaCortex ransomware|https://www.scmagazine.com/home/security-news/ransomware/cloud-hosting-firm-insynq-shut-down-by-megacortex-ransomware/]]|Attacks Ransomware iNSYNQ|
|2019.07.23|InfoRiskToday| → [[iNSYNQ Continues Recovery From MegaCortex Ransomware Attack|https://www.inforisktoday.com/insynq-continues-recovery-from-megacortex-ransomware-attack-a-12816]]|Attacks Ransomware iNSYNQ|
|2019.08.08|AccountingToday| → [[Inside the Insynq attack: 'We had to assume they were listening'|https://www.accountingtoday.com/news/inside-the-insynq-ransomware-attack-we-had-to-assume-they-were-listening]]|Attacks Ransomware iNSYNQ|
|2019.07.22|//SecurityIntelligence / IBM//|![[The Dark Web Market Is Moving Toward IaaS and MaaS - Here's Why|https://securityintelligence.com/posts/the-dark-web-market-is-moving-toward-iaas-and-maas-heres-why/]]|DarkWeb IaaS MaaS|
|2019.07.22|//Stackrox//|[[Kubernetes Security 101 - Everything You Must Know to Secure k8s|https://www.stackrox.com/post/2019/07/kubernetes-security-101/]]|K8s|
|2019.07.22|//Cyren//|[[Office 365 Email Security in the Enterprise: 2019 Benchmarking Survey|https://www.cyren.com/201906_RPT_O365_EmailSec_Survey]]|Report Cyren Osterman|
|2019.07.22|ZDnet| → [[40% of enterprises experienced Office 365 credential theft, report finds|https://www.techrepublic.com/article/40-of-enterprises-experienced-office-365-credential-theft-report-finds/]]|Report Cyren Osterman|
|2019.07.22|//Azure//|[[What's the difference between Azure Monitor and Azure Service Health?|https://azure.microsoft.com/en-us/blog/what-s-the-difference-between-azure-monitor-and-azure-service-health/]]|Azure Monitor|
|2019.07.22|//Tripwire//|[[Using AWS Session Manager with Enhanced SSH and SCP Capability|https://www.tripwire.com/state-of-security/security-data-protection/cloud/aws-session-manager-enhanced-ssh-scp-capability/]]|AWS SSH SCP|
|2019.07.22|//iland Internet//|[[Choosing A Cloud Provider for VMware Workloads? Ask These Questions First|https://cloudtweaks.com/2019/07/choosing-a-cloud-provider-vmware-workload/]]|VMware|
|2019.07.22|//eXemplify//|[[Security in the Cloud: Who's Responsible?|http://www.exemplifygroup.com/security-in-the-cloud-whos-responsible/]]|Misc|
|2019.07.22|//Check Point//|[[Secure your AWS, Azure and Google Environment Automatically with CloudBots|https://blog.checkpoint.com/2019/07/22/secure-your-aws-azure-and-google-environment-automatically-with-cloudbots/]]|CloudBots|
|2019.07.22|//Symantec//|[[How Immature Security Practices Complicate Cloud Migration|https://www.symantec.com/blogs/expert-perspectives/how-immature-security-practices-complicate-cloud-migration]]|Report Symantec|
|2019.07.26|IT World Canada| → [[More than 90% of security decision-makers fail to keep tabs on workloads in the cloud |https://www.itworldcanada.com/article/more-than-90-of-security-decision-makers-fail-to-keep-tabs-on-workloads-in-the-cloud/420387]]|Report Symantec|
|2019.08.09|Health Data Management|[[As cloud use rises among payers, so do cybersecurity concerns|https://www.healthdatamanagement.com/news/as-cloud-use-rises-among-payers-so-do-cybersecurity-concerns]]|Report Symantec|
!"//Cloud Security Alliance Releases Best Practices for Implementing a Secure Application Container Architecture//"
[>img(150px,auto)[iCSA/J7QPB.png]]Annonce de la CSA publiée le 26 juillet 2019.
<<<
//SEATTLE - July 26, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released Best Practices for Implementing a Secure Application Container Architecture. Produced by the CSA's ''Application Containers and Microservices Working Group'', this paper is the second in a series of reports covering the securing of app containers and microservices and offers detailed recommendations and best practices to address the challenges laid out in the recently released "[[CSA Releases Research Identifying Challenges in Securing Application Containers and Microservices|2019.07.16 - 'CSA Releases Research Identifying Challenges in Securing Application Containers and Microservices']]".
Increasingly, enterprises are migrating to the cloud, and unsurprisingly, the number of stakeholders and their unique needs are growing at an exponential rate. Common ground is needed, then, to ensure that developers, operators, and architects are able to efficiently -- and effectively -- address the myriad components involved in application container architecture. Recognizing this, CSA is producing a series of white papers to facilitate secure migration to the crowd.
The paper was developed through extensive collaboration among a diverse group of participants with strong knowledge and practical experience in information security, operations, application containers, and microservices. Among the risks covered are: code promotion across environments, securing the host, container continuous monitoring from the platform/host, container networking, validating the integrity and security quality of the image, container forensics, trust chain through containers, container volume and secret management, platform and container management, and container encryption.
"Application containers and microservices architecture are being used to design, develop, and deploy applications, leveraging agile software development approaches such as development operations. Couple this with the fact that application containers and microservices have unique characteristics -- each with distinct security ramifications based on the stakeholder -- it's vital that security is embedded into the software development process," said Andrew Wild, Container and Microservices Working Group Co-chair. "It's CSA's hope that this document will serve as a springboard for careful examination and discussion of how to best secure application containers."//
[...]
<<<
⇒ Lire [[la suite|https://cloudsecurityalliance.org/articles/csa-releases-best-practices-for-implementing-a-secure-application-container-architecture/]] sur le site de la CSA
!"//Best Practices for Implementing a Secure Application Container Architecture//"
<<<
[>img(150px,auto)[iCSA/J7QPB.png]]//Application containers and a microservices architecture are being used to design, develop and deploy applications leveraging agile software development approaches such as Development Operations. Security needs to be embedded into these software development approaches. This document serves to identify recommendations and best practices to address the challenges in securing application containers in the engineering of trustworthy secure systems through the lens of the Developer, Operator and Architect.//
<<<
__Table des matières :__
<<<
|ssTablN0|k
|.|Abstract|
|.|Acknowledgements|
|.|Executive Summary|
|1.|Introduction|
|1.1.|Purpose and Scope|
|1.2.|Document Structure|
|1.3.|Audience|
|2.|Application Container and Microservices|
|3.|Application Container Mitigations for Challenges|
|3.1.|Code Promotion Across Environments|
|3.2.|Securing the Host|
|3.3.|Container Continuous Monitoring from the Platform/Host|
|3.4.|Container Networking - Communications between Host and Container|
|3.5.|Container Networking - Communications between Containers|
|3.6.|Validate Integrity and Security Quality of the Image|
|3.7.|Container Forensics|
|3.8.|Trust Chain through Containers|
|3.9.|Container Volume Management|
|3.10.|Container Secret Management|
|3.11.|Platform Management - Notification of Lifecycle Events|
|3.12.|Platform Management - Resource Request|
|3.13.|Platform Management - Container Resource Management|
|3.14.|Container Management - Scaling Container Resources|
|3.15.|Container Management - Data Backups and Replication|
|3.16.|Container Management - Container rehosting between CMPs|
|3.17.|Container Encryption|
|.|Appendix A - Acronyms|
|.|Appendix B - Glossary|
|.|Appendix C - References|
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j7qc/|https://CloudSecurityAlliance.fr/go/j7qc/]]''
|!Juillet|!Sources|!Titres et Liens|!Synthèses|
|2019.07.26|CSA|[[Cloud Security Alliance Releases Best Practices for Implementing a Secure Application Container Architecture|https://cloudsecurityalliance.org/articles/csa-releases-best-practices-for-implementing-a-secure-application-container-architecture/]]|Second report in series provides mitigation options for 18 possible risks surrounding integration of application containers into trustworthy, secure systems|
|2019.07.16|CSA|[[Cloud Security Alliance Releases New Research Identifying Challenges in Securing Application Containers and Microservices|https://cloudsecurityalliance.org/articles/csa-releases-new-research-indentifying-challenges-in-securing-application-containers-and-microservices/]]|Report identifies challenges in securing application containers and microservices through the lens of the developer, operator and architect|
|2019.07.12|CSA|[[Cloud Security Alliance Releases Cloud Penetration Testing Playbook|https://cloudsecurityalliance.org/articles/cloud-security-alliance-releases-cloud-penetration-testing-playbook/]]|Reports provides foundation for public cloud penetration testing methodology|
|2019.07.02|CSA|[[Cloud Security Alliance Congress EMEA 2019 Call for Papers - Deadline Extended|https://cloudsecurityalliance.org/articles/csa-congress-emea-2019-call-for-papers-deadline-extended/]]|Papers examining new frontiers accelerating change in information security are sought|
!"//FedSTAR Pilot Program Status//"
[>img(150px,auto)[iCSA/J7OBF.jpg]]Article de blog publié le 24 juillet 2019
<<<
/%
À mesure que l'utilisation de la technologie cloud s'est généralisée, l'inquiétude suscitée par la sécurité du cloud s'est accrue. Les agences gouvernementales et les utilisateurs du secteur privé se préoccupent de la protection des données et de la disponibilité des services. De nombreux pays et entités privées ont conçu et mis en œuvre des programmes de sécurité pour accroître le niveau d'assurance et de confiance des services Cloud. En conséquence, plusieurs programmes de certification et d'accréditation ont été créés. En 2019, plus de 40 systèmes de certification de sécurité différents ont été développés et mis en œuvre dans le monde entier, y compris le programme CSA STAR.
D'une part, l'introduction de systèmes de certification et d'accréditation a simplifié la création de relations de confiance entre les fournisseurs de services dans le cloud (CSP) et les clients et, par conséquent, rationalisé les processus d'approvisionnement. D'autre part, la multiplication des schémas de certification a pour effet secondaire de générer une fatigue liée à la conformité. Ce problème a un impact significatif sur les ressources que les services de cloud computing doivent appliquer à la sécurité. De nombreux fournisseurs de services de contrôle ont un personnel dédié à la conformité aux multiples certifications de sécurité qui régissent leurs services. En plus de peser lourdement sur les CSP existants, la nécessité de se conformer à plusieurs certifications de sécurité est un obstacle majeur à l'entrée sur le marché des nouveaux CSP.
Il y a environ 18 mois, CSA a commencé à travailler avec le bureau du programme FedRAMP de la US General Services Administration sur l'idée de FedSTAR, un programme destiné à faciliter la reconnaissance des programmes FedRAMP et STAR. Le projet FedSTAR fait partie d'une initiative plus vaste de la CSA visant à faire évoluer STAR vers un cadre mondial permettant la reconnaissance multipartite de la certification nationale, internationale et spécifique à un secteur.
Il existe un programme équivalent à FedSTAR en Europe avec le projet EU-SEC. Le CSA a introduit l'idée d'une reconnaissance multipartite auprès de la communauté des parties prenantes, ce qui suscite beaucoup d'intérêt, tant de la part du gouvernement que du secteur privé.
Les projets FedSTAR et EU-SEC ont deux objectifs principaux:
* Construire une base pour la reconnaissance mutuelle entre la certification de sécurité, les attestations et les accréditations nationales, internationales et sectorielles
* Accorder une certification de confiance reconnue par les CSP et les clients
* Réduire les coûts de mise en conformité pour les CSP qui veulent satisfaire aux exigences de l'industrie et du gouvernement
* Exigences de support pour la surveillance continue
La solution à ce problème mondial n'est pas d'établir un nouveau système de certification de sécurité avec différents processus, preuves de conformité et contrôles à la source. FedSTAR vise plutôt à mettre au point un processus favorisant la reconnaissance mutuelle entre le gouvernement fédéral américain FedRAMP et le CSA STAR. La solution repose sur le fait que FedRAMP et CSA STAR s'appuient sur des ensembles de contrôles sanctionnés et largement utilisés en tant que source de conformité en matière de sécurité.
Le but de FedSTAR est qu'une fois que la société a obtenu la certification STAR ou l'autorisation d'exploitation de FedRAMP, elle ne peut obtenir cette certification qu'en auditant le delta de contrôles définissant les écarts entre les exigences de FedRAMP Moderate et de Cloud Control Matrix (CCM). ). À cet effet, l'équipe d'audit de FedSTAR serait obligée d'obtenir les accréditations du vérificateur principal de la certification STAR et des professionnels 3PAO.
%/ //As the use of cloud technology has become more widespread, the concern about cloud security has increased. Government agencies and private sector users are concerned with protecting data and ensuring service availability. Many countries and private entities have designed and implemented security programs to increase the level of assurance and trust of cloud services. As a result, multiple certifications and accreditation programs were created. As of 2019, over 40 different security certification systems have been developed and implemented worldwide, including the CSA STAR program.
On the one hand, the introduction of certification and accreditation systems has simplified the creation of trusted relationships between Cloud Services Providers (CSPs) and customers and consequently streamlined the procurement processes. On the other hand, the proliferation of certification schemas has the side effect of generating compliance fatigue. This issue is having a significant impact on the resources that cloud services must apply to security. Many CSPs have dedicated staff for ensuring compliance with multiple security certifications governing their services. In addition to being a resources drain on existing CSPs, the need to comply with multiple security certifications is a major obstacle to market entry for new CSPs.
About 18 months ago, CSA began working with the FedRAMP program office at the U.S. General Services Administration on the idea of FedSTAR, a program to facilitate the recognition between FedRAMP and STAR programs. The FedSTAR project is part of a larger CSA initiative aimed at evolving STAR to a global framework for multiparty recognition of national, international, and sector-specific certification.
There is an equivalent program to FedSTAR in Europe with the EU-SEC project. CSA introduced the idea of multiparty recognition to the stakeholder community, and there has been a lot of interest from both the government and private sectors.
Both FedSTAR and EU-SEC projects have four primary goals:
* Build a foundation for mutual recognition between national, international and sector-specific security certification, attestations and accreditations
* Grant a trusted certification that is recognized by CSPs and customers
* Reduce the compliance cost for CSPs that want to meet the requirements of both industry and government
* Support requirements for continuous monitoring
The solution to this global problem is not to establish a new security certification system with different processes, evidence of compliance, and source controls. Rather, FedSTAR aims to develop a process that supports mutual recognition between the U.S. Federal government FedRAMP and CSA STAR. The solution is based on the fact that both FedRAMP and CSA STAR are grounded in sanctioned, widely-used sets of controls as the source of security compliance.
The goal of FedSTAR is that once a company has achieved either STAR Certification or FedRAMP authorization to operate, that company can obtain the other certification only by auditing the delta of controls that defines the gaps between the requirements of FedRAMP Moderate and Cloud Control Matrix (CCM). In support of this, the FedSTAR auditing team would be required to have both the STAR Certification Lead Auditor and 3PAO professional accreditations.
[>img(500px,auto)[iCSA_/J7OFPPS.png]]
/%
Bien que STAR Certification et FedRAMP ne soient pas compatibles en l'état, ils ont des éléments de base communs, notamment le niveau de maturité de chaque programme, l'exigence d'évaluateurs tiers indépendants et l'utilisation d'examens basés sur le contrôle.
Notre hypothèse de travail, basée sur les recherches initiales, est que la reconnaissance mutuelle entre les deux systèmes serait facile à établir en raison du chevauchement des certifications FedRAMP Moderate et CSA CCM.
Ces facteurs ont conduit à notre décision de codifier les processus et de mesurer le niveau d'effort requis pour qu'un CSP passe de la certification modérée FedRAMP à la certification CSA STAR.
''Où sommes-nous actuellement?''
* Nous avons développé une analyse des écarts entre CSA STAR et FedRAMP modérée
* Nous avons mis en place un ensemble de mesures visant à quantifier le temps, le personnel et les autres ressources nécessaires pour obtenir une certification CSA STAR après avoir reçu une autorisation modérée d'exploitation de FedRAMP.
* Nous avons identifié un CSP qui a accepté d'inclure une évaluation de certification CSA STAR dans son examen annuel de la conformité à FedRAMP. cet effort débutera à la fin de l'été 2019. Ce sera notre premier projet pilote.
'' Mesures du succès ''
La CSA part de l'hypothèse de travail selon laquelle il lui faudra déployer des efforts minimes pour obtenir une certification CSA STAR à partir d'un ATO FedRAMP Moderate. Cependant, cette hypothèse doit être validée. Par conséquent, en collaboration avec les membres de la communauté des évaluateurs indépendants tiers, nous avons défini un ensemble de mesures que les participants pilotes ont accepté de collecter. Ces mesures incluent des critères qualitatifs et quantitatifs.
# Disponibilité / temps de préparation - Mesure quantitative permettant de comprendre les efforts requis par l'audité pour se préparer à un audit de certification STAR à partir d'un poste de FedRAMP Conformité moyenne - exprimée en nombre de jours-homme
# Temps d'audit - Mesure quantitative du temps requis pour obtenir la certification STAR? Quels sont les efforts nécessaires pour la préparation de la documentation et l'évaluation 3PAO?
# Exactitude de la cartographie et de l'analyse des écarts - CSA a fourni une "analyse de la cartographie et des écarts CCM-FedRAMP" à l'appui de cet effort. Nous demandons des commentaires sur l'utilité de la carte et l'efficacité des "contrôles compensatoires" proposés par la CSA.
# Réutilisation des preuves d'audit - Identification des documents et des preuves créés lors d'un audit FedRAMP pouvant être appliqués aux exigences de CCM V3.0.1
# Base de compétences - Quelles sont les compétences requises pour effectuer un audit FedRAMP à CSA STAR? Le CSP devait-il fournir des compétences supplémentaires pour obtenir la certification STAR?
# Le pilote recueillera également des informations sur les outils fournis pour faciliter son exécution.
''Prochaines étapes''
Le moment est maintenant critique pour le projet FedSTAR. Nous avons effectué la planification et le développement de l'infrastructure appropriés. Nos séances d'information sur le programme - réalisées en collaboration avec FedRAMP - ont suscité l'intérêt de la communauté du cloud. Le moment est venu d'exécuter les projets pilotes et d'analyser les résultats. Un programme pilote débutera à la fin de l'été 2019.
* Besoin de CSP supplémentaires pour s'inscrire pour participer au programme
* Nécessité de créer un groupe de discussion pour examiner les résultats du projet pilote et guider le programme
%/
While STAR Certification and FedRAMP are not compatible as deployed, they have basic elements in common including the level of maturity of each program, the requirement for independent 3rd party assessors and the use of control-based reviews.
Our working assumption, based on initial research, is that the mutual recognition between the two systems would be easy to establish because of the overlap between the FedRAMP Moderate and CSA CCM certifications.
These factors led to our decision to codify processes and measure the level of effort required for a CSP to go from FedRAMP moderate certification to CSA STAR certification.
''Where are we now?''
* We have developed a gap analysis between CSA STAR and FedRAMP moderate
* We have established a set of measures designed to quantify the time, staff and other resources needed to obtain a CSA STAR certification after receiving a FedRAMP moderate authorization to operate
* We have identified one CSP who has agreed to include a CSA STAR certification assessment in its annual review for FedRAMP compliance; this effort will begin in late summer 2019. This will be our first pilot.
''Measures of Success''
CSA has the working assumption that it will require a minimal level of effort to receive a CSA STAR certification starting from a FedRAMP Moderate ATO. However, this hypothesis must be validated. Therefore, working with members of the Third Party Independent Assessor community, we have established a set of measures that pilot participants have agreed to collect. These measures include both qualitative and quantitative criteria.
# Readiness/Preparation time - Quantitative measure to understand the effort required by the auditee to prepare for a STAR Certification audit starting from a position of FedRAMP Moderate compliance - expressed in the number of man-days
# Audit time - Quantitative measure of the time required to get the STAR certification? Specifically what effort is needed for documentation preparation and 3PAO assessment
# Accuracy of the mapping and gap analysis - CSA has provided a "CCM-FedRAMP Mapping and Gap Analysis" to support this effort. We are asking for comments on the usefulness of the Map and the effectiveness of the "compensating controls" suggested by CSA
# Re-use of audit evidences - Identification of those documents and evidences created during a FedRAMP audit that can be applied to the requirements of CCM V3.0.1
# Skill Base - What are the skills required to complete a FedRAMP to CSA STAR audit? Were there additional skills that the CSP need to provide to complete the STAR Certification?
# The pilot will also collect information on the tools provided to facilitate pilot execution.
''Next Steps''
Now is a critical time for the FedSTAR project. We have done the appropriate planning and infrastructure development. Our briefings on the program - done in conjunction with FedRAMP - have generated interest in the cloud community. The time is right to execute the pilots and analyze the results. One pilot program will begin in late Summer 2019.
* Need additional CSPs to sign-up to participate in the program
* Need to establish a Focus Group to review pilot results and guide the program
//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/07/24/fedstar-pilot-program-status/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 15 au 21 juillet 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : ''Shift Left' to Harden Your Cloud Security Posture''+++*[»]> <<tiddler [[2019.07.18 - Blog : 'Shift Left to Harden Your Cloud Security Posture']]>>===
* Blog : ''Partage d'expérience Cloud dans le Secteur Financier''+++*[»]> <<tiddler [[2019.07.19 - Blog : Partage d'expérience Cloud dans le Secteur Financier]]>>===
* Publication : ''Best Practices for Implementing a Secure Application Container Architecture''+++*[»]> <<tiddler [[2019.07.16 - Publication : 'Best Practices for Implementing a Secure Application Container Architecture']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.07.21 - Veille Hebdomadaire - 21 juillet]] avec une cinquantaine de liens :
* Piratages et fuites de données : nouvelle attaque de raçongiciel chez un prestataire Cloud (iNSYNQ)
* Rapports et sondages : Alcide, Bitglass, Blackblaze, Duo Security, Gartner, Synopsys
* __Divers__ : OVH en cours de qualification SecNumCloud, Docker, tests d'intrusion
!!3 - Agenda
* ''28 __juillet__'' : __''Dernière semaine''__ pour soumettre une proposition pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.06.21 - Encore un mois pour soumettre un sujet au CSA Congress EMEA 2019]]>>===
!!Veille Hebdomadaire - 21 juillet 2019
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.07.21|
|2019.07.21|Bleeping Computer|[[Phishers Target Office 365 Admins with Fake Admin Alerts|https://www.bleepingcomputer.com/news/security/phishers-target-office-365-admins-with-fake-admin-alerts/]]|O365 Phishing|
|>|>|>|!2019.07.20|
|2019.07.20|0x00sec|[[A Blue Team guide to AWS Cloudtrail monitoring|https://0x00sec.org/t/a-blue-team-guide-to-aws-cloudtrail-monitoring/15086/]]|AWS Monitoring|
|>|>|>|!2019.07.19|
|2019.07.19|Challenges[>img[iCSF/flag_fr.png]]|![[Face au Cloud Act américain, le grand retour du "cloud souverain" français|https://www.challenges.fr/entreprise/face-au-cloud-act-americain-le-grand-retour-du-cloud-souverain-franais_664976]]|CLOUD_Act Sovereign_Cloud|
|2019.07.19|Les Echos[>img[iCSF/flag_fr.png]]|![[Cloud Act : Amazon traite les requêtes de la justice américaine|https://www-lesechos-fr.cdn.ampproject.org/c/s/www.lesechos.fr/amp/1039103]]|CLOUD_Act AWS|
|2019.07.19|DZone|[[Containers Without Docker|https://dzone.com/articles/containers-with-out-docker]]|Containers Docker|
|2019.07.19|Help Net Security|[[New open source solution reduces the risks associated with cloud deployments|https://www.helpnetsecurity.com/2019/07/19/reduce-cloud-deployment-risks/]]|AWS UCE|
|2019.07.19|//Lacework//|[[Cloud Security Incident Response: Continuous vs. Emergency Approaches|https://www.lacework.com/continuous-cloud-security-incident-response/]]|Incident_Response|
|2019.07.19|//Checkpoint//[>img[iCSF/flag_fr.png]]|[[Le Rapport de sécurité du Cloud 2019 de Check Point identifie l'éventail des problèmes de sécurité des entreprises dans les Clouds publics|http://www.globalsecuritymag.fr/Le-Rapport-de-securite-du-Cloud,20190717,89196.html]]|Report Checkpoint|
|2019.07.19|//iNSYNQ//|![[iNSYNQ experienced a ransomware attack on 7/16/19 perpetrated by unknown malicious attackers|https://www.insynq.com/support/#status]]|Attacks Ransomware|
|2019.07.19|MSSP Alert| → [[Ransomware Attacks Cloud Service Provider Insynq; MSPs Impacted|https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/insynq-outage/]]|Attacks Ransomware|
|2019.07.19|Bleeping Computer| → [[iNSYNQ Cloud Hosting Provider Hit by Ransomware Attack|https://www.bleepingcomputer.com/news/security/insynq-cloud-hosting-provider-hit-by-ransomware-attack/]]|Attacks Ransomware|
|2019.07.19|Krebs On Security| → [[QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack|https://krebsonsecurity.com/2019/07/quickbooks-cloud-hosting-firm-insynq-hit-in-ransomware-attack/]]|Attacks Ransomware|
|2019.07.19|//Chef//|[[Don't Leave Your S3 Buckets Wide Open|https://blog.chef.io/2019/07/19/dont-leave-your-s3-buckets-wide-open/]]|Protection S3|
|2019.07.19|//Inedo//|[[50+ Kubernetes DevOps Tools on GitHub|https://blog.inedo.com/50-kubernetes-devops-tools-github]]|K8s Tools|
|2019.07.19|ZDnet|[[Encryption laws to run up against CLOUD Act and GDPR: Law Council|https://www.zdnet.com/article/encryption-laws-to-run-up-against-cloud-act-and-gdpr-law-council/]]|CLOUD_Act|
|2019.07.19|//Managed Sentinel//|![[Mapping of On-Premises Security Controls vs Major Cloud Providers|https://www.managedsentinel.com/2019/05/28/on-prem-vs-cloud/]] (versions [[PNG|https://www.managedsentinel.com/wp-content/uploads/2019/05/Cloud-vs-On-Premises-v-4.png]] et [[PDF|https://www.managedsentinel.com/downloads/on_prem_vs_cloud_v4.pdf]])|Azure Security|
|2019.07.19|//AWS//|![[Securing access to AMIs in AWS Marketplace|https://aws.amazon.com/blogs/awsmarketplace/securing-access-to-amis-aws-marketplace/]]|AWS AMI|
|>|>|>|!2019.07.18|
|2019.07.18|Global Security Mag[>img[iCSF/flag_fr.png]]|[[L'adoption rapide et massive du cloud public réforme les modèles de sécurité des entreprises|http://www.globalsecuritymag.fr/L-adoption-rapide-et-massive-du,20190718,89247.html]]|Misc|
|2019.07.18|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Google Cloud certifié hébergeur de données de santé en France|https://www.lemondeinformatique.fr/actualites/lire-google-cloud-certifie-hebergeur-de-donnees-de-sante-en-france-75949.html]]|GCP Healthcare France|
|2019.07.18|Ronnie Flathers|![[Docker for Pentesters|https://blog.ropnop.com/docker-for-pentesters/]]|Docker PenTesting|
|2019.07.18|Bleeping Computer|[[Fake Office 365 Site Pushes Trickbot Trojan as Browser Update|https://www.bleepingcomputer.com/news/security/fake-office-365-site-pushes-trickbot-trojan-as-browser-update/]]|O365 Phishing|
|2019.07.18|DZone|![[Why I Am Worried About My Personal Data in The Cloud|https://dzone.com/articles/why-am-i-worried-about-my-personal-data-in-the-clo]]|Privacy|
|2019.07.18|SecurityTrails|[[How to Install Kali Linux in the Cloud|https://securitytrails.com/blog/install-kali-linux-cloud]]|Audit Tools|
|2019.07.18|Down the Security Rabbitole|[[DtSR Episode 354 - Pragmatic Azure Security|http://podcast.wh1t3rabbit.net/dtsr-episode-354-pragmatic-azure-security]] ([[podcast|http://hwcdn.libsyn.com/p/8/b/1/8b1e1c3fa9a57563/DtSR_Episode_354_-_Pragmatic_Azure_Security.mp3]])|Azure|
|2019.07.18|TechRadar Pro|[[.cloud domains: a name that's made for fame|https://www.techradar.com/news/cloud-domains-a-name-thats-made-for-fame]]|Domains|
|2019.07.18|//iland Internet//|[[Migrating infrastructure to the cloud -- what the board needs to know|https://betanews.com/2019/07/18/migrating-infrastructure-to-the-cloud/]]|Governance Risks|
|2019.07.18|//Lacework//|[[How to Improve Breach Detection in the Cloud|https://www.lacework.com/improve-breach-detection-cloud/]]|Breach Detection|
|2019.07.18|//Tripwire//|[[Multi-Cloud Security Best Practices Guide|https://www.tripwire.com/state-of-security/security-data-protection/cloud/multi-cloud-security-best-practices-guide/]]|MultiCloud Best_Practices|
|2019.07.18|//Security Intelligence//|![[Does Your Cloud Vendor Contract Include These Crucial Security Requirements?|https://securityintelligence.com/posts/does-your-cloud-vendor-contract-include-these-crucial-security-requirements/]]|Contracts|
|2019.07.18|//Cylance//|[[Benefits, Risks, and Insurance Issues in the Cloud|https://threatvector.cylance.com/en_us/home/benefits-risks-and-insurance-issues-in-the-cloud.html]]|Compliance|
|2019.07.18|//Managed Methods//|[[Is Microsoft Cloud Secure? Office 365 Apps Security|https://managedmethods.com/blog/is-microsoft-cloud-secure/]]|Azure O365|
|2019.07.18|//Azure//|[[Azure Monitor for containers with Prometheus now in preview|https://azure.microsoft.com/en-us/blog/azure-monitor-for-containers-with-prometheus-now-in-preview/]]|Azure Containers Monitoring|
|2019.07.18|//HiveMQ//|[[A Better Solution for IoT Security and MQTT|https://www.hivemq.com/blog/a-better-solution-for-iot-security-and-mqtt/]]|IoT MQTT|
|>|>|>|!2019.07.17|
|2019.07.17|disruptOps|[[Cloud Security CoE Shared Services|https://disruptops.com/cloud-security-coe-shared-services/]]|Best_Practices|
|2019.07.17|DFRWS|[[AFF4-L: A scalable open logical evidence container|http://dfrws.org/sites/default/files/session-files/paper-aff4_l_a_scalable_open_logical_evidence_container.pdf]]|Forensics Conference|
|2019.07.17|Felix Felix Wilhelm|![[Quick and dirty way to get out of a privileged k8s pod or docker container by using cgroups release_agent feature|https://mobile.twitter.com/_fel1x/status/1151487053370187776/]]|Docker Vulnerability PoC|
|2019.07.19|//Trail of Bits//| → [[Understanding Docker container escapes|https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/]]|Docker Vulnerability PoC|
|2019.07.17|Infosecurity Mag|[[93% of Orgs Worry About Cloud Security|https://www.infosecurity-magazine.com/news/93-of-orgs-worry-about-cloud]]|Report|
|2019.07.17|Help Net Security|[[As cyber attacks increase, the cloud-based database security market grows|https://www.helpnetsecurity.com/2019/07/17/cloud-based-database-security-market/]]|Report ResearchAndMarkets|
|2019.07.17|//Synopsys//|[[2019 Cloud Security Report|https://www.synopsys.com/software-integrity/resources/analyst-reports/security-in-the-cloud.html]]|Report Synopsis|
|2019.07.17|AWS Insider.net| → [[Cloud Security Survey: Top Concern Is Data Loss/Leakage|https://awsinsider.net/articles/2019/07/17/cloud-security-report.aspx]]|Report Synopsis|
|2019.07.17|Dark Reading| → [[Data Loss, Leakage Top Cloud Security Concerns|https://www.darkreading.com/cloud/data-loss-leakage-top-cloud-security-concerns/d/d-id/1335277]]|Report Synopsis|
|2019.07.17|Computer Weekly| → [[Most security pros still concerned about public cloud security|https://www.computerweekly.com/news/252466841/Most-security-pros-still-concerned-about-public-cloud-security]]|Report Synopsis|
|2019.07.17|//Bitglass//|[[Bitglass 2019 Cloud Security Report: Only 20 Percent of Organizations Use Cloud Data Loss Prevention Despite Storing Sensitive Information in the Cloud|https://www.businesswire.com/news/home/20190717005003/en/Bitglass-2019-Cloud-Security-Report-20-Percent]]|Report Bitglass|
|2019.07.18|Help Net Security| → [[Adoption rates of basic cloud security tools and practices still far too low|https://www.helpnetsecurity.com/2019/07/18/basic-cloud-security-tools/]]|Report Bitglass|
|2019.07.17|//Alibaba Cloud//|[[How to Enable Transparent Data Encryption on Alibaba Cloud|https://medium.com/@Alibaba_Cloud/how-to-enable-transparent-data-encryption-on-alibaba-cloud-b46cbb86b96d]]|Alibaba Encryption|
|2019.07.17|//HiveMQ//|[[Client, Broker / Server and Connection Establishment - MQTT Essentials: Part 3|https://www.hivemq.com/blog/mqtt-essentials-part-3-client-broker-connection-establishment/]] (3/5)|MQTT|
|>|>|>|!2019.07.16|
|2019.07.16|DZone|![[Automated Remediation for Cloud-Specific Threats|https://dzone.com/articles/automated-remediation-for-cloud-specific-threats]]|Threats|
|2019.07.16|Container Journal|[[The 3 Phases of Containerization|https://containerjournal.com/2019/07/16/the-3-phases-of-containerization/]]|Containers|
|2019.07.16|Solutions Review|[[What Are the Benefits of a Cloud Managed Service Provider?|https://solutionsreview.com/cloud-platforms/what-are-the-benefits-of-a-cloud-managed-service-provider/]]|CloudMSP|
|2019.07.16|OVH[>img[iCSF/flag_fr.png]]|[[Private Cloud en cours de qualification SecNumCloud|https://www.ovh.com/fr/blog/private-cloud-en-cours-de-qualification-secnumcloud/]]|Certification|
|2019.07.16|//Gartner//|[[G00365830: Magic Quadrant for Cloud Infrastructure as a Service, Worldwide|https://www.gartner.com/en/documents/3947472]] /% https://www.gartner.com/doc/reprints?id=1-1CMAPXNO&ct=190709&st=sb?trk=ar_card %/ |Gartner|
|2019.07.18|Silicon Angle| → [[Google gains ground in Gartner's latest Magic Quadrant for cloud infrastructure |https://siliconangle.com/2019/07/18/google-gains-ground-gartners-latest-magic-quadrant-cloud-infrastructure-services/]]|Gartner IaaS|
|2019.07.18|ZDnet| → [[Google Cloud gains in Gartner's 2019 cloud infrastructure Magic Quadrant|https://www.zdnet.com/article/google-cloud-gains-in-gartners-2019-cloud-infrastructure-magic-quadrant/]] ([[quadrant|https://zdnet3.cbsistatic.com/hub/i/2019/07/18/de65f5b8-eb36-469c-8597-43bbc2af6a64/0d6e05e2ccdc7ee56d4212632233a7e5/gartner-iaas-2019-mq.png]])|Gartner IaaS|
|2019.07.19|CRN| → [[Gartner's 2019 Magic Quadrant For Cloud IaaS: Six Top Providers|https://www.crn.com/slide-shows/cloud/gartner-s-magic-quadrant-for-cloud-iaas-six-top-providers]]|Gartner IaaS|
|2019.07.22|AWS Insider| → [[AWS Dominates Cloud Infrastructure Report for 9th Year|https://awsinsider.net/articles/2019/07/22/gartner-iaas-2019.aspx]]|Gartner IaaS|
|2019.07.22|CBR Online| → [[IaaS Magic Quadrant: Gartner Gets the Claws Out|https://www.cbronline.com/news/cloud-iaas-gartner]]|Gartner IaaS|
|2019.07.16|//Securosis//|[[Build Your Own Multi-Cloud Security Monitoring in 30 Minutes or Less with StreamAlert|https://disruptops.com/build-your-own-multi-cloud-security-monitoring-in-30-minutes-or-less-with-streamalert/]]|Monitoring|
|2019.07.16|//Duo Security//|[[Dragged Into the Light: Duo Security Report Reveals Businesses Gaining Control of Shadow IT|https://duo.com/about/press/releases/dragged-into-the-light-duo-security-report-reveals-businesses-gaining-control-of-shadow-it]]|Report DuoSecurity|
|2019.07.16|Dark Reading| → [[Security Snapshot: OS, Authentication, Browser & Cloud Trends|https://www.darkreading.com/cloud/security-snapshot-os-authentication-browser-and-cloud-trends/d/d-id/1335262]]|Report DuoSecurity|
|2019.07.16|//Backblaze//|[[More From Our Annual Survey: Choosing the Best Cloud for Backing Up|https://www.backblaze.com/blog/choosing-the-best-cloud-for-backing-up/]]|Report BlackBlaze|
|2019.07.16|//Rhino Security Labs//|[[Exploring the Power of Phished Persistent Cookies in AWS|https://rhinosecuritylabs.com/aws/aws-phished-persistent-cookies/]]|AWS|
|2019.07.16|//Zscaler//|[[Abusing Microsoft's Azure domains to host phishing attacks|https://www.zscaler.com/blogs/research/abusing-microsofts-azure-domains-host-phishing-attacks]]|Azure Phishing|
|2019.07.16|//G2//|[[11 Myths About Cloud Storage: Debunked|https://learn.g2.com/cloud-storage]]|Storage|
|2019.07.16|//PaloAlto Networks//|[[Seven Guiding Principles to Selecting the Right Cloud Security Solution|https://blog.paloaltonetworks.com/2019/07/seven-guiding-principles-selecting-right-cloud-security-solution/]]|Misc|
|2019.07.16|//ThreatStack//|![[16 Cloud Security Experts Share the Most Costly Security Technology Misconceptions When It Comes to Cloud Migration|https://www.threatstack.com/blog/16-cloud-security-experts-share-the-most-costly-security-technology-misconceptions-when-it-comes-to-cloud-migration]]|Migration|
|2019.07.16|//Datanami//|[[The State of Storage: Cloud, IoT, and Data Center Trends|https://www.datanami.com/2019/07/16/the-state-of-storage-cloud-iot-and-data-center-trends/]]|Storage|
|2019.07.16|Silicon Angle|[[8M lines of hotel-related code exposed in latest Elasticsearch database configuration failure|https://siliconangle.com/2019/07/16/8m-hotel-records-exposed-latest-elasticsearch-database-configuration-fail/]]|Data_Leaks|
|2019.07.16|//Security Intelligence//|[[The Fine Art of Protecting Microsoft Office 365 Apps With Multifactor Authentication|https://securityintelligence.com/posts/the-fine-art-of-protecting-microsoft-office-365-apps-with-multifactor-authentication/]]|O365 MFA|
|2019.07.16|//Managed Methods//|[[What Is Cloud Application Security?|https://managedmethods.com/blog/what-is-cloud-application-security/]]|Misc|
|2019.07.16|//Cruise//|[[Container Platform Security at Cruise (2/2)|https://medium.com/cruise/container-platform-security-7a3057a27663]]|Containers|
|2019.07.16|//Radware//|[[Have Crypto-Miners Infiltrated Your Public Cloud?|https://blog.radware.com/security/cloudsecurity/2019/07/have-crypto-miners-infiltrated-your-public-cloud/]]|Cryptomining|
|2019.07.16|NSA|[[Cloud Security Basics|https://media.defense.gov/2019/Jul/16/2002158059/-1/-1/0/CSI-CLOUD-SECURITY-BASICS.PDF]]|Guidance|
|>|>|>|!2019.07.15|
|2019.07.15|Cloud Native Computing Foundation|[[Demystifying Containers - Part II: Container Runtimes|https://www.cncf.io/blog/2019/07/15/demystifying-containers-part-ii-container-runtimes/]]|Containers|
|2019.07.15|8 Bit Men|[[A Thorough Guide to High Availability, HA Cluster Architecture & Fault Tolerance|https://www.8bitmen.com/a-simple-guide-to-high-availability-ha-cluster-architecture-fault-tolerance/]]|Fault_Tolerance|
|2019.07.15|8 Bit Men|![[A Super Helpful Guide to Understanding Workload & It's Types in Cloud|https://www.8bitmen.com/a-super-helpful-guide-to-understanding-workload-its-types-in-cloud/]]|Workloads|
|2019.07.15|8 Bit Men|![[AWhat Is an Instance In Cloud Computing? - A Thorough Guide|https://www.8bitmen.com/what-is-an-instance-in-cloud-computing-a-thorough-guide/]]|Instances|
|2019.07.15|//Alcide//|[[New Analysis by Alcide Finds 89% of Kubernetes Deployments Not Leveraging Secrets Resources|https://containerjournal.com/2019/07/15/new-analysis-by-alcide-finds-89-of-kubernetes-deployments-not-leveraging-secrets-resources/]]|K8s|
|2019.07.15|//AlienVault//|[[Cloud Security and Risk Mitigation|https://www.alienvault.com/blogs/security-essentials/cloud-security-and-risk-mitigation]]|Risks Mitigation|
|2019.07.15|//Lacework//|[[Cloud Compliance Security, Part 2: The Importance of Security Controls (2/2)|https://www.lacework.com/cloud-compliance-security-part-2-importance-security-controls/]]|Compliance|
|2019.07.15|//TrendMicro//|[[SLUB Gets Rid of GitHub, Intensifies Slack Use|https://blog.trendmicro.com/trendlabs-security-intelligence/slub-gets-rid-of-github-intensifies-slack-use/]]|Attacks Slack|
|2019.07.15|//Azure//|![[Advancing Microsoft Azure reliability|https://azure.microsoft.com/en-gb/blog/advancing-microsoft-azure-reliability/]]|Azure Reliability|
|2019.07.15|//Outpost24//|[[Infosecurity Europe 2019 infographic: Cyber resilience for application and cloud security|https://outpost24.com/blog/Infosecurity-Europe-2019-infographic-Cyber-resilience-for-application-and-cloud-security]]|Resilience|
!"//Signal vs. Noise: Banker Cloud Stories//"
[>img(150px,auto)[iCSA/J7JBS.jpg]]Article de blog publié le 19 juillet 2019 — Rédigé par Craig Balding
<<<
//Une bonne question à poser à un professionnel, quelque soit son secteur d'activité est : à quels événements professionnels participez-vous et pourquoi ?
En plusieurs décennies, j'ai participé et fait l'impasse sur beaucoup d'entre eux, mon principal critère de choix étant le rapport "signal/bruit". En d'autres termes, je sélectionne des événements auxquels assistent des personnes qui façonnent notre industrie — visionnaires, expérimentateurs de premier plan, décideurs, et bien sûr des ceux qui ont une réelle expérience "terrain". Evitez les "moulins à parole" et recherchez les "retours d'expérience".// [...]
//En juin, 23 membres de notre groupe de travail CSA du secteur de la finance s'est réuni dans la belle ville de Louvain, en Belgique, où nous avons passé la journée à partager nos expériences et à discuter des pratiques émergentes, en appliquant la règle de Chatham House.
''Les thèmes abordés''
La journée comprenait des présentations de haute volée, puis du réseautage. Chaque présentation de 10 minutes servait de point de départ à des séances de questions / réponses pointues de 10 minutes aussi.// [...]
//''Et la suite ?''
Nos prochains thèmes seront : la sécurité des containers; comprendre la complexité du Cloud compte-tenu des scénarios d'adoption eux aussi toujours plus complexes; transformations et agilité dans le secteur financier.// [...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/07/19/signal-vs-noise-banker-cloud-stories-by-craig-balding/]] sur le blog de la CSA
!"//'Shift Left' to Harden Your Cloud Security Posture//"
[>img(150px,auto)[iCSA/J7IBS.jpg]]Article de blog publié le 18 juillet 2019 — Rédigé par Josh Stella, Co-founder & Chief Technology Officer, Fugue
<<<
//After a decade-long uneasy courtship with cloud computing, enterprises are migrating their IT systems to platforms like AWS and Azure as fast as they can. This means the key question for the security team is no longer "do we trust the cloud?" -- it's "can we trust ourselves in the cloud?" Answering "yes" requires embracing a term common in application developers circles: "Shift Left". Just as developers unit test their application code prior to merging into the build, they should also implement automated unit security testing of their modules prior to merging into the stage environment.
''Small errors create big problems''
If you've been running in the cloud at scale, you're familiar with the challenge of trying to constantly monitor for the security risks created by resources without known owners, misconfigurations, and humans making errors like leaving too much access after a maintenance event. Human error is the number one cause of data breaches in the cloud, primarily due to the misconfiguration of cloud infrastructure.
Asking the security team to monitor and address misconfigurations in real-time is asking them to tilt at windmills. They quickly become overwhelmed by alerts and struggle to keep up with manual remediation or an ever-growing bag of bespoke automated remediation scripts. The all-too-common result is that the organization finds its brand name and reputation splashed across news headlines and articles about data exposure or loss due to a cloud misconfiguration.
''Security and compliance shift left''
Among developers, the term "shift left" describes moving a particular function to earlier phases of their processes to make identifying and fixing bugs and other errors easier and less time-consuming. The longer they wait, the more difficult making a fix becomes, and that creates delays.
Developers typically relegate security and compliance considerations as afterthoughts implemented as a gate during the test phase. Then they grow frustrated when red flags go up that force them to perform rework in design, development, and testing, and blame the security team for delays moving applications into production.
Automating the shift left of compliance and security into the design and develop phases will eliminate those delays and frustrations, make better systems, and turn those functions into highway builders rather than toll booth operators.
''Establish universal policy interpretations and secure baselines''
This isn't just a process change, it's a culture change. Organizations will likely need to get their security, DevOps and compliance teams to commit to establishing trust and confidence with one another. The best way to accomplish this is to have a "contract" between the teams in the form of actual code that includes explicit and shared interpretations of policy and establishes a baseline of the environment that is enforced via automated tools and processes all the way through the software development lifecycle (SDLC).
A baseline is a complete configuration of an application from the infrastructure up. Baselining allows all stakeholders to determine if the configuration is acceptable early in the process. Developers need to make sure the system functions as intended. Operations needs to know that the system is reliable and maintainable. Security needs to know that it is configured in conformance with best practices and policies at deployment and during operations, and compliance needs to know that it meets audit and/or regulatory controls.
By establishing a definition of known-good into the design and development phases, all parties can come to an agreement early in the process and work together to avoid costly delays. The term "DevSecOps" is becoming more popular as security and DevOps realize they need to come together to address security and compliance considerations earlier in the development process. Creating and enforcing a known-good baseline provides developers with real-time automated feedback through the design and develop phases so they avoid interrupts that breed delays and ensure that the production environment meets all security and compliance policies when deployed to the cloud.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/07/18/shift-left-to-harden-your-cloud-security-posture/]] sur le blog de la CSA
Cet article est la consolidation de 3 articles publiés sur le site de la société Fugue, déjà mentionnés dans la veille hebdomadaire+++*[»]>
|2019.04.17|//Fugue//|[[Shifting Left on Cloud Security and Compliance|https://www.fugue.co/blog/shifting-left-on-cloud-security-and-compliance]] (1/3)|Risks|
|2019.05.24|//Fugue//|[[Shift Left on Cloud Security, Part II - Phases of the SDLC|https://www.fugue.co/blog/shift-left-on-cloud-security-part-ii-phases-of-the-sdlc]] (2/3)|Risks|
|2019.06.27|//Fugue//|[[Shift Left on Cloud Security, Part III: Extending into Production|https://www.fugue.co/blog/shift-left-on-cloud-security-part-iii-extending-into-production]] (3/3)|Risks|
===
Communiqué de presse du 16 juillet 2019
<<<
//Report identifies challenges in securing application containers and microservices through the lens of the developer, operator and architect
[>img(150px,auto)[iCSA/J7GPC.png]]SEATTLE - July 16, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the Challenges in Securing Application Containers and Microservices. Produced by the CSA's Application Containers and Microservices Working Group, this report examines and prioritizes the challenges application architects, developers and operators will encounter when designing, deploying and operating secure application containers and microservices. It is the first in a series of reports that will cover best practices to address and help mitigate the challenges for app containers and microservices outlined in this document, as well as delineating a unified standard for microservices architecture.
"Application containers and microservices have specific characteristics that come with distinct security ramifications," said Anil Karmel, Application Container and Microservices Working Group Co-chair. "By prioritizing various challenges surrounding the securing of application containers and microservices and separating them into use case and feature categories, those involved in the software development lifecycle will be able to make informed security decisions."
Challenges were scored based on 10 weighted questions as applied against application container and microservices features. The top three challenges surrounding application containers were identified as:
* The use of monitoring and security solutions in multi-tenant hosting environments that do not require root or "privileged" access to the container host. These solutions are specifically designed to expose information from more than one tenant and their compromise could result in information spillage or system compromise.
* Ensuring trust in host systems that store images and launch containers. The absence of host-hardening processes can result in the compromise of images, runtime environments and stored data.
* Host hardening is an important requirement for secure container hosting, and a challenge exists to ensure that hardening doesn't interfere with authorized capabilities (e.g., network, storage) of the containers themselves. The absence can result in service availability issues.
The three most critical issues pertaining to microservices challenges were identified as:
* Finding a balance between the costs and benefits of rebuilding a microservice architecture and then orchestrating those microservices. The absence will result in either cost overruns or an application that does not fully benefit from a microservice architecture.
* A container's lifespan when architecting stateful microservices. Care must be taken to design a microservice that does not lose state when a container is no longer running as its absence can result in data loss.
* Ensuring interoperability when writing or maintaining a microservice that interfaces with several other microservices. Reliable test harnesses are required and their absence can result in increased availability and performance issues as the application is decomposed into microservices.
//
<<<
*+++*[Détails complémentaires »]> <<tiddler [[2019.07.16 - Publication : 'Best Practices for Implementing a Secure Application Container Architecture']]>>===
* ⇒ Lire [[la suite|https://cloudsecurityalliance.org/articles/csa-releases-new-research-indentifying-challenges-in-securing-application-containers-and-microservices/]] sur le site de la CSA
!"//Challenges in Securing Application Containers and Microservices//"
<<<
[>img(150px,auto)[iCSA/J7GPC.png]]//Application containers and a microservices architecture are being used to design, develop and deploy applications leveraging agile software development approaches such as Development Operations. Security must be embedded into these software development approaches. This document serves to identify challenges in securing application containers and microservices in the engineering of trustworthy secure systems through the lens of the Developer, Operator and Architect.//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j7gc/|https://CloudSecurityAlliance.fr/go/j7gc/]]''
!!1 - Informations CSA de la semaine du 8 au 14 juillet 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : ''Inscription au Mastère Spécialisé de l'ISEP "Expert Cloud Computing"''+++*[»]> <<tiddler [[2019.07.08 - Blog : Inscription au Mastère Spécialisé de l'ISEP 'Expert Cloud Computing']]>>===
* Actualités : ''Cloud Security Alliance Releases Cloud Penetration Testing Playbook''+++*[»]> <<tiddler [[2019.07.12 - 'CSA Releases Cloud Penetration Testing Playbook']]>>===
* Publication : ''Cloud Penetration Testing Playbook''+++*[»]> <<tiddler [[2019.07.12 - Publication : 'Cloud Penetration Testing Playbook']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.07.14 - Veille Hebdomadaire - 14 juillet]] avec une soixantaine de liens :
* Piratages et fuites de données : Magecart et les attaques systématiques contre les buckets Amazon S3 mal configurés
* Rapports et sondages : Blueprint d'architecture Cloud sécurisée par le Global Cities Team Challenge, sondages Netwrix et Gemalto
* __Pannes__ : Twitter
* __Divers__ : Protection des données dans des buckets AWS, Docker, Kubernetes
!!3 - Agenda
* ''28 __juillet__'' : ''derniers jours'' avant la clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.06.21 - Encore un mois pour soumettre un sujet au CSA Congress EMEA 2019]]>>===
!!Veille Hebdomadaire - 14 juillet 2019
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.07.14|
|2019.07.14|BetaNews|[[Planning a cloud migration? Get your identity privileges in check first|https://betanews.com/2019/07/14/planning-a-cloud-migration-get-your-identity-privileges-in-check-first/]]|Identity|
|2019.07.14|//HiveMQ//|[[The lightweight IoT Protocol MQTT: How to get started|https://www.hivemq.com/blog/how-to-get-started-with-mqtt/]]|MQTT|
|>|>|>|!2019.07.12|
|2019.07.12|RTS[>img[iCSF/flag_fr.png]]|[[Swisscom a effacé les données de centaines de clients MyCloud|https://www.rts.ch/info/suisse/10569711-swisscom-a-efface-les-donnees-de-centaines-de-clients-mycloud.html]]|Outage Swisscom|
|2019.07.12|EDPB / EDPS|![[LIBE Committee letters to the EDPS and to the EDPB regarding legal assessment of the impact of the US Cloud Act on the European legal framework for personal data protection (pdf)|https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_edps_joint_response_us_cloudact_coverletter.pdf]]|CLOUD_Act|
|2019.07.12|Help Net Security|![[How businesses can become more nimble and secure by moving to the cloud|https://www.helpnetsecurity.com/2019/07/12/becoming-secure-cloud-adoption/]] |Misc|
|2019.07.12|DZone|[[4 Ways to Cut Costs When Backing up VMs in The Cloud|https://dzone.com/articles/4-ways-to-cut-costs-when-backing-up-vms-in-the-clo]]|VMs|
|2019.07.12|Cyber Defense Mag|[[US Agency Security Doubts Hinder Move To Hybrid Cloud|https://www.cyberdefensemagazine.com/us-agency-security-doubts-hinder-move-to-hybrid-cloud/]]|Hybrid_Cloud|
|2019.07.12|FinExtra|[[How to build the regulator's confidence in the cloud|https://www.finextra.com/newsarticle/34114/how-to-build-the-regulators-confidence-in-the-cloud]]|Compliance|
|2019.07.12|Cyware|[[DNA Testing Company Vitagene Exposed Over 3,000 Patient Records Due to Misconfigured Database|https://cyware.com/news/dna-testing-company-vitagene-exposed-over-3000-patient-records-due-to-misconfigured-database-cb415557]]|AWS Data_Leak|
|2019.07.12|CloudTech|[[How public cloud continues to drive demand for cybersecurity solutions|https://www.cloudcomputing-news.net/news/2019/jul/12/public-cloud-drives-demand-for-cybersecurity-solutions/]]|Solutions|
|2019.07.12|safecontrols|![[Securing media stored in cloud storage buckets against unauthorised access|https://safecontrols.blog/2019/07/12/securing-media-stored-in-cloud-storage-buckets-against-unauthorised-access/]] |AWS Storage|
|2019.07.12|//Cloudflare//|![[Details of the Cloudflare outage on July 2, 2019|https://blog.cloudflare.com/details-of-the-cloudflare-outage-on-july-2-2019/]] |Outage Cloudflare|
|2019.07.12|//Forcepoint//|[[Prioritizing cloud security initiatives|https://www.forcepoint.com/blog/insights/prioritizing-cloud-security-initiatives]]|Misc|
|2019.07.12|//Lacework//|[[Cloud Compliance Security, Part 1: Understanding Expectations & Building Requirements (1/2)|https://www.lacework.com/cloud-compliance-security-part-1-expectations-requirements/]]|Compliance|
|2019.07.12|//AlertLogic//|[[Five Insights from and About the First AWS re:Inforce|https://blog.alertlogic.com/five-insights-from-and-about-the-first-aws-reinforce/]]|AWS Conference|
|2019.07.12|//DeltaRisk//|[[Federal Agencies Moving to the Cloud Must Take Stock of Information Systems|https://deltarisk.com/blog/federal-agencies-moving-to-the-cloud-must-take-stock-of-information-systems/]]|Strategy|
|>|>|>|!2019.07.11|
|2019.07.11|GeekWire|[['Something is technically wrong': Twitter outage extends beyond an hour|https://www.geekwire.com/2019/something-technically-wrong-twitter-outage-extends-beyond-hour/]]|Outage Twitter|
|2019.07.11|Dark Reading|[[The Security of Cloud Applications|https://www.darkreading.com/cloud/the-security-of-cloud-applications-/a/d-id/1335157]]|Misc|
|2019.07.11|CSO|[[How a decentralized cloud model may increase security, privacy|https://www.csoonline.com/article/3405439/how-a-decentralized-cloud-model-may-increase-security-privacy.html]]|Architecture|
|2019.07.11|DZone|[[Understanding Docker Networking|https://dzone.com/articles/understanding-docker-networking]]|Docker|
|2019.07.11|DZone|[[Updating and Modernizing: Moving from Virtual Machines to Containers|https://dzone.com/articles/updating-and-modernizing-moving-from-virtual-machi]]|VMs Containers|
|2019.07.11|DZone|[[Kubernetes vs OpenShift: What Is the Difference?|https://dzone.com/articles/kubernetes-vs-openshift-what-is-the-difference]]|K8s OpenShift|
|2019.07.11|//Fugue//|![[5 Things Executives Need to Know About Cloud Security|https://www.fugue.co/blog/5-things-executives-need-to-know-about-cloud-security]] |Best_Practices|
|2019.07.11|//PaloAlto Networks//|[[How Western Asset Management Is Mitigating Cloud Threats|https://blog.paloaltonetworks.com/2019/07/western-asset-management-mitigating-cloud-threats/]]|Threats Mitigation|
|2019.07.11|//TrendMicro//|[[Migrating Network Protection to the Cloud with Confidence|https://blog.trendmicro.com/migrating-network-protection-to-the-cloud-with-confidence/]]|Protection|
|2019.07.11|//Microsoft//|[[Authentication Methods–Usage & Insights|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Authentication-Methods-Usage-amp-Insights/ba-p/745370]]|Active_Directory|
|2019.07.11|//TAG Cyber//|[[Cloud Security for the Masses|https://threatvector.cylance.com/en_us/home/cloud-security-for-the-masses.html]]|Misc|
|2019.07.11|//Forcepoint//|[[Cloud app security in a direct-to-cloud world|https://www.forcepoint.com/blog/insights/cloud-app-security-direct-cloud-world]]|Misc|
|2019.07.11|//Whistic//|[[Phase 5 of The 5 Phases of Responding to a Security Questionnaire & How To Get Proactive (5/5)|https://blog.whistic.com/phase-5-of-the-5-phases-of-responding-to-a-security-questionnaire-how-to-get-proactive-19421dbac65]]|Misc|
|2019.07.11|//Managed Methods//|[[3 Critical Microsoft Cloud Security Issues|https://managedmethods.com/blog/3-critical-microsoft-cloud-security-issues/]]|Azure O365|
|>|>|>|!2019.07.10|
|2019.07.10|Journal du Net[>img[iCSF/flag_fr.png]]|[[Multi-cloud : comment assurer la disponibilité des données ?|https://www.journaldunet.com/solutions/expert/71422/multi-cloud---comment-assurer-la-disponibilite-des-donnees.shtml]]|Multi_Cloud|
|2019.07.10|GCTC|"Secure Cloud Architecture: Towards a Smart City cloud privacy, Security, and Rights-Inclusive Architecture" ([[blueprint|https://gctc.opencommons.org/images/f/ff/CommunityCloudPrivacy.pdf]])|Architecture|
|2019.07.11|GCN| → [[A secure cloud architecture for smart cities|https://gcn.com/articles/2019/07/11/smart-city-secure-cloud-architecture.aspx]]|Architecture|
|2019.07.10|Container Journal|[[Inside the Canonical Container Strategy|https://containerjournal.com/2019/07/10/inside-the-canonical-container-strategy/]]|Containers|
|2019.07.10|BetaNews|[[Is your online cloud storage secure enough?|https://betanews.com/2019/07/10/online-cloud-storage-secure-enough/]]|Storage|
|2019.07.10|DZone|[[Sending Custom Application Stats From EC2 Server to CloudWatch for Monitoring|https://dzone.com/articles/sending-custom-application-stats-from-ec2-for-clou]]|Monitoring|
|2019.07.10|KitPloit|[[Cloud Security Audit - A Command Line Security Audit Tool For Amazon Web Services|https://www.kitploit.com/2019/07/cloud-security-audit-command-line.html]]|Audit Tools|
|2019.07.10|//RiskIQ//|[[Spray and Pray: Magecart Campaign Breaches Websites En Masse Via Misconfigured Amazon S3 Buckets|https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/]]|AWS Attacks Magecart|
|2019.07.11|Wired| → [[Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains - and Counting|https://www.wired.com/story/magecart-amazon-cloud-hacks/]]|AWS Attacks Magecart|
|2019.07.11|CBR Online| → [[Magecart Launches "Spray and Pray" Attacks on AWS S3 Buckets, Hits 17,000|https://www.cbronline.com/news/magecart-aws-s3-card-skimmers]]|AWS Attacks Magecart|
|2019.07.11|infoRisk Today| → [[RiskIQ: Magecart Group Targeting Unsecured AWS S3 Buckets|https://www.inforisktoday.com/riskiq-magecart-group-targeting-unsecured-aws-s3-buckets-a-12771]]|AWS Attacks Magecart|
|2019.07.12|Bleeping Computer| → [[Over 17,000 Domains Infected with Code that Steals Card Data|https://www.bleepingcomputer.com/news/security/over-17-000-domains-infected-with-code-that-steals-card-data/]]|AWS Attacks Magecart|
|2019.07.12|ComputerWeekly| → [[Magecart Hackers Infect 17,000 Domains via Insecure S3 Buckets|https://www.securityweek.com/magecart-hackers-infect-17000-domains-insecure-s3-buckets]]|AWS Attacks Magecart|
|2019.07.12|The Register| → [[When did you last check your AWS S3 security? Here's four scary words: 17k Magecart infections|https://www.theregister.co.uk/2019/07/12/riskiq_magecart_s3/]]|AWS Attacks Magecart|
|2019.07.17|//DivvyCloud//| → [[Hacker Group "Magecart" Attacking Misconfigured S3 Buckets|https://divvycloud.com/blog/protect-your-s3-buckets-from-magecart/]]|AWS Attacks Magecart|
|2019.07.10|//AlienVault//|[[What is Chaos Engineering in penetration testing?|https://www.alienvault.com/blogs/security-essentials/what-is-chaos-engineering-in-pen-testing]]|PenTesting Chaos_Engineering|
|2019.07.10|//Avanan//|[[Watch Out for HTML Attachments, the Latest Phishing Trend Targeting Office 365|https://www.avanan.com/resources/phishing-trend-targeting-office-365-uses-html-attachments]]|Phishing O365|
|>|>|>|!2019.07.09|
|2019.07.09|Dark Reading|![[Cloud Security and Risk Mitigation|https://www.darkreading.com/perimeter/cloud-security-and-risk-mitigation/a/d-id/1335100]] |Risks Mitigation|
|2019.07.09|Container Journal|[[Building Secure Production-Ready Kubernetes Clusters and Containers (2/2)|https://containerjournal.com/2019/07/09/building-secure-production-ready-kubernetes-clusters-and-containers-part-2/]]|Containers|
|2019.07.09|DZone|[[Top Issues Facing Internet of Medical Things and How to Solve Them|https://dzone.com/articles/main-issues-of-internet-of-medical-things-and-how]]|Medical IoT|
|2019.07.09|DZone|[[Deconstructing Serverless Computing Part 4: Developing to Infinity and Beyond!|https://dzone.com/articles/deconstructing-serverless-computing-part-4-develop]]|Serverless|
|2019.07.09|//Stackrox//|[[Gartner: How-To Guide on Securing Containers|https://www.stackrox.com/post/2019/07/gartner-how-to-guide-on-securing-containers/]] (3/3)|Containers|
|2019.07.09|//Backblaze//|[[More People Than Ever Backing Up According to Our Survey|https://www.backblaze.com/blog/more-people-than-ever-backing-up-according-to-our-survey/]]|Report BlackBlaze|
|2019.07.09|//Sysdig//|![[33 Kubernetes security tools|https://sysdig.com/blog/33-kubernetes-security-tools/]] |K8s|
|2019.07.09|//Microsoft//|[[Your Pa$$word doesn't matter|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984]]|Authentication|
|2019.07.09|//Symantec//|[[Why a CASB is Essential to any Cloud and Enterprise Security Strategy|https://www.symantec.com/blogs/product-insights/why-casb-essential-any-cloud-and-enterprise-security-strategy]]|CASB|
|2019.07.09|//Avanan//|[[Cloud Email Security Supplements Address SaaS Vulnerabilities|https://www.avanan.com/resources/cloud-email-security-supplements-address-saas-vulnerabilities]]|SaaS|
|2019.07.09|//Rapid7//|[[Securing Your Cloud Environments with InsightIDR, Part 2: Amazon Web Services (AWS)|https://blog.rapid7.com/2019/07/09/securing-your-cloud-environments-with-insightidr-part-2-amazon-web-services-aws/]] (2/3)|AWS|
|2019.07.09|//Alibaba Cloud//|[[DevOps: How to Have Less Downtime|https://medium.com/@Alibaba_Cloud/devops-how-to-have-less-downtime-c04f630160f2]]|DevOps Availability|
|2019.07.09|//Alibaba Cloud//|[[Building An Immutable Cloud Infrastructure On Alibaba Cloud|https://medium.com/@Alibaba_Cloud/building-an-immutable-cloud-infrastructure-on-alibaba-cloud-b49ac03923c8]]|Availability|
|2019.07.09|//Netwrix//|[[Netwrix survey: 32% of healthcare organizations store all their sensitive data in the cloud, yet lack the resources to protect it|https://www.netwrix.com/netwrix_survey_32_percent_of_healthcare_organizations_store_all_their_sensitive_data_in_the_cloud.html]] ([[rapport|http://www.netwrix.com/go/cloudsecurity2019_healthcare]])|Report|
|2019.07.09|//Blissfully//|[[Five Important Questions To Ask About Your Business's SaaS Tools|https://www.blissfully.com/blog/five-questions-businesss-saas-tools/]]|SaaS|
|2019.07.09|//Sysdig//|[[How to detect Kubernetes vulnerability CVE-2019-11246 using Falco|https://sysdig.com/blog/how-to-detect-kubernetes-vulnerability-cve-2019-11246-using-falco/]]|CVE-2019-11246 Kubernetes|
|2019.07.09|//Managed Methods//|[[Everything You Need to Know About Office 365 Cloud App Security|https://managedmethods.com/blog/office-365-cloud-app-security/]]|Azure O365|
|2019.07.09|//Symantec//|[[Containing Your Containers - It's Time to Batten Down the Hatches|https://www.symantec.com/blogs/product-insights/containing-your-containers-its-time-batten-down-hatches]]|Containers|
|2019.07.09|//CCSI//|[[Cloud Audit Protection Against Security Threats|https://www.ccsinet.com/blog/cloud-security-audit/]]|Auditing|
|2019.07.09|//Sysdig//|![[33(+) Kubernetes security tools|https://sysdig.com/blog/33-kubernetes-security-tools/]]|K8s Tools|
|>|>|>|!2019.07.08|
|2019.07.08|!CSA|[[Organizations Must Realign to Face New Cloud Realities|https://www.symantec.com/blogs/feature-stories/organizations-must-realign-face-new-cloud-realities]] |CSA JimReavis|
|2019.07.08|//eXemplify//|[[Steps to Improved Cloud Security|http://www.exemplifygroup.com/steps-to-improved-cloud-security/]]|Misc|
|2019.07.08|//Gemalto//|[[Study: 49% of ITDMs Feel Cloud Apps Are the Biggest Targets of Digital Threats|https://blog.gemalto.com/security/2019/07/08/study-49-of-itdms-feel-cloud-apps-are-the-biggest-targets-of-digital-threats/]] ([[rapport|https://safenet.gemalto.com/access-management-index/]])|Report Gemalto|
|2019.07.08|ComputerWeekly| → [[Nearly half of firms fear cloud apps make them insecure|https://www.computerweekly.com/news/252466371/Nearly-half-firms-fear-cloud-apps-make-them-insecure]]|Report Gemalto|
|2019.07.09|Dark Reading| → [[Organizations Are Adapting Authentication for Cloud Applications|https://www.darkreading.com/cloud/organizations-are-adapting-authentication-for-cloud-applications/d/d-id/1335200]]|Authentiction|
|2019.07.10|Help Net Security| → [[Do cloud apps make you a target for cyber attacks?|https://www.helpnetsecurity.com/2019/07/10/cloud-apps-cyber-attacks/]]|Report Gemalto|
|2019.07.08|//StorageCraft//|[[Will Brexit Affect StorageCraft's Cloud Products?|https://blog.storagecraft.com/will-brexit-affect-storagecrafts-cloud-products/]]|Brexit|
|2019.07.08|//BLG//|[[Cybersecurity Guidance for Small and Medium Organizations|https://www.blg.com/fr/insights/2019/07/cybersecurity-guidance-for-small-and-medium-organizations]]|Canada Guidance|
Communiqué de presse du 12 juillet 2019
<<<
//Reports provides foundation for public cloud penetration testing methodology
[>img(150px,auto)[iCSA/j7CPC.png]]SEATTLE - July 12, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the Cloud Penetration Testing Playbook. Developed by the CSA Top Threats Working Group, the playbook addresses the methodological and knowledge gaps in the security testing of information systems and applications in public cloud environments with a focus on penetration testing of cloud-hosted applications and services. By providing advice on key topics the report aims to help mature cloud penetration testing and, in the process, create a more secure cloud computing environment.
The playbook represents a collective effort to provide guidance for the penetration testing of systems in public cloud environments and allows penetration testers to use the document's objectives to test the security of public cloud systems and environments. It also touches legal and other associated concerns, aiming to educate key decision makers on the complexities of penetration testing in a multi-stakeholder, layered information technology stack.
"As cloud services become ever more integral to critical business capabilities, as well as foundational for many cloud-native businesses, it is past time we lift the veil on offensive cloud security and testing. In this publication, some of world's leading cloud security experts and CSA proudly deliver this exclusive knowledge from the domain of the skilled few to the benefit of everyone," said Alexander Getsin, lead author and industry cyber security architect.
The CSA Top Threats Working Group, co-chaired by Jon-Michael Brook, principal contributor in the industry and CSA Research Fellow, was established to provide organizations with an up-to-date, expert-informed understanding of cloud security risks, threats and vulnerabilities in order to make educated risk-management decisions regarding cloud adoption strategies. Individuals interested in becoming involved in the future research and initiatives of this group are invited to do so by visiting the Join page.//
<<<
*+++*[Détails complémentaires »]> <<tiddler [[2019.07.12 - Publication : 'Cloud Penetration Testing Playbook']]>>===
* ⇒ Lire [[la suite|https://cloudsecurityalliance.org/articles/cloud-security-alliance-releases-cloud-penetration-testing-playbook/]] sur le site de la CSA
!"//Cloud Penetration Testing Playbook//"
<<<
[>img(150px,auto)[iCSA/j7CPC.png]]//This work focuses on testing systems and services hosted in public cloud environments. This refers to customer-controlled or customer-managed systems and services. For example, a custom virtual machine, managed and controlled by the cloud customer, in an IaaS environment would be in-scope whereas the hypervisor of an IaaS environment that is controlled by the cloud service provider isn't. As for testing hybrid clouds, this document does not cover the hybrid interface and on-premises environment.//
<<<
__Table des Matières :__
<<<
# Introduction
** Target Audience
# Scope of this Document
# Cloud Penetration Testing Scope
# Cloud Penetration Testing in Context
# Cloud Penetration Testing Objectives
# Cloud Penetration Test Cases and Concerns
## Preparation
## Threat Modelling
## Reconnaissance and Research
## Testing
## Report
# Legal
# Training and Resources
# Conclusions
# References
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j7cp/|https://cloudsecurityalliance.fr/go/j7cp/]]''
!Le Mastère Spécialisé® de l'ISEP "Expert Cloud Computing" existe depuis 7ans
[>img(150px,auto)[iCSF/ISEP-FC.jpg]]Le Cloud Computing ne fait pas que modifier la façon de consommer l'informatique, il change aussi les métiers au sein des DSI Directions des Services Informatiques. Bien que l'informatique dématérialisée ne s'appuie pas sur des avancées technologiques, elle n'a rien d'un effet de mode ni d'une simple évolution.
Depuis 7 ans, le Cloud Computing a profondément muri et les besoins de compétence des entreprises s'orientent de plus en plus vers les offres SaaS (Software-as-a-Service) dans leur évolution vers la digitalisation et les transformations métiers que cela génère.
[>img(700px,auto)[iCSF/J78PAMDLSDBDE.png]]Depuis 7 ans le Mastère Spécialisé® ''Expert Cloud Computing'' a évolué dans son contenu pour prendre en compte les évolutions des besoins en compétence dans les transformations des entreprises en intégrant les nouveautés technologiques (Internet des Objets, Bigdata, Intelligence Artificielle, Blockchain) de façon à coller aux besoins de l'instant dans la formation.
Le shéma ci-contre résume le positionnement actuel de ce Mastère Spécialisé® dans le spectre des besoins des entreprises.
Ce Mastère Spécialisé®, qui reste à dominante technique, prend en compte les besoins de nouvelles compétences des Ingénieurs non seulement liés au développement des nouvelles technologiques utilisant les ressources Cloud mais aussi de permettre aux lauréats du Mastère Spécialisé® de connaître et traiter les besoins des entreprises dans les domaines stratégiques tels que :
* la sécurité,
* la protection des données,
* les évolutions des Si d'entreprises en fonction des stratégies de transformations.
La pédagogie développée pour ce Mastère Spécialisé® fait toujours appel à la théorie madrée d'une forte proportion d'enseignements en liaison avec des projets opérationnels et concrets développant les qualités d'empathie et de travail en réseau des élèves.
__Planning :__
* Date de début de formation : jeudi 3 octobre 2019
* Date de fin de formation : vendredi 3 juillet 2020
* Soutenances de thèses : 17 ou 18 septembre 2020
__Labels & Accréditations :__
* Le Mastère Spe´cialise´® est ''labellisé par la CGE (Conférence des Grandes Ecoles) depuis 2012''.
* Le Mastère Spe´cialise´® est inscrit au ''RNCP (Registre National des Certifications Professionnelles)'' depuis janvier 2015; en conséquence, __il est éligible au financement par les OPCA et les Fongecif__
** Le Code RNCP du Maste`re Spe´cialise´® est le [[21792|http://www.rncp.cncp.gouv.fr/grand-public/visualisationFiche?format=fr&fiche=21792]].
* Le Mastère Spécialisé® est éligible au compte personnel de formation(CPF), et peut être partiellement ou totalement financé.
** Le Mastère Spécialisé® est inscrit au CPF sous le n° 145653.
* Le Mastère Spécialisé® est inscrit au CNCP (Commission Nationale de la Certification Professionnelle).
__Liens :__
* Descriptif court du Mastère Spécialisé® ''Expert Cloud Computing''
** ⇒'' https://cloudsecurityalliance.fr/pdf/20190708-Descriptif-MS-CloudComputing-ISEP_2019-2020.pdf ''
* Descriptif détaillé du Mastère Spécialisé® ''Expert Cloud Computing'' sur le site ISEP Formation Continue
** ⇒ ''[[CloudSecurityAlliance.fr/go/McCC/|https://cloudsecurityalliance.fr/go/McCC/]]''
__Contacts et pour recevoir la documentation et le dossier d'inscription pour ce Mastère :__
* Mme Aïcha ABDAT, Assistante administrative ISEP Formation Continue
** Téléphone : 01 49 54 52 59
** Adresse : 10 rue de Vanves, 92130 Issy-les-Moulineaux
** email : ''‮rf.pesi@tadba.ahcia‬''
** Web : ''[[CloudSecurityAlliance.fr/go/McCC/|https://cloudsecurityalliance.fr/go/McCC/]]''
{{floatC{
<html><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i></html>@@color:#014;<html><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i></html>@@
}}}
!!1 - Informations CSA de la semaine du 1er au 7 juillet 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Le site de la Cloud Security Alliance a changé de look ! A découvrir ici → ''[[CloudSecurityAlliance.org|https://CloudSecurityAlliance.org]]'' —+++*[»]> <<tiddler [[2019.07.03 - Nouveau site Web pour la Cloud Security Alliance]] >>===
* Blog : "''Using The CAIQ-Lite to Assess Third Party Vendors''"+++*[»]> <<tiddler [[2019.07.01 - Blog : Utiliser CAIQ-Lite pour évaluer des prestataires ou fournisseurs]]>>===
* Blog : "''The State of SDP Survey: A Summary''"+++*[»]> <<tiddler [[2019.07.02 - Blog : Résultat du sondage SDP]]>>===
* Blog : "''Highlights from the CSA Summit at Cyberweek''"+++*[»]> <<tiddler [[2019.07.03 - Blog : Temps forts du CSA Summit à la Cyberweek]]>>===
* Appels à commentaires (7 juillet) : "''Top Threats to Cloud Computing 2019''"+++*[»]> <<tiddler [[2019.06.11 - Appel à commentaires : document 'Top Threats to Cloud Computing 2019']]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.07.07 - Veille Hebdomadaire - 7 juillet]] avec une quarantaine de liens dont :
* __Pannes__ : Tweetdeck et Cloudflare (la série noire), Facebook, Verizon+++^*[»]
|2019.07.03|Ars Technica|![[The Internet broke today: Facebook, Verizon, and more see major outages|https://arstechnica.com/information-technology/2019/07/facebook-cloudflare-microsoft-and-twitter-suffer-outages/]]|Outage|
|2019.07.02|//Cloudflare//|[[Cloudflare outage caused by bad software deploy (updated)|https://blog.cloudflare.com/cloudflare-outage/]] ([[suivi|https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr]])|Outage Cloudflare|
|2019.07.02|Bleeping Computer| → [[Cloudflare Worldwide Outage Caused by Bad Software Deployment|https://www.bleepingcomputer.com/news/technology/cloudflare-worldwide-outage-caused-by-bad-software-deployment/]]|Outage Cloudflare|
===
* Piratages et fuites de données : PCM (la suite)+++^*[»]
|2019.07.04|CPO|![[Cloud Solution Provider PCM Discloses Client Information Breach Just Days After Insight Acquisition Announcement; What Happens Next?|https://www.cpomagazine.com/cyber-security/cloud-solution-provider-pcm-discloses-client-information-breach-just-days-after-insight-acquisition-announcement-what-happens-next/]]|Attacks O365 Breach|
===
*Conférences : retours sur ''AWS re:Inforce 2019''+++^*[»]
|2019.07.01|Scott Piper|![[re:Inforce Recap|https://summitroute.com/blog/2019/07/01/reinforce_recap/]]|AWS Conference|
===
* Rapports et sondages : Canalys et Secteur de la santé (Netwrix)+++^*[»]
|2019.07.02|//Canalys//|[[Cybersecurity for public cloud and "as a service" up 45% in Q1 2019|https://www.canalys.com/newsroom/cybersecurity-market-q1-2019]]|Report|
|2019.07.02|//IT Wire//| → [[Cyber security for public cloud and 'as-a-service' grew strongly in 1Q2019|https://www.itwire.com/security/cyber-security-for-public-cloud-and-as-a-service-grew-strongly-in-1q2019.html]]|Report|
|>|!|>||
|2019.07.04|//Netwrix//|[[30% of Healthcare Organizations Lack Resources for Data Protection in the Cloud|https://blog.netwrix.com/2019/07/04/infographics-30-of-healthcare-organizations-lack-resources-for-data-protection-in-the-cloud/]]|Report Netwrix|
===
* __Divers__ :
** incidents dans le Cloud et responsabilité+++^*[»]
|2019.07.01|Dark Reading|![[There's a Security Incident in the Cloud: Who's Responsible?|https://www.darkreading.com/edge/edge-articles/theres-a-security-incident-in-the-cloud-whos-responsible/d/d-id/1334918]]|IncidentHandling|
|>|!|>||
|2019.07.06|//eXemplify//|[[Tackling Cloud Security Challenges Before They Become a Crisis Situation|http://www.exemplifygroup.com/tackling-cloud-security-challenges-before-they-become-a-crisis-situation/]]|Incident_Handling|
===
** Kubernetes
** Tests de la plateforme CloudGoat 2+++^*[»]
|2019.07.01|The Test Labs|![[CloudGoat 2 Walkthrough - Part One|https://thetestlabs.io/post/cloudgoat.2.walkthrough.part.one/]] (1/5) |CloudGoat Challenge|
|2019.07.02|The Test Labs|![[CloudGoat 2 Walkthrough - Part Two|https://thetestlabs.io/post/cloudgoat.2.walkthrough.part.two/]] (2/5) |CloudGoat Challenge|
|2019.07.03|The Test Labs|![[Cloudgoat 2 Walkthrough - Part Three|https://thetestlabs.io/post/cloudgoat.2.walkthrough.part.three/]] (3/5) |CloudGoat Challenge|
|2019.07.04|The Test Labs|![[Cloudgoat 2 Walkthrough - Part Four|https://thetestlabs.io/post/cloudgoat.2.walkthrough.part.four/]] (4/5) |CloudGoat Challenge|
|2019.07.05|The Test Labs|![[Cloudgoat 2 Walkthrough - Part Five|https://thetestlabs.io/post/cloudgoat.2.walkthrough.part.five/]] (5/5) |CloudGoat Challenge|
===
** contrôles CIS et MITRE ATT&CK+++^*[»]
|2019.07.01|//ExtraHop//|![[How to Apply CIS Controls & MITRE ATT&CK in the Cloud|https://www.extrahop.com/company/blog/2019/how-to-apply-security-controls-in-hybrid-cloud/]]|CIS_Controls|
===
!!3 - Agenda
* ''28 __juillet__'' : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.06.21 - Encore un mois pour soumettre un sujet au CSA Congress EMEA 2019]]>>===
!!Veille Hebdomadaire - 7 juillet 2019
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.07.07|
|2019.07.07|Computer Weekly|[[Public sector should embrace multicloud to cut risk of cloud market monopolisation, says report|https://www.computerweekly.com/news/252466305/Public-sector-should-embrace-multicloud-to-cut-risk-of-cloud-market-monopolisation-says-report]]|Risks|
|2019.07.07|The Test Labs|[[Securing Access to AWS EC2 Instances With EC2 Instance Connect|https://thetestlabs.io/post/securing-access-to-aws-ec2-instances-with-one-time-use-ssh-keys/]] |AWS Access|
|2019.07.07|//Menlo Security//|[[Even Dropbox and Box aren't Safe|https://www.menlosecurity.com/blog/even-dropbox-and-box-arent-safe]]|Attacks Phishing|
|>|>|>|!2019.07.06|
|2019.07.06|Bleeping Computer|[[Beware of Fake Microsoft OneNote Audio Note Phishing Emails|https://www.bleepingcomputer.com/news/security/beware-of-fake-microsoft-onenote-audio-note-phishing-emails/]]|Phishing|
|2019.07.06|//eXemplify//|[[Tackling Cloud Security Challenges Before They Become a Crisis Situation|http://www.exemplifygroup.com/tackling-cloud-security-challenges-before-they-become-a-crisis-situation/]]|Incident_Handling|
|>|>|>|!2019.07.05|
|2019.07.05|LeMagIT[>img[iCSF/flag_fr.png]]|[[Les entreprises françaises adoptent le cloud, mais se soucient de leur souveraineté|https://www.lemagit.fr/actualites/252466306/Les-entreprises-francaises-adoptent-le-cloud-mais-se-soucient-de-leur-souverainete]]|Compliance|
|2019.07.05|ProPrivacy|[[How secure are Dropbox, OneDrive, Google Drive and iCloud?|https://proprivacy.com/guides/how-secure-is-cloud-storage]]|DataPrivacy|
|2019.07.05|ZDnet|[[Encryption laws are creating an exodus of data from Australia: Vault|https://www.zdnet.com/article/encryption-laws-are-creating-an-exodus-of-data-from-australia-vault/]]|Encryption|
|2019.07.05|Infosec Write-Ups|[[Using Shodan Better Way! :)|https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6]]|Detection|
|2019.07.05|SecTor|[[Why Cloud Data Exposures Keep Happening|https://sector.ca/why-cloud-data-keeps-getting-exposed/]]|Data_Leaks|
|2019.07.05|The Test Labs|![[Cloudgoat 2 Walkthrough - Part Five|https://thetestlabs.io/post/cloudgoat.2.walkthrough.part.five/]] (5/5) |CloudGoat Challenge|
|2019.07.05|//Zscaler//|[[The Five Pillars Of Secure Cloud Transformation|https://www.forbes.com/sites/forbestechcouncil/2019/07/05/the-five-pillars-of-secure-cloud-transformation/]]|Best_Practices|
|>|>|>|!2019.07.04|
|2019.07.04|CPO|![[Cloud Solution Provider PCM Discloses Client Information Breach Just Days After Insight Acquisition Announcement; What Happens Next?|https://www.cpomagazine.com/cyber-security/cloud-solution-provider-pcm-discloses-client-information-breach-just-days-after-insight-acquisition-announcement-what-happens-next/]]|Attacks O365 Breach|
|2019.07.04|The Test Labs|![[Cloudgoat 2 Walkthrough - Part Four|https://thetestlabs.io/post/cloudgoat.2.walkthrough.part.four/]] (4/5) |CloudGoat Challenge|
|2019.07.04|//CloudChekr//|[[Critical Azure Cloud Security Failures for New Users|https://cloudcheckr.com/cloud-security/critical-azure-cloud-security-failures-for-new-users/]]|Azure Mistakes|
|2019.07.04|//Alibaba Cloud//|[[Technical Best Practices for Container Log Processing|https://medium.com/@Alibaba_Cloud/technical-best-practices-for-container-log-processing-d33e64e3e8da]]|Container Logging Best_Practices|
|2019.07.04|//Netwrix//|[[30% of Healthcare Organizations Lack Resources for Data Protection in the Cloud|https://blog.netwrix.com/2019/07/04/infographics-30-of-healthcare-organizations-lack-resources-for-data-protection-in-the-cloud/]]|Report Netwrix|
|>|>|>|!2019.07.03|
|2019.07.03|Ars Technica|![[The Internet broke today: Facebook, Verizon, and more see major outages|https://arstechnica.com/information-technology/2019/07/facebook-cloudflare-microsoft-and-twitter-suffer-outages/]]|Outage|
|2019.07.03|Help Net Security|[[Disaster recovery readiness is essential for hybrid and multi-cloud strategies|https://www.helpnetsecurity.com/2019/07/03/disaster-recovery-readiness/]]|DRP|
|2019.07.03|Help Net Security|[[To benefit from DevOps implementation, security and dev teams must communicate better|https://www.helpnetsecurity.com/2019/07/03/devops-implementation/]]|DevOps|
|2019.07.03|Computer Weekly|[[Public cloud: A key component in a disaster recovery plan|https://www.computerweekly.com/feature/Public-cloud-A-key-component-in-a-disaster-recovery-plan]]|DRP|
|2019.07.03|DZone|[[Docker Images and Containers|https://dzone.com/articles/docker-images-and-containers]]|Docker Containers|
|2019.07.03|The Test Labs|![[Cloudgoat 2 Walkthrough - Part Three|https://thetestlabs.io/post/cloudgoat.2.walkthrough.part.three/]] (3/5) |CloudGoat Challenge|
|2019.07.03|//Darktrace//|[[Cloud Threat Report 2019|https://customers.darktrace.com/en/cloud-threat-report-2019/]]|Report Darktrace|
|2019.07.05|Silicon.fr[>img[iCSF/flag_fr.png]]| → [[Sécurité cloud : 9 cas d'attaques identifiés par Darktrace|https://www.silicon.fr/securite-cloud-9-cas-darktrace-255037.html]]|Report Darktrace|
|2019.07.03|//Alcide//|[[Kubernetes Vulnerability Scanning|https://blog.alcide.io/kubernetes-vulnerability-scanning]]|Prevention Controls|
|2019.07.03|//PivotPoint Security//|[[Yes, You Still Need Penetration Testing in the Cloud|https://www.pivotpointsecurity.com/blog/yes-you-still-need-penetration-testing-in-the-cloud/]]|PenTesting|
|2019.07.03|//Zscaler//|[[Cloud security and the public sector: A dangerous partnership or a growing necessity?|https://www.zscaler.com/blogs/corporate/cloud-security-and-public-sector-dangerous-partnership-or-growing-necessity]]|Misc|
|2019.07.03|//Spanning//|[[Top 3 Enterprise SaaS Data Protection Trends|https://spanning.com/blog/top-3-enterprise-saas-data-protection-trends/]]|DataProtection SaaS|
|2019.07.03|//Managed Methods//|[[Top 5 Security Issues In Cloud Computing|https://managedmethods.com/blog/security-issues-in-cloud-computing/]]|Risks|
|2019.07.03|//IbexLabs//|[[Managed Service Providers Vs. AWS Next-Generation Managed Service Providers|https://www.ibexlabs.com/msps-vs-aws-next-generation-managed-service-providers/]]|MSPs AWS|
|2019.07.03|//Spanning//|[[Top 3 Enterprise SaaS Data Protection Trends|https://spanning.com/blog/top-3-enterprise-saas-data-protection-trends/]]|SaaS Data_Protection|
|>|>|>|!2019.07.02|
|2019.07.02|SANS|[[Building Cloud-Based Automated Response Systems|https://www.sans.org/reading-room/whitepapers/cloud/paper/39050]] ([[document|https://www.sans.org/reading-room/whitepapers/cloud/building-cloud-based-automated-response-systems-39050]])|Response|
|2019.07.02|safeControls|[[CCSK Domain 5: Information governance|https://safecontrols.blog/2019/07/02/ccsk-domain-5-information-governance/]]|CCSK|
|2019.07.02|//Cloudflare//|[[Cloudflare outage caused by bad software deploy (updated)|https://blog.cloudflare.com/cloudflare-outage/]] ([[suivi|https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr]])|Outage Cloudflare|
|2019.07.02|Bleeping Computer| → [[Cloudflare Worldwide Outage Caused by Bad Software Deployment|https://www.bleepingcomputer.com/news/technology/cloudflare-worldwide-outage-caused-by-bad-software-deployment/]]|Outage Cloudflare|
|2019.07.02|DZone|[[Moving Towards a Standard Operating Model for Kubernetes|https://dzone.com/articles/moving-towards-a-standard-operating-model-for-kube]]|K8s|
|2019.07.02|Solutions Review|[[The Definitive Google Cloud Certifications for Businesses and IT Workers|https://solutionsreview.com/cloud-platforms/the-definitive-google-cloud-certifications-for-businesses-and-it-workers/]]|Certification GCP|
|2019.07.02|Container Journal|[[Successful Container Use: Points to Consider|https://containerjournal.com/2019/07/02/successful-container-use-points-to-consider/]]|Containers|
|2019.07.02|DZone|[[Examining Kubernetes Persistent Volumes|https://dzone.com/articles/examining-kubernetes-persistent-volumes]]|K8s|
|2019.07.02|eSecurity Planet|![[Cloud Security Requires Visibility, Access Control: Security Research|https://www.esecurityplanet.com/cloud/cloud-security-requires-visibility-security-research.html]]|Risks Reports|
|2019.07.02|Gartner|[[Gartner on Securing Cloud-Native Apps|https://www.stackrox.com/post/2019/07/gartner-on-securing-cloud-native-apps/]] (2/3)|Misc|
|2019.07.02|The Test Labs|![[CloudGoat 2 Walkthrough - Part Two|https://thetestlabs.io/post/cloudgoat.2.walkthrough.part.two/]] (2/5) |CloudGoat Challenge|
|2019.07.02|//Canalys//|[[Cybersecurity for public cloud and "as a service" up 45% in Q1 2019|https://www.canalys.com/newsroom/cybersecurity-market-q1-2019]]|Report|
|2019.07.02|//IT Wire//| → [[Cyber security for public cloud and 'as-a-service' grew strongly in 1Q2019|https://www.itwire.com/security/cyber-security-for-public-cloud-and-as-a-service-grew-strongly-in-1q2019.html]]|Report|
|2019.07.02|//PaloAlto Networks//|[[See the Unseen in AWS Mirrored Traffic With the VM-Series|https://blog.paloaltonetworks.com/cloud-see-unseen-aws-mirrored-traffic-vm-series/]]|AWS Detection|
|2019.07.02|//CloudRanger//|[[Legal Hold for AWS environments|https://cloudranger.com/legal-hold-for-aws-environments/]]|Legal|
|2019.07.02|//Carbon Black//|[[Addressing the Cyber Security Skills Gap, Part 1|https://www.carbonblack.com/2019/07/02/addressing-the-cyber-security-skills-gap-part-1/]]|Skills|
|2019.07.02|//Caylent//|[[Getting to Grips with Kubernetes Storage|https://caylent.com/getting-to-grips-with-kubernetes-storage/]]|K8s Storage|
|2019.07.02|//Alibaba Cloud//|[[Black Hole Policies of Alibaba Cloud Security|https://medium.com/@Alibaba_Cloud/black-hole-policies-of-alibaba-cloud-security-3f2c7fdca19e]]|DDoS Protection|
|2019.07.02|//Aqua Security//|[[Crypto-mining Attack: The Container Security Demo that Went Terribly Right|https://blog.aquasec.com/crypto-mining-attack-the-container-security-demo-that-went-terribly-right]]|Containers CryptoMining|
|2019.07.02|SANS|[[Building Cloud-Based Automated Response Systems|https://www.sans.org/reading-room/whitepapers/cloud/building-cloud-based-automated-response-systems-39050]]|Analysis Misc.|
|2019.07.02|//Sensu//|[[Chaos engineering + monitoring, part 1: Sensu + Gremlin|https://blog.sensu.io/chaos-engineering-monitoring-part-1-sensu-gremlin]] (1/3)|Chaos_Engineering|
|>|>|>|!2019.07.01|
|2019.07.01|Le Mag IT[>img[iCSF/flag_fr.png]]|[[Outscale en passe de devenir le cloud souverain que la France attendait|https://www.lemagit.fr/actualites/252466046/Outscale-en-passe-de-devenir-le-Cloud-souverain-que-la-France-attend]]|Sovereign_Cloud Outscale|
|2019.07.01|Bleeping Computer|[[Tweetdeck Is Down, Currently Experiencing Worldwide Outage|https://www.bleepingcomputer.com/news/security/tweetdeck-is-down-currently-experiencing-worldwide-outage/]]|Outage|
|2019.07.01|Scott Piper|![[re:Inforce Recap|https://summitroute.com/blog/2019/07/01/reinforce_recap/]]|AWS Conference|
|2019.07.01|Help Net Security|[[What is and what is not working for security operations teams in securing cloud data|https://www.helpnetsecurity.com/2019/07/01/cloud-data-security-concerns/]]|Report|
|2019.07.01|DZone|[[AWS Control Tower & VPC Traffic Mirroring|https://dzone.com/articles/aws-control-tower-amp-vpc-traffic-mirroring]]|AWS|
|2019.07.01|Container Journal|[[Building Secure Production-Ready Kubernetes Clusters and Containers (1/2)|https://containerjournal.com/2019/07/01/building-secure-production-ready-kubernetes-clusters-and-containers-part-1/]]|Containers|
|2019.07.01|DZone|[[Kubernetes Operators: What Are They?|https://dzone.com/articles/kubernetes-operators-what-are-they]]|K8s|
|2019.07.01|DZone|[[Protect Containers To Secure Your Business|https://dzone.com/articles/protect-containers-to-secure-your-business]]|Containers|
|2019.07.01|ComputerWorld|[[4 essential security features built into Microsoft 365|https://www.computerworld.com/article/3405572/4-essential-security-features-built-into-microsoft-365.html]]|O365|
|2019.07.01|Dark Reading|![[There's a Security Incident in the Cloud: Who's Responsible?|https://www.darkreading.com/edge/edge-articles/theres-a-security-incident-in-the-cloud-whos-responsible/d/d-id/1334918]]|IncidentHandling|
|2019.07.01|FCW|[[JEDI and C2E: Is it worth comparing the DOD and ODNI cloud plans?|https://fcw.com/articles/2019/07/01/dod-jedi-odni-c2e-cloud-compare.aspx]]|Government JEDI|
|2019.07.01|Dark Reading|[[Attunity Data Leak Exposes Sensitive Files at Ford, TD Bank|https://www.darkreading.com/document.asp?doc_id=1335105]]|DataLeak S3|
|2019.07.01|TEISS|[[Unsecured AWS S3 buckets leaked data belonging to Fortune 100 firms|https://www.teiss.co.uk/news/s3-buckets-data-exposed/]]|Data_Leaks|
|2019.07.01|The Test Labs|![[CloudGoat 2 Walkthrough - Part One|https://thetestlabs.io/post/cloudgoat.2.walkthrough.part.one/]] (1/5) |CloudGoat Challenge|
|2019.07.01|//ExtraHop//|![[How to Apply CIS Controls & MITRE ATT&CK in the Cloud|https://www.extrahop.com/company/blog/2019/how-to-apply-security-controls-in-hybrid-cloud/]]|CIS_Controls|
!"//Highlights from the CSA Summit at Cyberweek//"
[>img(150px,auto)[iCSA/J73BH.jpg]]Article de blog publié le 3 juillet 2019 — Rédigé par Moshe Ferber, Président du Chapitre israélien de la CSA, et Damir Savanovic, Senior Innovation Analyst, CSA.
<<<
Tel-Aviv est une ville surpeuplée tout au long de l'année avec un écosystème de cybersécurité en effervescence, mais dans la dernière semaine de juin, cet écosystème se met à bouillir lorsque l'Université de Tel-Aviv accueille ''Cyberweek'', sa conférence annuelle. Avec 9 000 visiteurs de plus de 80 pays différents, elle constitue une des plus importantes conférences du monde dans le domaine de la cybersécurité.
C'est dans ce merveilleux environnement d'innovation en cybersécurité, que la Cloud Security Alliance a tenu son premier sommet de Tel Aviv dans le cadre de la ''Cyberweek''. Au cours de la semaine, la ''CSA'' a organisé une formation CCSK et une journée complète de conférences sur l'état actuel et l'avenir du Cloud.
L'un des points forts de la ''Cyberweek'' est que ses organisateurs ont réussi à rendre la conférence attrayante pour tous les publics : les militaires, les autorités et le secteur privé y trouvent tous un intérêt. Qu'il s'agisse de décideurs ou de geeks, il y en a pour tous les goûts. On retrouvait cette même diversité au Sommet de la ''CSA'' où les décideurs pouvaient assister à des conférences telles que....
* Le discours d'ouverture de Damir Savanovic, de la ''CSA'', qui a prononcé deux excellents allocutions sur la certification du Cloud et l'avenir de Blockchain dans le Cloud
** Vidéo → [[YouTube - JrZD-SLP-Is|https://www.youtube.com/watch?v=JrZD-SLP-Is]]
* Le conseiller du CISO d'ABN AMRO - Olaf Streutker approfondit le modèle octogonal du Cloud, un modèle innovant qui met les entreprises au défi d'étudier les risques sous un autre angle que celui du fournisseur de services cloud. (Le livre blanc sur le modèle octogonal a été publié le même jour par le groupe de travail ''CSA'' sur les Services) Financiers)
** Vidéo → [[YouTube - qJpZDcJyAw4|https://www.youtube.com/watch?v=qJpZDcJyAw4]]
* Yuval Segev, de l'Agence nationale israélienne du cyberespace, a expliqué le modèle INCD (Israel National Cyber Directorate) pour la gestion des risques de la chaîne d'approvisionnement (l'adoption du Cloud fait peser un grand poids sur l'évaluation de cette dernière)
** Vidéo → [[YouTube - DlXBGtOq9i4|https://www.youtube.com/watch?v=DlXBGtOq9i4]]
* Nicola Sfondrini, Ph. D., a partagé sur le succès du Chapitre italien de la ''CSA'' qui a aidé le gouvernement de son pays sur la voie de l'adoption réussie du cloud computing.
**Vidéo → [[YouTube - VdEtgcv8N84|https://www.youtube.com/watch?v=VdEtgcv8N84]]
Pour les congressistes qui s'intéressaient davantage à l'innovation technologique :
* Eitan Satmary de l'équipe de sécurité de WIX a parlé de la gestion de la sécurité Web pour des millions d'environnements utilisateurs tandis que Boris Giterman de Dell EMC a détaillé leur projet pour créer la confiance dans le cloud, en collaboration avec l'UE.
** Vidéo → [[YouTube - M8te4ogMCOs|https://www.youtube.com/watch?v=M8te4ogMCOs]]
* Les participants intéressés par le dynamisme de l'innovation en Israël et le rôle des start-ups dans le pays, ont pu assister à une brillante conférence d'Ofer Smadari (fondateur de Luminate, acquis par Symantec) sur la transformation d'une idée sur le SDP (//software-defined perimeter//) en une acquisition par l'une des plus grandes entreprises du monde
** Vidéo → [[YouTube - 8JwWH0ZKT9w|https://www.youtube.com/watch?v=8JwWH0ZKT9w]]
* Ivan Robles du Chapitre espagnol de la ''CSA'' a partagé un point de vue intéressant sur la façon d'effectuer des audits et des investigations dans le Cloud, tandis que Ian Evans de OneTrust a donné de précieux conseils sur la façon de surmonter nos défis les plus courants dans le domaine de la sécurité et la confidentialité.
** Vidéo → [[YouTube -AK2FPq2teCw|https://www.youtube.com/watch?v=AK2FPq2teCw]]
* Le discours de clôture a été prononcé par Tim Rains d'AWS, jaugeant les mythes et les opportunités de la sécurité dans le Cloud
** Vidéo → [[YouTube - kyFtO2egxbw|https://www.youtube.com/watch?v=kyFtO2egxbw]]
Si vous n'avez pas pu assister à la conférence ou si vous désirez y assister de nouveau, vous pouvez visionner les présentations du ''CSA Summit'' sur [[Youtube|https://www.youtube.com/playlist?list=PLrsvn13Tgp7R4sFr4jmbxxn5BDdT3szLQ]]
2019 a donc été la première fois qu'un sommet de la ''CSA'' s'est tenu dans le cadre de la ''Cyberweek'' de Tel Aviv, mais nous sommes convaincus que la combinaison d'un excellent site, d'une grande variété de sujets et de l'audience attractive de ''Cyberweek'', sont la recette pour rendre cet évènement un incontournable de la ''Cyberweek''.
Vous trouverez sur l'article original quelques photos du ''CSA Summit'' et de la ''Cyberweek''.
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/07/03/highlights-from-the-csa-summit-at-cyberweek/]] sur le blog de la CSA
Le site Web de la ''Cloud Security Alliance'' a changé d'aspect.
Avec une nouvelle symbolique, il est aussi plus fluide et plus facile à consulter depuis un smartphone.
Le lien est toujours : ''[[CloudSecurityAlliance.org|https://CloudSecurityAlliance.org]]''
L'iconographie ci-dessous reprend les principales catégories
{{floatC{ <<tiddler [[2019.07.03 - RollJ73]]>> }}}
<<QOTD [[2019.07.03 - RolledJ73]] 1500 noclick norandom>>
!Adhésion — Participation
[img(auto,200px)[iCSA/J73Membership.jpg]] [img(auto,200px)[iCSA/J73STARreg.png]]
https://cloudsecurityalliance.org/membership/
----
!Certification — STAR — RGPD
[img(auto,200px)[iCSA/J73STAR.png]] — [img(auto,200px)[iCSA/J73GDPR.jpg]]
https://cloudsecurityalliance.org/star/ — https://cloudsecurityalliance.org/star/
----
!Formation — CCSK — Webinar CloudBytes
[img(auto,200px)[iCSA/J73CCSK.png]] — [img(auto,200px)[iCSA/J73CloudBytes.png]] — [img(auto,200px)[iCSA/J73Galaxy.png]]
https://cloudsecurityalliance.org/education/ — https://cloudsecurityalliance.org/education/ccsk/
----
!Recherche — Groupes de travail — Publications
[img(auto,200px)[iCSA/J73Research.jpg]] — [img(auto,200px)[iCSA/J73Research.png]] — [img(auto,200px)[iCSA/J73Research.png]]
https://cloudsecurityalliance.org/research/ — https://cloudsecurityalliance.org/research/working-groups/
----
!Communauté — Blog — Evénements — Chapitres
[img(auto,200px)[iCSA/J73Community.jpg]] — [img(auto,200px)[iCSA/J73WG.png]]
https://blog.cloudsecurityalliance.org/ — https://csacongress.org/ — https://cloudsecurityalliance.org/chapters/
----
!CSA — Organisation — Historique — Presse
[img(auto,200px)[iCSA/J73About.jpg]] — [img(auto,200px)[iCSA/J73CSAnet.png]]
https://cloudsecurityalliance.org/about/history/ — https://cloudsecurityalliance.org/about/management-staff/ — https://cloudsecurityalliance.org/articles/
----
!Migration dans le Cloud — Définition d'une stratégie Cloud — Initiatives Métiers
[img(auto,200px)[iCSA/J73Transitioning.png]] — [img(auto,200px)[iCSA/J73CloudStrategy.png]] — [img(auto,200px)[iCSA/J73Business.png]]
----
!Problématique IoT — Problématique Menaces — Problématique Informatique Quantique
[img(auto,200px)[iCSA/J73IoT.png]] — [img(auto,200px)[iCSA/J73TopThreats.png]] — [img(auto,200px)[iCSA/J73Quantum.png]]
----
!Base de connaissances — Registre STAR — Recherche
[img(auto,200px)[iCSA/J73KC.png]] — [img(auto,200px)[iCSA/J73STARRegistry.png]] — [img(auto,200px)[iCSA/J73Research2.png]]
----
!Logos
[img(auto,200px)[iCSA/J73CSARGB.png]]
!"The State of SDP Survey: A Summary"
[<img(200px,auto)[iCSA_/J72SDPinfogr.png]][>img(200px,auto)[iCSA_/J72TSOSDPSAS.png]]Article de blog publié le 2 juillet 2019
<<<
Le premier sondage annuel ''CSA'' "''State of Software-Defined Perimeter''" est disponible sous la forme d'une infographie.
Il évalue le niveau de prise de conscience et d'adoption de cette architecture de sécurité.
[...]
Les résultats sont contrastés: seuls 24% déclarent bien connaître les concepts du SDP, et 29% "à peu près", contre 35% en ayant entendu parler, et 11% pas du tout.
Une majorité des entités confirment le besoin de changer leur approche vers une architecture "Zero Trust", 70% des interviewés exprimant un besoin clair de changer leur approche du contrôle d'accès des utilisateurs, en améliorant l'authentification et la gestion des habilitations des utilisateurs.
[...]
Au niveau de l'adoption du SDP, une majorité l'utilisent soit en tant que remplacement du VPN(64%), soit en tant qu'alternative au NAC (55%), tous deux étant typique d'un premier projet de SDP.
<<<
⇒ Lire [[l'article original|https://blog.cloudsecurityalliance.org/2019/07/02/the-state-of-sdp-survey-a-summary/]] sur le blog de la CSA
⇒ Accéder à l'inforgraphie aux formats [[image|https://blog.cloudsecurityalliance.org/wp-content/uploads/sites/3/2019/07/SDP-Survey2.jpg]] ou [[pdf|https://cloudsecurityalliance.org/artifacts/sdp-awareness-and-adoption-infographic]].
!"Using The CAIQ-Lite to Assess Third Party Vendors"
[>img(200px,auto)[iCSA_/CAIQ-LITE-whitepaper.png]]Article de blog publié le 1er juillet 2019 — par Dave Christiansen, Marketing Director, Whistic
<<<
La simple référence à des "questionnaires de sécurité" peut faire penser à des centaines de questions visant à auditer les processus internes afin de réduire le risque pour les tiers. Cela se traduit généralement par un long processus de préparation à optimiser. Bien que nous ne soyons pas contre la rigueur dans l'évaluation de tiers, afin de suivre le rythme de croissance des entreprises de Cloud Computing, des normes plus légères peuvent servir comme des "passerelles" qui accélèrent l'évaluation du risque pour le fournisseur.
Comme vous l'avez probablement déjà entendu, Whistic et la Cloud Security Alliance ont collaboré pour créer la version initiale du ''CAIQ-Lite'' afin d'encourager la rationalisation de l'évaluation et des processus de sécurité des fournisseurs. La particularité du ''CAIQ-Lite'' réside dans sa construction générale, qui conserve les 16 domaines de contrôle contenus dans la ''Cloud Controls Matrix'' 3.0.1 tout en réduisant le total des questions de 295 à 73. Cela donne plus de poids à chaque question au sein de ''CAIQ-Lite'', retenue pour son importance et sa priorité par rapport aux autres qui ont été omises.
Comme ''CAIQ-Lite'' a été publié il y a tout juste trois mois, nous avons reçu un certain nombre de questions sur ce que sont les cas d'usage idéaux. Ci-dessous se trouve une liste initiale des ressources compilées à ce jour :
* Une excellente mesure de référence qui peut être prise en compte dans la modélisation des risques et vos rapports.
* L'étape initiale d'un processus potentiellement à plusieurs étapes, visant à recevoir une réponse initiale et à aiguiller des fournisseurs spécifiques vers une évaluation ''CAIQ'' complète.
* Une bonne façon d'auditer rapidement tout fournisseur de statut "signalé" ou suspect.
* Pour toute tierce partie qui pourrait avoir besoin d'une cadence plus élevée en matière de gestion des risques.
* Conditions dans lesquelles les fournisseurs tiers n'ont qu'un accès restreint aux données de votre entreprise.
* Un outil de réengagement pour tous les fournisseurs qui ne se sont pas précédemment conformés de manière satisfaisante, ou qui ont peut-être été sous-performants dans leur communication sur cet aspect.
* Un questionnaire d'introduction à la sécurité idéal pour les fournisseurs dont l'équipe de sécurité de l'information est en pleine expansion et qui n'est peut-être pas suffisamment exposée à des normes plus étendues.
Nous continuons de compiler les commentaires sur cette nouvelle norme et nous encourageons les membres de la ''CSA'' de s'auto-évaluer par rapport à ''CAIQ-Lite'' puis de formuler des questions et/ou suggestions afin que début 2020, la version finale du ''CAIQ-Lite'' soit prête à recevoir des réponses à toutes les questions.
<<<
⇒ Lire [[l'article original|https://blog.cloudsecurityalliance.org/2019/07/01/using-the-caiq-lite-to-assess-third-party-vendors/]] sur le blog de la CSA
⇒ Lire+++*[la présentation de CAIQ-Lite]> <<tiddler [[2019.03.01 - Blog : Présentation de 'CAIQ Lite']]>>
!"//It's Time for Security Leadership to Embrace the Cloud-First Future//"
[>img(100px,auto)[iCSA/J7TBI.jpg]]^^Bien que publié le 29 juillet 2019 sur le blog de la CSA, cet article l'a déjà été il y a 1 mois, le 25 juin 2019 sur le site de Forbes.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/07/29/its-time-for-security-leadership-to-embrace-the-cloud-first-future/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.forbes.com/sites/extrahop/2019/06/25/its-time-for-security-leadership-to-embrace-the-cloud-first-future/]]^^
!"//4 Reasons Why IT Supervision is a Must in Content Collaboration//"
[>img(100px,auto)[iCSA/J7NB4.jpg]]^^Bien que publié le 23 juillet 2019 sur le blog de la CSA (et qu'aucun auteur ne soit mentionné), cet article l'a déjà été il y a plus de 2 mois, le 16 mai 2019 sur le site de Tresorit.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/07/23/4-reasons-why-it-supervision-is-a-must-in-content-collaboration/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://tresorit.com/blog/it-supervision-in-content-collaboration/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//How Traffic Mirroring in the Cloud Works//"
[>img(100px,auto)[iCSA/J78BH.jpg]]^^Bien que publié le 8 juillet 2019 sur le blog de la CSA, cet article l'a déjà été il y a 2 semaines, le 25 juin 2019 sur le site de ExtraHop.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/07/08/how-traffic-mirroring-in-the-cloud-works/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.extrahop.com/company/blog/2019/how-traffic-mirroring-in-the-cloud-works/]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201906>>
<<tiddler fAll2Tabs10 with: VeilleM","_201906>>
<<tiddler fAll2LiTabs10 with: NewsL","201906>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Juin 2019]]>>
|!Juin|!Sources|!Titres et Liens|!Keywords|
|2019.06.26|MITRE CVE|//Kubernetes Command Line Interface kubectl// [[CVE-2019-11246|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11246]]|CVE-2019-11246 Kubernetes|
|2019.06.14|//Microsoft//|[[Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)|https://blogs.technet.microsoft.com/msrc/2019/06/14/prevent-the-impact-of-a-linux-worm-by-updating-exim-cve-2019-10149/]]|CVE-2019-10149 Exim|
|2019.05.28|MITRE CVE|//Azure DevOps Server Spoofing Vulnerability// [[CVE-2019-0996|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0996]]|CVE-2018-0996 Azure|
|2019.06.11|//Microsoft//| → [[CVE-2019-0996: Azure DevOps Server Spoofing Vulnerability|https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0996]]|CVE-2019-0996 Azure|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Juin 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Juin 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201906>>
<<tiddler fAll2LiTabs13end with: Blog","201906>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Juin 2019]]>>
<<tiddler fAll2LiTabs13end with: Publ","201906>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Juin 2019]]>>
!!1 - Informations CSA de la semaine du 24 au 30 juin 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : "''How to Improve the Accuracy and Completeness of Cloud Computing Risk Assessments?''"+++*[»]> <<tiddler [[2019.06.24 - Blog : Améliorer l'exactitude et l'exhaustivité de l'évaluation des risques dans le Cloud]]>>===
* Publication : "''Cloud Octagon Model''"+++*[»]> <<tiddler [[2019.06.24 - Publication : Cloud Octagon Model]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.06.30 - Veille Hebdomadaire - 30 juin]] avec plus d'une centaine liens dont :
* Alerte : CVE-2019-11246 sur Kubernetes
* __Pannes__ : Cloudflare (des explications), Slack
* Piratage et fuite de données : PCM (fournisseur d'énergie Cloud), Attunity, Cloud Hopper
* AWS re:Inforce 2019 : retours sur la conférence, disponibilité de AWS ''Security Hub'' et ''AWS Control Tower''
* Rapport et sondages : Recorded Future, CyberArk, Symantec
* __Divers__ : Kubernetes, OneDrive, menaces et risques...
!!3 - Agenda
* ''28 __juillet__'' : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.06.21 - Encore un mois pour soumettre un sujet au CSA Congress EMEA 2019]]>>===
!!Veille Hebdomadaire - 30 juin 2019
|!Juin|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.06.30|
|2019.06.30|RSA Confrence|[[Ben's Book of the Month: Review of "Practical Cloud Security: A Guide for Secure Design and Deployment"|https://www.rsaconference.com/blogs/bens-book-of-the-month-review-of-practical-cloud-security-a-guide-for-secure-design-and-deployment]]|Book Architecture Design|
|>|>|>|!2019.06.29|
|2019.06.29|safeControls|[[CCSK Domain 4 - Compliance and Audit Management|https://safecontrols.blog/2019/06/29/ccsk-domain-4-compliance-and-audit-management/]]|CCSK|
|2019.06.29|//AWS//|![[Introducing the AWS Security Incident Response Whitepaper|https://aws.amazon.com/blogs/security/introducing-the-aws-security-incident-response-whitepaper/]]|Incident_Response|
|2019.06.29|//One Cloud Please//|[[Automating AWS Account Deletion|https://onecloudplease.com/blog/automating-aws-account-deletion]]|AWS Automation|
|>|>|>|!2019.06.28|
|2019.06.28|Global Security Mag[>img[iCSF/flag_fr.png]]|[[Rapport Gauvin - Rebond 3DS OUTSCALE : La nécessité d' être Souverain|http://www.globalsecuritymag.fr/Rapport-Gauvin-Rebond-3DS-OUTSCALE,20190628,88595.html]]|Legal Outscale|
|2019.06.28|Réseaux & Télécoms[>img[iCSF/flag_fr.png]]|[[Oracle annonce la fermeture de Dyn et le déplacement des services DNS dans son cloud|http://www.reseaux-telecoms.net/actualites/lire-oracle-annonce-la-fermeture-de-dyn-et-le-deplacement-des-services-dns-dans-son-cloud-27779.html]]|!DNS Oracle EndOfLife|
|2019.06.28|Bleeping Computer|[[Slack Is Experiencing Worldwide Outage, Degraded Performance|https://www.bleepingcomputer.com/news/security/slack-is-experiencing-worldwide-outage-degraded-performance/]]|Outage Slack|
|2019.06.28|ThreatStack|[[AWS re:Inforce 2019 Recap: A Look Back at the First AWS Security Show|https://www.threatstack.com/blog/aws-reinforce-2019-recap-a-look-back-at-the-first-aws-security-show]]|AWS Conference|
|2019.06.28|TechRepublic|[[How to set up multi-factor authentication for an IAM user in AWS|https://www.techrepublic.com/article/how-to-set-up-multi-factor-authentication-for-an-iam-user-in-aws/]]|IAM AWS|
|2019.06.28|DZone|[[Introduction to Kubernetes Security|https://dzone.com/articles/introduction-to-kubernetes-security]]|K8s|
|2019.06.28|CSO|[[AWS re:Inforce 2019: Amazon shows its dedication to cloud security|https://www.csoonline.com/article/3405581/aws-reinforce-2019-amazon-shows-its-dedication-to-cloud-security.html]]|AWS Conference|
|2019.06.28|ToolBox|[[Track the Difference Between Cloud Hosting Vs Shared Web Hosting|https://it.toolbox.com/blogs/ugranarayanpandey/track-the-difference-between-cloud-hosting-vs-shared-web-hosting-062819]]|Hosting|
|2019.06.28|//TrendMicro//| → [[AWS re:Inforce 2019 re:Cap|https://blog.trendmicro.com/aws-reinforce-2019-recap/]]|AWS Conference|
|2019.06.28|//IS Decision//|[[Under a Cloud of Suspicion|https://www.isdecisions.com/cloud-storage-security-issues/]]|Report SMBs|
|2019.07.19|DZone| → [[Cloud Security Concerns Among Small and Medium Businesses|https://dzone.com/articles/61-of-smbs-believe-that-their-data-is-unsafe-in-th]]|Report SMBs|
|2019.06.28|//RecordedFuture//|[[How Much Budget Are Enterprises Really Dedicating to Security?|https://www.recordedfuture.com/enterprise-security-budget/]] ([[rapport|https://go.recordedfuture.com/cyberedge-cyberthreat-defense-report-2019]])|Report Threats|
|2019.06.28|//CloudCheckr//|[[Building a Secure Public Sector Cloud with the Center for Internet Security|https://cloudcheckr.com/cloud-security/the-best-security-tools-for-cybersecurity-in-the-cloud/]]|Compliance|
|2019.06.28|//Armor//|[[Budgeting for Cloud Security|https://www.armor.com/blog/budgeting-for-cloud-security/]]|Budget|
|2019.06.28|//Whistic//|[[Phase 4 of The 5 Phases of Responding to a Security Questionnaire & How To Get Proactive '4/5)|https://blog.whistic.com/phase-4-of-the-5-phases-of-responding-to-a-security-questionnaire-how-to-get-proactive-1e3c138f30bb]]|Misc|
|2019.06.28|//Rapid7//|[[Securing Your Cloud Environment with InsightIDR, Part 1: Microsoft Azure|https://blog.rapid7.com/2019/06/28/securing-your-cloud-environment-with-insightidr-part-1-microsoft-azure/]] (1/3)|Azure|
|>|>|>|!2019.06.27|
|2019.06.27|KrebsOnSecurity|![[Breach at Cloud Solution Provider PCM Inc.|https://krebsonsecurity.com/2019/06/breach-at-cloud-solution-provider-pcm-inc/]]|Attacks O365 Breach|
|2019.06.28|MSSP Alert| → [[PCM Breach: Hackers Gain Microsoft Office 365 Credentials at IT Solutions Provider|https://www.msspalert.com/cybersecurity-news/pcm-office365-breach//]]|Attacks O365 Breach|
|2019.06.27|SiliconAngle|[[Can cloud providers keep sky from falling on cybersecurity?|https://siliconangle.com/2019/06/27/can-cloud-providers-keep-sky-from-falling-on-cybersecurity-reinforce/]] ([[vidéo|https://video.cube365.net/v/jboyAlJc89M]])|Misc|
|2019.06.27|ComputerWeekly|[[Cloud snapshots and backups: How to protect data in the cloud|https://www.computerweekly.com/feature/Cloud-snapshots-and-backups-How-to-protect-data-in-the-cloud]]|Backups|
|2019.06.27|Dark Reading|[[Office 365 Multifactor Authentication Done Right|https://www.darkreading.com/perimeter/office-365-multifactor-authentication-done-right/a/d-id/1335039]]|O365|
|2019.06.27|GBHackers on Security|[[Most Important Checklist for Security Leakage Before Initiating Data Migration in Your Organization|https://gbhackers.com/important-checklist-security-leakage/]]|Controls|
|2019.06.27|CIO|[[Data breach exposed apprentices' passport details, employment agreements|https://www.cio.com.au/article/663251/data-breach-exposed-apprentices-passport-details-employment-agreements/]]|DataLeak AWS Bucket|
|2019.06.27|DZone|[[Secure Cloud Storage in 3 Steps|https://dzone.com/articles/secure-cloud-storage-in-3-steps]]|Storage|
|2019.06.27|//UpGuard//|![[Data Warehouse: How a Vendor for Half the Fortune 100 Exposed a Terabyte of Backups|https://www.upguard.com/breaches/attunity-data-leak]]|DataLeak S3|
|2019.06.27|//Threatpost//| → [[Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank|https://threatpost.com/leaky-amazon-s3-buckets-expose-data-of-netflix-td-bank/146084/]]|DataLeak S3|
|2019.06.28|MSSP Alert| → [[AWS Cloud Data Leak: Qlik's Attunity Exposes Backup Information|https://www.msspalert.com/cybersecurity-news/aws-cloud-data-leak-attunity/]]|DataLeak S3|
|2019.06.27|//Google Cloud//|[[Chronicle Joining Google Cloud|https://medium.com/@chroniclesec/chronicle-joining-google-cloud-c29037ee2d89]]|GCP|
|2019.06.27|//Google Cloud//| → [[Google Cloud + Chronicle: The security moonshot joins Google Cloud|https://cloud.google.com/blog/topics/inside-google-cloud/the-security-moonshot-joins-google-cloud]]|GCP|
|2019.06.27|//Fugue//|[[Shift Left on Cloud Security, Part III: Extending into Production|https://www.fugue.co/blog/shift-left-on-cloud-security-part-iii-extending-into-production]] (3/3)|Risks|
|2019.06.27|//Caylent//|[[Updating and Modernizing: Moving from Virtual Machines to Containers|https://caylent.com/moving-from-virtual-machines-to-containers/]]|Containers VMs|
|2019.06.27|//CloucdCheckr//|[[The Best Security Tools for Cybersecurity in the Cloud|https://cloudcheckr.com/cloud-security/the-best-security-tools-for-cybersecurity-in-the-cloud/]]|[[Tools|GitHub-Tools]]|
|2019.06.27|//Aporeto//|[[Cloud Migration Security Strategy|https://www.aporeto.com/blog/cloud-migration-security-strategy/]]|Migration|
|2019.06.27|SANS|[[How to Build an Endpoint Security Strategy in AWS|https://www.sans.org/reading-room/whitepapers/analyst/build-endpoint-security-strategy-aws-39040]]|Analysis Misc.|
|2019.06.27|//Google Cloud//|[[How Google adopted BeyondCorp: Part 1|https://security.googleblog.com/2019/06/how-google-adopted-beyondcorp.html]] (1/4)|Misc|
|>|>|>|!2019.06.26|
|2019.06.26|DZone|[[Deep Dive into Cloud Firewall: Addressing Aggressive Mining Worms|https://dzone.com/articles/deep-dive-into-cloud-firewall-addressing-aggressiv]]|Firewalls|
|2019.06.26|DZone|[[What is PaaS? Platform-as-a-Service Types Explained|https://dzone.com/articles/what-is-paas-platform-as-a-service-types-explained-1]]|PaaS|
|2019.06.26|Reuters|![[Inside the West's failed fight against China's 'Cloud Hopper' hackers|https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/]]|Attacks APT Cloud_Hopper|
|2019.06.26|Silicon| → [[Chinese Ministry Hackers Hit Eight Services Firms - Report|https://www.silicon.co.uk/security/cyberwar/chinese-ministry-hackers-services-firms-266767]]|Attacks APT Cloud_Hopper|
|2019.06.26|InfoRisk Today| → [[Cloud Hopper: Major Cloud Services Victims Named|https://www.inforisktoday.com/cloud-hopper-major-cloud-services-victims-named-a-12695]]|Attacks APT Cloud_Hopper|
|2019.06.26|Data Security Breach[>img[iCSF/flag_fr.png]]|[[Stockage Cloud et sécurité : trois problèmes rencontrés par les PME|https://www.datasecuritybreach.fr/stockage-cloud-et-securite-trois-problemes-rencontres-par-les-pme/]]|Risks|
|2019.06.26|Solutions Review|[[4 Cloud Computing Risks and How Your Business Can Avoid Them|https://solutionsreview.com/cloud-platforms/4-cloud-computing-risks-and-how-your-business-can-avoid-them/]]|Risks|
|2019.06.26|SecurityWeek|[[AWS Launches Mirroring Feature for Inspecting Network Traffic|https://www.securityweek.com/aws-launches-mirroring-feature-inspecting-network-traffic]]|AWS Monitoring|
|2019.06.26|TechRepublic|[[Docker containers are filled with vulnerabilities: Here's how the top 1,000 fared|https://www.techrepublic.com/article/docker-containers-are-filled-with-vulnerabilities-heres-how-the-top-1000-fared/]]|Docker Flaws|
|2019.06.26|TechRepublic|[[AWS re:Inforce 2019 - Day 1 Recap|https://www.threatstack.com/blog/aws-reinforce-2019-day-1-recap]]|AWS Conference|
|2019.06.26|MITRE CVE|!Kubernetes Command Line Interface kubectl [[CVE-2019-11246|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11246]]|CVE-2019-11246 Kubernetes|
|2019.06.26|//Google Cloud//| → [[Kubernetes CVE-2019-11246|https://cloud.google.com/kubernetes-engine/docs/security-bulletins#june-25-2019]]|CVE-2019-11246 Kubernetes|
|2019.06.26|ZDnet| → [[Kubernetes CLI tool security flaw lets attackers run code on host machine|https://www.zdnet.com/article/kubernetes-cli-tool-security-flaw-lets-attackers-run-code-on-host-machine/]]|CVE-2019-11246 Kubernetes|
|2019.06.26|Cybersecurity Insiders|[[How Doxing can prove as a threat to Cloud Security|https://www.cybersecurity-insiders.com/how-doxing-can-prove-as-a-threat-to-cloud-security/]]|Risks|
|2019.06.26|//CTERA//[>img[iCSF/flag_fr.png]]|[[Quels impératifs faut-il respecter en matière de sécurité du Cloud ?|https://www.journaldunet.com/solutions/expert/71337/quels-imperatifs-faut-il-respecter-en-matiere-de-securite-du-cloud.shtml]]|Risks|
|2019.06.26|//Avanan//|[[Top Takeaways from the 2019 Gartner Security & Risk Management Summit|https://www.avanan.com/resources/takeaways-from-2019-gartner-security-summit]]|Gartner Conference|
|2019.06.26|//CloudFlare//|![[The deep-dive into how Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Monday|https://blog.cloudflare.com/the-deep-dive-into-how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-monday/]]|Outage AWS Cloudflare|
|2019.06.26|//Armor//|[[Securing Apps and Data in the Public Cloud - It Takes a Village|https://www.armor.com/blog/securing-apps-and-data-in-the-public-cloud/]] ([[vidéo|https://www.youtube.com/watch?v=senX8XSnN-c]])|Misc|
|2019.06.26|//CyberArk//|![[CyberArk Global Advanced Threat Landscape Report 2019: Focus on Cloud|https://www.cyberark.com/resource/global-advanced-threat-landscape-2019-focus-on-cloud/]]|Report|
|2019.06.25|DataCenter Mag[>img[iCSF/flag_fr.png]]| → [[Vulnérable par excès de confiance en ses fournisseurs de Cloud|http://datacenter-magazine.fr/vulnerables-par-exces-de-confiance-en-ses-fournisseurs-de-cloud/]]|Report CyberArk|
|2019.06.26|isBuzzNews| → [[CyberArk Report Shows 70 Percent of UK Organisations Rely Primarily on Cloud Providers to Protect Their Workloads|https://www.informationsecuritybuzz.com/study-research/survey-organisations-increase-risk-with-over-reliance-on-cloud-vendors-for-security/]]|Report CyberArk|
|2019.06.26|TEISS| → [[Majority of enterprises relying on cloud providers to secure their data|https://www.teiss.co.uk/threats/cloud-providers-data-security/]]|Report CyberArk|
|2019.06.27|TechRepublic| → [[How organizations face risks by relying too much on cloud vendors for security|https://www.techrepublic.com/article/how-organizations-face-risks-by-relying-too-much-on-cloud-vendors-for-security/]]|Report CyberArk|
|2019.06.28|Help Net Security| → [[Over reliance on public cloud vendor security puts data and companies at risk of breach|https://www.helpnetsecurity.com/2019/06/28/public-cloud-vendor-security/]]|Report CyberArk|
|2019.07.08|IT Pro[>img[iCSF/flag_fr.png]]| → [[Les entreprises pêchent par excès de confiance en leurs fournisseurs de Cloud|https://www.itpro.fr/les-entreprises-pechent-par-exces-de-confiance-en-leurs-fournisseurs-de-cloud/]]|Report CyberArk|
|2019.06.26|//Alibaba Cloud//|[[Use a Local Disk Through LocalVolume Provisioner in a Kubernetes Cluster|https://medium.com/@Alibaba_Cloud/use-a-local-disk-through-localvolume-provisioner-in-a-kubernetes-cluster-671ebfd16a69]]|Alibaba Kubernetes|
|2019.06.26|//BitDefender//|[[5 Cloud Security Concerns That Still Keep Cybersecurity Pros Up at Night|https://businessinsights.bitdefender.com/5-cloud-security-concerns-that-still-keep-cybersecurity-pros-up-at-night]]|Threats|
|2019.06.26|//Lacework//|[[Why Linux Servers Need Extra Security|https://www.lacework.com/linux-servers-need-extra-security/]]|Linux Containers|
|2019.06.26|//Capsule8//|Présentation à 'QCon NYC' : [[Security Delusions|https://swagitda.com/speaking/Security-Delusions-Kelly-Shortridge-QConNYC-2019.pdf]] (pdf)|Misc|
|>|>|>|!2019.06.25|
|2019.06.25|Global Security Mag[>img[iCSF/flag_fr.png]]|[[63% Le chiffre CenturyLink sécurité / cloud du 2ème trimestre 2019|http://www.globalsecuritymag.fr/63-Le-chiffre-CenturyLink-securite,20190626,88548.html]]|Report|
|2019.06.25|CISO Mag|[[IoT Security: Needed now more than ever|https://www.cisomag.com/iot-security-needed-now-more-than-ever/]]|IoT|
|2019.06.25|InfoRisk Today|[[The Evolution of IAM in the Cloud|https://www.inforisktoday.com/interviews/evolution-iam-in-cloud-i-4362]] ([[podcast|https://0267f973c7f511eda6a4-193e28812cee85d6e20ea22afb83e185.ssl.cf1.rackcdn.com/evolution-iam-in-cloud-directLink-6-i-4362.mp3]])|CSA IAM|
|2019.06.25|DZone|[[Cloud-Native Best Business Practices (Part 2): Why Cattle, Not Pets|https://dzone.com/articles/cloud-native-best-business-practices-part-2-why-ca]] (2/7)|Misc|
|2019.06.25|BetaNews|[[Cloud identity solution lets developers deliver passwordless login and MFA|https://betanews.com/2019/06/25/cloud-identity-developers-passwordless-mfa/]]|Authentiction|
|2019.06.25|Team ARIN|[[Why is IPv6 faster?|https://teamarin.net/2019/06/25/why-is-ipv6-faster/]]|IPv6|
|2019.06.25|//Security Intelligence (IBM)//|[[Why Doxing Is the Dr. Jekyll and Mr. Hyde of Cloud Security|https://securityintelligence.com/posts/why-doxing-is-the-dr-jekyll-and-mr-hyde-of-cloud-security/]]|Misc|
|2019.06.25|//Alibaba Cloud//|[[Scanning and Intrusion Script Analysis for DockerKiller Threat|https://medium.com/@Alibaba_Cloud/scanning-and-intrusion-script-analysis-for-dockerkiller-threat-9a1f4d6a68d9]]|Docker Attacks |
|2019.06.25|//Alibaba Cloud//|[[How to Protect Your Websites from HTTP(S) Flood|https://medium.com/@Alibaba_Cloud/how-to-protect-your-websites-from-http-s-flood-906429f7a30f]]|DDoS Protection|
|2019.06.25|//Sensu//|[[Monitoring Kubernetes, part 4: the Sensu-native approach|https://blog.sensu.io/monitoring-kubernetes-part-4-the-sensu-native-approach]]|K8s Docker Monitoring|
|2019.06.25|//Microsoft//|[[OneDrive Personal Vault brings added security to your most important files and OneDrive gets additional storage options|https://www.microsoft.com/en-us/microsoft-365/blog/2019/06/25/onedrive-personal-vault-added-security-onedrive-additional-storage/]]|OneDrive PersonalVault|
|2019.06.25|Redmond Channel Partner| → [[Microsoft Expands OneDrive Storage, Debuts 'Personal Vault'|https://rcpmag.com/articles/2019/06/26/microsoft-spruces-up-onedrive.aspx]]|OneDrive PersonalVault|
|2019.06.25|BetaNews| → [[Microsoft OneDrive Personal Vault makes it easy to secure files in the cloud|https://betanews.com/2019/06/25/microsoft-onedrive-personal-vault/]]|OneDrive PersonalVault|
|2019.06.25|!//Kenna Security//|[[One-fifth of the most-used Docker containers have at least one critical vulnerability|https://www.kennasecurity.com/one-fifth-of-the-most-used-docker-containers-have-at-least-one-critical-vulnerability/]]|Containers Docker|
|2019.07.08|Container Journal| → [[Research Finds Loads of Container Vulnerabilities|https://containerjournal.com/2019/07/08/research-finds-loads-of-container-vulnerabilities/]]|Containers Docker|
|2019.06.25|//Symantec//|[[Three Ways to Get a Handle on Cloud Security|https://www.symantec.com/blogs/feature-stories/three-ways-get-handle-cloud-security]]|Misc|
|2019.06.25|//Whistic//|[[Phase 3 of The 5 Phases of Responding to a Security Questionnaire & How To Get Proactive (3/5)|https://blog.whistic.com/phase-3-of-the-5-phases-of-responding-to-a-security-questionnaire-how-to-get-proactive-90b047830a0b]]|Misc|
|2019.06.25|//Lacework//|[[Container Orchestration Demands a Security Focus|https://www.lacework.com/container-orchestration-security-focus/]]|Containers|
|2019.06.25|//Fugue//|[[The 5 Biggest Myths in Cloud Security (And How to Avoid Getting Burned)|https://www.fugue.co/blog/the-5-biggest-myths-in-cloud-security-and-how-to-avoid-getting-burned]]|Misc|
|2019.06.25|//Google Cloud//|[[Use security codes to log in where security keys won't work directly|https://gsuiteupdates.googleblog.com/2019/06/security-codes-and-security-keys.html]]|GCP Authentication|
|2019.06.25|//Google Cloud//|[[Greater protection and control with three Gmail security tools|https://gsuiteupdates.googleblog.com/2019/06/gmail-security-tools-sandbox-phishing-malware-confidential.html]]|GCP|
|2019.06.26|SecurityWeek| → [[Google Allows G Suite Users to Log In With Security Codes|https://www.securityweek.com/google-allows-g-suite-users-log-security-codes]]|GCP Authentication|
|2019.06.25|//Forcepoint//|[[Accelerating digital transformation with Secure SD-WAN|https://www.forcepoint.com/blog/insights/accelerating-digital-transformation-secure-sd-wan]]|SDWAN|
|2019.06.25|//Tresorit//|[[Cloud Storage Security: How to Secure Your Data in the Cloud?|https://tresorit.com/blog/cloud-storage-security/]]|Storage Authentication|
|2019.06.25|//Tresorit//|[[WeTransfer Security Fail: Files sent to wrong recipients for two days|https://tresorit.com/blog/wetransfer-security-fail/]]|Failure|
|2019.06.25|//Managed Methods//|[[3 Steps To Secure Cloud Storage|https://managedmethods.com/blog/3-steps-to-secure-cloud-storage/]]|Storage|
|2019.06.25|//Microsoft//|![[Top 20 use cases for CASBs|https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3nibJ]] (pdf)|CASB|
|2019.06.25|MSSP Alert|[[Multi-Cloud Security: What's the MSSP Opportunity?|https://www.msspalert.com/cybersecurity-guests/multi-cloud-security-whats-the-mssp-opportunity/]]|Multi_Cloud|
|>|>|>|!2019.06.24|
|2019.06.24|Public Technology|[[NCSC warns over 'password spray' attacks of council cloud services|https://www.publictechnology.net/articles/news/ncsc-warns-over-%E2%80%98password-spray%E2%80%99-attacks-council-cloud-services]]|Attacks|
|2019.06.24|TechWire Asia|[[Why IT asset management is still relevant in the cloud era|https://techwireasia.com/2019/06/why-it-asset-management-is-still-relevant-in-the-cloud-era/]]|Inventory|
|2019.06.24|Cloudflare|![[Route Leak Impacting Cloudflare|https://www.cloudflarestatus.com/incidents/46z55mdhg0t5]]|Outage AWS Cloudflare|
|2019.06.24|Bleeping Computer| → [[BGP Route Leak Causes Cloudflare and Amazon AWS Problems|https://www.bleepingcomputer.com/news/technology/bgp-route-leak-causes-cloudflare-and-amazon-aws-problems/]]|Outage AWS Cloudflare|
|2019.06.24|Cloudflare|![[How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today|https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/]]|Outage AWS Cloudflare|
|2019.06.24|Bleeping Computer| → [[Cloudflare and Amazon AWS Outages Affecting Sites Everywhere|https://www.bleepingcomputer.com/news/technology/cloudflare-and-amazon-aws-outages-affecting-sites-everywhere/]]|Outage AWS Cloudflare|
|2019.06.24|Cloud Native Computing Foundation|[[Demystifying Containers - Part I: Kernel Space|https://www.cncf.io/blog/2019/06/24/demystifying-containers-part-i-kernel-space/]]|Containers|
|2019.06.24|DZone|[[Data Security: An Integral Aspect of Cloud Computing|https://dzone.com/articles/data-security-an-integral-aspect-of-cloud-computin]]|Misc|
|2019.06.24|DZone|[[Coming to Grips with Kubernetes Storage|https://dzone.com/articles/getting-to-grips-with-kubernetes-storage]]|K8s|
|2019.06.24|DZone|[[Cloud-Native Best Business Practices (Part 1): Containerization Cuts Costs|https://dzone.com/articles/cloud-native-best-business-practices-part-1-contai]] (1/7)|Best_Practices|
|2019.06.24|searchCloud Computing|[[Debunk 10 common public cloud myths|https://searchcloudcomputing.techtarget.com/tip/Debunk-10-common-public-cloud-myths]]|Perception|
|2019.06.24|The Daily Swig|[[Hack and slash: Cloud-based video games model opens up fresh security risks|https://portswigger.net/daily-swig/hack-and-slash-cloud-based-video-games-model-opens-up-fresh-security-risks]]|Games Risks|
|2019.06.24|CSO|[[How to use the new Microsoft 365 Business Conditional Access feature|https://www.csoonline.com/article/3404471/how-to-use-the-new-microsoft-365-business-conditional-access-feature.html]]|O365|
|2019.06.24|Gartner|[[Gartner's Top 10 Security Projects for 2019 - Container Security Makes the List|https://www.stackrox.com/post/2019/06/gartners-top-10-security-projects-for-2019-container-security-makes-the-list/]] (1/3)|Containers|
|2019.06.24|Federal News Network|[[Under cloud smart, application rationalization takes center stage|https://federalnewsnetwork.com/cloud-computing/2019/06/under-cloud-smart-application-rationalization-takes-center-stage/]]|CloudSmart|
|2019.06.24|//AlienVault//|[[An overview on insider attacks and threat awareness|https://www.alienvault.com/blogs/security-essentials/insider-threats]]|InsiderThreats|
|2019.06.24|//AWS//|![[AWS Security Hub Now Generally Available|https://aws.amazon.com/blogs/aws/aws-security-hub-now-generally-available/]] ([[podcast|https://d2908q01vomqb2.cloudfront.net/polly/da4b9237bacccdf19c0760cab7aec4a8359010b0amazon_polly_29216.mp3]])|AWS Monitoring|
|2019.06.25|//AWS//| → [[Portail AWS Security Hub|https://aws.amazon.com/security-hub/AWS Monitoring]]|AWS Monitoring|
|2019.06.25|SecurityWeek| → [[AWS Announces General Availability of Security Hub|https://www.securityweek.com/aws-announces-general-availability-security-hub]]|AWS Monitoring|
|2019.06.25|The Register| → [[AWS Security Hub takes half-hearted bite out of SIEM vendors' lunches|https://www.theregister.co.uk/2019/06/25/aws_security_hub_launch/]]|AWS Monitoring|
|2019.06.25|HelpMent Security| → [[AWS Security Hub aggregates security alerts and conducts continuous compliance checks|https://www.helpnetsecurity.com/2019/06/25/aws-security-hub/]]|AWS Monitoring|
|2019.06.24|//AWS//|![[AWS Control Tower is now generally available|https://aws.amazon.com/about-aws/whats-new/2019/06/aws-control-tower-is-now-generally-available/]]|AWS Monitoring|
|2019.06.26|//AWS//| → [[AWS Control Tower - Set up & Govern a Multi-Account AWS Environment|https://aws.amazon.com/blogs/aws/aws-control-tower-set-up-govern-a-multi-account-aws-environment/]] ([[podcast|https://d2908q01vomqb2.cloudfront.net/polly/da4b9237bacccdf19c0760cab7aec4a8359010b0amazon_polly_29258.mp3]])|AWS Monitoring|
|2019.06.26|//AWS//| → [[AWS Announces General Availability of AWS Control Tower|https://vmblog.com/archive/2019/06/26/aws-announces-general-availability-of-aws-control-tower.aspx]]|AWS Monitoring|
|2019.06.26|//AWS//| → [[AWS Control Tower|https://aws.amazon.com/controltower]]|AWS Monitoring|
|2019.06.24|//Tripwire//|[[A Google Cloud Platform Primer with Security Fundamentals|https://www.tripwire.com/state-of-security/security-data-protection/cloud/google-cloud-platform/]]|GCP|
|2019.06.24|//AlienVault//|[[An overview on insider threat awareness|https://www.alienvault.com/blogs/security-essentials/insider-threats]]|InsiderThreats|
|2019.06.24|//Symantec//|![[Symantec's Cloud Security Threat - Report Shines a Light on the Cloud's Real Risks|https://www.symantec.com/blogs/feature-stories/symantecs-cloud-security-threat-report-shines-light-clouds-real-risks]] ([[pdf|https://resource.elq.symantec.com/LP=7326]])|Report|
|2019.06.24|BetaNews| → [[Over half of enterprises think security is lagging behind cloud adoption|https://betanews.com/2019/06/24/security-lagging-behind-cloud/]]|Report|
|2019.06.26|Help Net Security| → [[Cloud security exacerbated by immature security practices|https://www.helpnetsecurity.com/2019/06/26/cloud-security-issues/]]|Report|
|2019.06.24|//Microsoft//|[[5 principles driving a customer-obsessed identity strategy at Microsoft|https://www.microsoft.com/security/blog/2019/06/24/5-principles-driving-customer-obsessed-identity-strategy-microsoft/]]|Identify|
|2019.06.24|//TrendMicro//|[[Addressing Security Challenges in Hybrid Cloud Computing Environments|https://pupuweb.com/address-security-challenges-hybrid-cloud/]]|Hybrid_Cloud|
|2019.06.24|//AlertLogic//|[[The Road to AWS re:Inforce 2019 - Unique Perspective from a Customer|https://blog.alertlogic.com/the-road-to-aws-reinforce-2019-unique-perspective-from-a-customer/]]|AWS Conference|
|2019.06.24|//Rapid7//|[[Rapid7 Releases Cloud Configuration Assessment Capabilities in InsightVM|https://blog.rapid7.com/2019/06/24/rapid7-releases-cloud-configuration-assessment-capabilities-in-insightvm/]]|Assessment|
|2019.06.24|Medium|[[An Introduction to Docker for Novices|https://medium.com/techloop/an-introduction-to-docker-for-novices-ec5dec797ce6]]|Docker|
|2019.06.24|//AWS//|[[Introducing the AWS Security Incident Response Whitepaper|https://aws.amazon.com/blogs/security/introducing-the-aws-security-incident-response-whitepaper/]]|Incident_Response|
!CSA EMEA Summit @ Cyber Week 2019[>img(250px,auto)[iCSA/201906IL-TelAviv.jpg]]
Le ''CSA EMEA Summit'' aura lieu le 24 juin 2019 de 9h à 16h à l'Université de Tel Aviv (//Auditorium Fastlicht//, dans le bâtiment //Mexico//)
C'est la première fois que la [[Cloud Security Alliance]] organise une conférence en Israël.
Les thèmes abordés seront :
* la conception de Cloud pour des activités critiques
* des retours d'expérience sur la sécurité de Cloud d'enterprises
* le RGPD et le Cloud
* les facteurs d'accélération comme l'intelligence artificielle, le blockchain et l'Internet des Objets.
__Programme :__
|ssTabl99|k
|08:30-09:00|Enregistrement|
|09:00-09:15|Introduction (Jim Reavis, Cloud Security Alliance)|
|09:15-10:15|!"Cyber Security Risks in Supply Chain: Nation Level Guidelines and Course of Action" (Yuval Segev, Israel National Cyber Directorate)|
|10:15-10:30|Pause|
|10:30-12:00|!"Lessons Learned from an Award-Winning Cloud Security Program" (Jairo Orea, Kimberly-Clark)|
|~|"Israel Innovation & Cloud Computing" (Ofer Smadari, Luminate Security/Symantec)|
|12:00-13:00|Pause déjeuner|
|13:00-14:30|!"The Cloud First Strategy to Enable the Italian Government Digitalization" (Dr. Nicola Sfondrini, Cloud Security Alliance)|
|~|!"The State of Auditing and Forensics Activities in Spain" (Ivan Robles, SOTHIS)|
|~|!"Security @ Internet Cloud Based Companies" (Eitan Satmary, Wix.com)|
|14:30-15:00|Pause|
|15:00-16:15|!"Blockchain & Cloud" (Jim Reavis, Cloud Security Alliance)|
|~|!"Cloud Octagon model: Cloud Security Risk Management in Financial Services" (Olaf Streutker, ABN AMRO Bank)|
|16:15-16:30|Conclusion : Jim Reavis, Yuval Segev, Jairo Orea|
Pour le programme détaillé et s'inscrire :
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j6oP/|https://cloudsecurityalliance.fr/go/j6oP/]]''
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j6oE/|https://cloudsecurityalliance.fr/go/j6oE/]]''
!"//Cloud Octagon Model//"
[>img(150px,auto)[iCSA_/C8M.png]]Une approche pour évaluer les risques dans le SaaS.
<<<
//Ce livre blanc s'inspire des défis de sécurité dans les environnements Cloud et propose une approche logique pour traiter les aspects de sécurité d'une manière holistique en introduisant le "Modèle Octogonal du Cloud" (ou //Cloud Octagon Model//) . Ce modèle facilite l'identification, la représentation et l'évaluation des risques dans le contexte de la mise en œuvre de l'informatique dématérialisée par de multiples acteurs (juridique, gestion des risques liés à l'information, gestion des risques opérationnels, conformité, architecture, approvisionnement, protection des données personnelles, équipes de développement et de sécurité).//
[...]
//Les objectifs de ce modèle sont de réduire les risques associés à l'informatique dans le Cloud, d'améliorer l'efficacité de l'équipe de gestion des risques, d'améliorer la gestion de la solution et enfin, d'améliorer encore la sécurité.//
[...]
//Le livre blanc traite des 60 contrôles de sécurité inclus dans le modèle et qui sont répartis sur les faces de l'octogone.//
[...]
//Les 8 dimensions sont les suivantes ://
* //Core Functions//
* //Data Classification//
* //Countries//
* //Procurement//
* //IT Governance//
* //Service Model//
* //Deployment & Engineering//
* //Sub Service Providers//
La représentation de l'octogone en :+++*[plus large »]> [img(600px,auto)[iCSA_/OctogonModel.png]] ===
<<<
* Communiqué de presse ⇒ ''[[CloudSecurityAlliance.fr/go/j6oa/|https://cloudsecurityalliance.fr/go/j6oa/]]''
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j6oo/|https://cloudsecurityalliance.fr/go/j6oo/]]''
!"//How to Improve the Accuracy and Completeness of Cloud Computing Risk Assessments?//"
[>img(150px,auto)[iCSA_/C8M.png]]Article de blog publié le 24 juin 2019 — Rédigé par Jim de Haas, cloud security expert, ABN AMRO Bank.
<<<
//Ce livre blanc s'inspire des défis de sécurité dans les environnements Cloud et propose une approche logique pour traiter les aspects de sécurité d'une manière holistique en introduisant le "Modèle Octogonal du Cloud" (ou //Cloud Octagon Model//) . Ce modèle facilite l'identification, la représentation et l'évaluation des risques dans le contexte de la mise en œuvre de l'informatique dématérialisée par de multiples acteurs (juridique, gestion des risques liés à l'information, gestion des risques opérationnels, conformité, architecture, approvisionnement, protection des données personnelles, équipes de développement et de sécurité).//
[...]
//Les objectifs de ce modèle sont de réduire les risques associés à l'informatique dans le Cloud, d'améliorer l'efficacité de l'équipe de gestion des risques, d'améliorer la gestion de la solution et enfin, d'améliorer encore la sécurité.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/06/24/how-to-improve-the-accuracy-and-completeness-of-cloud-computing-risk-assessments/]] sur le blog de la CSA
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j6oo/|https://cloudsecurityalliance.fr/go/j6oo/]]''
|!Juin|!Sources|!Titres et Liens|!Synthèses|
|2019.06.24|CSA|[[Cloud Security Alliance Releases Cloud Octagon Model to Facilitate Cloud Computing Risk Assessment|https://cloudsecurityalliance.org/articles/csa-releases-cloud-octagon-model-to-facilitate-cloud-computing-risk-assessment/]]|Innovative model challenges enterprises to investigate risk from perspective other than that of the cloud service provider|
!!1 - Informations CSA de la semaine du 17 au 23 juin 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Conférence : Prolongation d'un mois de l'appel à présentations pour le CSA Congress EMEA 2019+++*[»]> <<tiddler [[2019.06.21 - Encore un mois pour soumettre un sujet au CSA Congress EMEA 2019]]>>===
* Appels à commentaires : "''Agile Security: The Integration of Security, Development and Operations''"+++*[»]> <<tiddler [[2019.06.18 - Appel à commentaires : document 'Agile Security: The Integration of Security, Development and Operations']]>>===
* Blog : "''La cryptographie hybride pour contrer la menace quantique''"+++*[»]> <<tiddler [[2019.06.17 - Blog : La cryptographie hybride pour contrer la menace quantique]]>>===
* Publication : "''Mitigating the Quantum Threat with Hybrid Cryptography''"+++*[»]> <<tiddler [[2019.06.17 - Publication : Mitigating the Quantum Threat with Hybrid Cryptography]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.06.23 - Veille Hebdomadaire - 23 juin]] avec une cinquantaine de liens dont :
* Supervision Azure et O365
* Liste de contrôles pour tests d'intrusion dans le Cloud
* Microsoft interdirait à ses employés d'utiliser certains services Cloud
* Cloud et défense en profondeur+++*[»]>
|2019.06.20|//Google Cloud//|![[Google Cloud networking in depth: three defense-in-depth principles for securing your environment|https://cloud.google.com/blog/products/networking/google-cloud-networking-in-depth-three-defense-in-depth-principles-for-securing-your-environment]]|GCP Architecture|
===
* Rapport : McAfee "Cloud Adoption and Risk Report"+++*[»]>
|2019.06.17|//McAfee//|![[Cloud Adoption and Risk Report - Business Growth Edition|https://www.mcafee.com/enterprise/en-us/solutions/lp/cloud-adoption-risk-report-business-growth-edition.html]]|Report|
|2019.06.18|CBR Online| → [[Misconfigured Servers Still a Key Risk for Companies Moving to the Cloud|https://www.cbronline.com/news/misconfigured-servers]]|Report|
|2019.06.20|InfoSecurity Mag| → [[Only Quarter of IaaS Users Can Audit Config Settings|https://www.infosecurity-magazine.com/news/quarter-iaas-users-can-audit-1-1/]]|Report|
|2019.06.21|TechWire Asia| → [[The average enterprise organization now uses 1,935 cloud services|https://techwireasia.com/2019/06/the-average-enterprise-organization-now-uses-1935-cloud-services/]]|Misc|
===
* Outils : CloudGoat version 2+++*[»]>
|2019.06.23|//Rhino Security Labs//|![[CloudGoat 2: The New & Improved "Vulnerable by Design" AWS Deployment Tool|https://rhinosecuritylabs.com/aws/introducing-cloudgoat-2/]] |CloudGoat Challenge|
===
* __Divers__ : menaces, pannes, Kubernetes, Azure/AWS/GCP...
!!3 - Agenda
* ''24 juin'' : ''CSA EMEA Summit'' à Tel Aviv+++*[»]> <<tiddler [[2019.06.24 - CSA EMEA Summit 2019 - Tel Aviv]]>>===
* ''28 __juillet__'' : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.06.21 - Encore un mois pour soumettre un sujet au CSA Congress EMEA 2019]]>>===
!!Veille Hebdomadaire - 23 juin 2019
|!Juin|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.06.23|
|2019.06.23|Protego|[[Lock-Ins vs. Cloud-Agnostic|https://www.protego.io/serverless-show-lock-ins-vs-cloud-agnostic/]]|Serverless IAM|
|2019.06.23|Steve Gathof|[[Deploying a Honeypot on AWS|https://medium.com/@sudojune/deploying-a-honeypot-on-aws-5bb414753f32]]|Detection AWS HoneyPot|
|2019.06.23|//Rhino Security Labs//|![[CloudGoat 2: The New & Improved "Vulnerable by Design" AWS Deployment Tool|https://rhinosecuritylabs.com/aws/introducing-cloudgoat-2/]] |CloudGoat Challenge|
|>|>|>|!2019.06.22|
|2019.06.22|CloudWeek Paris|[[Sélectionner son prestataire cloud : la check-list|https://cloudweek.paris/fr/selectionner-son-prestataire-cloud-la-check-list/]]|Providers|
|2019.06.22|Analytics Insight|[[Here is the Secret Behind Getting that Cloud Computing Job|https://www.analyticsinsight.net/here-is-the-secret-behind-getting-that-cloud-computing-job/]]|Jobs|
|>|>|>|!2019.06.21|
|2019.06.21|GBHackers on Security|![[Cloud Computing Penetration Testing Checklist & Important Considerations|https://gbhackers.com/cloud-computing-penetration-testing-checklist-important-considerations/]]|PenTesting|
|2019.06.21|DZone|[[What Is a Container, Anyway?|https://dzone.com/articles/what-is-a-container-anyway-born-sql]]|Containers|
|2019.06.21|DZone|[[A Production-Ready Checklist for Kubernetes|https://dzone.com/articles/a-production-ready-checklist-for-kubernetes]]|K8s|
|2019.06.21|//Infosec Island//|[[Today's Top Public Cloud Security Threats …And How to Thwart Them|http://www.infosecisland.com/blogview/25203-Todays-Top-Public-Cloud-Security-Threats-And-How-to-Thwart-Them.html]]|Threats|
|2019.06.21|GeekWire|[[No Slack for you! Microsoft puts rival app on internal list of 'prohibited and discouraged' software|https://www.geekwire.com/2019/no-slack-microsoft-puts-rival-app-internal-list-prohibited-discouraged-software/]]|Misc|
|2019.06.22|BetaNews|! → [[Leaked: Microsoft bans employees from using Slack, Kaspersky… even GitHub use is discouraged|https://betanews.com/2019/06/22/microsoft-banned-prohibited-list/]]|Misc|
|2019.06.21|TechRepublic|[[How to view your privacy settings for Microsoft Office 365|https://www.techrepublic.com/article/how-to-view-your-privacy-settings-for-microsoft-office-365/]]|O365|
|2019.06.21|Informatique News|[[Qui est responsable de la sécurité du cloud ? (en anglais)|https://www.informatiquenews.fr/qui-est-responsable-de-la-securite-du-cloud-en-anglais-62466]]|Misc|
|2019.06.21|Infosec Island|[[Today's Top Public Cloud Security Threats… And How to Thwart Them|http://www.infosecisland.com/blogview/25203-Todays-Top-Public-Cloud-Security-Threats-And-How-to-Thwart-Them.html]]|Cloud Misc.|
|2019.06.21|//Cloud Management Insider//|[[5 Stages of Cloud Security Automation framework|https://www.cloudmanagementinsider.com/cloud-security-automation-framework/]]|Survey Firemon|
|2019.06.21|//Teradici//|[[Hybrid and Multicloud Deployments: A Survey of Factors Driving Tomorrow's Decisions|https://connect.teradici.com/blog/hybrid-and-multicloud-deployments-survey]]|Report Multi_Cloud|
|2019.06.21|//Teradici//| → [[The State of Multicloud - Virtual Desktop Deployments in 2019|https://connect.teradici.com/multicloud]]|Report Multi_Cloud|
|2019.06.21|//Google Cloud//|[[Scan your Cloud Storage buckets for sensitive data using Cloud DLP|https://cloud.google.com/blog/products/storage-data-transfer/scan-your-cloud-storage-buckets-for-sensitive-data-using-cloud-dlp]]|DLP|
|2019.06.21|//BitDefender//|[[Office 365 Proves Popular with Phishers|https://businessinsights.bitdefender.com/office-365-proves-popular-with-phishers]]|O365 Phishing|
|2019.06.21|//Cobalt//|[[How To Conduct AWS Penetration Testing & Vulnerability Scanning|https://blog.cobalt.io/what-you-need-to-know-about-aws-pentesting-d2aee7a279de]]|AWS PenTesting|
|>|>|>|!2019.06.20|
|2019.06.20|DevOps|[[The Taxonomy of DataOps|https://devops.com/the-taxonomy-of-dataops/]]|DevOps|
|2019.06.20|DevOps|[[Building a Security Feedback Process for DevOps|https://devops.com/building-a-security-feedback-process-for-devops/]]|DevOps|
|2019.06.20|//Microsoft//|[[Investigating identity threats in hybrid cloud environments|https://www.microsoft.com/security/blog/2019/06/20/investigating-identity-threats-hybrid-cloud-environments/]]|Azure Threats|
|2019.06.20|//Google Cloud//|![[Google Cloud networking in depth: three defense-in-depth principles for securing your environment|https://cloud.google.com/blog/products/networking/google-cloud-networking-in-depth-three-defense-in-depth-principles-for-securing-your-environment]]|GCP Architecture|
|2019.06.20|//Google Cloud//|[[5 frequently asked questions about Google Cloud Anthos|https://cloud.google.com/blog/topics/hybrid-cloud/5-frequently-asked-questions-about-google-cloud-anthos]]|GCP Anthos|
|2019.06.20|//Protego//|[[Is Serverless Security Really Application Security or Simply New Techniques|https://www.protego.io/serverless-show-is-serverless-security-really-application-security-or-new-techniques/]]|Serverless|
|2019.06.20|//Synopsys//|[[Using the cloud as a cheap DevSecOps lab environment|https://www.synopsys.com/blogs/software-security/devsecops-lab-cloud/]]|DevSecOps|
|2019.06.20|//Heficed//|[[Google Cloud Outages Expose Vulnerability of Major Providers, Underscore Benefits of Niche Cloud Computing Players|https://vmblog.com/archive/2019/06/20/google-cloud-outages-expose-vulnerability-of-major-providers-underscore-benefits-of-niche-cloud-computing-players.aspx]]|Market|
|2019.06.20|//NeuVector//|[[How to Mitigate the SACK Panic DDoS Attack|https://neuvector.com/container-security/mitigate-sack-panic-ddos-attack/]]|CVE-2019-11477|
|2019.06.20|//McAfee//|[[3 Ways to Secure Enterprise Shadow IT|https://www.skyhighnetworks.com/cloud-security-blog/3-ways-to-secure-enterprise-shadow-it/]]|ShadowIT|
|2019.06.20|Security Boulevard|[[Who's Responsible for a Cloud Breach? It Depends|https://securityboulevard.com/2019/06/whos-responsible-for-a-cloud-breach-it-depends/]]|CSA|
|>|>|>|!2019.06.19|
|2019.06.19|AWS Insider|![[Report: Kubernetes May Drive GCP Challenge to AWS Cloud Supremacy Among Developers|https://awsinsider.net/articles/2019/06/19/devops-research.aspx]]|K8s|
|2019.06.19|Digital Insurance|[[Cloud adoptions are obscuring data visibility, says new study|https://www.dig-in.com/news/cloud-adoptions-are-obscuring-data-visibility-says-new-study]]|CSA|
|2019.06.19|DZone|[[Running Local Docker Images in Kubernetes|https://dzone.com/articles/running-local-docker-images-in-kubernetes-1]]|K8s Docker|
|2019.06.19|DZone|[[Docker Swarm or Kubernetes?: Is It the Right Question to Ask?|https://dzone.com/articles/quotdocker-swarm-or-kubernetesquot-is-it-the-right]]|K8s Docker|
|2019.06.19|DZone|[[Cloud Computing Security: Secure Your Data, Not Just Your Perimeter|https://dzone.com/articles/cloud-computing-security-secure-your-data-not-just]]|Misc|
|2019.06.19|//OCD-Tech//|[[Don't Let the Cloud Rain on Your DFARS Compliance|https://ocd-tech.com/2018/06/19/dont-let-the-cloud-rain-on-your-dfars-compliance/]]|Compliance|
|2019.06.19|//Coalfire//|[[Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel|https://www.coalfire.com/The-Coalfire-Blog/June-2019/Introducing-Slackor]]|Tools C2 Slack|
|2019.06.19|SANS|[[JumpStart Guide for Endpoint Security in AWS|https://www.sans.org/reading-room/whitepapers/analyst/jumpstart-guide-endpoint-security-aws-39020]]|Analysis Misc.|
|>|>|>|!2019.06.18|
|2019.06.18|TechTarget|[[As cloud complexities increase, cybersecurity skills gap worsens|https://searchcloudsecurity.techtarget.com/feature/As-cloud-complexities-increase-cybersecurity-skills-gap-worsens]]|Skills|
|2019.06.18|Solutions Review|[[The Definitive Azure Certification List for Businesses and IT Departments|https://solutionsreview.com/cloud-platforms/the-definitive-azure-certification-list-for-businesses-and-it-departments/]]|Certifications|
|2019.06.18|Dark Reading|[[As Cloud Adoption Grows, DLP Remains Key Challenge|https://www.darkreading.com/cloud/as-cloud-adoption-grows-dlp-remains-key-challenge/d/d-id/1335000]]|DLP|
|2019.06.18|CBR Online|[[Misconfigured Servers Still a Key Risk for Companies Moving to the Cloud|https://www.cbronline.com/news/misconfigured-servers]]|Report|
|2019.06.18|//Diamenti//|[[IT Operations Increasingly Driving Container Use, New Diamanti Survey Shows|https://www.globenewswire.com/news-release/2019/06/18/1870139/0/en/IT-Operations-Increasingly-Driving-Container-Use-New-Diamanti-Survey-Shows.html]] ([[pdf|https://diamanti.com/wp-content/uploads/2019/06/Diamanti_2019_Container_Survey.pdf]])|Report Containers|
|2019.06.18|//Rhino Security Labs//|[[Escalating AWS IAM Privileges with an Undocumented CodeStar API|https://rhinosecuritylabs.com/aws/escalating-aws-iam-privileges-undocumented-codestar-api/]]|Flaw|
|2019.06.18|//Summit Route//|[[AWS IAM Managed Policy Review|https://summitroute.com/blog/2019/06/18/aws_iam_managed_policy_review/]]|AWS IAM|
|2019.06.18|//Microsoft//|[[Announcing the preview of Microsoft Azure Bastion|https://azure.microsoft.com/en-us/blog/announcing-the-preview-of-microsoft-azure-bastion/]]|Azure Bastion|
|2019.06.18|//Symantec//|[[4 Things Developers Should Know About Security in the Age of DevSecOps|https://devops.com/4-things-developers-should-know-about-security-in-the-age-of-devsecops/]]|DevSecOps|
|2019.06.18|//PUPUWEB//|[[Business Continuity (BC) / Disaster Recovery (DR) Best Practices in Cloud Computing|https://pupuweb.com/business-continuity-disaster-recovery-cloud/]]|BCP DRP DRaaS|
|2019.06.18|//Armor//|[[Security in the Cloud: Google Cloud Platform|https://www.armor.com/blog/security-in-the-cloud-google-cloud-platform/]]|GCP|
|>|>|>|!2019.06.17|
|2019.06.17|Gouvernement du Canada |![[Stratégie d'adoption de l'informatique en nuage du gouvernement du Canada : Mise à jour de 2018|https://www.canada.ca/fr/gouvernement/systeme/gouvernement-numerique/technologiques-modernes-nouveaux/services-informatique-nuage/strategie-adoption-information-nuage-gouvernement-canada.html]]|Government Canada|
|2019.06.17|Government of Canada | → [[Government of Canada Cloud Adoption Strategy: 2018 update|https://www.canada.ca/en/government/system/digital-government/modern-emerging-technologies/cloud-services/government-canada-cloud-adoption-strategy.html]]|Government Canada|
|2019.06.17|0x00sec|![[A Blue Team guide to Azure & Office 365 monitoring|https://0x00sec.org/t/a-blue-team-guide-to-azure-office-365-monitoring/14411/]]|Azure O365 Minitoring|
|2019.06.17|DZone|[[Routing External Traffic Into Your Kubernetes Services|https://dzone.com/articles/routing-external-traffic-into-your-kubernetes-serv]]|K8s|
|2019.06.17|UK Authòrity|[[MoJ creates security baseline for Amazon cloud|https://www.ukauthority.com/articles/moj-creates-security-baseline-for-amazon-cloud/]]|AWS baseline|
|2019.06.14|GOV.uk|! → [[Security baseline in the Public Cloud|https://mojdigital.blog.gov.uk/2019/06/14/security-baseline-in-the-public-cloud/]]|AWS baseline|
|2019.06.17|TechRepublic|[[How to create an administrator IAM user and group in AWS|https://www.techrepublic.com/article/how-to-create-an-administrator-iam-user-and-group-in-aws/]]|AWS IAM|
|2019.06.17|Brian Warehime|[[Nights Watch - Zero to Hero with AWS GuardDuty|https://medium.com/@brianwarehime_79186/nights-watch-zero-to-hero-with-aws-guardduty-84c8e343c6a4]]|AWS|
|2019.06.17|Javier Olmedo|[[Deploy a private Burp Collaborator Server in Azure|https://medium.com/bugbountywriteup/deploy-a-private-burp-collaborator-server-in-azure-f0d932ae1d70]]|Azure Assessment|
|2019.06.17|CRN|[[The biggest Microsoft Azure security issues you need to know about|https://www.crn.com.au/news/the-biggest-microsoft-azure-security-issues-you-need-to-know-about-526789]]|Azure|
|2019.06.17|CRN|[[The top six cloud security threats to know about in 2019|https://www.crn.com.au/news/the-top-six-cloud-security-threats-to-know-about-in-2019-526779]]|Threats|
|2019.06.17|Solutions Numériques|[[La sécurité juridique du Cloud|https://www.solutions-numeriques.com/dossiers/la-securite-juridique-du-cloud/]]|Legal|
|2019.06.17|DevOps.com|[[Lessons Learned from the Salesforce Outage|https://devops.com/lessons-learned-from-the-salesforce-outage/]]|Outage|
|2019.06.17|Medium|[[Docker Security : Backdooring Images with Dockerscan|https://medium.com/@mayankshah_85820/docker-security-backdooring-images-with-dockerscan-ace5ff65bd39]]|Docker Backdooring|
|2019.06.17|//CompliantCloud//|[[Data Integrity Challenges and the Cloud|https://compliantcloud.com/data-integrity-challenges-and-the-cloud/]]|Integrity|
|2019.06.17|//McAfee//|![[Cloud Adoption and Risk Report - Business Growth Edition|https://www.mcafee.com/enterprise/en-us/solutions/lp/cloud-adoption-risk-report-business-growth-edition.html]]|Report|
|2019.06.18|CBR Online| → [[Misconfigured Servers Still a Key Risk for Companies Moving to the Cloud|https://www.cbronline.com/news/misconfigured-servers]]|Report|
|2019.06.20|InfoSecurity Mag| → [[Only Quarter of IaaS Users Can Audit Config Settings|https://www.infosecurity-magazine.com/news/quarter-iaas-users-can-audit-1-1/]]|Report|
|2019.06.21|TechWire Asia| → [[The average enterprise organization now uses 1,935 cloud services|https://techwireasia.com/2019/06/the-average-enterprise-organization-now-uses-1935-cloud-services/]]|Misc|
!Prolongation d'un mois de l'appel à présentations pour le CSA Congress EMEA 2019
[>img(200px,auto)[iCSF/EasyChair.png][https://cloudsecurityalliance.fr/go/jBjs/]]La date limite pour soumettre un sujet de présentation est reporté jusqu'au ''28 juillet 2019''.
Les propositions doivent être soumises sur le site [[EasyChair|https://cloudsecurityalliance.fr/go/jBjs/]], après création d'un compte utilisateur sur cette plate-forme de référence.
Lien pour soumettre une présentation :
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/jBjs/|https://cloudsecurityalliance.fr/go/jBjs/]]''
Lien vers l'annonce du report :
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j6ld/|https://cloudsecurityalliance.fr/go/j6ld/]]''
Rappel : le ''CSA Congress EMEA'' se déroulera à Berlin les 20 et 21 novembre 2019+++*[»]> <<tiddler [[2019.11.20 - CSA Congress EMEA 2019 - Berlin]]>>===
[>img(100px,auto)[iCSA/CSAdoc.png]]Un appel à commentaires dont la date de clôture est le ''26 juin 2019'' : "''Agile Security: The Integration of Security, Development and Operations''".
<<<
//With the confusion of terminology surrounding the practice of integrating security into DevOps, many businesses fall short of being able to implement it into their modern culture. This whitepaper aims to clarify and standardize an authoritative definition of the intersection between the three aspects of security, development and operations, and use it to generalize the principles of a novel security management approach we call "Agile Security".//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j6iA/|https://cloudsecurityalliance.fr/go/j6iA/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
Article de blog publié le 17 juin — Rédigé par Roberta Faux, Director of Advance Cryptography, BlackHorse Solution
<<<
//[>img(200px,auto)[iCSA/J6HBM.png]]Our new white paper explains the pros and cons of hybrid cryptography. The CSA Quantum-Safe Security Working Group has produced a new primer on hybrid cryptography. This paper, "Mitigating the Quantum Threat with Hybrid Cryptography," is aimed at helping non-technical corporate executives understand how to potentially address the threat of quantum computers on an organization's infrastructure. Topics covered include://
* //Types of hybrids//
* //Cost of hybrids//
* //Who needs a hybrid//
* //Caution about hybrids//
[...]
//__Conclusion__
The migration to quantum resistance is going to be a challenge. It is vital that corporate leaders plan for this now. Organizations need to start asking the following questions://
* //How is your organization dependent on cryptography?//
* //How long does your data need to be secure?//
* //How long will it take you to migrate?//
* //Have you ensured you fully understand the ramifications of migration?//
//Well-informed planning will be key for a smooth transition to quantum-resistant security. Organizations need to start to conduct experiments now to determine unforeseen impacts. Importantly, organizations are advised to seek expert advice so that their migration doesn't introduce new vulnerabilities.
As you prepare your organization to secure against future threats from quantum computers, make sure to do the following://
* //Identify reliance on cryptography//
* //Determine risks//
* //Understand options//
* //Perform a proof of concept//
* //Make a plan//
<<<
*+++*[Détails complémentaires »]> <<tiddler [[2019.06.17 - Publication : Mitigating the Quantum Threat with Hybrid Cryptography]]>>===
* ⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/06/17/hybrid-cryptography-quantum-threat/]] sur le blog de la CSA
!"//Mitigating the Quantum Threat with Hybrid Cryptography//"
<<<
[>img(150px,auto)[iCSA/J6HBM.png]]//Focus of this document is on four hybrid cryptographic schemes which provide both classical security of classical crypto and the quantum security of a quantum-safe system. This document will also provide a background on quantum security and an overview of hybrid schemes.//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j6hq/|https://cloudsecurityalliance.fr/go/j6hq/]]''
!!1 - Informations CSA de la semaine du 10 au 16 juin 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : "''Top 20 des contrôles pour les ERP dans le Cloud''"+++*[»]> <<tiddler [[2019.06.10 - Blog : Top 20 des contrôles pour les ERP dans le Cloud]]>>===
* Publication : "''Top 20 Critical Controls for Cloud Enterprise Resource Planning (ERP) Customers''"+++*[»]> <<tiddler [[2019.06.10 - Publication : Top 20 Critical Controls for Cloud Enterprise Resource Planning (ERP) Customers]]>>===
* Appels à commentaires : "''Top Threats to Cloud Computing 2019''"+++*[»]> <<tiddler [[2019.06.11 - Appel à commentaires : document 'Top Threats to Cloud Computing 2019']]>>===
* Appels à commentaires : "''CSA CCM v3.0.1 Addendum - AICPA TSC 2017''"+++*[»]> <<tiddler [[2019.06.11 - Appel à commentaires : document 'CSA CCM v3.0.1 Addendum - AICPA TSC 2017']]>>===
* Appels à commentaires : "''CSA CCM v3.0.1 Addendum - NIST 800-53 Rev 4 Moderate''"+++*[»]> <<tiddler [[2019.06.11 - Appel à commentaires : document 'CSA CCM v3.0.1 Addendum - NIST 800-53 Rev 4 Moderate']]>>===
* Appels à commentaires : "''CCM v3.0.1 Addendum - Guideline on Effectively Managing Security Services in the Cloud''"+++*[»]> <<tiddler [[2019.06.14 - Appel à commentaires : document 'CCM v3.0.1 Addendum - Guideline on Effectively Managing Security Services in the Cloud']]>>===
* Appels à commentaires : "''Gap Analysis Report on Mapping CCM with Guideline on Effectively Managing Security Service in the Cloud''"+++*[»]> <<tiddler [[2019.06.14 - Appel à commentaires : document 'Gap Analysis Report on Mapping CCM with Guideline on Effectively Managing Security Service in the Cloud']]>>===
!!2 - Veille Web Cloud et Sécurité
Alerte de sécurité
* CVE-2019-0996: //Azure DevOps Server Spoofing Vulnerability//+++*[»]> <<tiddler [[2019.06.30.Alert]]>>===
La [[Veille Web|2019.06.16 - Veille Hebdomadaire - 16 juin]] avec une soixantaine de liens dont :
* Docker : le botnet AESDDoS qui s'infiltre via les API
* Vulnérabilité BlueKeep et Cloud
* AWS S3 et ransomware
* SOC-as-a-Service, DevSecOps
!!3 - Agenda
* ''24 juin'' : ''CSA EMEA Summit'' à Tel Aviv+++*[»]> <<tiddler [[2019.06.24 - CSA EMEA Summit 2019 - Tel Aviv]]>>===
* ''28 juin'' : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
!!Veille Hebdomadaire - 16 juin 2019
|!Juin|!Sources|!Titres et Liens|!Keywords|
|2019.06.16|SecurityAffairs|[[Linux worm spreading via Exim servers hit Azure customers|https://securityaffairs.co/wordpress/87168/hacking/linux-worm-exim-servers.html]]|Attacks Azure|
|2019.06.16|//Cloudflare//|[[Security Compliance at Cloudflare|https://blog.cloudflare.com/security-compliance-at-cloudflare/]]|Compliance|
|2019.06.16|//Tripwire//|[[Adding to the Toolkit - Some Useful Tools for Cloud Security|https://www.tripwire.com/state-of-security/security-data-protection/cloud/useful-tools-cloud-security/]]|Misc|
|>|!|>||
|2019.06.14|Journal du Net[>img[iCSF/flag_fr.png]]|[[Mieux comprendre le Cloud Act et ses enjeux|https://www.journaldunet.com/solutions/expert/71263/mieux-comprendre-le-cloud-act-et-ses-enjeux.shtml]]|Cloud_Act|
|2019.06.14|ITpro[>img[iCSF/flag_fr.png]]|[[L'adoption mondiale du Cloud dans les entreprises|https://www.itpro.fr/ladoption-mondiale-du-cloud-dans-les-entreprises/]]|Misc|
|2019.06.14|DZone|[[Routing external traffic into your Kubernetes services |https://dzone.com/articles/routing-external-traffic-into-your-kubernetes-serv]]|K8s|
|2019.06.14|SafeControl|![[CCSK Domain 3: Legal and contractual issues|https://safecontrols.blog/2019/06/14/ccsk-domain-3-legal-and-contractual-issues/]]|CCSK|
|2019.06.14|The Register|[[You'll always need VMs says, surprise, VMware: Run on any cloud you like and get portability|https://www.theregister.co.uk/2019/06/14/youll_always_need_vms_says_errm_vmware/]]|VM|
|2019.06.14|DevOps.com|[[Portable Security Policies: A DevSecOps Primer|https://devops.com/portable-security-policies-a-devsecops-primer/]]|DevSecOps|
|2019.06.14|Channel Future|[[Understanding container-based automation and proofs of concept are capabilities of even small security teams.|https://www.channelfutures.com/security/containers-and-cybersecurity-ansible-kubernetes-more-to-consider]] ([[code|https://github.com/InteropDemo/interop19-docker]])|Containers Automation|
|2019.06.14|//Microsoft//|[[Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)|https://blogs.technet.microsoft.com/msrc/2019/06/14/prevent-the-impact-of-a-linux-worm-by-updating-exim-cve-2019-10149/]]|Attacks Azure|
|2019.06.14|//Trendmicro//|[[AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs|https://blog.trendmicro.com/trendlabs-security-intelligence/aesddos-botnet-malware-infiltrates-containers-via-exposed-docker-apis/]]|Attacks Docker|
|2019.06.14|Bleeping Computer| → [[Exposed Docker APIs Abused by DDoS, Cryptojacking Botnet Malware|https://www.bleepingcomputer.com/news/security/exposed-docker-apis-abused-by-ddos-cryptojacking-botnet-malware/]]|Attacks Docker|
|2019.06.14|//Whistic//|[[Phase 2 of The 5 Phases of Responding to a Security Questionnaire & How to Get Proactive (2/5)|https://blog.whistic.com/phase-2-of-the-5-phases-of-responding-to-a-security-questionnaire-how-to-get-proactive-d35a839a4a3f]]|Misc|
|2019.06.14|//NetSkope//|[[Evolving the kill chain approach to protect cloud-based applications|https://www.itproportal.com/features/evolving-the-kill-chain-approach-to-protect-cloud-based-applications/]]|KillChain|
|>|!|>||
|2019.06.13|disruptOps|[[The 3-Step Process to Start Monitoring Your AWS Cloud Environments|https://disruptops.com/the-3-step-process-to-start-monitoring-your-aws-cloud-environments/]]|AWS Monitoring|
|2019.06.13|SecurityWeek|[[Security First in the Cloud Wars|https://www.securityweek.com/security-first-cloud-wars]]|Misc|
|2019.06.13|Redmond Channel Partner|[[New Features Added to Microsoft 365 Business Subscriptions|https://rcpmag.com/articles/2019/06/13/microsoft-365-business-features.aspx]]|O365|
|2019.06.13|DevOps.com|[[How to Automate an API Security Program Without Adding Staff|https://devops.com/how-to-automate-an-api-security-program-without-adding-staff/]]|DevOps API|
|2019.06.13|DevOps.com|[[The DevOps Security Stack|https://devops.com/the-devops-security-stack/]]|DevSecOps|
|2019.06.13|//Microsoft//|![[Three ways to get notified about Azure service issues|https://azure.microsoft.com/en-us/blog/three-ways-to-get-notified-about-azure-service-issues/]]|Azure Notification|
|2019.06.13|//Caylent//|[[Examining Kubernetes Persistent Volumes|https://caylent.com/examining-kubernetes-persistent-volumes/]]|K8s|
|2019.06.13|//Lacework//|[[Cloud Controls to Major Tom: A Quick Guide to Configuration as a Security Measure|https://www.lacework.com/cloud-configuration-security/]]|Controls|
|2019.06.13|//Armor//|[[Security in the Cloud: Azure|https://www.armor.com/blog/security-in-the-cloud-azure/]]|Azure|
|2019.06.13|//DeltaRisk//|![[SOC-as-a-Service Overview: Improving AWS and Azure Security (2/2)|https://deltarisk.com/blog/soc-as-a-service-overview-aws-azure-security/]]|SOC|
|2019.06.13|//Zscaler//|[[New Zscaler Study Reveals Legacy Networks Continue to Strain Office 365 Deployments|https://vmblog.com/archive/2019/06/13/new-zscaler-study-reveals-legacy-networks-continue-to-strain-office-365-deployments.aspx]] ([[rapport|https://info.zscaler.com/resources-ebooks-2019-office-365-migration-survey]])|Report O365|
|2019.06.13|//Trendmicro//|[[Outlaw Hacking Group's Botnet Observed Spreading Miner, Perl-Based Backdoor|https://blog.trendmicro.com/trendlabs-security-intelligence/outlaw-hacking-groups-botnet-observed-spreading-miner-perl-based-backdoor/]]|Attacks|
|2019.06.13|//Tresorit//|[[7 Tips for Building a Winning Cloud Migration Strategy|https://tresorit.com/blog/7-tips-for-a-winning-cloud-migration-strategy/]]|Migration|
|2019.06.13|IDG Connect|[[The Secret CSO: Nils Puhlmann, Twilio|https://www.idgconnect.com/interviews/1502058/secret-cso-nils-puhlmann-twilio]]|CSA|
|2019.06.13|SANS|[[How to Build a Data Security Strategy in AWS|https://www.sans.org/reading-room/whitepapers/analyst/build-data-security-strategy-aws-39010]]|Analysis Misc.|
|>|!|>||
|2019.06.12|disruptOps|![[AWS vs. Azure vs. GCP: A Security Pro's Quick Comparison|https://disruptops.com/aws-vs-azure-vs-gcp-a-security-pros-quick-cloud-comparison/]]|AWS Azure GCP|
|2019.06.12|DZone|[[5 Lessons from the Google Cloud Outage|https://dzone.com/articles/5-lessons-from-the-google-cloud-outage]]|Outage GCP|
|2019.06.12|DZone|[[Squash Threats and Master the Tenets of Kubernetes Deployment Security|https://dzone.com/articles/quash-threats-and-master-the-tenets-of-kubernetes-1]]|K8s|
|2019.06.12|Bleeping Computer|![[Microsoft 365 Business Adds Granular Controls to Company Assets|https://www.bleepingcomputer.com/news/security/microsoft-365-business-adds-granular-controls-to-company-assets/]]|O365|
|2019.06.12|CBR Online|[[Metropolitan Police to Use Azure for "Digital Investigation Processes"|https://www.cbronline.com/news/metropolitan-police-microsoft]]|Azure|
|2019.06.12|CyberScoop|[[Cybersecurity has done more to drive government cloud use than any other feature, intel official says|https://www.cyberscoop.com/sue-gordon-odni-cybersecurity-cloud-computing-amazon-web-services/]]|Government|
|2019.06.12|IT World|[[Cisco offers cloud-based security for SD-WAN resources|https://www.itworld.com/article/3402079/cisco-offers-cloud-based-security-for-sd-wan-resources.html]]|SDWAN Cisco|
|2019.06.12|Security Boulevard|[[Tips for Achieving Secure Cloud Access|https://securityboulevard.com/2019/06/tips-for-achieving-secure-cloud-access/]]|Access Controls|
|2019.06.12|//3DS Outscale//[>img[iCSF/flag_fr.png]]|[[3DS OUTSCALE renforce son contrôle des accès à privilèges grâce à One Identity|http://www.globalsecuritymag.fr/3DS-OUTSCALE-renforce-son-controle,20190612,88060.html]]|IAM|
|2019.06.12|//AppDynamics//|[[Single vs. Multi-Tenant Cloud Architecture: The Value of Multi-Tenancy|https://www.appdynamics.com/blog/engineering/multi-tenant-cloud-architecture/]]|MultiTenancy|
|2019.06.12|//Fortinet//|[["BlueKeep" Vulnerability (CVE-2019-0708) within Cloud/Datacenter Machines: How to Safeguard Yourself?|https://www.fortinet.com/blog/threat-research/bluekeep-vulnerability-cloud-datacenters.html]]|BlueKeep CVE-2019-0706|
|2019.06.12|//Microsoft//|[[Using Azure AD with your Oracle Cloud apps|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Using-Azure-AD-with-your-Oracle-Cloud-apps/ba-p/683915]]|AzureAD|
|2019.06.12|//Microsoft//|[[Ensuring security of your Microsoft Teams apps with Microsoft Cloud App Security|https://www.microsoft.com/security/blog/2019/06/12/ensuring-security-microsoft-teams-apps-microsoft-cloud-app-security/]]|Azure|
|2019.06.12|//Aqua Security//|![[How to track security problems in your Kubernetes deployments|https://techbeacon.com/security/how-track-security-problems-your-kubernetes-deployments]]|K8s|
|2019.06.12|Security Boulevard|[[Poor Cloud Security Practices Put Data at Risk; A Detailed Look at How Hackers Target Employees|https://securityboulevard.com/2019/06/poor-cloud-security-practices-put-data-at-risk-a-detailed-look-at-how-hackers-target-employees/]]|CSA|
|2019.06.12|Network World|[[Software Defined Perimeter (SDP): Creating a new network perimeter|https://www.networkworld.com/article/3402258/software-defined-perimeter-sdp-creating-a-new-network-perimeter.html]]|CSA|
|>|!|>||
|2019.06.11|disruptOps|[[So, You Want to Start Monitoring Your AWS Account?|https://disruptops.com/so-you-want-to-start-monitoring-your-aws-account/]]|AWS Monitoring|
|2019.06.11|SecurityWeek|[[The Symbiosis Between Public Cloud and MSSPs|https://www.securityweek.com/symbiosis-public-cloud-and-mssps]]|Public_Cloud|
|2019.06.11|DZone|[[Solving for Endpoint Compliance in a Cloud-First Landscape|https://dzone.com/articles/solving-for-endpoint-compliance-in-a-cloud-first-l]]|Compliance|
|2019.06.11|DZone|[[Dockerless, Part 2: How To Build Container Image for Rails Application Without Docker and Dockerfile (2/2)|https://dzone.com/articles/dockerless-part-2-how-to-build-container-image-for]]|Docker|
|2019.06.11|DZone|[[Deconstructing Serverless Computing Part 3: Ninety-Nine Platforms, But How Do You Choose One?|https://dzone.com/articles/deconstructing-serverless-computing-part-3-ninety?fromrel=true]]|Serverless|
|2019.06.11|//AWS//|![[New Version of AWS Security Fundamentals Digital Course Now Available|https://aws.amazon.com/about-aws/whats-new/2019/06/new-version-of-aws-security-fundamentals-digital-course-now-available/]] ([[inscription|https://www.aws.training/learningobject/wbc?id=34259]])|Training|
|2019.06.11|//DeltRisk//|[[What Defines a Modern SOC-as-a-Service Solution? (1/2)|https://deltarisk.com/blog/part-i-what-defines-a-modern-soc-as-a-service-solution/]]|SOC|
|2019.06.11|ITweb ZA|[[Demystifying cloud cyber security|https://www.itweb.co.za/content/mQwkoq6KbOYv3r9A]]|Risks|
|2019.06.11|//LogRhythm//|[[The Top Five Benefits of Cloud SIEM, According to Security Experts|https://logrhythm.com/blog/the-top-five-benefits-of-cloud-siem/]]|SIEM|
|2019.06.11|//Armor//|[[Security in the Cloud: AWS|https://www.armor.com/blog/security-in-the-cloud-aws/]]|AWS|
|2019.06.11|CSO Online|[[The dirty dozen: 12 top cloud security threats|https://www.csoonline.com/article/3043030/the-dirty-dozen-12-top-cloud-security-threats.html]]|Threats|
|2019.06.11|SecurityWeek|[[The Symbiosis Between Public Cloud and MSSPs|https://www.securityweek.com/symbiosis-public-cloud-and-mssps]]|MSSPs|
|2019.06.11|//Microsoft//|[[4 best practices to help you integrate security into DevOps|https://www.microsoft.com/security/blog/2019/06/11/4-best-practices-help-you-integrate-security-into-devops/]]|DevOps|
|2019.06.11|//Rhino Security Labs//|![[S3 Ransomware Part 2: Prevention and Defense (2/2)|https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/]]|AWS Ransomware|
|2019.06.11|//Rhino Security Labs//|![[S3 Ransomware Part 1: Attack Vector (1/2)|https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/]]|AWS Ransomware|
|2019.06.11|CSO Online|[[The dirty dozen: 12 top cloud security threats|https://www.csoonline.com/article/3043030/the-dirty-dozen-12-top-cloud-security-threats.html]]|CSA|
|2019.06.11|CRN|[[7 Must-Have Cloud Security Certifications In 2019|https://www.crn.com/slide-shows/cloud/7-must-have-cloud-security-certifications-in-2019/3]]|CSA|
|>|!|>||
|2019.06.10|SSTIC[>img[iCSF/flag_fr.png]]|[[Everybody be cool, this is a robbery!|https://www.sstic.org/2019/presentation/hsm/]]|HSM|
|2019.06.10|SSTIC[ → >img[iCSF/flag_fr.png]]|[[Everybody be cool, this is a robbery!|https://www.sstic.org/media/SSTIC2019/SSTIC-actes/hsm/SSTIC2019-Article-hsm-campana_bedrune.pdf]] ([[slides|https://www.sstic.org/media/SSTIC2019/SSTIC-actes/hsm/SSTIC2019-Slides-hsm-campana_bedrune.pdf]])|HSM|
|2019.06.10|ZDnet| → [[Major HSM vulnerabilities impact banks, cloud providers, governments|https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-providers-governments/]]|HSM|
|2019.06.08|ZDnet| → [[How Ledger Hacked an HSM|https://cryptosense.com/blog/how-ledger-hacked-an-hsm]]|HSM|
|2019.06.10|Le Monde Informatique[>img[iCSF/flag_fr.png]]|[[Quand la collaboration cloud mène à un cauchemar de sécurité|https://www.lemondeinformatique.fr/actualites/lire-quand-la-collaboration-cloud-mene-a-un-cauchemar-de-securite-75561.html]]|Risks|
|2019.06.10|DZone|[[From a Swarm of Devices to A Cloud: A Hands-On Experience With Automated Testing in A Visual Studio App Center|https://dzone.com/articles/from-a-swarm-of-devices-to-a-cloud-a-hands-on-expe]]|Misc|
|2019.06.10|TechRepublic|[[Stop ignoring hybrid cloud security risks|https://www.techrepublic.com/article/stop-ignoring-hybrid-cloud-security-risks/]]|Risks|
|2019.06.10|//Kaspersky//|[[How spammers use Google services|https://www.kaspersky.com/blog/spam-through-google-services/27228/]]|Attacks GCP|
|2019.06.10|//eXemplify//|[[The Evolution of Cloud Security: Knowing the Risks and Impact of Breaches|http://www.exemplifygroup.com/the-evolution-of-cloud-security-knowing-the-risks-and-impact-of-breaches/]]|CSA|
|2019.06.10|//Vectra//|[[How to gain visibility into attacker behaviors inside cloud environments|https://blog.vectra.ai/blog/how-to-gain-visibility-into-attacker-behaviors-inside-cloud-environments]]|Attacks|
|2019.06.10|//Fugue//|[[Addressing Cloud Security with Infrastructure Baselines|https://www.fugue.co/blog/addressing-cloud-security-with-infrastructure-baselines]]|Baselines|
[>img(100px,auto)[iCSA/CSAdoc.png]]Un appel à commentaires dont la date de clôture est le ''19 juillet 2019'' : "''Gap Analysis Report on Mapping CSA's Cloud Controls Matrix to 'Guideline on Effectively Managing Security Service in the Cloud'''".
<<<
//This document is an addendum to the Cloud Controls Matrix (CCM) V3.0.1 controls. It contains the additional controls that serves to bridge the gap between CCM and the controls within 'Guideline on Effectively Managing Security Services in the Cloud' published by Cloud Security Services Working Group.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j6eM/|https://cloudsecurityalliance.fr/go/j6eM/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(100px,auto)[iCSA/CSAdoc.png]]Un appel à commentaires dont la date de clôture est le ''19 juillet 2019'' : "''Gap Analysis Report on Mapping CSA's Cloud Controls Matrix to 'Guideline on Effectively Managing Security Service in the Cloud'''".
<<<
//The report summarizes the mapping of CCM v3.0.1 to 'Guideline on Effectively Managing Security Services in the Cloud' and provides gap analysis on the results.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j6eG/|https://cloudsecurityalliance.fr/go/j6eG/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(100px,auto)[iCSA/CSAdoc.png]]Un appel à commentaires dont la date de clôture est le ''7 juillet 2019'' : "Top Threats to Cloud Computing 2019".
<<<
//The report provides organizations with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk-management decisions regarding cloud adoption strategies.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j6bT/|https://cloudsecurityalliance.fr/go/j6bT/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(100px,auto)[iCSA/CSAdoc.png]]Un appel à commentaires dont la date de clôture est le ''4 juillet 2019'' : "CSA CCM v3.0.1 Addendum - AICPA TSC 2017".
<<<
//This document aims to determine the extent to which an AICPA TSC 2017 compliant organization can meet CCM requirements. The document contains controls mappings and gap analysis.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j6bA/|https://cloudsecurityalliance.fr/go/j6bA/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(100px,auto)[iCSA/CSAdoc.png]]Un appel à commentaires dont la date de clôture est le ''29 juin 2019'' : "CSA CCM v3.0.1 Addendum - NIST 800-53 Rev 4 Moderate".
<<<
//This document aims to determine the extent to which a NIST 800-53 Rev 4 Moderate compliant organization can meet CCM requirements. The document includes controls mappings and gap analysis.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j6b3/|https://cloudsecurityalliance.fr/go/j6b3/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
Article de blog publié le 10 juin — Rédigé par Victor Chin, Research Analyst, Cloud Security Alliance
<<<
[>img(200px,auto)[iCSA_/top20ERP.png]]//Cloud technologies are being increasingly adopted by organizations, regardless of their size, location or industry. And it's no different when it comes to business-critical applications, typically known as enterprise resource planning (ERP) applications. Most organizations are migrating business-critical applications to a hybrid architecture of ERP applications. To assist in this process, CSA has released the Top 20 Critical Controls for Cloud Enterprise Resource Planning (ERP) Customers, a report that assesses and prioritizes the most critical controls organizations need to consider when transitioning their business-critical applications to cloud environments.
This document provides 20 controls, grouped into domains for ease of consumption, that align with the existing CSA Cloud Control Matrix (CCM) v3 structure of controls and domains.
The document focuses on the following domains://
* //Cloud ERP Users: Thousands of different users with very different access requirements and authorizations extensively use cloud//
* //enterprise resource planning applications. This domain provides controls aimed to protect users and access to cloud enterprise resource planning.//
* //Cloud ERP Application: An attribute associated with cloud ERP applications is the complexity of the technology and functionality provided to users. This domain provides controls that are aimed to protect the application itself.//
* //Integrations: Cloud ERP applications are not isolated systems but instead tend to be extensively integrated and connected to other applications and data sources. This domain focuses on securing the integrations of cloud enterprise resource planning applications.//
* //Cloud ERP Data: Cloud enterprise resource planning applications store highly sensitive and regulated data. This domain focuses on critical controls to protect access to this data.//
* //Business Processes: Cloud enterprise resource planning applications support some of the most complex and critical business processes for organizations. This domain provides controls that mitigate risks to these processes.//
//While there are various ERP cloud service models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) -- each with different security/service-level agreements and lines of responsibility -- organizations are required to protect their own data, users and intellectual property (IP). As such, organizations that are either considering an ERP cloud migration or already have workloads in the cloud can use these control guidelines to build or bolster a strong foundational ERP security program.
By themselves, ERP applications utilize complex systems and, consequently, are challenging to secure. In the cloud, their complexity increases due to factors such as shared security models, varying cloud service models, and the intersection between IT and business controls. Nevertheless, due to cloud computing benefits, enterprise resource planning applications are increasingly migrating to the cloud.
Organizations should leverage this document as a guide to drive priorities around the most important controls that should be implemented while adopting Cloud ERP Applications. The CSA ERP Security Working Group will continue to keep this document updated and relevant. In the meantime, the group hopes readers find this document useful when migrating or securing enterprise resource planning applications in the cloud.//
<<<
*+++*[Détails complémentaires »]> <<tiddler [[2019.06.10 - Publication : Top 20 Critical Controls for Cloud Enterprise Resource Planning (ERP) Customers]]>>===
* ⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/06/10/cloud-erp-top-20-critical-controls/]] sur le blog de la CSA
!"//Top 20 Critical Controls for Cloud ERP Customers//"
<<<
[>img(150px,auto)[iCSA_/top20ERP.png]]//This document aims to be a guide for assessing and prioritizing the most critical controls that organizations should take into account when trying to secure their business-critical applications in the cloud. The document also contains an overview of cloud ERP security, control details and associated threats and risks.//
//''Executive Summary''//
//Cloud technologies are being increasingly adopted by organizations, regardless of their size, location or industry. When it comes to business-critical applications, typically known as enterprise resource planning (ERP) applications, it is no different.
Most organizations are migrating business-critical applications to a hybrid architecture of ERP applications.
To assist in this process, the Top 20 Critical Controls for Cloud ERP Customers document assesses and prioritizes the most critical controls organizations need to consider when transitioning their business-critical applications to cloud environments.//
[...]
//''IT Application Controls''//
//Categories of information technology (IT) application controls may include://
* //Completeness checks -- controls that ensure all records were processed from initiation to completion//
* //Validity checks -- controls that ensure only valid data is input or processed//
* //Identification -- controls that ensure all users are uniquely and irrefutably identified//
* //Authentication -- controls that ensure only approved business users have access to the application system//
* //Authorization -- controls that ensure user rights to functions and data is authorized//
* //Input controls -- controls that ensure data integrity fed from upstream sources into the application system//
* //Forensic controls -- controls that ensure data and systems can produce forensic evidence in the event of an incident//
[...]
//''Control Domains''//
//This document provides 20 controls, grouped into domains for ease of consumption, that align with the existing CSA Cloud Control Matrix (CCM) 3 structure of controls and domains. The document focuses on the following domains://
* //Cloud ERP Users: Thousands of different users with very different access requirements and authorizations extensively use cloud ERP applications. This domain provides controls aimed to protect users and access to the cloud ERP.//
* //Cloud ERP Application: An attribute associated with cloud ERP applications is the complexity of the technology and functionality provided to users. This domain provides controls that are aimed to protect the application itself.//
* //Integrations: Cloud ERP applications are not isolated systems but instead tend to be extensively integrated and connected to other applications and data sources. This domain focuses on securing the integrations of cloud ERP applications.//
* //Cloud ERP Data: Cloud ERP applications store highly sensitive and regulated data. This domain focuses on critical controls to protect access to this data.//
* //Business Processes: Cloud ERP applications support some of the most complex and critical business processes for organizations. This domain provides controls that mitigate risks to these processes.//
[...]
//''Controls and Responsibility Model''//
//The building blocks of this document are the individual 20 controls, identified and documented as the most critical issues faced by cloud ERP customers. Each control provides the following sections://
* //Domain: The domain assigned to the control//
* //Control identification (ID): Unique name for the control//
* //Control Description: A description of the control and how it should be addressed//
* //Control Objectives: A description of what the control seeks to achieve//
* //Threats and Risks: Threats mitigated by the control, including those defined in the [[Treacherous 12: Top Threats to Cloud Computing|2016.02.29 - Publication : The Treacherous Twelve]] 2016 report (published by the CSA Top Threats Working Group)//
* //Related CCM Controls: If applicable, the IDs of the controls, as defined in the CSA CCM//
[...]
//''Conclusion''//
//By themselves, ERP applications utilize complex systems and, consequently, are challenging to secure.
In the cloud, their complexity increases due to factors such as shared security models, varying cloud service models and the intersection between IT and business controls. Nevertheless, due to cloud computing benefits, ERP applications are increasingly migrating to the cloud.
Organizations should leverage this document as a guide to drive priorities around the most important controls that should be implemented while adopting Cloud ERP Applications.
The CSA ERP Security Working Group will continue to keep this document updated and relevant. In the meantime, the group hopes readers find this document useful when migrating or securing ERP applications in the cloud.//
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j6ax/|https://cloudsecurityalliance.fr/go/j6ax/]]''
!!1 - Informations CSA de la semaine du 3 au 9 juin 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Publication : ''PLA Code of Practice Template Annex 1'' (mise à jour de mai 2019)'+++*[»]> <<tiddler [[2019.06.03 - Publication : PLA Code of Practice Template Annex 1 (Mai 2019)]]>>===
* Publication : ''Code of Conduct (CoC) for GDPR Compliance'' (mise à jour de mai 2019)'+++*[»]> <<tiddler [[2019.06.03 - Publication : Cloud Security Alliance Code of Conduct for GDPR Compliance (Mai 2019)]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.06.09 - Veille Hebdomadaire - 9 juin]] avec une cinquantaine de liens dont :
* Des explications de la panne //Google// Cloud du 2 juin
* Protection contre BlueKeep dans //Azure//, et utilisation d'//Azure// pour héberger du malware et des C2
* Quelques bonnes pratiques du NCSC UK, pour //Azure AD//, pour //AWS//
* Rapport d'état des lieux Cloud et sécurité de //Delta Risk//
* Suite de la vulnérabilité //rkt//
!!3 - Agenda
* ''24 juin'' : ''CSA EMEA Summit'' à Tel Aviv (agenda publié)+++*[»]> <<tiddler [[2019.06.24 - CSA EMEA Summit 2019 - Tel Aviv]]>>===
* ''28 juin'' : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
!!Veille Hebdomadaire - 9 juin 2019
|!Juin|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.06.09|
|2019.06.08|Security BSides London|[[AWS Vs Azure Security|https://www.youtube.com/watch?v=MXlFulaFwSA]] par Paul Schwarzenberger (vidéo)|Conférence AWS Azure|
|>|>|>|!2019.06.08|
|2019.06.08|Interesting Engineering|[[Researchers Find You Can Train AI to Create Fake UN Speeches in Under 13 Hours|https://interestingengineering.com/researchers-find-you-can-train-ai-to-create-fake-un-speeches-in-under-13-hours]]|Misc|
|2019.06.08|CyberDefense Mag|[[Proxy vs. API CASB: An Overlooked Choice in Cloud Security|https://www.cyberdefensemagazine.com/proxy-vs-api-casb-an-overlooked-choice-in-cloud-security/]]|[CASB|
|>|>|>|!2019.06.07|
|2019.06.07|BetaNews|[[The ABCs of Microsoft Office 365's Data Loss Prevention (DLP)|https://betanews.com/2019/06/07/the-abcs-of-microsoft-office-365s-data-loss-prevention-dlp/]]|O365 DLP|
|2019.06.07|GBHacker On Security|[[Secure Cloud Migration Guide - Technical and Business Considerations|https://gbhackers.com/cloud-migration-guide/]]|Migration|
|2019.06.07|DZone|[[Zero-Trust Security: How to Secure Your Data for Cloud Computing|https://dzone.com/articles/zero-trust-security-how-to-secure-your-data-for-cl]]|Misc|
|2019.06.07|//Vera Security//|[[Controlling Data in a Post-cloud World|http://vmblog.com/archive/2019/06/07/controlling-data-in-a-post-cloud-world.aspx]]|Controls|
|2019.06.07|//Microsoft//|[[Microsoft Wants More Security Researchers to Hack Into Its Cloud|https://www.bloomberg.com/news/articles/2019-06-07/microsoft-wants-more-security-researchers-to-hack-into-its-cloud]]|Azure BugBounty|
|>|>|>|!2019.06.06|
|2019.06.06|NIST|![[A Methodology for Enabling Forensic Analysis Using Hypervisor Vulnerabilities Data|https://csrc.nist.gov/publications/detail/nistir/8221/final]] ([[pdf doceument|https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.8221.pdf]])|Hypervisor Forensics NIT|
|2019.06.06|NCSC UK|[[Applying the Cloud Security Principles in practice: a case study|https://www.ncsc.gov.uk/blog-post/applying-the-cloud-security-principles]]|Best_Practices|
|2019.06.06|Security Mag|[[The Top Five Security Cloud App Events for Organizations to Monitor|https://www.securitymagazine.com/articles/90335-the-top-five-security-cloud-app-events-for-organizations-to-monitor]]|Monitoring|
|2019.06.06|Bleeping Computer|[[Microsoft Warns Against Bypassing Office 365 Spam Filters|https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-against-bypassing-office-365-spam-filters/]]|O365 Spam|
|2019.06.06|eSecurity Planet|[[Data Storage Security: Best Practices for Security Teams|https://www.esecurityplanet.com/cloud/data-storage-security.html]]|Storage|
|2019.06.06|DZone|[[Link Collection: Docker|https://dzone.com/articles/link-collection-docker]]|Docker|
|2019.06.06|Wired|![[The Catch-22 That Broke the Internet|https://www.wired.com/story/google-cloud-outage-catch-22/]]|Outage GCP|
|2019.06.06|//Fox IT//|[[Syncing yourself to Global Administrator in Azure Active Directory|https://blog.fox-it.com/2019/06/06/syncing-yourself-to-global-administrator-in-azure-active-directory/]]|Azure Active_Directory|
|2019.06.06|//ThreatStask//|[[Tips on Recruiting Top Talent in the Current DevOps and Cloud Security Markets|https://www.threatstack.com/blog/tips-on-recruiting-top-talent-in-the-current-devops-and-cloud-security-markets]]|Hiring|
|2019.06.06|Redmond Channel partner|[[Microsoft Lets Orgs Save Their Office 365 Settings in Its Cloud|https://rcpmag.com/articles/2019/06/06/microsoft-office-365-settings-cloud.aspx]]|O365|
|2019.06.06|//PaloAlto Networks//|![[Misconfigured and Exposed: Container Services|https://unit42.paloaltonetworks.com/misconfigured-and-exposed-container-services/]]|Containers Misconfiguration|
|2019.06.07|//Cyware//| → [[Over 40,000 Containers with default configurations found online|https://cyware.com/news/over-40000-containers-with-default-configurations-found-online-bf0e98d3]]|Containers Misconfiguration|
|2019.06.06|//Lastline//|[[Live from InfoSecurity Europe 2019: Understanding the Cloud Security Conversation|https://www.lastline.com/blog/live-from-infosecurity-2019-understanding-the-cloud-security-conversation/]]|Conference|
|2019.06.06|Health Data Management|[[HIT Think Security challenges in native cloud, hybrid and multi-cloud environments|https://www.healthdatamanagement.com/opinion/data-security-challenges-in-native-cloud-hybrid-and-multi-cloud-environments]]|CSA|
|2019.06.06|CISO MAG|[[With cloud expanding, users need umbrella the most|https://www.cisomag.com/with-cloud-expanding-users-need-umbrella-the-most/]]|CSA|
|2019.06.06 |MeriTalk|[[Study Finds Cloud Still Faces Security Concerns Amid Migrations|https://www.meritalk.com/articles/study-finds-cloud-still-faces-security-concerns-amid-migrations/]]|CSA|
|>|>|>|!2019.06.05|
|2019.06.05|Silicon Angle|[[Setting rivalry aside, Microsoft and Oracle link their public clouds to go after AWS|https://siliconangle.com/2019/06/05/setting-rivalry-aside-microsoft-oracle-link-public-clouds-go-aws/]]|Microsoft Oracle AWS|
|2019.06.05|DZone|[[We Turned Off AWS Config|https://dzone.com/articles/we-turned-off-aws-config]]|AWS Configuration|
|2019.06.05|InfoSec Write-Ups|[[From SSRF To AWS Credentials Disclosure|https://medium.com/bugbountywriteup/from-ssrf-to-aws-credentials-disclosure-64c51e1bf5dc]]|AWS Attacks|
|2019.06.05|Infosec Island|[[Utilising the Benefits of Industrial Robots Securely|http://www.infosecisland.com/blogview/25198-Utilising-the-Benefits-of-Industrial-Robots-Securely.html]]|Cloud Misc.|
|2019.06.05|//Cruise//|[[Building a Container Platform at Cruise (1/2)|https://medium.com/cruise/building-a-container-platform-at-cruise-part-1-507f3d561e6f]]|Containers|
|2019.06.05|//CloudPassage//|![[AWS Cloud Security Report|https://blog.cloudpassage.com/2019/06/05/aws-cloud-security-report-2019/|https://www.cybersecurity-insiders.com/4-key-takeaways-from-the-aws-cloud-security-report-2019-2/]] ([[rpport|2019|https://pages.cloudpassage.com/AWS-Cloud-Security-Report.html]])|Report AWS|
|2019.06.05|//Rapid7//|[[Scan Engine Options for InsightVM in AWS: Pre-Authorized AMI vs. Manual Install|https://blog.rapid7.com/2019/06/05/to-pre-auth-or-not-to-pre-auth-that-is-the-question/]]|AWS AMI|
|2019.06.05|//Pivot Security//|[[5 Top Information Security Accreditations for SaaS Providers|https://www.pivotpointsecurity.com/blog/security-accreditations-for-saas-providers/]]|Accreditation|
|2019.06.05|//Lacework//|[[Host Intrusion Detection for Compliance in AWS and Multicloud Environments|https://www.lacework.com/host-intrusion-detection-compliance-aws-multicloud/]]|Detection|
|2019.06.05|//Fugue//|[[Embrace chaos to improve cloud infrastructure resilience|https://www.helpnetsecurity.com/2019/06/05/improve-cloud-infrastructure-resilience/]]|Netflix Chaos|
|2019.06.05|//Forcepoint//|[[Ponemon Survey Results: US Federal Cloud Adoption|https://www.forcepoint.com/blog/insights/ponemon-survey-results-us-federal-cloud-adoption]] ([[rapport|https://www.forcepoint.com/resources/whitepapers/cloud-adoption-across-federal-government-agencies]])|Report|
|2019.06.05|//Druva//|[[Osterman Research: Don't Take Office 365 Data Protection for Granted|https://www.druva.com/blog/osterman-research-dont-take-office-365-data-protection-for-granted/]] ([[rapport|https://go.druva.com/WC-OstermanResearchReportO365_LPRegistration.html]])|Report O365|
|>|>|>|!2019.06.04|
|2019.06.04|devops.com|[[What is Cloud-Native Workload Protection?|https://devops.com/what-is-cloud-native-workload-protection/]]|Protection|
|2019.06.04|DZone|[[How to Hack Your Cloud Costs|https://dzone.com/articles/cloud-cost-hacking]]|Costs|
|2019.06.04|DZone|[[Dockerless, Part 1: Which Tools to Replace Docker With And How (1/2)|https://dzone.com/articles/dockerless-part-1-which-tools-to-replace-docker-wi]]|Docker|
|2019.06.04|Maarten Goet|![[Protect yourself against CVE-2019–0708 aka #BlueKeep using Azure Sentinel and Microsoft Defender ATP|https://medium.com/@maarten.goet/protect-yourself-against-bluekeep-using-azure-sentinel-and-defender-atp-d308f566d5cf]]|Azure BlueKeep|
|2019.06.04|//Delta Risk//|![[2019 Cloud Security Report|https://go.deltarisk.com/2019-cloud-security-report]] (inscription requise)|Report|
|2019.06.04|//Delta Risk//| → [[2019 Cloud Security Report Reveals Top Challenges|https://deltarisk.com/blog/new-research-2019-cloud-security-report-reveals-top-challenges-and-concerns/]]|Report|
|2019.06.04|//Microsoft//|![[Step 10. Detect and investigate security incidents: top 10 actions to secure your environment|https://www.microsoft.com/security/blog/2019/06/04/step-10-detect-investigate-security-incidents-top-10-actions-secure-your-environment/]]|Azure IncidentHandling|
|2019.06.04|//Google Cloud//|[[Cloud Asset Inventory: Easier inventory management, security analysis and config monitoring|https://cloud.google.com/blog/products/identity-security/with-cloud-asset-inventory-get-easier-inventory-management-security-analysis-and-config-monitoring]]|GCP Inventory|
|2019.06.04|//Netskope//|[[Cloud Security Use Case #2: Granular Control of Unmanaged Cloud Apps|https://www.netskope.com/blog/cloud-security-granular-control-unmanaged-apps]]|CASB|
|2019.06.04|//Alibaba Cloud//|[[Alibaba Cloud ECS Instance Security Checklist for Ubuntu 16.04|https://medium.com/@Alibaba_Cloud/alibaba-cloud-ecs-instance-security-checklist-for-ubuntu-16-04-afccc9b54199]]|Hardening|
|2019.06.04|//PaloAlto Networks//|[[Your AWS S3 Bucket Safety Checklist|https://blog.paloaltonetworks.com/cloud-your-aws-s3-bucket-safety-checklist/]]|AWS S3 Controls Best_Practices|
|2019.06.04|//Capsule8//|[[Escaping like a Rocket via rkt enter|https://capsule8.com/blog/escaping-like-a-rocket-via-rkt-enter/]]|rkt Container Flaw|
|2019.06.04|//Sysdig//|[[Kubernetes admission controllers for secure deployments|https://sysdig.com/blog/kubernetes-admission-controllers/]]|K8s|
|2019.06.04|Enterprise Security|[[Tips to Improve Cloud Provider's Security|https://www.enterprisesecuritymag.com/news/tips-to-improve-cloud-provider-s-security-nid-1224-cid-17.html]]|CSA|
|>|>|>|!2019.06.03|
|2019.06.03|Container Journal|[[Microservices, Containers and Kubernetes: Which Applications Benefit?|https://containerjournal.com/2019/06/03/microservices-containers-and-kubernetes-which-applications-benefit/]]|Containers Kubernetes|
|2019.06.03|GBHackers|[[Hackers Abusing Microsoft Azure to Deploy Malware and C2 Servers Using Evasion Technique|https://gbhackers.com/microsoft-azure-to-deploy-malware/]]|Azure Evasion|
|2019.06.03|SC Mag| → [[Threat actors host malware, C2 servers on Microsoft Azure|https://www.scmagazine.com/home/security-news/malware/cyber-criminals-are-storing-malicious-content-including-malware-and-c2-servers-on-microsofts-azure-cloud-services/]]|Azure Evasion|
|2019.06.03|CIO Review|[[Disaster Recovery: The Enterprise Cloud Is Coming of Age|https://cisco.cioreview.com/cxoinsight/disaster-recovery-the-enterprise-cloud-is-coming-of-age-nid-7600-cid-61.html]]|DRaaS|
|2019.06.03|DZone|[[Cloud Computing Security: Secure Your Data, Not Just Your Perimeter|https://dzone.com/articles/cloud-computing-security-secure-your-data-not-just]]|DataProtection|
|2019.06.03|DZone|[[50% of Developers Don't Scan Their Docker Images for Vulnerabilities at All|https://dzone.com/articles/50-of-developers-dont-scan-their-docker-images-for]]|Docker Prevention|
|2019.06.03|CISO Mag|[[Cybersecurity insurers in the cloud space creating a new paradox|https://www.cisomag.com/cybersecurity-insurers-in-the-cloud-space-creating-a-new-paradox/]]|Insurance|
|2019.06.03|Platform9|[[The Gorilla Guide to Kubernetes in the Enterprise, Chapter 3: Deploying Kubernetes|https://platform9.com/blog/kubernetes-enterprise-chapter-3-deploying-kubernetes/]]|K8s|
|2019.06.03|//Google Cloud//|![[An update on Sunday's service disruption|https://cloud.google.com/blog/topics/inside-google-cloud/an-update-on-sundays-service-disruption]]|Outage GCP|
|2019.06.03|ThousandEyes| → [[Google Cloud Platform Outage Analysis|https://blog.thousandeyes.com/google-cloud-platform-outage-analysis/]]|Outage GCP|
|2019.06.03|ITpro|[[What is cloud-to-cloud backup?|https://www.itpro.co.uk/cloud-backup/33760/what-is-cloud-to-cloud-backup]]|Backup|
|2019.06.03|Infosec Institute|[[CCSP vs. Cloud+|https://resources.infosecinstitute.com/ccsp-vs-cloud-plus/]]|Certification|
|2019.06.03|DZone|[[Azure Kubernetes Service (AKS) Security Features|https://dzone.com/articles/aks-scratch-to-production-ready]]|Azure Kubernetes|
|2019.06.03|//Fortinet//|[[Four Essential Cloud Security Concepts|https://www.fortinet.com/blog/industry-trends/essential-cloud-security-concepts.html]]|Best_Practices|
|2019.06.03|//Fortinet//|[[Delivering on the Promise of the Cloud Requires Consistent Security|https://www.csoonline.com/article/3399980/delivering-on-the-promise-of-the-cloud-requires-consistent-security.html]]|Best_Practices|
|2019.06.03|//Gemalto//|[[One Year Later: Finding Harmony between GDPR and the Cloud|https://blog.gemalto.com/security/2019/06/04/one-year-later-finding-harmony-between-gdpr-and-the-cloud/]]|GDPR|
|2019.06.03|//Anchore//|[[A Policy Based Approach to Container Security and Compliance|https://anchore.com/policy-based-compliance-approach-to-container-security/]]|Containers|
|2019.06.03|//Aqua Security//|[[Kubernetes RBAC: Asking for Forgiveness or Getting Permission|https://blog.aquasec.com/kubernetes-rbac]]|K8s RBAC|
|2019.06.03|//StorageCraft//|[[Why You're Not Ready for Cloud Computing Challenges - and What to Do About It?|https://blog.storagecraft.com/cloud-computing-challenges/]]|Challenges|
|>|!|>||
||//IS Decisions//[>img[iCSF/flag_fr.png]]|[[Cloud et Sécurité: une alliance nébuleuse|https://www.isdecisions.fr/probleme-securite-stockage-cloud/]]|Report Storage|
!"//Cloud Security Alliance Code of Conduct for GDPR Compliance (Updated - May 2019)//"
[>img(200px,auto)[iCSA/J5GDPRCoC.png]]Mise à jour de Mai 2019
<<<
//The CSA Code of Conduct is designed to offer both a compliance tool for GDPR compliance and transparency guidelines regarding the level of data protection offered by the Cloud Service Provider.//
<<<
__Table des Matières__
| I|INTRODUCTION|
| II|BACKGROUND INFORMATION|
| III|STRUCTURE OF THE CSA CoC FOR GDPR COMPLIANCE|
|>|!PART 1 CSA CoC OBJECTIVES, SCOPE, METHODOLOGY, ASSUMPTIONS & EXPLANATORY NOTES|
| 1|OBJECTIVES OF THE CSA COC|
| 2|SCOPE AND METHODOLOGY|
| 3|ASSUMPTIONS|
| 3.1|Cloud Customer Internal Due Diligence|
| 3.2|Cloud Customer External Due Diligence|
| 4|EXPLANATORY NOTES|
|>|!PART 2 PRIVACY LEVEL AGREEMENT CODE OF PRACTICE|
| 1|CSP DECLARATION OF COMPLIANCE AND ACCOUNTABILITY|
| 2|CSP RELEVANT CONTACTS AND ITS ROLE|
| 3|WAYS IN WHICH DATA WILL BE PROCESSED|
| 3.1|General information|
| 3.2|Personal data location|
| 3.3|Subcontractors|
| 3.4|Installation of software on cloud customer's system|
| 3.5|Data processing contract (or other binding legal act)|
| 4|RECORDKEEPING|
| 4.1|Recordkeeping for CSP-controller|
| 4.2|Recordkeeping for CSP-processor|
| 5|DATA TRANSFER|
| 6|DATA SECURITY MEASURES|
| 7|MONITORING|
| 8|PERSONAL DATA BREACH|
| 9|DATA PORTABILITY, MIGRATION, AND TRANSFER BACK|
| 10|RESTRICTION OF PROCESSING|
| 11|DATA RETENTION, RESTITUTION, AND DELETION|
| 11.1|Data retention, restitution, and deletion policies|
| 11.2|Data retention|
| 11.3|Data retention for compliance with sector-specific legal requirements|
| 11.4|Data restitution and/or deletion|
| 12|COOPERATION WITH THE CLOUD CUSTOMERS|
| 13|LEGALLY REQUIRED DISCLOSURE|
| 14|REMEDIES FOR CLOUD CUSTOMERS|
| 15|CSP INSURANCE POLICY|
|>|!PART 3 CSA CODE OF CONDUCT GOVERNANCE AND ADHERENCE MECHANISMS|
| 1|TECHNICAL COMPONENTS|
| 1.1|PLA Code of Practice|
| 1.2|Adherence mechanisms to the Code|
| 1.2.1|CoC Self-Attestation|
| 1.2.2|CoC Third-Party Assessment|
| 1.3|Code of Ethics|
| 1.4|PLA and OCF Working Group Charters|
| 2|GOVERNANCE BODIES, ROLES AND RESPONSIBILITIES|
| 2.1|PLA Working Group|
| 2.2|OCF Working Group|
| 2.3|Cloud Security Alliance (CSA)|
| 2.4|Collaboration and supporting actions toward data protection Supervisory Authorities|
| 2.5|CoC Monitoring Body|
| 2.5.1|Independence|
| 2.5.2|Absence of a conflict of interests|
| 2.5.3|Expertise|
| 2.5.4|Resources and staffing|
| 2.5.5|Established procedures and structures|
| 2.5.6|Transparent complaints handling|
| 2.5.7|Communication with the competent Supervisory Authority|
| 2.5.8|Review mechanisms|
| 2.5.9|Legal status|
| 2.5.10|Continuous improvement|
| 2.5.11|Monitoring|
| 3|GOVERNANCE PROCESS AND RELATED ACTIVITIES|
| 3.1|PLA Code of Practice review process|
| 3.2|CoC adherence scheme review process|
| 3.3|CoC seals issuing and Statement of Adherence publication|
| 3.3.1|CoC self-attestation|
| 3.3.2|CoC third-party assessment|
| 3.4|Complaint Management Process|
| 3.5|Ongoing monitoring processes|
| 3.5.1|Qualified CoC Auditing Partner Monitoring Process|
| 3.6|Code of Ethics review process|
| 3.7|PLA and OCF WG charters documents review process|
|>|!ANNEXES|
||ANNEX 1: PLA [3] TEMPLATE|
||ANNEX 2: STATEMENT OF ADHERENCE TEMPLATE|
||ANNEX 3: THE CSA STAR PROGRAM AND OPEN CERTIFICATION FRAMEWORK (OCF)|
||ANNEX 4: CODE OF ETHICS|
||ANNEX 5: PRIVACY LEVEL AGREEMENT WORKING GROUP CHARTER|
||ANNEX 6: OPEN CERTIFICATION FRAMEWORK WORKING GROUP CHARTER|
||ANNEX 7: COMPLAINT MANAGEMENT PROCESS|
||ANNEX 8: MONITORING/AUDIT PROCESS|
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j63d/|https://cloudsecurityalliance.fr/go/j63d/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//PLA Code of Practice Template Annex 1 (Updated - May 2019)//"
[>img(100px,auto)[iCSA/CSAdoc.png]]Mise à jour de Mai 2019
<<<
//CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU's GDPR. The CSA PLA Code of Conduct for GDPR Compliance is designed to be an appendix to a Cloud Services Agreement to describe the level of privacy protection that a Cloud Service Provider will provide.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j63p/|https://cloudsecurityalliance.fr/go/j63p/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
!!1 - Informations CSA de la semaine du 27 mai au 2 juin 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Appel à commentaires sur le document "''Six Pillars of DevSecOps''"+++*[»]> <<tiddler [[2019.05.22 - Appel à commentaires : document 'Les Six Piliers de DevSecOps']]>>=== (''avant le __6 juin__'')
* Blog : "''Votre feuille de route pour obtenir la certification CCSK''"+++*[»]> <<tiddler [[2019.05.28 - Blog : Votre feuille de route pour obtenir la certification CCSK]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.06.02 - Veille Hebdomadaire - 2 juin]] avec une cinquantaine de liens dont :
* Arrêt du site d'information CloudMagazine.fr
* Encore et toujours des données mal protégées et exposées dans le Cloud
* Docker : Vulnérabilité CVE-2018-15664, et exploitation de la CVE-2019-5736 connue depuis 3 mois
* Un avertissement de l'OCIE (Office of Compliance Inspections and Examinations) de la SEC (Securities and Exchange Commission) sur le stockage de données dans le Cloud
* Durcissement dans le Cloud
!!3 - Agenda
* 24 juin : ''CSA EMEA Summit'' à Tel Aviv+++*[»]> <<tiddler [[2019.06.24 - CSA EMEA Summit 2019 - Tel Aviv]]>>===
* 28 juin : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
!!Veille Hebdomadaire - 2 juin 2019
|!Juin|!Sources|!Titres et Liens|!Keywords|
|2019.06.02|Bleeping Computer|[[Google Outage in Eastern U.S. Affecting Gmail, YouTube, and More|https://www.bleepingcomputer.com/news/google/google-outage-in-eastern-us-affecting-gmail-youtube-and-more/]]|Outage GCP|
|2019.06.02|Bleeping Computer| → [[Networking issues take down Google Cloud in parts of the U.S. and Europe, YouTube and Snapchat also affected|https://www.geekwire.com/2019/networking-issues-take-google-cloud-parts-u-s-europe-youtube-snapchat-also-affected/]]|Outage GCP|
|2019.06.02|8BitMen|![[A Super Helpful Guide to Understanding Workload & It's Types in Cloud|https://www.8bitmen.com/a-super-helpful-guide-to-understanding-workload-its-types-in-cloud/]]|Workloads|
|>|!|>||
|2019.06.01|Bleeping Computer|[[Microsoft Azure Being Used to Host Malware and C2 Servers|https://www.bleepingcomputer.com/news/security/microsoft-azure-being-used-to-host-malware-and-c2-servers/]]|Azure Attacks|
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2019.05.31|cloudmagazine.fr|![[Après plus de 10 ans, cloudmagazine.fr ferme|https://www.cloudmagazine.fr/]]|Misc|
|2019.05.31|Phys.org|[[Vulnerability of cloud service hardware uncovered|https://phys.org/news/2019-05-vulnerability-cloud-hardware-uncovered.html]]|Hardware Flaw|
|2019.06.03|Help Net Security| → [[Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT|https://www.helpnetsecurity.com/2019/06/03/vulnerability-in-fpgas/]]|Hardware Flaw|
|2019.05.31|Law.com|[[A Line in the Clouds: Whose Cybersecurity Goes Where?|https://www.law.com/newyorklawjournal/2019/05/31/a-line-in-the-clouds-whose-cybersecurity-goes-where/]]|Legal|
|2019.05.31|//Zscaler//|[[Phishing Email States Your Office 365 Account Will Be Deleted|https://www.bleepingcomputer.com/news/security/phishing-email-states-your-office-365-account-will-be-deleted/]]|O365 Phishing|
|2019.05.31|//Google Cloud//|[[Scan BigQuery for sensitive data using Cloud DLP|https://cloud.google.com/blog/products/data-analytics/scan-bigquery-for-sensitive-data-using-cloud-dlp]]|GCP DLP|
|2019.05.31|//Whistic//|[[Phase 1 of The 5 phases of Responding to a Security Questionnaire & How to Get Proactive (1/5)|https://blog.whistic.com/phase-1-of-the-5-phases-of-responding-to-a-security-questionnaire-how-to-get-proactive-43b326eed980]]|Misc|
|2019.05.31|Trojaner|[[Studie der Cloud Security Alliance identifiziert neue und einzigartige Sicherheitsprobleme in nativen, hybriden und Multi-Cloud-Umgebungen|https://www.trojaner-info.de/business-security/aktuell/studie-der-cloud-security-alliance-identifiziert-neue-und-einzigartige-sicherheitsprobleme-in-nativen-hybriden-und-multi-cloud-u.html]]|CSA|
|>|!|>||
|2019.05.30|Digital Shadows|[[2.3 billion files exposed across online file storage technologies|https://www.digitalshadows.com/blog-and-research/2-billion-files-exposed-across-online-file-storage-technologies/]] ([[rapport|https://info.digitalshadows.com/TooMuchInfoTheSequel-blog.html]])|Data_Leaks|
|2019.05.30|Help Net Security| → [[2.3B Files Currently Exposed via Online Storage|https://www.darkreading.com/threat-intelligence/23b-files-currently-exposed-via-online-storage/d/d-id/1334843]]|Data_Leaks|
|2019.05.30|Threatpost| → [[2.3B Files Exposed in a Year: A New Record for Misconfigs|https://threatpost.com/files-exposed-record-misconfigs/145177/]]|Data_Leaks|
|2019.05.30|ZDnet| → [[Cybersecurity: The number of files exposed on misconfigured servers, storage and cloud services has risen to 2.3 billion|https://www.zdnet.com/article/cybersecurity-the-number-of-files-exposed-on-misconfigured-servers-storage-and-cloud-services-has-risen-to-2-3-billion/]]|Data_Leaks|
|2019.05.30|CBR Online| → [[Colossal 2.3 Billion Files Now Exposed Online|https://www.cbronline.com/news/files-exposed-online]]|Data_Leaks|
|2019.06.03|//Lacework//| → [[Misconfigured Servers Leave 2.3 Billion Private Files Exposed|https://www.lacework.com/misconfigured-servers-s3-billion-files-exposed/]]|Data_Leaks|
|2019.05.30|SecurityTrails|[[Cloud security, open S3 buckets and where do we stand now: Interview with Vincent Yiu|https://securitytrails.com/blog/vincent-yiu]]|AWS S3|
|2019.05.30|CSO Online|[[A hacker or your cloud provider. Who presents the greatest risk to your data?|https://www.csoonline.com/article/3386838/a-hacker-or-your-cloud-provider-who-presents-the-greatest-risk-to-your-data.html#tk.rss_cloudsecurity]]|Risks|
|2019.05.30|//Twistlock//|[[Breaking Out of rkt - 3 New Unpatched CVEs|https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/]]|rkt Container Flaw|
|2019.06.02|SecurityWeek| → [[rkt Container Runtime Flaws Give Root Access to Host|https://www.securityweek.com/rkt-container-runtime-flaws-give-root-access-host]]|rkt Container Flaw|
|2019.05.30|//Appriver//|[[Threat Alert: Malware Being Hosted On Azure|https://blog.appriver.com/threat-alert-microsoft-azure-malware]]|Alert Azure|
|2019.05.30|//TrendMicro//|![[Infected Cryptocurrency-Mining Containers Target Docker Hosts With Exposed APIs, Use Shodan to Find Additional Victims|https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/]]|Docker Attacks|
|2019.05.30|Bleeping Computer| → [[Compromised Docker Hosts Use Shodan to Infect More Victims|https://www.bleepingcomputer.com/news/security/compromised-docker-hosts-use-shodan-to-infect-more-victims/]]|Docker Attacks|
|2019.05.30|//Azure//|[[Kubernetes - from the beginning, part III scaling my app|https://dev.to/azure/kubernetes-part-iii-scaling-1mmi]]|Azure Kubernetes|
|2019.05.30|//Sensu//|![[Securing your Docker containers|https://blog.sensu.io/securing-your-docker-containers]]|Docker|
|2019.05.30|APAC CIO|[[Security and Agility in the Cloud|https://cloud.apacciooutlook.com/cxoinsights/security-and-agility-in-the-cloud-nwid-6397.html]]|CSA|
|2019.05.30|//Rancher Labs//|[[An Introduction to Containers|https://rancher.com/blog/2019/an-introduction-to-containers/]]|Containers|
|2019.05.30|//Rhino Security Labs//|[[Unauthenticated AWS Role Enumeration (IAM Revisited)|https://rhinosecuritylabs.com/aws/aws-role-enumeration-iam-p2/]]|AWS IAM|
|>|!|>||
|2019.05.29|NCSC UK|[[Building Web Check using PaaS|https://www.ncsc.gov.uk/blog-post/building-web-check-using-paas]]|Controls Best_Practices|
|2019.05.29|TaoSecurity|[[Know Your Limitations|https://taosecurity.blogspot.com/2019/05/know-your-limitations.html]]|Misc|
|2019.05.23|OCIE|![[Safeguarding Customer Records and Information in Network Storage - Use of Third Party Security Features (pdf)|https://www.sec.gov/files/OCIE%20Risk%20Alert%20-%20Network%20Storage.pdf]]|Compliance Risks|
|2019.05.29|//jdSupra//| → [[SEC OCIE Issues Guidance on Advisors' and Broker-Dealers' Cloud-Based and Other Network Storage of Customer Data|https://www.jdsupra.com/legalnews/sec-ocie-issues-guidance-on-advisors-34636/]]|Legal|
|2019.05.28|Bleeping Computer| → [[Microsoft Boosts Shadow IT Discovery for Cloud Security|https://www.bleepingcomputer.com/news/security/microsoft-boosts-shadow-it-discovery-for-cloud-security/]]|ShadowIT|
|2019.05.28|Infowec Institute|[[System administrator vs. cloud administrator|https://resources.infosecinstitute.com/system-administrator-vs-cloud-administrator/]]|Administration|
|2019.05.29|//Cisco//|[[Office 365 phishing|https://blogs.cisco.com/security/office-365-phishing-threat-of-the-month]]|O365 Phishing|
|2019.05.29|//Lacework//|![[The Benefits of a Host-Based IDS for Cloud Environments|https://www.lacework.com/benefits-host-based-ids-cloud/]]|Detection|
|2019.05.28|//Platform9//|[[The Gorilla Guide to Kubernetes in the Enterprise - Chapter 2: Kubernetes Concepts and Architecture|https://platform9.com/blog/kubernetes-enterprise-chapter-2-kubernetes-architecture-concepts/]]|K8s|
|2019.05.29|//Google Cloud//|[[How Google Cloud securely enables modern end-user computing|https://cloud.google.com/blog/products/identity-security/how-google-cloud-securely-enables-modern-end-user-computing]]|GCP|
|2019.05.29|//Microsoft//|[[Develop a risk management strategy for your Azure AD application migration|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Develop-a-risk-management-strategy-for-your-Azure-AD-application/ba-p/566488]]|AzureAD Risks|
|2019.05.29|//Druva//|[[Salesforce Outage Proves You Need to Backup Your SaaS Data|https://www.druva.com/blog/salesforce-outage-proves-you-need-to-backup-your-saas-data/]]|Outage|
|>|!|>||
|2019.05.28|MITRE CVE|Docker (all versions) is vulnerable to a symlink-race attack [[CVE-2018-15664|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664]]|CVE-2018-15664 Docker|
|2019.05.30|Dark Reading| → [[Docker Vulnerability Opens Servers to Container Code|https://www.darkreading.com/vulnerabilities---threats/docker-vulnerability-opens-servers-to-container-code/d/d-id/1334836]]|CVE-2018-15664 Docker|
|2019.05.30|InfoRisk Today| → [[Researcher Describes Docker Vulnerability|https://www.inforisktoday.com/researcher-describes-docker-vulnerability-a-12535]]|CVE-2018-15664 Docker|
|2019.05.29|SecurityWeek| → [[Docker Vulnerability Gives Arbitrary File Access to Host|https://www.securityweek.com/docker-vulnerability-gives-arbitrary-file-access-host]]|CVE-2018-15664 Docker|
|2019.05.29|The Register| → [[Contain yourself, Docker: Race-condition bug puts host machines at risk... sometimes, ish|https://www.theregister.co.uk/2019/05/29/docker_race_condition]]|CVE-2018-15664 Docker|
|2019.05.28|Seclists.org| → [[CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack|https://seclists.org/oss-sec/2019/q2/131]]|CVE-2018-15664 Docker|
|2019.05.28|Bleeping Computer| → [[Unpatched Flaw Affects All Docker Versions, Exploits Ready|https://www.bleepingcomputer.com/news/security/unpatched-flaw-affects-all-docker-versions-exploits-ready/]]|CVE-2018-15664 Docker|
|2019.05.28|//Duo Security//| → [[Docker Bug Allows Root Access to Host File System|https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system]]|CVE-2018-15664 Docker|
|2019.05.28|//Capsule8//| → [[Docker Race Condition: CVE-2018-15664|https://capsule8.com/blog/race-conditions-cloudy-with-a-chance-of-r-w-access/]]|CVE-2018-15664 Docker|
|2019.05.22|GitHub| → [[daemon: archive: pause containers before doing filesystem operations #39252|https://github.com/docker/docker/pull/39252]]|CVE-2018-15664 Docker|
|2019.05.28|DataCenter Magazine[>img[iCSF/flag_fr.png]]|[[Un datacenter AWS à Brétigny-sur Orge ?|http://datacenter-magazine.fr/un-datacenter-aws-a-bretigny-sur-orge/]]|AWS France|
|2019.05.28|Secure Ideas|![[Taming the Jungle: Hardening your AWS infrastructure|https://blog.secureideas.com/2019/05/taming-the-jungle-hardening-your-aws-infrastructure.html]]|AWS Hardening|
|2019.05.28|Bleeping Computer|[[Phishing Emails Pretend to be Office 365 'File Deletion' Alerts|https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/]]|O365 Phishing|
|2019.05.28|Rick Blaisdell|[[Top 3 Security Challenges for Cloud Computing|https://rickscloud.com/top-3-security-challenges-for-cloud-computing/]]|Mitigation|
|2019.05.28|The Last Watchdog|[[Only cloud-based security can truly protect cloud-delivered web applications|https://www.lastwatchdog.com/guest-essay-only-cloud-based-security-can-truly-protect-cloud-delivered-web-applications/]]|Misc|
|2019.05.28|Gigamon|[[What Is Cloud Security?|https://blog.gigamon.com/2019/05/28/what-is-cloud-security/]]|Overview|
|2019.05.28|GCN|[[DISA tests cloud-based internet isolation|https://gcn.com/articles/2019/05/28/disa-cloud-based-internet-isolation.aspx]]|Isolation|
|2019.05.28|GovernmentCIO|[[Closing the Cyber Workforce Gap by Improving the Pipeline|https://www.governmentciomedia.com/closing-cyber-workforce-gap-improving-pipeline]]|CSA|
|2019.05.28|CIO|[[Cloud Transition - 5 Best Practices to Follow|https://www.cio.com/article/3397112/cloud-transition-5-best-practices-to-follow.html]]|CSA|
|2019.05.28|TEISS|[[Software as a security nightmare: the risks of collaboration on the cloud|https://www.teiss.co.uk/information-security/software-as-a-security-nightmare-the-risks-of-collaboration-on-the-cloud/?getcat=3007]]|SaaS Collaboration|
|2019.05.28|DZone|[[How to Create a Docker Machine with A Bridged Network Adapter|https://dzone.com/articles/how-to-create-a-docker-machine-with-a-bridged-netw]]|Docker|
|2019.05.28|//Alibaba Cloud//|![[Xulu: Cryptojacking Leveraging Shodan, Tor, and Malicious Docker Container|https://www.alibabacloud.com/blog/xulu-cryptojacking-leveraging-shodan-tor-and-malicious-docker-container_594869]]|Docker Attacks|
|2019.05.28|//Certfa//|[[Weaponizing of Google Cloud Storage for phishing attacks|https://blog.certfa.com/posts/weaponizing-of-google-cloud-storage-for-phishing-attacks/]]|GCP Phishing|
|2019.05.28|//IBM//|[[Third-Party Risks Need New Approaches|https://securityintelligence.com/posts/third-party-risks-need-new-approaches/]]|Risks|
|2019.05.28|//Armor//|[[Security in the Public Cloud|https://www.armor.com/blog/security-in-the-public-cloud-aws/]]|Public_Cloud|
|2019.05.28|//CCSI//|[[The essential checklist for Cloud security|https://www.ccsinet.com/blog/the-essential-checklist-for-cloud-security/]]|Controls|
|2019.05.28|//Google Cloud//|[[Uploading images directly to Cloud Storage using Signed URL|https://cloud.google.com/blog/products/storage-data-transfer/uploading-images-directly-to-cloud-storage-by-using-signed-url]]|GCP|
|2019.05.28|//Tripwire//|[[How to Secure Your Information on AWS: 10 Best Practices|https://www.tripwire.com/state-of-security/security-data-protection/secure-information-aws-10-best-practices/]]|AWS Best_Practices|
|2019.05.28|//McAfee//|[[Are Your Employees Using Your Data in the Shadows?|https://securingtomorrow.mcafee.com/business/cloud-security/are-your-employees-using-your-data-in-the-shadows/]]|ShadowIT|
|2019.05.28|GovernmentCIO Media|[[Closing the Cyber Workforce Gap by Improving the Pipeline|https://www.governmentciomedia.com/closing-c/yber-workforce-gap-improving-pipeline]]|CSA|
|2019.05.28|Security Boulevard|[[Is Third-Party Risk Assessment Getting Better?|https://securityboulevard.com/2019/05/is-third-party-risk-assessment-getting-better/]]|CSA|
|2019.05.28|SecTank|[[Studie der Cloud Security Alliance identifiziert neue und einzigartige Sicherheitsprobleme in nativen, hybriden und Multi-Cloud-Umgebungen|https://itbrief.com.au/story/hybrid-cloud-security-big-concern-for-business-leaders]]|CSA|
|2019.05.28|//Detectify//|[[Fitting automated security throughout the CI/CD pipeline|https://blog.detectify.com/2019/05/28/fitting-automated-security-throughout-the-ci-cd-pipeline/]]|DevSecOps|
|2019.05.28|//CERTFA//|![[Weaponizing of Google Cloud Storage for phishing attacks|https://blog.certfa.com/posts/weaponizing-of-google-cloud-storage-for-phishing-attacks/]]|GCP Phishing|
|2019.05.28|//Managed Sentinel//|![[On-Premises vs. Azure Cloud Security Stack|https://www.managedsentinel.com/2019/05/28/on-prem-vs-azure/]] (versions [[JPG|https://www.managedsentinel.com/wp-content/uploads/2019/05/azure_cloud_vs_on_prem_v1-1.jpg]] et [[PDF|https://www.managedsentinel.com/downloads/on_prem_vs_azure_security_stack_v1.pdf]])|Azure Security|
|2019.05.28|//Netwrix//|[[Cloud Data Security: 4 Questions to Answer Before Moving Your Data|https://blog.netwrix.com/2019/05/28/cloud-data-security-4-questions-to-answer-before-moving-your-data/]]|Misc|
|>|!|>||
|2019.05.27|DZone|[[One in a Million: How to Survive as a New Cloud Vendor|https://dzone.com/articles/if-i-am-one-amongst-the-million-selling-cloud-is-t]]|Misc|
|2019.05.27|DZone|[[Securing Kubernetes From Within and Without|https://dzone.com/articles/securing-kubernetes-from-within-and-without]]|K8s|
!Conférence technologique SIGS les 12 et 13 juin 2019
[>img(100px,auto)[iCSF/SIGS.png]]Cette conférence aura lieu à Zurich :
* Parmi les intervenants : Freddy Dezeure (ancien responsable du CERT-EU), Paul Vixie (Fairsight Security), Christian Funk (Kaspersky Lab), Richard Meeus (Akamai), Jeff Hamm (FireEye/Mandiant), Laura Koetzle (Forrester)...
* Parmi les sujets abordés : Blockchain, Digital Transformation et Sécurité du Cloud/RGPD.
* Une formation CCSK se déroulera le jeudi 13 juin. Le code "//CSA-CONF2019//" permt d'avoir une réduction.
Pour en savoir plus et s'inscrire :
* Le site de la conférence → ''[[sig-switzerland.ch/conference/|https://www.sig-switzerland.ch/conference/sigs-technology-conference-2019/]]''
* Le programme de la conférence → [[formatPDF|https://www.sig-switzerland.ch/wp-content/uploads/2019/03/2019_SIGS_Technology_Agenda_en.pdf]]
* Le détail de la formation CCSK → ''[[sig-switzerland.ch/csa-ccsk|https://www.sig-switzerland.ch/csa-ccsk/]]''
!"//What is a CASB and How Do You Even Say It?//"
[>img(100px,auto)[iCSA_/news-icon.png]]^^Bien que publié le 25 juin 2019 sur le blog de la CSA, cet article l'a déjà été il y a 3 semaines, le 3 juin 2019 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/06/26/what-is-a-casb-and-how-do-you-even-say-it/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/what-is-a-casb-how-do-you-say-it]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Bitglass Security Spotlight: G Suite User Passwords Stored in Plaintext//"
[>img(100px,auto)[iCSA_/news-icon.png]]^^Bien que publié le 6 juin 2019 sur le blog de la CSA, cet article et cette vidéo l'ont déjà été il y a une semaine, le 29 mai 2019 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/06/06/bitglass-security-spotlight-g-suite-user-passwords-stored-in-plaintext/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/bss-gsuite-user-passwords-stored-plaintext]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201905>>
<<tiddler fAll2Tabs10 with: VeilleM","_201905>>
<<tiddler fAll2LiTabs10 with: NewsL","201905>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Mai 2019]]>>
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2019.05.28|MITRE CVE|//Docker (all versions) is vulnerable to a symlink-race attack// [[CVE-2018-15664|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664]]|CVE-2018-15664 Docker|
|2019.05.13|US-CERT|!//Analysis Report: Microsoft Office 365 Security Observations// [[AR19-133A|https://www.us-cert.gov/ncas/analysis-reports/AR19-133A]]|O365|
|2019.05.08|MITRE CVE|//Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the 'root' user.// [[CVE-2019-7021|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5021]]|CVE-2019-5021|
|>|>|>|!Flaws|
|2019.05.30|//Twistlock//|[[rkt enter vulnerabilities|https://asciinema.org/a/249284]]|rkt|
|2019.05.14|//Twistlock//|[[rkt / enter mknod POC|https://asciinema.org/a/246103]]|rkt|
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Mai 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Mai 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201905>>
<<tiddler fAll2LiTabs13end with: Blog","201905>><<tiddler .ReplaceTiddlerTitle with: [[Blog - Mai 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Mai 2019]]>><<tiddler fAll2LiTabs13end with: Publ","201905>>
!"//Roadmap to Earning your Certificate in Cloud Security Knowledge (CCSK)//"
[>img(200px,auto)[iCSA_/CCSK-Blog.jpg]]Article de blog publié le 23 mai 2019 — Rédigé par Ryan Bergsma, Training Program Director, Cloud Security Alliance
<<<
Dans cet article, nous examinerons comment obtenir votre certification [[CCSK]], à partir du matériel de formation, de la façon de se préparer, des détails sur l'examen (y compris la répartition des modules), les taux de réussite, le format, etc.
Si vous envisagez de passer votre CCSK ou êtes simplement curieux, cela vous donnera une bonne idée de ce qui vous attend et des ressources disponible pour vous préparer. En fin d'article, vous trouverez quelques recommandations sur comment continuer à apprendre sur le domaine de la sécurité du Cloud un fois votre [[CCSK]] acquis.
[...]
* Etape n°1 : Ce que vous devrez apprendre
* Etape n°2 : Comment étudier et se préparer
* Etape n°3 : Comprendre comment l'examen se passe
* Etape n°4 : Passer l'examen de certification
* Etape n°5 : Cpitaliser sur vos acquis du CCSK
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/05/28/roadmap-to-earning-your-certificate-in-cloud-security-knowledge-ccsk/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 20 au 26 mai 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Appel à commentaires sur le document "''Six Pillars of DevSecOps''"+++*[»]> <<tiddler [[2019.05.22 - Appel à commentaires : document 'Les Six Piliers de DevSecOps']]>>=== (avant le 6 juin)
* Blog : "''Quelles conséquences si les mécanismes de chiffrement pouvaient être cassés ?''"+++*[»]> <<tiddler [[2019.05.23 - Blog : Quelles conséquences si les mécanismes de chiffrement pouvaient être cassés ?]]>>===
* Publication : "''Preparing Enterprises for the Quantum Computing Cybersecurity Threats''"+++*[»]> <<tiddler [[2019.05.23 - Publication : Preparing Enterprises for the Quantum Computing Cybersecurity Threats]]>>===
* Blog : "''Un an de RGPD et les plaintes illégitimes''"+++*[»]> <<tiddler [[2019.05.22 - Blog : Un an de RGPD et les plaintes illégitimes]]>>===
* Blog : "''Challenges de sécurité en environnement Cloud natifs, hybrides et mutltiples''"+++*[»]> <<tiddler [[2019.05.21 - Blog : Challenges de sécurité en environnement Cloud natifs, hybrides et mutltiples]]>>=== et publication ''New and Unique Security Challenges in Native Cloud, Hybrid and Multi-cloud Environments''+++*[»]> <<tiddler [[2019.05.21 - Publication : Challenges de sécurité en environnement Cloud natifs, hybrides et mutltiples]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.05.26 - Veille Hebdomadaire - 26 mai]] avec une cinquantaine de liens dont :
* Réflexions sur des attaques et le phishing O365
* Gestion des risques
* Détection, Réponse et Conformité
!!3 - Agenda
* 24 juin : ''CSA EMEA Summit'' à Tel Aviv+++*[»]> <<tiddler [[2019.06.24 - CSA EMEA Summit 2019 - Tel Aviv]]>>===
* 28 juin : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
|!Mai|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.05.26|
|2019.05.26|CyberDefense Mag|[[Cloud Clout & the Chinese agnostic|http://www.cyberdefensemagazine.com/cloud-clout-the-chinese-agnostic/]]|China|
|>|>|>|!2019.05.25|
|2019.05.25|//Verizon//|![[CISO's Guide to Cloud Security|https://enterprise.verizon.com/resources/whitepapers/cisos-guide-to-cloud-security-final.pdf]] (pdf)|Strategy|
|2019.05.25|//Alibaba Cloud//|[[Data Encryption at Storage on Alibaba Cloud|https://medium.com/@Alibaba_Cloud/data-encryption-at-storage-on-alibaba-cloud-9f3bc790d890]]|Encryption|
|2019.05.24|The Test Labs|![[Hacking AWS|https://thetestlabs.io/post/hacking-aws/]] |CloudGoat Challenge|
|>|>|>|!2019.05.24|
|2019.05.24|DZone|[[Most Important Security Elements (1/2)|https://dzone.com/articles/most-important-security-elements-part-1]]|Misc|
|2019.05.24|DZone|[[AWS Cloud Security Best Practices|https://dzone.com/articles/aws-cloud-security-best-practices]]|AWS|
|2019.05.24|Anton Chuvakin //Gartner//|[[Secure The Wrong Path or Change The Path?|https://blogs.gartner.com/anton-chuvakin/2019/05/24/secure-the-wrong-path-or-change-the-path/]]|Detection Response|
|2019.05.24|Security Boulevard|[[Addressing the Challenges of AWS Security|https://securityboulevard.com/2019/05/addressing-the-challenges-of-aws-security/]]|AWS|
|2019.05.24|//Platform9//|[[The Gorilla Guide to Kubernetes in the Enterprise - Chapter 1: The Changing Development Landscape|https://platform9.com/blog/the-gorilla-guide-to-kubernetes-in-the-enterprise-chapter-1/]]|K8s|
|2019.05.24|//LinkedIn//|[[Cybersecurity Breach: Are we Stopping threats, proving compliance and Growing your business. No !! Rid it to the Cloud :)|https://www.linkedin.com/pulse/cybersecurity-breach-we-stopping-threats-proving-growing-kris-seeburn/]]|Risks|
|2019.05.24|//Security Intelligence (IBM)//|[[Secure Your Hybrid Cloud Environment With Visibility, Control and Flexibility|https://securityintelligence.com/posts/secure-your-hybrid-cloud-environment-with-visibility-control-and-flexibility/]]|Hybrid_Cloud|
|2019.05.24|//Lacework//|[[Securing the Most Vulnerable: Medical Device and Patient Data Security is Critical|https://www.lacework.com/medical-healthcare-patient-cloud-security/]]|Healthcare|
|2019.05.24|//Fugue//|[[Shift Left on Cloud Security, Part II - Phases of the SDLC|https://www.fugue.co/blog/shift-left-on-cloud-security-part-ii-phases-of-the-sdlc]] (2/3)|Risks|
|2019.05.24|//DivvyCloud//|[[What is Cloud Security Posture Management (CSPM)|https://divvycloud.com/blog/what-is-cloud-security-posture-management/]]|Management|
|2019.05.24|Security Brief NZ|[[Hybrid cloud security big concern for business leaders|https://securitybrief.co.nz/story/hybrid-cloud-security-big-concern-for-business-leaders]]|CSA|
|2019.05.24|IT Brief|[[Hybrid cloud security big concern for business leaders|https://itbrief.com.au/story/hybrid-cloud-security-big-concern-for-business-leaders]]|CSA|
|2019.05.24|Security Boulevard|[[One Year Later - Has GDPR Really Been that Big of a Deal?|https://securityboulevard.com/2019/05/one-year-later-has-gdpr-really-been-that-big-of-a-deal/]]|CSA|
|>|>|>|!2019.05.23|
|2019.05.23|Office of Compliance Inspections and Examinations|![[Safeguarding Customer Records and Information in Network Storage - Use of Third Party Security Features (pdf)|https://www.sec.gov/files/OCIE%20Risk%20Alert%20-%20Network%20Storage.pdf]]|Compliance Risks|
|2019.05.29|//jdSupra//| → [[SEC OCIE Issues Guidance on Advisors' and Broker-Dealers' Cloud-Based and Other Network Storage of Customer Data|https://www.jdsupra.com/legalnews/sec-ocie-issues-guidance-on-advisors-34636/]]|Compliance Risks|
|2019.05.23|safeControls|[[CCSK Domain 2: Governance and Enterprise Risk Management|https://safecontrols.blog/2019/05/23/ccsk-domain-2-governance-and-enterprise-risk-management/]]|CCSK|
|2019.05.23|SecurityWeek|[[Best Practices for Securely Moving Workloads Into the Cloud|https://www.securityweek.com/best-practices-securely-moving-workloads-cloud]]|Best_Practices|
|2019.05.23|//Azure//|[[Transforming Azure Monitor Logs for DevOps, granular access control, and improved Azure integration|https://azure.microsoft.com/en-us/blog/transforming-azure-monitor-logs-for-devops-granular-access-control-and-imporved-azure-integration/]]|Azure AccessControl|
|2019.05.23|//Azure//|![[Uncovering Linux based cyberattack using Azure Security Center|https://www.microsoft.com/security/blog/2019/05/23/uncovering-linux-based-cyberattack-using-azure-security-center/]]|Attacks|
|2019.05.23|//Google Cloud//|[[Cloud Audit Logs: Integrated audit transparency for GCP and G Suite|https://cloud.google.com/blog/products/identity-security/cloud-audit-logs-integrated-audit-transparency-for-gcp-and-g-suite]]|Logging|
|2019.05.23|//PaloAlto Networks//|[[The Big Cloud 5: A Holistic Cloud Security Strategy|https://blog.paloaltonetworks.com/2019/05/cloud-big-cloud-5-holistic-cloud-security-strategy/]]|Strategy|
|2019.05.23|//Radware//|[[How to (Securely) Share Certificates with Your Cloud Security Provider|https://blog.radware.com/security/cloudsecurity/2019/05/how-to-securely-share-certificates-with-your-cloud-security-provider/]]|Certificates|
|2019.05.23|//CloudPassage//|[[Making Security and Compliance a Priority in the Cloud|https://blog.cloudpassage.com/2019/05/23/cloud-security-compliance-priority/]]|Compliance|
|2019.05.23|//Darktrace//|[[Software as a Security nightmare: The risks of collaboration in the cloud|https://www.darktrace.com/en/blog/software-as-a-security-nightmare-the-risks-of-collaboration-on-the-cloud/]]|Collaboration|
|2019.05.23|//Threatstack//|[[Defining the "Full Stack" in Full Stack Security Observability|https://www.threatstack.com/blog/defining-the-full-stack-in-full-stack-security-observability]]|Observability|
|2019.05.23|AIthority|[[Cloud Security Alliance Study Identifies New and Unique Security Challenges in Native Cloud|https://aithority.com/computing/cloud-security-alliance-study-identifies-new-and-unique-security-challenges-in-native-cloud/]]|CSA|
|2019.05.23|//Aporeto//|[[How to Combat Cloud Hacking|https://www.aporeto.com/blog/how-to-combat-cloud-hacking/]]|KillChain|
|>|>|>|!2019.05.22|
|2019.05.22|CloudTech|[[Cloud providers are under attack - and sabotaged services will freeze operations|https://www.cloudcomputing-news.net/news/2019/may/22/cloud-providers-are-under-attack-and-sabotaged-services-will-freeze-operations/]]|Attacks|
|2019.05.22|Help Net Security|[[The security challenges of managing complex cloud environments|https://www.helpnetsecurity.com/2019/05/22/security-challenges-cloud-environments/]]|CSA|
|2019.05.22|//Google Cloud//|[[Container Forensics: What to Do When Your Cluster is a Cluster (pdf)|https://static.sched.com/hosted_files/kccnceu19/c4/KubeConEU%20-%2020190522%20-%20Container%20Forensics.pdf]]|Forensics Containers Conference|
|2019.05.22|//Azure//|[[Kubernetes - from the beginning, part II, Pods, Nodes and Services|https://dev.to/azure/kubernetes-part-ii-revisiting-pods-and-nodes-and-introducing-services-and-labeling-5fi7]]|Azure Kubernetes|
|2019.05.22|//Illusive Networks//|![[A Deception Technologist's View of Cloud Security|https://blog.illusivenetworks.com/a-deception-technologists-view-of-cloud-security]]|Deception|
|2019.05.22|//IbexLabs//|[[Security Issues in Cloud Computing|https://www.ibexlabs.com/security-issues-in-cloud-computing/]]|Risks|
|>|>|>|!2019.05.21|
|2019.05.21|KIT ITEC|[[Vulnerability of Cloud Service Hardware Uncovered|https://www.kit.edu/kit/english/pi_2019_068_vulnerability-of-cloud-service-hardware-uncovered.php]]|Hardware Flaw|
|2019.05.21|InfoSec Institute|![[Top 4 cloud security certifications|https://resources.infosecinstitute.com/top-4-cloud-security-certifications/]]|CCSK|
|2019.05.21|Betanews|[[Most enterprises now run containers in production|https://betanews.com/2019/05/21/enterprise-containers-production/]]|Containers|
|2019.05.20|//Portworx//| → [[2019 Container Adoption Survey (inscription)|https://go.portworx.com/2019-Container-Adoption-Survey.html]]|Containers|
|2019.05.21|Threatpost|[[Data Security in the Cloud: How to Lock Down the Next-Gen Perimeter|https://threatpost.com/data-security-cloud-next-gen-perimeter/144938/]] ([[Vidéo|http://www.youtube.com/watch?v=YkfOi8pkMJ4]])|CSA|
|2019.05.21|TechRepublic|[[How to improve cloud provider security: 4 tips|https://www.techrepublic.com/article/the-top-concerns-among-it-pros-using-cloud-environments/]]|Risks|
|2019.05.21|Security Boulevard|[[Microsoft Again Most Spoofed as Office 365 Phishing Evolves|https://securityboulevard.com/2019/05/microsoft-again-most-spoofed-as-office-365-phishing-evolves/]]|O365 Phishing|
|2019.05.21|//Azure//|[[Build a strong identity foundation with Azure AD provisioning|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Build-a-strong-identity-foundation-with-Azure-AD-provisioning/ba-p/576246]]|Identity Provisioning Workday|
|2019.05.21|//Cyberark//|[[Five Key Steps to Bring DevOps and Security Teams into Alignment (1/5)|https://www.cyberark.com/blog/five-key-steps-to-bring-devops-and-security-teams-into-alignment/]]|DevOps|
|2019.05.21|Cyber Defense Mag|[[Key Considerations for Identity Governance in the Cloud|https://www.cyberdefensemagazine.com/key-considerations-for-identity-governance-in-the-cloud/]]|Identity Governance|
|2019.05.21|//Infocyte//|[[Infocyte HUNT Cloud for AWS: Detection and IR for high-growth cloud environments|https://www.helpnetsecurity.com/2019/05/21/infocyte-hunt-cloud-for-aws/]]|Detection Response|
|2019.05.21|Security Discovery|[[Golf App Exposes 218k Users' Data Online|https://securitydiscovery.com/game-golf/]]|DataLeak GameGolf|
|2019.05.21|ThreatPost| → [[Millions of Golfers Land in Privacy Hazard After Cloud Misconfig|https://threatpost.com/golfers-privacy-hazard-game-golf/144918/]]|DataLeak GameGolf|
|2019.05.21|//Netskope//|[[Cloud Security Use Case #1: Control Data Exposure|https://www.netskope.com/blog/cloud-security-use-case-control-data-exposure]]|CASB|
|2019.05.21|//Fugue//|[[PCI Compliance Simplified|https://www.fugue.co/blog/pci-compliance-simplified]]|PCI Compliance|
|2019.05.21|//CCSI//|[[Cloud Security a Shared Responsibility - Shared Security Model|https://www.ccsinet.com/blog/cloud-security-model/]]|Responsibility|
|2019.05.21|Dawid Balut|[[13 basic steps to start a practical implementation of DevSecOps at your organisation|https://dawidbalut.com/2019/05/21/13-basic-steps-to-start-a-practical-implementation-of-devsecops-at-your-organisation/]]|DevSecOps|
|>|>|>|!2019.05.20|
|2019.05.20|Kenna Security|![[Nearly 20% of the 1000 Most Popular Docker Containers Have No Root Password|https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/]]|CVE-2019-5021|
|2019.05.21|Bleeping Computer| → [[194 of The Top 1000 Docker Containers Don't Have Root Passwords|https://www.bleepingcomputer.com/news/security/194-of-the-top-1000-docker-containers-don-t-have-root-passwords/]]|CVE-2019-5021|
|2019.05.21|//Cyware//| → [[Nearly 20% of top 1000 most popular Docker containers found using NULL password |https://cyware.com/news/nearly-20-of-top-1000-most-popular-docker-containers-found-using-null-password-2d81ad3c]]|CVE-2019-5021|
|2019.05.20|//Google Cloud//|[[Notifying administrators about unhashed password storage|https://cloud.google.com/blog/products/g-suite/notifying-administrators-about-unhashed-password-storage]]|Vulnerability GCP|
|2019.05.21|Bleeping Computer| → [[Google Stored Unhashed G Suite Passwords for Over a Decade|https://www.bleepingcomputer.com/news/security/google-stored-unhashed-g-suite-passwords-for-over-a-decade/]]|Vulnerability GCP|
|2019.05.22|GBHackrsOnLine Computer| → [[Google Stored G Suite Customer Password in Plain Text Since 2005|https://gbhackers.com/google-stored-g-suite-customer-password-in-plain-text-since-2005/]]|Vulnerability GCP|
|2019.05.20|Help Net Security|[[Companies investing in advanced forensic capabilities to identify attackers in greater detail|https://www.helpnetsecurity.com/2019/05/20/companies-using-forensic-investigations/]]|Forensics|
|2019.05.20|TechCrunch|[[Millions of Instagram influencers had their private contact data scraped and exposed|https://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/]]|DataLeak Instagram|
|2019.05.20|SiliconAngle| → [[Instagram user information exposed on misconfigured AWS instance|https://siliconangle.com/2019/05/20/instagram-user-information-exposed-misconfigured-aws-instance/]]|DataLeak Instagram|
|2019.05.20|CCN| → [[Instagram Data Breach Reports Prove You Should Skip Facebook's Crypto|https://www.ccn.com/instagram-data-breach-facebook-crypto]]|DataLeak Instagram|
|2019.05.21|Security Boulevard| → [[49 Million Instagram Users' Private Data Leaked via AWS|https://securityboulevard.com/2019/05/49-million-instagram-users-private-data-leaked-via-aws/]]|DataLeak Instagram|
|2019.05.21|Dark Reading| → [[49 Million Instagram Influencer Records Exposed in Open Database|https://www.darkreading.com/cloud/49-million-instagram-influencer-records-exposed-in-open-database/d/d-id/1334775]]|DataLeak Instagram|
|2019.05.20|//Tripwire//|![[Letting Go While Holding On: Managing Cyber Risk in Cloud Environments|https://www.tripwire.com/state-of-security/security-data-protection/managing-cyber-risks-cloud-sourced-environment/]]|Risks|
|2019.05.20|//BitDefender//|[[Phishing Attacks against SaaS, Webmail Services Rise Sharply in Q1|https://businessinsights.bitdefender.com/phishing-attacks-against-saas-webmail-services-rise-sharply-in-q1]]|Attacks|
|2019.05.20|//Aporeto//|[[Application-aware Security, Part 3: Authentication & Communication Protocol|https://www.aporeto.com/blog/application-aware-security-authentication-communication-protocol-tcp/]] (3/5)|Misc|
|2019.05.20|//StorageCraft//|[[How MSPs Can Succeed in the Cloud Security Market|https://blog.storagecraft.com/how-msps-succeed-cloud-security-market/]]|MSP|
|2019.05.21|Kubernetes|KubeCon + CloudNativeCon Europe 2019: [[Security + Identity + Policy|https://kccnceu19.sched.com/overview/type/Security+%2B+Identity+%2B+Policy]]|K8s Conference|
!"//What Will Happen If Encryption Used to Protect Data in Corporations Can Be Broken?//"
[>img(200px,auto)[iCSA_/PEFTQCCST.png]]Article de blog publié le 23 mai 2019 — Rédigé par Edward Chiu, Emerging Cybersecurity Technologist, Chevron.
<<<
Bien que le développement des ordinateurs quantiques n'en soit qu'à ses balbutiements, le potentiel de cette technologie pour résoudre des problèmes impossibles à résoudre par des ordinateurs classiques intéresse de nombreuses industries.
D'une part, ldes chercheurs de Volkswagen étudient l'utilisation d'ordinateurs quantiques pour aider à optimiser le trafic, et ceux de Roche étudient l'utilisation de l'informatique quantique dans des applications biomédicales.
D'autre part, un ordinateur quantique suffisamment puissant pour exécuter l'algorithme de Shor constitue une grave menace pour le chiffrement asymétrique (à clé publique), vital dans la sécurité des données. L'utilisation du chiffrement asymétrique est omniprésente et va bien au-delà des industries et des entreprises : l'impact de l'informatique quantique est donc très vaste.
Le document "''Preparing Enterprises for the Quantum Computing Cybersecurity Threats''" est publié par le Groupe de travail sur la sécurité quantique du CSA. Il donne un aperçu des risques que pose l'informatique quantique à la cybersécurité et encourage tous les spécialistes et décideurs à se préparer dès à présent.
L'article illustre le côté obscur de l'informatique quantique et son impact sur la cryptographie, la façon dont le chiffrement asymétrique peut être cassé et les mesures pratiques à prendre pour se préparer à cette nouvelle menace.
Les sujets traités dans ce document sont les suivants :
* Qu'est-ce que l'informatique quantique
* Impact de l'informatique quantique sur la cryptographie
* Il est temps de s'y préparer
* Etapes de la préparation pour une ère post-quantique
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/05/23/what-will-happen-if-encryption-used-to-protect-data-in-corporations-can-be-broken/]] sur le blog de la CSA
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j5nq/|https://cloudsecurityalliance.fr/go/j5nq/]]''
!"//What Will Happen If Encryption Used to Protect Data in Corporations Can Be Broken?//"
[>img(100px,auto)[iCSA_/PEFTQCCST.png]]Article de blog publié le 23 mai 2019 — Rédigé par Edward Chiu, Emerging Cybersecurity Technologist, Chevron.
<<<
L'informatique quantique, tout en contribuant à de nombreuses avancées technologiques, va également casser les systèmes actuels basés sur le chiffrement à clé asymétrique, mettant ainsi en danger notre infrastructure de sécurité. S'il est difficile de savoir si un tel ordinateur sera à la hauteur du battage médiatique, il faut tout de même se pencher sur les nouvelles menaces qui en découlent, même si une telle machine ne devrait apparaître que dans une dizaine d'années environ. Ce document donne un aperçu de l'informatique quantique, de son impact sur la cryptographie et des mesures à prendre pour se préparer dès présent à la menace quantique
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j5nq/|https://cloudsecurityalliance.fr/go/j5nq/]]''
[>img(200px,auto)[iCSA_/GDPR-Blog.jpg]]Article de blog publié le 22 mai 2019 — Rédigé par John DiMaria; CSSBB, HISP, MHISP, AMBCI, CERP, Assurance Investigatory Fellow, Cloud Security Alliance
<<<
//Le 25 mai, nous célébrerons le premier anniversaire du RGPD. Oui, il y a un an, le RGPD n'était en quelque sorte qu'un sigle de quatre lettres. On paniquait à l'idée de savoir comment on allait s'y conformer et, plus grave, beaucoup ne savaient même pas s'il le fallait. Enfin, pire encore, certains n'en savaient absolument rien du tout.
Le Comité Européen de la Protection des Données (EDPB) a publié un infographique sur le respect et l'application du RGPD de mai 2018 à janvier 2019. Il montre que 95.180 plaintes ont été déposées auprès des autorités nationales de protection des données de l'UE par des personnes qui estiment que les droits que leur confère le RGPD ont été violés. Les deux tiers des plaintes les plus courantes concernaient le télémarketing et les courriels promotionnels que pratiquement toutes les organisations utilisent comme principaux moyens de communication.//
[...]
//Je préfére me concentrer sur un sujet qui ne fait pas beaucoup les gros titres....les plaintes et le temps (et les coûts) consacré à se défendre même si on n'est pas coupable.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/05/22/happy-birthday-gdpr-defending-against-illegitimate-complaints/]] sur le blog de la CSA
⇒ L'infographie du Comité Européen de la Protection des Données ⇒ ''[[CloudSecurityAlliance.fr/go/j5mr/|https://cloudsecurityalliance.fr/go/j5mr/]]''
[>img(100px,auto)[iCSA/CSAdoc.png]]Un appel à commentaires dont la date de clôture est le ''4 juin 2019'' : "Six Pillars of DevSecOps".
<<<
//Dans l'état actuel de la cybersécurité, il y a eu une forte croissance des failles applicatives qui dégradent le processus d'amélioration continue de la sécurité pour assurer la qualité globale du cycle de vie d'un projet.
Les facteurs clés du succès ont la réduction de la complexité des cycles de développement et la mise à disposition des ressources nécessaires à la mise en œuvre d'un environnement de confiance.
C'est là que le DevSecOps se concrétise : c'est l'intégration de la sécurité continue aux niveaux des principes, processus et technologies dans la culture, les pratiques et les flux de travail de DevOps. Les "Six Piliers de DevSecOps" visent à introduire des concepts utilisables et permettant aux entreprises de progresser. Avec des cas d'utilisation à suivre, ce document permet aux professionnels de l'industrie de prendre les concepts et de les appliquer à leurs propres besoins.//
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j5mo/|https://cloudsecurityalliance.fr/go/j5mo/]]''
Article de blog publié le 21 mai 2019 — Rédigé par Hillary Barron, Research Analyst, Cloud Security Alliance
<<tiddler [[2019.05.21 - Publication : Challenges de sécurité en environnement Cloud natifs, hybrides et mutltiples]]>>
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/05/21/security-challenges-hybrid-multi-cloud/]] sur le blog de la CSA
!"//New and Unique Security Challenges in Native Cloud, Hybrid and Multi-cloud Environments//"
<<<
[>img(100px,auto)[iCSA_/Cloud-Security-Complexity.png]]//Le dernier sondage de la [[Cloud Security Alliance]], "Cloud Security Complexity: Challenges in Managing Security in Hybrid and Multi-Cloud Environments", examine les problèmes de sécurité de l'information dans un environnement cloud complexe.
Commandée par AlgoSec, l'enquête menée auprès de 700 professionnels des TIC et de la sécurité vise à analyser et à mieux comprendre le niveau d'adoption et de sécurité dans les environnements sécurisés hybrides et multi-cloud actuels, notamment le cloud public, privé, ou l'utilisation de plusieurs plateformes cloud public.//
//Les sujets abordés dans le rapport sont les suivants ://
* //Types de plates-formes de cloud actuellement utilisées//
* //Proportion d'environnements actifs dans le Cloud//
* //De nouveaux environnements devant être migrés vers le cloud//
* //Risques et préoccupations anticipés au sujet des migrations potentielles vers le nuage//
* //Défis liés à la gestion de la sécurité après l'adoption des technologies cloud//
* //Méthodes pour relever ces défis sécurité//
* //Défis liés aux pannes réseau ou d'application//
* //Méthodes et résultats du traitement des pannes et des incidents de sécurité//
//Principales conclusions sur la complexité de l'informatique dans les nuages
L'enquête illustre la nécessité, au sein de notre industrie, de mieux répondre à ces questions avant d'adopter les technologies dans le Cloud afin de créer des environnements réseaux pratiques et faciles à gérer - plutôt que de simplement éteindre les incendies qui surviennent après le déploiement de nouvelles technologies. Il souligne également la nécessité de maintenir les connaissances spécifiques aux services Cloud pendant la croissance du service dans le but de se tenir toujours informé des nouvelles caractéristiques et fonctionnalités.//
//Plus précisément, l'enquête a révélé que ://
* //Le Cloud engendre des problèmes de configuration et de visibilité//
* //Les erreurs humaines et les erreurs de configuration sont les principales causes de pannes.//
* //La conformité des nuages et les préoccupations juridiques sont des préoccupations majeures.//
* //La sécurité est la préoccupation majeure dans les projets Cloud.//
[...]
<<<
⇒ Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j5lx/|https://cloudsecurityalliance.fr/go/j5lx/]]''
|!Mai|!Sources|!Titres et Liens|!Synthèses|
|2019.05.21|CSA|[[Cloud Security Alliance Study Identifies New and Unique Security Challenges in Native Cloud, Hybrid and Multi-cloud Environments|https://cloudsecurityalliance.org/articles/cloud-security-alliance-study-identifies-new-and-unique-security-challenges-in-native-cloud-hybrid-and-multi-cloud-environments/]]|Holistic cloud visibility and control over increasingly complex environments are essential for successful deployments in various cloud scenarios|
|2019.05.13|CSA|[[Registration Opens for Cloud Security Alliance Congress EMEA 2019|https://cloudsecurityalliance.org/articles/csa-congress-emea-2019-registration-open/]]|Registration has opened for the annual CSA Congress EMEA (Berlin, Nov. 18-21, 2019). This multi-day conference will offer cloud security professionals a unique mixture of compelling presentations and topical discussions on research, technical and policy development, practice, requirements and tools related to cloud security, privacy and emerging technologies|
|2019.05.07|CSA|[[Cloud Security Alliance Releases Cloud Operating System (OS) - Security Specification Report|https://cloudsecurityalliance.org/articles/cloud-security-alliance-releases-cloud-operating-system-security-specification-report/]]|The first international research report to define technical requirements for cloud OS security specifications and to address their importance|
|2019.05.07|CSA|[[Cloud Security Alliance Releases Software-Defined Perimeter Architecture Guide|https://cloudsecurityalliance.org/articles/csa-releases-software-defined-perimeter-architecture-guide/]]|Produced by the Software-Defined Perimeter Working Group, this Software-Defined Perimeter (SDP) Architecture Guide is designed to help enterprises and practitioners learn more about SDP and the economic and technical benefits it can provide, as well as assist users in implementing SDP in their organizations successfully|
!!1 - Informations CSA de la semaine du 13 au 19 mai 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Appel à commentaires sur le document "''Cloud Octagon Model''"+++*[»]> <<tiddler [[2019.05.09 - Appel à commentaires : document ''Cloud Octagon Model'']]>>=== (avant le 22 mai)
* Blog : article sur l'analyse du DHS/CISA sur les risques liés à Office 365+++*[»]> <<tiddler [[2019.05.14 - Blog : Analyse du DHS/CISA sur les risques liés à Office 365]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.05.19 - Veille Hebdomadaire - 19 mai]] avec une trentaine de liens dont :
* Des attaques dans l'environnement O365, chez Sage et Salesforce, et l'utilisation malveillante de ressources Azure
* Le remplacement d'environnements mainframe par le Cloud
* le WAAP : Web Application and API Protection
!!3 - Agenda
* 24 juin : ''CSA EMEA Summit'' à Tel Aviv+++*[»]> <<tiddler [[2019.06.24 - CSA EMEA Summit 2019 - Tel Aviv]]>>===
* 28 juin : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2019.05.19|safeControls|[[CCSK Domain 1: Cloud Computing Concepts and Architecture|https://safecontrols.blog/2019/05/19/ccsk-domain-1-cloud-computing-concepts-and-architecture/]]|CCSK|
|>|!|>||
|2019.05.18|//Azure//|[[Kubernetes - from the beginning, Part I, Basics, Deployment and Minikube|https://dev.to/azure/kubernetes-from-the-beginning-part-i-4ifd]]|Azure Kubernetes|
|>|!|>||
|2019.05.17|Cyber Defense Mag|[[Cloud direct connects: the best bet for cyber security|https://www.cyberdefensemagazine.com/cloud-direct-connects-the-best-bet-for-cyber-security/]]|Connectivity|
|2019.05.17|The Register|[[Salesforce? Salesfarce: Cloud giant in multi-hour meltdown after database blunder grants users access to all data|https://www.theregister.co.uk/2019/05/17/salesforce_database_outage/]]|Outage Salesforce|
|2019.05.19|SecurityAffairs| → [[Salesforce faced one of its biggest service disruption of ever|https://securityaffairs.co/wordpress/85826/breaking-news/salesforce-service-disruption.html]]|Outage Salesforce|
|2019.05.17|Container Journal|[[Applying DevSecOps to Container Security Headaches|https://containerjournal.com/2019/05/17/applying-devsecops-to-container-security-headaches/]]|DevSecOps Containers|
|2019.05.17|//Amazon//|[[Amazon GuardDuty Adds Two New Threat Detections|https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-guardduty-adds-two-new-threat-detections/]]|AWS Detect|
|2019.05.17|//Amazon//|[[How can I secure the files in my Amazon S3 bucket?|https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/]]|AWS Protection|
|2019.05.17|//Medium//|[[Stealing Downloads from Slack Users|https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63]]|Slack Flaws|
|2019.05.17|//Tenable//| → [[Slack Patches Download Hijack Vulnerability in Windows Desktop App|https://www.tenable.com/blog/slack-patches-download-hijack-vulnerability-in-windows-desktop-app]]|Slack Flaw|
|2019.05.17|SecurityWeek| → [[Slack Flaw Allows Hackers to Steal, Manipulate Downloads|https://www.securityweek.com/slack-flaw-allows-hackers-steal-manipulate-downloads]]|Slack Flaw|
|>|!|>||
|2019.05.16|Bleeping Computer|[[Microsoft Tech Support Scams Invade Azure Cloud Services|https://www.bleepingcomputer.com/news/security/microsoft-tech-support-scams-invade-azure-cloud-services/]]|Azure Attacks|
|2019.05.16|Forensic Focus|[[Facebook's Privacy Manifesto: What Does It Mean For Digital Forensic Investigations?|https://articles.forensicfocus.com/2019/05/16/facebooks-privacy-manifesto-what-does-it-mean-for-digital-forensic-investigations/]]|Forensics|
|2019.05.16|Cloud Native Computing Foundation|[[A year later - updating Container Attached Storage|https://www.cncf.io/blog/2019/05/16/a-year-later-updating-container-attached-storage/]]|Container Storage|
|2019.05.16|Ars Technica|[[Hackers abuse ASUS cloud service to install backdoor on users' PCs|https://arstechnica.com/information-technology/2019/05/asus-cloud-service-abused-to-install-backdoor-on-pcs/]]|Attacks Asus|
|2019.05.16|Solutions Review|[[Cloud Governance: Creating a Framework for Success in the Cloud|https://solutionsreview.com/cloud-platforms/cloud-governance-creating-a-framework-for-success-in-the-cloud/]]|Governance|
|2019.05.16|Container Journal|[[IBM Advances Mainframe Container Strategy|https://containerjournal.com/2019/05/16/ibm-advances-mainframe-container-strategy/]]|Mainframes|
|2019.05.16|DZone|[[Cloud Security: What Every Tech Leader Needs to Know|https://dzone.com/articles/cloud-security-what-every-tech-leader-needs-to-kno]]|Misc|
|2019.05.16|CBR Online|[[Swisscom Dumps Mainframes for Private Cloud - Cuts IT Costs 60%|https://www.cbronline.com/news/lzlabs-swisscom]]|Mainframes|
|2019.05.16|The Register| → [[LzLabs kills Swisscom's mainframes - but it's not the work of a vicious BOFH: All the apps are now living on cloud nine|https://www.theregister.co.uk/2019/05/16/lzlabs_kills_swisscoms_mainframes/]]|Mainframes|
|2019.05.16|The Register|[[Office 365 user security practices are woeful, yet it's still 'Microsoft's fault' when an org is breached|https://www.theregister.co.uk/2019/05/16/why_office_365_security_is_woeful_despite_government_fingerwagging/]]|O365|
|2019.05.16|//WhiteSource//|[[Your Quick Start Guide to Better Kubernetes Security|http://vmblog.com/archive/2019/05/16/your-quick-start-guide-to-better-kubernetes-security.aspx]]|K8s|
|2019.05.16|//PaloAlto Networks//|[[Four Cloud Security Concerns (and How to Address Them)|https://blog.paloaltonetworks.com/2019/05/cloud-security-concerns-address/]]|Misc|
|2019.05.16|//Caylent//|[[Intrusion Protection With Kubernetes|https://caylent.com/intrusion-protection-with-kubernetes/]]|K8s Proection|
|>|!|>||
|2019.05.15|lenny Zeltser|[[How You Can Set up Honeytokens Using Canarytokens to Detect Intrusions|https://zeltser.com/honeytokens-canarytokens-setup/]]|Honeypot|
|2019.05.15|TheNewStack|![[Fresh Spectre Vulnerabilities May Force Cloud Providers to Disable Intel Hyper-Threading|https://thenewstack.io/fresh-spectre-exploits-may-force-cloud-providers-to-disable-intel-hyper-threading/]]|Flaws|
|2019.05.15|TechSpot| → [[Hackers exploit Asus cloud storage to install Plead backdoor on PCs|https://www.techspot.com/news/80112-hackers-exploit-asus-cloud-storage-install-plead-backdoor.html]]|Flaws|
|2019.05.15|//Tripwire//|[[The Latest Techniques Hackers are Using to Compromise Office 365|https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/latest-techniques-hackers-office-365/]]|O365 Attacks|
|2019.05.15|//Webroot//|[[Cloud Services in the Crosshairs of Cybercrime|https://www.webroot.com/blog/2019/05/15/cloud-services-in-the-crosshairs-of-cybercrime/]]|CyberCrime|
|2019.05.15|//DarkTrace//|[[The top 10 cyber hygiene issues that lead to a breach: Part one - A perimeter in ruins|https://www.darktrace.com/en/blog/the-top-10-cyber-hygiene-issues-that-lead-to-a-breach-part-one-a-perimeter-in-ruins/]]|CyberHygiene|
|2019.05.15|//Netskope//|[[Google Storage Bucket Misconfiguration|https://www.netskope.com/blog/google-storage-bucket-misconfiguration]]|Misconfiguration|
|2019.05.15|//Sureline//|[[Survey Says: Majority Of IT Professionals Surveyed Say Data Security Is Preeminent Concern For Migration Initiatives|http://vmblog.com/archive/2019/05/15/survey-says-majority-of-it-professionals-surveyed-say-data-security-is-preeminent-concern-for-migration-initiatives.aspx]]|Survey|
|>|!|>||
|2019.05.14|Professional Defence Community|[[Pacbot - Platform For Continuous Compliance Monitoring, Compliance Reporting And Security Automation For The Cloud|https://www.prodefence.org/pacbot-platform-for-continuous-compliance-monitoring-compliance-reporting-and-security-automation-for-the-cloud/]]|[[Tools|GitHub-Tools]]|
|2019.05.14|Container Journal|[[Kubernetes and OpenShift: Discerning the Differences|https://containerjournal.com/2019/05/14/kubernetes-and-openshift-discerning-the-differences/]]|Containers Kubernetes|
|2019.05.14|The Register|[[Unexpected OutSage: Sage Business Cloud enjoys a Tuesday totter|https://www.theregister.co.uk/2019/05/14/sage/]]|Outage Sage|
|2019.05.14|Informatique News[>img[iCSF/flag_fr.png]]| → [[Les utilisateurs britanniques du cloud Sage victimes d'une panne intermittente le 14 mai|https://www.informatiquenews.fr/les-utilisateurs-britanniques-du-cloud-sage-victimes-dune-panne-intermittente-le-14-mai-61779]]|Outage Sage|
|2019.05.14|ThousandEyes|[[Internet Outage Reveals Reach of China's Connectivity|https://blog.thousandeyes.com/internet-outage-reveals-reach-of-chinas-connectivity/]]|Outage China|
|2019.05.14|BetaNews|[[Providing guardrails for developers to innovate while staying secure in the cloud|https://betanews.com/2019/05/14/guardrails-for-developers/]]|DevSecOps|
|2019.05.14|//Gartner//|[[Networking in the Public Cloud|https://blogs.gartner.com/andrew-lerner/2019/05/14/networking-public-cloud/]]|Networking|
|2019.05.14|//Azure//|[[Azure Firewall and network virtual appliances|https://azure.microsoft.com/en-us/blog/azure-firewall-and-network-virtual-appliances/]]|Azure Firewall|
|2019.05.14|//Netwrix//|[[Survey: 46% of organizations that store customer PII in the cloud consider moving it back on-premises due to security|https://www.prnewswire.com/news-releases/survey-46-of-organizations-that-store-customer-pii-in-the-cloud-consider-moving-it-back-on-premises-due-to-security-concerns-300849708.html]]|Survey PII|
|2019.05.14|BetaNews| → [[46 percent of organizations consider taking personal data out of the cloud|https://www.netwrix.com/survey_organizations_that_store_customer_pii_in_the_cloud_consider_moving_it_back_on_premises_due_to_security_concerns.html]] ([[rapport|https://www.netwrix.com/2019cloudsecurityreport.html]])|Report|
|2019.05.14|//Netwrix//[>img[iCSF/flag_fr.png]]| → [[50% des organisations françaises qui stockent des données dans le cloud ont subi des incidents de sécurité en 2018|http://www.globalsecuritymag.fr/50-des-organisations-francaises,20190514,87014.html]]|Report|
|2019.05.14|//Netwrix//|[[Magecart Supply-chain Frenzy Continues With AppLixir, RYVIU, OmniKick, eGain, AdMaxim, CloudCMS & Picreel|https://www.riskiq.com/blog/labs/cloudcms-picreel-magecart/]]|Attacks Magecart|
|2019.05.14|BetaNews| → [[46 percent of organizations consider taking personal data out of the cloud|https://betanews.com/2019/05/14/cloud-personal-data-security/]]|Report|
|2019.05.14|//PaloAlto Networks//|[[How Are You Tackling Cloud Compliance?|https://blog.paloaltonetworks.com/2019/05/cloud-tackling-cloud-compliance/]]|Compliance|
|2019.05.14|//Whistic//|[[Third Party Risk Assessment & Vendor Management: The Good News|https://blog.whistic.com/third-party-risk-assessment-vendor-management-the-good-news-15275b367101]]|CSA|
|2019.05.14|//AllienVault//|[[Confidence: the perception and reality of cybersecurity threats|https://www.alienvault.com/blogs/security-essentials/confidence-the-perception-and-reality-of-cybersecurity-threats]]|Threats Perception|
|2019.05.14|//AWS//|[[AWS Security Incident Response Guide (pdf)|https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf]]+++*[»]> //Fundamentals of responding to security incidents within the AWS Cloud environment.//=== |Incident_Response Best_Practices|
|>|!|>||
|2019.05.13|US-CERT|![[AR19-133A: Microsoft Office 365 Security Observations8 Considerations for Data Security in the Cloud|https://www.us-cert.gov/ncas/analysis-reports/AR19-133A]] Analysis Report|O365|
|2019.05.13|Bleeping Computer| → [[U.S. Govt Issues Microsoft Office 365 Security Best Practices|https://www.bleepingcomputer.com/news/security/us-govt-issues-microsoft-office-365-security-best-practices/]]|O365|
|2019.05.13|Redmond Channel Partner| → [[CISA: Office 365 Environments Set Up by Partners at Risk of Security Misconfigurations|https://rcpmag.com/blogs/scott-bekker/2019/05/office-365-partners-security-risk.aspx]]|O365|
|2019.05.20|SecurityWeek| → [[DHS Highlights Common Security Oversights by Office 365 Customers |https://www.securityweek.com/dhs-highlights-common-security-oversights-office-365-customers]]|O365|
|2019.05.13|//Outpost24//|[[Protecting what's yours: data security in the cloud|https://outpost24.com/blog/protecting-what-is-yours-data-security-in-the-cloud]]|Data|
|2019.05.13|//Amazon AWS//|Podcast [[#312: Meet the AWS Disaster Response Action Team | May 13, 2019|https://aws.amazon.com/podcasts/aws-podcast/#312]]|AWS DRP Podcast|
|2019.05.13|//Netskope//|![[The Cyber Kill Chain in the Age of Cloud|https://www.netskope.com/blog/the-cyber-kill-chain-in-the-age-of-cloud]]|CyberKillChain|
|2019.05.13|CRN|[[ConnectWise Hit In EU Ransomware Attack|https://www.crn.com/news/channel-programs/connectwise-hit-in-eu-ransomware-attack]]|Outage|
|2019.05.13|//Imperva//|[[Cloud WAAPs Are the Future of Application Security. But What Does That Mean?|https://www.imperva.com/blog/cloud-waaps-are-the-future-of-application-security-but-what-does-that-mean/]]|APIs|
|2019.05.13|//Gemalto//|[[Unmasking Data Masking|https://blog.gemalto.com/security/2019/05/13/unmasking-data-masking/]]|Anonymisation|
|>|!|>||
[>img[iCSF/CISA.png]]Il y a 2 semaines, l'équipe sécurité de Microsoft recommandait aux personnes ayant un accès avec privilèges d'utiliser un dispositif dédié aux tâches administratives, et d'arrêter d'utiliser les seuls mots de passe au profit de l'authentification multi-facteurs (MFA) pour les utilisateurs.
Cette semaine, c'est au tour du ''CISA'' (//Cybersecurity and Infrastructure Security Agency//) du ''DHS'' (//Department of Homeland Security//) américain de publier des recommendations pour les entreprises utilisatrices de Microsoft Office 365.
Le rapport d'analyse ''AR19-133A "Microsoft Office 365 Security Observations"'' met en exergue plusieurs risques associés à la migration de la messagerie dans le Cloud, et des recommandations pour les réduire. Pour le CISA, il faut étendre cette approche aussi aux prestataires et tiers.
Les 4 points abordés sont :
# ''L'authentification multi-facteurs (MFA) n'est pas activée par défaut pour les comptes administrateurs''. Elle devrait l'être de façon proactive, pour éviter que ces comptes à privilèges ne soient directement accessibles depuis Internet.
# ''L'audit des boites aux lettres n'est pas activé par défaut''. Bien que Microsoft ait activé par défaut la fonction de journalisation en janvier 2019, les entreprises ayant mis en oeuvre leurs environnements avant cette date doivent explicitement l'activer. De plus, les fonctions de journalisation doivent toujours être activés de manière proactive par un administrateur.
# ''La synchronisation des mots de passe depuis l'environnement interne augmente l'exposition des environnements Cloud''. Lors de la migration vers O365, il existe une option d'authentification dans Azure AD avec le "Password Sync", qui écrase le mot de passe pour l'environnement cloud par celui de l'environnement interne. Ainsi, si les informations d'authentification d'un compte interne étaient compromises avant la migration, l'intrus pourrait se déplacer latéralement vers le compte O365 après la synchronisation.
# ''Les protocoles de messagerie obsolètes (POP3, IMAP et SMTP) sont suceptibles d'être utilisés avec d'anciens comptes de messagerie qui ne prennent pas en charge l'authentification multi-facteurs''. A défaut de pouvoir les supprimer, ces protocoles ne devraient être utilisés que par un nombre restreint d'utilisateurs.
Les 5 recommandations du CISA sont :
# Utiliser l'authentification multi-facteurs. C'est la meilleure technique de réduction des risques pour protéger les utilisateurs d'O365 contre le vol de leurs éléments d'authentification.
# Activer la journalisation unifiée dans le Security and Compliance Center.
# Activer l'audit des boîtes aux lettres pour chaque utilisateur.
# S'assurer que la synchronisation des mots de passe Azure AD est planifiée et configurée correctement, avant de migrer les utilisateurs.
# Désactiver les protocoles de messagerie existants s'ils ne sont pas requis, ou limiter leur utilisation à des utilisateurs spécifiques.
Les liens à consulter sont les suivants :
* CISA/US-CERT : [[AR19-133A: Microsoft Office 365 Security Observations8 Considerations for Data Security in the Cloud|https://www.us-cert.gov/ncas/analysis-reports/AR19-133A]]
* Bleeping Computer : [[U.S. Govt Issues Microsoft Office 365 Security Best Practices|https://www.bleepingcomputer.com/news/security/us-govt-issues-microsoft-office-365-security-best-practices/]]
* Redmond Channel Partner :[[CISA: Office 365 Environments Set Up by Partners at Risk of Security Misconfigurations|https://rcpmag.com/blogs/scott-bekker/2019/05/office-365-partners-security-risk.aspx]]
* CollabTalk et BYU Marriott School : [[Organizational Security & Compliance Practices in Office 365 (pdf)|http://go.spanning.com/rs/832-UFI-346/images/Organizational_Security_and_Compliance_Practices_in_Office_365.pdf]]
* Microsoft :
** [[Azure AD baseline protection|https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/baseline-protection]]
** [[Mailbox auditing enabled by default|https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Exchange-Mailbox-Auditing-will-be-enabled-by-default/ba-p/215171]]
** [[Unified audit log|https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance]]
** [[Soft matching administrator accounts|https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-tenant]]
** [[Block Office 365 Legacy Email Authentication Protocols|https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication]]
** [[Microsoft security best practices for Office 365|https://docs.microsoft.com/en-gb/office365/securitycompliance/security-best-practices]]<<tiddler [[arOund0C]]>>
!!1 - Informations CSA de la semaine du 6 au 12 mai 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Appel à commentaires sur le document "''Cloud Octagon Model''"+++*[»]> <<tiddler [[2019.05.09 - Appel à commentaires : document ''Cloud Octagon Model'']]>>=== (avant le 22 mai)
* Publication : document "''SDP Architecture Guide v2''"+++*[»]> <<tiddler [[2019.05.07 - Rapport 'SDP Architecture Guide v2']]>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler [[2019.05.07 - Publication : SDP Architecture Guide v2]]>>
[img(25%,1px)[iCSF/BluePixel.gif]] ===
* Publication : document "''Cloud Operating System (OS) Security Specification''"+++*[»]> <<tiddler [[2019.05.08 - Rapport 'Cloud Operating System (OS) Security Specification']]>>
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler [[2019.05.07 - Publication : Cloud OS Security Specification]]>>
[img(25%,1px)[iCSF/BluePixel.gif]] ===
* Blog : commentaires sur les résultats d'un sondage sur l'utilisation de comptes à privilèges dans le Cloud+++*[»]> <<tiddler [[2019.05.10 - Blog : Utilisation de comptes à privilèges dans le Cloud]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.05.12 - Veille Hebdomadaire - 12 mai]] avec plus de ''50 liens'' dont :
* Une alerte sur l'image Docker de Linux Alpine
* Rapport DBIR de Verizon avec l'aspect Cloud mis en évidence, et de Kaspersky sur l'ingéniérie sociale pour compromettre des ressources dans le Cloud
* Attaque : ransomware affectant CloudJumper, un fournisseur WaaS (//workspace as a service//)+++*[»]>
|2019.05.10|MSSP Alert|![[RYUK Ransomware Hits MSP-Centric Cloud Service Provider|https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/ryuk-ransomware-hits-msp-centric-csp/]]|Ransomware CloudJumper|
===
* La sécurisation de Kubernetes
!!3 - Agenda
* 24 juin : ''CSA EMEA Summit'' à Tel Aviv+++*[»]> <<tiddler [[2019.06.24 - CSA EMEA Summit 2019 - Tel Aviv]]>>===
* 28 juin : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
|!Mai|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.05.12|
|2019.05.12|//AttackIQ//|[[Why Is Container Security Important|https://attackiq.com/blog/2019/05/12/why-is-container-security-important/]]|Containers|
|>|>|>|!2019.05.10|
|2019.05.10|TechRadar|[[Best cloud storage of 2019 online: free, paid and business options|https://www.techradar.com/news/the-best-cloud-storage]]|storage|
|2019.05.10|Cloud Native Computing Foundation|[[Kubernetes: Core Concepts|https://www.cncf.io/blog/2019/05/10/kubernetes-core-concepts/]]|K8s|
|2019.05.10|BetaNews|[[Is latency the cloud's Achilles heel? [Q&A]|https://betanews.com/2019/05/10/cloud-latency-qa/]]|Networks|
|2019.05.10|//Google Cloud//|[[API design: Why you should use links, not keys, to represent relationships in APIs|https://cloud.google.com/blog/products/application-development/api-design-why-you-should-use-links-not-keys-to-represent-relationships-in-apis]]|APIs|
|2019.05.10|//Fugue//|[[Understanding Amazon S3 Security and Compliance on AWS|https://www.fugue.co/blog/understanding-amazon-s3-security]]|AWS S3|
|2019.05.10|//eXemplify//|[[8 Considerations for Data Security in the Cloud|http://www.exemplifygroup.com/8-considerations-for-data-security-in-the-cloud/]]|Misc|
|2019.05.10|//Sysdig//|[[MITRE ATT&CK framework for container runtime security with Falco|https://sysdig.com/blog/mitre-attck-framework-for-container-runtime-security-with-sysdig-falco/]]|Containers ATT&CK|
|2019.05.10|MSSP Alert|![[RYUK Ransomware Hits MSP-Centric Cloud Service Provider|https://www.msspalert.com/cybersecurity-breaches-and-attacks/ransomware/ryuk-ransomware-hits-msp-centric-csp/]]|Ransomware RYUK CloudJumper|
|2019.05.10|//FrogTown//|[[The Fundamental Security Concepts in AWS - Part 1 of 3|https://frogtownroad.com/devsecops/the-fundamental-security-concepts-in-aws-part-1-of-3/]] (1/3)|AWS|
|2019.05.10|//FrogTown//|[[The Fundamental Security Concepts in AWS - Part 2 of 3|https://frogtownroad.com/aws/the-fundamental-security-concepts-in-aws-part-2-of-3/]] (2/3)|AWS|
|2019.05.10|//FrogTown//|[[The Fundamental Security Concepts in AWS - Part 2 of 3|https://frogtownroad.com/devsecops/fundamental-security-concepts-in-aws-part-3-of-3/]] (3/3)|AWS|
|>|>|>|!2019.05.09|
|2019.05.09|DZone|[[Deconstructing Serverless Computing Part 2: The Good, the Bad, and the Time to Market|https://dzone.com/articles/deconstructing-serverless-computing-part-2-the-goo]]|Serverless|
|2019.05.09|The Register|[[If Carlsberg did cloud outages, they'd probably look like ConnectWise's|https://www.theregister.co.uk/2019/05/09/connectwise_updates_on_cloud_outage/]]|Outage|
|2019.05.09|Solutions Review|[[Cloud Data Warehouse Types, Benefits and Limitations: A User's Guide|https://solutionsreview.com/data-management/cloud-data-warehouse-types-benefits-and-limitations-a-users-guide/]]|Storage|
|2019.05.09|//XMCO//[>img[iCSF/flag_fr.png]]|[[Kubernetes : dossier en 2 parties|https://www.xmco.fr/actu-secu/XMCO-ActuSecu-51-Dossier_Kubernetes.pdf]] (pdf)|Kubernetes CVE-2018-1002105|
|2019.05.09|//Cloud Management Insider//|[[7 most important security compliances for your cloud infrastructure|https://www.cloudmanagementinsider.com/7-most-important-security-compliances-for-your-cloud-infrastructure/]]|Compliance|
|2019.05.09|//Cloud Management Insider//|[[Discover Cloud Security Threats to your agile Infrastructure|https://www.cloudmanagementinsider.com/cloud-security-threats/]]|Threats|
|2019.05.09|//Security Intelligence//|[[A Brief History of Containerization: Why Container Security Best Practices Need to Evolve Now(1/2)|https://securityintelligence.com/a-brief-history-of-containerization-why-container-security-best-practices-need-to-evolve-now/]]|Containers|
|2019.05.09|//Rapid7//|[[Your Pocket Guide for Cloud SIEM Evaluation|https://blog.rapid7.com/2019/05/09/your-pocket-guide-for-cloud-siem-evaluation/]]|SIEM|
|2019.05.09|//Intezer//|[[Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud|https://www.intezer.com/blog-technical-analysis-cryptocurrency-mining-war-on-the-cloud/]]|Cryptomining|
|2019.05.10|ZDnet| → [[Two crypto-mining groups are fighting a turf war over unsecured Linux servers|https://www.zdnet.com/article/two-crypto-mining-groups-are-fighting-a-turf-war-over-unsecured-linux-servers/]]|Cryptomining|
|2019.05.09|//Cylent//|![[Comparison of Kubernetes Top Ingress Controllers|https://caylent.com/kubernetes-top-ingress-controllers/]]|K8s|
|2019.05.09|//CloudCheckr//|[[Maintain Regulatory Compliance and Increase Cloud Security in the Public Sector|https://cloudcheckr.com/cloud-compliance/compliance-public-sector-increase-security/]]|Compliance|
|2019.05.09|//Aporeto//|[[The Docker Hub Breach and The Move to "Secretless" Infrastructure|https://www.aporeto.com/blog/docker-hub-breach/]]|DataLeak Docker|
|>|>|>|!2019.05.08|
|2019.05.08|MITRE CVE|//Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the 'root' user.// [[CVE-2019-7021|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5021]]|CVE-2019-5021|
|2019.05.09|//Alpine Linux//| → [[Docker Image Vulnerability (CVE-2019-5021)|https://www.alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html]]|CVE-2019-5021|
|2019.05.08|//Talos (Cisco)//| → [[TALOS-2019-0782: Alpine Linux Docker Image root User Hard-Coded Credential Vulnerability|https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782]]|CVE-2019-5021|
|2019.05.08|Bleeping Computer| → [[Bug in Alpine Linux Docker Image Leaves Root Account Unlocked|https://www.bleepingcomputer.com/news/security/bug-in-alpine-linux-docker-image-leaves-root-account-unlocked/]]|CVE-2019-5021|
|2019.05.09|//Tenable//| → [[CVE-2019-5021: Hard-Coded NULL root Password Found in Alpine Linux Docker Images|https://www.tenable.com/blog/cve-2019-5021-hard-coded-null-root-password-found-in-alpine-linux-docker-images]]|CVE-2019-5021|
|2018.08.05|GitHub| → [[Default installation allows user to su to root without password after installing shadow-package|https://github.com/gliderlabs/docker-alpine/issues/430]]|CVE-2019-5021|
|2019.05.08|//Verizon//|![[2019 Verizon Data Breach Investigations Report DBIR (pdf)|https://enterprise.verizon.com/resources/reports/dbir/]] ([[rapport (pdf)|https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf]] et [[synthèse (pdf)|https://enterprise.verizon.com/resources/executivebriefs/2019-dbir-executive-brief.pdf]])|Report Data_Breaches|
|2019.05.08|//Threatpost//| → [[Verizon Data Breach Report: Espionage, C-Suite and Cloud Attacks on the Rise|https://threatpost.com/verizon-dbir-espionage-c-suite-cloud/144486/]]|Report Data_Breaches|
|2019.05.10|Daniel Miessler| → [[My Takeaways from the 2019 DBIR Report|https://danielmiessler.com/blog/my-takeaways-from-the-2019-dbir-report/]]|Report Data_Breaches|
|2019.05.09|SANS|[[How to Protect a Modern Web Application in AWS|https://www.sans.org/reading-room/whitepapers/analyst/protect-modern-web-application-aws-38955]]|Analysis Misc.|
|>|>|>|!2019.05.08|
|2019.05.08|//IbexLabs//|[[AWS Cloud Security Best Practices|https://www.ibexlabs.com/aws-cloud-security-best-practices/]]|AWS|
|2019.05.08|//Netskope//|[[SLUB's the Word: Covert CnC over Slack|https://www.netskope.com/blog/slubs-the-word-covert-cnc-over-slack]] ([[blog initial Trendmicro sur "SLUB"|https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/]])|Attacks Slack|
|2019.05.08|//Google Cloud//|[[Google Cloud networking in depth: What's new with Cloud DNS|https://cloud.google.com/blog/products/networking/google-cloud-networking-in-depth-whats-new-with-cloud-dns]]|!DNS|
|2019.05.08|//VirSec//|[[7 Steps for Businesses to More Effectively Secure Data in the Cloud|https://virsec.com/7-steps-for-businesses-to-more-effectively-secure-data-in-the-cloud/]]|Risks|
|2019.05.08|//VirSec//|[[7 Steps to Better Secure Your Data in the Cloud|https://virsec.com/7-steps-for-businesses-to-more-effectively-secure-data-in-the-cloud/]]|Risks|
|2019.05.08|//Lacework//|[[Visibility is Critical for Workload Threat Defense|https://www.lacework.com/visibility-workload-threat-defense/]]|Awareness|
|>|>|>|!2019.05.07|
|2019.05.07|Graham Cluley|[[An attempt to phish my Amazon Web Services account|https://www.grahamcluley.com/an-attempt-to-phish-my-amazon-web-services-account/]]|Phishing|
|2019.05.07|MOU|[[What Is a Cloud Firewall and Is It Right for Your Network?|https://www.makeuseof.com/tag/what-is-cloud-firewall/]]|Firewalling|
|2019.05.07|VMblog.com|![[The Road to a Better Kubernetes Ingress|http://vmblog.com/archive/2019/05/07/the-road-to-a-better-kubernetes-ingress.aspx]]|K8s|
|2019.05.07|//Kaspersky//|[[Understanding Security of the Cloud: from Adoption Benefits to Threats and Concerns|https://www.kaspersky.com/blog/understanding-security-of-the-cloud/]]|Report|
|2019.05.07|Techrepublic| → [[Companies moving to the cloud still ignore security concerns|https://www.techrepublic.com/article/companies-moving-to-the-cloud-ignore-security-concerns-kaspersky-says/]]|Report|
|2019.05.06|VMblog.com|!—→ [[Nine-in-Ten Data Breaches in the Cloud Caused by Social Engineering, Finds Kaspersky Lab|http://vmblog.com/archive/2019/05/07/nine-in-ten-data-breaches-in-the-cloud-caused-by-social-engineering-finds-kaspersky-lab.aspx]]|Report|
|2019.05.07|//ThreatStack//|[[Cloud Security Observability: How to Reduce Risk in Your Cloud-Native Infrastructure|https://www.threatstack.com/blog/cloud-security-observability-how-to-reduce-risk-in-your-cloud-native-infrastructure]] ([[ebook|https://resources.threatstack.com/ebooks/cloud-security-observability]])|Risks|
|2019.05.07|//Thycotic//|[[Privileged Access Management Solutions Are Shifting to the Cloud: Survey|https://www.securityweek.com/privileged-access-management-solutions-are-shifting-cloud-survey]]|Survey|
|2019.05.07|//ParkMyCloud//|[[Why Serverless Won't Replace Traditional Servers|https://www.parkmycloud.com/blog/why-serverless-wont-replace-traditional-servers/]]|Serverless|
|2019.05.07|//Tripwire//|[[With Great Freedom Comes Great Cloud Responsibility|https://www.tripwire.com/state-of-security/security-data-protection/cloud/great-freedom-great-cloud-responsibility/]]|Responsibility|
|2019.05.07|//CipherCloud//|[[6 Security Concerns with Office 365|https://www.ciphercloud.com/blog/6-security-concerns-with-office-365]]|O365|
|>|>|>|!2019.05.06|
|2019.05.06|Alex DeBrie|![[A Guide to S3 Batch on AWS|https://www.alexdebrie.com/posts/s3-batch/]] |AWS_S3|
|2019.05.06|Wolters Kluwer|[[Public Statement - Network and Service Interruptions|https://wolterskluwer.com/company/newsroom/news/2019/05/media-statement---network-and-service-interruptions.html]]|Incident Outage Wolters_Kluwer|
|2019.05.06|Wolters Kluwer|[[we are experiencing network and service interruptions after certain Wolters Kluwer platforms and applications|https://mobile.twitter.com/WKTAAUS/status/1125778720156004353/]]|Incident Outage Wolters_Kluwer|
|2019.05.07|Krebs on Security|[[What's Behind the Wolters Kluwer Tax Outage?|https://krebsonsecurity.com/2019/05/whats-behind-the-wolters-kluwer-tax-outage/]]|Incident Outage Wolters_Kluwer|
|2019.05.09|InfoRisks Today| → [[Malware Knocks Out Accounting Software Giant Wolters Kluwer|https://www.inforisktoday.com/malware-knocks-out-accounting-software-giant-wolters-kluwer-a-12462]]|Incident Outage Wolters_Kluwer|
|2019.05.09|//Accounting Web//| → [[How to Secure Your Cloud-Based Software in Light of Recent Attacks|https://www.accountingweb.com/technology/trends/how-to-secure-your-cloud-based-software-in-light-of-recent-attacks]]|Incident Outage Wolters_Kluwer|
|2019.05.06|Bleeping Computer|![[Amazon to Disable S3 Path-Style Access Used to Bypass Censorship|https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/]]|AWS API|
|2019.05.06|Dark Reading| → [[Attackers Add a New Spin to Old Scams|https://www.darkreading.com/cloud/attackers-add-a-new-spin-to-old-scams-/d/d-id/1334626]]|Phishing|
|2019.05.06|//Zscaler//|[[Don't overlook OneDrive when planning an Office 365 deployment|https://www.zscaler.com/blogs/corporate/dont-overlook-onedrive-when-planning-office-365-deployment]]|O365|
|2019.05.06|Container Journal|[[Orchestration: Avoiding Container Vulnerabilities|https://containerjournal.com/2019/05/06/orchestration-avoiding-container-vulnerabilities/]]|Containers|
|2019.05.06|//Snyk//|![[Cheat sheet:8 Azure Repos security best practices|https://snyk.io/wp-content/uploads/Cheat-Sheet-8-Azure-Repos-Tips.pdf]]|Azure|
|2019.05.06|//Snyk//| → [[Add a SECURITY.md file|https://snyk.io/blog/add-a-security-md-file-to-your-azure-repos/]]|Azure|
|2019.05.06|//NeuVector//|[[What Is Complete Run-Time Container Security?|https://neuvector.com/container-security/run-time-container-security/]]|Containers|
|2019.05.06|//Netskope//|[[Old Scams Getting New Life in the Cloud|https://www.netskope.com/blog/old-scams-getting-new-life-in-the-cloud]]|Phishing|
|2020.05.06|//AWS//|[[How to BYOK (bring your own key) to AWS KMS for less than $15.00 a year using AWS CloudHSM|https://aws.amazon.com/blogs/security/how-to-byok-bring-your-own-key-to-aws-kms-for-less-than-15-00-a-year-using-aws-cloudhsm/]]|AWS BYOK|
!"//Survey Says: Almost Half of Cloud Workloads Not Controlled by Privileged Access//"
[>img(200px,auto)[iCSA_/Centrify-PAM-7.jpg]]Article de blog publié le 10 mai 2019 — Rédigé par Nate Yocom, Chief Technology Officer, Centrify
<<<
Depuis quelques années, Centrify utilise une statistique de Forrester pour démontrer l'importance de la protection des comptes privilégiés. Elle estime que 80 % des fuites de données mettent en cause des comptes à privikèges. Cela est apparu pour la première fois dans "The Forrester Wave : Privileged Identity Management" au troisième trimestre 2016, puis dans le même rapport au quatrième trimestre 2018.
Récemment, j'ai été ravi de voir les résultats d'un sondage que Centrify a mené avec la société FINN Partners auprès de 1 000 décideurs IT (500 aux Etats-Uni, et 500 au Royaume-Uni) sur leur connaissance des menaces portant sur les comptes à privilèges auxquelles ils sont confrontés, leur compréhension du marché du "Privileged Access Management" (PAM) et comment la technologie "Zero Trust" peut aider à réduire leur risque de faire les gros titres des journaux.
[...]
Certaines fonctionnalités de base et bonnes pratiques du PAM ne sont toujours pas mises en œuvre, à savoir :
* 52% des répondants n'ont pas de coffre-fort à mots de passe ! Il s'agit pourtant de l'une des bases du PAM. Plus de la moitié d'entre eux n'ont même pas de mots de passe privilégiés, ce qui signifie qu'ils sont probablement inscrits sur des feuilles Excel partagées.
* 63% indiquent que leur entreprise met habituellement plus d'une journée pour fermer les accès privilégiés des employés qui quittent leur entreprise.
* 65% partagent encore un accès root ou privilégié à des systèmes ou à des données, du moins assez souvent, y compris à l'infrastructure et aux environnements Cloud.
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/05/10/cloud-workloads-privileged-access/]] sur le blog de la CSA
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j5as/|https://cloudsecurityalliance.fr/go/j5as/]]''
[>img(200px,auto)[iCSA_/CloudOctogonModel-Draft.png]]Un appel à commentaires dont la date de clôture est le ''22 mai 2019'' : "Cloud Octagon Model".
Ce modèle est présenté comme étant une "//approache pour évaluer les risques dans le SaaS//".
__Extrait :__
<<<
//This whitepaper aims to draw upon the security challenges in cloud computing environments and suggest a logical approach to deal with security aspects in a holistic way. We introduce the Cloud Octagon model, in combination with a Common Sense Security Model. This makes it easier for organizations to identify, represent and manage risks in the context of their cloud implementation across multiple risk parties.//
[...]
//The cloud octagon model was developed to serve as a baseline for a risk assessment methodology and to provide practical guidance and structure to all involved risk parties in order to keep up with rapid changes in privacy and data protection laws & regulations and changes in technology and its security implications. Goals of this model are to reduce risks est la technologie du Cloud ?
Imaginez ce cas d'école où Davinci serait une société manageability of the solution and lastly to improve security.//
[...]
<<<
* Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j59k/|https://cloudsecurityalliance.fr/go/j59k/]]''. En le suivant vous serez redirigé vers un document sur GoogleDocs auquel il faudra demander l'accès avec un compte Gmail.
!Cloud Security Alliance Releases Cloud Operating System (OS) Security Specification Report
Communiqué de presse du 8 mai 2019[>img(100px,auto)[iCSA_/cloud-os-security-specification.png]]
<<<
// The first international research report to define technical requirements for cloud OS security specifications and addresses their importance
SINGAPORE - May 8, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released its latest research report, Cloud Operating System (OS) Security Specification. The whitepaper, announced at the annual CSA APAC Summit held in Singapore today, aims to define the technical requirements of cloud OS security specifications, specifically the security functions and requirements (e.g. network, virtualization, data and management security) needed to maintain the smooth operation of the system, protect the data in the cloud, and provide secure and trusted cloud computing services to the cloud service customer
"This is an important step for the cloud computing industry. It will help the industry enhance the security foundation of cloud computing, especially as a reference for the private cloud customer to choose a secure cloud infrastructure vendor," said Xiaoyu Ge, Co-Chair of the Cloud Component Specifications Working Group and Senior Security Standards Manager at Huawei.
Authored by the CSA's Cloud Component Specifications Working Group, the paper addresses the importance of specifying the technical security requirements of cloud OS. [Information security management systems (ISMS) are outside of the scope for this specification.] Currently, whereas the majority of standards related to cloud computing focus on ISMS, there is a lack of internationally recognized technical security specifications for cloud OS.
"This paper is pertinent in helping to clarify and specify technical security requirements of cloud OS that both cloud service providers and users can refer to in order to strengthen their security posture and guard against security threats," said Dr. Hing-Yan Lee, Executive Vice President of Cloud Security Alliance APAC. "CSA believes the industry will benefit from such specifications and related certifications in order to regulate security requirements for the cloud OS to prevent future security threats."
The whitepaper builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000, NIST SP 500-299, and NIST SP 800-144 in the context of cloud-computing security. Security properties and functionalities presented by cloud service providers such as AWS, Google Cloud, Huawei and Microsoft Azure are referenced in this document. While the CSA research artifact "Security Guidance for Critical Areas of Focus in Cloud Computing" is one of the key baseline references in specifying this document, it differs from the other in that it takes the additional step to focus on a specific component in cloud computing-cloud OS.//
[...]
<<<
* Communiqué de presse ⇒ ''[[CloudSecurityAlliance.fr/go/j58p/|https://cloudsecurityalliance.fr/go/j58p/]]''
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j57o|https://cloudsecurityalliance.fr/go/j57o/]]''
* La page du Groupe de Travail "''Cloud Component Specifications Working Group''" ⇒ ''[[CloudSecurityAlliance.fr/go/wgCCS/|https://cloudsecurityalliance.fr/go/wgCCS/]]''
!Cloud OS Security Specification
[>img(100px,auto)[iCSA_/cloud-os-security-specification.png]]
<<<
//This document builds on the foundation provided by ISO/IEC 17788, ISO/IEC 19941, ISO/IEC 27000, NIST SP 500-299, and NIST SP 800-144 in the context of cloud computing security.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j57o|https://cloudsecurityalliance.fr/go/j57o/]]''
!Cloud Security Alliance Releases Software-Defined Perimeter Architecture Guide
Communiqué de presse du 7 mai 2019[>img(100px,auto)[iCSA_/SDP_Architecture_Guide.png]]
<<<
//Document offers a better understanding of how SDP architecture works and can be deployed in unique situations
SEATTLE - May 7, 2019 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today released the Software-Defined Perimeter (SDP) Architecture Guide. Produced by the Software-Defined Perimeter Working Group, this report is designed to help enterprises and practitioners learn more about SDP and the economic and technical benefits it can provide, as well as assist users in implementing SDP in their organizations successfully.
"It's time for us in the information security industry to embrace innovative new tools for network security — specifically via Software-Defined Perimeter SDP technologies — and to include all layers of network stacks in our security efforts," said Shamun Mahmud, Senior Research Analyst, Cloud Security Alliance. "The SDP approach can give security professionals the tools they need to provide a strong, adaptable, and manageable foundation for robust development, operations and security. We hope this document offers a better understanding of how SDP architecture works and how it can be uniquely deployed."
The Architecture Guide provides insight into areas such as:
* Increased market awareness, credibility, and enterprise adoption of SDP;
* Improved understanding of how SDP can be used in different environments;
* Motivation to use SDP to solve enterprise problems;
* Use of this document to educate internal stakeholders about SDP; and
* Ways in which enterprises are successfully deploying SDP solutions based on the architecture recommendations in this paper.
The paper also delves into alternatives to SDP, such as the Zero Trust concept, initially driven by the cyber security firm Forrester, and Google's internal BeyondCorp initiative.//
[...]
<<<
* Communiqué de presse ⇒ ''[[CloudSecurityAlliance.fr/go/j57p/|https://cloudsecurityalliance.fr/go/j57p/]]''
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j57S|https://cloudsecurityalliance.fr/go/j57S/]]''
* La page du Groupe de Travail "''Software Defined Perimeter Working Group''" ⇒ ''[[CloudSecurityAlliance.fr/go/wgSDP/|https://cloudsecurityalliance.fr/go/wgSDP/]]''
!SDP Architecture Guide v2[>img(100px,auto)[iCSA_/SDP_Architecture_Guide.png]]
<<<
//Network security architectures, tools, and platforms are falling far short of meeting the challenges presented by today's threat landscape. Whether you're reading the headlines in mainstream media, working day-to-day as a network defender, or are a security vendor, it's clear that our commercial enterprises, governmental organizations, and critical infrastructures are unable to successfully contend with the ongoing and persistent attacks from a wide variety of attackers.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j57S|https://cloudsecurityalliance.fr/go/j57S/]]''
!!1 - Informations CSA de la semaine du 29 avril au 5 mai 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Blog : le dernier article sur la préparation aux incidents dans AWS
* Derniers jours pour participer au sondage "''IoT Cybersecurity''"+++*[»]> Lien → https://CloudSecurityAlliance.fr/go/j55i/ ===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.05.05 - Veille Hebdomadaire - 5 mai]] avec plus de ''60 liens'' dont :
* Annonces Microsoft sur la protection des données dans O365
* __Attaques__ contre GitHub et GitLab, et fuites de données (Ladders)
* Sondage Cloud et sécurité du SANS, rapports de Virtustream et BlackBlaze
* Article "''Mainframes: The Cloud Before the Cloud''" de Bob Reselman
!!3 - Agenda
* 24 juin : ''CSA EMEA Summit'' à Tel Aviv+++*[»]> <<tiddler [[2019.06.24 - CSA EMEA Summit 2019 - Tel Aviv]]>>===
* 28 juin : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2019.05.04|LeMagIT[>img[iCSF/flag_fr.png]]|[[Kata Containers ou l'étonnant rapprochement entre OpenStack et AWS|https://www.lemagit.fr/actualites/252462851/Kata-Containers-ou-letonnant-rapprochement-entre-OpenStack-et-AWS]]|OpenStack AWS|
|>|!|>||
|2019.05.03|Bleeping Computer|[[Attackers Wiping GitHub and GitLab Repos, Leave Ransom Notes|https://www.bleepingcomputer.com/news/security/attackers-wiping-github-and-gitlab-repos-leave-ransom-notes/]]|Attacks|
|2019.05.03|Container Journal|[[Cloud-Native Security Best Practices|https://containerjournal.com/2019/05/03/cloud-native-security-best-practices/]]|Best_Practices|
|2019.05.03|Cyberspeak Podcast|[[Benefits and challenges of securing your cloud data|https://resources.infosecinstitute.com/benefits-and-challenges-of-securing-your-cloud-data/]] ([[Podcast .mp3|https://media.blubrry.com/infosec_cyberspeak/b/content.blubrry.com/infosec_cyberspeak/The_benefits_and_challenges_of_securing_your_cloud_data.mp3]])|Podcast|
|2019.05.03|DevOps.com|[[Mastering Kubernetes|https://devops.com/mastering-kubernetes/]]|K8s Cartoon|
|2019.05.03|LeBigData|[[Cloud Constellation va construire 10 satellites de stockage de données|https://www.lebigdata.fr/cloud-constellation-leostella]]|Storage|
|2019.05.03|//Lacework//|![[Why Container Security Not Enough|https://www.lacework.com/why-container-security-not-enough/]]|Containers|
|2019.05.03|//Cloudistics//|[[Escaping Legacy Private Cloud|https://www.cloudistics.com/escaping-legacy-private-cloud/]]|Misc|
|2019.05.03|//AppSecCo//|[[AWS changes its PenTesting permission requirement, Appsecco found out exactly what is allowed and what is not|https://blog.appsecco.com/aws-changes-its-pentesting-permission-requirement-appsecco-found-out-exactly-what-is-allowed-and-b3603b85de7]]|AWS PenTesting|
|>|!|>||
|2019.05.02|TechTarget|[[The top cloud security challenges are 'people problems'|https://searchcloudsecurity.techtarget.com/opinion/The-top-cloud-security-challenges-are-people-problems]]|Misc|
|2019.05.02|//WhiteSource//|[[Docker Container Security: Challenges and Best Practices|https://resources.whitesourcesoftware.com/blog-whitesource/docker-container-security-challenges-and-best-practices]]|Docker|
|2019.05.02|//F5 Networks//[>img[iCSF/flag_fr.png]]|[[Vulnérable par défaut : le fléau des mauvaises habitudes dans le Cloud|https://www.solutions-numeriques.com/securite/expertise-f5-networks-vulnerable-par-defaut-le-fleau-des-mauvaises-habitudes-dans-le-cloud/]]|Flaws|
|2019.05.02|MUO|![[Become a Certified Cloud Computing Expert With This AWS Training, Now $49|https://www.makeuseof.com/tag/become-certified-cloud-computing-expert-aws-training-now-49/]]|Training|
|2019.05.02|TeamARIN|![[Economic Factors Affecting IPv6 Deployment|https://teamarin.net/2019/05/02/economic-factors-affecting-ipv6-deployment/]]|IPv6|
|2019.05.02|The Register|[[What a pain in the Azzz-ure: Microsoft Azure, SharePoint, etc knocked offline by DNS blunder|https://www.theregister.co.uk/2019/05/02/microsoft_azure_outage_dns/]]|Outage Azure|
|2019.05.02|SiliconAngle|[[U.S. Bank goes down security-focused path to multicloud|https://siliconangle.com/2019/05/02/u-s-bank-goes-security-focused-path-multicloud-delltechworld/]]|Multi_Cloud|
|2019.05.02|Cloud Native Computing Foundation|[[Rook releases its first major milestone - v1.0|https://www.cncf.io/blog/2019/05/02/rook-releases-its-first-major-milestone-v1-0/]]|K8s Storage|
|2019.05.02|BetaNews|[[Three options companies should consider for backup & storage in 2019|https://betanews.com/2019/05/02/backup-storage-in-2019/]]|Backups|
|2019.05.02|DevOps.com|[[Best Practices for DevOps in the Cloud|https://devops.com/best-practices-for-devops-in-the-cloud/]]|DeOps Best_Practices|
|2019.05.02|VMblog|[[Kubernetes for the Enterprise: Governance and Cost Management|http://vmblog.com/archive/2019/05/02/kubernetes-for-the-enterprise-governance-and-cost-management.aspx]]|K8s|
|2019.05.02|//Barracuda Networks//|[[Threat Spotlight: Account Takeover|https://blog.barracuda.com/2019/05/02/threat-spotlight-account-takeover/]]|Report O365 Attacks|
|2019.05.02|Bleeping Computer| → [[Office 365 Accounts Compromised via ATO Attacks Used in BEC Scams|https://www.bleepingcomputer.com/news/security/office-365-accounts-compromised-via-ato-attacks-used-in-bec-scams/]]|Report O365 Attacks|
|2019.05.06|//TrendMicro//| → [[Compromised Office 365 Accounts Used to Send 1.5 Million Email Threats in March|https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/compromised-office-365-accounts-used-to-send-1-5-million-email-threats-in-march]]|O365 Attacks|
|2019.05.02|//Alcide//|[[Top 5 Best Practices for Healthy Kubernetes 1.14 Environments|https://blog.alcide.io/top-5-best-practices-for-healthy-kubernetes-1.14-environments]]|K8s Best_Practices|
|2019.05.02|//PaloAlto Networks//|[[Healthcare Orgs Move to the Cloud - Are They Secure?|https://blog.paloaltonetworks.com/2019/05/cloud-healthcare-orgs-move-cloud-secure/]]|Healthcare|
|2019.05.02|//ThreatStack//|[[Beyond Checkboxes: 6 Cloud Security Measures All Healthcare Organizations Should Take|https://www.threatstack.com/blog/beyond-checkboxes-6-cloud-security-measures-all-healthcare-organizations-should-take-2]]|Healthcare Best_Practices|
|2019.05.02|//Armor//|[[The Cost of Simple Misconfigurations in the Cloud|https://www.armor.com/blog/the-cost-of-simple-misconfigurations-in-the-cloud/]]|Misconfiguration|
|2019.05.02|//CloudPassage//|[[Cloud requires new approach to security and compliance|https://blog.cloudpassage.com/2019/05/02/new-approach-cloud-security-compliance/]]|Compliance|
|2019.05.02|//AppDynamics//|[[The AppD Approach: Principles of Cloud Metrics|https://www.appdynamics.com/blog/engineering/appd-approach-principles-cloud-metrics/]]|Containers|
|2019.05.02|//Google Cloud//|[[Announcing the winners of the Confidential Computing Challenge|https://cloud.google.com/blog/products/identity-security/announcing-the-winners-of-the-confidential-computing-challenge]]|Confidentiality|
|>|!|>||
|2019.05.01|DevOps.com|![[Mainframes: The Cloud Before the Cloud|https://devops.com/mainframes-the-cloud-before-the-cloud/]]|History|
|2019.05.01|Help Net Security|[[CompTIA unveils a beta exam for its Cloud Essentials+ credential|https://www.helpnetsecurity.com/2019/05/01/comptia-cloud-essentials-credential/]]|Training|
|2019.05.01|//Microsoft//|[[Microsoft Office brings you new privacy controls|https://www.microsoft.com/en-us/microsoft-365/blog/2019/05/01/microsoft-office-new-privacy-controls/]]|Privacy|
|2019.05.01|Cyber Defense eMagazine|[[5 Reasons Why Cloud Security is Important to All Businesses (pdf)|https://www.cyberdefensemagazine.com/newsletters/may-2019/CDM-CYBER-DEFENSE-eMAGAZINE-May-2019.pdf#page=18]]|Misc|
|2019.05.01|Redmond Channel Partner|[[Microsoft Promises More Transparency with Office 365 ProPlus Data Collection|https://rcpmag.com/articles/2019/05/01/office-365-proplus-transparency.aspx]]|O365 Privacy|
|2019.05.01|TechCrunch|[[Ladders Resume Leak|https://techcrunch.com/2019/05/01/ladders-resume-leak/]]|DataLeak AWS|
|2019.05.01|//AlienVault//|[[Who's phishing in your cloud? And, some suggestions for detecting it|https://www.alienvault.com/blogs/labs-research/whos-phishing-in-your-cloud-and-some-suggestions-for-detecting-it]]|Phishing|
|2019.05.01|MSSP Alert|[[Microsoft Azure Cloud Data Leak: User Error?|https://www.msspalert.com/cybersecurity-breaches-and-attacks/microsoft-azure-data-leak/]]|Data_Leaks|
|2019.05.01|//Firemon//|[[Solving the Shared Security Responsibility Dilemma in the Public Cloud: What's Your Role?|https://www.firemon.com/shared-security-responsibility-public-cloud/]]|Shared_Responsibility|
|2019.05.01|//Praetorian//|[[Cloud Data Exfiltration via GCP Storage Buckets and How to Prevent It|https://www.praetorian.com/blog/cloud-data-exfiltration-via-gcp-storage-buckets-and-how-to-prevent-it]]|GCP Exfiltration|
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2019.04.30|Bleeping Computer|[[Microsoft 365 Adds More Control Over Encrypted Emails, Increases Privacy|https://www.bleepingcomputer.com/news/microsoft/microsoft-365-adds-more-control-over-encrypted-emails-increases-privacy/]]|O365 Privacy|
|2019.04.30|SANS|![[SANS 2019 Cloud Security Survey|https://www.sans.org/reading-room/whitepapers/cloud/paper/38940]] (inscription requise)|Survey|
|2019.05.03|Dark Reading| → [[The 2019 State of Cloud Security|https://www.darkreading.com/cloud/the-2019-state-of-cloud-security/d/d-id/1334604]]|Survey|
|2019.04.30|isBuzzNews|[[How To Overcome 3 Key Challenges Of Shared Responsibility In The Cloud|https://www.informationsecuritybuzz.com/articles/how-to-overcome-3-key-challenges-of-shared-responsibility-in-the-cloud/]]|Responsibility|
|2019.04.30|O'Reilly|[[How companies adopt and apply cloud native infrastructure|https://www.oreilly.com/ideas/how-companies-adopt-and-apply-cloud-native-infrastructure]]|Report|
|2019.05.01|Help Net Security| → [[Security and compliance obstacles among the top challenges for cloud native adoption|https://www.helpnetsecurity.com/2019/05/01/cloud-native-adoption-obstacles/]]|Report|
|2019.04.30|//Microsoft//|[[Increasing transparency and customer control over data|https://blogs.microsoft.com/on-the-issues/2019/04/30/increasing-transparency-and-customer-control-over-data/]]|Privacy Transparency|
|2019.04.30|//AWS//|[[Amazon S3 will no longer support path-style API requests starting September 30th, 2020|https://forums.aws.amazon.com/ann.jspa?annID=6776]]|AWS API|
|2019.04.30|//AWS//|[[AWS WAF Security Automations Now Supports Log Analysis|https://aws.amazon.com/about-aws/whats-new/2019/04/aws-waf-security-automations-now-supports-log-analysis/]]|AWS Logging|
|2019.04.30|//Backblaze//|[[Backblaze Hard Drive Stats Q1 2019|https://www.backblaze.com/blog/backblaze-hard-drive-stats-q1-2019//]]|Reliability|
|2019.04.30|//TrendMicro//|[[The Next Enterprise Challenge: How Best to Secure Containers and Monolithic Apps Together, Company-wide|https://blog.trendmicro.com/the-next-enterprise-challenge-how-best-to-secure-containers-and-monolithic-apps-together-company-wide/]]|Containers|
|2019.04.30|//Forcepoint//|[[Top 3 worrisome risks for organizations moving to the cloud|https://www.forcepoint.com/blog/insights/top-3-worrisome-risks-organizations-moving-cloud]]|Risks|
|2019.04.30|//Whistic//|[[Third Party Threat Identification & Handling|https://blog.whistic.com/third-party-threat-identification-handling-971a3c1c8732]]|Risks Third_Party|
|2019.04.30|//Armor//|[[Managed Security Service Providers: A Primer|https://www.armor.com/blog/managed-security-service-providers-a-primer/]]|MSSP|
|2019.04.30|//Pupuweb//|[[How to Avoid Most Common Public Cloud Workload Migration Mistakes|https://pupuweb.com/common-public-cloud-workload-migration-mistakes/]] de [[Insight Cloud + Data Center Transformation|https://www.insightcdct.com/]]|Misc|
|2019.04.30|//NetSkope//|[[Top 6 Questions to Ask Your Cloud DLP Vendor: Robust DLP Capabilities (4/6)|https://www.netskope.com/blog/robust-dlp-capabilities]]|DLP|
|2019.04.30|//Aqua Security//|![[Vulnerabilities in the Container Ecosystem: A Brief History|https://blog.aquasec.com/container-security-vulnerabilities]]|K8s Vulnerabilities Timeline|
|2019.04.30|SANS|[[SANS 2019 Cloud Security Survey|https://www.sans.org/reading-room/whitepapers/analyst/2019-cloud-security-survey-38940]]|Analysis Misc.|
|>|!|>||
|2019.04.29|Network World|[[Does your cloud-access security broker support IPv6? It should|https://www.networkworld.com/article/3391380/does-your-cloud-access-security-broker-support-ipv6-it-should.html#tk.rss_cloudsecurity]]|IPv6|
|2019.04.29|ZDnet[>img[iCSF/flag_fr.png]]|[[Slack met en garde contre un risque élevé de cyber-attaques (avec un impact sur sa performance boursière)|https://www.zdnet.fr/actualites/slack-met-en-garde-contre-un-risque-eleve-de-cyber-attaques-avec-un-impact-sur-sa-performance-boursiere-39884045.htm]]|Slack Risks|
|2019.04.26|//Slack//| → [[Document fourni par Slack à la SEC américaine|https://www.sec.gov/Archives/edgar/data/1764925/000162828019004786/slacks-1.htm]]|Slack Risks|
|2019.04.29|Help Net Security| → [[Slack warns investors it might be targeted by organized crime, nation-state hackers|https://www.helpnetsecurity.com/2019/04/29/slack-potential-threats/]]|Slack Risks|
|2019.04.29|SecurityWeek| → [[Slack Lists Cybersecurity Risks Ahead of Going Public|https://www.securityweek.com/slack-lists-cybersecurity-risks-ahead-going-public]]|Slack Risks|
|2019.04.29|Bleeping Computer|[[Exposed Database Leaks Addresses, Income Info of Millions of Americans|https://www.bleepingcomputer.com/news/security/exposed-database-leaks-addresses-income-info-of-millions-of-americans/]]|Data_Leaks|
|2019.04.29|Dark Reading|[[Docker Forces Password Reset for 190,000 Accounts After Breach|https://www.darkreading.com/attacks-breaches/docker-forces-password-reset-for-190000-accounts-after-breach/d/d-id/1334566]]|DataLeak Docker|
|2019.04.29|Medium| → [[Some tips to review Docker Hub Hack of 190k accounts|https://blog.madhuakula.com/some-tips-to-review-docker-hub-hack-of-190k-accounts-addcd602aade]]|DataLeak Docker|
|2019.04.29|InfoRisk Today| → [[Docker Hub Breach: It's Not the Numbers; It's the Reach|https://www.inforisktoday.com/docker-hub-breach-its-numbers-its-reach-a-12425]]|DataLeak Docker|
|2019.05.01|Container Journal| → [[Docker Hub Breach: What to Do Now|https://containerjournal.com/2019/05/01/docker-hub-breach-what-to-do-now/]]|DataLeak Docker|
|2019.04.29|//Aqua Security//| → [[Docker Hub Unauthorized Access Incident: What You Should Know|https://blog.aquasec.com/docker-hub-incident-container-encryption]]|DataLeak Docker|
|2019.04.29|Cloud Native Computing Foundation|[[What Kubernetes Does and Doesn't do for Security|https://www.cncf.io/blog/2019/04/29/what-kubernetes-does-and-doesnt-do-for-security/]]|K8s|
|2019.04.29|//Microsoft//|[[Overview of privacy controls for Office 365 ProPlus|https://docs.microsoft.com/en-us/DeployOffice/privacy/overview-privacy-controls]]|Privacy|
|2019.04.29|//Microsoft//|[[Understand and improve your security posture with Microsoft 365|https://www.microsoft.com/security/blog/2019/04/29/understand-improve-security-posture-microsoft-365/]]|O365|
|2019.04.30|//Lacework//| → [[Rules and Best Practices Still Couldn't Prevent the Docker Hub Breach|https://www.lacework.com/docker-hub-breach/]]|DataLeak Docker|
|2019.04.29|//McAfee//|[[Grand Theft Data II: The Drivers and Shifting State of Data Breaches (pdf)|https://www.mcafee.com/enterprise/en-us/assets/reports/restricted/rp-data-exfiltration-2.pdf]]|Report|
|2019.04.29|//CyberArk//[>img[iCSF/flag_fr.png]]| → [[Piratage de Docker Hub - Commentaire de CyberArk|http://www.globalsecuritymag.fr/Piratage-de-Docker-Hub-Commentaire,20190430,86615.html]]|DataLeak Docker|
|2019.04.29|//Google Cloud//|[[Using VPC Service Controls and the Cloud Storage Transfer Service to move data from S3 to Cloud Storage|https://cloud.google.com/blog/products/storage-data-transfer/using-vpc-service-controls-and-the-cloud-storage-transfer-service-to-move-data-from-s3-to-cloud-storage]]|Storage|
|2019.04.29|//DivvyCloud//|[[Most Cloud Breaches are Due to Misconfigurations|https://divvycloud.com/blog/cloud-breaches-due-to-misconfigurations/]]|Breaches|
|2019.04.29|//Virtustream//|[[97 percent of Organizations Have Adopted Multicloud Strategies for Mission-critical Applications, New Study Reports|http://vmblog.com/archive/2019/04/29/97-percent-of-organizations-have-adopted-multicloud-strategies-for-mission-critical-applications-new-study-reports.aspx]] ([[.pdf|https://www.virtustream.com/lp/forrester-multicloud-mission-critical-study]])|Report|
|2019.04.29|//F5 Networks//|[[Intentionally Insecure: Poor Security Practices In The Cloud|https://www.informationsecuritybuzz.com/articles/intentionally-insecure-poor-security-practices-in-the-cloud/]]|PoorPractices|
|2019.04.29|//Appriver//|[[Threat Alert Update: Cybercrooks Abusing Azure Custom Domain Name Feature|https://blog.appriver.com/microsoft-azure-customized-domain-name-phishing-attacks-compromised-users-and-geolocation-data-exposed]]|Phishing Azure|
!//Conférence 'Cloud Security Summit 2019' du SANS//
[>img(150px,auto)[iCSF/J4UES.jpg]]Les slides présentées lors du 'Cloud Security Summit 2020' du SANS qui s'est déroulé les 29 et 30 avril 2019 sont maintenant disponibles :
* [[Automating Cloud Security Monitoring at Scale|http://www.sans.org/cyber-security-summit/archives/download/22400]]
* [[Automating the Creation of Network Firewall Rules Using PowerShell and CICD|http://www.sans.org/cyber-security-summit/archives/download/22405]]
* [[Cloud DFIR Why So Cirrus|http://www.sans.org/cyber-security-summit/archives/download/22410]]
* [[Cloud Security at its Finest|http://www.sans.org/cyber-security-summit/archives/download/22415]]
* [[Cloud Security Automation From Infrastructure to App|http://www.sans.org/cyber-security-summit/archives/download/22420]]
* [[Cloud, the Hard Way|http://www.sans.org/cyber-security-summit/archives/download/22425]]
* [[Demonstration of Typical Forensic Techniques for AWS EC2 Instances|http://www.sans.org/cyber-security-summit/archives/download/22430]]
* [[Keep it Flexible How Cloud Makes it Easier and Harder to Detect Bad Stuff|http://www.sans.org/cyber-security-summit/archives/download/22435]]
* [[Locking Them Out of Their Own House Access Control to Cloud at Startups|http://www.sans.org/cyber-security-summit/archives/download/22440]]
* [[Secrets for All the Things The Injection of Secrets for Every Application in Your CloudAgnostic Environment|http://www.sans.org/cyber-security-summit/archives/download/22445]]
* [[Secure by Default Enabling Developers to Focus on Their Mission by Providing Cloud Security for Free|http://www.sans.org/cyber-security-summit/archives/download/22450]]
* [[Securing Your Application Identities|http://www.sans.org/cyber-security-summit/archives/download/22455]]
* [[Serverless Security Attackers and Defenders|http://www.sans.org/cyber-security-summit/archives/download/22460]]
* [[Summit Agenda|http://www.sans.org/cyber-security-summit/archives/download/22465]]
* [[The State of Cloud Security How Does Your Organization Compare|http://www.sans.org/cyber-security-summit/archives/download/22470]]
* [[Who Done It Gaining Visibility and Accountability in the Cloud|http://www.sans.org/cyber-security-summit/archives/download/22475]]
Liens :
* Page d'accueil ⇒ https://www.sans.org/event/cloud-security-summit-2019
* Archives ⇒ https://www.sans.org/cyber-security-summit/archives/
!"//AWS Cloud: Proactive Security and Forensic Readiness - Part 5//"
Article de blog publié le 2 mai 2019 — Rédigé par Neha Thethi, Information Security Analyst, BH Consulting
<<<
__''Cloud AWS : Réponse aux incidents (5^^ème^^ partie)''__
En cas d'atteinte à la protection des données ou d'un incident de sécurité, il est essentiel que votre organisation soit prête à mener des investigations. La préparation consiste à disposer d'un plan ou d'un jeu de procédures, ainsi que d'outils préétablis pour réagir efficacement et atténuer les impacts potentiels. Bien entendu, ces mesures d'intervention seront d'autant plus efficaces qu'elles auront été testée préalablement, et revues lors d'exercices.
Il s'agit du cinquième et dernier article de la série qui se concentre sur le traitement d'incident en environnement AWS.
__''La réponse aux incidents''__[>img(300px,auto)[iCSA_/IR-life-cycle.png]]
Le NIST définit un incident de sécurité comme "//un événement qui compromet réellement ou potentiellement la confidentialité, l'intégrité ou la disponibilité d'un système d'information ou de l'information que le système traite, stocke ou transmet ou qui constitue une violation ou une menace imminente de violation des politiques de sécurité, procédures de sécurité ou politiques d'utilisation acceptable//". La figure ci-contre présente les phases typiques du cycle de vie du traitement d'incident.
__''La réponse aux incidents dans le Cloud AWS''__
La réponse aux incidents dans le Cloud n'est pas très différente de celle des environnements traditionnels. Il existe même plusieurs outils dans l'environnement AWS que vous pouvez utiliser pour faciliter le processus de traitement, tels que AWS CloudTrail, Amazon CloudWatch, AWS Config, AWS CloudFormation, AWS Step Functions... Ces outils vous permettent de suivre, surveiller, analyser et auditer les événements.
Les journaux d'audit sont des ressources inestimables et indispensables pour le processus d'investigation. AWS fournit des journaux d'audit détaillés qui enregistrent les événements importants tels que l'accès aux fichiers et leur modification. Les événements peuvent être traités automatiquement et déclencher des réponses grâce à l'utilisation des API AWS. Vous pouvez pré-provisionner l'outillage et une sorte de "salle blanche" qui vous permettra d'effectuer des analyses fonresiques dans un environnement sûr et isolé.
La liste ci-dessous fournit des recommandations sur la mise en place d'une stratégie de réponse aux incident, l'estimation de l'impact des incidents dans l'environnement AWS, les outils AWS pour se préparer au traitement des incidents, répondre aux notifications d'abus AWS, contenir les cas d'instances EC2 compromises et effacer les informations après investigation.
Quelques points à traiter :
* Comment vous assurerez-vous d'avoir mis en place une stratégie adaptée de réponse aux incidents ?
* Quels outils AWS devriez-vous utiliser pour vous anticiper sur le traitement des incidents ?
* Comment réagirez-vous aux notifications d'abus AWS ?
* Comment allez-vous isoler et restreindre l'accès des utilisateurs à une instance Amazon EC2 compromise ?
* Comment vous assurerez-vous que les informations sensibles sont effacées après investigation ?
[...]
__Liens :__
* [[AWS Well-Architected Framework (pdf)|https://d0.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf]]
* [[AWS Security Pillar (pdf)|https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf]]
* [[AWS Security Best Practices (pdf)|https://d1.awsstatic.com/whitepapers/aws-security-best-practices.pdf]]
* [[What is Amazon CloudWatch Logs?|https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html]]
* [[Automating Incident Response and Forensics in AWS - AWS Summit Sydney 2018|https://www.slideshare.net/AmazonWebServices/automating-incident-response-and-forensics-in-aws-aws-summit-sydney-2018]]
* [[AWS Security Automation (GitHub repository of tools)|https://github.com/awslabs/aws-security-automation]]
* [[NIST Computer Security Incident Handling Guide (pdf)|https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf]]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/05/02/aws-cloud-proactive-security-part-5/]] sur le blog de la CSA
Lien original : http://bhconsulting.ie/data-protection-aws/
!"//Financial Services: Counting on CASBs//"
[>img(100px,auto)[iCSA_/FSCoCASBs.png]]^^Bien que publié le 20 mai 2019 sur le blog de la CSA, cet article et cette vidéo l'ont déjà été il y a __un mois__, le 24 mai 2019 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/05/15/collection-1-data-breach/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/financial-services-counting-on-casbs]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Collection #1 Data Breach//"
[>img(100px,auto)[iCSA_/HackerLaptop.jpg]]^^Bien que publié le 15 mai 2019 sur le blog de la CSA, cet article l'a déjà été il y a __2 mois__, le 6 mars 2019 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/05/15/collection-1-data-breach/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/collection-1-data-breach]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201904>>
<<tiddler fAll2Tabs10 with: VeilleM","_201904>>
<<tiddler fAll2LiTabs10 with: NewsL","201904>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Avril 2019]]>>
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2019.04.07|SANS|[[Fake Office 365 Payment Information Update|https://isc.sans.edu/forums/diary/Fake+Office+365+Payment+Information+Update/24818/]]|O365 Phishing|
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Avril 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Avril 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201904>>
<<tiddler fAll2LiTabs13end with: Blog","201904>><<tiddler .ReplaceTiddlerTitle with: [[Blog - Avril 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Avril 2019]]>><<tiddler fAll2LiTabs13end with: Publ","201904>>
!!1 - Informations CSA de la semaine du 22 au 28 avril 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Publication : charte du groupes de travail "''Open Certification Framework''"+++*[»]> <<tiddler [[2019.04.25 - Publication : Open Certification Framework Working Group Charter]]>>===
* Publication : charte du groupe de travail : "''Hybrid Cloud Security Services''"+++*[»]> <<tiddler [[2019.04.25 - Publication : Hybrid Cloud Security Services Charter]]>>===
* Podcast "[[This Millennium Alliance|2019.04.25 - Blog : Podcast "This Millennium Alliance Podcast" avec la CSA]]"
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.04.28 - Veille Hebdomadaire - 28 avril]] avec 24 liens dont :
* Incidents et fuite chez Docker, protection contre le phishing
* Le Top 10 des menaces
* __Menaces__, détection et réponse aux incidents : aspects cloud et containers
* Backups dans le Cloud
!!3 - Agenda
* 24 juin : ''CSA EMEA Summit'' à Tel Aviv+++*[»]> <<tiddler [[2019.06.24 - CSA EMEA Summit 2019 - Tel Aviv]]>>===
* 28 juin : clôture de l'appel à présentations pour le ''CSA Congress EMEA'' des 20 et 21 novembre 2019 à Berlin+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2019.04.28|//CloudJump//|[[Cloud RADIUS AWS®|https://jumpcloud.com/blog/cloud-radius-aws/]]|Authenticate AWS EADIUS|
|>|!|>||
|2019.04.26|Dark Reading|[[How to Build a Cloud Security Model|https://www.darkreading.com/cloud/how-to-build-a-cloud-security-model/d/d-id/1334552]]|Cloud Security|
|2019.04.26|Bleeping Computer|[[Docker Hub Database Hack Exposes Sensitive Data of 190K Users|https://www.bleepingcomputer.com/news/security/docker-hub-database-hack-exposes-sensitive-data-of-190k-users/]]|DataLeak Docker|
|2019.04.26|The Hacker News| → [[Docker Hub Suffers a Data Breach, Asks Users to Reset Password|https://thehackernews.com/2019/04/docker-hub-data-breach.html]]|DataLeak Docker|
|2019.04.26|PogsDotNet|[[Why do you need an API Gateway|http://www.pogsdotnet.com/2019/04/why-do-you-need-api-gateway.html]]|APIs|
|2019.04.26|Nino Crudele|[[Advanced troubleshooting and security check on Elastic Search cluster|https://ninocrudele.com/advanced-troubleshooting-and-security-check-on-elastic-search-cluster]]|ElasticSearch Troubleshooting|
|>|!|>||
|2019.04.25|//Outpost24//|![[Cloud security tools: Understanding the differences between CASB, CSPM and CWPP|https://outpost24.com/blog/find-the-differences-between-CASB-CSPM-and-CWPP]]|CASB CSPM CWPP|
|2019.04.25|//TrustedSec//|[[Next Gen Phishing - Leveraging Azure Information Protection|https://www.trustedsec.com/2019/04/next-gen-phishing-leveraging-azure-information-protection/]]|Phishing|
|2019.04.25|//Spanning//|[[The Comprehensive SaaS Backup Checklist|https://securityboulevard.com/2019/04/the-comprehensive-saas-backup-checklist/]]|SaaS Backups|
|2019.04.25|//Cyberark//|![[Q&A: Threat Analytics, Detection and Response in the Cloud|https://www.cyberark.com/blog/qa-threat-analytics-detection-and-response-in-the-cloud-your-questions-answered/]]|Detect Respond|
|2019.04.25|//ThreatStack//|[[AWS HIPAA Compliance Best Practices Checklist|https://www.threatstack.com/blog/aws-hipaa-compliance-best-practices-checklist]]|AWS Compliance|
|2019.04.25|//Lacework//|[[Be Quick But Don't Hurry: Container Security in Cloud Environments|https://www.lacework.com/container-security-cloud-environments/]]|Containers Best_Practices|
|2019.04.25|//Lacework//|[[Silent But Deadly: Cloud Security and Cryptomining|https://www.lacework.com/cloud-security-cryptomining/]]|Crytomining|
|2019.04.25|//Forcepoint//|[[Three keys to stronger cloud connectivity and security in distributed networks|https://www.forcepoint.com/blog/insights/three-keys-stronger-cloud-connectivity-and-security-distributed-networks]]|Risks|
|>|!|>||
|2019.04.24|DZone|[[Deconstructing Serverless Computing Part 1: A New Layer of Abstraction|https://dzone.com/articles/deconstructing-serverless-computing-part-1-a-new-l]]|Serverless|
|2019.04.24|Infosec Island|[[How Microsegmentation Helps to Keep Your Network Security Watertight|http://www.infosecisland.com/blogview/25185-How-Microsegmentation-Helps-to-Keep-Your-Network-Security-Watertight.html]]|Cloud Misc.|
|2019.04.24|//StorPool//|[[Public cloud performance measurement report|https://storpool.com/blog/public-cloud-performance-measurement-report]]|Availability|
|2019.04.24|//Swimlane//|[[Understanding Microsoft's OAuth2 implementation - Part 3: Using Microsoft Graph API|https://swimlane.com/blog/microsoft-oauth2-implementation-3/]] (3/3)|OAuth2|
|2019.04.24|//Imperva//|[[Maintaining Privacy in the Cloud|https://www.imperva.com/blog/maintaining-privacy-in-the-cloud-podcast-interview/]] ([[podcast .mp3|https://hwcdn.libsyn.com/p/a/7/2/a72dbeaa7aa4eab9/TerryRayPod.mp3]])|Privacy|
|2019.04.24|//Sensu//|[[Monitoring Kubernetes + Docker, part 3: Sensu + Prometheus|https://blog.sensu.io/monitoring-kubernetes-docker-part-3-sensu-prometheus]]|K8s Docker Monitoring|
|2019.04.24|//Aporeto//|[[Application-aware Security, Part 2: Trust Profile Technology|https://www.aporeto.com/blog/application-aware-security-network-policy-trust-profile-technology/]] (2/5)|Misc|
|>|!|>||
|2019.04.23|//Axians//[>img[iCSF/flag_fr.png]]|[[Les data centers sous l'influence du cloud|https://www.informatiquenews.fr/les-data-centers-sous-linfluence-du-cloud-61417]] ([[Rapport|https://www.axians.fr/fr/decouvrez-la-1ere-etude-datacenters-2018-2021/]])|Report DataCenters|
|2019.04.23|Container Journal|[[Modernizing Infrastructure: Containers, Kubernetes and More|https://containerjournal.com/2019/04/23/modernizing-infrastructure-containers-kubernetes-and%e2%80%8a-%e2%80%8amore/]]|Containers|
|2019.04.23|Healthcare IY News|[[IoT and cloud adoption will boost cybersecurity investments toward $8.7B by 2023|https://www.healthcareitnews.com/news/iot-and-cloud-adoption-will-boost-cybersecurity-investments-toward-87b-2023]]|Report|
|2019.04.23|//DarkTrace//|![[Software as a Security nightmare: The risks of collaboration on the cloud|https://www.darktrace.com/en/blog/software-as-a-security-nightmare-the-risks-of-collaboration-on-the-cloud/]]|Risks|
|2019.04.23|//PaloAlto Networks//|[[Six Essentials for Your Cloud Security Program|https://blog.paloaltonetworks.com/2019/04/six-essentials-cloud-security-program/]]|Misc|
|2019.04.23|//NetSkope//|[[A Malicious Sight in Google Sites|https://www.netskope.com/blog/malicious-google-sites]]|Malware GCP|
|>|!|>||
|2019.04.22|//BitDefender//[>img[iCSF/flag_fr.png]]|[[Les points clés pour sécuriser le Cloud hybride, efficacement, facilement et au bon coût|http://globbsecurity.fr/les-points-cles-pour-securiser-le-cloud-hybride-efficacement-facilement-et-au-bon-cout-45391/]]|Hybrids|
|2019.04.22|GBHackers|[[Most Important Key Factors Organizations Should Consider in Implementing the Cloud Security Solutions|https://gbhackers.com/key-factors-cloud-security-solutions/]]|Implement|
|2019.04.22|Bleeping Computer|[[Office 365 Custom Rules to Block Azure Blob Storage Phishing Attacks|https://www.bleepingcomputer.com/news/security/office-365-custom-rules-to-block-azure-blob-storage-phishing-attacks/]]|Azure O365 Phishing|
|2019.04.22|Datamation|[[8 Top Cloud Security Solutions|https://www.datamation.com/cloud-computing/top-cloud-security-solutions.html]]|Solutions|
|2019.04.22|//Microsoft//|[[Detecting threats targeting containers with Azure Security Center|https://azure.microsoft.com/en-us/blog/detecting-threats-targeting-containers-with-azure-security-center/]]|Detection Containers|
|2019.04.22|//McAfee//|[[Our PaaS App Sprung a Leak|https://securingtomorrow.mcafee.com/business/cloud-security/our-paas-app-sprung-a-leak/]]|PaaS Best_Practices|
|2019.04.22|//NeuVector//|[[Using Admission Control to Prevent Unauthorized or Vulnerable Image Deployments in Kubernetes|https://neuvector.com/container-security/kubernetes-admission-control/]]|K8s|
|2019.04.22|//Lacework//|![[Top 10 Threats to Cloud Security: AWS Security Week New York|https://www.lacework.com/top-threats-to-cloud-security/]] ([[présentation|https://www.slideshare.net/Lacework/lacework-top-10-cloud-security-threats]])|Threats|
|2019.04.22|//Aporeto//|[[Application-aware Security for Cloud-native Applications|https://www.aporeto.com/blog/application-aware-security-for-cloud-native-applications/]]|Misc|
!"CSA on This Millennium Alliance Podcast"
[>img(200px,auto)[iCSA_/CSA-Podcast-TMA.png]]Article de blog publié le 26 avril 2019 — Rédigé par Cara Bernstein, Manager/Executive Education Partnerships, The Millennium Alliance.
<<<
Ce podcast concerne la Cloud Security Alliance, un partenaire de ''The Millennium Alliance''. Nous nous sommes entretenus avec Vince Campitelli et Jon-Michael C. Brook qui co-président le [[Groupe de Travail - Top Threats]] afin de discuter des travaux de la CSA, des principales menaces qu'il est nécessaire d'adresser, et comment construire une équipe de cyber-sécurité.
<<<
⇒ Lire [[l'article|https://blog.cloudsecurityalliance.org/2019/04/26/csa-millennium-alliance-podcast/]] sur le blog de la CSA.
⇒ Ecouter [[le podcast|https://podcasts.apple.com/us/podcast/millennium-live-a-digital-diary-podcast/id1444755723?mt=2]]
⇒ Le site de "The Millennium Alliance" → https://mill-all.com/
!Open Certification Framework Working Group Charter
Charte du groupe de travail "Open Certification Framework" (OCF)[>img(100px,auto)[iCSA/CSAdoc.png]]
<<<
//The CSA Open Certification Framework (OCF) is an industry initiative to allow global, trusted independent evaluation of cloud providers. It is a program for flexible, incremental and multi-layered cloud provider certification and/or attestation according to the Cloud Security Alliance's industry leading security guidance and control framework.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j4po|https://cloudsecurityalliance.fr/go/j4po/]]''
!Hybrid Cloud Security Services Charter
Charte du groupe de travail "Hybrid Cloud Security Services"[>img(100px,auto)[iCSA/CSAdoc.png]]
<<<
//This initiative aims to develop a security white paper specifying hybrid cloud security risks and countermeasures, helping users identify and reduce the risks. This initiative proposes to provide hybrid cloud security evaluation suggestions, guiding both users and cloud service providers to choose and provide secure hybrid cloud solutions, and promoting security planning and implementation.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j4ph|https://cloudsecurityalliance.fr/go/j4ph/]]''
|!Avril|!Sources|!Titres et Liens|!Synthèses|
|2019.04.23|CSA|[[Cloud Security Alliance Announces Federal Summit 2019 Speaker Line-up|https://cloudsecurityalliance.org/articles/cloud-security-alliance-announces-federal-summit-2019-speaker-line-up/]]|Former U.S. CIO Vivek Kundra to share his experience leading change across the U.S. government, the world's largest consumer of information technology|
!!1 - Informations CSA de la semaine du 15 au 21 avril 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Rien de notable
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.04.21 - Veille Hebdomadaire - 21 avril]] avec 16 liens :
* Réponse aux incidents dans Azure+++^*[»]
|2019.04.18|//Microsoft//|![[Azure resources to assess risk and compliance|https://azure.microsoft.com/en-us/blog/azure-resources-to-assess-risk-and-compliance/]]|Risks Compliance Assessment|
===
* Analyse des journaux Azure AD+++^*[»]
|2019.04.18|//Microsoft Azure//|![[Analyze Azure AD activity logs with Azure Monitor logs|https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-analyze-activity-logs-log-analytics]] |AzureAD Monitoring Logging|
===
* Environnements Azure dédiés à la sphère étatique+++^*[»]
|2019.04.17|//Microsoft//|[[Announcing Azure Government Secret private preview and expansion of DoD IL5|https://azure.microsoft.com/en-us/blog/announcing-azure-government-secret-private-preview-and-expansion-of-dod-il5/]]|Azure GovCloud|
|2019.04.18|The Register| → [[We reveal what's inside Microsoft's Azure Govt Secret regions...|https://www.theregister.co.uk/2019/04/18/microsoft_secret_spy_data_centers/]]|Azure GovCloud|
===
* Kubernetes : monter un environnement de test, politiques réseau, et architecture+++^*[»]
|2019.04.16|!Marco Lancini |![[Deploy Your Own Kubernetes Lab|https://www.marcolancini.it/2019/blog-deploy-kubernetes-lab]] |K8s Lab|
|2019.04.19|Cloud Native Computing Foundation|![[Setting up Kubernetes Network Policies - A Detailed Guide|https://www.cncf.io/blog/2019/04/19/setting-up-kubernetes-network-policies-a-detailed-guide/]]|K8s Best_Practices|
|2019.04.18|//Threat Stack//|[[50 Best Kubernetes Architecture Tutorials|https://www.threatstack.com/blog/50-best-kubernetes-architecture-tutorials]]|K8s|
===
!!3 - Agenda
* L'appel à présentations pour le ''CSA Congress EMEA'' — les 20 et 21 novembre 2019 à Berlin — est ouvert jusqu'au 28 juin.+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
|!Avril|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.04.20|
|2019.04.20|//JumpCloud//|[[GCP™ Active Directory®|https://jumpcloud.com/blog/gcp-active-directory/]]|GCP Active_Directory|
|>|>|>|!2019.04.19|
|2019.04.19|Cloud Native Computing Foundation|![[Setting up Kubernetes Network Policies - A Detailed Guide|https://www.cncf.io/blog/2019/04/19/setting-up-kubernetes-network-policies-a-detailed-guide/]]|K8s Best_Practices|
|2019.04.19|Cloud Native Computing Foundation|[[Simplifying Microservices Security With A Service Mesh|https://www.cncf.io/blog/2019/04/25/simplifying-microservices-security-with-a-service-mesh/]]|MicroServices|
|2019.04.19|//TrendMicro//|[[New Report Finds 25% of Phishing Attacks Circumvent Office 365 Security|https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/new-report-finds-25-of-phishing-attacks-circumvent-office-365-security]]|Report O365|
|2019.04.19|//Microsoft Azure//|[[Azure Security Best Practices | Microsoft Azure|https://azure.microsoft.com/resources/security-best-practices-for-azure-solutions]] |Security best practices for Azure solutions is a collection of the security best practices found in the articles listed above.|
|2019.03.31|Chris Farris|![[Creating a Cloud Security Standard|https://www.chrisfarris.com/post/cloud-security-standard/]] |Standards|
|2019.03.01|blog.trendmicro.com|[[Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware|https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-docker-control-api-and-community-image-abused-to-deliver-cryptocurrency-mining-malware/]] |Docker Attack|
|2018.05.21|//FireEye//|[[Shining a Light on OAuth Abuse with PwnAuth|https://www.fireeye.com/blog/threat-research/2018/05/shining-a-light-on-oauth-abuse-with-pwnauth.html]] |OAuth Attacks|
|2017.12.20|//Rhino Security Labs//|[[Azure Security Vulnerabilities and Pentesting|https://rhinosecuritylabs.com/cloud-security/common-azure-security-vulnerabilities/]]|Azure Risks|
|2017.10.28|//Virtue Security//|[[|https://www.virtuesecurity.com/aws-penetration-testing-part-2-s3-iam-ec2/]] |AWS PenTest (2/2)|
|2017.10.28|//Virtue Security//|[[|https://www.virtuesecurity.com/aws-penetration-testing-part-1-s3-buckets/]] |AWS PenTest (1/2)|
|2017.05.15|//Rhino Security Labs//|[[Penetration Testing Amazon Web Services (AWS)|https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/]]|Pentesting|
|2013.09.05|//Recorded Future//|![[Monitoring the Future of Cloud Computing|https://www.recordedfuture.com/cloud-computing-future/]] |Risks|
|>|>|>|!2019.04.18|
|2019.04.18|Bleeping Computer|[[Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data|https://www.bleepingcomputer.com/news/security/unsecured-databases-leak-60-million-records-of-scraped-linkedin-data/]]|DataLeak LinkedIn|
|2019.04.18|Help Net Security|[[Microsoft 365 security: Protecting users from an ever-evolving threat landscape|https://www.helpnetsecurity.com/2019/04/18/microsoft-365-security/]]|O365|
|2019.04.18|Forensic Focus|[[Obtaining Critical Real-Time Evidence From The Cloud|https://www.forensicfocus.com/News/article/sid=3437/]] ([[webinar|https://www.forensicfocus.com/c/aid=312/webinars/2019/obtaining-critical-real-time-evidence-from-the-cloud/]] et [[vidéo|http://www.youtube.com/watch?v=d0RIYOtsplk]])|Forensics|
|2019.04.18|Dark Reading|[[Cloud Security Spend Set to Reach $12.6B by 2023|https://www.darkreading.com/cloud/cloud-security-spend-set-to-reach-$126b-by-2023/d/d-id/1334473]]|Misc|
|2019.04.18|//Microsoft//|![[Azure resources to assess risk and compliance|https://azure.microsoft.com/en-us/blog/azure-resources-to-assess-risk-and-compliance/]]|Risks Compliance Assessment|
|2019.04.18|//WhiteSource//|[[Docker Image Security Scanning: What It Can and Can't Do|https://resources.whitesourcesoftware.com/blog-whitesource/docker-image-security-scanning]]|Docker|
|2019.04.18|//Microsoft Azure//|![[Microsoft Azure Security Response in the Cloud (pdf)|https://aka.ms/SecurityResponsepaper]] |Incident_Response|
|2019.04.18|//Microsoft Azure//|![[Analyze Azure AD activity logs with Azure Monitor logs|https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-analyze-activity-logs-log-analytics]] |AzureAD Monitoring Logging|
|2019.04.18|//Threat Stack//|[[50 Best Kubernetes Architecture Tutorials|https://www.threatstack.com/blog/50-best-kubernetes-architecture-tutorials]]|K8s|
|2019.04.18|//Swimlane//|[[Understanding Microsoft's OAuth2 implementation - Part 2: Registering an application|https://swimlane.com/blog/microsoft-oauth2-implementation-2/]] (2/3)|OAuth2|
|2019.04.18|//Radware//|[[How to Prevent Real-Time API Abuse|https://blog.radware.com/security/applicationsecurity/2019/04/how-to-prevent-real-time-api-abuse/]]|API|
|2019.04.18|//ParkMyCloud//|[[AWS IAM User vs IAM Role for Secure SaaS Cloud Management|https://www.parkmycloud.com/blog/aws-iam/]]|AWS IAM SaaS|
|>|>|>|!2019.04.17|
|2019.04.17|Solutions Review|[[Managed Cloud Services: The Benefits of Outsourcing Cloud Management|https://solutionsreview.com/cloud-platforms/managed-cloud-services-the-benefits-of-outsourcing-cloud-management/]]|Outsourcing|
|2019.04.17|Container Journal|[[Centralizing Container and Kubernetes Management|https://containerjournal.com/2019/04/17/centralizing-container-and-kubernetes-management/]]|K8s|
|2019.04.17|Golem.de|[[Microsoft loses control over Windows Tiles|https://www.golem.de/news/subdomain-takeover-microsoft-loses-control-over-windows-tiles-1904-140717.html]]|AWS Flaws|
|2019.04.17|TheHackerNews|[[Researcher Hijacks a Microsoft Service Using Loophole in Azure Cloud Platform|https://thehackernews.com/2019/04/subdomain-microsoft-azure.html]]|AWS Flaws|
|2019.04.17|//Microsoft//|[[Announcing Azure Government Secret private preview and expansion of DoD IL5|https://azure.microsoft.com/en-us/blog/announcing-azure-government-secret-private-preview-and-expansion-of-dod-il5/]]|Azure GovCloud|
|2019.04.18|The Register| → [[We reveal what's inside Microsoft's Azure Govt Secret regions...|https://www.theregister.co.uk/2019/04/18/microsoft_secret_spy_data_centers/]]|Azure GovCloud|
|2019.04.17|//Fugue//|[[Shifting Left on Cloud Security and Compliance|https://www.fugue.co/blog/shifting-left-on-cloud-security-and-compliance]] (1/3)|Risks|
|2019.04.17|//FireEye//|[[Top Five Cloud Security Myths Debunked|https://www.fireeye.com/blog/products-and-services/2019/04/top-five-cloud-security-myths-debunked.html]] ([[ebook|https://content.fireeye.com/top-5-cloud/eb-top-5-cloud-security-myths]] et [[rapport 2019|https://content.fireeye.com/predictions/rpt-security-predictions-2019]])|Misc|
|2019.04.17|//Blissfully//|[[Why Your Company Needs a SaaS System of Record|https://www.blissfully.com/blog/why-your-company-needs-a-saas-system-of-record/]]|SaaS|
|2019.04.17|//Snyk//|[[Shifting Docker security left|https://snyk.io/blog/shifting-docker-security-left/]]|Report Docker|
|2019.04.17|SANS|[[How to Build a Security Visibility Strategy in the Cloud|https://www.sans.org/reading-room/whitepapers/analyst/build-security-visibility-strategy-cloud-38903]]|Analysis Misc.|
|>|>|>|!2019.04.16|
|2019.04.16|!Marco Lancini |![[Deploy Your Own Kubernetes Lab|https://www.marcolancini.it/2019/blog-deploy-kubernetes-lab]] |K8s Lab|
|2019.04.16|//Appriver//|[[Two Ongoing Phishing Campaigns Using Microsoft's Azure Blob Storage|https://blog.appriver.com/two-ongoing-phishing-campaigns-using-microsofts-azure-blob-storage]]|Phishing Azure|
|2019.04.16|//ParkMyCloud//|[[Why the Principle of Least Privilege is Important for SaaS-based Cloud Management|https://www.parkmycloud.com/blog/principle-of-least-privilege/]]|SaaS|
|2019.04.16|//NetSkope//|[[Top 6 Questions to Ask Your Cloud DLP Vendor: Public Cloud|https://www.netskope.com/blog/top-6-questions-to-ask-your-cloud-dlp-vendor-public-cloud]] ([[ebook|https://resources.netskope.com/ebooks/top-6-questions-to-ask-your-cloud-dlp-vendor]])|DLP|
|2019.04.16|//GoDaddy//|[[Kubernetes External Secrets|https://godaddy.github.io/engineering/2019/04/16/kubernetes-external-secrets/]]|K8s Secrets|
|2019.04.16|//Rancher Labs//|[[Comparison of Container Operating Systems (Container OS)|https://rancher.com/blog/2019/comparison-of-container-operating-systems/]]|Containers|
|>|>|>|!2019.04.15|
|2019.04.15|TechRepublic|[[Google Cloud Platform: A cheat sheet|https://www.techrepublic.com/article/google-cloud-platform-the-smart-persons-guide/]]|GCP|
|2019.04.15|//CloudPassage//|[[Securing your Azure Storage accounts|https://blog.cloudpassage.com/2019/04/15/securing-your-azure-storage-accounts/]]|Storage|
|2019.04.15|//Lacework//|[[Cryptojacking Campaign Targets Exposed Kubernetes Clusters|https://www.lacework.com/cryptojacking-targets-exposed-kubernetes-clusters/]]|CryptoJacking|
!"CCSK Success Stories: From a Data Privacy Consultant"
[>img(200px,auto)[iCSA/H8UBCCSK.png]]Article de blog publié le 16 avril 2019 — Rédigé par la CSA Education Team
<<<
[...]
//__Qu'est-ce qui vous a conduit à la sécurité du Cloud ? Qu'est-ce qui vous a décidé à passer votre CCSK ?__
[...] Une fois que j'ai décidé de me mettre à la sécurité du Cloud, j'ai pensé que CCSK était le bon point de départ pour me lancer dans l'apprentissage des concepts, car il couvre les fondements de scénarios réels et complexes de mise en œuvre, la migration, les problèmes d'adoption, l'évaluation du Cloud, etc.
__Pourriez-vous nous expliquer en quoi le matériel abordé dans l'examen a été utile à cet égard ?__
Bien sûr, comme nous le savons tous, la CCSK n'est pas un examen spécifique, lié aux produits Cloud. Je pense plutôt que l'intention de cet examen est d'évaluer dans quelle mesure les éléments ou domaines clés des modèles/services dans le Cloud sont bien compris par les candidats. Par conséquent, cet examen s'attend à ce que vous soyez au courant de domaines tels que la gouvernance, les challenges juridiques, la réponse aux incidents, la conformité et la gestion des risques, qui sont fondamentaux et stimulants dans l'adoption du Cloud, pour tous les acteurs du Cloud.//
[...]
//__Y a-t-il eu des sujets plus délicats que d'autres dans cet examen ?__
J'ai trouvé que les aspects réglementaires et de conformité, et le traitement des incidents étaient très intéressants. D'une part parce que ces domaines posent des défis différents aux services Cloud, principalement en détaillant les rôles, les responsabilités et les limites tant pour les consommateurs que pour les prestataires de services.
__Que conseillez-vous aux personnes qui envisagent de passer leur CCSK ?__
Je leur conseille vivement de considérer cet examen comme un cours de base et de l'utiliser comme un tremplin vers l'univers de la sécurité du Cloud. Le CCSK ne se sera pas simplement un critère distinctif une fois que vous serez certifié : il vous aidera à naviguer quel que soit votre rôle (consommateur, prestataire, fournisseur, ou consultant).//
[...]
<<<
⇒ Lire [[la suite|https://blog.cloudsecurityalliance.org/2019/04/16/ccsk-success-data-privacy-consultant/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 8 au 14 avril 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Appels à Commentaires sur 3 documents CSA portant sur la sécurisation des ''containers'' et des ''micro-services'', et la ''Blockchain''+++*[»]> <<tiddler [[2019.04.12 - Appel à commentaires en cours sur 3 documents CSA]]>>===
* Publication des 2 chartes de groupes de travail CSA : ''SecaaS''+++*[»]> <<tiddler [[2019.04.09 - Publication : SecaaS Working Group Charter]]>>=== et ''Cloud Key Management''+++*[»]> <<tiddler [[2019.04.09 - Publication : Cloud Key Management Charter]]>>===
* Une analyse du document "''AWS Security Maturity Roadmap''" de ''Scott Piper''
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.04.14 - Veille Hebdomadaire - 14 avril]] avec 55 liens :
* les aspects sécurité abordés lors de la conférence Next'19 de Google
* l'évolution des attaques dans le Cloud
* du phishing ''Office 365'' et des attaques de phihsing
* sur ''Azure AD'' et la journalisation
* des rapports de //Avanan//, //CynergisTek//, //Netskope//, et //Sophos//
!!3 - Agenda
* L'appel à présentations pour le ''CSA Congress EMEA'' — les 20 et 21 novembre 2019 à Berlin — est ouvert jusqu'au 28 juin.+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2019.04.13|Hacking Exposed|[[For Dropbox Audit logs what all data can you determine about someone who was logged in? What allows you to unique identify a file?|https://www.hecfblog.com/2019/04/daily-blog-660-solution-saturday-41319.html]]|Dropbox Forensics|
|2019.04.13|TechCrunch|[[Microsoft: Hackers compromised support agent's credentials to access customer email accounts|https://techcrunch.com/2019/04/13/microsoft-support-agent-email-hack/]]|Compromise|
|2019.04.13|Ponde Rosa|[[Secure Secrets in Docker Builds|https://ponderosa.io/blog/docker/2019/04/13/secrets-in-docker-builds/]]|Docker|
|2019.04.13|//Cloud Academy//|[[S3 FTP: Build a Reliable and Inexpensive FTP Server Using Amazon's S3|https://cloudacademy.com/blog/s3-ftp-server/]]|Networks|
|>|!|>||
|2019.04.12|Dark Reading|[[8 'SOC-as-a-Service' Offerings|https://www.darkreading.com/cloud/8-soc-as-a-service-offerings-/d/d-id/1334398]]|SecaaS|
|2019.04.12|Dark Reading|[[Cloudy with a Chance of Security Breach|https://www.darkreading.com/cloud/cloudy-with-a-chance-of-security-breach-/a/d-id/1334354]]|Breach|
|2019.04.12|Medium|[[Mitigating Account Discovery (T1087) in Office 365/Azure AD|https://medium.com/@mvelazco/mitigating-account-discovery-t1087-in-office-365-azure-ad-eae08fef9b7a]]|O365 AzureAD|
|2019.04.12|//CommVault//[>img[iCSF/flag_fr.png]]|[[5 étapes pour rationaliser la protection des données multi-cloud|https://www.globalsecuritymag.fr/5-etapes-pour-rationaliser-la,20190411,86137.html]]|Multi_Cloud|
|>|!|>||
|2019.04.11|Dejan Zelic|![[The Danger of Exposing Docker.Sock|https://dejandayoff.com/the-danger-of-exposing-docker.sock/]]|AWS DNS Exfiltration|
|2019.04.11|//Google Cloud//|[[Day 3 at Next '19: A look back at an amazing week|https://cloud.google.com/blog/topics/inside-google-cloud/next19-recap-day3]] ([[podcast|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.172.mp3]])|Conference Next|
|2019.04.11|SecurityWeek|[[Many New Security Features, Services Added to Google Cloud|https://www.securityweek.com/many-new-security-features-services-added-google-cloud]]|GCP|
|2019.04.11|//Gartner//|![[Does Fake Cloud Matter?|https://blogs.gartner.com/anton-chuvakin/2019/04/11/does-fake-cloud-matter/]]|Perception|
|2019.04.11|//Microsoft//|[[How to stay on top of Azure best practices|https://azure.microsoft.com/en-us/blog/how-to-stay-on-top-of-azure-best-practices/]]|Best_Practices|
|2019.04.11|//Microsoft//|[[Azure AD Security Recommendations and the Customer Stories That Prove It (pdf)|https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1554995338.pdf]]|Best_Practices|
|2019.04.11|//CynergisTek//|[[CynergisTek's Report Reveals Continued Challenges from Healthcare Organizations on Cybersecurity Preparation|https://insights.cynergistek.com/news/cynergistek-s-report-reveals-continued-challenges-from-healthcare-organizations-on-cybersecurity-preparation]] ([[rapport|https://insights.cynergistek.com/reports/2019-healthcare-cybersecurity-privacy-report]])|Report HealthCare|
|2019.04.12|HITInfrastructure| → [[Network, Cloud Monitoring Is Healthcare Cybersecurity Challenge|https://hitinfrastructure.com/news/network-cloud-monitoring-is-healthcare-cybersecurity-challenge]]|Report HealthCare|
|2019.04.11|//Aqua Security//|[[Security Configuration Benchmarks for Kubernetes|https://blog.aquasec.com/kubernetes-security-cis-benchmarks]]|K8s CIS Benchmark|
|>|!|>||
|2019.04.10|Alex DeBrie|![[A Detailed Overview of AWS API Gateway|https://www.alexdebrie.com/posts/api-gateway-elements/]] |AWS APIs|
|2019.04.10|DZone|[[Tools, Tips, And Tricks To Working With AWS|https://dzone.com/articles/tools-tips-and-tricks-to-working-with-aws]]|AWS Tools|
|2019.04.10|TechRadar|[[Cloud security and the evolution of attack methods|https://www.techradar.com/news/cloud-security-and-the-evolution-of-attack-methods]]|Attacks|
|2019.04.10|//Summit Route//|![[AWS Security Maturity Roadmap|https://summitroute.com/blog/2019/04/10/aws_security_maturity_roadmap/]] ([[Document|https://summitroute.com/downloads/archive/aws_security_maturity_roadmap-Summit_Route_2019.pdf]])|AWS Maturity|
|2019.04.10|//Google Cloud//|[[Day 2 at Next '19: Working smarter, better, and more securely in the cloud|https://cloud.google.com/blog/topics/inside-google-cloud/day-2-next-19-working-smarter-better-and-more-securely-cloud]] ([[podcast|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.171.mp3]])|Conference Next|
|2019.04.10|Container Journal|[[The Evolution of Container Security|https://containerjournal.com/2019/04/10/the-evolution-of-container-security/]]|Containers|
|2019.04.10|//Avanan//|[[New Research Reveals that One Quarter of Phishing Emails Bypass Office 365 Security|https://www.avanan.com/resources/press-release-avanan-global-phish-report]] ([[téléchrgement|https://www.avanan.com/Global-Phish-Report]])|Report Phishing O365|
|2019.04.10|Bleeping Computer| → [[25% of Phishing Emails Bypass Office 365 Default Security|https://www.bleepingcomputer.com/news/security/25-percent-of-phishing-emails-bypass-office-365-default-security/]]|Report Phishing O365|
|2019.04.10|//Google Cloud//|[[Simplifying identity and access management of your employees, partners, and customers|https://cloud.google.com/blog/products/identity-security/simplifying-identity-and-access-management-of-your-employees-partners-and-customers]]|GCP IAM|
|2019.04.10|//Google Cloud//|[[Increasing trust in Google Cloud: visibility, control and automation|https://cloud.google.com/blog/products/identity-security/increasing-trust-in-google-cloud-visibility-control-and-automation]]|Trust|
|2019.04.10|Silicon Angle| → [[Google announces a raft of new products to enhance cloud security|https://siliconangle.com/2019/04/10/google-announces-range-new-products-enhance-cloud-security/]]|GCP|
|2019.04.10|//PaloAlto Networks//|[[Applying Zero Trust to Google Cloud Environments|https://researchcenter.paloaltonetworks.com/2019/04/beyondcorp/]]|Zero_Trust GCP|
|2019.04.10|//ThreatStack//|[[Go Behind the Scenes of a Docker Cryptojacking Attack|https://www.threatstack.com/blog/go-behind-the-scenes-of-a-docker-cryptojacking-attack]]|Attacks Docker CryptoMining|
|2019.04.10|//Microsoft//|![[Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability|https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/]]|Attacks O365 CVE-2018-20250|
|2019.04.10|Beeping Computer| → [[Office 365 Team Discovers Phishing Email Pushing WinRAR Exploit|https://www.bleepingcomputer.com/news/security/office-365-team-discovers-phishing-email-pushing-winrar-exploit/]]|Attacks O365 CVE-2018-20250|
|2019.04.10|BetaNews|[[Securing serverless computing, the latest cloud paradigm|https://betanews.com/2019/04/10/securing-serverless-computing-qa/]]|Serverless|
|2019.04.10|BetaNews|[[PC-as-a-Service or managed device services? The difference matters|https://betanews.com/2019/04/10/pc-as-a-service-or-managed-device-services/]]|Misc|
|2019.04.10|Defense One|[[CIA Considering Cloud Contract Worth 'Tens of Billions' |https://www.defenseone.com/technology/2019/04/cia-considering-cloud-contract-worth-tens-billions/156222/]]|Sovereign_Cloud|
|2019.04.10|//Druva//|![[Wake-up Call: Ransomware Makes Cloud DR More Essential Than Ever|https://www.druva.com/blog/wake-up-call-ransomware-makes-cloud-dr-more-essential-than-ever/]]|Ransomware DRP|
|2019.04.10|//Radware//|[[Anatomy of a Cloud-Native Data Breach|https://blog.radware.com/security/cloudsecurity/2019/04/anatomy-of-a-cloud-native-data-breach/]]|Attacks|
|2019.04.10|//Nviso Labs//|[[Azure Security Logging - part I: defining your logging strategy|https://blog.nviso.be/2019/04/10/azure-security-logging-part-i-defining-you-logging-strategy/]]|Azure Logging|
|>|!|>||
|2019.04.09|//Google Cloud//|[[Day 1 at Next '19: Hybrid cloud, full-stack serverless, open-source partnerships, and more|https://cloud.google.com/blog/topics/inside-google-cloud/next19-recap-day1]] ([[podcast|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.170.mp3]])|Conference Next|
|2019.04.09|Silicon Angle| → [[Day one wrap at Next: Multicloud stars as Google Cloud opens up its strategy|https://siliconangle.com/2019/04/09/day-one-wrap-next-multicloud-stars-google-cloud-opens-strategy/]]|Conference Next|
|2019.04.09|Silicon Angle| → [[Analysis: At Next, Google stakes new ground in multicloud computing|https://siliconangle.com/2019/04/09/analysis-next-google-stakes-new-ground-hybrid-cloud-computing/]]|Conference Next|
|2019.04.09|Silicon Angle| → [[Google Cloud unveils Anthos, while questions on enterprise strategy and acquisitions remain|https://siliconangle.com/2019/04/09/google-cloud-unveils-anthos-questions-enterprise-strategy-acquisitions-remain/]]|Conference Next Anthos|
|2019.04.09|Silicon Angle| → [[Google Anthos, Google's Hybrid Cloud Platform, Is Now Available|https://solutionsreview.com/cloud-platforms/google-anthos-googles-hybrid-cloud-platform-is-now-available/]]|Conference Next Anthos|
|2019.04.09|DevOps.com| → [[Google Revamps Hybrid Cloud Strategy|https://devops.com/google-revamps-hybrid-cloud-strategy/]]|Conference Next Anthos|
|2019.04.09|Container Journal|[[Kubernetes and the Challenge of Federation|https://containerjournal.com/2019/04/09/kubernetes-and-the-challenge-of-federation/]]|Containers Kubernetes|
|2019.04.09|9to5Google|[[Google Cloud announces new regions, open source partnerships, Cloud Run, and Anthos|https://9to5google.com/2019/04/09/cloud-next-2019-day-1/]]|Anthos|
|2019.04.09|ComputerWeekly|[[Google rebrands Cloud Services Platform and adds multi-cloud support for AWS and Azure users|https://www.computerweekly.com/news/252461320/Google-Cloud-Services-Platform-undergoes-multi-cloud-revamp-to-add-support-for-AWS-and-Azure-users]]|GCP Anthos|
|2019.04.09|//disrupt:Ops//|![[Cloud Security CoE Organizational Models|https://disruptops.com/cloud-security-coe-organizational-models/]]|Best Practices|
|2019.04.09|//Lacework//|[[The New School of Security: Using the Cloud to Secure the Cloud|https://www.lacework.com/using-cloud-to-secure-cloud/]]|Misc|
|2019.04.09|//Backblaze//|[[3-2-1 Backup Best Practices Using the Cloud|https://www.backblaze.com/blog/3-2-1-backup-best-practices-using-the-cloud/]]|Backups|
|2019.04.09|//PaloAlto Networks//|[[8 Google Cloud Security Best Practices|https://researchcenter.paloaltonetworks.com/2019/04/8-google-cloud-security-best-practices/]]|Best_Practices|
|2019.04.09|//TrendMicro//|[[Hit the Easy Button for Your Organization's Gmail Security|https://blog.trendmicro.com/hit-the-easy-button-for-your-organizations-gmail-security/]]|Misc|
|2019.04.09|//IBM//|[[Is Cloud Business Moving too Fast for Cloud Security?|https://securityintelligence.com/is-cloud-business-moving-too-fast-for-cloud-security/]]|Risks|
|2019.04.09|//Microsoft//|![[How to stay informed about Azure service issues|https://azure.microsoft.com/en-us/blog/how-to-stay-informed-about-azure-service-issues/]]|Monitor|
|2019.04.09|//Slack//|[[Increase everyday productivity with Office 365 apps for Slack|https://slackhq.com/increase-everyday-productivity-with-office-365-apps-for-slack]]|Slack O365|
|2019.04.09|//Armor//|![[Cybersecurity Best Practices: Third Party Vendor Partnerships|https://www.armor.com/blog/cybersecurity-best-practices-third-party-vendor-partnerships/]]|Best_Practices Third_Party|
|2019.04.09|//CloudPassage//|[[Do you have leaky S3 buckets?|https://blog.cloudpassage.com/2019/04/09/do-you-have-leaky-s3-buckets/]]|AWS Data_Leak|
|2019.04.09|//VDA Labs//|[[Docker for Hackers: From 'apt install docker-ce' to pwn in 10 minutes or less|https://www.vdalabs.com/2019/04/09/docker-for-hackers-from-apt-install-docker-ce-to-pwn-in-10-minutes-or-less/]]|PenTesting|
|2019.04.09|//Aporeto//|[[Why Using IP Addresses to Secure Applications is a Terrible Idea in the Cloud-Native Era|https://www.aporeto.com/blog/why-using-ip-addresses-to-secure-applications-is-a-terrible-idea-in-the-cloud-native-era/]]|Architecture|
|2019.04.09|Business 2 Community|[[7 Companies Who "Get" Security, and What We Can Learn From Them|https://www.business2community.com/cybersecurity/7-companies-who-get-security-and-what-we-can-learn-from-them-02187922]]|Misc|
|>|!|>||
|2019.04.08|TechSpective|[[Top Cloud Security Steps Every Business Needs to Keep up with the Evolution of Security|https://techspective.net/2019/04/08/top-cloud-security-steps-every-business-needs-to-keep-up-with-the-evolution-of-security/]]|CSA|
|2019.04.08|//Zscaler//|[[SD-WAN without a cloud firewall? Don't even think about it!|https://www.zscaler.com/blogs/corporate/sd-wan-without-cloud-firewall]]|SDWAN Firewall|
|2019.04.08|//Sophos//|![[Cybercriminals Attack Cloud Server Honeypot Within 52 Seconds, According to Sophos Global Report, "Exposed: Cyberattacks on Cloud Honeypots"|https://www.globenewswire.com/news-release/2019/04/09/1799753/0/en/Cybercriminals-Attack-Cloud-Server-Honeypot-Within-52-Seconds-According-to-Sophos-Global-Report-Exposed-Cyberattacks-on-Cloud-Honeypots.html]] ([[.pdf|https://www.sophos.com/en-us/medialibrary/PDFs/Whitepaper/sophos-exposed-cyberattacks-on-cloud-honeypots-wp.pdf]])|Report|
|2019.04.08|//Sophos//[>img[iCSF/flag_fr.png]]| → [[52 secondes suffisent pour qu'un Serveur Cloud se fasse attaquer par des cybercriminels, selon le rapport global de Sophos "Exposed Cyberattacks on Cloud Honeypots"|https://www.globalsecuritymag.fr/52-secondes-suffisent-pour-qu-un,20190409,86044.html]]|Report|
|2019.04.09|CBR Online| → [[A Tale of Two Honeypots: From Telnet to the Cloud|https://www.cbronline.com/news/honeypot-data]]|Report|
|2019.04.08|//Deloitte//|[[Attacking & Defending AWS S3 Bucket|https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1554718897.pdf]]|AWS Buckets|
|2019.04.08|//Netscope//|[[New report tackles the issues and opportunities of cloud security|https://resources.netskope.com/cloud-security-reports/2019-cloud-security-report]] ([[téléchargement|https://resources.netskope.com/cloud-security-reports/2019-cloud-security-report]])|Report|
|2019.04.08|//AlienVault//|![[Understanding "container security"|https://www.alienvault.com/blogs/security-essentials/understanding-container-security]]|Containers|
|2019.04.08|//Barracuda Networks//[>img[iCSF/flag_fr.png]]|[[Sauvegarde des données dans le cloud : les entreprises européennes doivent passer un cap|https://www.journaldunet.com/solutions/expert/70884/sauvegarde-des-donnees-dans-le-cloud---les-entreprises-europeennes-doivent-passer-un-cap.shtml]]|BackUps|
|2019.04.08|//Microsoft//|[[Azure Security Center exposes crypto miner campaign|https://azure.microsoft.com/en-us/blog/azure-security-center-exposes-crypto-miner-campaign/]]|CrryptoMining|
|2019.04.08|//IBM//|[[Why Encryption Is the Cornerstone of Your Cloud Security|https://securityintelligence.com/why-encryption-is-the-cornerstone-of-your-cloud-security/]]|Encrypt|
|2019.04.08|//Gartner//|[[G00356240: Market Guide for Cloud Workload Protection Platforms|https://www.gartner.com/doc/reprints?id=1-1OGJYJRA&ct=190904]]|Gartner|
!Publication du document 'AWS Security Maturity Roadmap' par Scott Piper / SummitRoute.com
Partant du constat que l'écosystème AWS était complexe et qu'il était difficile de savoir par quel bout aborder la problématique de la sécurité dans AWS, ''Scott Piper'' (+++*[»]> ''Scott Piper'' est un consultant en sécurité indépendant et expert AWS qui a créé sa société "Summit Route".
Il a notamment créé et développé :
* les plates-formes gratuites d'entrainement de type //CTF// (//Capture the Flag//) suivantes : ''flaws.cloud'' et ''flaws2.cloud''
** voir la rubrique "[[Outils]]", onglet "''Challenges''"
* les outils gratuits en open-source suivants : ''CloudMapper'' et ''CloudTracker'' avec la société //Duo Security//
** voir la rubrique "[[Outils]]", onglet "''GitHub''"
===) s'est décidé à rédiger un document de synthèse (9 pages).
Il décrit une feuille de route de maturité sécurité à la fois réaliste et déclinable en actions concrêtes.
Le principe est de permettre à une entreprise n'ayant pas de plan de sécurité dans AWS, d'atteindre un bon niveau de maturité sécurité, et celà, en 10 étapes :
# ''Inventaire des comptes AWS'' / //Inventory//
** constituer un annuaire dans les comptes AWS
** les intégrer dans //AWS Organizations//
** utiliser un compte "Sécurité" dédié à la gestion sécurité.
# ''Sauvegardes'' / //Have backups//
** constituer un environnement de sauvegarde décorrélé de celui de production
# ''Visibilité et automatisation basique'' / //Visibility and initial remediation//
** activer la journalisation //CloudTrail// et la gérer correctement
** permettre au compte "Sécurité" d'avoir une vue sur chaue compte
** lancer des outils d'analyse pour identifier les corrections à adopter
** activer //S3 Public Block Access//
** automatiser, même de façon simpliste, la création de comptes utilisateurs avec une configuration de sécurité adaptée.
# ''Détection'' / //Detection//
** activer //GuardDuty//
** analyser les journaux pour détecter des anomalies le plus rapidemment possible
** réaliser des sondages des comptes pour détecter des dysfonctionnemente ou des problèmes
** documenter les principes et règles de sécurité de l'entreprise
# ''Sécurisation de l'authentification'' / //Secure IAM access//
** utiliser un SSO pour les accès
** supprimer les comptes utilisateurs et privilégier les rôles
** auditer les rôles, et réduire les niveaux de privilèges au strict nécessaire
** détecter les secrets (exemple : les clés) laissés dans les données ou les espaces de travail
# ''Réduction de la surface d'attaque'' / //Network attack surface reduction//
** éviter les EC2s et les buckets S3 accessibles directement
** migrer toutes les ressources réseaux non publiques vers des sous réseaux privés et les protéger par des proxies
** utiliser des //Security Groups// nommés
# ''Réutilisation orchestrée et gestion de la chaine d'approvisionnement'' / //Reproducibility and supply chain management//
** controler l'origine des AMI (//Amazon Machine Images//) et des packages
** gérer les changement par IaC (//Infrastructure as code//)
# ''Implémentation de mécanismes de protection'' / //Enforce protections//
** appliquer les restrictions SCP (//Service Control Policies//)
** automatiser les actions correctrices
** améliorer les politiques IAM
# ''Défences avancées'' / //Advanced defense//
** restreindre les accès au service des métadonnées d'instance en 169.254.169.254
** filtrer les flux en entrée
** positionner des leurres pour mieux détecter les attaquants
# ''Anticipation des incidents'' / //Incident preparation//
** restreindre le périmètre impacté par un incident par la séparation des responsabilités et des droits
** s'exercer à la réponse à incidents
La bibliographie en bas de chaque page offre des liens vers des documents plus spécifiques ou des outils.
[img(25%,1px)[iCSF/BluePixel.gif]]
* Accès direct au document (format PDF) ⇒ ''[[CloudSecurityAlliance.fr/go/j4Ab/|https://CloudSecurityAlliance.fr/go/j4Ab/]]''
* Le blog de Scott Piper : https://summitroute.com/blog/
Les 3 appels à commentaires dont les dates de clôtures tombent dans les 3 semaines à venir sont les suivants :
* 22 avril : "Challenges in Securing Application Containers and Microservices"
> //Application containers and a microservices architecture are being used to design, develop and deploy applications leveraging agile software development approaches such as Development Operations. Security must be embedded into these software development approaches. This document serves to identify challenges in securing application containers and microservices in the engineering of trustworthy secure systems through the lens of the Developer, Operator and Architect//
** Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j4nc/|https://cloudsecurityalliance.fr/go/j4nc/]]'' /% j4nc https://docs.google.com/document/d/1ww9UkQYSEdlX3ojBwfK1y50CY16g1KTXKHQ7IsLRJrY/edit %/
* 22 avril : "Best Practices for Implementing a Secure Application Container Architecture"
> //Application containers and a microservices architecture are being used to design, develop and deploy applications leveraging agile software development approaches such as Development Operations. Security needs to be embedded into these software development approaches. This document serves to identify recommendations and best practices to address the challenges in securing application containers in the engineering of trustworthy secure systems through the lens of the Developer, Operator and Architect.//
** Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j4nb/|https://cloudsecurityalliance.fr/go/j4nb/]]'' /% j4nb https://docs.google.com/document/d/1IZBFwy09TCT4mj9qs6dKMNnssHLFZl843I3HHOQ4p3U/edit %/
* 2 mai : "Documentation of Relevant Distributed Ledger Technology and Blockchain Use Cases v2"
> //Thanks to the rise in popularity of Bitcoin cryptocurrency, the innovative technologies of Blockchain and other systems of distributed ledger technology (DLT) have proven their ability to increase security of data during transactions and provide immutable long-term data storage. This document provides several use cases for this DLT technology outside of cryptocurrencies.//
** Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j4ch/|https://cloudsecurityalliance.fr/go/j4ch/]]'' /% RealURL=https://docs.google.com/document/d/1Is7sFG1wKL49N0L5hyE5lWkCxfcGuuIXAQnrMnY6o1k/edit %/
!SecaaS Working Group Charter
Charte du groupe de travail sur la Sécurité éas a Service"[>img(100px,auto)[iCSA/CSAdoc.png]]
<<<
//In order to improve understanding, perception, and thus reputation, Security as a Service requires a clear definition and direction to ensure it is understood and to improve the adoption across industry sectors. This will ensure the market has a clear understanding of what SecaaS is, what it means, the services encompassed and how they can be implemented.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j49s/|https://cloudsecurityalliance.fr/go/j49s/]]''
!Cloud Key Management Charter
Charte du groupe de travail sur la gestion des clés[>img(100px,auto)[iCSA/CSAdoc.png]]
<<<
//The Cloud Key Management Working Group will facilitate the standards for seamless integration between CSPs and Key Broker vendor platforms. It will ensure that enterprise key policies are standardized and implemented in a consistent manner, and that standardization will take place across key management lifecycle operations and a common set of APIs.//
<<<
* Téléchargement (après inscription) ⇒ ''[[CloudSecurityAlliance.fr/go/j49k/|https://cloudsecurityalliance.fr/go/j49k/]]''
!!1 - Informations CSA de la semaine du 1er au 7 avril 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Appels à Commentaires sur des documents CSA sur la sécurisation des ''containers'' et des ''micro-services''+++*[»]> <<tiddler [[2019.03.29 - Appel à commentaires sur 3 documents CSA]]>>===
* Publication des slides présentées au [[Forum Securité@Cloud 2019|2019.03.21 - Forum Securité@Cloud 2019]]+++*[»]> <<tiddler [[2019.03.21 - Forum Securité@Cloud 2019]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.04.07 - Veille Hebdomadaire - 7 avril]] avec une cinquantaine de liens sur :
* La fuite de données détectée par la société ''UpGuard'' chez un prestataire de ''Facebook''
* ''Office 365'' avec du phishing, la perception et la réalité de la conformité et de la sécurité, et une étude ''Ponemon'' sur la protection des données.
* L'''ETSI'' publie 3 spécifications pour la signature numérique dans le Cloud
* Quelques réflexions sur le ''Brexit'' et le Cloud
!!3 - Agenda
* Des formations seront dispensées les 18 et 19 novembre 2019, en amont du ''CSA Congress EMEA'' qui aura lieu les 20 et 21 novembre 2019 à Berlin. L'appel à présentations est ouvert jusqu'au 28 juin.+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2019.04.07|SANS|[[Fake Office 365 Payment Information Update|https://isc.sans.edu/forums/diary/Fake+Office+365+Payment+Information+Update/24818/]]|O365 Phishing|
|>|!|>||
|2019.04.06|ZDnet|[[Dropbox uncovers 264 vulnerabilities in HackerOne Singapore bug hunt|https://www.zdnet.com/article/dropbox-uncovers-264-vulnerabilities-in-hackerone-singapore-bug-hunt/]]|Dropbox Vulns|
|>|!|>||
|2019.04.05|VMblog|[[Brexit and cloud technologies: What impact does it have on business?|http://vmblog.com/archive/2019/04/05/brexit-and-cloud-technologies-what-impact-does-it-have-on-business.aspx]]|Brexit|
|2019.04.05|DevOps.com|[[Effective Cloud Security Requires a Cloud-Native Mindset|https://devops.com/effective-cloud-security-requires-a-cloud-native-mindset/]]|Misc|
|2019.04.05|BetaNews|![[Why bare-metal containers are scaring VMware|https://betanews.com/2019/04/05/bare-metal-containers-vmware/]]|Containers VM|
|2019.04.05|//BitDefender//[>img[iCSF/flag_fr.png]]|[[Réflexions pour faire face aux cinq principales problématiques de sécurité dans le cloud|https://www.journaldunet.com/solutions/expert/70877/reflexions-pour-faire-face-aux-cinq-principales-problematiques-de-securite-dans-le-cloud.shtml]]|Best_Practices|
|2019.04.05|//CommVault//[>img[iCSF/flag_fr.png]]|[[5 étapes pour rationaliser la protection des données multi-cloud|https://www.journaldunet.com/solutions/expert/70881/5-etapes-pour-rationaliser-la-protection-des-donnees-multi-cloud.shtml]]|Multi_Cloud|
|2019.04.05|//ThreatPost//|[[Hackers Abuse Google Cloud Platform to Attack D-Link Routers|https://threatpost.com/hackers-abuse-google-cloud-platform-to-attack-d-link-routers/143492/]]|Attacks GCP|
|2019.04.05|//CloudCheckr//|[[Build Your Cloud Storage Strategy with These 6 Security Fundamentals|https://cloudcheckr.com/cloud-security/cloud-security-cloud-storage-strategy-security-fundamentals/]]|Storage|
|>|!|>||
|2019.04.04|Help Net Security|![[The security challenges that come with serverless computing|https://www.helpnetsecurity.com/2019/04/04/enterprise-serverless-security/]]|Serverless|
|2019.04.04|//Amazon//|![[AWS Secrets Manager is Now Available in the EU (Paris) Region|https://aws.amazon.com/about-aws/whats-new/2019/04/AWS-Secrets-Manager-is-Now-Available-in-the-EU-Paris-Region/]]|AWS|
|2019.04.04|//Amazon//|[[AWS Serverless Application Repository is Now Available in the EU (Paris) and EU (Stockholm) Regions|https://aws.amazon.com/about-aws/whats-new/2019/04/serverless-application-repository-now-available-in-new-regions/]]|AWS|
|2019.04.04|//Armor//|[[Learnings from Analysis of 11 Major Misconfiguration Incidents|https://www.armor.com/blog/learnings-from-analysis-of-11-major-misconfiguration-incidents/]]|Incidents|
|2019.04.04|//PureSec//|[[The Evolution of Application Security In The Serverless World|https://www.puresec.io/blog/the-evolution-of-application-security-in-the-serverless-world]]|Serverless|
|2019.04.04|//Blissfully//|[[5 Practical SaaS Vendor Management Tips for IT Leaders|https://www.blissfully.com/blog/5-practical-saas-vendor-management-tips-for-it-leaders/]]|SaaS|
|2019.04.04|//Cylent//|[[An Explorative Guide to the Google Cloud Certifications|https://caylent.com/guide-to-google-cloud-certifications/]]|Certification|
|2019.04.04|//Aporeto//|[[Application-aware Security, Part 1: Working in a Zero Trust Environment|https://www.aporeto.com/blog/application-aware-security-part-1-working-in-a-zero-trust-environment/]] (1/5)|Misc|
|>|!|>||
|2019.04.03|//UpGuard//|![[Losing Face: Two More Cases of Third-Party Facebook App Data Exposure|https://www.upguard.com/breaches/facebook-user-data-leak]]|DataLeak Facebook|
|2019.04.03|//Reuters//| → [[Facebook removes exposed user records stored on Amazon's servers|https://www.reuters.com/article/us-facebook-privacy/millions-of-facebook-records-found-on-amazon-cloud-servers-upguard-idUSKCN1RF2C0]]|DataLeak Facebook|
|2019.04.03|//Bloomberg//| → [[Millions of Facebook records found on Amazon cloud servers|https://www.bloomberg.com/news/articles/2019-04-03/millions-of-facebook-records-found-on-amazon-cloud-servers-ju1hde0w]]|DataLeak Facebook|
|2019.04.04|Dark Reading| → [[Third Parties in Spotlight as More Facebook Data Leaks|https://www.darkreading.com/vulnerabilities---threats/third-parties-in-spotlight-as-more-facebook-data-leaks/d/d-id/1334344]]|DataLeak Facebook|
|2019.04.03|Container Journal|[[The Differences Between Linux and Windows Containers|https://containerjournal.com/2019/04/03/the-differences-between-linux-and-windows-containers/]]|Containers|
|2019.04.03|Ponemon|![[Handle with Care: Protecting Sensitive Data in Microsoft SharePoint, Collaboration Tools and File Share Applications in US, UK and German Organizations|https://www.ponemon.org/news-2/75]]|Attacks Phishing O365|
|2019.04.03|//Vade Secure//| → [[Office 365 phishing attacks: How hackers get access to your business|https://betanews.com/2019/04/03/office-365-phishing-attacks/]]|Attacks Phishing O365|
|2019.04.03|//Microsoft//|[[Security attributes for Azure services|https://docs.microsoft.com/en-us/azure/security/common-security-attributes]]|Azure|
|2019.04.03|//Microsoft//|[[Extending Azure Security Center capabilities|https://azure.microsoft.com/en-us/blog/extending-azure-security-center-capabilities/]]|Azure Monitor|
|2019.04.03|//Microsoft//|[[Microsoft works toward IPv6-only single stack network|https://teamarin.net/2019/04/03/microsoft-works-toward-ipv6-only-single-stack-network/]]|IPv6|
|2019.04.03|//Microsoft//|[[General availability: Azure Log Analytics in France Central, Korea Central, North Europe|https://azure.microsoft.com/en-us/updates/azure-log-analytics-is-now-general-available-in-france-central-korea-central-north-europe/]]|Azure Logs|
|2019.04.03|//Bitglass//|[[Insider Threat Report 2019|https://pages.bitglass.com/FY19Q2ThreatbustersBitglass2019InsiderThreatReport_LP.html]]|Report|
|2019.04.03|//Bitglass//| → [[Prying Eyes Inside the Enterprise: Bitglass' Insider Threat Report|https://www.bitglass.com/blog/bitglass-insider-threat-report-2019]]|Report|
|2019.04.03|//Bitglass//[>img[iCSF/flag_fr.png]]| → [[Etude Bitglass 2019 Insider Threat : 41% des entreprises ne surveillent pas le comportement des utilisateurs à travers leur empreinte Cloud|https://www.globalsecuritymag.fr/Etude-Bitglass-2019-Insider-Threat,20190403,85911.html]]|Report|
|2019.04.03|//Palo Alto//|[[Fresh approach needed to reap cloud security benefits|https://www.computerweekly.com/news/252461027/Fresh-approach-needed-to-reap-cloud-security-benefits]]|Misc|
|2019.04.03|//Detectify//|[[Scaling up Security with DevOps and CI/CD practices|https://blog.detectify.com/2019/04/03/scale-up-security-in-devops-teams/]]|DevSecOps|
|>|!|>||
|2019.04.02|TechWire Asia|[[Why security concerns shouldn't halt your move to the cloud|https://techwireasia.com/2019/04/why-security-concerns-shouldnt-halt-your-move-to-the-cloud/]]|CSA Risks|
|2019.04.02|ETSI|![[ETSI releases three specifications for cloud-based digital signatures|https://www.etsi.org/newsroom/press-releases/1573-2019-04-etsi-releases-three-specifications-for-cloud-based-digital-signatures]]|Signature|
|2019.04.02|Cloud Signature Consortium| → [[Cloud Signature Consortium collaborates with ETSI to set the standard for interoperable, cloud-based digital signatures|https://cloudsignatureconsortium.org/2019/04/02/etsi-collaboration/]]|Signature|
|2019.04.02|CBR Online| → [[Europe Agrees New Cloud-Based Digital Signature Standard|https://www.cbronline.com/news/digital-signature-standard]]|Signature|
|2019.04.02|Spanning|[[Organizational Security & Compliance Practices in Office 365|https://spanning.com/resources/reports/organizational-security-compliance-practices-office-365/]] ([[rapport|http://go.spanning.com/rs/832-UFI-346/images/Organizational_Security_and_Compliance_Practices_in_Office_365.pdf]])|Report O365|
|2019.04.02|Professional Security Mag| → [[Microsoft Office 365 users surveyed|https://www.professionalsecurity.co.uk/products/cyber/microsoft-office-365-users-surveyed/]]|Report O365|
|2019.04.02|Computer Weekly|[[Cloud storage 101: Cloud gateways for hybrid cloud connectivity|https://www.computerweekly.com/feature/Cloud-storage-101-Cloud-gateways-for-hybrid-cloud-connectivity]]|Misc|
|2019.04.02|//OVUM//|[[Microsoft's Expanded Horizons in Security (pdf)|https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2PQU0]]|Report Azure|
|2019.05.16|//Azure//| → [[Ovum recommends Microsoft security to safeguard your hybrid and multi cloud environments|https://www.microsoft.com/security/blog/2019/05/16/ovum-recommends-microsoft-security-to-safeguard-your-hybrid-and-multi-cloud-environments/]]|Report Azure|
|2019.04.02|//Whistic//|[[How To Use CAIQ-Lite for Third Party Risk Management|https://blog.whistic.com/how-to-use-caiq-lite-for-third-party-risk-management-264a28014e69]]|CSA CAIQ|
|2019.04.02|//Lastline//|![[Post-Brexit Cybersecurity - Implications on Risk and Uncertainty|https://www.lastline.com/blog/post-brexit-cybersecurity-implications-on-risk-and-uncertainty/]]|Brexit Legal|
|2019.04.02|//Offensive Security//|[[Security clashes with cloud: Offensive Security CEO talks cultural mindsets, leadership challenges|https://www.zdnet.com/article/security-meets-cloud-a-major-shift-in-offensive-securitys-cultural-mindset/]]|Challenges|
|2019.04.02|//WhiteSource//|[[Kubernetes Pod Security Policy Best Practices|https://resources.whitesourcesoftware.com/blog-whitesource/kubernetes-pod-security-policy]]|K8s Best_Practices|
|2019.04.02|//Microsoft Azure//|[[Overview of load-balancing options in Azure|https://docs.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview]]|Azure Load_Balancing|
|>|!|>||
|2019.04.01|The Hacker News|[[Thousands of Unprotected Kibana Instances Exposing Elasticsearch Databases|https://thehackernews.com/2019/04/kibana-data-security.html]]|DataLeaks Kibana|
|2019.04.02|Security Affairs| → [[26k+ Kibana Instances exposed Elasticsearch databases online|https://securityaffairs.co/wordpress/83215/breaking-news/exposed-kibana-installs.html]]|DataLeaks Kibana|
|2019.04.01|Redmond Channe Partner|![[Office 365 Compliance and Security: Perception vs. Reality|https://rcpmag.com/blogs/scott-bekker/2019/04/office-365-compliance-and-security.aspx]]|O365 Compliance|
|2019.04.01|//CollabTalk//, //BYU Marriott School//| → [[Organizational Security & Compliance Practices in Office 365 (pdf)|http://go.spanning.com/rs/832-UFI-346/images/Organizational_Security_and_Compliance_Practices_in_Office_365.pdf]]|O365 Compliance|
|2019.04.01|Containers Journal|[[A High-Level History of the Container Ecosystem, 2013-2019|https://containerjournal.com/2019/04/01/a-high-level-history-of-the-container-ecosystem-2013-2019/]]|Containers|
|2019.04.01|Help Net Security|[[AWS releases new S3 storage for long-term data retention|https://www.helpnetsecurity.com/2019/04/01/amazon-long-term-data-retention/]]|AWS Storage|
|2019.04.01|RSA Conférence|[[Ben's Book of the Month: Review of "Secure Cloud Transformation: The CIO'S Journey"|https://www.rsaconference.com/blogs/bens-book-of-the-month-review-of-secure-cloud-transformation-the-cios-journey]]|Governance CSA|
|2019.04.01|//Google Cloud//|[[Increasing trust in your cloud: security sessions at Next '19|https://cloud.google.com/blog/products/identity-security/increasing-trust-in-your-cloud-security-sessions-at-next19]]|Conference GCP|
|2019.04.01|BBN Times|[[How to Secure the Internet of Things|https://www.bbntimes.com/en/technology/how-to-secure-the-internet-of-things]]|CSA|
|2019.04.01|CIO|[[Step 1 to Managing Security: Know Thyself|https://www.cio.com/article/3384926/step-1-to-managing-security-know-thyself.html]]|CSA|
!"//The Many Benefits of a Cloud Access Security Broker//"
[>img(100px,auto)[iCSA_/CASB-benefits.png]]^^Bien que publié le 19 avril 2019 sur le blog de la CSA, cet article l'a déjà été il y a __un mois__, le 11 mars 2019 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/04/19/casb-modern-security-concerns/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/benefits-of-cloud-access-security-broker]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Prying Eyes Inside the Enterprise: Bitglass' Insider Threat Report//"
[>img(100px,auto)[iCSA_/threatbusters.png]]^^Bien que publié le 12 avril 2019 sur le blog de la CSA, cet article l'a déjà été il y a __une semaine__, le 3 avril 2019 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/04/12/insider-threat-report/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/bitglass-insider-threat-report-2019]]
Après inscription, le rapport est disponible sur ⇒ ''[[CloudSecurityAlliance.fr/go/j4Cz/|https://cloudsecurityalliance.fr/go/j4Cz/]]''^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201903>>
<<tiddler fAll2Tabs10 with: VeilleM","_201903>>
<<tiddler fAll2LiTabs10 with: NewsL","201903>><<tiddler .ReplaceTiddlerTitle with: [[Newsletters - Mars 2019]]>>
|!Mars|!Sources|!Titres et Liens|!Types|
|2019.03.20|MITRE CVE|//SoftNAS Cloud Authentication Bypass// [[CVE-2019-9945|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9945]]|CVE-2019-9945|
|2019.03.18|Online Threats|[[The "Your Office 365 Account is About to Be Deleted" Phishing Scam|https://www.onlinethreatalerts.com/article/2019/3/18/the-your-office-365-account-is-about-to-be-deleted-phishing-scam/]]|Phishing|
|2019.03.07|//Aqua Security//|[[Mitigating the Kubernetes API Server Patch Permission DoS Vulnerability (CVE-2019-1002100)|https://blog.aquasec.com/kubernetes-vulnerability-cve-2019-1002100]]|K8s Flaws|
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Mars 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Mars 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201903>>
<<tiddler fAll2LiTabs13end with: Blog","201903>><<tiddler .ReplaceTiddlerTitle with: [[Blog - Mars 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Mars 2019]]>><<tiddler fAll2LiTabs13end with: Publ","201903>>
!!1 - Informations CSA de la semaine du 25 au 31 mars 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Appels à Commentaires sur des documents CSA sur la sécurisation des ''containers'' et des ''micro-services''+++*[»]> <<tiddler [[2019.03.29 - Appel à commentaires sur 3 documents CSA]]>>===
* Un nouvel article sur ''CSA STAR''+++*[»]> <<tiddler [[2019.03.28 - Blog : CSA STAR - The Answer to Less Complexity...]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.03.31 - Veille Hebdomadaire - 31 mars]] avec une cinquantaine de liens sur :
* la problématique de la gestion des identités dans le Cloud
* les risques dans le Cloud
* la sécurité des containers
* les rançongiciels et le Cloud
* les attaques Man-in-the-Cloud (MitC)
et des rapports et études de Barracuda, nCipher, Ixia
!!3 - Agenda
* Le ''CSA Congress EMEA'' aura lieu les 20 et 21 novembre 2019 à Berlin. L'appel à présentations est ouvert jusqu'au 28 juin.+++*[»]> <<tiddler [[2019.03.30 - CSA Congress EMEA 2019 - Appel à présentations]]>>===
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2019.03.29|The Register|[[US biz could be allowed to fire up their own data centres beyond the Great Firewall of China|https://www.theregister.co.uk/2019/03/29/us_companies_could_be_permitted_to_run_data_centres_in_mainland_china/]]|China|
|2019.03.29|Container Journal|[[The State of Container Security |https://containerjournal.com/2019/03/29/the-state-of-container-security/]]|Containers Docker|
|2019.03.29|IoT for All|[[Amazon Web Services vs. Azure's Disaster Recovery Solutions|https://www.iotforall.com/aws-vs-azure-disaster-recovery/]]|DRP AWS Azure|
|2019.03.29|BetaNews|[[Cloud-based risk management: Transforming business safety processes|https://betanews.com/2019/03/29/cloud-based-risk-management/]]|Risks|
|2019.03.29|//Google Cloud//|[[Taking charge of your data: Understanding re-identification risk and quasi-identifiers with Cloud DLP|https://cloud.google.com/blog/products/identity-security/taking-charge-of-your-data-understanding-re-identification-risk-and-quasi-identifiers-with-cloud-dlp]]|DLP|
|2019.03.29|//Google Cloud//|[[Exploring container security: the shared responsibility model in GKE|https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-the-shared-responsibility-model-in-gke-container-security-shared-responsibility-model-gke]]|Containers|
|2019.03.29|//AppDynamics//|[[Is Serverless the New Mainframe?|https://blog.appdynamics.com/engineering/is-serverless-the-new-mainframe/]]|Serverless|
|2019.03.29|//ThreatStack//|[[50 Useful Kubernetes Tutorials for IT Professionals|https://www.threatstack.com/blog/50-useful-kubernetes-tutorials-for-it-professionals]]|K8s Training|
|>|!|>||
|2019.03.28|Bleeping Computer|[[Microsoft Fixing Azure Service Failures Impacting Western Europe|https://www.bleepingcomputer.com/news/microsoft/microsoft-fixing-azure-service-failures-impacting-western-europe/]]|Outage Azure|
|2019.03.28|Help Net Security|[[When it comes to file sharing, the cloud has very few downsides|https://www.helpnetsecurity.com/2019/03/28/cloud-file-sharing/]]|Misc|
|2019.03.28|//Barracuda//|[[Rapport Barracuda|https://www.barracuda.com/data-protection-report]]|Report|
|2019.03.28|Dark Reading| → [[40% of Organizations Not Doing Enough to Protect Office 365 Data|https://www.darkreading.com/threat-intelligence/40--of-organizations-not-doing-enough-to-protect-office-365-data/d/d-id/1334283]]|Report|
|2019.03.28|//Gremlin//|![[Chaos Engineering: the history, principles, and practice|https://www.gremlin.com/community/tutorials/chaos-engineering-the-history-principles-and-practice/]]|Chaos_Engineering|
|2019.03.28|//Aqua Security//|[[Gartner Names Container Security Among Top 10 Security Projects for 2019|https://blog.aquasec.com/gartner-container-security-2019]]|Containers Gartner|
|2019.03.28|//Bitglass//[>img[iCSF/flag_fr.png]]|[[Attention aux attaques Man in the Cloud : quatre parades infaillibles contre une nouvelle génération de cyberattaques|https://www.globalsecuritymag.fr/Attention-aux-attaques-Man-in-the,20190328,85725.html]]|Attacks MitC|
|2019.03.28|//LaceWork//|[[There Are a Lot of Ways to Get Clou Security Wrong|https://www.lacework.com/ways-to-get-cloud-security-wrong/]]|Misc|
|2019.03.28|//TwistLock//|[[Disclosing a directory traversal vulnerability in Kubernetes copy - CVE-2019-1002101|https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/]]|CVE-2019-1002101|
|2019.03.28|//Cylent//|![[Securing Cloud-Native Applications|https://caylent.com/securing-cloud-native-applications/]]|NativeApplications|
|>|!|>||
|2019.03.27|SANS|![[Ransomware Magnified in the Cloud|https://www.sans.org/cyber-security-intelligence/2019/03/27/ransomware-magnified-in-the-cloud]]|Attacks Ransomware|
|2019.03.27|Silicon Angle|[[Amazon Web Services sharpens its focus on cloud security|https://siliconangle.com/2019/03/27/amazon-web-services-sharpens-focus-cloud-cybersecurity/]]|AWS|
|2019.03.27|Michael Peters|[[Kubernetes Security Best Practices to Protect Your Cloud Containers|https://michaelpeters.org/kubernetes-security-best-practices-to-protect-your-cloud-containers/]]|K8s|
|2019.03.27|//Infosec Island//|[[Next Generation Firewalls are Old News in the Cloud|http://www.infosecisland.com/blogview/25181-Next-Generation-Firewalls-are-Old-News-in-the-Cloud.html]]|Cloud Misc.|
|2019.03.27|//Ping Identity//[>img[iCSF/flag_fr.png]]|![[L'identité, le nouveau périmètre de sécurité|https://www.globalsecuritymag.fr/L-identite-le-nouveau-perimetre-de,20190328,85730.html]]|Misc|
|2019.03.27|//nCipher//|[[2019 Global Encryption Trends Study|https://www.ncipher.com/2019/global-encryption-trends-study]]|Report Encrypt|
|2019.03.28|CBR Online| → [[Employee Errors, Key Management Headaches, Data Discovery: Enterprise Encryption is Hard, but Happening|https://www.cbronline.com/news/encryption-trends]]|Report Encrypt|
|2019.04.02|Help Net Security| → [[Encryption deployment increases as organizations struggle to address compliance requirements|https://www.helpnetsecurity.com/2019/04/02/encryption-deployment-increases/]]|Report Encrypt|
|2019.03.27|//FireEye//|[[CIO Viewpoint - Considerations When Moving to Office 365|https://www.fireeye.com/blog/executive-perspective/2019/03/cio-viewpoint-considerations-when-moving-to-office-365.html]]|O365|
|2019.03.27|//FireEye//|[[How to Be Cloud Smart to Meet Today's Cyber Security Challenges|https://www.fireeye.com/blog/products-and-services/2019/03/how-to-be-cloud-smart-to-meet-todays-cyber-security-challenges.html]]|Misc|
|2019.03.27|//CloudPassage//|[[Securing Azure Application Gateway|https://blog.cloudpassage.com/2019/03/27/securing-azure-application-gateway/]]|Azure|
|2019.03.27|//Lacework//|[[Next Generation Firewalls are Old News in the Cloud|http://www.infosecisland.com/blogview/25181-Next-Generation-Firewalls-are-Old-News-in-the-Cloud.html]]|Firewalls|
|2019.03.27|//Amazon//|[[AWS Announces the General Availability of the Amazon S3 Glacier Deep Archive Storage Class in all Commercial AWS Regions and AWS GovCloud (US)|https://aws.amazon.com/about-aws/whats-new/2019/03/S3-glacier-deep-archive/]]|AWS Arhive|
|2019.03.28|CBR Online| → [[AWS's "Tape-Killing" Glacier Deep Archive Offering Now Available|https://www.cbronline.com/news/aws-glacier-deep-archive]]|AWS Archive|
|2019.03.27|//Swimlane//|[[Microsoft's OAuth2 Endpoints and Application Types|https://swimlane.com/blog/microsoft-oauth2-implementation-1/]] (1/3)|OAuth2|
|2019.03.27|SANS|[[How to Automate Compliance and Risk Management for Cloud Workloads|https://www.sans.org/reading-room/whitepapers/analyst/automate-compliance-risk-management-cloud-workloads-38885]]|Analysis Misc.|
|>|!|>||
|2019.03.26|Journal du Net[>img[iCSF/flag_fr.png]]|[[Comment OVH gère ses pannes grâce au big data|https://www.journaldunet.com/solutions/cloud-computing/1422814-comment-ovh-gere-ses-pannes-grace-au-big-data/]]|Misc|
|2019.03.26|Maarten Goet|[[Protecting against malicious payloads over DNS using Azure Sentinel|https://medium.com/@maarten.goet/protecting-against-malicious-payloads-over-dns-using-azure-sentinel-b16b41de52fd]]|Azure DNS|
|2019.03.26|CNBC|[[Slack's security worries some CEOs, who say that employees 'never shut up' on the app|https://www.cnbc.com/2019/03/26/slack-security-concerns-some-ceos.html]]|Misc|
|2019.03.26|Summit Route|[[How to audit AWS IAM and resource policies|https://summitroute.com/blog/2019/03/26/how_to_audit_aws_iam_and_resource_policies/]]|AWS IAM|
|2019.03.26|//PaloAlto Networks//|![[8 Azure Security Best Practices|https://researchcenter.paloaltonetworks.com/2019/03/8-azure-security-best-practices/]]|Azure Best_Practices|
|2019.03.26|Data Economy|[[Keeping Calm and Carrying on Amid a 'No-Certainty' Brexit|https://data-economy.com/keeping-calm-and-carrying-on-amid-a-no-certainty-brexit/]]|Brexit CSA|
|2019.03.26|//Zscaler//|![[Abuse of hidden "well-known" directory in HTTPS sites|https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites]]|Attacks|
|>|!|>||
|2019.03.25|Kubernetes|[[Kubernetes 1.14: Production-level support for Windows Nodes, Kubectl Updates, Persistent Local Volumes GA|https://kubernetes.io/blog/2019/03/25/kubernetes-1-14-release-announcement/]]|K8s|
|2019.03.25|CBR Online| → [[Kubernetes "Officially" Comes to Windows|https://www.cbronline.com/news/kubernetes-windows-1-14]]|K8s|
|2019.03.25|//RedHat//| → [[Kubernetes 1.14 is here: Expanding the ecosystem while increasing stability|https://www.redhat.com/en/blog/kubernetes-114-here-expanding-ecosystem-while-increasing-stability]]|K8s|
|2019.03.25|Bleeping Computer|[[Skype Experiencing Global Instant Messaging Delays|https://www.bleepingcomputer.com/news/microsoft/skype-experiencing-global-instant-messaging-delays/]]|Outage Skype|
|2019.03.25|Container Journal|[[Defeating Kubernetes Challenges Through Monitoring|https://containerjournal.com/2019/03/25/defeating-kubernetes-challenges-through-monitoring/]]|K8s Monitor|
|2019.03.25|VMblog|![[Go With the (data) Flow: Three Ways to Find Hidden Security Risks in the Cloud Era|http://vmblog.com/archive/2019/03/25/go-with-the-data-flow-three-ways-to-find-hidden-security-risks-in-the-cloud-era.aspx]]|Risks|
|2019.03.25|Federal News Network|[[DoD testing secure cloud to help small contractors protect data|https://federalnewsnetwork.com/defense-news/2019/03/dod-will-test-secure-cloud/]]|Governance CloudSmart|
|2019.03.25|The Last Watchdog|[[Data Theorem helps inventory sprawling APIs - as the first step to securing them|https://www.lastwatchdog.com/new-tech-data-theorem-helps-inventory-sprawling-apis-as-the-first-step-to-securing-them/]]|APIs|
|2019.03.25|Solutions Review|[[7 Cloud Security Questions You Need to Ask Your Cloud Provider|https://solutionsreview.com/cloud-platforms/7-cloud-security-questions-you-need-to-ask-your-cloud-provider/]]|Evaluate|
|2019.03.25|//Armor//|[[What are CSPM tools|https://www.armor.com/blog/what-are-cspm-tools/]]|CSPM|
|2019.03.25|//Keysight Technologies//|[[New Survey from Ixia, a Keysight Business, Reveals Monitoring Gaps Between Traditional and Hybrid IT Environments|https://www.businesswire.com/news/home/20190325005503/en/New-Survey-Ixia-Keysight-Business-Reveals-Monitoring]] ([[rapport (pdf)|https://about.keysight.com/en/newsroom/pr/2019/25mar-nr19044-ixia-c-r-state-cloud-monitoring.pdf]] ou [[rapport|https://www.ixiacom.com/resources/state-cloud-monitoring]] [[.pdf|https://www.ixiacom.com/sites/default/files/2019-03/Ixia-C-R-State-Cloud-Monitoring.pdf]])|Report|
|2019.03.26|Help Net Security| → [[Less than 20% of IT pros have complete access to critical data in public clouds|https://www.helpnetsecurity.com/2019/03/26/access-critical-data-public-clouds/]]|Report|
|2019.03.29|CXO Today| → [[Study Reveals Monitoring Gaps Between Traditional and Hybrid IT Environments|http://www.cxotoday.com/story/study-reveals-monitoring-gaps-between-traditional-and-hybrid-it-environments/]]|Report|
|2019.03.25|//Zscaler//|[[Cloud security is changing the security channel partner model|https://www.zscaler.com/blogs/corporate/cloud-security-changing-security-channel-partner-model]]|Perception|
|2019.03.25|Security Infowatch|[[The Effective CISO Needs More Than a Control Framework|https://www.securityinfowatch.com/cybersecurity/information-security/article/21069821/the-effective-ciso-needs-more-than-a-control-framework]]|CSA|
|2019.03.25|Security Infowatch|[[Quantum Keys Lifts Data Protection to New Heights|https://it.toolbox.com/articles/quantum-keys-lifts-data-protection-to-new-heights]]|CSA|
!CSA Congress EMEA 2019
[>img(200px,auto)[iCSF/EasyChair.png][https://cloudsecurityalliance.fr/go/jBjs/]]L'appel à présentations est ouvert jusqu'au 28 juin 2019. ''Il est maintenant clos.''
Comme d'habitude, les propositions doivent être soumises sur le site [[EasyChair|https://cloudsecurityalliance.fr/go/jBjs/]], après création d'un compte utilisateur sur cette plate-forme de référence.
--Lien pour soumettre une présentation :--
* --Lien ⇒ ''[[CloudSecurityAlliance.fr/go/jBjs/|https://cloudsecurityalliance.fr/go/jBjs/]]''--
<<tiddler [[2019.11.20 - CSA Congress EMEA 2019 - Berlin]]>>
Les 3 appels à commentaires dont les dates de clôtures sont en avril sont les suivants :
* 12 avril : "Hybrid Cloud Security Services Charter"
> //This initiative aims to develop a security white paper specifying hybrid cloud security risks and countermeasures, helping users identify and reduce the risks. This initiative proposes to provide hybrid cloud security evaluation suggestions, guiding both users and cloud service providers to choose and provide secure hybrid cloud solutions, and promoting security planning and implementation.//
** Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j4ch/|https://cloudsecurityalliance.fr/go/j4ch/]]'' /% RealURL=https://docs.google.com/document/d/1Is7sFG1wKL49N0L5hyE5lWkCxfcGuuIXAQnrMnY6o1k/edit %/
* 22 avril : "Challenges in Securing Application Containers and Microservices"
> //Application containers and a microservices architecture are being used to design, develop and deploy applications leveraging agile software development approaches such as Development Operations. Security must be embedded into these software development approaches. This document serves to identify challenges in securing application containers and microservices in the engineering of trustworthy secure systems through the lens of the Developer, Operator and Architect//
** Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j4nc/|https://cloudsecurityalliance.fr/go/j4nc/]]'' /% j4nc https://docs.google.com/document/d/1ww9UkQYSEdlX3ojBwfK1y50CY16g1KTXKHQ7IsLRJrY/edit %/
* 22 avril : "Best Practices for Implementing a Secure Application Container Architecture"
> //Application containers and a microservices architecture are being used to design, develop and deploy applications leveraging agile software development approaches such as Development Operations. Security needs to be embedded into these software development approaches. This document serves to identify recommendations and best practices to address the challenges in securing application containers in the engineering of trustworthy secure systems through the lens of the Developer, Operator and Architect.//
** Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j4nb/|https://cloudsecurityalliance.fr/go/j4nb/]]'' /% j4nb https://docs.google.com/document/d/1IZBFwy09TCT4mj9qs6dKMNnssHLFZl843I3HHOQ4p3U/edit %/
!CSA STAR - The Answer to Less Complexity, Higher Level of Compliance, Data Governance, Reduced Risk and More Cost-Effective Management of Your Security and Privacy System
[>img(300px,auto)[iCSA_/STAR_Registry_Banner.jpg]]Article de blog publié le 28 mars 2019 — Rédigé par John DiMaria, Assurance Investigatory Fellow, Cloud Security Alliance
<<<
//La [[Cloud Security Alliance]] vient de lancer une mise à jour majeure du programme ''CSA'' [[STAR]] (Security, Trust and Assurance Risk), et si vous étiez au ''CSA Summit'' à la conférence RSA, vous auriez eu un aperçu de ce qui vous attend. Resituons les choses dans leur contexte en ce qui concerne l'évolution de [[STAR]].
Plus les systèmes deviennent complexes, moins ils sont sûrs, même si les technologies de sécurité s'améliorent. Plusieurs raisons à cela, mais tout cela est lié à la problématique de complexité. Pourquoi ? Parce que nous accordons beaucoup d'attention à la technologie et que nous avons multiplié les cloisonnements entre une pléthore de règlements et de normes. Par conséquent, nous devenons trop fragmentés et complexes.//
[...]
//Le ''registre'' [[STAR]] documente les contrôles de sécurité et de confidentialité fournis par les offres populaires de cloud computing. Ce ''registre'' accessible au public permet d'évaluer les prestataires sécurité afin de faire les meilleurs choix et de gérer au mieux la chaîne d'approvisionnement. De plus, il permet aux fournisseurs de services dans le Cloud (CSP) de se comparer aux autres CSP de leur secteur.
''STARWatch'' peut alors être utilisé à des fins de benchmarking et/ou de gestion des risques par des tiers. ''STARWatch'' est une application SaaS qui facilite la gestion de la conformité aux exigences du registre ''STAR''. ''STARWatch'' fournit le contenu des questionnaires [[CCM]] et [[CAIQ]] sous forme de base de données, ce qui permet aux utilisateurs de gérer la conformité des services dans le Cloud aux bonnes pratiques de la ''CSA''.//
[...]
<<<
__Liens :__
* ⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/28/csa-star/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 18 au 24 mars 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Trois articles de blog sur :
** la gestion des vulnérabilités avec les containers+++*[»]> <<tiddler [[2019.03.21 - Blog : Better Vulnerability Management: How to Master Container Security...]]>>===
** STAR Continuous+++*[»]> <<tiddler [[2019.03.19 - Blog : STAR Continuous - Increasing Trust and Integrity]]>>===
** les clés cryptographiques dans le Cloud+++*[»]> <<tiddler [[2019.03.18 - Blog : Are Cryptographic Keys Safe in the Cloud?]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.03.24 - Veille Hebdomadaire - 24 mars]] avec une cinquantaine de liens, dont :
* un jugement rendu contre un salarié (très) indélicat qui a détruit l'environnement AWS de son ex-employeur
* des bonnes pratiques sécurité pour les containers, les microservices, Docker ...
* différents rapports sur la sécurité du Cloud
!!3 - Agenda
* Derniers jours pour commenter le document "//''Cloud Penetration Testing Guidance''//" : la date de clôture est fixée au 25 mars 2019.+++*[»]> Le lien de téléchargement du document à commenter ⇒ ''[[CloudSecurityAlliance.fr/go/j32c|https://cloudsecurityalliance.fr/go/j32c]]'' ===
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2019.03.24|//JumpCloud//|[[Introduction to Azure Active Directory|https://jumpcloud.com/blog/azure-active-directory-introduction/]]|Azure Active_Directory|
|>|!|>||
|2019.03.23|//InfoQ//|[[7 Steps for Improving Cloud Security With Business Integration|https://www.infoq.com/articles/improving-cloud-security]]|Misc|
|2019.03.23|//HPE//|[[5 ways to secure your containers|https://www.hpe.com/us/en/insights/articles/5-ways-to-secure-your-containers-1904.html]]|Containers|
|>|!|>||
|2019.03.22|Dario Borreguero|![[Azure and Office 365 logging|https://darizotas.blogspot.com/2019/03/azure-and-office-365-logging.html]]|Azure O365 Logging|
|2019.03.22|SC Mag|[[Top five application security pitfalls to avoid|https://www.scmagazine.com/home/opinion/top-five-application-security-pitfalls-to-avoid/]]|Misc|
|2019.03.20|The Register|[[LOL EPA OIG NDA WTF: Eco-watchdog's auditors barred from seeing own agency's cloud security report by gagging order|https://www.theregister.co.uk/2019/03/22/epa_report_nda/]]|Misc|
|2019.03.22|//JumpCloud//|[[LDAP is Dead. Long Live Cloud LDAP|https://jumpcloud.com/blog/ldap-dead/]]|Misc|
|2019.03.22|//Clearswift//|[[A business world in the Clouds|https://www.clearswift.com/blog/2019/03/22/business-world-cloud]]|Misc|
|>|!|>||
|2019.03.21|Container Journal|[[A Year of Kubernetes: What's Beyond the Horizon?|https://containerjournal.com/2019/03/21/a-year-of-kubernetes-whats-beyond-the-horizon/]]|K8s|
|2019.03.21|Security Intelligence|[[Securing the Microservices Architecture: Decomposing the Monolith Without Compromising Information Security|https://securityintelligence.com/securing-the-microservices-architecture-decomposing-the-monolith-without-compromising-information-security/romising Information Security]]|Microservices|
|2019.03.21|Dark Reading|[[SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats|https://www.darkreading.com/vulnerabilities---threats/insider-threats/saas-ecosystem-complexity-ratcheting-up-risk-of-insider-threats/d/d-id/1334221]]|InsiderThreats|
|2019.03.21|BetterCloud|[[State of Insider Threats in the Digital Workplace|https://www.bettercloud.com/resource/insiderthreats2019/]] ([[rapport|https://www.bettercloud.com/monitor/wp-content/uploads/sites/3/2019/03/BetterCloud-State-of-Insider-Threats-2019-FINAL.pdf]])|Rapport|
|2019.03.21|//Blissfully//|[[2019 Annual SaaS Trends Report|https://www.blissfully.com/saas-trends/2019-annual/]]|Report|
|2019.03.21|//Dell EMC//|[[New Dell EMC Research: Most Businesses Worldwide Now Recognize Value of Data Yet Struggle with Adequate Data Protection|https://emc.com/about/news/press/2019/20190321-01.htm]] ([[rapport|https://dellemc.com/en-us/data-protection/gdpi.index.htm]])|Report|
|2019.03.21|Global Security Mag[>img[iCSF/flag_fr.png]]| → [[Etude Dell EMC : 1/3 des entreprises mondiales ont connu une perte de données irréversible|https://www.globalsecuritymag.fr/Etude-Dell-EMC-1-3-des-entreprises,20190321,85558.html]]|Report|
|2019.03.21|//Data Privacy Security Insider//|[[Closing The Door Behind Your MFA Implementation|https://www.dataprivacyandsecurityinsider.com/2019/03/closing-the-door-behind-your-mfa-implementation/]]|Authenticate|
|2019.03.21|//Threat Stack//|[[7 Cloud Service Evaluation Criteria to Help You Choose the Right Cloud Service Provider|https://www.threatstack.com/blog/7-cloud-service-evaluation-criteria-to-help-you-choose-the-right-cloud-service-provider]]|Assessment|
|2019.03.21|//Lastline//|[[How to Secure the Cloud Simply, Effectively, and in Real Time|https://www.lastline.com/blog/how-to-secure-the-cloud-simply-effectively-and-in-real-time/]]|Misc|
|2019.03.21|//LaceWork//|[[Integrating DevOps and Security|https://www.lacework.com/integrating-devops-and-security/]]|DevOps|
|2019.03.21|//FireEye//|[[Troopers 19 - I am AD FS and So Can You|https://www.slideshare.net/DouglasBienstock/troopers-19-i-am-ad-fs-and-so-can-you]]|Misc|
|2019.03.21|//TwistLock//|[[Five Best Practices for API Security|https://www.twistlock.com/2019/03/21/five-best-practices-api-security/]]|APIs|
|2019.03.21|//Zscaler//|[[What you need to know about SD-WAN security|https://www.zscaler.com/blogs/corporate/what-you-need-know-about-sd-wan-security]]|SDWAN|
|>|!|>||
|2019.03.20|Solutions Numériques[>img[iCSF/flag_fr.png]]|[[SecNumCloud, le référentiel de l'ANSSI pour les offres de Cloud Computing|https://www.solutions-numeriques.com/securite/secnumcloud-le-referentiel-de-lanssi-pour-les-offres-de-cloud-computing/]]|Compliance|
|2019.03.20|Help Net Security|[[42Crunch unveils new platform to discover API vulnerabilities and protect them from attacks|https://www.helpnetsecurity.com/2019/03/20/42crunch-api-platform/]]|Attacks API|
|2019.03.20|CIO Review|[[How to Efficiently Manage Cloud Security|https://www.cioreview.com/news/how-to-efficiently-manage-cloud-security-nid-28260-cid-21.html]]|Misc|
|2019.03.20|MITRE CVE|//SoftNAS Cloud Authentication Bypass// [[CVE-2019-9945|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9945]]|CVE-2019-9945|
|2019.03.20|//Digital Defense//| → [[SoftNAS Cloud Zero-day Blog|https://www.digitaldefense.com/blog/2019-softnas-cloud-zero-day-blog/]]|CVE-2019-9945|
|2019.03.20|//Security Week//| → [[Authentication Bypass Vulnerability Found in SoftNAS Cloud|https://www.securityweek.com/authentication-bypass-vulnerability-found-softnas-cloud]]|CVE-2019-9945|
|2019.03.20|//Gartner//|![[Psychoanalyzing Security Cloud Fears|https://blogs.gartner.com/anton-chuvakin/2019/03/20/psychoanalyzing-security-cloud-fears/]]|Perception|
|2019.03.20|//Vipre//|[[The Dark Web and Ransomware-as-a-Service|https://www.vipre.com/blog/dark-web-ransomware/]]|Attacks|
|2019.03.20|//Lacework//|[[The Cloud's Unique Security Challenges|https://www.lacework.com/cloud-unique-security-challenges/]]|Misc|
|2019.03.19|SecurityWeek|[[Cloudflare Launches New HTTPS Interception Detection Tools|https://www.securityweek.com/cloudflare-launches-new-https-interception-detection-tools]]|Misc|
|2019.03.19|//Sysdig//|[[Detecting the Kubernetes API server DoS vulnerability (CVE-2019-1002100)|https://sysdig.com/blog/detecting-the-kubernetes-api-server-dos-vulnerability-cve-2019-1002100/]]|K8s CVE-2019-1002100|
|2019.03.19|//ThreatStack//|[[Container Security Tips and Best Practices|https://www.threatstack.com/blog/container-security-tips-and-best-practices]]|Containers Best_Practices|
|2019.03.19|//Lastline//|[[How Cloud Computing Enables (And Threatens) Organizations' Digital Transformation|https://www.lastline.com/blog/how-cloud-computing-enables-and-threatens-organizations-digital-transformation/]]|Misc|
|2019.03.19|//Clearswift//|[[Enhancing Information Security in Microsoft Office 365 (pdf)|https://www.clearswift.com/sites/default/files/documents/Whitepapers/Clearswift_Enhancing_Info_Security_In_M0365_Whitepaper.pdf]]|Report|
|2019.03.19|Find Biometrics|[[Nok Nok and FIDO Receive Industry Recognition for Digital Security Contributions|https://findbiometrics.com/nok-nok-fido-receive-industry-recognition-digital-security-contributions/]]|CSA|
|2019.03.19|//DeltaRisk//|[[Office 365 Security Features Demystified|https://deltarisk.com/blog/office-365-security-features-demystified/]]|O365|
|2019.03.19|//Cedrus//|[[Cloud DLP Choosing the Right CASB|https://cedrus.digital/cloud-dlp-choosing-the-right-casb/]]|DLP CASB|
|>|!|>||
|2019.03.18|Economie Matin[>img[iCSF/flag_fr.png]]|[[Les points clés pour sécuriser le Cloud hybride, efficacement, facilement et au bon coût|http://www.economiematin.fr/news-points-cles-securiser-cloud-hybride-efficacement]]|Hybrid_Cloud Security|
|2019.03.18|Thames Valley Police|![[Man sentenced for cyber crime offences - Reading Crown Court|https://news.thamesvalley.police.uk/news/man-sentenced-for-cyber-crime-offences-reading-crown-court-362443]]|InsiderThreats|
|2019.03.20|The Register| → [[Vengeful sacked IT bod destroyed ex-employer's AWS cloud accounts. Now he'll spent rest of 2019 in the clink|https://www.theregister.co.uk/2019/03/20/steffan_needham_aws_rampage_prison_sentence_voova/]]|InsiderThreats|
|2019.03.22|//Sophos//| → [[Sacked IT guy annihilates 23 of his ex-employer's AWS servers|https://nakedsecurity.sophos.com/2019/03/22/sacked-it-guy-annihilates-23-of-his-ex-employers-aws-servers/]]|InsiderThreats|
|2019.03.18|//disrupt:Ops//|[[Forming the Cloud Security Center of Excellence|https://disruptops.com/forming-the-cloud-security-center-of-excellence/]]|Best Practices|
|2019.03.18|//PaloAlto Networks//|![[Containers: Fueling Your Move to DevSecOps|https://researchcenter.paloaltonetworks.com/2019/03/containers-fueling-move-devsecops/]]|Containers|
|2019.03.18|//Slack//[>img[iCSF/flag_fr.png]]|[[La gestion des clés de chiffrement en entreprise est désormais disponible avec Enterprise Grid de Slack|https://slackhq.com/la-gestion-des-cles-de-chiffrement-en-entreprise-est-desormais-disponible-avec-enterprise-grid-de-slack]]|Encrypt|
|2019.03.18|CBR Online| → [[Slack Says You Can Now "Bring Your Own" Encryption Key|https://www.cbronline.com/news/slack-security-encryption]]|Encrypt|
|2019.03.18|//Avanan//|[[Root Domain Hack Impacts 70% of Email Gateway Customers|https://www.avanan.com/resources/office-365-and-gmail-root-domain-exploit]]|Attacks|
|2019.03.18|Help Net Security|[[Cryptojacking of businesses' cloud resources still going strong|https://www.helpnetsecurity.com/2019/03/18/cryptojacking-cloud-resources/]]|Attacks|
|2019.03.18|//Fugue//|![[12 Ways Cloud Upended IT Security (And What You Can Do About It)|https://www.fugue.co/blog/12-ways-cloud-upended-it-security-and-what-you-can-do-about-it]]|Misc|
|2019.03.18|Container Journal|[[Happy Sixth Birthday, Docker!|https://containerjournal.com/2019/03/18/happy-sixth-birthday-docker/]]|Docker|
|2019.03.18|Security Boulevard|[[Simplifying Security in the Cloud|https://securityboulevard.com/2019/03/simplifying-security-in-the-cloud/]]|Best_Practices|
|2019.03.18|//Stormshield//|[[Shadow IT: a real challenge for IT departments|https://www.stormshield.com/shadow-it-a-real-challenge-for-it-departments/]]|ShadowIT|
|2019.03.18|//Firemon//|[[Managing the Cloud is Complex, but How You Secure it Shouldn't Be|https://www.firemon.com/managing-the-cloud/]]|
!Synthèse de la matinée animée par notre [[Chapitre Français]] de la [[Cloud Security Alliance]] au Forum Securité@Cloud
[>img(500px,auto)[iCSA_/SecuCloud2019.jpg]]Cette seconde édition du [[Forum Sécurité@Cloud]] s'est déroulée les 20 et 21 mars 2019, avec pour organisatrice, Caroline Moulin-Schwartz.
La matinée du jeudi 21 mars était gérée par le [[Chapitre Français]] de la [[Cloud Security Alliance]].
Elle était découpée en 3 parties :
# une présentation introductive : "Face aux attaques, la cyber-résilience par le Cloud ?" par Olivier Caleff du [[Chapitre Français]] de la [[Cloud Security Alliance]]
** Elle est disponible au téléchargement au format 'PDF'
*** Lien ⇒ ''[[CloudSecurityAlliance.fr/go/j3lD/|https://cloudsecurityalliance.fr/go/j3lD/]]''
# une table ronde sur le thème "Cloud hybride : enjeux, exigences de sécurité et résilience" avec la participation de :
** Michel Juvin (représentant du CESIN)
** Vincent Leclerc (Forcepoint)
** Olivier Caleff (Cloud Security Alliance)
# une table ronde sur le thème "Attaques contre les données dans le Cloud : comment s'en prémunir ?" avec la participation de
** Rayna Stamboliyska (Defensive Lab Agency)
** Vincent Meysonnet (Bitdefender)
** Olivier Caleff (Cloud Security Alliance)
[img(25%,1px)[iCSF/BluePixel.gif]]
Rendez-vous les ''18 et 19 mars 2020'', toujours dans le hall 5.2 de la Porte de Versailles à Paris pour le [[Forum Sécurité@Cloud]] 2020<<tiddler [[arOund0C]]>>
!Une meilleure gestion des vulnérabilités : 3 étapes pour maîtriser la sécurité des containers
[>img(200px,auto)[iCSA/J3LBB.jpg]]Article de blog publié le 21 mars 2019 — Rédigé par Nate Dyer, Product Marketing Director, Tenable
<<<
//La popularité des containers d'applications comme Docker a explosé au sein des équipes informatiques et des développeurs du monde entier. Depuis sa création en 2013, le logiciel Docker a été téléchargé 80 milliards de fois et plus de 3,5 millions d'applications ont été "//dockerisées//" pour fonctionner en containers.
Avec l'enthousiasme généré et le haut niveau d'adoption, il est important de comprendre les raisons pour lesquelles la sécurité continue d'être le principal obstacle au déploiement de containers.//
[...]
//On peut maîtriser la sécurité des containers en suivant trois étapes ://
# //Découvrir et sécuriser l'infrastructure des containers. Cela inclut la détection de Docker dans votre environnement, la mise à jour de l'infrastructure de l'hôte et de l'orchestration et le renforcement des services basés sur les meilleures pratiques de l'industrie.//
# //Résoudre la problématique des contrôles de sécurité. Il faut concentrer les efforts de test de sécurité, de mise en oeuvre des politiques et des corrections sur le processus de développement avant que le logiciel ne soit mis en production.//
# //Incorporer les containers dans votre programme holistique de cyber-exposition. Plutôt que de compter sur une solution ponctuelle pour sécuriser un nouveau type de ressource informatique, il est préférable de s'assurer que la gestion des vulnérabilités prend bien en charge les containers en plus des ressources plus classiques//
<<<
__Liens :__
* ⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/21/master-container-security/]] sur le blog de la CSA
!Continuous Auditing -- STAR Continuous -- Increasing Trust and Integrity
[>img(300px,auto)[iCSA_/continuous-auditing.png]]Article de blog publié le 19 mars 2019 — Rédigé par John DiMaria, Assurance Investigatory Fellow, Cloud Security Alliance
<<<
//En tant que ceinture noire SixSigma, j'ai évolué au fil des ans avec la philosophie de la surveillance et de l'amélioration continue, passant d'un état réactif à un état proactif. J'ai d'ailleurs écrit un livre blanc il y a quelques années sur la façon dont SixSigma peut d'appliquer à la sécurité.//
[...]
//STAR Continuous est une composante du programme STAR de la CSA qui donne aux prestataires de services dans le Cloud (CSP) la possibilité d'intégrer leur approche de conformité et de certification en matière de sécurité dans le Cloud avec des capacités supplémentaires pour valider leur position en matière de sécurité sur une base récurrente. L'audit continu permet à une organisation de faire des déclarations précises sur l'état de conformité à tout moment pendant toute la durée du processus d'audit continu, obtenant ainsi un état de conformité "toujours à jour" en augmentant la fréquence du processus d'audit.//
[...]
<<<
__Liens :__
* ⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/19/continuous-auditing-star/]] sur le blog de la CSA
!"A Decade of Vision"
[>img(150px,auto)[iCSA_/ACKSITC.png]]Article de blog publié le 18 mars 2019 — Rédigé par Katalin Jakucs, PR Manager & Chief Storyteller, Tresorit
<<<
//En migrant les données vers le Cloud, les entreprises peuvent bénéficier d'une évolutivité, d'une facilité d'utilisation, d'une collaboration et d'une mobilité accrues, ainsi que d'importantes économies de coûts. Le Cloud peut être très attrayant pour les experts du sujet, dans la mesure où ils n'ont plus à investir dans la construction et la maintenance de leur propre infrastructure. Cependant, le Cloud engendre également des défis en matière de sécurité de l'information.
Étant donné que dans le Cloud la densité de données est beaucoup plus élevée que dans le cas d'un stockage local, le Cloud offre une plus grande surface d'attaque.//
[...]
//En conclusion, même si les données stockées sont cryptées chez un prestataire de stockage dans le Cloud, c'est le type de cryptage et les méthodes de gestion des clés qui importent. Vos documents, mais aussi vos clés doivent être conservés en lieu sûr. La cryptographie à clé publique combinée à des algorithmes de chiffrement symétriques puissants est un moyen standard et éprouvé qui permet de partager des documents avec d'autres personnes sans que le prestataire de stockage ou un tiers n'ait accès à vos fichiers. Cherchez des solutions qui vous permettent d'utiliser vos propres clés matérielles ou celles qui ne permettent pas de réinitialiser les mots de passe, un bon signe que le prestataire n'aura pas accès à vos clés. C'est la seule façon de s'assurer que les données sont protégées contre les atteintes à la protection des données.//
<<<
__Liens :__
* ⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/18/are-cryptographic-keys-safe-cloud/]] sur le blog de la CSA
!!1 - Informations CSA de la semaine du 11 au 17 mars 2019
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Synthèse des présentations données lors du ''CSA Summit'' en début de semaine (2/2).+++*[»]> <<tiddler [[2019.03.12 - Blog : CSA Summit Recap Part 2: CSP & CISO Perspective]]>>===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.03.17 - Veille Hebdomadaire - 17 mars]] avec une cinquantaine de liens, dont :
* Un rapport de //Proofpoint// mentionnant notamment la réutilisation d'une (ancienne) technique par des acteurs malveillants pour accéder à des comptes //O365// ou //G-Suite// : IMAP.
* Du ''chiffrement homomorphique'' par //Samsung//, ''Azure AD Connect Health'' par //Semperis//, //Box// comme source de ''fuite de données'' par //Adversis//, ''Cuckoo SandBox'' sur //AWS//...
* Des réflexions de ''Richard Bejtlich'' (//Tao Security//)
!!3 - Agenda
* Jeudi prochain : conférence gratuite [[Forum Sécurité@Cloud]] 2019 dans le cadre du salon "Cloud Computing World Expo" les 20 et 21 mars 2019, avec notamment
l'animation de la matinée du jeudi 21 mars sur le thème "''Cyber-résilience ou comment faire face à l'accélération des menaces de sécurité dans le Cloud ?''"
* Inscription sur ''[[CloudSecurityAlliance.fr/go/j2bs/|https://cloudsecurityalliance.fr/go/j2bs/]]''+++*[»]> <<tiddler [[2019.02.23 - Forum Securité@Cloud 2019]]>>===
!4 - Autres
* Ouverture d'un sondage "''2019 Cloud Security Research''" par le groupe //Information Security// sur LinkedIn, //Delta Risk//, //Cybersecurity Insiders//+++*[»]> <<tiddler [[2019.03.14 - Sondage '2019 Cloud Security Research']]>>===
* Mise à jour de l'article "Références / OWASP"
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2019.03.17|Sarah Young|![[BSidesSF 2019 - How to Lose a Container in 10 Minutes (video)|https://www.youtube.com/watch?v=fSj6_WgDATE]]|Containers|
|>|!|>||
|2019.03.16|Hacking Exposed|[[Available forensic data sources provided by Amazon AWS for EC2|https://www.hecfblog.com/2019/03/daily-blog-645-solution-saturday-31619.html]]|AWS Forensics|
|2019.03.16|//JumpCloud//|[[AD DS Replacement|https://jumpcloud.com/blog/ad-ds-replacement/]]|Active_Directory|
|>|!|>||
|2019.03.15|Container Journal|[[A Year of Kubernetes: Navigating Treacherous Waters|https://containerjournal.com/2019/03/15/a-year-of-kubernetes-navigating-treacherous-waters/]]|Containers Kubernetes|
|2019.03.15|Security Discovery|[[A legal analytics company exposed passwordless database with sensitive documents|https://securitydiscovery.com/a-legal-analytics-company-exposed-passwordless-database-with-sensitive-documents/]]|Data_Leaks|
|2019.03.15|Bleeping Computer| → [[257K Legal Documents Leaked By Unprotected Elasticsearch Server|https://www.bleepingcomputer.com/news/security/257k-legal-documents-leaked-by-unprotected-elasticsearch-server/]]|Data_Leaks|
|2019.03.16|//GBHackers//| → [[250,000 Sensitive Legal Documents Leaked Online via Unprotected Elasticsearch Cluster|https://gbhackers.com/legal-documents-leaked-online/]]|Data_Leaks|
|2019.03.15|Solutions review|[[5 Things to Look For in a Cloud Service Level Agreement|https://solutionsreview.com/cloud-platforms/5-things-to-look-for-in-a-cloud-service-level-agreement/]]|SLA|
|2019.03.15|//FireEye//|[[Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing|https://www.fireeye.com/blog/threat-research/2019/03/dissecting-netwire-phishing-campaign-usage-of-process-hollowing.html]]|Attacks|
|2019.03.15|//Microsoft//|[[Azure AD Mailbag: Discovering and blocking legacy authentication|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-Mailbag-Discovering-and-blocking-legacy-authentication/ba-p/369725]]|Authenticate|
|2019.03.15|//JumpCloud//|[[Migrating LDAP to the Cloud|https://jumpcloud.com/blog/migrate-ldap-cloud/]]|Authenticate|
|2019.03.15|//ProdataKey//|[[Cloud-Based Access Control: The Cyber Pitch|https://www.securityinfowatch.com/access-identity/access-control/hosted-managed-access-control/article/21069034/cloudbased-access-control-the-cyber-pitch]]|AccessControls|
|2019.03.15|//Whistic//|[[The Evolution of Risk Management|https://blog.whistic.com/the-evolution-of-risk-management-6cc07d95aeb7]]|Risks|
|>|!|>||
|2019.03.14|Maarten Goet|[[Azure Sentinel FUSION: machine learning for a SecOps world|https://medium.com/@maarten.goet/azure-sentinel-fusion-machine-learning-for-a-secops-world-64ccda3de5f8]]|Azure_Sentinel|
|2019.03.14|//Proofpoint//|![[Threat actors leverage credential dumps, phishing, and legacy email protocols to bypass MFA and breach cloud accounts worldwide|https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols]]|Reports Attacks|
|2019.03.14|Bleeping Computer| → [[Multi-Factor Auth Bypassed in Office 365 and G Suite IMAP Attacks|https://www.bleepingcomputer.com/news/security/multi-factor-auth-bypassed-in-office-365-and-g-suite-imap-attacks/]]|Reports Attacks|
|2019.03.14|Global Security Mag[>img[iCSF/flag_fr.png]]| → [[Une étude Proofpoint révèle une augmentation de 65% des attaques d'applications cloud au 1er trimestre 2019|https://www.globalsecuritymag.fr/Une-etude-Proofpoint-revele-une,20190314,85381.html]]|Reports Attacks|
|2019.03.15|Solutions Numériques[>img[iCSF/flag_fr.png]]| → [[Cyberattaques : Office 365 et Google G Suite de plus en plus visés|https://www.solutions-numeriques.com/cyberattaques-office-365-et-google-g-suite-de-plus-en-plus-vises/]]|Reports Attacks|
|2019.03.18|GBHackers| → [[Hackers Bypass Multi-factor Authentication to Hack Office 365 & G Suite Cloud Accounts Using IMAP Protocol|https://gbhackers.com/imap-most-abused-protocol/]]|Reports Attacks|
|2019.03.15|SecurityWeek| → [[Hackers Bypass MFA on Cloud Accounts via IMAP Protocol|https://www.securityweek.com/hackers-bypass-mfa-cloud-accounts-imap-protocol]]|Reports Attacks|
|2019.03.14|The Korea Herald|![[Samsung SDS to bolster cloud security with 'homomorphic encryption'|http://www.koreaherald.com/view.php?ud=20190314000697]]|Encrypt|
|2019.03.14|//Google Cloud//|[[Disable SMS or voice codes for 2-Step Verification for more secure accounts|https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html]]|Authenticate GCP|
|2019.03.15|SecurityWeek| → [[G Suite Admins Can Now Disable Phone 2-SV|https://www.securityweek.com/g-suite-admins-can-now-disable-phone-2-sv]]|Authenticate GCP|
|2019.03.14|//Microsoft//|[[Simplifying your environment setup while meeting compliance needs with built-in Azure Blueprints|https://azure.microsoft.com/en-us/blog/simplifying-your-environment-setup-while-meeting-compliance-needs-with-built-in-azure-blueprints/]]|Azure Compliance|
|2019.03.14|//Radware//|[[Security Pros and Perils of Serverless Architecture|https://blog.radware.com/security/2019/03/security-pros-and-perils-of-serverless-architecture/]]|Serverless|
|2019.03.14|//PaloAlto Networks//|[[How to Stay Secure in a Multi-Cloud Environment|https://researchcenter.paloaltonetworks.com/2019/03/stay-secure-multi-cloud-environment/]]|Multi_Cloud|
|2019.03.14|//Rapid7//|[[Forrester Tech Tide for Detection and Response: Is 2019 the Year of Convergence?|https://blog.rapid7.com/2019/03/14/forrester-tech-tide-for-detection-and-response-is-2019-the-year-of-convergence/]]|Detect Respond|
|2019.03.14|//Threatstack//|[[How to Achieve Full Stack, Multi-Cloud Security Observability|https://www.threatstack.com/blog/how-to-achieve-full-stack-multi-cloud-security-observability]]|Multi_Cloud|
|2019.03.14|//Netskope//|[[The Common Myths of AWS Security|https://www.netskope.com/blog/the-common-myths-of-aws-security]]|AWS|
|2019.03.14|//TwistLock//|[[Kubernetes AuditSink: Real-time K8s Audits and Forensics|https://www.twistlock.com/2019/03/14/kubernetes-auditsink-real-time-k8s-audits-forensics/]]|K8s |
|>|!|>||
|2019.03.13|Journal du Net[>img[iCSF/flag_fr.png]]|[[Pourquoi ne faut-il pas mettre tous ses œufs dans le même cloud ?|https://www.journaldunet.com/solutions/expert/70755/pourquoi-ne-faut-il-pas-mettre-tous-ses--ufs-dans-le-meme-cloud.shtml]]|Multi_Cloud|
|2019.03.13|//Nuageo//[>img[iCSF/flag_fr.png]]|[[Sur la route de la SOA|https://www.nuageo.fr/2019/03/route-soa/]]|Gouvernance|
|2019.03.13|Tao Security|![[Thoughts on Cloud Security|https://taosecurity.blogspot.com/2019/03/thoughts-on-cloud-security.html]]|Governance|
|2019.03.13|Dark Reading|[[Enterprise Cloud Infrastructure a Big Target for Cryptomining Attacks|https://www.darkreading.com/attacks-breaches/enterprise-cloud-infrastructure-a-big-target-for-cryptomining-attacks/d/d-id/1334146]]|Report|
|2019.03.14|//AlienVault//|[[Making it Rain - Cryptocurrency Mining Attacks in the Cloud|https://www.alienvault.com/blogs/labs-research/making-it-rain-cryptocurrency-mining-attacks-in-the-cloud/]]|Report|
|2019.03.13|CBR Online|[[Google Outage Resolved After Major Global Wobble|https://www.cbronline.com/news/google-outage]]|Outage|
|2019.03.13|IT Security News|[[e-Crime & Cybersecurity Congress: Cloud Security Fundamentals|https://www.itsecuritynews.info/e-crime-cybersecurity-congress-cloud-security-fundamentals/]]|Panel|
|2019.03.13|TEISS|[[How to protect sensitive cloud environments from persistent insider threats|https://www.teiss.co.uk/people/how-to-protect-sensitive-cloud-environments-from-persistent-insider-threats/]]|InsiderThreats|
|2019.03.13|Semperis|![[Hybrid Identity Protection comes in many shapes; Meet Azure AD Connect Health|https://www.semperis.com/blog/hybrid_identity_protection_comes_in_many_shapes/]]|AzureAD|
|2019.03.13|//Aporeto//|[[How Cloud Applications Challenge Security|https://www.aporeto.com/blog/cloud-applications-challenge-security/]]|Misc|
|2019.03.13|//Rhino Security Labs//|[[Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability|https://rhinosecuritylabs.com/azure/cloud-security-risks-part-1-azure-csv-injection-vulnerability/]] (1/2)|Risks AWS Injection|
|>|!|>||
|2019.03.12|TechWire Asia|[[How do you manage cybersecurity in a multi-cloud environment?|https://techwireasia.com/2019/03/how-do-you-manage-cybersecurity-in-a-multi-cloud-environment/]]|Multi_Cloud|
|2019.03.12|Dark Reading|[[The 12 Worst Serverless Security Risks|https://www.darkreading.com/cloud/the-12-worst-serverless-security-risks/a/d-id/1334079]]|CSA Serverless|
|2019.03.12|//Symantec//|[[Take No Ransomware Prisoners with Office 365|https://www.symantec.com/blogs/product-insights/take-no-ransomware-prisoners-office-365]]|Report O365|
|2019.03.12|//NeuVector//|[[Container Segmentation Strategies and Patterns|https://neuvector.com/network-security/container-segmentation/]]|Containers|
|2019.03.12|//Google Cloud//|[[Exploring container security: four takeaways from Container Security Summit 2019|https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-four-takeaways-from-container-community-summit-2019]]|Containers|
|2019.03.12|//Druva//|[[Next Gen DR In The Cloud - The Power of SaaS with Druva|https://www.druva.com/blog/next-gen-dr-in-the-cloud-the-power-of-saas-with-druva/]]|Recover|
|2019.03.12|//ParkMyCloud//|[[15 AWS Best Practices for 2019|https://www.parkmycloud.com/blog/aws-best-practices/]]|Best_Practices|
|2019.03.12|//JumpCloud//|![[Can you Migrate On-Prem Domain Controllers to the Cloud?|https://jumpcloud.com/blog/on-prem-domain-controller-to-the-cloud/]]|Active_Directory|
|>|!|>||
|2019.03.11|//Adversis//|[[Pandora's Box: Another New Way to Leak All Your Sensitive Data|https://www.adversis.io/research/pandorasbox]]|Data_Leaks|
|2019.03.11|Apple Insider| → [[Confidential Apple files exposed to public in misconfigured Box account|https://appleinsider.com/articles/19/03/11/confidential-apple-files-exposed-to-public-in-misconfigured-box-account]]|Data_Leaks|
|2019.03.11|Techcrunch| → [[Corporate data stored on Box exposed by employees sharing public links|https://techcrunch.com/2019/03/11/data-leak-box-accounts/]]|Data_Leaks|
|2019.03.12|GBHackers| → [[Box Data Leak - Terabytes of Data Exposed from Companies Using cloud based Box Accounts|https://gbhackers.com/box-data-leak/]]|Data_Leaks|
|2019.03.11|Netorks World|[[Software-defined perimeter brings trusted access to multi-cloud applications, network resources|https://www.networkworld.com/article/3359363/software-defined-perimeter-brings-trusted-access-to-multi-cloud-applications-network-resources.html]]|CSA SDP|
|2019.03.11|//Apptega//|[[SOC 2 Audit Explained For SaaS Companies|https://blog.apptega.com/soc2-audit-4-saas]]|Audit|
|2019.03.11|//Check Point//|![[Cuckoo SandBox on AWS|https://research.checkpoint.com/cuckoo-system-on-aws/]]|Analyze|
|2019.03.11|//Security Intelligence (IBM)//|[[Security Considerations for Whatever Cloud Service Model You Adopt|https://securityintelligence.com/security-considerations-for-whatever-cloud-service-model-you-adopt/]]|Governance|
!Participez au sondage '2019 Cloud Security Research'
[>img(300px,auto)[iCSF/2019CloudSecuritSurveyDeltaRisk.jpg]]Le groupe LinkedIn+++*[Information Security Community]> Lien → https://www.linkedin.com/groups/38412/ ===, la société+++*[Delta Risk]> Delta Risk est une société américaine fondée en 2007 qui fournit des services de sécurité dns le Cloud dont du //SOC-as-a-Service//.
Lien → https://deltarisk.com/ === et le site d'information+++*[Cybersecurity Insiders]> Lien → https://www.cybersecurity-insiders.com/ === se sont associés pour lancer une étude sur les tendances en matière de sécurité du Cloud.
Le questionnaire compte une soixantaine de questions. Les résultats complets seront transmis à ceux qui y répondent et communiquent un email pour les recevoir.
Pour vous y préparer et estimer la durée nécessaire pour répondre, les questions sont disponibles+++*[ici]> Les questions sont réparties en 9 catégories ://
* __Welcome__
:1. How concerned are you about the security of public clouds?
:2. Did your organization experience a public cloud related security incident in the last 12 months?
:3. If yes, what type of incident was it?
* __Cloud Security Risk__
:4. How confident are you in your organization's cloud security posture?
:5. What are your biggest cloud security concerns?
:6. Compared to traditional, on-prem IT environments, would you say the risk of security breaches in a public cloud environment is?
:7. Are public cloud apps / SaaS (such as Salesforce and Office 365) more or less secure than on-premises applications?
:8. What cloud IaaS provider(s) do you currently use or plan to use in the future?
:9. What are your biggest operational, day-to-day headaches trying to protect cloud workloads?
:10. What do you see as the biggest security threats in public clouds?
:11. Has your organization ever been hacked in the cloud?
* __Cloud Services__
:12. Which of the following cloud SaaS services are currently deployed in your organization?
:13. What services & workloads is your organization deploying in the cloud?
:14. What types of corporate information do you store in the cloud?
:15. How many active cloud IaaS provider accounts are currently in use in your organization?
:16. What security capabilities have you deployed in the cloud?
:17. How do you protect data in the cloud?
* __Cloud Security Technologies__
:18. How well do your traditional network security tools / appliances work in cloud environments?
:19. What are the main drivers for considering cloud-based security solutions?
:20. What are the main barriers to migrating to cloud-based security solutions?
:21. Which part of the cloud compliance process is the most challenging?
:22. If you secure your workloads (VMs and container instances) on-prem, how important is continuous compliance when they migrate to the cloud?
* __Cloud Adoption__
:23. What is your organization's state of adoption of cloud computing?
:24. What is your primary cloud deployment strategy?
:25. How has cloud computing delivered on the promised benefits for your organization?
:26. What overall benefits have you already realized from your cloud deployment?
:27. What are the biggest barriers holding back cloud adoption in your organization?
:28. Which of the following security controls would most increase your confidence in adopting public clouds?
:29. When moving to the cloud, how do you handle your changing security needs?
:30. What surprises did you uncover that may slow/stop cloud adoption?
* __Cloud Vendors__
:31. Which of the following platforms do you think provides sufficient native cloud security controls and services?
:32. How satisfied are you with your current cloud security vendor?
:33. How likely is your organization to deploy a new cloud security solution within the next 12 months?
:34. What are the main reasons why you would consider switching to a new cloud security vendor?
:35. What do you look for in your cloud security provider?
:36. What criteria do you consider most important when evaluating a cloud security solution?
:37. Which of the following cloud security solutions are you currently using or plan to use in the near future?
:38. What features do you find most useful in a cloud security solution?
:39. What billing model do you prefer?
* __Budget Trends__
:40. How is your cloud security budget changing in the next 12 months?
:41. If the budget for your security program will increase, indicate by what percentage?
:42. What percentage of your IT security budget is allocated to cloud security?
:43. What is the data leakage vector that you find most concerning for your organization?
:44. What does your organization do for securing cloud data on employees' personal devices?
:45. Which of the following cloud activities do you have visibility into?
:46. What anti-malware tool does your organization currently use to secure cloud data?
:47. What are your cloud security priorities for your company this year?
:48. Do you integrate your DevOps toolchain into your cloud deployments?
:49. Do you deploy containers?
:50. How do you source cloud security?
:51. How do you secure containers?
* __Training and Certifications__
:52. How would you rate your team's overall security readiness?
:53. What percentage of your employees would benefit from security training and/or certification for their job?
:54. How effective is your current security training program?
:55. How valued by your employer are the following certifications (regardless of whether or not you have these security certifications)?
:56. Which of the following topic areas would you find most valuable for ongoing training and education to be successful in your current role?
:57. What are the most important security skills required in your organization?
:58. What forms of security training does your organization provide?
:59. Does your organization provide incentives for security training and certification?
* __Demographics__
:60. What is your job title?
:61. What department do you work in?
:62. How many employees work at your company in total (worldwide)?
:63. What industry is your company in?
:64. What security certifications do you hold?
:65. Email Address (optionnel)
:66. First Name (optionnel)
:67. Last Name
:68. Job Title
:69. Organization
:70. Please add any other feedback you would like to share with us
:71. Would you like to be contacted regarding cloud security solutions?
// ===
__Liens :__
* Annonce du sondage ⇒ ''[[CloudSecurityAlliance.fr/go/j3ea/|https://cloudsecurityalliance.fr/go/j3ea/]]''
* Lien vers le sondage ⇒ ''[[CloudSecurityAlliance.fr/go/j3es/|https://cloudsecurityalliance.fr/go/j3es/]]''
!"//Sommet de la CSA (2) : la problématique des prestataires Cloud et des RSSI//"
Article de blog publié le 12 mars 2019 — Rédigé par Elisa Morrison, Marketing Intern, Cloud Security Alliance
<<<
Retour sur les autres présentations et les problématiques des prestataires Cloud et des RSSI ;
* "''Can you trust your eyes? Context as the basis for "Zero Trust" systems''" par Jason Garbis+++*[Présentation »]> Lien de téléchargement → https://cloudsecurityalliance.org/artifacts/can-you-trust-your-eyes ===
:[...]
* "''Securing Your IT Transformation to the Cloud''" par Jay Chaudhry, Bob Varnadoe, and Tom Filip+++*[Présentation »]> Lien de téléchargement → https://cloudsecurityalliance.org/artifacts/securing-your-it-transformation ===
:[...]
* Table ronde "''Ten Years in the Cloud''"
>La responsabilité de protéger les consommateurs et les entreprises s'est considérablement accrue. Entre-temps, le rôle du RSSI est en train de changer - ses responsabilités englobent désormais à la fois les utilisateurs et l'entreprise. Les RSSI sont confrontés à des défis car les outils existants ne se transposent pas toujours dans le Cloud. Il faut maintenant lier la valeur du programme de sécurité aux activités des entreprises, et la fonction de sécurité a changé, surtout en matière de soutien. À la lumière de ces changements, les intervenants de la table ronde ont mis en évidence les 5 thèmes suivants dans leur bilan des 10 dernières années de Cloud.
>• Identité en tant que nouveau périmètre. Comment pouvons-nous identifier les gens qui sont ce qu'ils prétendent être ?
>• Le DevOps est critique pour la sécurité, car il permet d'intégrer la sécurité dans l'application, mais c'est aussi un risque car l'implémentation est plus rapide et il y a plus de développeurs.
>• S'assurer que la sécurité est vraiment intégrée dans le code. Les itérations en temps réel nécessitent une sécurité codifiée.
>• Menaces et protection des données. Cette question figure sur la liste des choses à faire sur le plan législatif dans de nombreux états américains. C'est comparable à l'intérêt généré par la protection de la vie privée dans les services financiers et dans le secteur de la santé.
>• L'industrie de la sécurité dans son ensemble nous laisse tous tomber. Elle ne résout pas les problèmes en temps réel. A mesure que les logiciels deviennent plus complexes, ils génèrent toujours plus de complexité. Pour cette raison, il est nécessaire de penser orchestration.
* "''Finally! Cloud Security for Unmanaged Devices… for All Apps''" par Nico Popp+++*[Présentation »]> Lien de téléchargement → https://cloudsecurityalliance.org/artifacts/symantec ===
:[...]
* "''Lessons from the Cloud''" par David Cass+++*[Présentation »]> Lien de téléchargement → https://cloudsecurityalliance.org/artifacts/lessons-from-the-cloud ===
> Le Cloud est un moyen de parvenir à une fin et cette fin nécessite que les entreprises se transforment vraiment. Cela est d'autant plus vrai que les régulateurs s'attendent à un niveau élevé de contrôle dans un environnement Cloud. Ci-dessousles principaux points à retenir :
>• Le Cloud a un impact sur la stratégie et la gouvernance, depuis la stratégie, les contrôles, la surveillance, la mesure et la gestion de l'information jusqu'aux aspects de communication externe.
>• Le Cloud d'entreprise nécessite une approche programmatique avec les données au centre et les contrôles natifs sy cantonnent. Le Cloud est un périple, t non pas qu'un changement technologique.
>• L'élaboration d'une stratégie de sécurité dans le Cloud nécessite la prise en compte de la consommation de services, IaaS, PaaS, et SaaS. Il est également important de garder à l'esprit que le Cloud n'est pas qu'une démarche de l'informatique.
* "''Security Re-Defined''" par Jason Clark et Bob Schuetter+++*[Présentation »]> Lien de téléchargement → https://cloudsecurityalliance.org/artifacts/security-redefined/ ===
:[...]
* "''Blockchain Demo : OpenCPE''"+++*[Présentation »]> Lien de téléchargement → https://cloudsecurityalliance.org/artifacts/blockchain-demo ===
:[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/12/csa-summit-recap-part-2-csp-ciso/]] sur le blog de la CSA
!1 - Les nouveautés CSA à consulter sur notre site CloudSecurityAlliance.fr
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Synthèse des présentations données lors du ''CSA Summit'' en début de semaine (1/2)+++*[»]> <<tiddler [[2019.03.08 - Blog : CSA Summit Recap Part 1: Enterprise Perspective]]>>===
* Publication des présentations données lors du ''CSA Summit'' en début de semaine+++*[»]> <<tiddler [[2019.03.05 - Publication : Présentations faites au CSA Summit]]>>===
* Annonce et publication d'un "''Référentiel de Contrôle Sécurité pour l'IoT''" et de son guide associé+++*[»]> <<tiddler [[2019.03.05 - Guide et Référentiel de Contrôle Sécurité pour l'IoT]]>>===
[img(25%,1px)[iCSF/BluePixel.gif]]
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.03.10 - Veille Hebdomadaire - 10 mars]] consolide des articles, documents et rapports publiés en source ouverte depuis la dernière newsletter, avec notamment :
* Une compromission chez Citrix (APT), une porte dérobée qui utilise Slack et Github pour communiquer,
* La publication du 24^^ème^^ "Security Intelligence Report" de Microsoft et son volet Cloud
* Les suites de l'exploitation de la vulnérabilité "//runc//" / CVE-2019-5736
* Spécifications de MQTT version 5.0
!!3 - Agenda
* Conférence gratuite [[Forum Sécurité@Cloud]] 2019 dans le cadre du salon "Cloud Computing World Expo" les 20 et 21 mars 2019, avec notamment
l'animation de la matinée du jeudi 21 mars sur le thème "''Cyber-résilience ou comment faire face à l'accélération des menaces de sécurité dans le Cloud ?''"
* Inscription sur ''[[CloudSecurityAlliance.fr/go/j2bs/|https://cloudsecurityalliance.fr/go/j2bs/]]''+++*[»]> <<tiddler [[2019.02.23 - Forum Securité@Cloud 2019]]>>===
|!Mars|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.03.09|
|2019.03.09|BetaNews|[[2019 predictions #2 and #3 -- A Virtual Private Cloud (VPC) shakeout and legal trouble for AWS|https://betanews.com/2019/03/09/2019-predictions-2-and-3/]]|Predictions AWS|
|2019.03.09|//Detectify//|[[Serverless vs Cloud vs On-prem|https://blog.detectify.com/2019/03/09/serverless-vs-cloud-vs-on-prem/]]|Serverless On_Premises|
|>|>|>|!2019.03.08|
|2019.03.08| Les Echos[>img[iCSF/flag_fr.png]]|[[Opinion - Quelles questions se poser avant de signer un contrat SaaS ?|https://www.lesechos.fr/idees-debats/cercle/cercle-193651-opinion-quelles-questions-se-poser-avant-de-signer-un-contrat-saas-2250702.php]]|Contract|
|2019.03.08|Forbes|[[The Top Five Cybersecurity Strategies For Cloud|https://www.forbes.com/sites/forbestechcouncil/2019/03/08/the-top-five-cybersecurity-strategies-for-cloud/]]|Governance|
|2019.03.08|Citrix|![[Citrix investigating unauthorized access to internal network|https://www.citrix.com/blogs/2019/03/08/citrix-investigating-unauthorized-access-to-internal-network/]]|APT Attack|
|2019.03.08|//Resecurity//|! → [[Supply Chain - The Major Target of Cyberespionage Groups|https://resecurity.com/blog/supply-chain-the-major-target-of-cyberespionage-groups/]]|APT Attack|
|2019.03.08|//ThreatPost//| → [[Citrix Falls Prey to Password-Spraying Attack|https://threatpost.com/citrix-password-spraying/142649/]]|APT Attack|
|2019.03.10|Forbes| → [[Why The Citrix Breach Matters -- And What To Do Next|https://www.forbes.com/sites/kateoflahertyuk/2019/03/10/citrix-data-breach-heres-what-to-do-next/]]|APT Attack|
|2019.03.10|CGR Online| → [[Citrix Data Breach: Were "Iranians" or "International Cyber Criminals" to Blame?|https://www.cbronline.com/news/citrix-data-breach]]|APT Attack|
|2019.03.16|Forbes|! → [[Who Is Resecurity, The Mysterious Firm That Blamed Iran For The Citrix Hack?|https://www.forbes.com/sites/kateoflahertyuk/2019/03/15/who-is-resecurity-the-mysterious-firm-that-named-the-group-allegedly-behind-the-citrix-hack/]]|APT Attack|
|2019.03.08|BankInfoSecurity|[[Highlights of RSA Conference|https://www.bankinfosecurity.com/interviews/highlights-rsa-conference-2019-i-4266]]|CSA Conference|
|>|>|>|!2019.03.07|
|2019.03.07|Les Echos[>img[iCSF/flag_fr.png]]|[[Opinion - Le cloud dans le secteur des services financiers : les trois clés de la conformité|https://www.lesechos.fr/idees-debats/cercle/cercle-193643-opinion-le-cloud-dans-le-secteur-des-services-financiers-les-trois-cles-de-la-conformite-2250430.php]]|Compliance|
|2019.03.07|Le Comptoir Sécu[>img[iCSF/flag_fr.png]]|![[Retour d'expérience sur le déploiement de l'authentification multifacteur Microsoft en entreprise|https://www.comptoirsecu.fr/blog/2019-03-13-retour-experience-mfa/]]|Authenticate|
|2019.03.07|LeMagIT[>img[iCSF/flag_fr.png]]|[[Les outils de sécurité des containers étendent leur périmètre fonctionnel|https://www.lemagit.fr/actualites/252459025/Les-outils-de-securite-des-conteneurs-etendent-leur-perimetre-fonctionnel]]|Containers|
|2019.03.07|OASIS|![[MQTT Version 5.0|https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html]]|MQTT|
|2019.03.07|GBHackers|[[Tips and Practical Guidance for Getting Started AWS Lambda with Best Security Practices|https://gbhackers.com/aws-lambda/]]|Best_Practices AWS|
|2019.03.07|//Trendmicro//|![[New SLUB Backdoor Uses GitHub, Communicates via Slack|https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/]]|Attacks|
|2019.03.07|Bleeping Computer| → [[New SLUB Backdoor Uses Slack, GitHub as Communication Channels|https://www.bleepingcomputer.com/news/security/new-slub-backdoor-uses-slack-github-as-communication-channels/]]|Attacks|
|2019.03.08|SecurityWeek|[[Slack, GitHub Abused by New SLUB Backdoor in Targeted Attacks|https://www.securityweek.com/slack-github-abused-new-slub-backdoor-targeted-attacks]]|Attacks|
|2019.03.07|//Google Cloud//|[[Leading security companies use Google Cloud to deliver Security-as-a-Service|https://cloud.google.com/blog/products/identity-security/leading-security-companies-use-google-cloud-to-deliver-security-as-a-service]]|SaaS|
|2019.03.07|//Aqua Security//|[[Mitigating the Kubernetes API Server Patch Permission DoS Vulnerability (CVE-2019-1002100)|https://blog.aquasec.com/kubernetes-vulnerability-cve-2019-1002100]]|K8s Flaws|
|2019.03.07|//Fugue//|[[DevSecOps: What is it, and Where to Start|https://www.fugue.co/blog/devsecops-what-is-it-and-where-to-start]]|DevSecOps|
|2019.03.07|//Alcide//|[[DevOps KPIs: Continuous Integration /Delivery to Security Automation|https://blog.alcide.io/devops-kpis-blog-ci-cd-security-automation]]|DevSecOps|
|>|>|>|!2019.03.06|
|2019.03.06|Cloud Magazine[>img[iCSF/flag_fr.png]]|[[Les points clés pour sécuriser le Cloud hybride, efficacement, facilement et au bon coût|https://www.cloudmagazine.fr/avis-expert/les-points-cles-pour-securiser-le-cloud-hybride-efficacement-facilement-et-au-bon-cout]]|Hybrid_Cloud|
|2019.03.06|Summmit Route|[[GuardDuty Event Collection via CloudWatch Events|https://summitroute.com/blog/2019/03/06/guardduty_event_collection_via_cloudwatch_events/]]|Monitoring Alerting|
|2019.03.06|IT Security News|[[Unified SecOps Investigation for Hybrid Environments|https://www.itsecuritynews.info/unified-secops-investigation-for-hybrid-environments/]]|Hybrid_Cloud|
|2019.03.06|DZone|[[Secure Cloud Access: a Beginner's Guide to Cloud Security|https://dzone.com/articles/secure-cloud-access-a-beginners-guide-to-cloud-sec]]|Misc|
|2019.03.06|CIO|[[Multi-cloud security the next billion-dollar frontier|https://www.csoonline.com/article/3355238/multi-cloud-security-the-next-billion-dollar-frontier.html]]|Multi_Cloud|
|2019.03.06|Telecompaper|[[Cloud Security Alliance debuts IoT controls framework, accompanying guide|https://www.telecompaper.com/news/cloud-security-alliance-debuts-iot-controls-framework-accompanying-guide--1283523]]|CSA IoT|
|2019.03.06|//Google Cloud//|![[Admin Insider: top questions (and answers) on data security in G Suite|https://cloud.google.com/blog/products/g-suite/admin-insider-top-questions-and-answers-on-data-security-in-g-suite]]|Monitor|
|2019.03.06|//Google Cloud//|[[New file checksum feature lets you validate data transfers between HDFS and Cloud Storage|https://cloud.google.com/blog/products/storage-data-transfer/new-file-checksum-feature-lets-you-validate-data-transfers-between-hdfs-and-cloud-storage]]|Integrity|
|2019.03.06|//LogRythm//|[[Detecting and Preventing Auto Forwarding and Phishing Attacks in Office 365|https://logrhythm.com/blog/detecting-and-preventing-auto-forwarding-and-phishing-attacks-in-office-365/]]|Phishing|
|2019.03.06|//Capsule8//|[[An Exercise in Practical Container Escapology|https://capsule8.com/blog/practical-container-escape-exercise/]]|Container Compromise|
|>|>|>|!2019.03.05|
|2019.03.05|ZDnet|[[Hide yo' kids, hide yo' clouds: Zerodium offering big bucks for cloud zero-days|https://www.zdnet.com/google-amp/article/hide-yo-kids-hide-yo-clouds-zerodium-offering-big-bucks-for-cloud-zero-days/]]|Exploit Zerodium|
|2019.03.05|Journal du Net[>img[iCSF/flag_fr.png]]|[[Stratégie cloud first : opportunités et défis|https://www.journaldunet.com/solutions/expert/70693/strategie-cloud-first---opportunites-et-defis.shtml]]|Stratégie|
|2019.03.05|//Microsoft//|![[Microsoft Security Intelligence Report Volume 24|https://info.microsoft.com/ww-landing-M365-SIR-v24-Report-eBook.html]]|Report Attacks|
|2019.03.05|Digitaltrends| → [[Microsoft Security reports a massive increase in malicious phishing scams|https://www.digitaltrends.com/computing/microsoft-security-massive-increase-phishing-scams/]]|Reports Attacks|
|2019.03.06|Bleeping Computer| → [[Microsoft Sees 250% Phishing Increase, Malware Decline by 34%|https://www.bleepingcomputer.com/news/security/microsoft-sees-250-percent-phishing-increase-malware-decline-by-34-percent/]]|Report Attacks|
|2019.03.05|SecurityBoulevard|[[How Large Enterprises are Securing the Cloud [Q&A with Richard Stiennon]|https://securityboulevard.com/2019/03/how-large-enterprises-are-securing-the-cloud-qa-with-richard-stiennon-author-of-secure-cloud-transformation/]]|Misc|
|2019.03.05|//Security Intelligence (IBM)//|[[How to Accelerate Your Cloud IAM Adoption|https://securityintelligence.com/how-to-accelerate-your-cloud-iam-adoption/]]|IAM|
|2019.03.05|Infosecurity Mag|[[https://www.infosecurity-magazine.com/news/csasummit-ten-cloud-1-1-1-1/|#CSASummit: Ten Years of Cloud Brought Risk, Regulations and Reliability]]|CSA Conference|
|2019.03.05|BankInfoSecurity.com|[[Digital Transformation Needs Security Transformation, Too|https://www.bankinfosecurity.com/digital-transformation-needs-security-transformation-too-a-12110]]|CSA|
|2019.03.05|Xinhua|[[Int'l cybersecurity organization eyes closer cooperation with China|http://www.xinhuanet.com/english/2019-03/05/c_137871421.htm]]|CSA Cooperation|
|2019.03.05|Netflix|[[How Data Inspires Building a Scalable, Resilient and Secure Cloud Infrastructure At Netflix|https://medium.com/netflix-techblog/how-data-inspires-building-a-scalable-resilient-and-secure-cloud-infrastructure-at-netflix-c14ea9f2d00c]]|Infrastructure|
|2019.03.05|//Visible Risk//|[[Cloud SIEM: Why all the fuss?|http://visiblerisk.com/2019/03/05/why-all-the-fuss/]]|SIEM|
|2019.03.05|//Spanning//|![[Organizational Security & Compliance Practices in Office 365|https://spanning.com/downloads/Organizational_Security_and_Compliance_Practices_in_Office_365.pdf]] (pdf)|O365 Compliance|
|>|>|>|!2019.03.04|
|2019.03.04|Blaze Security|![[Analysing a massive Office 365 phishing campaign|https://bartblaze.blogspot.com/2019/03/analysing-massive-office-365-phishing.html]]|O365 Phishing|
|2019.03.04|Help Net Security|[[How cloud storage providers can preempt cyber attacks with business continuity|https://www.helpnetsecurity.com/2019/03/04/cloud-storage-providers-business-continuity/]]|BCP|
|2019.03.04|Help Net Security| → [[IT teams are struggling with network infrastructure challenges caused by the cloud|https://www.helpnetsecurity.com/2019/03/04/network-infrastructure-challenges-caused-by-the-cloud/]]|Report|
|2019.03.04|Container Journal|[[New Storage Challenges Emerge as Container Adoption Increases|https://containerjournal.com/2019/03/04/new-storage-challenges-emerge-as-container-adoption-increases-2/]]|Container|
|2019.03.04|CyberArk|![[The Route to Root: Container Escape Using Kernel Exploitation|https://www.cyberark.com/threat-research-blog/the-route-to-root-container-escape-using-kernel-exploitation/]]|Container Flaws|
|2019.03.04|APWG|[[Phishing Attack Trends Report - 4Q 2018 (pdf)|http://docs.apwg.org/reports/apwg_trends_report_q4_2018.pdf]]|Report|
|2019.03.05|Help Net Security| → [[Phishers shift efforts to attack SaaS and webmail services|https://www.helpnetsecurity.com/2019/03/05/apwg-phishing-q4-2018/]]|Report|
|2019.03.06|TEISS|[[Spam-based phishing campaigns declined in 2018 but attacks on SaaS users rose|https://www.teiss.co.uk/threats/phishing-saas-webmail-users/]]|Report|
|2019.03.04|The Daily Swig|[[New tool searches for misconfigured Google cloud storage|https://portswigger.net/daily-swig/new-tool-searches-for-misconfigured-google-cloud-storage]]|[[Tools|Outils-GitHub]] GCPBucketBrute|
|2019.03.04|//Trendmicro//|[[A Look Back at the 2018 Security Landscape|https://blog.trendmicro.com/a-look-back-at-the-2018-security-landscape/]]|Report|
|2019.03.04|//Trendmicro//| → [[Caught in the Net: Unraveling the Tangle of Old and New Threats|https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/unraveling-the-tangle-of-old-and-new-threats]]([[rapport (pdf)|https://documents.trendmicro.com/assets/rpt/rpt-unraveling-the-tangle-of-old-and-new-threats.pdf]]|Report|
|2019.03.04|//Trendmicro//|[[Protecting against the next wave of advanced threats targeting Office 365 - Trend Micro Cloud App Security 2018 detection results and customer examples|https://blog.trendmicro.com/protecting-against-the-next-wave-of-advanced-threats-targeting-office-365-trend-micro-cloud-app-security-2018-detection-results-and-customer-examples/]]|Report|
|2019.03.04|//Trendmicro//| → [[Trend Micro Cloud App Security Report 2018: Advanced Defenses for Advanced Email Threats|https://www.trendmicro.com/vinfo/hk-en/security/research-and-analysis/threat-reports/roundup/advanced-defenses-for-advanced-email-threats]]|Report|
|>|>|>|!2019.03.02|
|2019.03.02|NOZ|[[Bodycam-Bilder auf Amazon-Servern gespeichert|https://www.noz.de/deutschland-welt/politik/artikel/1668207/bodycam-bilder-auf-amazon-servern-gespeichert]]|Data_Leaks|
|2019.03.04|SecurityAffairs| → [[German police storing bodycam footage on Amazon servers|https://securityaffairs.co/wordpress/81935/digital-id/german-police-bodycam-amazon-servers.html]]|Data_Leaks|
|>|>|>|!Vulnérabilité Docker -- CVE-2019-5736|
|2019.02.27|Tonis Tiigi|[[Experimenting with Rootless Docker|Experimenting with Rootless Docker|https://medium.com/@tonistiigi/experimenting-with-rootless-docker-416c9ad8c0d6]]|Docker|
|2019.02.27|//Gremlin//|[[Introducing Gremlin Free|https://www.gremlin.com/blog/introducing-gremlin-free/]]|Chaos_Engineering|
|2019.02.11|MITRE CVE|//Opencontainers runc [[CVE-2019-5736|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736]] Local Command Execution Vulnerability//|CVE-2019-5736|
|2019.03.01|//TrendMicro//| → [[Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware|https://blog.trendmicro.com/trendlabs-security-intelligence/exposed-docker-control-api-and-community-image-abused-to-deliver-cryptocurrency-mining-malware/]]|CVE-2019-5736|
|2019.03.04|//Imperva//|! → [[Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners|https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/]]|CVE-2019-5736|
|2019.03.04|Bleeping Computer| → [[Vulnerable Docker Hosts Actively Abused in Cryptojacking Campaigns|https://www.bleepingcomputer.com/news/security/vulnerable-docker-hosts-actively-abused-in-cryptojacking-campaigns/]]|CVE-2019-5736|
|2019.03.04|//Threatpost//| → [[Container Escape Hack Targets Vulnerable Linux Kernel|https://threatpost.com/container-escape-hack-targets-vulnerable-linux-kernel/142407/]]|CVE-2019-5736|
|2019.03.05|ZDnet| → [[Exposed Docker hosts can be exploited for cryptojacking attacks|https://www.zdnet.com/article/exposed-docker-hosts-can-be-used-in-cryptocurrency-mining/]]|Attack CVE|
|2019.03.05|Security Affairs| → [[Hundreds of Docker Hosts compromised in cryptojacking campaigns|https://securityaffairs.co/wordpress/81981/hacking/docker-hosts-cryptojacking-campaigns.html]]|CVE-2019-5736|
|2019.03.05|//BSSI//[>img[iCSF/flag_fr.png]]| → [[Escape from a Docker container: Explanation of the last patched vulnerability on docker < 18.09.2 (CVE-2019-5736)|https://blog.bssi.fr/escape-from-a-docker-container-explanation-of-the-last-patched-vulnerability-on-docker-18-09-2-cve-2019-5736/]]|CVE-2019-5736|
!"//Sommet de la CSA (1) : la problématique des entreprises//"
Article de blog publié le 8 mars 2019 — Rédigé par Elisa Morrison, Marketing Intern, Cloud Security Alliance
<<<
Le 10^^ème^^ anniversaire de la CSA et la [[remise des prix de la Décennie de l'excellence|2019.03.05 - A Decade of Vision]] ont donné à ce Sommet de la CSA (CSA Summit) un sentiment d'accomplissement qui est de bon augure, mais qui incite également la communauté de la CSA à poursuivre sa quête de l'excellence.
Le thème commun était le " voyage vers le Cloud " et soulignait comment les organismes peuvent non seulement aller plus vite, mais aussi réduire les coûts durant ce périple. Le Sommet de cette année a également abordé l'avenir de la protection de la vie privée et des technologies de rupture, et a présenté les plus récentes initiatives de la CSA en ce qui concerne Blockchain, l'IoT. La première partie de ce résumé du Sommet de la CSA présente les sessions du Sommet axées sur la problématique des entreprises.
[...][>img(300px,auto)[iCSA_/3-sensitive.png]]
Les présentations données sont les suivantes :
* "''Securing Your IT Transformation to the Cloud''" par Jay Chaudhry, Bob Varnadoe, et Tom Filip
:[...]
* "''The Future of Privacy: Futile or Pretty Good?''" par Jon Callas
:[...]
* "''From GDPR to California Privacy''" par Kevin Kiley
:[...]
* "''Building an Award-Winning Cloud Security Program''" par Pete Chronis et Keith Anderson
:[...]
* "''Case Study: Behind the Scenes of MGM Resorts' Digital Transformation''" par Rajiv Gupta et Scott Howitt
:[...]
* "''Taking Control of IoT''" par Hillary Baron
:[...]
* Table ronde "''The Approaching Decade of Disruptive Technologies''"
:[...]
* "''CISO Guide to Surviving an Enterprise Cloud Journey''" par Andy Kirkland, Starbucks
> Il y a cinq ans, le Directeur de la Sécurité de l'Information de Starbucks, Andy Kirkland, recommandait de ne pas aller dans le Cloud par mesure de précaution. Depuis, Starbucks a migré vers le Cloud et a beaucoup appris en cours de route. Vous trouverez ci-dessous un aperçu des conseils de survie de Starbucks à l'intention des entités qui veulent survivre à une migration dans le Cloud :
>• Établir des définitions de la charge de travail pour comprendre les critères
>• Utiliser des contrôles normalisés à l'échelle de l'entreprise
>• Offrir une formation en sécurité aux technologues
>• Disposer d'un triage des incidents de sécurité adapté à votre fournisseur de Cloud Computing
>• Établir de la visibilité sur l'efficacité des contrôles de sécurité dans le Cloud.
>• Définir le processus d'amélioration de la sécurité pour permettre à la sécurité de prendre de l'ampleur
* Table ronde "''CISO Counterpoint''"
> Au cours de cette table ronde, des RSSI de premier plan ont discuté de leurs expériences en matière d'adoption du Cloud pour les applications d'entreprise. Jerry Archer, le CSO de Sallie Mae, a décrit leur parcours d'adoption du Cloud comme une avance pas à pas sur le chemin de la réussite "nibbling our way to success". Ils ont commencé par migrer dans le Cloud des petits éléments. En maintenant des échanges constants avec les régulateurs, il n'y a pas eu de surprises lors de la migration vers le Cloud. Maintenant, ils n'ont plus de biens matériels. D'autres éléments à retenir sont qu'en 2019, les containers ont évolué et que l'on voit maintenant : la sécurité des braises, les arbitrages des charges et RAIN (Refracting Artificial Intelligence Networks).
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/08/csa-summit-recap-part-1/]] sur le blog de la CSA
!"//CCSK Success Stories: From an Information Systems Security Manager//"
[>img(150px,auto)[iCSA_/CCSKtraining.png]]Article de blog publié le 7 mars 2019 —
<<<
__''Retour d'expérience sur le [[CCSK]] : le point de vue d'un RSSI''__
Troisième partie d'une série de blogs sur la formation à la sécurité dans le Cloud, avec l'interview Paul McAleer, un ancien militaire qui est actuellement directeur de la sécurité des systèmes d'information chez Novetta Solutions, une société d'analyse de données. Il a passé plusieurs certifications ([[CCSK]], CISSP, CISSP, CISM et CAP)
[...]
//Question : Quelle est la partie du [[CCSK]] la plus pertinente dans votre travail et pourquoi ?
C'est le sujet de la gestion de la conformité et du contrôle (Compliance and Audit Management), qui était dans le domaine 4 du Guide CSA v3. Je pense que ce domaine est plus lié à mon expérience professionnelle que tout autre domaine en raison de mes activités liées à la conformité du Cloud au moment où j'ai passé ma certification. C'est clairement de cette partie que j'en ai retiré le plus, avec des problématiques liées à la gestion des risques d'entreprise, à la conformité et aux contrôles, ainsi qu'à la gouvernance d'entreprise. Le domaine de la gestion de l'information et de la sécurité des données était également un domaine très pertinent pour mes activités.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/07/issm-ccsk-success-stories/]] sur le blog de la CSA
⇒ Lire la première partie+++*[ici]> <<tiddler [[2018.11.19 - CCSK Success Stories]]>>=== et la seconde+++*[la]> <<tiddler [[2019.01.24 - CCSK Success Stories: From the Financial Sector]]>>===
!"Présentations faites au CSA Summit en mars 2019"
Les présentations sont disponibles en téléchargement, soit de façon unitaire, soit sous la forme d'un paquet au format "zip" de 70 Mo.
Il s'agit de :
* "''Blockchain Demo''" par Kurt Seifried, Chief Blockchain Officer, Cloud Security Alliance
* "''Lessons from the Cloud''" par David Cass, Chief Information Security Officer Cloud and SaaS Operations & Global Partner Cloud Security Services, IBM
* "''Finally! Cloud Security for Unmanaged Devices…for All Apps''" par Nico Popp, Senior Vice President Information Protection, Symantec
* "''CSA STAR: The Leading Cloud Trust and Accountability Program''" par Daniele Cattaddu, Chief Technology Officer, CSA
* "''Taking Control of IoT''' par Hillary Baron, Research Analyst, CSA
* "''Case Study: Behind the Scenes of MGM Resorts' Digital Transformation''" par Rajiv Gupta, Senior Vice President, Cloud Security Business Unit, McAfee & Scott Howitt, Senior Vice President & Chief Information Security Officer, MGM Resorts International
* "''From GDPR to California Privacy: Managing Cloud Vendor Risk''" par Kevin Kiley, Vice President of Sales & Business Development, OneTrust
* "''Securing your IT Transformation to the Cloud''" par Jay Chaudhry, CEO and Founder of Zscaler & Bob Varnadoe, CISO at NCR & Tom Filip, Director of Global Security Architecture, Kellogg Company
* "''Can you trust your eyes? Context as the basis for "Zero Trust" systems''" par Jason Garbis, Vice President of Cybersecurity Products, Cyxtera
* "''Security Re-Defined: How Valvoline Went to the Cloud to Transform its Security Program and Accelerate Digital Transformation''" par Jason Clark, Chief Strategy Officer, Netskope & Bob Schuetter, Chief Information Security Officer, Valvoline
__Liens :__
* ⇒ lien de téléchargement ''[[CloudSecurityAlliance.fr/go/j35C|https://cloudsecurityalliance.fr/go/j35C]]''
!"Cloud Security Alliance Debuts Internet of Things (IoT) Controls Framework and Accompanying Guide"
[>img(250px,auto)[iCSA_/GCSAIoTSCF.jpg]]Annonce du 4 mars 2019 — Rédigé par Jim Reavis, Co-founder and CEO, Cloud Security Alliance
<<<
La Cloud Security Alliance (CSA) annonce la publication du "Référentiel de Contrôle IoT" ("//IoT Controls Framework//"), le premer de ce genre pour la CSA. Il présente les contrôles de sécurité de base nécessaires à l'atténuation de nombreux risques associés à un système IoT dans un environnement confronté à des menaces diverses.
Créé par le groupe de travail "IoT Working Group", ce nouveau référentiel est complété par un "Guide d'Usage du Référentiel de Contrôle de l'IoT" ("//Guide to the CSA Internet of Things (IoT) Controls Framework//") qui fournit les éléments de contexte pour évaluer et mettre en oeuvre un environnement IoT qui comporte divers types de composants connectés, de services Cloud, et de technologies de communication.
Avec la mise en œuvre de systèmes IoT de plus en plus complexes, définis par l'ENISA comme "un ou plusieurs écosystèmes cyberphysiques de capteurs passifs et actifs interconnectés, qui permettent une prise de décision intelligente" ("//cyber-physical ecosystem[s] of interconnected sensors and actuators, which enables intelligent decision making//"), il est nécessaire de fournir des directives claires pour identifier les contrôles de sécurité appropriés et les affecter à certains des composants. Ces derniers sont constitués notamment de capteurs passifs ou actifs simples, de dispositifs périmétriques ou embarqués, d'appareils ou applications mobiles, de dispositifs intermédiaires sur site, de passerelles Cloud et d'applications et de services Cloud.
[...]
<<<
__Liens :__
* ⇒ Lire [[la suite|https://www.cloudsecurityalliance.org/articles/csa-debuts-iot-controls-framework-and-guide/]] sur le [[site de la Cloud Security Alliance|https://blog.cloudsecurityalliance.org/]]
* ⇒ Les deux documents mentionnés : [[le Référentiel et le Guide|2019.03.05 - Guide et Référentiel de Contrôle Sécurité pour l'IoT]]
!"CSA IoT Security Controls Framework" and "CSA Guide to the IoT Security Controls Framework"
[>img(250px,auto)[iCSA_/IoTSCF+G.jpg]]__"''CSA IoT Security Controls Framework''"__
<<<
//The Internet of Things (IoT) Security Controls Framework introduces the base-level security controls required to mitigate many of the risks associated with an IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies. The IoT Security Controls Framework provides utility across many IoT domains from systems processing only "low-value" data with limited impact potential, to highly sensitive systems that support critical services. The Framework also helps users identify appropriate security controls and allocate them to specific components within their IoT system.//
<<<
__"''CSA Guide to the IoT Security Controls Framework''"__
<<<
//The Internet of Things (IoT) Security Controls Framework introduces the base-level security controls required to mitigate many of the risks associated with an IoT system that incorporates multiple types of connected devices, cloud services, and networking technologies. The IoT Security Controls Framework provides utility across many IoT domains from systems processing only "low-value" data with limited impact potential, to highly sensitive systems that support critical services. The Framework also helps users identify appropriate security controls and allocate them to specific components within their IoT system.//
<<<
__Liens :__
* ⇒ Lire [[la suite|https://www.cloudsecurityalliance.org/articles/csa-debuts-iot-controls-framework-and-guide/]] sur le [[site de la Cloud Security Alliance|https://blog.cloudsecurityalliance.org/]]
* ⇒ Téléchargement du référentiel : ''[[CloudSecurityAlliance.fr/go/j35f|https://cloudsecurityalliance.fr/go/j35f]]'' inscription nécessaire pour accéder au document (.xlsx)
* ⇒ Téléchargement du guide : ''[[CloudSecurityAlliance.fr/go/j35g|https://cloudsecurityalliance.fr/go/j35g]]'' inscription nécessaire pour accéder au document (pdf)
!"A Decade of Vision"
[>img(150px,auto)[iCSA_/10-years.png]]Article de blog publié le 4 mars 2019 — Rédigé par Jim Reavis, Co-founder and CEO, Cloud Security Alliance
<<<
Le développement d'une organisation prospère et durable dépend de nombreux facteurs : des services de qualité, une vision du marché, l'orientation, l'exécution, le bon timing, et peut-être une petite dose de chance. Pour la Cloud Security Alliance, qui célèbre aujourd'hui son 10^^ème^^ anniversaire, j'ajouterais un autre élément : des gens qui croyent en votre projet.
Bien que nous ayons eu quelques sceptiques, nous avons eu plus de soutiens qui nous ont aidés à réaliser notre vision et nous ont permis d'être l'une des plus importantes associations mondiales de sécurité de l'information. C'est l'occasion pour nous de rendre hommage à trois de ces soutiens, qui sont là depuis le tout début et qui sont toujours restés très liés à la CSA. Je fais référence à nos trois PDG fondateurs [...] Philippe Courtot, PDG de Qualys, [...] Jay Chaudhry, PDG de Zscaler, [...] Phil Dunkelberger, PDG de Nok Nok Labs, alors dirigeant de PGP Corporation.
[...]
<<<
__Liens :__
* ⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/05/decade-vision/]] sur le blog de la CSA
* ⇒ Lire [[le communiqué de presse associé|https://www.cloudsecurityalliance.org/articles/csa-announces-decade-of-vision-leadership-award-winners/]]
|!Mars|!Sources|!Titres et Liens|!Synthèses|
|2019.03.05|CSA|[[Cloud Security Alliance Debuts Internet of Things (IoT) - Controls Framework and Accompanying Guide|https://cloudsecurityalliance.org/articles/csa-debuts-iot-controls-framework-and-guide/]]|Framework introduces base-level security controls required to mitigate numerous risks associated with IoT systems|
|2019.03.04|CSA|[[Cloud Security Alliance Announces Decade of Vision Leadership Award Winners|https://cloudsecurityalliance.org/articles/csa-announces-decade-of-vision-leadership-award-winners/]]|CSA announced the recipients of its Decade of Vision Leadership award, given to the three founding CEOs, who provided the initial startup funding, plus consistent support, mentoring, and evangelism of the CSA mission on a global basis over the last 10 years. The awards were presented at the CSA Summit at RSA Conference|
|2019.03.04|CSA|[[Cloud Security Alliance and Internet Security Conference Sign Memorandum of Understanding|https://cloudsecurityalliance.org/articles/csa-and-internet-security-conference-sign-memorandum-of-understanding/]]|As part of the agreement - and at the invitation of the Internet Security Conference (ISC), one of the most insightful high-profile events on network security in Asia-Pacific and worldwide - the CSA will host a CSA Summit co-located with the ISC event in Beijing on Aug. 21-22, 2019. Founded in 2013, the ISC has been successfully held for six years, during which time it has been well recognized, supported and participated by governments, think tanks, business executives, academia, industry influences and technical elites|
|2019.03.04|CSA|[[Cloud Security Alliance Launches STAR Continuous, a Compliance Assessment Program for Cloud Service Providers|https://cloudsecurityalliance.org/articles/csa-launches-star-continuous-compliance-assessment-program-for-cloud-service-providers/]]|Chance to align security validation capabilities with cloud security compliance gives enterprises a competitive edge|
|2019.03.04|CSA|[[Cloud Security Alliance Debuts the Knowledge Center, a Comprehensive - E-Learning Platform|https://cloudsecurityalliance.org/articles/csa-debuts-knowledge-center-comprehensive-e-learning-platform/]]|Offers individuals, enterprises high-quality flexible training to complement and enhance knowledge, schedules and budgets|
|2019.03.01|CSA|[[CSA and Whistic Unveil Streamlined Consensus Assessments Initiative Questionnaire (CAIQ)|https://cloudsecurityalliance.org/articles/csa-and-whistic-unveil-streamlined-caiq-lite-assessment/]]|The beta version of CAIQ-Lite released today represents every security control domain from the original questionnaire in a shorter, 73 question format. Citing the increased focus on cloud vendor security and the need for organizations worldwide to perform a significantly higher volume of assessments on a growing population of cloud vendors, Whistic and CSA worked together to develop a Lite version that focused more on accessibility and ease of use for both cloud vendors and the enterprises performing the vendor security risk assessments|
!"Cloud Security Alliance and Internet Security Conference Sign Memorandum of Understanding"
<<<
//The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today entered into a Memorandum of Understanding with the Internet Security Conference. CSA Co-founder and CEO Jim Reavis and Mrs. Han Xiao, Secretary General of Internet Security Conference (ISC), penned the agreement during a ceremony that took place as part of the CSA Summit today.//
[...]
//As part of the agreement — and at the invitation of the Internet Security Conference (ISC), one of the most insightful high-profile events on network security in Asia-Pacific and worldwide — the CSA will host a CSA Summit co-located with the ISC event in Beijing on Aug. 21-22, 2019. Founded in 2013, the ISC has been successfully held for six years, during which time it has been well recognized, supported and participated by governments, think tanks, business executives, academia, industry influences and technical elites.//
[...]
<<<
__Liens :__
* ⇒ Lire [[le communiqué de presse associé|https://www.cloudsecurityalliance.org/articles/csa-and-internet-security-conference-sign-memorandum-of-understanding/]]
!1 - Les nouveautés CSA à consulter sur notre site CloudSecurityAlliance.fr
* [>img(200px,auto)[iCSF/cloud-security-alliance-fr.png]]Publication d'un tableau de correspondance entre les controles de sécurité internes et dans le Cloud : synthèse comparative avec les offres AWS, Azure, Google, Oracle, IBM et Alibaba+++*[»]> <<tiddler [[2019.03.01 - Blog : Correspondances controles de sécurité internes / dans le Cloud]]>>===
* Annonce et publication par le CSA et Whistic de "''CAIQ Lite''"+++*[»]> <<tiddler [[2019.03.01 - Blog : Présentation de 'CAIQ Lite']]>>===
* Publication par le CSA du document "''STAR Continuous Technical Guidance''"+++*[»]> <<tiddler [[2019.02.27 - Publication : STAR Continuous Technical Guidance]]>>===
* Appel à commentaires lancé sur le document "//''Cloud Penetration Testing Guidance''//". La date de clôture est fixée au 25 mars 2019+++*[»]> Le lien de téléchargement du document à commenter ⇒ ''[[CloudSecurityAlliance.fr/go/j32c|https://cloudsecurityalliance.fr/go/j32c]]''
//This document aims to be a guide for conducting penetration testing on cloud services. The document outlines important aspects such as the scoping of cloud penetration tests, test objectives and legal considerations. The document is a complementary guidance document that should be used in conjunction with existing infrastructure and web application testing frameworks.// ===
* Mise à jour de l'article sur la compromission de ''Visma'', prestataire Cloud norvégien+++*[»]> <<tiddler [[2019.02.16 - Blog : Compromission de Visma, prestataire Cloud en Norvège]]>>===
* Publication d'un document "''Cloud Application Security Architecture Overview''" de juillet 2017+++*[»]> Ce document est le fruit du travail d'un membre du groupe de travail [[SDP]], et compare les aspects IAM entre AWS, GGP et Azure
Extrait :
//This is an informative overview of Cloud AppSec Componentry by SDP WG volunteer Nya Murray. It includes a detailed comparison of IAM across AWS, GCP, and Azure.
The purpose is to provide an overview of the configuration of cloud application security components across cloud infrastructure, comprising software, hosting and network.
This report is intended to provide a comprehensive end-to-end view of cloud application security configuration comprising web applications for mobile devices and PCs to application services and microservices deployed to public clouds.
The report considers cloud applications in the context of public cloud SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) software, hosting and network security measures.
Microsoft Azure, Amazon AWS, and Google Cloud services are considered in this review, although the information pertains equally to IBM Bluemix, Salesforce and Oracle Cloud.
This overview is taken within the security context that enterprise technology infrastructure is increasingly targeted towards hybrid cloud deployments. (Hybrid cloud uses a mix of on-premises, private cloud and third-party, public cloud services with orchestration between the environments).//
Liens :
* Explication de contexte de ce document ⇒ ''[[CloudSecurityAlliance.fr/go/j33g|https://cloudsecurityalliance.fr/go/j33g]]''
* Téléchargement du document (accessible après en avoir demandé l'accès) ⇒ ''[[CloudSecurityAlliance.fr/go/j33d|https://cloudsecurityalliance.fr/go/j33d]]''
===
!!2 - Veille Web Cloud et Sécurité
La [[Veille Web|2019.03.03 - Veille Hebdomadaire - 3 mars]] consolide des articles, documents et rapports publiés en source ouverte depuis la dernière newsletter
* Ajout de nombreux liens collectés lors de la semaine écoulée
* Plusieurs liens complémentaires ajoutés pour les mois précédents
!!3 - Agenda
* "''CSA Summit''" le lundi 4 mars 2019 à San Francisco, dans le cadre de la "RSA Conference 2019"
* Conférence gratuite [[Forum Sécurité@Cloud]] 2019 dans le cadre du salon "Cloud Computing World Expo" les 20 et 21 mars 2019, avec notamment
l'animation de la matinée du jeudi 21 mars sur le thème "''Cyber-résilience ou comment faire face à l'accélération des menaces de sécurité dans le Cloud ?''"+++*[»]> <<tiddler [[2019.02.23 - Forum Securité@Cloud 2019]]>>===
|!Mars|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.03.01|
|2019.03.01|BetaNews|[[Red Hat teams up with Microsoft, Google Cloud and AWS to launch OperatorHub.io, a registry for finding Kubernetes Operators|https://betanews.com/2019/03/01/red-hat-microsoft-operatorhub-kubernetes-operators/]]|K8s|
|2019.03.01|VMblog|[[Errors to Avoid When Visualizing Your Cloud Infrastructure|http://vmblog.com/archive/2019/03/01/errors-to-avoid-when-visualizing-your-cloud-infrastructure.aspx]]|Inventory|
|2019.03.01|TechRepublic|[[Using your Office 365 Secure Score|https://www.techrepublic.com/article/using-your-office-365-secure-score/]]|o365|
|2019.03.01|TechHQ|[[Tread carefully on the cloud with ERP|https://techhq.com/2019/03/tread-carefully-on-the-cloud-with-erp/]]|CSA|
|2019.03.01|//OVH//|[[Federate your Private Cloud with your Active Directory|https://www.ovh.com/fr/blog/federate-your-private-cloud-with-your-active-directory/]]|Authentication|
|2019.03.01|//NeuVector//|[[How to Protect Sensitive Data in Containers with Container DLP|https://neuvector.com/container-security/protect-sensitive-data-with-container-dlp/]]|Containers DLP|
|>|!|>||
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.02.28|
|2019.02.28|Security Boulevard|[[Cloud Requires a New Approach to Security|https://securityboulevard.com/2019/02/cloud-requires-a-new-approach-to-security/]]|Misc|
|2019.02.28|//Microsoft Azure//|![[Announcing new cloud-based technology to empower cyber defenders|https://blogs.microsoft.com/blog/2019/02/28/announcing-new-cloud-based-technology-to-empower-cyber-defenders/]]|Azure Sentinel|
|2019.02.28|//Microsoft Azure//| → [[Introducing Microsoft Azure Sentinel, intelligent security analytics for your entire enterprise|https://azure.microsoft.com/en-us/blog/introducing-microsoft-azure-sentinel-intelligent-security-analytics-for-your-entire-enterprise/]]|Azure Sentinel|
|2019.02.28|Bleeping Computer| → [[Microsoft Announces Azure Sentinel and Threat Experts Cloud-Based Tech|https://www.bleepingcomputer.com/news/security/microsoft-announces-azure-sentinel-and-threat-experts-cloud-based-tech/]]|Azure Sentinel|
|2019.02.28|SecurityWeek| → [[Microsoft Unveils New Azure, Windows Defender ATP Tools|https://www.securityweek.com/microsoft-unveils-new-azure-windows-defender-atp-tools]]|Azure Sentinel|
|2019.02.28|ZDnet| → [[Microsoft's new cloud security tools aim to reduce alert fatigue|https://www.zdnet.com/article/microsofts-new-cloud-security-tools-aim-to-reduce-alert-fatigue/]]|Azure Sentinel|
|2019.02.28|Dark Reading| → [[Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service|https://www.darkreading.com/cloud/microsoft-debuts-azure-sentinel-siem-threat-experts-service/d/d-id/1334005]]|Azure Sentinel|
|2019.03.02|StockNews Press| → [[Microsoft unveils new cloud-based enterprise security tools|http://stocknewspress.com/2019/03/02/microsoft-unveils-new-cloud-based-enterprise-security-tools.html]]|Azure Sentinel|
|2019.02.28|Redmond Channel| → [[Microsoft Releases Previews for New Cloud Security Services|https://rcpmag.com/blogs/scott-bekker/2019/02/microsoft-new-cloud-security-services.aspx]]|Azure Sentinel|
|2019.02.28|//Microsoft//|![[Announcing Microsoft Threat Experts|https://www.microsoft.com/security/blog/2019/02/28/announcing-microsoft-threat-experts/]]|Hunt|
|2019.02.28|//DivvyCloud//|[[State of Enterprise Cloud and Container Adoption and Security|https://divvycloud.com/blog/resource/cloudreport2019/]]|Report|
|2019.02.28|//DivvyCloud//| → [[2019 State of Enterprise Cloud and Container Adoption and Security Report|https://divvycloud.com/blog/resource/cloudreport2019/]] ([[rapport (pdf)|https://divvycloud.com/wp-content/uploads/2019/02/DivvyCloud-2019-Cloud-Report.pdf]])|Report|
|2019.03.01|VMblog| → [[DivvyCloud Releases State of Enterprise Cloud and Container Adoption and Security Report|http://vmblog.com/archive/2019/03/01/divvycloud-releases-state-of-enterprise-cloud-and-container-adoption-and-security-report.aspx]]|Report|
|2019.02.26|//Firemon//|![[FireMon State of Hybrid Cloud Security Survey|https://www.firemon.com/resources/press-releases/firemon-state-of-hybrid-cloud-security-survey/]] ([[rapport|https://www.firemon.com/2019-state-of-hybrid-cloud-security]])|Report|
|2019.03.04|Security Boulevard| → [[Survey Finds Greater Appreciation of DevSecOps Value|https://securityboulevard.com/2019/03/survey-finds-greater-appreciation-of-devsecops-value/]]|Report|
|2019.02.26|BetaNews| → [[The cloud moves too fast for security say 60 percent of security pros|https://betanews.com/2019/02/26/cloud-too-fast-for-security/]]|Report|
|2019.02.28|Help Net Security| → [[Cloud business initiatives accelerating faster than security teams' ability to secure them|https://www.helpnetsecurity.com/2019/02/28/cloud-business-initiatives-security/]]|Report|
|2019.03.01|Dark Reading| → [[Security Pros Agree: Cloud Adoption Outpaces Security|https://www.darkreading.com/cloud/security-pros-agree-cloud-adoption-outpaces-security/d/d-id/1334013]]|Report|
|2019.02.28|//Veriflow//|[[Veriflow-Sponsored Survey Finds 97 Percent of Companies Have Problems with Deploying and Managing Public Clouds|https://www.veriflow.net/press/veriflow-sponsored-survey-finds-97-percent-of-companies-have-problems-with-deploying-and-managing-public-clouds/]] ([[rapport|https://www.veriflow.net/is-the-public-cloud-hiding-business-risk-in-plain-sight/]])|Report|
|2019.02.28|BetaNews| → [[97 percent of companies struggle to deploy and manage public clouds|https://betanews.com/2019/02/28/companies-public-cloud-struggle/]]|Report|
|2019.02.28|//Google Cloud//|[[Exploring container security: How DroneDeploy achieved ISO-27001 certification on GKE|https://cloud.google.com/blog/products/identity-security/exploring-container-security-how-dronedeploy-achieved-iso-27001-certification-on-gke]]|Container|
|2019.02.28|//WhiteSource//|[[Top 5 Docker Vulnerabilities You Should Know|https://resources.whitesourcesoftware.com/blog-whitesource/top-5-docker-vulnerabilities]]|Docker Vulns|
|>|>|>|!2019.02.27|
|2019.02.27|Security Discovery|[[Dow Jones Risk Screening Watchlist Exposed Publicly in a Major Data Breach|https://securitydiscovery.com/dow-jones-risk-screening-watchlist-exposed-publicly/]]|Data_Leaks|
|2019.02.27|TechCrunch| → [[Dow Jones' watchlist of 2.4 million high-risk individuals has leaked|https://techcrunch.com/2019/02/27/dow-jones-watchlist-leak/]]|AWS Data_Leaks|
|2019.02.28|MSSP Alert| → [[Amazon AWS Cloud Data Leak: Dow Jones Suffers Massive Exposure|https://www.msspalert.com/cybersecurity-breaches-and-attacks/dow-jones-amazon-aws-cloud-data-leak/]]|AWS Data_Leaks|
|2019.02.28|SecurityWeek| → [[Dow Jones Watchlist Found Exposed to Open Internet|https://www.securityweek.com/dow-jones-watchlist-found-exposed-open-internet]]|AWS Data_Leaks|
|2019.02.27|Bleeping Computer|[[Outlook and Microsoft Account Phishing Emails Utilize Azure Blob Storage|https://www.bleepingcomputer.com/news/security/outlook-and-microsoft-account-phishing-emails-utilize-azure-blob-storage/]]|Azure Attacks|
|2019.02.27|//Rightscale//|[[Cloud Computing Trends: 2019 State of the Cloud Survey|https://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2019-state-cloud-survey]] ([[rapport|https://info.flexerasoftware.com/SLO-WP-State-of-the-Cloud-2019]])|Report|
|2019.02.27|AWS Insider| → [[Cloud Report Sees Microsoft Azure 'Reduce the AWS Lead'|https://awsinsider.net/articles/2019/02/27/cloud-report.aspx]]|Report|
|2019.02.28|Solutions Review| → [[Cloud Users Are Wasting 35% of Their Cloud Spending|https://solutionsreview.com/cloud-platforms/cloud-users-are-wasting-35-of-their-cloud-spending/]]|Report|
|2019.03.01|VMblog| → [[RightScale 2019 State of the Cloud Report from Flexera Identifies Cloud Adoption Trends|http://vmblog.com/archive/2019/02/27/rightscale-2019-state-of-the-cloud-report-from-flexera-identifies-cloud-adoption-trends.aspx]]|Report|
|2019.02.27|//Optiv Security//|[[Enterprise Attitudes to Cybersecurity|https://www.optiv.com/explore-optiv-insights/downloads/enterprise-attitudes-cybersecurity]] ([[rapport (pdf)|https://www.optiv.com/sites/default/files/2019-02/Optiv%20-%20Final%20UK%20Research%20Report_022719.pdf]])|Report|
|2019.02.28|VMblog| → [[Companies Stuck in Continuously Reactive Cybersecurity Response Cycle, Optiv Security Report Finds|http://vmblog.com/archive/2019/02/28/companies-stuck-in-continuously-reactive-cybersecurity-response-cycle-optiv-security-report-finds.aspx]]|Report|
|2019.02.27|//Zscaler//|[[Find out what's hiding in encrypted traffic|https://info.zscaler.com/whitepaper-ssl-traffic-threats]]|Report|
|2019.02.27|//BusinessWire//| → [[Zscaler Releases Semi-Annual Cloud Security Insights Report|https://www.businesswire.com/news/home/20190227005219/en/]]|Report|
|2019.02.27|VMblog| → [[Zscaler Releases Semi-Annual Cloud Security Insights Report|http://vmblog.com/archive/2019/02/27/zscaler-releases-semi-annual-cloud-security-insights-report.aspx]]|Report|
|2019.02.27|//Cloudflare//|[[Out of the Clouds and into the weeds: Cloudflare's approach to abuse in new products|https://blog.cloudflare.com/out-of-the-clouds-and-into-the-weeds-cloudflares-approach-to-abuse-in-new-products/]]|Misc|
|2019.02.27|//Google Cloud//|[[OpenVPN: Enabling access to the corporate network with Cloud Identity credentials|https://cloud.google.com/blog/topics/partners/openvpn-enabling-access-to-the-corporate-network-with-cloud-identity-credentials]]|Identity VPN|
|2019.03.03|GBHackers| → [[OpenVPN - Google Cloud Allowing Remote users to Connect to Your Corporate Network & Apps over VPN|https://gbhackers.com/openvpn-google-cloud/]]|Identity VPN|
|2019.02.27|SDxCentral|[[Meta Networks Expands NaaS Software-Defined Perimeter SDxCentral|https://www.sdxcentral.com/articles/news/meta-networks-expands-naas-software-defined-perimeter/2019/02/]]|CSA|
|2019.02.27|StateTech Mag|[[The Cloud Certifications State and Local Government Employees Need|https://statetechmagazine.com/article/2019/02/cloud-certifications-state-and-local-government-employees-need-perfcon]]|CSA Certification|
|2019.02.27|//Puresec//|[[AWS Security Best Practices for API Gateway|https://www.puresec.io/blog/aws-security-best-practices-for-api-gateway]]|AWS Best_Practices|
|>|>|>|!2019.02.26|
|2019.02.26|//Eclypsium//|![[The Missing Security Primer for Bare Metal Cloud Services|https://eclypsium.com/2019/01/26/the-missing-security-primer-for-bare-metal-cloud-services/]] ([[rapport|https://eclypsium.com/wp-content/uploads/2019/02/The-Missing-Security-Primer-for-Bare-Metal-Cloud-Services.pdf]])|Report CloudBorne|
|2019.02.25|PSIRT IBM| → [[Vulnerability involving IBM Cloud Baseboard Management Controller (BMC) Firmware|https://www.ibm.com/blogs/psirt/vulnerability-involving-ibm-cloud-baseboard-management-controller-bmc-firmware/]]|CloudBorne|
|2019.02.26|SecurityWeek| → [[Hackers Can Plant Backdoors on Bare Metal Cloud Servers: Researchers|https://www.securityweek.com/hackers-can-plant-backdoors-bare-metal-cloud-servers-researchers]]|CloudBorne|
|2019.02.26|Bleeping Computer| → [[Hackers Backdoor Cloud Servers to Attack Future Customers|https://www.bleepingcomputer.com/news/security/hackers-backdoor-cloud-servers-to-attack-future-customers/]]|CloudBorne|
|2019.02.26|Dark Reading| → [['Cloudborne': Bare-Metal Cloud Servers Vulnerable to Attack|https://www.darkreading.com/cloud/cloudborne-bare-metal-cloud-servers-vulnerable-to-attack/d/d-id/1333969]]|CloudBorne|
|2019.03.04|//Threatpost//| → [['Cloudborne' IaaS Attack Allows Persistent Backdoors in the Cloud|https://threatpost.com/cloudborne-iaas-attack-cloud/142223/]]|CloudBorne|
|2019.02.26|Solutions Review|[[7 Cloud Storage Security Risks You Need to Know About|https://solutionsreview.com/cloud-platforms/7-cloud-storage-security-risks-you-need-to-know-about/]]|Risks|
|2019.02.26|//Talos / Cisco //|[[Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters|https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html]]|Attacks|
|2019.02.27|SecurityWeek| → [[Elasticsearch Clusters Under Attack From Multiple Hacking Groups|https://www.securityweek.com/elasticsearch-clusters-under-attack-multiple-hacking-groups]]|Attacks|
|2019.02.26|//BusinessWire//|[[NETSCOUT Highlights Dawn of the TerrorBit Era|https://www.businesswire.com/news/home/20190226005707/en/NETSCOUT-Highlights-Dawn-TerrorBit-Era]]|Report Attacks|
|2019.02.26|//Netscout//| → [[NETSCOUT Threat Intelligence Report - Dawn of the Terrorbit Era|https://www.netscout.com/threatreport/]]|Report Attacks|
|2019.02.26|//Netscout//| → [[NETSCOUT Threat Intelligence Report - Dawn of the Terrorbit Era (pdf)|https://www.netscout.com/sites/default/files/2019-02/SECR_001_EN-1901%20-%20NETSCOUT%20Threat%20Intelligence%20Report%202H%202018.pdf]]|Report Attacks|
|2019.03.21|Solutions Review| → [[Security Is the Top Reason Enterprises Don't Migrate to the Cloud|https://solutionsreview.com/cloud-platforms/security-is-the-top-reason-enterprises-dont-migrate-to-the-cloud/]]|Report Attacks|
|2019.02.26|//Alibaba Cloud//|[[Alibaba Cloud Security: 2018 Cryptocurrency Mining Hijacker Report|https://www.alibabacloud.com/blog/alibaba-cloud-security-2018-cryptocurrency-mining-hijacker-report_594500]] ([[pdf|https://video-intl.alicdn.com/video/2018%20Cryptocurrency%20Hijacker%20Report_New.pdf]])|Report CryptoMining|
|2019.02.26|//Radware//|[[Mitigating Cloud Attacks With Configuration Hardening|https://blog.radware.com/security/cloudsecurity/2019/02/mitigating-cloud-attacks-with-configuration-hardening/]]|Harden|
|2019.02.28|Cloud Magazine[>img[iCSF/flag_fr.png]]| → [[Les fournisseurs de services Cloud sont assaillis de cyberattaques|https://www.cloudmagazine.fr/actualites/les-fournisseurs-de-services-cloud-sont-assaillis-de-cyberattaques-7811]]|Attacks|
|2019.02.28|Global Security Mag[>img[iCSF/flag_fr.png]]| → [[Les fournisseurs de services Cloud sont assaillis de cyberattaques|https://www.globalsecuritymag.fr/NETSCOUT-Worldwide-Infrastructure,20190226,84819.html]]|Attacks|
|2019.02.26|TechIncidents|[[Tesla Cloud System Was Hacked To Mine Cryptocurrency|https://techincidents.com/tesla-cloud-system-was-hacked/]]|Attacks CryptoMining|
|2019.02.26|Enterprise Digitalization|[[How To Have A Secure Cloud|https://www.enterprisedigi.com/cloud/articles/secure-cloud-transformation]]|Transformation|
|2019.02.26|//JumpCloud//|[[Overview of Azure® Active Directory|https://jumpcloud.com/blog/azure-active-directory-overview/]]|Azure|
|>|>|>|!2019.02.25|
|2019.02.25|//Cloudflare//|[[Logpush: the Easy Way to Get Your Logs to Your Cloud Storage|https://blog.cloudflare.com/cloudflare-logpush-the-easy-way-to-get-your-logs-to-your-cloud-storage/]]|Misc|
|2019.02.25|SANS|[[How to Optimize Security Operations in the Cloud Through the Lens of the NIST Framework|https://www.sans.org/reading-room/whitepapers/analyst/optimize-security-operations-cloud-lens-nist-framework-38820]]|Analysis Misc.|
!"Introducing CAIQ-Lite"
[>img(200px,auto)[iCSA_/CAIQ-LITE-whitepaper.png]]Article de blog publié le 1er mars 2019 — par Dave Christiansen, Marketing Director, Whistic
<<<
La [[Cloud Security Alliance]] et ''Whistic'' ont le plaisir de publier la version bêta de ''CAIQ-Lite'', un nouveau référentiel pour l'évaluation des prestataires de Cloud.
[<img(200px,auto)[iCSA_/CAIQLite.jpg]]Le ''CSA'' et la société ''Whistic'' ont identifié le besoin d'un questionnaire d'évaluation plus léger que le [[CAIQ]] afin de s'adapter à l'évolution des modèles d'approvisionnement Cloud et de permettre aux professionnels de la cybersécurité de communiquer plus facilement avec les prestataires Cloud.
''CAIQ-Lite'' a ainsi été développé pour répondre aux exigences d'un environnement de cybersécurité de plus en plus dynamique, où l'appropriation de la méthode devient primordiale dans la démarche de sélection d'un prestataire.
Le but initial était d'élaborer un questionnaire efficace contenant 100 questions au maximum : mission réussie puisque ''CAIQ-Lite'' n'en contient que 73 questions, au lieu des 295 questions du [[CAIQ]], tout en maintenant la représentation des 16 domaines de contrôle originaux présents dans la Matrice [[CCM]] 3.0.1.
Il a pour base les contributions et commentaires des membres de la ''CSA'', des clients de la société ''Whistic'', ainsi que d'un panel de centaines de professionnels de la sécurité de l'information. La travaux de recherche sur lesquels se base l'algorithme propriétaire de notation de la société ''Whistic'' ont été utilisés dans le cadre du processus final de sélection des questions pour ''CAIQ-Lite''.
Nous attendons avec impatience les commentaires de la communauté sur ''CAIQ-Lite'', que les membres de la CSA peuvent consulter gratuitement sur le site de la société ''Whistic'', ainsi que sur celui de la ''CSA''. La version actuelle sera améliorée au cours des 12 prochains mois, en tenant compte des commentaires de la communauté. De plus, tous les membres du programme CSA STAR qui ont déjà un ''CAIQ'' bénéficieront automatiquement d'un ''CAIQ-Lite'' généré pour eux sur la plateforme Whistic.
Pour en savoir plus : cliquez sur les liens ci-dessous pour accéder au livre blanc complet, contenant plus de détails sur la création et le déploiement de ce nouveau questionnaire sur les services Cloud.
<<<
⇒ Lire l'[[article original|https://cloudsecurityalliance.fr/go/j31b]] sur le blog de la ''CSA''
⇒ Lire le [[communiqué de presse|https://cloudsecurityalliance.fr/go/j31p]] sur le site de la ''CSA''
⇒ Accéder au [[document complet|https://cloudsecurityalliance.fr/go/j31w]] sur le site de la société Whistic
!"CSA and Whistic Unveil Streamlined Consensus Assessments Initiative Questionnaire ([[CAIQ]])"
[>img(200px,auto)[iCSA_/CAIQ-LITE-whitepaper.png]]Article de blog publié le 1er mars 2019 — par Dave Christiansen, Marketing Director, Whistic
<<<
The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and Whistic, the Complete Vendor Security Assessment Platform, today announced the beta release of a Lite version of CSA's Consensus Assessments Initiative Questionnaire ([[CAIQ]]). The new, streamlined version of CAIQ, named CAIQ-Lite, was developed by Whistic in conjunction with CSA and combines data from an independent research panel of hundreds of Information Security professionals, Whistic customer feedback, and CSA member feedback. The project will allow companies throughout the world to more easily use CSA's industry-leading thought leadership in their cloud vendor security assessments. CSA and Whistic are soliciting community feedback on the project throughout the coming year.
The beta version of CAIQ-Lite released today represents every security control domain from the original questionnaire in a shorter, 73 question format. Citing the increased focus on cloud vendor security and the need for organizations worldwide to perform a significantly higher volume of assessments on a growing population of cloud vendors, Whistic and CSA worked together to develop a Lite version that focused more on accessibility and ease of use for both cloud vendors and the enterprises performing the vendor security risk assessments.
As a part of this beta release, Whistic will make a self-assessment version of CAIQ-Lite available in its vendor security software platform free of charge to all CSA corporate members. Whistic CEO Nick Sorensen said, "In addition to the offer for CSA members, we are excited to accompany this announcement with an offer to assist any cloud vendor in converting their existing CAIQ to the new CAIQ-Lite format by leveraging the technology inside our vendor security platform. We encourage both cloud vendors and enterprises to take advantage of this opportunity and to begin using CAIQ-Lite today." He further said, "The shared vision among Whistic and CSA on this initiative has always been making the industry-leading research behind CAIQ more accessible to more companies throughout the world. We feel like this streamlined version, along with the ability to leverage the questionnaire in the Whistic Vendor Security Platform, is a giant leap forward in achieving that goal."
<<<
⇒ Lire [[le communiqué de presse|https://www.prnewswire.com/news-releases/cloud-security-alliance-and-whistic-unveil-streamlined-consensus-assessments-initiative-questionnaire-caiq-300805126.html]]
⇒ Lire l'+++*[article du blog] <<tiddler [[2019.03.01 - Blog : Présentation de 'CAIQ Lite']]>>
!"Mapping of On-Premises Security Controls vs. Major Cloud Providers"
Un graphique de synthèse a été publié par+++*[Adrian Grigorof]> profil LinkedIN → https://www.linkedin.com/in/adrian-grigorof/ === et+++*[Marius Mocanu]> profil LinkedIN → https://www.linkedin.com/in/mmocanu/ ===.
<<<
La migration d'applications hébergées en interne vers le Cloud est invariablement suivie de la transposition des fonctions de contrôles de sécurité vers leurs équivalents Cloud.
Cependant, la légitime séparation entre ces contrôles tend à s'estomper dans le Cloud, avec des chevauchements de fonctionnalités,qui sont parfois proposées à différents niveaux.
Le tableau ci-dessous présente une vue de haut niveau des contrôles de sécurité dans le cloud qui pourraient être utilisés pour reproduire chacune des fonctionnalités que l'on trouve en interne.
<<<
[>img(700px,auto)[iCSF/MOPSC_MCP.png]]Le tableau permet de comparer les 6 offres suivantes :
* AWS, Azure, Google, Oracle, IBM et Alibaba.
Les 27 fonctions intégrées dans le tableau sont les suivantes :
# Firewall & ACLs
# IPS/IDS
# Web Application Firewall (WAF)
# SIEM & Log Analytics"
# Antimalware
# Data Loss Prevention (DLP)
# Key Management
# Encryption At Rest
# DDoS Protection
# Email Protection
# SSL Decryption Reverse Proxy
# Endpoint Protection
# Certificate Management
# Container Security
# Identity and Access Management
# Privileged Access Management (PAM)
# Multi-Factor Authentication
# Centralized Logging - Auditing
# Load Balancer
# LAN
# WAN
# VPN
# Governance Risk and Compliance Monitoring
# Backup and Recovery
# Vulnerability Assessment
# Patch Management
# Change Management
Des versions plus lisibles et ''plus récentes'' (la dernière date du 9 juillet 2019) sont disponibles :
* au format 'HTML' ⇒ ''[[CloudSecurityAlliance.fr/go/j31m|https://cloudsecurityalliance.fr/go/j31m]]'' (avec liens cliquables)
* au format 'PDF' ⇒ ''[[CloudSecurityAlliance.fr/go/j31f|https://cloudsecurityalliance.fr/go/j31f]]''
* au format 'SVG' ⇒ ''[[CloudSecurityAlliance.fr/go/j31v|https://cloudsecurityalliance.fr/go/j31v]]''
!"//Healthcare Breaches and the Rise of Hacking and IT Incidents//"
[>img(100px,auto)[iCSA_/HBATROHAITI.png]]^^Bien que publié le 27 mars 2019 sur le blog de la CSA, cet article l'a déjà été il y a __un mois__, le 25 février 2019 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/27/healthcare-breaches-hacking/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/healthcare-breach-2019-hacking]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//12 Ways Cloud Upended IT Security (And What You Can Do About It)//"
[>img(100px,auto)[iCSA_/12WCUITSAWYCDAI.png]]^^Bien que publié le 25 mars 2019 sur le blog de la CSA, cet article l'a déjà été il y a __une semaine__, le 18 mars 2019 sur le site de Fugue.
Extrait:
<<<
//We take a look at the ways cloud has disrupted security, with insights into how security teams can take advantage of these changes and succeed in their critical mission to keep data secure.
1. The cloud relieves security of some big responsibilities
2. In the cloud, developers make their own infrastructure decisions
3. And developers change those decisions constantly
4. The cloud is programmable and can be automated
5. There's more kinds of infrastructure in the cloud to secure
6. There's also more infrastructure in the cloud to secure
7. Cloud security is all about configuration — and misconfiguration
8. Cloud security is also all about identity
9. The nature of threats to cloud are different
10. Datacenter security doesn't work in the cloud
11. Security can be easier and more effective in the cloud
12. Compliance can also be easier and more effective in the cloud
Where to start with cloud security:
1. Learn what your developers are doing
2. Apply a compliance framework to an existing environment
3. Identify critical resources and establish good configuration baselines
4. Help developers be more secure in their work//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/25/cloud-upended-it-security/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.fugue.co/blog/12-ways-cloud-upended-it-security-and-what-you-can-do-about-it]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Cornerstone Capabilities of Cloud Access Security Brokers//"
[>img(100px,auto)[iCSA_/TGPOCASB.png]]^^Bien que publié le 14 mars 2019 sur le blog de la CSA, cet article l'a déjà été il y a __2 mois__, le 2 janvier 2019 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/14/cornerstone-capabilities-of-cloud-access-security-brokers/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/cornerstone-capabilities-casb]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Education: A Cloud Security Investigation (CSI)//"
[>img(100px,auto)[iCSA_/Education.jpg]]^^Bien que publié le 5 mars 2019 sur le blog de la CSA, cet article l'a déjà été il y a __plus d'un mois__, le 21 janvier 2019 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/03/05/education-cloud-security-investigation/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/education-cloud-security-investigation-csi]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
|!Février|!Sources|!Titres et Liens|!Types|
|2019.02.11|MITRE CVE|//Opencontainers runc [[CVE-2019-5736|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736]] Local Command Execution Vulnerability//|Flaw|
|>|>|>|!Flaws|
|2019.02.20|//Twistlock//|[[RunC / CVE-2019-5736 - Exec with waiting process POC|https://asciinema.org/a/228632]]|RunC|
|2019.02.20|//Twistlock//|[[RunC / CVE-2019-5736 - Malicious image|https://asciinema.org/a/228625]]|RunC|
|2019.02.20|//Twistlock//|[[RunC / CVE-2019-5736 - Shebang|https://asciinema.org/a/228389]]|RunC|
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Février 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Février 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201902>>
<<tiddler fAll2LiTabs13end with: Blog","201902>><<tiddler .ReplaceTiddlerTitle with: [[Blog - Février 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Février 2019]]>><<tiddler fAll2LiTabs13end with: Publ","201902>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201902>>
<<tiddler fAll2Tabs10 with: VeilleM","_201902>>
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.02.23|
|2019.02.23|Medium|[[An Introduction to Kubernetes Network Policies for Security People|https://medium.com/@reuvenharrison/an-introduction-to-kubernetes-network-policies-for-security-people-ba92dd4c809d]]|K8s Network_Policy|
|>|>|>|!2019.02.22|
|2019.02.22|Silicon.fr[>img[iCSF/flag_fr.png]]|[[5 points clés pour sécuriser le Cloud hybride|https://www.silicon.fr/avis-expert/5-points-cles-pour-securiser-le-cloud-hybride]]|Hybrid_Cloud|
|2019.02.22|//Ikoula//[>img[iCSF/flag_fr.png]]|[[PC personnel vs Cloud : pourquoi un data center protège mieux vos données des malwares|https://www.numerama.com/tech/443336-pc-personnel-vs-cloud-pourquoi-un-data-center-protege-mieux-vos-donnees-des-malwares.html]]|Misc|
|2019.02.22|//Microsoft//|[[Isolation guidelines for Impact Level 5 Workloads|https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-impact-level-5?branch=pr-en-us-70219]]|Azure GovCloud|
|2019.02.22|The Register|[[Trust the public cloud Big Three to make non-volatile storage volatile|https://www.theregister.co.uk/2019/02/22/azure_nvme_flash_drives_hyperv_virtual_machines/]]|Trust|
|2019.02.22|//Rancher Labs//|![[101 More Security Best Practices for Kubernetes|https://rancher.com/blog/2019/2019-01-17-101-more-kubernetes-security-best-practices/]]|K8s Best_Practices|
|2019.02.19|Maarten Goet|[[Threat Hunting in the cloud with Azure Notebooks: supercharge your hunting skills using Jupyter and KQL|https://medium.com/@maarten.goet/threat-hunting-in-the-cloud-with-azure-notebooks-supercharge-your-hunting-skills-using-jupyter-8d69218e7ca0]]|Azure ThreatHunting|
|2019.02.19|//EdgeScan//|Edgescan Vulnerability Stats Report 2019 ([[.pdf|https://www.edgescan.com/wp-content/uploads/2019/02/edgescan-Vulnerability-Stats-Report-2019.pdf]])|Report Vulns|
|2019.02.19|InfoSec Mag| → [[Web Application Security Poses Greatest Risk|https://www.infosecurity-magazine.com/news/web-application-security/]]|Report Vulns|
|>|>|>|!2019.02.21|
|2019.02.21|NIST|![[SP 1800-4, Mobile Device Security: Cloud and Hybrid Builds|https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/cloud-hybrid]]|NIST|
|2019.02.22|MeriTalk| → [[NIST Release Guidance for Enterprise Mobile Security|https://www.meritalk.com/articles/nist-release-guidance-for-enterprise-mobile-security/]]|NIST|
|2019.02.24|American Security Today| → [[NIST Guide to 'Mobile Device Security: Cloud and Hybrid Builds' Now Live|https://americansecuritytoday.com/nist-guide-to-mobile-device-security-cloud-and-hybrid-builds-now-live/]]|NIST|
|2019.02.21|Help Net Security|[[How are businesses facing the cybersecurity challenges of increasing cloud adoption?|https://www.helpnetsecurity.com/2019/02/21/enterprise-cloud-adoption-security/]]|Misc|
|2019.02.21|Dark Reading|[[Human Negligence to Blame for the Majority of Insider Threats|https://www.darkreading.com/threat-intelligence/human-negligence-to-blame-for-the-majority-of-insider-threats-/d/d-id/1333937]]|Misc|
|2019.02.21|//Twistlock//|[[Breaking out of Docker via runC - Explaining CVE-2019-5736|https://www.twistlock.com/labs-blog/breaking-docker-via-runc-explaining-cve-2019-5736/]]|CVE-2019-5736|
|2019.02.21|//Druva//|[[Future Proofing with Cloud Backup|https://www.druva.com/blog/future-proofing-with-cloud-backup/]]|Misc|
|2019.02.21|//Google Cloud//|[[Re-thinking federated identity with the Continuous Access Evaluation Protocol|https://cloud.google.com/blog/products/identity-security/re-thinking-federated-identity-with-the-continuous-access-evaluation-protocol]]|Misc|
|2019.02.21|ITworld|[[Moving ERP to the cloud? Expect delays|https://www.itworld.com/article/3342616/enterprise-resource-planning/moving-erp-to-the-cloud-expect-delays.html]]|CSA ERP|
|>|>|>|!2019.02.20|
|2019.02.20|Alex DeBrie|![[AWS API Performance Comparison: Serverless vs. Containers vs. API Gateway integration|https://www.alexdebrie.com/posts/aws-api-performance-comparison/]] |AWS APIs|
|2019.02.20|Container Journal|[[New Storage Challenges Emerge as Container Adoption Increases|https://containerjournal.com/2019/02/20/new-storage-challenges-emerge-as-container-adoption-increases/]]|Misc|
|2019.02.20|Help Net Security|[[Baffle releases a data protection solution for serverless cloud workloads|https://www.helpnetsecurity.com/2019/02/20/baffle-data-protection-solution/]]|Misc|
|2019.02.20|Tech republic|[[Best practices for handling gaps in cloud security|https://www.techrepublic.com/article/best-practices-for-handling-gaps-in-cloud-security/]]|Misc|
|2019.02.20|Maarten Goet|[[Threat Hunting in the cloud with Azure Notebooks: supercharge your hunting skills using Jupyter and KQL|https://medium.com/@maarten.goet/threat-hunting-in-the-cloud-with-azure-notebooks-supercharge-your-hunting-skills-using-jupyter-8d69218e7ca0]]|Misc|
|2019.02.20|//Radware//|[[Excessive Permissions are Your #1 Cloud Threat|https://blog.radware.com/applicationdelivery/cloudcomputing/2019/02/excessive-permissions-are-your-1-cloud-threat/]]|Authenticate Protect|
|2019.02.20|FCW|[[DHS looks to overhaul data centers, move to cloud|https://fcw.com/articles/2019/02/20/dhs-cloud-rfi-johnson.aspx]]|Misc|
|2019.02.20|//Oracle// & //KPMG//|![[Business-Critical Cloud Adoption Growing yet Security Gaps Persist, Report Says|https://www.oracle.com/corporate/pressrelease/threat-report-2019-022019.html]]|Misc|
|2019.02.20|//Oracle// & //KPMG//| → [[Business-Critical Cloud Adoption Growing yet Security Gaps Persist, Report Says|https://www.oracle.com/cloud/cloud-threat-report-2019-form.html]]|Misc|
|2019.02.20|Dark Reading| → [[As Businesses Move Critical Data to Cloud, Security Risks Abound|https://www.darkreading.com/cloud/as-businesses-move-critical-data-to-cloud-security-risks-abound/d/d-id/1333924]]|Misc|
|2019.02.20|Tech republic| → [[How to help CISOs understand their role in cloud security|https://www.techrepublic.com/article/how-to-help-cisos-understand-their-role-in-cloud-security/]]|Misc|
|2019.02.20|Solutions Review| → [[Oracle and KMPG Report Cloud Security Confusion for Enterprises|https://solutionsreview.com/cloud-platforms/oracle-and-kmpg-report-cloud-security-confusion-for-enterprises/]]|Misc|
|2019.02.20|SecurityWeek| → [[Firms Moving Sensitive Data to Cloud, But Security Still a Problem: Oracle|https://www.securityweek.com/firms-moving-sensitive-data-cloud-security-still-problem-oracle]]|Misc|
|2019.02.22|LinkedIn| → [[90% of CISOs Struggling with SaaS Security Playbooks, New Report Finds|https://www.linkedin.com/pulse/90-cisos-struggling-saas-security-playbooks-new-report-greg-jensen/]]|Misc|
|2019.02.20|//Check Point//|![[Report: Cloud, Mobile and IoT as Weakest Links|https://blog.checkpoint.com/2019/02/20/report-cloud-mobile-and-iot-as-weakest-links/]]|Report|
|2019.02.21|Cloud Magazine[>img[iCSF/flag_fr.png]]| → [[Les déploiements dans le Cloud et sur mobiles sont les maillons les plus faibles des réseaux d'entreprise|https://www.cloudmagazine.fr/actualites/les-deploiements-dans-le-cloud-et-sur-mobiles-sont-les-maillons-les-plus-faibles-des-reseaux-7799]]|Report|
|2019.02.21|Informatique News[>img[iCSF/flag_fr.png]]| → [[Cloud, mobile, IoT, cryptomonnaie… vecteurs de menaces|https://www.informatiquenews.fr/cloud-mobile-iot-cryptomonnaie-vecteurs-de-menaces-60443]]|Report|
|2019.02.21|CBR Online| → [[1 in 3 IT Professionals Unaware of the Cloud Shared Responsibility Model|https://www.cbronline.com/news/shared-responsibility-model-cloud]]|Report|
|2019.02.20|//Radware//|[[Excessive Permissions are Your #1 Cloud Threat|https://blog.radware.com/applicationdelivery/cloudcomputing/2019/02/excessive-permissions-are-your-1-cloud-threat/]]|Misc|
|2019.02.20|//Tripwire//|[[AWS System Manager And The Dangers of Default Permissions|https://www.tripwire.com/state-of-security/security-data-protection/cloud/aws-system-manager-default-permissions/]]|Misc|
|2019.02.20|//Google Cloud//|[[Cloud Services Platform -- bringing hybrid cloud to you|https://cloud.google.com/blog/products/gcp/cloud-services-platform-bringing-hybrid-cloud-to-you]]|Misc|
|2019.02.20|//Dtex//|![[2019 Insider Threat Intelligence Report|https://dtexsystems.com/2019-insider-threat-intelligence-report/]]|Report|
|2019.02.20|BetaNews| → [[Employees and contractors expose information online in 98 percent of organizations|https://betanews.com/2019/02/20/employees-contractors-expose-information/]]|Report|
|2019.02.22|Help Net Security| → [[Exposure of sensitive data via cloud applications and services increases 20%|https://www.helpnetsecurity.com/2019/02/22/sensitive-data-in-cloud-applications-and-services/]]|Report|
|>|>|>|!2019.02.19|
|2019.02.19|Les Echos[>img[iCSF/flag_fr.png]]|[[Opinion - Les plateformes de cloud public ne sont pas étanches !|https://www.lesechos.fr/idees-debats/cercle/cercle-193032-opinion-les-plateformes-de-cloud-public-ne-sont-pas-etanches-2246092.php]]|Misc|
|2019.02.19|Security Intelligence|[[Lessons from the Encryption Front Line: Core Components in the Cloud|https://securityintelligence.com/lessons-from-the-encryption-front-line-core-components-in-the-cloud/]]|Misc|
|2019.02.19|eWeek|[[Pulse Secure Adds Software Defined Perimeter to Secure Access Platform|https://www.eweek.com/security/pulse-secure-adds-software-defined-perimeter-to-secure-access-platform]]|Misc|
|2019.02.19|Container Journal|[[Securing Container Images in the DevOps World|https://containerjournal.com/2019/02/19/securing-container-images-in-the-devops-world/]]|Misc|
|2019.02.19|BR Online|[[Microsoft Teams Down: Enterprise Software Goes "Oops! Something Went Wrong"|https://www.cbronline.com/news/microsoft-teams-down]]|Misc|
|2019.02.19|FreeCodeCamp|[[Bounty report: how we discovered Uber's developer applications were leaking client secret and server tokens|https://medium.freecodecamp.org/leakage-of-client-secret-server-tokens-of-all-uber-developer-applications-657d9d7fd30e]]|Vulns|
|2019.02.19|//Outpost24//|[[Top 7 things to get right in hybrid Cloud security|https://outpost24.com/blog/top-7-things-to-get-right-in-hybrid-Cloud-security]]|Misc|
|2019.02.19|//PaloAlto Networks//|[[Destination Cloud: Start Secure, Stay Secure With the Latest VM-Series Enhancements|https://researchcenter.paloaltonetworks.com/2019/02/destination-cloud-start-secure-stay-secure-latest-vm-series-enhancements/]]|Misc|
|2019.02.19|//Avanan//|![[The NoRelationship Attack Bypasses Office 365 Email Attachment Security|https://www.avanan.com/resources/the-norelationship-attack-bypasses-office-365]]|Misc|
|2019.02.19|//TreatStack//|[[How to Identify Threats Within Your Docker Containers|https://www.threatstack.com/blog/how-to-identify-threats-within-your-docker-containers]]|Misc|
|2019.02.19|//Zscaler//|[[IT administrators must stop hugging appliances and embrace cloud security|https://www.zscaler.com/blogs/corporate/it-administrators-must-stop-hugging-appliances-and-embrace-cloud-security]]|Misc|
|2019.02.19|//Azure//|[[Six tips for securing identity in the cloud|https://blogs.msdn.microsoft.com/azuregov/2019/02/19/six-tips-for-securing-identity-in-the-cloud/]]|Misc|
|2019.02.19|eWeek|[[Pulse Secure Adds Software Defined Perimeter to Secure Access Platform|https://www.eweek.com/security/pulse-secure-adds-software-defined-perimeter-to-secure-access-platform]]|CSA|
|>|>|>|!2019.02.18|
|2019.02.18|Adam Chester|![[Azure AD Connect for Red Teamers|https://blog.xpnsec.com/azuread-connect-for-redteam/]]|AzureAD Pentesting|
|2019.02.18|SBwire|[[Cyber Security Market to Flourish and Reach USD 180.77 Billion in 2021|http://www.sbwire.com/press-releases/cyber-security-market/release-1150259.htm]]|Misc|
|2019.02.18|BetaNews|[[How enterprises can cut the risk of cloud vendor lock in [Q&A]|https://betanews.com/2019/02/18/enterprise-cloud-vendor-lock-in-qa/]]|Misc|
|2019.02.18|//BH Consulting//|![[AWS Cloud: Proactive Security and Forensic Readiness - part 5|http://bhconsulting.ie/aws-incident-response/]]|Misc|
|2019.02.18|//Gartner//|[[G00334604: Toolkit: Outsourcing Contract - Cloud Services - Security Articles|https://www.gartner.com/doc/3814863]]|Gartner Contract|
|2019.02.18|//Poka//|[[AWS S3 Batch Operations: Beginner's Guide|https://medium.com/poka-techblog/aws-s3-batch-operations-beginners-guide-9573017f18db]]|AWS|
!STAR Continuous Technical Guidance - Obtaining Certification
[>img(150px,auto)[iCSA_/star-technical-guidance-thumb.png]]
<<<
ABOUT CSA STAR CONTINUOUS
STAR Continuous is a continuous compliance assessment program for cloud services and an integral component of the CSA STAR Program. The program gives CSPs the opportunity to align their security validation capabilities with cloud security compliance and certification on an ongoing basis. STAR Continuous specifies the necessary activities and conditions for the continuous auditing of the cloud service over a defined set of security requirements, covering aspects from governance to infra- structure, and requiring the cloud service to define necessary processes that will be executed during the validation of controls within the scope of assessment. The program promotes trust by ensuring that a cloud service's necessary activities and conditions are continuously met by through continuous auditing, such as through the operationalization of security and privacy requirements.
[...]
<<<
__Liens :__
* ⇒ https://cloudsecurityalliance.org/artifacts/star-continuous-technical-guidance/
!Forum Securité@Cloud : Keynote et animation de la matinée "Cyber-Résilience et Menaces Cloud"
__Paris le 23 février 2019 :__[>img(auto,180px)[iCSF/20190321-KeyNote.png]]
Dans le cadre du partenariat avec le Salon ''Cloud Computing World Expo'', le [[Chapitre Français]] de la [[Cloud Security Alliance]] animera la matinée du ''Forum Securité@Cloud'' le ''jeudi 21 mars 2019 au matin''.
Le thème retenu pour cette matinée est "''Cyber-résilience ou comment faire face à l'accélération des menaces de sécurité dans le Cloud ?''". Elle comprendra 3 temps forts :
# ''9h30'' : "Keynote d'ouverture" sur le thème "''Face aux attaques, la cyber-résilience par le Cloud ?''"
# ''10h00'' : Animation de la table ronde "''Cloud hybride : enjeux, exigence de sécurité et résilience''"
# ''11h15'' : Animation de la table ronde "''Attaques contre les données dans le Cloud : comment s'en prémunir ?''"
Lieu : Paris, Porte de Versailles, Hall 5.2
Informations complémentaires dans la partie [[Actualités|Actu.2019.02]] de ce site au fur et à mesure, ainsi que sur Twitter : [[@CloudsaFR|https://twitter.com/CloudsaFR]] et [[@ForumSecuCloud|https://twitter.com/forumsecucloud]]
[img(25%,1px)[iCSF/BluePixel.gif]]
Vous pouvez dès à présent vous enregistrer : ''[[CloudSecurityAlliance.fr/go/j2bs/|https://cloudsecurityalliance.fr/go/j2bs/]]'' (redirection sur le portail sur le portail "eveos.com").
[img(25%,1px)[iCSF/BluePixel.gif]]
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.02.15|
|2019.02.15|Matt Wade|[[Announcing Version 2.0 of the Periodic Table of Office 365|https://medium.com/jumpto365/announcing-version-2-0-of-the-periodic-table-of-office-365-cbf2d9b2e2ff]]|O365|
|2019.02.15|Matt Wade| → [[Periodic Table of Office 365|https://app.jumpto365.com]]|O365|
|2019.02.15|APNIC|![[Reins to the cloud|https://blog.apnic.net/2019/02/15/reins-to-the-cloud/]]|Misc|
|2019.02.15|Container Journal|[[5 Key Considerations for Managed Kubernetes|https://containerjournal.com/2019/02/15/5-key-considerations-for-managed-kubernetes/]]|Misc|
|2019.02.15|MIT Tech News|[[Cybersecurity Expert Stiennon's Latest Book: Secure Cloud Transformation|https://mitechnews.com/cyber-defense/cybersecurity-expert-stiennons-latest-book-secure-cloud-transformation/]]|Misc|
|2019.02.15|//Divvy//|[[Creating a Cloud Security Strategy with Culture and Technology|https://divvycloud.com/blog/cloud-security-culture-technology/]]|Misc|
|2019.02.15|//BusinessWire//|[[Global Security as a Service (SaaS) Market Outlook to 2023 - ResearchAndMarkets.com|https://www.businesswire.com/news/home/20190215005358/en/Global-Security-Service-SaaS-Market-Outlook-2023]]|Misc|
|>|>|>|!2019.02.14|
|2019.02.14|Christophe Parisel|[[Confidential computing|https://www.linkedin.com/pulse/confidential-computing-christophe-parisel]]|Confidential_Computing|
|2019.02.14|NCSC UK|[[Securing Office 365 with better configuration|https://www.ncsc.gov.uk/blog-post/securing-office-365-better-configuration]]|O365 Best_Practices|
|2019.02.14|TechnoFAQ|![[Cloud Computing Business - Automated Cyber Attacks Are The Next Big Threat|https://technofaq.org/posts/2019/02/cloud-computing-business-automated-cyber-attacks-are-the-next-big-threat/]]|Misc|
|2019.02.14|Help Net Security|[[Most companies anticipate a critical breach in 2019, CISOs need to prioritize threats|https://www.helpnetsecurity.com/2019/02/14/anticipate-a-critical-breach/]]|Misc|
|2019.02.14|GigaOM|[[Isn't It Time to Rethink Your Cloud Strategy?|https://gigaom.com/2019/02/14/isnt-it-time-to-rethink-your-cloud-strategy/]]|Misc|
|2019.02.14|Solutions Review|[[Cloud Washing: How to Spot It and How to Avoid It|https://solutionsreview.com/cloud-platforms/cloud-washing-how-to-spot-it-and-how-to-avoid-it/]]|Misc|
|2019.02.14|CIS|![[CIS Controls Companion Guide for the Cloud Now Available|https://www.cisecurity.org/press-release/cis-controls-companion-guide-for-cloud-now-available/]]|Misc|
|2019.02.14|CIS| → [[CIS Controls™ Cloud Companion Guide|https://www.cisecurity.org/white-papers/cis-controls-cloud-companion-guide/]] [[version 7 (pdf)|https://cdn2.hubspot.net/hubfs/2101505/CIS%20Controls%20Cloud%20Companion%20Guide.pdf]]|Misc|
|2019.02.14|//Armor//|[[Head in the Clouds: Security-as-a-Service|https://www.armor.com/blog/head-clouds-security-service/]]|Misc|
|2019.02.14|//CloudPassage//|[[Best Practices for Securing Azure Compute|https://blog.cloudpassage.com/2019/02/14/securing-azure-compute/]]|Misc|
|2019.02.14|//WhiteSource//|[[3 Crucial Tips for Smarter Container Security Scanning|https://resources.whitesourcesoftware.com/blog-whitesource/container-security-scanning]]|Containers|
|2019.02.14|//Managed Methods//|[[What Is CASB Cloud Access Security Broker?|https://managedmethods.com/blog/what-is-casb-cloud-access-security-broker/]]|CASB|
|>|>|>|!2019.02.13|
|2019.02.13|Cloud Magazine[>img[iCSF/flag_fr.png]]|[[Transformation digitale : ne verrouillez pas votre entreprise sur un Cloud|https://www.cloudmagazine.fr/avis-expert/transformation-digitale-ne-verrouillez-pas-votre-entreprise-sur-un-cloud]]|Misc|
|2019.02.13|Cloud Magazine[>img[iCSF/flag_fr.png]]|[[Transformation digitale : ne verrouillez pas votre entreprise sur un Cloud|https://www.cloudmagazine.fr/avis-expert/transformation-digitale-ne-verrouillez-pas-votre-entreprise-sur-un-cloud]]|Misc|
|2019.02.13|Infosec Institute|[[5 Key Cloud Security Use Cases|https://resources.infosecinstitute.com/5-key-cloud-security-use-cases/]]|Misc|
|2019.02.13|Tech Republic|[[How to create a home office VPN server with Microsoft Azure|https://www.techrepublic.com/article/how-to-create-a-home-office-vpn-server-with-microsoft-azure/]]|Misc|
|2019.02.13|//Fugue//|[[Automated Remediation Scripts vs. Self-Healing Infrastructure: Two Approaches to Cloud Security|https://www.fugue.co/blog/automated-remediation-scripts-vs.-self-healing-infrastructure-two-approaches-to-cloud-security]]|Misc|
|2019.02.13|//TrendMicro//|[[The Cloud in 2019: Current Uses and Emerging Risks|https://blog.trendmicro.com/the-cloud-in-2019-current-uses-and-emerging-risks/]]|Misc|
|>|>|>|!2019.02.12|
|2019.02.12|Cloud Magazine[>img[iCSF/flag_fr.png]]|[[CyberArk publie son nouveau rapport CISO View sur le DevOps|https://www.cloudmagazine.fr/actualites/cyberark-publie-son-nouveau-rapport-ciso-view-sur-le-devops-7781]]|Misc|
|2019.02.12|MeriTalk|[[Why Cyber Security and Cloud Computing Personnel Should Be BFFs|https://www.meritalk.com/why-cyber-security-and-cloud-computing-personnel-should-be-bffs/]]|Misc|
|2019.02.12|Security Boulevard|[[DevOps Chat: DisruptOps: SecurityOps, Disrupted - RSAC Edition|https://securityboulevard.com/2019/02/devops-chat-disruptops-securityops-disrupted-rsac-edition/]]|Misc|
|2019.02.12|TMC News|[[Disaster Recovery as a Service (DRaaS) Market Overview, Growth, Opportunities and Development 2023|https://www.tmcnet.com/usubmit/2019/02/12/8898815.htm]]|Misc|
|2019.02.12|//WhiteSource//|[[Kubernetes Security Best Practices: From Hosting to Deployment|https://resources.whitesourcesoftware.com/blog-whitesource/kubernetes-security-best-practices]]|K8s Best_Practices|
|2019.02.12|//ParkMyCloud//|[[The Cloud Waste Killer Manifesto: A Vow To Bring Down Cloud Computing Cost|https://www.parkmycloud.com/blog/cloud-computing-cost/]]|Misc|
|>|>|>|!2019.02.11|
|2019.02.11|MITRE CVE|!Opencontainers runc [[CVE-2019-5736|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736]] Local Command Execution Vulnerability|CVE-2019-5736|
|2019.02.11|Infosecurity Mag| → [[AWS Issues Alert for Multiple Container Systems|https://www.infosecurity-magazine.com/news/aws-issues-alert-for-multiple/]]|CVE-2019-5736|
|2019.02.11|//Rancher Labs//| → [[Runc CVE-2019-5736|https://rancher.com/blog/2019/runc-cve-2019-5736/]]|CVE-2019-5736|
|2019.02.12|//Threatlist//|[[Major Container Security Flaw Threatens Cascading Attacks|https://threatpost.com/container-security-flaw-runc/141737/]]|CVE-2019-5736|
|2019.02.12|//TrendMicro//| → [[Attacking Containers and runC|https://blog.trendmicro.com/attacking-containers-and-runc/]]|CVE-2019-5736|
|2019.02.12|Security Boulevard| → [[Container Escape Vulnerability Puts Cloud Infrastructure at Risk|https://securityboulevard.com/2019/02/container-escape-vulnerability-puts-cloud-infrastructure-at-risk/]]|CVE-2019-5736|
|2019.02.12|SecurityWeek| → [[Container Escape Flaw Hits AWS, Google Cloud, Linux Distros|https://www.securityweek.com/container-escape-flaw-hits-aws-google-cloud-linux-distros]]|CVE-2019-5736|
|2019.02.12|//NeuVector//| → [[Major Docker Security Hole Discovered|https://neuvector.com/docker-security/runc-docker-vulnerability/]]|Containers|
|2019.02.19|SecurityWeek| → [[Exploit Code Published for Recent Container Escape Vulnerability|https://www.securityweek.com/exploit-code-published-recent-container-escape-vulnerability]]|CVE-2019-5736|
|2019.02.28|PSIRT IBM| → [[IBM Cloud Private is affected by an issue with runc used by Docker|https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-is-affected-by-an-issue-with-runc-used-by-docker/]]|CVE-2019-5736|
|2019.02.11|Journal du Net[>img[iCSF/flag_fr.png]]|[[Institutions financières : Protection dans le cloud et déchiffrement HTTPS|https://www.journaldunet.com/solutions/expert/70549/institutions-financieres---protection-dans-le-cloud-et-dechiffrement-https.shtml]]|Misc|
|2019.02.11|CloudTech|[[How to tackle the multi-cloud security challenge|https://www.cloudcomputing-news.net/news/2019/feb/11/how-tackle-multi-cloud-security-challenge/]]|Misc|
|2019.02.11|CIS|[[CIS Controls™ Cloud Companion Guide and Public Call for IoT Companion Guide|https://www.cisecurity.org/blog/cis-controls-cloud-companion-guide-public-call-iot-companion-guide/]]|Misc|
|2019.02.11|Government technology|[[Akron, Ohio, Eyes Move to Cloud-Based System Post-Attack|http://www.govtech.com/computing/Akron-Ohio-Eyes-Move-to-Cloud-Based-System-Post-Attack.html]]|Misc|
|2019.02.11|IT Brief New Zealand|[[Microsoft launches bot service for healthcare sector|https://itbrief.co.nz/story/microsoft-launches-bot-service-for-healthcare-sector]]|Misc|
|2019.02.11|//Gartner//|[[G00378651: Top 10 Security Projects for 2019|https://www.gartner.com/doc/3900996/top--security-projects-]]|Gartner|
|2019.02.11|//McAfee//|![[The Exploit Model of Serverless Cloud Applications|https://securingtomorrow.mcafee.com/business/cloud-security/the-exploit-model-of-serverless-cloud-applications/]]|Misc|
|2019.02.11|//Rancher Labs//|![[Kubernetes vs Docker Swarm: Comparison of Two Container Orchestration Tools|https://rancher.com/blog/2019/kuberntes-versus-docker-swarm/]]|Container Orchestration Kubernetes Docker_Swarm|
!Compromission du prestataire Cloud Visma en Norvège
[>img(250px,auto)[iCSF/VismaNO.png]]La société Visma a annoncé début février 2019 avoir fait l'objet d'une attaque informatique.
D'après les informations disponibles à ce jour :
# Visma, société privée norvégienne créée en 1996 dont le siège est basé à Oslo, compte 800.000 clients, principalement en Scandinavie, mais aussi au Benelux, en Europe Centrale et de l'Est. Elle fournit des services de comptabilité, de ressources humaines et d'autres logiciels en ligne en mode SaaS, et de Cloud.
# Les attaquants auraient tenté de pénétrer dans les systèmes d'information de Visma, mais auraient été détectés très tôt, faisant échouer la tentative d'intrusion.
# Ces attaques se seraient étalées sur une période d'un an, entre novembre 2017 et septembre 2018.
# Le Visma CSIRT (//Visma Corporate Security Incident Response Team//) collaboré avec son //Product Security Operations Center// (PSOC), l'agence nationale de sécurité norvégienne (//NSM NorCERT//) et la police norvégienne.+++*[»]>
Déclaration de Espen Johansen, "Operations and Security Manager" de Visma :
//"As a general rule, we always report cyber attacks to the police - it is our responsibility as a corporation and our responsibility towards our clients. We are very thankful for the guidance and advice from NSM NorCERT, Police (PST), and other cooperating parties in this case. We urge all organisations to explore the opportunities that are available in CERT cooperation."//
cf. Article publié sur le site "NordicNews" : voir "Webographie" ci-dessous ===
# Les sociétés qui ont réalisé les investigations, //RecordedFuture// et //Rapid7//, attribuent cette attaque au groupe d'attaquants ''APT10'' / ''Cloud_Hopper'', avec attribution à la Chine, même si cette dernière a affirmé à plusieurs reprises qu'elle ne se livrait pas à des cyberattaques.
# ''Le rapport d'analyse a été publié : sa lecture est recommandée'' (voir "Webographie" ci-dessous).
# Visma a préféré attendre que les investigations fournissent des éléments factuels sur les auteurs de l'attaque avant de communiquer sur l'attaque.
!A noter
''Ce genre d'attaque contre des prestataires de services, notamment Cloud, est une réalité depuis plusieurs années''.
Même si ce type d'attaques ne commence que maintenant à être médiatisé, les entreprises et leurs prestataires doivent augmenter leur niveau de vigilance.
La démarche consiste notamment :
# à établir ou à renforcer les relations et la coopération client/prestataire sur les aspects de sécurité
# à établir une cartographie des prestataires, et des accès au système d'information
# à mettre en place des mesures de surveillance en s'appuyant sur les nombreux "IOC" (Indicators of Compromise) disponibles
# à se rapprocher et à partager avec les autorités ou les agences de cyber-sécurité.
!Webographie avec éléments de contexte
|>|>|!2019|
|!Déc.|Source|Titre (et lien)|
|2019.12.30|Wall Street Journal|[[Ghosts in the Clouds: Inside China's Major Corporate Hack|https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061]]|
|!Fév.|Source|Titre (et lien)|
|2019.02.21|//ESET//|[[Criminal hacking hits Managed Service Providers: Reasons and responses|https://www.welivesecurity.com/2019/02/19/criminal-hacking-hits-managed-service-providers-reasons-responses/]]|
|2019.02.20|SecurityWeek|[[Supply Chain Attacks Nearly Doubled in 2018: Symantec|https://www.securityweek.com/supply-chain-attacks-nearly-doubled-2018-symantec]]|
|2019.02.12|Duo|![[APT Groups Moving Down the Supply Chain|https://duo.com/decipher/apt-groups-moving-down-the-supply-chain]]|
|2019.02.11|TechHQ|[[What can we learn from Visma's cybersecurity breach?|https://techhq.com/2019/02/what-can-we-learn-from-vismas-cybersecurity-breach/]]|
|2019.02.07|Siècle Digital|[[La Chine aurait hacké le groupe norvégien Visma pour voler des informations clients|https://siecledigital.fr/2019/02/07/la-chine-aurait-hacke-le-groupe-norvegien-visma-pour-voler-des-informations-clients/]]|
|2019.02.06|SecurityWeek|[[Chinese Hackers Spy on U.S. Law Firm, Major Norwegian MSP|https://www.securityweek.com/chinese-hackers-spy-us-law-firm-major-norwegian-msp]]|
|2019.02.06|NordicNews|[[Intelligence report recognises threats from cyberespionage|https://nnews.no/intelligence-report-recognises-threats-from-cyberespionage/]]|
|2019.02.06|Reuters|[[China hacked Norway's Visma to steal client secrets: investigators|https://www.reuters.com/article/us-china-cyber-norway-visma/china-hacked-norways-visma-to-steal-client-secrets-investigators-idUSKCN1PV141]]|
|2019.02.06|//RecordedFuture//|![[APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign|https://www.recordedfuture.com/apt10-cyberespionage-campaign/]]|
|2019.02.06|//RecordedFuture//|[[APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign (pdf)|https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf]]|
|2019.02.06|//RecordedFuture//|[[Appendix A -- Indicators of Compromise|https://go.recordedfuture.com/hubfs/reports/cta-2018-0206-iocs.csv]] (.csv)|
|2019.02.06|//RecordedFuture//|[[Appendix C -- Yara Rules|https://go.recordedfuture.com/hubfs/reports/cta-2019-0206-yara-rules.yar]] (.yar)|
|2019.02.06|//RecordedFuture//|[[Appendix E -- MITRE ATT&CK Mapping (pdf)|https://go.recordedfuture.com/hubfs/mitre-attack-mapping.pdf]]|
|2019.02.06|Visma|![[Intelligence report recognises Visma's contribution to illuminate threats and protect organisations from cyberespionage|https://www.visma.com/press-releases/intelligence-report-visma/]]|
|!Jan.|Source|Titre (et lien)|
|2019.01.31|//AlienVault//|[[APT10 Group Targets Multiple Sectors, But Seems to Really Love MSSPs|https://www.alienvault.com/blogs/security-essentials/apt10-group-targets-multiple-sectors-but-seems-to-really-love-mssps]]|
|>|>|!2018|
|Déc.|Source|Titre (et lien)|
|2018.12.21|Bleeping Computer|[[Historic APT10 Cyber Espionage Group Breached Systems in Over 12 Countries|https://www.bleepingcomputer.com/news/security/historic-apt10-cyber-espionage-group-breached-systems-in-over-12-countries/]]|
|2018.12.20|Wired|[[How China's Elite Hackers Stole the World's Most Valuable Secrets|https://www.wired.com/story/doj-indictment-chinese-hackers-apt10/]]|
|!Jui.|Source|Titre (et lien)|
|2017.07.17|IntrusionTruth|[[Who was behind this unprecedented Cyber attack on Western infrastructure?|https://intrusiontruth.wordpress.com/2018/07/17/who-was-behind-this-unprecedented-cyber-attack-on-western-infrastructure/]]|
|>|>|!2017|
|!Avr.|Source|Titre (et lien)|
|2017.04.27|US-CERT|[[Alert (TA17-117A) - Intrusions Affecting Multiple Victims Across Multiple Sectors|https://www.us-cert.gov/ncas/alerts/TA17-117A]] (mise à jour le 20 décembre 2018)|
|2017.04.27|US-CERT|[[IR-ALERT-MED-17-093-01C - Intrusions Affecting Multiple Victims Across Multiple Sectors (pdf)|https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01C-Intrusions_Affecting_Multiple_Victims_Across_Multiple_Sectors.pdf]]|
|2017.04.27|US-CERT|[[IR-ALERT-MED-17-093-01C - Indicators of compromise (xlsx)|https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01C.xlsx]]|
|2017.04.27|US-CERT|[[IR-ALERT-MED-17-093-01C - Indicators of compromise (xml - STIX)|https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01-C.XML]]|
|2017.04.03|//PwC// & //BAE Systems//|[[Operation Cloud Hopper|https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html]]|
|2017.04.03|//PwC// & //BAE Systems//|[[Operation Cloud Hopper (pdf)|https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf]]|
|2017.04.03|//PwC// & //BAE Systems//|[[Operation Cloud Hopper - Annex A: Indicators of Compromise (pdf)|https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-indicators-of-compromise-v2.2.pdf]]|
|2017.04.03|//PwC// & //BAE Systems//|[[Operation Cloud Hopper - Annex B: Technical Annex (pdf)|https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf]]|
<<tiddler [[arOund0C]]>>
!"CCM Mapping Workpackage Template"
[>img(150px,auto)[iCSA/CCM.png]]Ce document (format .xlsx) est un accompagnement de la matrice [[CCM]].
Il s'agit d'un modèle de correspondance entre la [[CCM]] et ce que les intervenants utlisent comme référentiels sécurité.
__Lien de téléchargement :__
→ https://cloudsecurityalliance.org/artifacts/ccm-mapping-workpackage-template/
Les sondages et appels à commentaires dont les clôtures sont très proches sont les suivants :
* Sondage "Cloud Hybride" (clôture d'ici à la fin février 2018)
* Sondage "Menaces 2018" (clôture d'ici à la fin février 2018)
* Appel à commentaires : "//Preparing for the Quantum Threat with Hybrid Cryptography//" (clôture le 22 février 2019)
* Appel à commentaires : "//Preparing Enterprises for the Quantum Computing Cybersecurity Threats//" (clôture le 5 mars 2019)
<<tabs tSondComment "Cloud Hybride" "" [[2019.02.12 - Sondage 'Cloud Hybride']] "Menaces 2018" "" [[2019.01.21 - Sondage Menaces : Relance]] "Quantum Threat with Hybrid Cryptography" "" [[2019.02.13 - Appel à commentaires 'Quantum Threat with Hybrid Cryptography']] "Quantum Cyber Threats" "" [[2019.02.13 - Appel à commentaires 'Quantum Computing Cybersecurity Threats']]>>
!"Preparing Enterprises for the Quantum Computing Cybersecurity Threats"
L'appel à commentaires sur ce document sera clos le 5 mars 2019
> //Quantum computing, while expected to help make many advancements, will also break the existing asymmetric-key cryptosystems, thus endangering our security infrastructure. While it is uncertain whether such a computer will live up to the hype, the emerging cybersecurity threats it brings should be addressed now even though such a machine may not emerge for another decade or so. This document describes an overview of quantum computing, the impact on cryptography, and steps to start preparing for the quantum threat today.//
* Sondage ⇒ ''[[CloudSecurityAlliance.fr/go/j2dm/|https://cloudsecurityalliance.fr/go/j2dm/]]''
!"Preparing for the Quantum Threat with Hybrid Cryptography"
L'appel à commentaires sur ce document sera clos le 22 février 2019
> //Focus of this document is on four hybrid cryptographic schemes which provide both classical security of classical crypto and the quantum security of a quantum-safe system. This document will also provide a background on quantum security and an overview of hybrid schemes.//
* Sondage ⇒ ''[[CloudSecurityAlliance.fr/go/j2dy/|https://cloudsecurityalliance.fr/go/j2dy/]]''
!Sondages "Cloud Hybride" : "//Hybrid Cloud Market Survey//"
Derniers jours pour répondre à ce sondage de la [[Cloud Security Alliance]]
<<<
//Provide your input to help update the challenges, security strategies and concerns in the cloud environment for 2019. This survey takes 8 minutes to complete.
The goal of this survey is to better understand the current state of hybrid cloud and multi-cloud environments including challenges, security strategies, and security concerns.
Win a prize: 1 - Ring Wifi Doorbell -- 2 - CCSK Test Token -- 3 - $100 Amazon Gift Cards//
<<<
* Lien vers le sondage : ''[[CloudSecurityAlliance.fr/go/j2eH|https://cloudsecurityalliance.fr/go/j2eH]]''
* Pour vous préparer, voici la liste des 19 questions //en anglais// telles que posées dans le sondage
**+++*[»]> <<tiddler [[2019.02.12 - Sondage 'Cloud Hybride' - Questions]]>>===
//[img(25%,1px)[iCSF/BluePixel.gif]]
//+++*[1. Which public cloud platforms does your organization use?]> Amazon Web Services (AWS) -- Microsoft Azure -- Google Cloud Platform -- Alibaba Cloud -- IBM cloud -- Oracle cloud -- Unsure -- None -- Other ===
+++*[2. Which private cloud platforms does your organization use?]> VMware NSX -- OpenStack -- Cisco ACI -- Unsure -- None -- Other ===
+++*[3. What percentage of your workloads does your organization currently run in the public cloud in production?]> We do not deploy any workloads in the cloud -- 1-20% -- 21-40% -- 41%-60% -- 61%-80% -- 81%-100% -- Don't know ===
+++*[4. By the end of the year 2020, What percentage of your workloads do you anticipate your organization will be running in the public cloud in production?]> We will not deploy any workloads in the cloud -- 1-20% -- 21-40% -- 41%-60% -- 61%-80% -- 81%-100% -- Don't know ===
+++*[5. Which team is responsible for managing security in the public cloud] IT Operations -- Cloud team within the IT department -- Information Security -- Application Owners / Developers / DevOps -- Managed Service Provider -- CISO -- Not sure -- Other ===
+++*[6. What concerns does your organization encounter when adopting a public cloud platform?]> Security concerns -- Legal concerns -- Regulatory compliance -- Data loss and leakage risks -- Integration with the rest of our IT environment -- Lack of expertise to manage the cloud environment -- Lack of staff to manage the cloud environment -- Visibility into resources in the cloud environment -- Cost -- Migration of applications to the cloud -- Other ===
+++*[7. Please rate each of these security concerns with regards to applications running in the public cloud?]> Sensitive customer / personal data leakage -- Outages due to denial of service (DoS) attacks -- Data corruption, service defacement -- Unauthorized access -- Resource abuse (e.g. crypto-mining) -- Infiltration into more sensitive areas in the network (in the cloud or on-prem) -- Other ===
+++*[8. Please rate the level of challenge each item poses in managing security in the public cloud?]> Managing a multi-cloud environment -- Managing both cloud and on-prem environments -- Lack of visibility into the entire cloud estate -- Proactively detecting misconfigurations and security risks -- Compliance and preparing for audits -- Troubleshooting connectivity issues -- Lack of expertise in cloud-native security constructs -- Understanding which team is responsible for cloud security ===
+++*[9. What network security controls do you currently use to secure your public cloud deployments?]> Cloud provider's native security controls (e.g. Security Groups, Network ACLs) -- Cloud provider's additional security controls (e.g. Azure Firewall, AWS WAF) -- Virtual editions of traditional firewalls (e.g. PaloAlto Networks, Check Point, Barracuda) deployed in the cloud environment -- Host based enforcement -- Don't know -- Other ===
+++*[10. Do you currently manage security as part of your application orchestration process in your public cloud environment?]> Yes -- No -- Don't know ===
+++*[11. What do you use to manage security as part of your application orchestration process in your public cloud environment?]> Orchestration and configuration management tools (eg. Terraform, Ansible, Chef, Puppet, Jenkins) -- Cloud native tools (e.g. AWS CloudFormation) -- Home-grown scripts leveraging cloud vendor's APIs -- Don't know -- Other ===
+++*[12. How do you detect and manage risks and vulnerabilities in your cloud environment?]> Cloud provider risk assessment service (Trusted Advisor, Azure Security Center) -- Designated 3rd party cloud security tool(s) -- Generic risk or vulnerability assessment tool -- We don't use a designated cloud security tool -- Other ===
+++*[13. Did your organization experience a cloud-related security incident in the last 12 months?]> Yes -- No -- Not sure -- Can't disclose ===
+++*[14. Has your organization experienced a network or application outage in the last year?]> Yes -- No -- Not sure ===
+++*[15. What was the main contributor to your network or application outage in the last year?]> Faults, errors, or discards in network devices -- Device configuration changes -- Operational human errors and mismanagement of devices -- Link failure caused due to fibre cable cuts or network congestion -- Power outages -- Server hardware failure -- Security attacks such as denial of service (DoS) -- Failed software and firmware upgrade or patches -- Incompatibility between firmware and hardware device -- Not sure -- Other ===
+++*[16. If you experienced a network or application outage, how long did it last before it was restored to normal operation?]> Less than 1 hour -- 1 to 3 hours -- 3 to 5 hours -- A working day -- Longer than one working day -- Longer than a week ===
+++*[17. What is the size of your organization?]> 1-50 employees -- 51-500 employees -- 501-1,000 employees -- 1,001-2,000 employees -- 2,001-5000 employees -- 5,001-10,000 employees -- 10,000+ employees ===
+++*[18. Please select the option that best reflects your companies Industry?]> IT and technology -- Telecommunications -- Manufacturing and production -- Health, Pharmaceuticals, and Biotech -- Financial services -- Retail, distribution and transport -- Business and professional services -- Energy, oil/gas and utilities -- Construction and property -- Public sector -- Other ===
+++*[19. Please select your location?]> Asia -- Latin/Southern America -- Eastern Europe -- European Union -- Middle East -- North America -- Australia ===
+++*[20. What is your primary role?]> Information Security -- Network Operations -- Compliance Officer -- Cloud Operations/Architect -- Cloud Security Officer -- Application Architect/Owner -- Data Center Architect -- DevOps Engineer/Manager -- CISO -- CIO -- Other ===
//
!The 12 Most Critical Risks for Serverless Applications
[>img(150px,auto)[iCSA_/12-Critical-Risks.png]]Le document "//The 12 Most Critical Risks for Serverless Applications//" a pour objectif la sensibilisation et la formation.
Ce rapport a été conçu et développé par des experts du domaine et des chercheurs en sécurité avec des compétences couvrant les domaines de la sécurité, du Cloud, et des architectures sans serveur (//serverless//)."
<<<
//The "12 Most Critical Risks for Serverless Applications" 2019 document is meant to serve as a security awareness and education guide. This report was curated and maintained by top industry practitioners and security researchers with vast experience in application security, cloud, and serverless architectures.
As many organizations are still exploring serverless architectures or just taking their first steps in the serverless world, ''Cloud Security Alliance'' (CSA) believes this guide is critical for their success in building robust, secure and reliable applications.
''Cloud Security Alliance Israel'' urges all organizations to adopt the best practices highlighted in this document, and use it during the process of designing, developing and testing serverless applications to minimize security risks.
This document will be maintained and enhanced periodically based on input from the community, as well as research and analysis developed from the most common serverless architecture risks.
Lastly, while this document enumerates what are believed to be the current top risks specific to serverless architectures, it is not a complete listing of all the threats. Readers are encouraged to follow other industry standards related to secure software design and development.//
<<<
__Liens de téléchargement :__
→ https://cloudsecurityalliance.org/artifacts/the-12-most-critical-risks-for-serverless-applications
!The 12 Most Critical Risks for Serverless Applications
[>img(150px,auto)[iCSA_/12-Critical-Risks.png]]Article de blog publié le 11 février 2019 — Rédigé par Sean Heide, CSA Research et Ory Segal, CSA Israel.
<<<
Lors de la conception et de l'implémentation d'un environnement sans serveur pour une entreprise, il est nécessaire de prendre en compte plusieurs risques fondamentaux. En effet, il s'agit de s'assurer que l'architecture intègre les contrôles appropriés en matière de mesures de sécurité, et que comment développer un programme visant à assurer la longévité des applications. Bien qu'il s'agisse d'une liste de 12 risques considérés comme les plus fréquents, il ne faut pas perdre de vue que d'autres risques potentiels doivent aussi être pris en compte.
Les architectures sans serveur (également appelées "//FaaS//" ou "//Function as a Service//") permettent aux entreprises de créer et de déployer des logiciels et des services sans avoir à maintenir ou à provisionner de serveurs physiques ou virtuels.
[...]
La liste, classée par ordre de criticité décroissante, est la suivante :
* SAS-1: "//Function Event Data Injection//"
* SAS-2: "//Broken Authentication//"
* SAS-3: "//Insecure Serverless Deployment Configuration//"
* SAS-4: "//Over-Privileged Function Permissions & Roles//"
* SAS-5: "//Inadequate Function Monitoring and Logging//"
* SAS-6: "//Insecure Third-Party Dependencies//"
* SAS-7: "//Insecure Application Secrets Storage//"
* SAS-8: "//Denial of Service & Financial Resource Exhaustion//"
* SAS-9: "//Serverless Business Logic Manipulation//"
* SAS-10: "//Improper Exception Handling and Verbose Error Messages//"
* SAS-11: "//Obsolete Functions, Cloud Resources and Event Triggers//"
* SAS-12: "//Cross-Execution Data Persistency//"
[...]
<<<
__Liens :__
* ⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/02/11/critical-risks-serverless-applications/]] sur le blog de la CSA
* ⇒ Téléchargement du rapport "[[The 12 Most Critical Risks for Serverless Applications|https://cloudsecurityalliance.org/artifacts/the-12-most-critical-risks-for-serverless-applications]]"
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.02.10|
|2019.02.10|Government Technology|[[To Understand IoT Security: Look to the Clouds|http://www.govtech.com/blogs/lohrmann-on-cybersecurity/to-understand-iot-security-look-to-the-clouds.html]]|Misc|
|2019.02.10|//Firegen Analytics//|![[Mapping of On-Premises Security Controls vs Major Cloud Providers Version 3|http://www.firegenanalytics.com/downloads/mapping_on_prem_cloud_v3.pdf]]|Misc|
|2019.02.15|Trade Arabia|[[Prioritizing security in a multi-cloud world|http://www.tradearabia.com/news/REAL_350879.html]]|CSA|
|>|>|>|!2019.02.08|
|2019.02.08|Journal du Net[>img[iCSF/flag_fr.png]]|![[Comment le cloud et la mobilité perturbent 30 ans d'histoire en matière de réseau et de sécurité ?|https://www.journaldunet.com/solutions/expert/70537/comment-le-cloud-et-la-mobilite-perturbent-30-ans-d-histoire-en-matiere-de-reseau-et-de-securite.shtml]]|Misc|
|2019.02.08|Help Net Security|[[Infosec pros believe data isn't secure in the cloud, despite desire for mass adoption|https://www.helpnetsecurity.com/2019/02/08/infosec-pros-believe-data-isnt-secure-in-the-cloud/]]|Misc|
|2019.02.08|ComputerWeekly.com|![[A guide to choosing cloud-based security services|https://www.computerweekly.com/feature/A-guide-to-choosing-cloud-based-security-services]]|Misc|
|2019.02.08|Tech Republic|[[How to create and deploy a virtual machine in Microsoft Azure|https://www.techrepublic.com/article/how-to-create-and-deploy-a-virtual-machine-in-microsoft-azure/]]|Misc|
|2019.02.08|The Daily Swig|[[New Google open sources cloud-based fuzzing tool|https://portswigger.net/daily-swig/google-open-sources-cloud-based-fuzzing-tool]]|[[Tools|Outils-GitHub]] ClusterFuzz|
|2019.02.08|//McAfee//|[[Cloud Security Risks - It's not black and white|https://www.skyhighnetworks.com/cloud-security-blog/cloud-security-risks-its-not-black-and-white/]]|Risks|
|2019.02.08|//Bit Defender//|[[40% of Organizations Will Adopt Biometric SaaS Authentication by 2022, Gartner Predicts|https://businessinsights.bitdefender.com/40-of-organizations-will-adopt-biometric-saas-authentication-by-2022-gartner-predicts]]|Misc|
|2019.02.08|//PaloAlto Networks//|![[8 AWS Security Best Practices to Mitigate Risk|https://researchcenter.paloaltonetworks.com/2019/02/8-aws-security-best-practices-mitigate-risk/]]|AWS Best_Practices|
|2019.02.08|Nino Crudele|[[How to integrate Burp Suite for security automation in Microsoft Azure DevOps and Microsoft TFS|https://ninocrudele.com/how-to-integrate-burp-suite-for-security-automation-in-microsoft-azure-devops-and-microsoft-tfs]]|Azure DevSecOps|
|>|>|>|!2019.02.07|
|2019.02.07|Journal du Net[>img[iCSF/flag_fr.png]]|[[Cloud : stockage, confidentialité et sécurité|https://www.journaldunet.com/solutions/expert/70530/cloud---stockage--confidentialite-et-securite.shtml]]|Misc|
|2019.02.07|The Straits Times|[[Japan government plans to strengthen cyber defences by certifying cloud storage services|https://www.straitstimes.com/asia/east-asia/japan-government-plans-to-strengthen-cyber-attack-defences-by-certifying-cloud]]|Misc|
|2019.02.07|//Gartner//|[[G00375725: Security of the Cloud Primer for 2019|https://www.gartner.com/doc/3900688]]|Report|
|2019.02.07|//Backblaze//|[[What's the Diff: Hot and Cold Data Storage|https://www.backblaze.com/blog/whats-the-diff-hot-and-cold-data-storage/]]|Misc|
|2019.02.07|//Google Cloud//|[[Exploring container security: Encrypting Kubernetes secrets with Cloud KMS|https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-encrypting-kubernetes-secrets-with-cloud-kms]]|Misc|
|2019.02.07|//Security Intelligence (IBM)//|[[Moving to the Hybrid Cloud? Make Sure It's Secure by Design|https://securityintelligence.com/moving-to-the-hybrid-cloud-make-sure-its-secure-by-design/]]|Misc|
|2019.02.07|//PaloAlto Networks//|[[8 AWS Security Best Practices to Mitigate Risk|https://researchcenter.paloaltonetworks.com/2019/02/8-aws-security-best-practices-mitigate-risk/]]|Misc|
|>|>|>|!2019.02.06|
|2019.02.06|Alex DeBrie|![[The Complete Guide to Custom Authorizers with AWS Lambda and API Gateway|https://www.alexdebrie.com/posts/lambda-custom-authorizers/]] |AWS_Lambda|
|2019.02.06|Visma|![[Intelligence report recognises Visma's contribution to illuminate threats and protect organisations from cyberespionage|https://www.visma.com/press-releases/intelligence-report-visma/]]|Attacks APT|
|2019.02.06|Reuters| → [[China hacked Norway's Visma to steal client secrets: investigators|https://www.reuters.com/article/us-china-cyber-norway-visma/china-hacked-norways-visma-to-steal-client-secrets-investigators-idUSKCN1PV141]]|Attacks APT|
|2019.02.06|//RecordedFuture//|! → [[APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign|https://www.recordedfuture.com/apt10-cyberespionage-campaign/]]|Attacks APT|
|2019.02.06|//RecordedFuture//| → [[APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign (pdf)|https://go.recordedfuture.com/hubfs/reports/cta-2019-0206.pdf]]|Attacks APT|
|2019.02.06|//RecordedFuture//| → [[Appendix A -- Indicators of Compromise (csv)|https://go.recordedfuture.com/hubfs/reports/cta-2018-0206-iocs.csv]]|Attacks APT|
|2019.02.06|//RecordedFuture//| → [[Appendix C -- Yara Rules (.yar)|https://go.recordedfuture.com/hubfs/reports/cta-2019-0206-yara-rules.yar]]|Attacks APT|
|2019.02.06|//RecordedFuture//| → [[Appendix E -- MITRE ATT&CK Mapping (pdf)|https://go.recordedfuture.com/hubfs/mitre-attack-mapping.pdf]]|Attacks APT|
|2019.02.06|SecurityWeek| → [[Chinese Hackers Spy on U.S. Law Firm, Major Norwegian MSP|https://www.securityweek.com/chinese-hackers-spy-us-law-firm-major-norwegian-msp]]|Attacks APT|
|2019.02.06|NordicNews| → [[Intelligence report recognises threats from cyberespionage|https://nnews.no/intelligence-report-recognises-threats-from-cyberespionage/]]|Attacks APT|
|2019.02.07|Siècle Digital| → [[La Chine aurait hacké le groupe norvégien Visma pour voler des informations clients|https://siecledigital.fr/2019/02/07/la-chine-aurait-hacke-le-groupe-norvegien-visma-pour-voler-des-informations-clients/]]|Attacks APT|
|2019.02.11|TechHQ| → [[What can we learn from Visma's cybersecurity breach?|https://techhq.com/2019/02/what-can-we-learn-from-vismas-cybersecurity-breach/]]|Attacks APT|
|2019.02.12|Duo|! → [[APT Groups Moving Down the Supply Chain|https://duo.com/decipher/apt-groups-moving-down-the-supply-chain]]|Attacks APT|
|2019.02.20|SecurityWeek| → [[Supply Chain Attacks Nearly Doubled in 2018: Symantec|https://www.securityweek.com/supply-chain-attacks-nearly-doubled-2018-symantec]]|Attacks APT|
|2019.02.21|//ESET//| → [[Criminal hacking hits Managed Service Providers: Reasons and responses|https://www.welivesecurity.com/2019/02/19/criminal-hacking-hits-managed-service-providers-reasons-responses/]]|Attacks APT|
|2019.02.06|//Microsoft//|![[Azure Stack datacenter integration - Publish endpoints|https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-integrate-endpoints]]|Harden|
|2019.02.06|BusinessWire|[[New Report Reveals IT and Cybersecurity Leaders Are Not Confident In Their Organizations' Ability To Protect Data In The Cloud|https://www.businesswire.com/news/home/20190206005412/en/New-Report-Reveals-Cybersecurity-Leaders-Confident-Organizations%E2%80%99]]|Report|
|2019.02.06|//Digital Guardian//| → [[ESG Report - Trends in Cloud Data Security: The Data Perimeter of Hybrid Clouds|https://info.digitalguardian.com/analyst-report-esg-2019-trends-in-cloud-security.html]] ([[rapport |https://www.esg-global.com/hubfs/pdf/ESG-Research-Report-2019-Public-Cloud-Trends-Apr-2019.pdf]])|Report|
|2019.02.06|//Fugue//|[[Cloud Infrastructure Drift: The Good, the Bad, and The Ugly|https://www.fugue.co/blog/cloud-infrastructure-drift-the-good-the-bad-and-the-ugly]]|Architecture|
|2019.02.06|ComputerWeekly.com|[[What is CIO best practice when it comes to cloud security?|https://www.computerweekly.com/news/252457129/What-is-CIO-best-practice-when-it-comes-to-cloud-security]]|Governance|
|2019.02.06|Security Boulevard|[[Kick-start your cloud security: The Facts (Infographic)|https://securityboulevard.com/2019/02/kick-start-your-cloud-security-the-facts-infographic/]]|Misc|
|2019.02.06|BetaNews|[[Failover clustering in the Azure cloud: Understanding the options|https://betanews.com/2019/02/06/failover-clustering-in-the-azure-cloud/]]|Azure|
|2019.02.06|eWeek|[[Google Set to Advance Confidential Computing With Asylo Project|https://www.eweek.com/cloud/google-set-to-advance-confidential-computing-with-asylo-project]]|Misc|
|2019.02.06|//FireOaks Strategies//|[[Automate the Creation and Export of EC2 Volume Images|https://fireoakstrategies.com/automate-the-creation-and-export-of-ec2-volume-images/]] (3/3)|Misc|
|2019.02.06|//ThreatStack//|[[21 Developers & Docker Experts Reveal the Biggest Mistakes People Make When Switching to Docker Containers|https://www.threatstack.com/blog/21-developers-docker-experts-reveal-the-biggest-mistakes-people-make-when-switching-to-docker-containers]]|Misc|
|>|>|>|!2019.02.05|
|2019.02.05|Le Devoir[>img[iCSF/flag_fr.png]]|[[Québec confiera le stockage de ses données informatiques au privé|https://www.ledevoir.com/politique/quebec/547082/quebec-confiera-le-stockage-de-ses-donnees-informatiques-au-prive]]|Misc|
|2019.02.05|Dark Reading|[[Mitigating the Security Risks of Cloud-Native Applications|https://www.darkreading.com/cloud/mitigating-the-security-risks-of-cloud-native-applications/a/d-id/1333773]]|Misc|
|2019.02.05|InfoWorld|[[The cloud's weakest security links aren't where you're looking|https://www.infoworld.com/article/3331363/cloud-migration-checklist-the-3-key-areas-to-focus-on.html]]|Misc|
|2019.02.05|TEISS|![[How to secure your move to the multi-cloud|https://www.teiss.co.uk/process/how-to-secure-your-move-to-the-multi-cloud/]]|Misc|
|2019.02.05|Cloud Native Computing Foundation|[[How Uber Monitors 4,000 Microservices|https://www.cncf.io/blog/2019/02/05/how-uber-monitors-4000-microservices/]]|Misc|
|2019.02.05|//Gartner//|[[G00375928: Security of the Cloud for Technical Professionals Primer for 2019|https://www.gartner.com/doc/3900772]]|Report|
|2019.02.05|//Backblaze//|[[How Cloud-Based MAMs Can Make End-to-End Cloud Workflows a Reality|https://www.backblaze.com/blog/how-to-migrate-mam-to-cloud/]]|Misc|
|2019.02.05|//Azure//|[[Best practices to consider before deploying a network virtual appliance|https://azure.microsoft.com/en-us/blog/best-practices-to-consider-before-deploying-a-network-virtual-appliance/]]|Misc|
|2019.02.05|//SSH.com//|[[5 ways to bypass PAM|https://blog.ssh.com/5-ways-to-bypass-pam]]|Misc|
|2019.02.05|//PaloAlto Networks//|[[The Hole in Your Container Security Strategy|https://researchcenter.paloaltonetworks.com/2019/02/the-hole-in-your-container-security-strategy/]]|Misc|
|2019.02.05|//Akamai//|[[Phishing Attacks Against Facebook / Google via Google Translate|https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html]]|Phishing Google|
|2019.02.07|Bleeping Computer| → [[New Phishing Attack Uses Google Translate as Camouflage|https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-google-translate-as-camouflage/]]|Phishing Google|
|>|>|>|!2019.02.04|
|2019.02.04|Dark Reading|[[IoT Security's Coming of Age Is Overdue|https://www.darkreading.com/attacks-breaches/iot-securitys-coming-of-age-is-overdue/a/d-id/1333756]]|Misc|
|2019.02.04|//Summit Route//|![[Lateral movement between AWS accounts - Abusing trust relationships|https://summitroute.com/blog/2019/02/04/lateral_movement_abusing_trust/]] |Trust Abuse|
|2019.02.04|Dark Reading|[[Researchers Devise New Method of Intrusion Deception for SDN|https://www.darkreading.com/cloud/researchers-devise-new-method-of-intrusion-deception-for-sdn/d/d-id/1333781]]|Misc|
|2019.02.04|DevOps.com|![[Cloud Waste To Hit Over $14 Billion in 2019|https://devops.com/cloud-waste-to-hit-over-14-billion-in-2019/]]|Misc|
|2019.02.04|Inside Cybersecurity|[[Former BSI official DiMaria gears up to promote Cloud Security Alliance's STAR program|https://insidecybersecurity.com/daily-news/former-bsi-official-dimaria-gears-promote-cloud-security-alliances-star-program]]|Misc|
|2019.02.04|New Gen Apps|[[5 Big Data and Cloud Security concerns to watch out for in 2019|https://www.newgenapps.com/blog/5-big-data-and-cloud-security-concerns-in-2019]]|Misc|
|2019.02.04|Solutions Reviews|[[Container Security: 4 Basic Principles You Should Follow|https://solutionsreview.com/cloud-platforms/container-security-4-basic-principles-you-should-follow/]]|Misc|
!Partenariat avec le Salon "[[Cloud Computing World Expo|http://www.cloudcomputing-world.com/security]]", à Paris les 20 et 21 mars 2019
__Paris le 7 février 2019 :__[>img(auto,100px)[iCSF/ForumSecuriteCloud-2019.png]][>img(auto,100px)[iCSF/CCWE-2019.png]]
Le [[Chapitre Français]] de la [[Cloud Security Alliance]] a le plaisir de vous annoncer que le partenariat avec le Salon ''Cloud Computing World Expo'' est renouvellé en 2019.
:→ https://cloudcomputing-world.com/security/
Lieu : Paris, Porte de Versailles, Hall 5.2
Dans ce cadre :
* il participe au comité de programme et d'organisation des conférences [[Forum Sécurité@Cloud]]
* il animera la matinée du [[Forum Sécurité@Cloud]] le jeudi 21 mars 2019 sur le thème suivant :
:"''Cyber-résilience : comment faire face à l'accélération des menaces par rapport au Cloud ? -- Cyberattaques - Continuité - Résilience''"
* il fera la présentation d'introduction du jeudi 22 mars 2018 à 9h30
* il animera deux tables rondes à 10h15 et à 11h30
Informations complémentaires dans la partie [[Actualités|Actu.2019.02]] de ce site au fur et à mesure, ainsi que sur Twitter : [[@CloudsaFR|https://twitter.com/CloudsaFR]] et [[@ForumSecuCloud|https://twitter.com/forumsecucloud]]
[img(25%,1px)[iCSF/BluePixel.gif]]
Vous pouvez dès à présent vous enregistrer sur le lien suivant : ''[[CloudSecurityAlliance.fr/go/j2bs/|https://cloudsecurityalliance.fr/go/j2bs/]]''<<tiddler [[arOund0C]]>>
!Interview : "Démystifions DevSecOps"
[>img(150px,auto)[iCSA/J27BI.jpg]]Article de blog publié le 7 février 2019 —
<<<
La sécurité doit faire partie intégrante de la feuille de route de DevOps. Doug Cahill, de l'+++*[Enterprise Strategy Group] → http://www.esg-global.com/
===, montre la voie à suivre.
Le sujet de la sécurité est bien placé dans les préoccupations IT à mesure que les entreprises se lance dans la transformation numérique. Et en même temps, DevOps, une méthodologie qui applique des principes d'agilité et de simplicité au développement logiciel, est également une priorité absolue. Le problème est que les deux stratégies d'entreprise ne sont souvent pas alignées.
Nous avons récemment discuté avec Doug Cahill, analyste sénior et directeur de groupe chez //Enterprise Strategy Group//, pour connaître son point de vue sur l'importance de l'approche DevSecOps ainsi que sur la façon de réoutiller les acteurs pour qu'ils adoptent ce nouveau principe
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/02/07/deciphering-devsecops/]] sur le blog de la CSA
!The Future of Healthcare
[>img(200px,auto)[iCSA_/The_Future_of_Healthcare.png]]Bien que publié en date du 4 février 2019, le document lui-même et daté du 26 juillet 2018.
<<<
//Globally the Healthcare Industry is a significant component of any country's infrastructure. In sheer market size, the health care market in the United States of America is the largest in the world. The size of the market means that there is unequaled purchasing power, demand, and opportunity for innovation. In contrast, by structure, reimbursement systems, regulation, issues of access, and complexity it is one of the most opaque.//
<<<
__Lien de téléchargement :__
→ https://cloudsecurityalliance.org/artifacts/the-future-of-healthcare/
|!Février|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.02.03|
|2019.02.03|//CloudSploit//|[[The Need for Security-Specific Applications|https://blog.cloudsploit.com/the-need-for-security-specific-applications-da87f22d6f3e]]|Misc|
|>|>|>|!2019.02.01|
|2019.02.01|Inside Cybersecurity|[[Cloud security group calls for clarity in GDPR guidance on requirements, role of regulators|https://insidecybersecurity.com/daily-news/cloud-security-group-calls-clarity-gdpr-guidance-requirements-role-regulators]]|Misc|
|2019.02.01|Help Net Security|[[Safeguarding your data from human error and phishing attacks with the cloud|https://www.helpnetsecurity.com/2019/02/01/safeguarding-your-data-from-human-error/]] (3/3)|Misc|
|2019.02.01|Security Boulevard|[[Sensitive Data is Safer in the Cloud|https://securityboulevard.com/2019/02/sensitive-data-is-safer-in-the-cloud/]]|Misc|
|2019.02.01|carnal0wnage|![[Abusing Docker API - Socket|http://carnal0wnage.attackresearch.com/2019/02/abusing-docker-api-socket.html]]|Docker|
|2019.02.01|//Aporeto//|[[Two Key Players That Enable Security for Microservices|https://www.aporeto.com/blog/two-key-players-that-enable-security-for-microservices/]]|MicroServices|
|>|!|>||
|2019.02|ResearchGate|![[Security validation testing environment in the cloud|https://www.researchgate.net/publication/331233683_Security_validation_testing_environment_in_the_cloud]]|Test|
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.01.31|
|2019.01.31|//AlienVault//|[[APT10 Group Targets Multiple Sectors, But Seems to Really Love MSSPs|https://www.alienvault.com/blogs/security-essentials/apt10-group-targets-multiple-sectors-but-seems-to-really-love-mssps]]|Attacks APT|
|2019.01.31|DevOps.com|[[Salt Security Unveils Platform to Secure APIs|https://devops.com/salt-security-unveils-platform-to-secure-apis/]]|Misc|
|>|>|>|!2019.01.30|
|2019.01.30|CESIN[>img[iCSF/flag_fr.png]]|![[Disponibilité des services Cloud : la cyber-résilience s'impose|https://www.cesin.fr/article-disponibilite-des-services-cloud-la-cyber-resilience-simpose.html]]|Resilience|
|2019.01.30|Bobsguide|[[Banks must decompose legacy "ball of mud" to grab cloud opportunity|https://www.bobsguide.com/guide/news/2019/Jan/30/banks-must-decompose-legacy-ball-of-mud-to-grab-cloud-opportunity/]]|Misc|
|2019.01.30|Security Boulevard|[[Software Defined Perimeter - a Modern VPN with Traditional Challenges|https://securityboulevard.com/2019/01/software-defined-perimeter-a-modern-vpn-with-traditional-challenges/]]|Misc|
|2019.01.30|Dark Reading|[[Rubrik Data Leak is Another Cloud Misconfiguration Horror Story|https://www.darkreading.com/cloud/rubrik-data-leak-is-another-cloud-misconfiguration-horror-story/d/d-id/1333767]]|Misc|
|2019.01.30|CloudTech|[[Understanding Kubernetes today: Misconceptions, challenges and opportunities|https://www.cloudcomputing-news.net/news/2019/jan/30/understanding-kubernetes-today-misconceptions-challenges-and-opportunities/]]|Misc|
|2019.01.30|//Fugue//|[[Top Tips for Preventing Cloud Misconfiguration|https://www.fugue.co/blog/top-tips-for-preventing-cloud-misconfiguration]]|Best_Practices|
|2019.01.30|//Microsoft//|![[Step 4. Set conditional access policies: top 10 actions to secure your environment (4/4)|https://www.microsoft.com/security/blog/2019/01/30/step-4-set-conditional-access-policies-top-10-actions-to-secure-your-environment/]]|AzureAD O365|
|>|>|>|!2019.01.29|
|2019.01.29|//Azure//|[[Azure Site Recovery: Disaster Recovery as a Service (DRaaS) for Azure, by Azure|https://azure.microsoft.com/en-us/blog/azure-site-recovery-disaster-recovery-as-service-for-azure/]]|Misc|
|2019.01.29|Info Security Newspaper|[[Microsoft 365 service error causes Outlook and Exchange disruption|https://www.securitynewspaper.com/2019/01/29/microsoft-365-service-error-causes-outlook-and-exchange-disruption/]]|Misc|
|>|>|>|!2019.01.28|
|2019.01.28|DZone|[[Implementing AWS Virtual Private Cloud (VPC) Infrastructure with Terraform|https://dzone.com/articles/implementing-aws-virtual-private-cloud-vpc-infrast]]|AWS|
|2019.01.28|Christophe Parisel|[[Demystifying PaaS security (part 3)|https://www.linkedin.com/pulse/demystifying-paas-security-part-3-christophe-parisel/]] (3/3)|PaaS|
|2019.01.28|Tech Republic|[[How to become a cloud engineer: A cheat sheet|https://www.techrepublic.com/article/how-to-become-a-cloud-engineer-a-cheat-sheet/]]|Misc|
|2019.01.28|//Backblaze//|[[What's the Diff: DAM vs MAM|https://www.backblaze.com/blog/whats-the-diff-dam-vs-mam/]]|Misc|
|2019.01.28|//NeuVector//| → [[How to Secure Containers Using the NIST SP 800-190 Guide|https://neuvector.com/container-security/nist-sp-800-190/]]|Containers NIST|
!"//Five Years of the GitHub Bug Bounty Program!"//
[>img(100px,auto)[iCSA_/octocat-detective-1024x504.png]]^^Bien que publié le 28 février 2019 sur le blog de la CSA, cet article l'a déjà été il y a __une semaine__, le 19 février 2019 sur le site de GitHub.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/02/28/five-years-github-bug-bounty-program/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://github.blog/2019-02-19-five-years-of-the-github-bug-bounty-program/]].^^
!"//Bitglass Security Spotlight: Breaches Expose Millions of Emails, Texts, and Call Logs//"
[>img(100px,auto)[iCSA_/news-icon.png]]^^Bien que publié le 25 février 2019 sur le blog de la CSA, cet article l'a déjà été il y a __un mois__, le 14 janvier 2019 sur le site de Bitglass.
<<<
Les principales informations cybersécurité de ces dernières semaines sont :
* Des vulnérabilités en cybersécurité constatées dans le système de missiles américain
* Facebook partage des données d'utilisateurs privés avec Amazon, Netflix et Spotify
* Des données personnelles d'employés de la NASA ont été exposés
* Des ressortissants chinois accusés d'avoir piraté les principales bases de données d'entreprises américaines
* Des plaintes déposées par des employés de la Silicon Valley ont été exposés via le réseau social Blind
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/02/25/dod-facebook-nasa/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/dod-facebook-nasa]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Rocks, Pebbles, Shadow IT//"
[>img(100px,auto)[iCSA/J2JBR.jpg]]^^Bien que publié le 19 février 2019 sur le blog de la CSA, cet article l'a déjà été il y a __2 mois__, le 11 décembre 2018 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/02/19/rocks-pebbles-shadow-it/]] sur le blog de la CSA ou [[l'original|https://www.bitglass.com/blog/rocks-pebbles-shadow-it]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Rethinking Security for Public Cloud//"
[>img(100px,auto)[iCSA_/GettyImages-1031054922-1.jpg]]^^Bien que publié le 13 février 2019 sur le blog de la CSA, cet article l'a déjà été il y a __2 mois__, le 17 décembre 2018 sur le site de Symantec.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/02/13/rethinking-security-public-cloud/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.symantec.com/blogs/product-insights/rethinking-security-public-cloud]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Bitglass Security Spotlight: Financial Services Facing Cyberattacks//"
[>img(100px,auto)[iCSA_/hacker-hoodie.jpg]]^^Bien que publié le 12 février 2019 sur le blog de la CSA, cet article l'a déjà été il y a __2 mois__, le 12 décembre 2018 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/02/12/financial-services-facing-cyberattacks/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/bss-financial-cyberattacks]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//SaaS Apps and the Need for Specialized Security//"
[>img(100px,auto)[iCSA_/cdci.jpg]]^^Bien que publié le 8 février 2019 sur le blog de la CSA, cet article l'a déjà été il y a __presque 2 mois__, le 19 décembre 2018 sur le site de Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/02/08/saas-apps-and-the-need-for-specialized-security/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/saas-apps-specialized-security]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Bitglass Security Spotlight: Breaches Expose Millions of Emails, Texts, and Call Logs//"
[>img(100px,auto)[iCSA_/news-icon.png]]^^Bien que publié le 5 février 2019 sur le blog de la CSA, cet article l'a déjà été il y a __une semaine__, le 28 janvier 2019 sur le site de Bitglass.
<<<
Les principales informations cybersécurité de ces dernières semaines sont :
* 773 million email accounts published on hacking forum
* Unprotected FBI data and Social Security numbers found online
* Millions of texts and call logs exposed on unlocked server
* South Korean Defense Ministry breached by hackers
* Ransomware forces City Hall of Del Rio to work offline
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/02/05/breaches-expose-millions-emails-texts-call-logs/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/bss-breaches-expose-emails-texts-call-logs]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Janvier 2019]]>><<tiddler fAll2LiTabs13end with: Actu","201901>>
<<tiddler fAll2LiTabs13end with: Blog","201901>><<tiddler .ReplaceTiddlerTitle with: [[Blog - Janvier 2019]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Janvier 2019]]>><<tiddler fAll2LiTabs13end with: Publ","201901>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201901>>
<<tiddler fAll2Tabs10 with: VeilleM","_201901>>
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.01.26|
|2019.01.26|//NCC Group//|[[Xendbg: A Full-Featured Debugger for the Xen Hypervisor|https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/january/xendbg-a-full-featured-debugger-for-the-xen-hypervisor/]]|Misc|
|>|>|>|!2019.01.25|
|2019.01.25|Cloud Magazine[>img[iCSF/flag_fr.png]]|[[IoT : quand le constructeur ferme, tout ferme !|https://www.cloudmagazine.fr/actualites/iot-quand-le-constructeur-ferme-tout-ferme-7745]]|Misc|
|2019.01.25|ComputerWeekly|[[A cloud compliance checklist for the GDPR age|https://www.computerweekly.com/feature/A-cloud-compliance-checklist-for-the-GDPR-age]]|Misc|
|2019.01.25|Help Net Security|[[Vulnerable cloud infrastructure experiencing increasing attacks|https://www.helpnetsecurity.com/2019/01/25/cloud-infrastructure-attacks/]]|Misc|
|2019.01.25|TechnoFAQ|[[Top Trends in Cloud Security to Look Out in 2019|https://technofaq.org/posts/2019/01/top-trends-in-cloud-security-to-look-out-in-2019/]]|Misc|
|2019.01.25|CloudTech|[[Exploring specific security pain points with enterprise cloud adoption|https://www.cloudcomputing-news.net/news/2019/jan/25/exploring-specific-security-pain-points-enterprise-cloud-adoption/]]|Misc|
|2019.01.25|CBR Online|[[Microsoft Office 365 Outage: Day Two as Enterprise User Grumbles Grow|https://www.cbronline.com/news/microsoft-office-365-outage]]|Misc|
|2019.01.25|Chef|![[Understand how Chef Supports the AWS Shared Responsibility Model|https://blog.chef.io/2018/01/25/understand-chef-supports-aws-shared-responsibility-model/]]|Shared_Responsibility|
|2019.01.25|//ThreatStack//|[[50+ Best Cloud and Cloud Security Certifications|https://www.threatstack.com/blog/50-best-cloud-and-cloud-security-certifications]]|Misc|
|>|>|>|!2019.01.24|
|2019.01.24|TechCrunch|[[Massive mortgage and loan data leak gets worse as original documents also exposed|https://techcrunch.com/2019/01/24/mortgage-loan-leak-gets-worse/]]|Data_Leaks|
|2019.01.24|CBR Online|[[Microsoft Office 365 Down (Again): Mailbox Database Infrastructure Blamed|https://www.cbronline.com/news/microsoft-office-365-down]]|Misc|
|2019.01.24|TechRepublic|[[Hackers are still using cloud services to mask attack origin and build false trust|https://www.techrepublic.com/article/hackers-are-still-using-cloud-services-to-mask-attack-origin-and-build-false-trust/]]|Attacks|
|2019.01.24|CloudTech|[[Do cryptographic keys belong in the cloud?|https://www.cloudcomputing-news.net/news/2019/jan/24/do-cryptographic-keys-belong-cloud/]]|Misc|
|2019.01.24|//Netskope//|[[Targeted Attacks Abusing Google Cloud Platform Open Redirection|https://www.netskope.com/blog/targeted-attacks-abusing-google-cloud-platform-open-redirection]]|Misc|
|2019.01.24|//Securonix//|![[Detecting Persistent Cloud Infrastructure/Hadoop/YARN Attacks Using Security Analytics: Moanacroner, XBash, and Others|https://www.securonix.com/securonix-threat-research-detecting-persistent-cloud-infrastructure-hadoop-yarn-attacks-using-security-analytics-moanacroner-xbash-and-others/]]|Misc|
|2019.01.24|BetaNews| → [[Automated attacks target cloud infrastructure|https://betanews.com/2019/01/24/automated-attacks-cloud-infrastructure/]]|Report Attacks|
|2019.01.24|//Lacework//|[[Your etcd is Showing: Thousands of Clusters Open to the Internet|https://www.lacework.com/etcd-thousands-of-clusters-open/]]|Misc|
|2019.01.24|//Puresec//|![[Serverless & The Evolution In Cloud Security, FaaS vs. IaaS|https://www.puresec.io/blog/serverless-and-the-evolution-in-cloud-security]]|Serverless|
|2019.01.24|//ThreatPost//|![[Fighting Fire with Fire: API Automation Risks|https://threatpost.com/fighting-fire-with-fire-api-automation-risks/141163/]]|APIs|
|2019.01.24|//Aqua Security//|[[Amazon Firecracker: Isolating Serverless Containers and Functions|https://blog.aquasec.com/amazon-firecracker-serverless-container-security]]|Amazon Containers Isolation|
|2019.01.24|//AWS//|[[Updated whitepaper now available: Aligning to the NIST Cybersecurity Framework in the AWS Cloud|https://aws.amazon.com/blogs/security/updated-whitepaper-now-available-aligning-to-the-nist-cybersecurity-framework-in-the-aws-cloud/]]|NIST CyberSecurity_Framework Compliance|
|2019.01.24|//AWS//| → [[NIST Cybersecurity Framework (CSF): Aligning to the NIST CSF in the AWS Cloud|https://d0.awsstatic.com/whitepapers/compliance/NIST_Cybersecurity_Framework_CSF.pdf]]|NIST CyberSecurity_Framework Compliance|
|2018.01.24|//Rhino Security Labs//|[[Cloud Security Risks (Part 1): Azure CSV Injection Vulnerability|https://rhinosecuritylabs.com/azure/cloud-security-risks-part-1-azure-csv-injection-vulnerability/]] (1/2)|Risks AWS Injection|
|>|>|>|!2019.01.23|
|2019.01.23|//Oodrive//[>img[iCSF/flag_fr.png]]|[[SecNumCloud : la qualification des prestataires de services Cloud de confiance|https://www.oodrive.fr/blog/securite/secnumcloud-la-qualification-des-prestataires-de-services-cloud-de-confiance/]]|Misc|
|2019.01.23|ZDnet|[[Australian government gives Amazon Web Services protected level certification|https://www.zdnet.com/article/australian-government-gives-amazon-web-services-protected-level-certification/]]|AWS Compliance|
|2019.01.23|OnLine Theat|[[The "Microsoft Office 365 Recovery Details Threat" Phishing Scam|https://www.onlinethreatalerts.com/article/2019/1/23/the-microsoft-office-365-recovery-details-threat-phishing-scam/]]|Attacks|
|2019.01.23|//Armor//|[[Armor Detects and Neutralizes 681 Million Cyberattacks Launched at its Cloud Customers in 2018|https://www.armor.com/threat-intelligence/armor-detects-neutralizes-cyberattacks/]]|Report Attacks|
|2019.01.24|Dark Reading|↪ ![[Cloud Customers Faced 681M Cyberattacks in 2018|https://www.darkreading.com/attacks-breaches/cloud-customers-faced-681m-cyberattacks-in-2018/d/d-id/1333721]]|Report Attacks|
|2019.01.23|//Alcide//|[[Breaching the Cyber Defenses of Cloud Deployments with DNS Tunneling|https://blog.alcide.io/breaching-the-cyber-defenses-of-cloud-deployments-with-dns-tunneling]]|Misc|
|2019.01.23|//Fugue//|[[The Shared Responsibility Model and How it Affects Your Cloud Security|https://www.fugue.co/blog/the-shared-responsibility-model-and-how-it-affects-cloud-security]]|Best_Practices|
|2019.01.23|//Sensu//|[[Monitoring Kubernetes + Docker, part 2: Prometheus|https://blog.sensu.io/monitoring-kubernetes-docker-part-2-prometheus]]|K8s Docker Monitoring|
|>|>|>|!2019.01.22|
|2019.01.22|//42Crunch//|[[APIdays Paris 2018 - Five API Security Rules! (video)|https://www.youtube.com/watch?v=HLmiI9ZZUe8]]|APIs|
|2019.01.22|!//BitDefender//|[[The API Security Essentials You Need to Know|https://businessinsights.bitdefender.com/api-security-essentials]]|APIs|
|2019.01.22|//Backblaze//|[[Backblaze Hard Drive Stats for 2018|https://www.backblaze.com/blog/hard-drive-stats-for-2018/]]|Reliability|
|2019.01.22|//MacAfee//|[[When Sharing isn't Caring - Secure Your Cloud Collaboration|https://www.skyhighnetworks.com/cloud-security-blog/when-sharing-isnt-caring-secure-your-cloud-collaboration/]]|Misc|
|>|>|>|!2019.01.21|
|2019.01.21|NCSC UK|[[A number of holes leaking water in a bucket|https://www.ncsc.gov.uk/blog-post/theres-hole-my-bucket]]|AWS|
|2019.01.21|Help Net Security|![[Beware the man in the cloud: How to protect against a new breed of cyberattack|https://www.helpnetsecurity.com/2019/01/21/mitc-attack/]]|Attacks MitC|
|2019.01.21|ZDnet|[[Online casino group leaks information on 108 million bets, including user details|https://www.zdnet.com/article/online-casino-group-leaks-information-on-108-million-bets-including-user-details/]]|Data_Leaks|
|2019.01.21|//Zscaler//|[[Using SDP as an alternative to VPN: 6 questions admins often ask|https://www.zscaler.com/blogs/corporate/using-sdp-alternative-vpn-6-questions-admins-often-ask]]|SDP|
|2019.01.21|//Clearswift//|[[Advanced Information Security Features Microsoft Office 365|https://www.clearswift.com/blog/2019/01/21/advanced-information-security-features-microsoft-office-365]]|O365|
!Sondage SANS et CSA sur la sécurité du Cloud
[>img(400px,auto)[iCSA_/SANS2019_CloudSurvey.jpg]]La [[Cloud Security Alliance]] et le ''SANS Institute'' vous invitent à participer au sondage (''maintenant clos'')
:"''State of Cloud Security''"
* Sondage → --''CloudSecurityAlliance.fr/go/j1pS/''--
[img(25%,1px)[iCSF/BluePixel.gif]]
Pour vous préparer, voici la liste des 26 questions //en anglais// classées en 6 catégories ://
*+++*[Introduction]>
* 1. Does your organization use or work with cloud services? By responding to this question, you accept the terms of the privacy policy.
===
*+++*[Tell Us About You and Your Organization]>
* 2. What is your organization's primary industry?
* 3. What is the size of the workforce at your organization, including employees, contractors and consultants?
* 4. What is your primary role in your organization, whether as an employee or contractor?
* 5. In what countries or regions does your organization have operations?
* 6. In what country or region is your primary corporate headquarters? Select the best answer
===
*+++*[Characteristics of Your Use of Cloud Computing]>
* 7. What applications do you have in the public cloud?
* 8. How many public cloud providers do you use for business, communications, security, work sharing and other operations?
* 9. Are you currently using any of the following to handle end user cloud applications and multicloud scenarios?
===
*+++*[Concerns, Risk and Governance]>
* 10. Are you currently storing any of the following sensitive or regulated (compliance-related) data in the public cloud?
* 11. Have privacy regulations such as the General Data Protection Regulation (GDPR) impacted your organization's existing or planned cloud strategy?
* 12. What are your organization's major concerns related to the use of public cloud for business apps? What major concerns were actually realized in the past 12 months?
* 13. Has your organization experienced an incident or actual breach with the past 12 months involving your public cloud applications and/or data?
* 14. What was involved in the attack(s)?
===
*+++*[Security in the Cloud]>
* 15. Do you currently have cloud security and governance policies in place?
* 16. Which of the following technologies have you successfully implemented to protect sensitive data and access in your public cloud environment(s), whether internally managed and/or in the form of Security-as-a-Service?
* 17. Are you currently leveraging cloud provider APIs to access and automate security controls within your cloud environments?
* 18. For what types of security controls and functions are you using cloud provider APIs?
* 19. Which of the following security technologies have you been able to integrate between your in-house environment and public cloud? Which are you planning on integrating within the next 12 months?
* 20. Which of the following security technologies have you successfully implemented with a single vendor product or control in both your in-house environment and public cloud? Which are you planning on implementing in the next 12 months?
* 21. How are you are leveraging IAM capabilities and tools for the cloud?
* 22. Which of the following automation and orchestration tools are you leveraging to aid in security controls implementation or processes?
===
*+++*[Auditing and Assessing]>
* 23. What types of audit and security reports from your cloud providers do you find the most useful?
* 24. Are you able to perform regular penetration tests of your public cloud assets and data?
* 25. What challenges have you faced in adapting your IR and forensics analysis to the cloud?
* 26. Cloud computing is a dynamic field. Please briefly share any thoughts about trends in cloud computing and the methodologies, tools and techniques that will be needed to improve the security of cloud environments. === //
[>img(200px,auto)[iCSA/K4PCCSK.png]]Article rédigé par ''+++[Guillaume Boutisseau] [img(98%,1px)[iCSF/BluePixel.gif]]^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]] ==='', ''CCSK Authorized Instructor''^^1^^ qui anime des formations [[CCSK]] officielles en français pour le ''CCSK Foundation'' et le ''CCSK Plus''.
!CCSK : Certificate of Cloud Security Knowledge
Le [[CCSK]] - [[Certificate of Cloud Security Knowledge|CCSK]] - est une certification crée par Cloud Security Alliance, qui a pour but de valider la compétence d'un individu dans le domaine de la sécurité dans le Cloud. C'est une certification "//vendor neutral//", c'est-à-dire que les compétences validées par le [[CCSK]] s'appliquent à tous les Clouds (AWS, Azure, Google, et tous les autres). Le [[CCSK]] est reconnu sur tous les continents et fait partie des meilleures certifications cloud depuis déjà plusieurs années.
La version actuelle du [[CCSK]] - version 4 - est disponible depuis fin décembre 2017 et donc se trouve être la certification la plus à jour dans le domaine de la sécurité dans le cloud.
Le [[CCSK]] couvre 2 catégories de domaines:
# des domaines d'ordre stratégique: les questions de gouvernance, risque, compliance, la démarcation des responsabilités entre le fournisseur et l'utilisateur cloud, le RGPD, les audits, le Cloud Control Matrix, ...
# des domaines d'ordre technique et opérationnel: la virtualization, les infrastructures container et serverless, la fédération des identités , les contrôles d'accès, le single-sign-on, le cryptage/chiffrement des données et la gestion des clés, devops et devsecops, le big data, la gestion des incidents, ...
C'est une gamme de domaines assez large, et c'est précisement ce qui fait la particularité du [[CCSK]], sa difficulté et aussi sa valeur. Il est en effet peu fréquent de trouver des individus ayant une bonne compréhension des aspects stratégiques et opérationels qui impactent la sécurité des données et des applications qui résident dans le cloud. Ceux qui possèdent cette compétence sont très demandés et l'expansion du cloud entretient et renforce cette demande.
{{floatC{[img(600px,auto)[iCSA_/Training_Banner.jpg]]}}}
Pour obtenir le [[CCSK]], il faut passer un examen qui comporte 60 questions, dure 90 minutes et est "//open book//" - ce qui veut dire qu'on peut consulter des documents pendant l'examen, mais ça ne le rend pas plus facile pour autant, les questions sont suffisamment compliquées pour rendre l'examen difficile même dans ces conditions.
Pour se préparer au [[CCSK]], il y a 2 options :
* soit on peut télécharger un "//self study kit//" sur le site Cloud Security Alliance et se préparer à l'examen soi-même (c'est possible pour ceux qui ont déjà une solide expérience du cloud et ont une motivation et une discipline suffisantes pour se préparer en solo). Le "//self study kit//" contient tous les documents nécessaires à la préparation de l'examen.
:→ https://cloudsecurityalliance.org/education/ccsk/#_prepare
* soit on peut aussi suivre une formation plus officielle, organisée par un ''CCSK Authorized Instructor''.
Dans ce dernier cas, deux formules sont proposées:
# la formation ''CCSK Foundation'' dure 2 jours et couvre toute la théorie nécessaire à la préparation de l'examen
# la formation ''CCSK Plus'' dure 3 jours, couvre tout le ''CCSK Foundation'' (décrit plus haut), et contient en plus une série de travaux pratiques et exercices sur le Cloud AWS, afin de renforcer la compréhension des aspects théoriques nécessaires à la préparation de l'examen. ''CCSK Plus'' est la formation la plus demandée, les personnes qui souhaitent obtenir le [[CCSK]] choisissent très souvent cette formule.
La liste des ''CCSK Authorized Instructors'' est disponible :
:→ https://cloudsecurityalliance.org/education/#_instructors
Les formations sont généralement dispensées en Anglais, mais elles pourront dorénavant aussi l'être en Français maintenant qu'un premier Français est devenu ''CCSK Authorized Instructor''.
{{floatC{[img(600px,auto)[iCSA_/CCSK_banner.jpg]]}}}La sécurité est un aspect essentiel du Cloud, au même titre que la performance et le coût, et il est important de bien comprendre les étapes et les éléments nécessaires à la sécurisation des données et applications qui y résident. Le [[CCSK]] vous permet de développer et prouver votre compétence dans ce domaine, il vous aide aussi à prendre les bonnes décisions dans les projets et les missions faisant appel à l'utilisation du Cloud, comme par exemple le transfert d'une infrastructure IT dans le Cloud ou encore le dévelopement d'une architecture IT directement dans le Cloud.
Le [[CCSK]] s'adresse à toutes les personnes qui sont impliquées dans le Cloud ou impactées par le Cloud, aussi bien d'un point de vue technique (architectures et composants techniques des solutions Cloud, ...) que d'un point de vue moins technique (gestion du risque, conformité aux régulations, responsabilités juridiques dans l'environnement Cloud, ...).
Si vous vous reconnaissez dans ces catégories, le [[CCSK]] est fortement recommandé, il vous permettra de naviguer plus rapidement et plus efficacement dans l'environnement du Cloud.
[img(98%,1px)[iCSF/BluePixel.gif]]
^^<<tiddler [[Guillaume Boutisseau]]>>^^[img(98%,1px)[iCSF/BluePixel.gif]]
<<tiddler [[arOundGB]]>>
!"//CCSK Success Stories: From the Financial Sector//"
[>img(150px,auto)[iCSA_/CCSKtraining.png]]Article de blog publié le 24 janvier 2019 —
<<<
__''Retour d'expérience sur le [[CCSK]] : dans le secteur Finances''__
Deuxième partie d'une série de blogs sur la formation à la sécurité dans le Cloud axé sur le secteur Finances.
John C. Checco est président émérite de la "New York Metro InfraGard Members Alliance", ainsi qu'un professionnel de la sécurité de l'information qui propose son expertise dans divers secteurs. John est également pompier volontaire et formateur, romancier amateur, et donneur de sang.
[...]
//Question : quels sont vos recommendations pour ceux qui envisagent de suivre la formation [[CCSK]] ?
J'ai quatre conseils à donner :
# Ayez une expérience concrète avant de tenter une certification... les médecins, les infirmières, les architectes et les ingénieurs sont tenus d'en avoir, alors pourquoi pas les professionnels de la sécurité de l'information ?
# Prenez l'habitude d'apprendre quelque chose chaque jour... tout savoir devient obsolète, pas l'intelligence.
# Évitez les raccourcis, comme les formations accélérées, c'est une cure d'ignorance.
# Restez humble, gardez l'esprit ouvert et écoutez avant de parler... les choses évoluent, alors ce que vous saviez être juste aujourd'hui peut ne plus l'être demain. Personne ne souhaite avoir la réputation de "CIA" (non pas "Confidentiality / Integrity / Availability", mais "Certifié, Ignorant et Arrogant").
//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/01/24/ccsk-success-stories-financial-sector/]] sur le blog de la CSA
⇒ Lire la première partie+++*[ici]> <<tiddler [[2018.11.19 - CCSK Success Stories]]>>===
|!Janvier|!Sources|!Titres et Liens|!Synthèses|
|2019.01.24|CSA|[[Cloud Security Alliance Celebrates 10th Anniversary at CSA Summit at RSA Conference 2019|https://cloudsecurityalliance.org/articles/csa-celebrates-10th-anniversary-at-rsa-conference-2019/]]|IBM, Starbucks, Turner CISOs to Give Keynote Addresses|
|2019.01.14|CSA|[[New Cloud Security Alliance Study Finds Cybersecurity Incidents and Misconceptions Both Increase as Critical ERP Systems Migrate to Clouds|https://cloudsecurityalliance.org/articles/new-cloud-security-alliance-study-find-cybersecurity-incidents-and-misconceptions-both-increase-as-critical-erp-systems-migrate-to-the-cloud/]]|
!Sondage "Top Threats" : derniers jours !
La [[Cloud Security Alliance]] a lancé en novembre 2018 un sondage conçu par le [[Groupe de Travail - Top Threats]] pour déterminer uelles sont les menaces perçues par la communauté Cloud.
Ce sondage comporte 19 questions et thèmes à évaluer sur une échelle de "0" et "10". Il prend environ 6 minutes à compléter.
Ce sera grâce à vos contributions que nous pourrons finaliser notre travail au sein du [[Groupe de Travail - Top Threats]] et de rédiger le prochain rapport "Top Threats 2018" de la [[Cloud Security Alliance]].
Un tirage au sort parmi les participants ayant rempli complètement le sondage permettra de gagner des bons Amazon et un jeton pour passer la certification [[CCSK]].
Le sondage sera bientôt clos, alors ne tardez pas !
* Sondage ⇒ ''[[CloudSecurityAlliance.fr/go/j1ls/|https://cloudsecurityalliance.fr/go/j1ls/]]''
Pour vous préparer, voici la liste des 19 questions //en anglais// telles que posées dans le sondage ://
* 1. Misconfiguration and Inadequate Change Control+++*[exemples »]>Misconfigurations such as exposing S3 buckets ===
* 2. Insufficient Identity, Credential, Access and Key Management+++*[exemples »]>Lack of scalable identity access management systems ===
* 3. Metastructure and Applistructure Failures+++*[exemples »]>Poor implementation of SSO or APIs leading to data breaches ===
* 4. Insider Threat+++*[exemples »]>Malicious or accidental insider threats ===
* 5. System Vulnerabilities+++*[exemples »]>DirtyCow Linux Privilege escalation vulnerability ===
* 6. IoT Botnets+++*[exemples »]>IoT botnets used to launch large scale DDoS attacks ===
* 7. Limited Cloud Visibility Usage+++*[exemples »]>Ability to monitor configuration and policy controls of cloud assets across organization ===
* 8. Hybrid Cloud Exposure+++*[exemples »]>Attacker using public cloud to pivot into on-prem environment ===
* 9. Weak Control Plane+++*[exemples »]>Granular application-layer access and privilege management controls ===
* 10. Shared Technology Vulnerabilities+++*[exemples »]>VENOM vulnerability allowing VM sandbox escape ===
* 11. Supply Chain Security+++*[exemples »]>Security of IaaS provider of a SaaS provider ===
* 12. Abuse and Nefarious Use of Cloud Services+++*[exemples »]>Attackers using cloud storage to exfiltrate data ===
* 13. Malware and Malicious Code+++*[exemples »]>ransomware using cloud storage as attack vector ===
* 14. Denial of Service+++*[exemples »]>Cloud outages ===
* 15. Data Breaches+++*[exemples »]>Unauthorized disclosure of information like personal health information ===
* 16. Cloud Provider Compromise+++*[exemples »]>Code Spaces ===
* 17. Account Hijacking+++*[exemples »]>Stealing access tokens allowing the attacker to gain access to cloud account ===
* 18. Lack of Cloud Security Architecture and Strategy+++*[exemples »]>Lift and shift of controls from on-prem into a cloud environment leading to security gaps ===
* 19. Insecure Interfaces and APIs+++*[exemples »]>API key leakage such as posting on Github === //
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.01.18|
|2019.01.18|Help Net Security|[[Protecting privileged access in DevOps and cloud environments|https://www.helpnetsecurity.com/2019/01/18/protecting-privileged-access/]]|Misc|
|2019.01.18|Dark Reading|[[8 Tips for Monitoring Cloud Security|https://www.darkreading.com/threat-intelligence/8-tips-for-monitoring-cloud-security/d/d-id/1333666]]|Misc|
|>|>|>|!2019.01.17|
|2019.01.17|Les Echos[>img[iCSF/flag_fr.png]]|[[Cloud hybride : la sécurité en question|https://www.lesechos.fr/idees-debats/cercle/cercle-191176-opinion-cloud-hybride-la-securite-en-question-2237111.php]]|Hybrid_Cloud|
|2019.01.17|CESIN[>img[iCSF/flag_fr.png]]|[[4ème édition du baromètre annuel du CESIN - Analyse exclusive de la cybersécurité des grandes entreprises françaises|https://www.cesin.fr/actu-4eme-edition-du-barometre-annuel-du-cesin.html]]|Misc|
|2019.01.22|Sécurité & Défense Mag[>img[iCSF/flag_fr.png]]|![[Disponibilité des services Cloud : le Cesin met en garde les dirigeants d'entreprises et prône la cyber-résilience|https://sd-magazine.com/securite-numerique-cybersecurite/disponibilite-des-services-cloud-le-cesin-met-en-garde-les-dirigeants-dentreprises-et-prone-la-cyber-resilience]]|Misc|
|2019.01.30|InformatiqueNews[>img[iCSF/flag_fr.png]]|[[Le CESIN prône la cyber-résilience|https://www.informatiquenews.fr/le-cesin-prone-la-cyber-resilience-60032]]|Resilience|
|2019.02.26|CloudComputing.FR[>img[iCSF/flag_fr.png]]| → [[Cloud : le Cesin met en garde les dirigeants d'entreprises|https://www.cloudmagazine.fr/actualites/cloud-le-cesin-met-en-garde-les-dirigeants-dentreprises-7803]]|Misc|
|2019.01.17|Solutions Review|[[The Top 6 Cloud Security Vendors to Watch in 2019|https://solutionsreview.com/cloud-platforms/the-top-6-cloud-security-vendors-to-watch-in-2019/]]|Misc|
|2019.01.17|Continuity Central|[[Cyber security incidents and misconceptions both increase as critical ERP systems migrate to the cloud|https://www.continuitycentral.com/index.php/news/technology/3640-cyber-security-incidents-and-misconceptions-both-increase-as-critical-erp-systems-migrate-to-the-cloud]]|Misc|
|2019.01.17|eWeek|[[Report Looks at Security Misconceptions of Moving ERP to Cloud|https://www.eweek.com/security/report-looks-at-security-misconceptions-of-moving-erp-to-cloud]]|Report|
|2019.01.17|cloudTech|[[Enterprises more confident with cloud than ever - but still concern over security issues|https://www.cloudcomputing-news.net/news/2019/jan/17/enterprises-more-confident-cloud-ever-still-concern-over-security-issues/]]|Misc|
|2019.01.14|//Threatpost//|[[Cryptomining Malware Uninstalls Cloud Security Products|https://threatpost.com/cryptomining-malware-uninstalls-cloud-security-products/140959/]]|Misc|
|2019.01.17|//ParkMyCloud//|[[Cloud Container Services Comparison|https://www.parkmycloud.com/blog/cloud-container-services-comparison/]]|Containers|
|2019.01.17|//Palo Alto//|![[Malware Used by "Rocke" Group Evolves to Evade Detection by Cloud Security Products|https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/]]|Misc|
|2019.01.17|CloudTech|[[Enterprises more confident with cloud than ever - but still concern over security issues|https://www.cloudcomputing-news.net/news/2019/jan/17/enterprises-more-confident-cloud-ever-still-concern-over-security-issues/]]|Misc|
|2019.01.17|//Microsoft//|[[Microsoft Azure DevOps Bounty Program|https://www.microsoft.com/en-us/msrc/bounty-azure-devops]]|Azure|
|2019.01.17|//Microsoft//| → [[Announcing the Microsoft Azure DevOps Bounty program|https://blogs.technet.microsoft.com/msrc/2019/01/17/azure-devops-bounty-program/]]|Azure|
|2019.01.17|CBR Online| → [[Microsoft Bug Bounty Programme Expands to Azure DevOps|https://www.cbronline.com/news/microsoft-bug-bounty]]|Azure|
|2019.01.17|Dark Reading| → [[Microsoft Launches New Azure DevOps Bug Bounty Program|https://www.darkreading.com/vulnerabilities-and-threats/microsoft-launches-new-azure-devops-bug-bounty-program/d/d-id/1333678]]|Azure|
|>|>|>|!2019.01.16|
|2019.01.16|Olivier Iteanu|![[Cloud Act : halte à la propagande !|https://blog.iteanu.law/index.php?post/2019/01/16/Cloud-Act-%3A-halte-%C3%A0-la-propagande-%21]]|CLOUD_Act|
|2019.01.16|//Microsoft//|![[Step 3. Protect your identities: top 10 actions to secure your environment (1/4)|https://www.microsoft.com/security/blog/2019/01/16/step-3-protect-your-identities-top-10-actions-to-secure-your-environment/]]|AzureAD O365|
|2019.01.16|//Deloitte//|![[DevSecOps and the cyber imperative|https://www2.deloitte.com/insights/us/en/focus/tech-trends/2019/embedding-security-devops-pipelines-devsecops.html]]|DevOps|
|2019.01.16|InfoWorld|[[ERP cloud migration and its complexities|https://techhq.com/2019/01/erp-cloud-migration-and-its-complexities/]]|Misc|
|2019.01.16|UberKnowledge|[[Communities, GDPR Opportunities and Security in IoT|https://www.uberknowledge.com/jim-reavis-ceo-and-co-founder-of-cloud-security-alliance/]]|Misc|
|2019.01.16|TheLastWatchdog|[[What your company should know about addressing Kubernetes security|https://www.lastwatchdog.com/guest-essay-what-all-companies-should-know-about-securing-kubernetes/]]|K8s|
|2019.01.16|//ThreatStack//|![[AWS Security Readiness Checklist|https://www.threatstack.com/blog/aws-security-readiness-checklist]]|AWS|
|2019.01.16|//Simlane//|[[New year, new security - Part 2: Cloud computing use cases|https://swimlane.com/blog/new-year-new-security-cloud/]]|Misc|
|>|>|>|!2019.01.15|
|2019.01.15|ZDNet.fr[>img[iCSF/flag_fr.png]]|[[5 priorités à observer pour bien choisir et déployer son offre de services cloud|https://www.zdnet.fr/actualites/5-priorites-a-observer-pour-bien-choisir-et-deployer-son-offre-de-services-cloud-39879293.htm]]|Misc|
|2019.01.15|Solutions Review|[[Gartner's 2019 Magic Quadrant for Cloud Management Platforms: Key Takeaways|https://solutionsreview.com/cloud-platforms/gartners-2019-magic-quadrant-for-cloud-management-platforms-key-takeaways/]]|Misc|
|2019.01.15|InfoWorld|[[What you must know about moving ERP to the cloud|https://www.infoworld.com/article/3332926/cloud-computing/what-you-must-know-about-moving-erp-to-the-cloud.html]]|Misc|
|2019.01.15|Maarten Goet|[[Securing Kubernetes on Microsoft Azure: are your container doors wide open?|https://medium.com/@maarten.goet/securing-kubernetes-on-microsoft-azure-are-your-container-doors-wide-open-bb6e879cec5d]]|Azure Kubernetes|
|2019.01.15|BW BusinessWorld|[[Cybersecurity Incidents and Misconceptions Increase as Critical ERP Systems Migrate to Clouds|http://bwcio.businessworld.in/article/Cybersecurity-Incidents-and-Misconceptions-Increase-as-Critical-ERP-Systems-Migrate-to-Clouds/15-01-2019-166127]]|Incidents ERP|
|2019.01.15|Hogan Lovells|[[Demystifying the U.S. CLOUD Act: Assessing the law's compatibility with international norms and the GDPR|https://www.hoganlovells.com/en/publications/demystifying-the-us-cloud-act]]|CLOUD_Act|
|2019.01.15|//Zscaler//|[[Why some companies are waiting to adopt the cloud|https://www.zscaler.com/blogs/corporate/why-some-companies-are-waiting-adopt-cloud]]|Perception|
|2019.01.15|//Aqua Security//|![[Managing and Securing Kubernetes Secrets: A Complete Guide|https://blog.aquasec.com/managing-kubernetes-secrets]]|K8s|
|>|>|>|!2019.01.14|
|2019.01.14|IoT Innovator|[[Cloud Security Alliance Study Reveals Rise in Cybersecurity Incidents and Misconceptions as Critical ERP Systems Migrate to Clouds|http://iotinnovator.com/cloud-security-alliance-study-reveals-rise-in-cybersecurity-incidents-and-misconceptions-as-critical-erp-systems-migrate-to-clouds/]]|Incidents ERP|
|2019.01.14|//BitDefender//|![[Container Security Incidents to Rise in 2019 as Companies Knowingly Deploy Vulnerable Containers|https://businessinsights.bitdefender.com/container-security-incidents-to-rise-in-2019-as-companies-knowingly-deploy-vulnerable-containers]]|Report Container|
|2019.01.14|SecurityWeek|[[Security Expectations and Mis-Conceptions in Migrating ERP to the Cloud|https://www.securityweek.com/security-expectations-and-mis-conceptions-migrating-erp-cloud]]|ERP|
|2019.01.14|Help Net Security|[[Most organizations are migrating data for ERP apps to the cloud|https://www.helpnetsecurity.com/2019/01/14/migrating-data-for-erp-apps-to-the-cloud/]]|ERP|
|2019.01.14|Diginomica|[[Cloud ERP taking off but confusion persists around security and control topics|https://diginomica.com/2019/01/14/cloud-erp-taking-off-but-confusion-persists-around-security-and-control-topics/]]|Misc|
|2019.01.14|Health Data Mgmt|[[How to address the skills gap in cloud security|https://www.healthdatamanagement.com/opinion/addressing-the-skills-gap-in-cloud-security-professionals]]|Misc|
|2019.01.14|Cloud Tech|[[Cloud Security Alliance: Cloud ERP making waves but caution persists around security|https://www.cloudcomputing-news.net/news/2019/jan/14/cloud-security-alliance-cloud-erp-making-waves-caution-persists-around-security/]]|Misc|
|2019.01.14|TechBizWeb|[[Security Expectations and Mis-Conceptions in Migrating ERP to the Cloud|https://techbizweb.com/security-expectations-and-mis-conceptions-in-migrating-erp-to-the-cloud/]]|Misc|
|2019.01.14|//Threatpost//|[[Hack Allows Escape of Play-with-Docker Containers|https://threatpost.com/hack-allows-escape-of-play-with-docker-containers/140831/]]|Docker|
|2019.01.14|//FireOaks//|[[Is it time to 'spin down' some of your virtual machines?|https://fireoakstrategies.com/virtual-machine-retirement-time/]]|Misc|
|2019.01.14|Cloud native Computing Foundation|[[9 Kubernetes Security Best Practices Everyone Must Follow|https://www.cncf.io/blog/2019/01/14/9-kubernetes-security-best-practices-everyone-must-follow/]]|K8s Best_Practices|
!Mise à jour des annexes de la Cloud Controls Matrix (CCM)
[>img(150px,auto)[iCSA/CCM.png]]La [[Cloud Security Alliance]] avait lancé en novembre 2018 un appel à commentaires sur 2 annexes de la [[Cloud Controls Matrix|Publications - Cloud Controls Matrix]] ([[CCM]]) V3.0.1 pour les normes suivantes :
# ISO/IEC 27002:2013, ISO/IEC 27017:2015 et ISO/IEC 27018:2014.
# Office fédéral allemand de la sécurité de l'information (BSI) : Cloud Computing Compliance Controls Catalogue (C5)
Le résultat est maintenant disponible sous la forme de deux documents :
* Document "//CCM v3.0.1 Addendum - ISO 27002 27017 27018 v1.1//"
** Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/j1i7/|https://cloudsecurityalliance.fr/go/j1i7/]]''
** Fichier XLSX ⇒ ''[[CloudSecurityAlliance.fr/go/j1i8/|https://cloudsecurityalliance.fr/go/j1i8/]]''
* Document "//CCM v3.0.1 Addendum - BSI Germany C5 v1//"
** Annonce ⇒ ''[[CloudSecurityAlliance.fr/go/j1ib/|https://cloudsecurityalliance.fr/go/j1ib/]]''
** Fichier XLSX ⇒ ''[[CloudSecurityAlliance.fr/go/j1ic/|https://cloudsecurityalliance.fr/go/j1ic/]]''
Ces documents contiennent :
* une équivalence entre les normes susmentionnées et la [[Cloud Controls Matrix|Publications - Cloud Controls Matrix]] (exemple : quel(s) contrôle(s) dans la CCM correspond(ent) à chaque contrôle donné dans la norme ISO 27017),
* une analyse des écarts,
* les contrôles de réduction des écarts (les annexes à proprement parlé).
__Liens de téléchargement :__ voir ci-dessus.
!La Commission Européenne lance 2 consultations publiques
Tous les acteurs sont invités à faire part de leurs commentaires et de leurs réflexions sur ces deux thèmes importants.
# ''SWIPO'' qui traite de la libre circulation des données non personnelles
** Le groupe de travail des parties prenantes sur la commutation et le portage des données dans le nuage (ou //SWIPO// pour "Cloud Switching and Porting Data" Stakeholder Working Group) a lancé une consultation publique sur le code de conduite pour le SaaS (//Software-as-a-Service//)
** Dans le cadre du règlement sur la libre circulation des données non personnelles, la Commission européenne a encouragé l'élaboration, sur une base autorégulatrice, d'un code de conduite pour le transfert et le portage des données dans le Cloud.
# ''CSPCERT'' sur les certifications pour la sécurité du Cloud
** Les 2 documents à consulter au préalable :
### "//''CSP Cert Milestone 1: Security Requirements''//"
**** Lien court ⇒ ''[[CloudSecurityAlliance.fr/go/j1h1/|https://cloudsecurityalliance.fr/go/j1h1/]]''
### "//''CSP Cert Milestone 2: Conformity Assessment Methodologies''//"
**** Lien court ⇒ ''[[CloudSecurityAlliance.fr/go/j1h2/|https://cloudsecurityalliance.fr/go/j1h2/]]''
** [>img(300px,auto)[iCSA_/CSPCERT_logo.jpg]]Le site de référence pour suivre les évolutions → https://www.cspcert.eu
** Annonce d'un rapport "//Regulating cloud computing in Europe: new study considers the options for certification schemes//" de la Commission Européenne en novembre 2018 :
*** Lien court ⇒ ''[[CloudSecurityAlliance.fr/go/ib9a/|https://cloudsecurityalliance.fr/go/ib9a/]]''
** Rapport "//Certification Schemes for Cloud Computing//"
*** Lien court ⇒ ''[[CloudSecurityAlliance.fr/go/ib9a/|https://cloudsecurityalliance.fr/go/ib9r/]]''
** Annonce "//ENISA Cloud Certification Schemes Metaframework//" de l'ENISA en janvier 2015
*** Lien court ⇒ ''[[CloudSecurityAlliance.fr/go/f1ta/|https://cloudsecurityalliance.fr/go/f1ta/]]''
** La bilan ENISA "CCSL - the Cloud Certification Schemes List" et "CCSM - the Cloud Certification Schemes Metaframework" de janvier 2015
*** Lien court ⇒ ''[[CloudSecurityAlliance.fr/go/f1tw/|https://cloudsecurityalliance.fr/go/f1tw/]]''
Attention : les délais pour répondre sont ''très courts'' :
* Date limite SWIPO : ''jeudi 31 janvier 2019 à 23h59''
** Lien court : ''[[CloudSecurityAlliance.fr/go/j1hs/|https://cloudsecurityalliance.fr/go/j1hs/]]''
** A noter : pour répondre à ce questionnaire il est nécessaire de s'authentifier avec un compte Gmail ...
* Date limite CSPCERT : ''dimanche 3 février 2019 à 23h59''
** Lien court : ''[[CloudSecurityAlliance.fr/go/j1hc/|https://cloudsecurityalliance.fr/go/j1hc/]]''
** Le "//Questionnaire for the Open Consultation of the European Cloud Security Certification framework proposed by the CSP Certification Stakeholder Group//" contient 5 catégories de questions+++*[»]> Les catégories sont ://
# Block 1: About your profile
# Block 2: Landscape on certification Schemes, Standards and Best Practices
# Block 3: Requirements to be fulfilled by a Cloud Security certification framework
# Block 4: Conformity Assessments
# Block 5: Feedback on the Milestone 1 and Milestone 2 documents of the CSPCERT Group
// ===
C'est l'occasion de promouvoir deux des travaux de la [[Cloud Security Alliance]] :
* la [[Cloud Controls Matrix|Publications - Cloud Controls Matrix]] ([[CCM]]),
* le programme [[CSA STAR]].
''Le participation de chacun d'entre vous à ces consultations sera donc très appréciée.''
Le mail original transmis par la Commission Européenne est le suivant
<<<
|//<<tiddler [[2019.01.17 - Consultations de la Commission Européenne - 2]]>>// |
<<<
Subject: Launch of public consultations on cloud self-regulation
<<<
Dear cloud stakeholders,
As we stand at the start of the New Year, I would like to wish all of you a prosperous 2019.
This email intends to draw your attention to two public consultations that are currently open for your input. They both concern the ongoing self-regulatory work of the DSM cloud stakeholder working groups related to the implementation of the Free Flow of non-personal Data Regulation https://eur-lex.europa.eu/eli/reg/2018/1807/oj : SWIPO (on the porting of data and the switching between cloud service providers) and CSPCERT (on cloud security certification).
1. SWIPO Public consultation on the SaaS Code of Conduct (''deadline: 31 January, 23:59hrs'')
For the consultation and relevant documents click here: https://swipo.page.link/SaaS-pc
The SWIPO WG is developing codes of conduct on data portability, to facilitate easier switching between cloud service providers and on-premise systems, thereby reducing vendor lock-in. This work has been mandated by Article 6 in the Free flow of non-personal data Regulation. The work has been ongoing since 17 April 2018 and should be completed by 29 November 2019.
SWIPO currently consists of two sub-WGs: one working on Infrastructure-as-a-Service (IaaS) cloud services and the other one on Software-as-a-Service (SaaS) cloud services.
2. CSPCERT Public consultation on Milestone 1 and Milestone 2 (''deadline: 3 February, 23:59hrs'')
For the consultation and relevant documents click here: https://ec.europa.eu/eusurvey/runner/cspcertconsultation
The CSPCERT WG, which was created on 12 December 2017, is exploring the possibility of developing a European Cloud Certification Scheme in the context of the Cybersecurity Act. The objective of this WG is to come up with a recommendation that will be submitted to ENISA (the European Cybersecurity agency) and the European Commission. Both the European Commission and ENISA are closely monitoring the process so that input can be taken into account along the way.
The CSPCERT WG has developed a three-stage working process with the objective of reaching different 'milestones'. The present public consultation considers milestone 1 and 2 on security requirements and conformity assessment methodologies, and will help the CSPCERT WG to reach its final objective of developing a recommendation for a European cloud security certification scheme.
Should you have not done so already, I strongly recommend taking part in the above public consultations. The participating stakeholders in SWIPO and CSPCERT have worked very hard to come to the documents that are now submitted to the broader constituency for their feedback. Of course, these results depend on certain strategic choices. Your opinion on this content will enable them validate their orientations, and improve their deliverables, which will result in better self-regulation for all cloud stakeholders in the EU.
The self-regulatory process
Both WGs consist of stakeholders with relevant legal, technical and economical expertise and professional experience. Among the participants, there are users, providers and relevant public and supervisory authorities. Efforts are made to maintain a continuous balance between participation of the demand and supply side, as well as SMEs and big market actors in the cloud value chain.
Would you like to join SWIPO or CSPCERT? Membership is free, inclusive and open to all. Please contact my colleague Witte Wijsmuller at witte point wijsmuller at ec point europa point eu and he will be able to direct you further.
<<<
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.01.13|
|2019.01.13|//Microsoft//|![[Journalisation et audit Azure|https://docs.microsoft.com/fr-fr/azure/security/azure-log-audit]]|Azure Logging|
|>|>|>|!2019.01.12|
|2019.01.12|Security Affairs|[[Z-WASP attack: hackers used Zero-Width spaces to bypass Office 365 protections |https://securityaffairs.co/wordpress/79791/hacking/z-wasp-attack-phishing.html]]|Misc|
|>|>|>|!2019.01.11|
|2019.01.11|!CSA|[[New Cloud Security Alliance Study Finds Cybersecurity Incidents and Misconceptions Both Increase as Critical ERP Systems Migrate to Clouds|https://cloudsecurityalliance.fr/go/j1bc/]] ([[rapport|https://cloudsecurityalliance.fr/go/j1bt/]])|Misc|
|2019.01.11|ITworld| → [[Moving ERP to the cloud? Expect delays|https://www.itworld.com/article/3342616/moving-erp-to-the-cloud-expect-delays.html]]|Misc|
|2019.01.11|DevOps|[[New Cloud Security Alliance Study Finds Cybersecurity Incidents and Misconceptions Both Increase as Critical ERP Systems Migrate to Clouds|https://devops.com/new-cloud-security-alliance-study-finds-cybersecurity-incidents-and-misconceptions-both-increase-as-critical-erp-systems-migrate-to-clouds/]]|Misc|
|2019.01.11|Politico|[[Incoming NASS leader rejects Democrats' election security bill|https://www.politico.com/newsletters/morning-cybersecurity/2019/01/11/incoming-nass-leader-rejects-democrats-election-security-bill-476912]]|Misc|
|2019.01.11|Health Data Mgmt|[[Concern for security of data in the cloud worries IT execs|https://www.healthdatamanagement.com/news/concern-for-security-of-data-in-the-cloud-worries-it-execs]]|Misc|
|2019.01.11|eWeek|[[The Security Challenges of Moving ERP to the Cloud|http://www.eweek.com/security/the-security-challenges-of-moving-erp-to-the-cloud]]|Misc|
|2019.01.11|Dark Reading|[[Who Takes Responsibility for Cyberattacks in the Cloud?|https://www.darkreading.com/vulnerabilities---threats/who-takes-responsibility-for-cyberattacks-in-the-cloud/d/d-id/1333637]]|Misc|
|2019.01.11|Tech Republic|[[69% of enterprises moving business-critical applications to the cloud|https://www.techrepublic.com/article/69-of-enterprises-moving-business-critical-applications-to-the-cloud/]]|Misc|
|2019.01.11|//McAfee//|[[The Shifting Risk Profile in Serverless Architecture|https://securingtomorrow.mcafee.com/business/cloud-security/the-shifting-risk-profile-in-serverless-architecture/]]|Serverless|
|2019.01.11|//phoenixNAP//|[[Cloud Security Tips to Reduce Security Risks, Threats, & Vulnerabilities|https://phoenixnap.com/blog/cloud-security-threats-and-risks]]|Best_Practices|
|>|>|>|!2019.01.10|
|2019.01.10|eSecurity Planet|[[7 Tips for Container and Kubernetes Security|https://www.esecurityplanet.com/applications/tips-for-container-and-kubernetes-security.html]]|Container Kubernetes|
|2019.01.10|Tech Target|[[What is a software-defined perimeter, and do I need it?|https://searchnetworking.techtarget.com/answer/What-is-a-software-defined-perimeter-and-do-I-need-it]]|Misc|
|2019.01.10|CBR Online|[[Azure Storage, Virtual Machines, API Apps Drop Offline in the South UK|https://www.cbronline.com/news/azure-uk-outage]]|Outage|
|2019.01.10|//DataPine//|[[10 Cloud Computing Risks & Challenges Businesses Are Facing In These Days|https://www.datapine.com/blog/cloud-computing-risks-and-challenges/]]|Risks Challenges|
|2019.01.10|//Divvy//|[[Securing Your Microsoft Azure Environment|https://divvycloud.com/blog/securing-microsoft-azure-environment/]]|Azure|
|2019.01.10|//BitDefender//|[[Hybrid Clouds Bring New Complexities - and Security Risks|https://businessinsights.bitdefender.com/hybrid-clouds-bring-new-complexities-and-security-risks]]|Misc|
|2019.01.10|//Aporeto//|[[Why Network Segmentation is Failing Your Cloud Application Security|https://www.aporeto.com/blog/network-segmentation-failing-cloud-application-security/]]|Architecture|
|2019.01.10|//Inovex//|[[Why You Should Test Your Kubernetes Network Policies|https://www.inovex.de/blog/test-kubernetes-network-policies/]]|K8s|
|>|>|>|!2019.01.09|
|2019.01.09|Dark Reading|[[Security at the Speed of DevOps: Maturity, Orchestration, and Detection|https://www.darkreading.com/vulnerabilities---threats/security-at-the-speed-of-devops-maturity-orchestration-and-detection/a/d-id/1333583]]|DevOps|
|2019.01.09|ContainerJournal|![[Effective Container Security Requires a Holistic View|https://containerjournal.com/2019/01/09/effective-container-security-requires-a-holistic-view/]]|Misc|
|2019.01.09|//Avanan//|[[Z-WASP Vulnerability Used to Phish Office 365 and ATP|https://www.avanan.com/resources/zwasp-microsoft-office-365-phishing-vulnerability]]|Misc|
|2019.01.09|//DLT//|[[Cloud Risk Report 2019: More Data Exposed, More Threats Events Detected|https://www.dlt.com/blog/2019/01/09/cloud-risk-report-2019-data-exposed-threats-events-detected]]|Report|
|2019.01.09|//DLT//| → McAfee's [[Cloud Adoption and Risk Report 2019|https://www.dlt.com/resources/cloud-adoption-and-risk-report-2019]] ([[pdf|https://www.dlt.com/sites/default/files/resource-attachments/2019-09/Cloud-Cloud-Adoption-%2526-Risk-Report-2019_0_13.pdf]])|Report|
|>|>|>|!2019.01.08|
|2019.01.08|HostingAdvice|[[Solving Tomorrow's Problems Today: How the Cloud Security Alliance is Furthering Best Practices in Cloud Computing|https://www.hostingadvice.com/blog/cloud-security-alliance-delivers-best-practices-in-cloud-computing/]]|Misc|
|2019.01.08|CloudTech|[[Four cloud security predictions for 2019: Containerisation, load balancers, and more|https://www.cloudcomputing-news.net/news/2019/jan/08/four-cloud-security-predictions-2019-containerisation-load-balancers-and-more/]]|Misc|
|2019.01.08|Security Boulevard|[[Moving to a Cloud Service? Don't Ditch Your Security Pros|https://securityboulevard.com/2019/01/moving-to-a-cloud-service-dont-ditch-your-security-pros/]]|Misc|
|2019.01.08|TechnoFAQ|[[How Cloud Computing and Data Protection Saves Your Business Data?|https://technofaq.org/posts/2019/01/how-cloud-computing-and-data-protection-saves-your-business-data/]]|Misc|
|2019.01.08|//LastLine//|[[Cloud Data Security - 5 Attacks to Watch for in 2019|https://www.lastline.com/blog/cloud-data-security-5-attacks-to-watch-for-in-2019/]]|Misc|
|>|>|>|!2019.01.07|
|2019.01.07|SecurityBoulevard|[[Adapting Security Response for Cloud Workloads|https://securityboulevard.com/2019/01/adapting-security-response-for-cloud-workloads/]]|Misc|
|2019.01.07|AWS Insider|[[2018 Ends with One More AWS Exposed Data Mishap|https://awsinsider.net/articles/2019/01/07/security-mishap.aspx]]|Misc|
|2019.01.07|carnal0wnage|![[Kubernetes: Master Post|http://carnal0wnage.attackresearch.com/2019/01/kubernetes-master-post.html]]|K8s Attacks|
|2019.01.07|//AlienVault//|[[Security Issues and Monitoring in AWS (2/4): Data Exfiltration in AWS|https://www.alienvault.com/blogs/security-essentials/data-exfiltration-in-aws-part-2-of-series]]|Misc|
|2019.01.07|//Tripwire//|![[60% of Organizations Suffered a Container Security Incident in 2018, Finds Study|https://www.tripwire.com/state-of-security/devops/organizations-container-security-incident/]] et le [[rapport (pdf)|https://www.tripwire.com/solutions/devops/tripwire-dimensional-research-state-of-container-security-report/]]|Rapport Containers|
|2019.01.07|//BusinessWire//|![[Tripwire Study: 60 Percent of Organizations Experienced Container Security Incidents in 2018|https://www.businesswire.com/news/home/20190107005045/en/Tripwire-Study-60-Percent-Organizations-Experienced-Container]]|Report containers|
|2019.01.07|//Threatpost//| → [[ThreatList: Container Security Lags Amidst DevOps Enthusiasm|https://threatpost.com/threatlist-container-security/140614/]]|Report|
|2019.01.07|//Gartner//|[[G00369275: Magic Quadrant for Cloud Management Platforms|https://www.gartner.com/doc/3897466]]|Report Manage|
|2019.01.07|//Gartner//|[[G00369278: Critical Capabilities for Cloud Management Platforms|https://www.gartner.com/doc/3897663/critical-capabilities-cloud-management-platforms]]|Report Manage|
|2019.02.22|Solutions Review| → [[2019 Gartner Critical Capabilities for Cloud Management Platforms: Key Takeaways|https://solutionsreview.com/cloud-platforms/2019-gartner-critical-capabilities-for-cloud-management-platforms-key-takeaways/]]|Misc|
|2019.01.07|//Outpost24//|[[Plan your journey towards a secure serverless future in three simple steps|https://outpost24.com/blog/Plan-your-journey-towards-a-secure-serverless-future-in-three-simple-steps]]|Serverless|
!"New Cloud Security Alliance Study Finds Cybersecurity Incidents and Misconceptions Both Increase as Critical ERP Systems Migrate to Clouds"
__D'après le communiqué de presse [[Cloud Security Alliance]] du 11 janvier 2019__ : [[lien|https://cloudsecurityalliance.org/articles/new-cloud-security-alliance-study-find-cybersecurity-incidents-and-misconceptions-both-increase-as-critical-erp-systems-migrate-to-the-cloud/]] [>img(200px,auto)[iCSA_/TheImpactOfCloudOnERP.png]]
''ERP critiques migrés dans le Cloud : attention aux incidents de sécurité et aux mauvaises interprétation et compréhension''
La [[Cloud Security Alliance]] a publié les résultats de la première étude sur les applications ERP (Enterprise Resource Planning) et l'adoption du cloud. Elle traite de la préparation et de la migration vers le Cloud, des caractéristiques et des avantages obtenus, ainsi que des défis en matière de sécurité et de la confidentialité des systèmes ERP dans un environnement Cloud.
Selon l'étude :
* 69% des entreprises migrent les données des principales applications ERP vers le Cloud
* près de 90% des entreprises déclarent que ces applications sont essentielles pour l'entreprise
* plus de 50% des personnes interrogées s'attendent à une augmentation des incidents de sécurité dans le Cloud en 2019
En s'appuyant sur les trois principales préoccupations en matière de migration (le déplacement des données sensibles, le suivi de la sécurité et de la conformité), l'étude révèle que les attaquants évoluent eux aussi.
Toutefois, plusieurs idées fausses émergent :
* Si 60% des personnes interrogées affirment que le fournisseur de services Cloud est responsable en cas de problème de sécurité, 77% considèrent qu'il incombe à l'entreprise elle-même de sécuriser ses applications ERP.
* Les tiers sont les moins tenus de rendre des comptes et de rendre des comptes.
* Cet écart de perception montre que les entreprises doivent s'approprier davantage leurs applications critiques tout en les migrant vers le cloud.
Pour John Yeoh, directeur de l'étude pour le ''CSA'', "//l'écosystème de l'informatique dans le Cloud évolue rapidement et les applications critiques, telles que les solutions ERP, sont déplacées vers des environnements Cloud. Avec ce changement, les entreprises commencent à explorer la question de savoir si un environnement Cloud pourrait atténuer les défis traditionnels auxquels sont normalement confrontées les applications critiques. [...] Comme le passage au cloud soulève ses propres défis en matière de sécurité et de protection de la vie privée, nous voulions fournir quelques points de repère concernant la myriade de questions entourant la migration et la sécurité dans le cloud.//"
Pour Juan Pablo Perez-Etchegoyen, responsable du groupe de travail "ERP Security" de la ''CSA'', "//dans toute migration dans le Cloud, quel que soit le fournisseur, la sécurité doit être mise en oeuvre dès le début et en plusieurs phases tout au long du projet. Les entreprises sont préoccupées par le transfert de données sensibles d'un environnement à l'autre, puis par les implications en matière de sécurité et de conformité qui découlent de cette migration. Nos études ont démontré que la mise en oeuvre de la sécurité à chaque étape de la migration pourrait permettre aux clients d'économiser plus de cinq fois leurs coûts de mise en oeuvre//".
Parmi les autres principaux résultats de l'étude :
* On a plus tendance à migrer les applications critiques vers le cloud dans les zones Amérique (73%) et APAC (73%) que les pays de l'EMEA, où des réglementations telles que le RGPD ont eu une incidence sur les services cloud et les politiques des tiers.
* Les entreprises prennent des mesures supplémentaires pour protéger leurs applications ERP dans le cloud, notamment des contrôles d'identité et d'accès (68%), des pare-feux (63%) et des évaluations de sécurité (62%).
* Les modèles sur site ou //on-premise// (61%) sont les plus retenus, suivis du SaaS (41%), du IaaaS (23%) puis du PaaS (17%).
* Parmi les avantages du passage au Cloud Computing, sont cités : l'évolutivité avec les nouvelles technologies (65%), la réduction du coût de possession (61%) et les correctifs de sécurité et les mises à jour par le fournisseur (49%).
* A l'inverse, les obstacles cités sont : le transfert de données sensibles (65%), la sécurité (59%) et les problèmes de conformité (54%).
Cette étude est sponsorisée par la société ''Onapsis'', mais a été réalisée en toute neutralité comme le sont toujours les études de la ''CSA''. Elle est basée sur les interviews de 199 managers, cadres dirigeants et collaborateurs d'entreprises américaines (49%), APAC (26%) et EMEA (25%).
Liens sur le site de la [[Cloud Security Alliance]] :
* Le communiqué de presse ⇒ ''[[CloudSecurityAlliance.fr/go/j1ic/|https://cloudsecurityalliance.fr/go/j1bc/]]''
* Le formulaire de téléchargement de l'étude ⇒ ''[[CloudSecurityAlliance.fr/go/j1it/|https://cloudsecurityalliance.fr/go/j1bt/]]''
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2019.01.06|
|2019.01.06|//Microsoft//|[[Contextualizing Attacker Activity within Sessions in Exchange Online|https://blogs.technet.microsoft.com/exchange/2019/01/04/contextualizing-attacker-activity-within-sessions-in-exchange-online/]]|Detect|
|2019.01.06|Redmond Channel|[[Microsoft Adds Attack-Detection Capability to Exchange Online|https://rcpmag.com/articles/2019/01/07/attack-detection-exchange-online.aspx]]|Detect|
|>|>|>|!2019.01.04|
|2019.01.04|Security Boulevard|[[Kick-start your cloud security: your complete guide to cybersecurity|https://securityboulevard.com/2019/01/kick-start-your-cloud-security-your-complete-guide-to-cybersecurity/]]|Misc|
|2019.01.04|Security Boulevard|[[E-Discovery in Cloud Initiating New Compliance and Security Issues|https://securityboulevard.com/2019/01/adapting-security-response-for-cloud-workloads/]]|eDiscovery|
|2019.01.04|Security Boulevard|[[E-Discovery in Cloud: Security Issue and Compliance Gaps|https://securityboulevard.com/2019/01/e-discovery-in-cloud-security-issue-and-compliance-gaps/]]|eDiscovery|
|>|>|>|!2019.01.03|
|2019.01.03|Rainbowtabl.es|[[S3 Leak: 3,000 Permanent Account Number (PAN) cards and National ID (Aadhaar) cards from India|https://rainbowtabl.es/2019/01/03/s3-leak-pan-cards-national-ids-india/]]|DataLeak S3|
|2019.01.03|Tech Republic|[[Security is the no. 1 IT barrier to cloud and SaaS adoption|https://www.techrepublic.com/article/security-is-the-no-1-it-barrier-to-cloud-and-saas-adoption/]]|Misc|
|2019.01.03|//ParkMycloud//|[[$14.1 Billion in Cloud Spending to be Wasted in 2019|https://www.parkmycloud.com/blog/cloud-spending/]]|Misc|
|2019.01.03|//ThreatStack//|[[Docker Security Tips & Best Practices|https://www.threatstack.com/blog/docker-security-tips-best-practices]]|Misc|
|>|>|>|!2019.01.02|
|2019.01.02|Cloud Magazine[>img[iCSF/flag_fr.png]]|[[Nouvelles priorités en matière de cybersécurité La sécurité du cloud deviendra rapidement la priorité n°1 des responsables informatiques|https://www.cloudmagazine.fr/actualites/nouvelles-priorites-en-matiere-de-cybersecurite-la-securite-du-cloud-deviendra-rapidement-la-7700]]|Misc|
|2019.01.02|KrebsOnSecurity|![[Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack|https://krebsonsecurity.com/2019/01/cloud-hosting-provider-dataresolution-net-battling-christmas-eve-ransomware-attack/]]|Attacks Ransomware Ryuk|
|2019.01.04|Info Security Newspaper| → [[Cloud service provider's servers infected with ransomware|https://www.securitynewspaper.com/2019/01/04/cloud-service-providers-servers-infected-with-ransomware/]]|Attacks|
|2019.01.04|SecurityWeek| → [[Ransomware Attack Against Hosting Provider Confirms MSPs Are Prime Targets|https://www.securityweek.com/ransomware-attack-against-hosting-provider-confirms-msps-are-prime-targets]]|Attacks|
|2019.01.08|MalwareBytes| → [[Ryuk ransomware attacks businesses over the holidays|https://blog.malwarebytes.com/cybercrime/malware/2019/01/ryuk-ransomware-attacks-businesses-over-the-holidays/]]|Attacks|
|2019.01.02|ContainerJournal|[[Using Crypto Anchors to Thwart Container Security Breaches|https://containerjournal.com/2019/01/02/using-crypto-anchors-to-thwart-container-security-breaches/]]|Misc|
|2019.01.02|CBR Online|[[Containers, Culture, and Real Digital Transformation Goals|https://www.cbronline.com/opinion/containerisation-digital-transformation]]|Misc|
|2019.01.02|//Infosec Island//|[[2019, The Year Ahead in Cloud Security|http://www.infosecisland.com/blogview/25151-2019-The-Year-Ahead-in-Cloud-Security.html]]|Cloud Misc.|
|2019.01.02|//Cloud Management Insider//|[[AWS Security Audit and Best Practices|https://www.cloudmanagementinsider.com/aws-security-audit-and-best-practices/]]|AWS Best_Practices|
|2019.01.02|//MacAfee//|[[Cloud Computing Security Risks Breakdown|https://www.skyhighnetworks.com/cloud-security-blog/cloud-computing-security-risks-breakdown/]] ([[rapport|https://info.skyhighnetworks.com/WPCloudAdoptionRiskReport2019_BannerCloud-MFE.html]])|Report Risks|
|2019.01.02|//phoenixNAP//|[[Cloud Storage Security: How Secure is Your Data in The Cloud?|https://phoenixnap.com/blog/cloud-storage-security]]|Storage|
|>|>|>|!2019.01.01|
|2019.01.01|Network Computing|[[7 out of 10 businesses moving more to the cloud despite security fears|http://www.btc.co.uk/Articles/index.php?mag=Networking&page=compDetails&link=9333]]|Misc|
|2019.01.01|Denny Zhang|[[Docker Free CheatSheet|https://cheatsheet.dennyzhang.com/cheatsheet-docker-a4]]|
|2019.01.01|Denny Zhang|[[GCP Cheatsheet|https://cheatsheet.dennyzhang.com/cheatsheet-gcp-a4]]|
|2019.01.01|Denny Zhang|[[Kubectl Kubernetes Free CheatSheet|https://cheatsheet.dennyzhang.com/cheatsheet-kubernetes-A4]]|K8s|
|2019.01.01|Denny Zhang|[[Kubernetes Yaml Templates|https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates]]|
|2019.01.01|Denny Zhang|[[OpenShift Cheatsheet|https://cheatsheet.dennyzhang.com/cheatsheet-openshift-a4]]|
!Publication : "Guideline on Effectively Managing Security Service in the Cloud"
__Extrait :__[>img(200px,auto)[iCSA_/goemssitc.png]]
<<<
//Sur la base du modèle de la responsabilité partagée en matière de sécurité, les responsabilités spécifiques en matière de sécurité sont réparties entre le fournisseur de services dans le Cloud et le client pour les différentes architectures IaaS, PaaS et SaaS. Le cas échéant, les prestataires de services de sécurité dans le Cloud (SECaaS) sont aussi concernés.
Pour chaque type de responsabilités en matière de sécurité, une plusieurs fonctions ou fonctionnalités de sécurité sont définis pour la prendre en charge.
Ce document fournit des conseils sur la façon de remplir les contrôles Cloud (basés sur la [[CCM|Cloud Controls Matrix]]) en utilisant des produits de sécurité tiers et des services.
L'annexe A présente une étude de cas à l'aide d'exemples de produits ou de services disponibles (sans toutefois mentionner de fournisseurs) afin d'illustrer des exemples concrets.//
Le plan du document de 53 pages est le suivant :
# Synthèse
# //Security Role and Responsibility of CSPs, Security Service Providers, and Cloud Customers//
** //Shared Security Responsibility Model//
** //Common Security Responsibilities of CSPs and Cloud Customers//
** //IaaS//, //PaaS//, //SaaS//
** //Roles of Third-Party Security Service Providers//
# //Technical Requirements and Implementation Guide of Cloud Security Assurance Capabilities//
** //Responsibility Division of Security Technologies in Different Cloud Service Modes//
** //Security Technology Requirements and Implementation Measures for Cloud Service Systems//
** //Security Assurance Capabilities Offered by Third-Party Security Service Providers//
# Annexe A : //Building a Secure B2B Cloud Solution - A Case Study//
** //Requirement Analysis and Key Assumptions//
** //Cloud Security Solution Design//
<<<
__Lien :__
* Page de téléchargement → https://cloudsecurityalliance.org/artifacts/guideline-on-effectively-managing-security-service-in-the-cloud/
!1er janvier 2019 : Editorial
L'année calendaire qui s'ouvre verra le renouveau du chapitre français de la [[Cloud Security Alliance]].
!!Bilan 2018
En 2018, le chapitre français a participé :
* en mars : à la "Cloud Expo Europe" et plus particulièrement au cycle de conférence "Forum Securité@Cloud",
* en novembre : à la "Cloud Computing World Expo" et plus particulièrement au cycle de conférence associé avec une présentation et une animation d'une table ronde
* à plusieurs groupes de travail de la [[Cloud Security Alliance]],
* à la poursuite des actions de formation dans le cadre du Mastère Spécialisé "Cloud Computing" de l'ISEP Formation Continue
* au lancement, à l'animation et à des formations dans le cadre du Mastère Spécialisé "Cyber Sécurité" de l'ISEP Formation Continue
!!Prévisions 2019
Pour 2019, Il y a déjà 3 dates à retenir :
* ''20 et 21 mars'' : "Cloud Computing World Expo" à Paris, Porte de Versailles.
** Pour en savoir plus : ''[[CloudSecurityAlliance.fr/go/j113/|https://cloudsecurityalliance.fr/go/j113/]]''
** Inscription : ''[[CloudSecurityAlliance.fr/go/j2bs/|https://cloudsecurityalliance.fr/go/j2bs/]]''
* ''18 au 21 novembre'' : "CSA EMEA Congress" à Berlin.
** Pour en savoir plus : ''[[CloudSecurityAlliance.fr/go/j11B/|https://cloudsecurityalliance.fr/go/j11B/]]''
* ''27 et 28 novembre'' : "Cloud Expo Europe" à Paris, Porte de Versailles.
** Pour en savoir plus : ''[[CloudSecurityAlliance.fr/go/j12B/|https://cloudsecurityalliance.fr/go/j12B/]]''
D'ors et déjà 2 actions sont prévues :
* La poursuite des actions d'animation et de formation dans les Mastères Spécialisés "Cloud Computing" et "Cyber Sécurité" dans le cadre de l'ISEP Formation Continue
* La réalisation d'un événement "Sécurité du Cloud" organisé par le [[Chapitre Français]] de la [[Cloud Security Alliance]]
Si vous souhaitez participer au renouveau du [[Chapitre Français]], ou simplement découvrir les travaux de la [[Cloud Security Alliance]], contactez nous par [[email|Contact]], ou via [[LinkedIn|https://www.linkedin.com/groups/3758242]].<<tiddler [[arOund0C]]>>
!"//Security Risks and Continuous Development Drive Push for DevSecOps//"
[>img(150px,auto)[iCSA_/Dev-Drive-Push.jpg]]
^^Bien que publié le 31 janvier 2019 sur le blog de la CSA, cet article l'a déjà été il y a __plus de 2 mois__, le 20 novembre 2018 sur le site de Symantec.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2019/01/31/continuous-development-drive-push-devsecops/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.symantec.com/blogs/feature-stories/security-risks-and-continuous-development-drive-push-devsecops]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler fAll2Tabs7 with: _Veille18>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Année 2018]]>><<tiddler fAll2Tabs with: _Blog18>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201812>>
|!Décembre|!Sources|!Titres et Liens|!Types|
|2018.12.05|//Threatpost//|[[Kubernetes Flaw is a "Huge Deal," Lays Open Cloud Deployments|https://threatpost.com/kubernetes-flaw-is-a-huge-deal-lays-open-cloud-deployments/139636/]]|K8s|
<<tiddler .ReplaceTiddlerTitle with: [[Alertes et Vulnérabilités - Décembre 2018]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Décembre 2018]]>><<tiddler fAll2LiTabs13end with: Actu","201812>>
<<tiddler fAll2LiTabs13end with: Blog","201812>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Décembre 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201812>>
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|2018.12.28|Dark Reading|[[Start Preparing Now for the Post-Quantum Future|https://www.darkreading.com/perimeter/start-preparing-now-for-the-post-quantum-future/a/d-id/1333517]]|Misc|
|2018.12.28|ContainerJournal|[[Best of 2018: Top 9 Kubernetes Settings You Should Check to Optimize Security|https://containerjournal.com/2018/12/28/top-9-kubernetes-settings-you-should-check-to-optimize-security/]]|Misc|
|2018.12.27|Global Security Mag[>img[iCSF/flag_fr.png]]|[[La disponibilité est un outil essentiel pour les fournisseurs de services cloud|https://www.globalsecuritymag.fr/La-disponibilite-est-un-outil,20181227,83147.html]]|Misc|
|2018.12.27|//Cyware//|[[Hackers using Google Cloud to hack into banks and financial firms in the US and UK |https://cyware.com/news/hackers-using-google-cloud-to-hack-into-banks-and-financial-firms-in-the-us-and-uk-c93f8542/]]|Misc|
|2018.12.27|BetaNews|[[The elements of cybersecurity hygiene and secure networks (2/2)|https://betanews.com/2018/12/27/the-elements-of-cybersecurity-hygiene-and-secure-networks-part-2/]]|Misc|
|2018.12.26|Acumin|[[12 Days of Christmas- Day 2 - Top LinkedIn Groups for Cyber Security|https://www.acumin.co.uk/news/12-days-of-christmas-day-2-top-linkedin-groups-for-cyber-security/4992/]]|Misc|
|2018.12.25|Thilina Manamgoda|[[Centralized logging in Kubernetes|https://medium.com/@maanadev/centralized-logging-in-kubernetes-d5a21ae10c6e]]|K8s Logging|
|2018.12.23|Marteen Goet|[[Hunting down crypto miners on Linux using Microsoft's Azure Security Center|https://medium.com/@maarten.goet/hunting-down-crypto-miners-on-linux-using-microsofts-azure-security-center-10eab96078d4]]|CryptoMining Hunting|
|2018.12.21|Bleeping Computer|[[Historic APT10 Cyber Espionage Group Breached Systems in Over 12 Countries|https://www.bleepingcomputer.com/news/security/historic-apt10-cyber-espionage-group-breached-systems-in-over-12-countries/]]|Attacks APT|
|2018.12.21|ZDnet[>img[iCSF/flag_fr.png]]|[[Un quart des données des entreprise désormais dans le cloud|https://www.zdnet.fr/actualites/un-quart-des-donnees-des-entreprise-desormais-dans-le-cloud-39878421.htm]]|Report|
|2018.12.21|//Lacework//|[[Is Your Cloud Giving or Receiving This Holiday Season?|https://www.lacework.com/cloud-security-holiday/]]|Misc|
|2018.12.20|CBR Online|[[Cloud Predictions: What Industry Thinks for 2019|https://www.cbronline.com/opinion/industry-cloud-predictions]]|Predictions|
|2018.12.20|Wired|[[How China's Elite Hackers Stole the World's Most Valuable Secrets|https://www.wired.com/story/doj-indictment-chinese-hackers-apt10/]]|Attacks APT|
|2018.12.20|//Lacework//|[[My Mom is Sick and Tired of Your Weak S3 Bucket Policies|https://www.lacework.com/my-mom-is-sick-and-tired-of-your-weak-s3-bucket-policies/]]|Misc|
|>|!|>||
|2018.12.19|Globb Security[>img[iCSF/flag_fr.png]]|[[Voici les tendances de la cybersécurité en 2019|http://globbsecurity.fr/voici-les-tendances-la-cybersecurite-2019-45011/]]|Misc|
|2018.12.19|SecurityWeek|[[Cybercriminals Host Malicious Payloads on Google Cloud Storage|https://www.securityweek.com/cybercriminals-host-malicious-payloads-google-cloud-storage]]|Misc|
|2018.12.19|TechRepublic|[[Attackers are using cloud services to mask attack origin and build false trust|https://www.techrepublic.com/article/attackers-are-using-cloud-services-to-mask-attack-origin-and-build-false-trust/]]|Misc|
|2018.12.19|Infosec Institute|[[Deep Packet Inspection in the Cloud|https://resources.infosecinstitute.com/deep-packet-inspection-in-the-cloud/]]|Misc|
|2018.12.19|ZDnet|[[This business email scam spreads Trojans through Google Cloud storage|https://www.zdnet.com/article/this-business-email-scam-spreads-trojans-through-google-cloud-storage/]]|Attacks|
|2018.12.19|//Menlo Security//|[[A "JAR" Full of Problems for Financial Services Companies|https://www.menlosecurity.com/blog/a-jar-full-of-problems-for-financial-services-companies]]|Misc|
|2019.12.27|GBHackers| → [[Hackers Host Malicious payloads on Google Cloud Storage to Bypass Security System|https://gbhackers.com/google-cloud-storage/]]|Attcks GCP|
|2019.12.19|//Security Intelligence (IBM)//|[[Enterprise Security: Cloud-y With a Chance of Data Breaches|https://securityintelligence.com/cloud-security-with-a-chance-of-data-breaches/]]|DataLeak Monitor|
|2018.12.19|//Google Cloud//|[[Exploring container security: Let Google do the patching with new managed base images|https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-let-google-do-the-patching-with-new-managed-base-images]]|Misc|
|2018.12.19|//Netskope//|[[Top 6 Questions to Ask Your Cloud DLP Vendor: Protecting Sensitive|https://www.netskope.com/blog/cloud-dlp-vendor-question-1-sensitive-data]]|Misc|
|2018.12.19|//Sensu//|[[Monitoring Kubernetes, part 1: the challenges + data sources|https://blog.sensu.io/monitoring-kubernetes-part-1-the-challenges-data-sources]]|K8s Docker Monitoring|
|2018.12.18|CoinDesk|[[Amazon Plays Its Own Game with Enterprise Blockchain|https://www.coindesk.com/amazon-plays-its-own-game-with-enterprise-blockchain]]|Misc|
|2018.12.18|Help Net Security|[[Warding off security vulnerabilities with centralized data|https://www.helpnetsecurity.com/2018/12/18/warding-off-security-vulnerabilities/]] (2/3)|Misc|
|2018.12.18|//Puresec//|[[OWASP 'ServerlessGoat': A Vulnerable Demo Serverless Application|https://www.puresec.io/blog/serverless-goat-launch]]|Serveless Test|
|2018.12.18|//Appriver//|[[Wanted: Your Office 365 Credentials|https://blog.appriver.com/phishing-attacks-want-your-credentials]]|Phishing O365|
|2018.12.18|Chris hare|[[A 5 Minute Overview of AWS Security Hub|https://medium.com/@labrlearning/a-5-minute-overview-of-aws-security-hub-34ee56adf1a5]] ([[podcast|https://s3.amazonaws.com/labrlearningweb/podcasts/Medium-aws-security-hub-12-17-18.mp3]])|AWS Security_Hub|
|2018.12.17|//Microsoft//|![[Step 2. Manage authentication and safeguard access: top 10 actions to secure your environment|https://www.microsoft.com/security/blog/2018/12/17/step-2-manage-authentication-and-safeguard-access-top-10-actions-to-secure-your-environment/]] (2/4)|AzureAD O365|
|2018.12.17|//Summit Route//|![[flAWS 2 challenge|https://summitroute.com/blog/2018/12/07/flaws2/]]|Misc|
|2018.12.17|//StackRox//|[[6 Container Security Best Practices You Should Be Following|https://www.stackrox.com/post/2018/12/6-container-security-best-practices-you-should-be-following/]]|Misc|
|2018.12.15|Journal (IJACSA)|[[A Secure Cloud Computing Architecture Using Homomorphic Encryption|https://thesai.org/Downloads/Volume7No2/Paper_41-A_Secure_Cloud_Computing_Architecture_Using_Homomorphic_Encryption.pdf]]|Homomorphic_Encryption|
|2018.12.14|//AWS//|[[Best Practices for Securing Amazon EMR|https://aws.amazon.com/blogs/big-data/best-practices-for-securing-amazon-emr/]]|Bet_Pratices AWS_EMR|
|2018.12.14|//MicroFocus//|[[4 hybrid-cloud security challenges and how to overcome them|https://techbeacon.com/security/4-hybrid-cloud-security-challenges-how-overcome-them]]|Hybrid_Cloud|
|2018.12.14|//Threat Stack//|![[What is Cloud Workload Security?|https://www.threatstack.com/blog/what-is-cloud-workload-security]]|Misc|
|2018.12.14|Inverse|[[Tech Predictions 2019: Microsoft's xCloud Blows Away PlayStation Now|https://www.inverse.com/article/51636-microsoft-s-xcloud-launches-and-it-blows-away-playstation-now]]|Prediction|
|2018.12.14|//Cyren//|![[Office 365 Top Brand Targeted by Phishing Kits in 2018|https://www.cyren.com/blog/articles/phishing-as-a-service-comes-of-age]]|Attacks|
|2018.12.21|SecurityWeek| → [[Office 365, Outlook Credentials Most Targeted by Phishing Kits|https://www.securityweek.com/office-365-outlook-credentials-most-targeted-phishing-kits]]|Attacks|
|2018.12.13|SANS Handlers Diary|![[Phishing Attack Through Non-Delivery Notification|https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/]]|O365 Phishing|
|2018.12.17|//Tripwire//| → [[Office 365 Phishing Attack Using Fake Non-Delivery Notifications|https://www.tripwire.com/state-of-security/security-awareness/office-365-phishing-attack-using-fake-non-delivery-notifications/]]|O365 Phishing|
|2018.12.13|SANS Handlers Diary|![[Phishing Attack Through Non-Delivery Notification|https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/]] |O365 Phishing|
|2018.12.13|//Fugue//|[[Automated Remediation for Cloud Misconfiguration: Three Different Approaches|https://www.fugue.co/blog/automated-remediation-for-cloud-misconfiguration-three-different-approaches]]|Best_Practices|
|2018.12.13|//Security Intelligence (IBM)//|[[Overcoming the Cloud Security Compliance Conundrum|https://securityintelligence.com/overcoming-the-cloud-security-compliance-conundrum/]]|Misc|
|2018.12.13|//UpGuard//|[[Black Box, Red Disk: How Top Secret NSA and Army Data Leaked Online|https://www.upguard.com/breaches/cloud-leak-inscom]]|Misc|
|2018.12.13|//Zscaler//|[[2019 Will See Cybercriminals Eye Opportunities in Cryptocurrency and IoT to Launch Their Attacks|https://www.zscaler.com/blogs/research/2019-will-see-cybercriminals-eye-opportunities-cryptocurrency-and-iot-launch-their-attacks]]|Predictions|
|2018.12.12|TheStreet|[[How Microsoft Got Its Groove Back, Surpassing Apple and Amazon in Market Cap|https://www.thestreet.com/technology/microsoft-most-valuable-public-company-again-14807944]]|Misc|
|2018.12.12|BetaNews|[[The elements of cybersecurity hygiene and secure networks (1/2)|https://betanews.com/2018/12/12/elements-of-cybersecurity-hygienethe-fundamentals-of-network-security/]]|Misc|
|2018.12.12|//Security Intelligence (IBM)//|[[Continuous Compliance Eases Cloud Adoption for Financial Services Firms|https://securityintelligence.com/continuous-compliance-eases-cloud-adoption-for-financial-services-firms/]]|Misc|
|2018.12.12|//Aporeto//|[[Key Security Concerns for a Kubernetes Deployment|https://www.aporeto.com/blog/key-security-concerns-for-a-kubernetes-deployment/]]|K8s|
|2018.12.12|//Aqua Security//|[[Impressions from KubeSec, The First Enterprise Kubernetes Security Summit|https://blog.aquasec.com/kubesec-enterprise-kubernetes-security-summit]]|K8s Conference|
|2018.12.12|//CyberArk//|[[Securing Kubernetes Clusters by Eliminating Risky Permissions|https://www.cyberark.com/threat-research-blog/securing-kubernetes-clusters-by-eliminating-risky-permissions/]]|K8s Hardening|
|2019.12.11|Dark Reading|[[49% of Cloud Databases Left Unencrypted|https://www.darkreading.com/perimeter/49--of-cloud-databases-left-unencrypted/d/d-id/1333462]]|Misc|
|2018.12.11|//Palo Alto//|[[CSPM: A new class of security tools|https://www.armor.com/blog/cspm-a-new-class-of-security-tools/]]|Management CSPM|
|2018.12.11|//Palo Alto//|![[Unit 42 Cloud Security Trends and Tips|https://unit42.paloaltonetworks.com/unit-42-cloud-security-trends-tips/]]|Misc|
|2018.12.11|ContainerJournal|[[The Ultimate Guide to Container Security|https://containerjournal.com/2018/12/11/the-ultimate-guide-to-container-security/]]|Misc|
|2018.12.11|Medium|![[Securing your Azure environment: what can we learn from the Marriott hack?|https://medium.com/@maarten.goet/securing-your-azure-environment-what-can-we-learn-from-the-marriott-hack-64707eb9b020]]|Misc|
|2018.12.11|SANS|[[Protecting Data To, From and In the Cloud|https://www.sans.org/reading-room/whitepapers/analyst/protecting-data-to-cloud-38725]]|Analysis Misc.|
|2018.12.11|//Palo Alto Networks//|[[Unit 42 Cloud Security Trends and Tips|https://researchcenter.paloaltonetworks.com/2018/12/unit-42-cloud-security-trends-tips/]]|Trends Tips|
|2018.12.10|//Alcide//|[[How to Improve Your Kubernetes Security?|https://blog.alcide.io/kubernetes-security]]|Misc|
|2019.12.10|//FireEye//|[[Take Control of Cloud-Based Email Security with Smart Custom Rules|https://www.fireeye.com/blog/products-and-services/2018/12/take-control-of-cloud-based-email-security-with-smart-custom-rules.html]]|Protect|
|2019.12.10|//Microsoft//|[[Updates to Azure AD Terms of Use functionality within conditional access|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Updates-to-Azure-AD-Terms-of-Use-functionality-within/ba-p/294822]]|Active_Directory|
|2018.12.10|//Google Cloud//|[[Exploring container security: How containers enable passive patching and a better model for supply chain security|https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-how-containers-enable-passive-patching-and-a-better-model-for-supply-chain-security]]|Misc|
|2018.12.10|//Google Cloud//|[[Exploring container security: This year, it's all about security. Again|https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-this-year-its-all-about-security-again]]|Misc|
|>|!|>||
|2018.12.09|Forbes|[[IOT & VPN Trends To Look Forward To In 2019 For Both Enterprises & Average Web Users|https://www.forbes.com/sites/maciejduraj/2018/12/09/iot-vpn-trends-to-look-forward-to-in-2019-for-both-enterprises-average-web-users/#7dc99d6d6e92]]|Misc|
|2018.12.07|Globb Security[>img[iCSF/flag_fr.png]]|[[Sécurité Cloud: voici les 12 menaces à ne pas oublier|http://globbsecurity.fr/securite-cloud-voici-les-12-menaces-ne-pas-oublier-44635/]]|Misc|
|2018.12.07|University South Wales|!Thèse : [[An evidence-based cloud incident handling framework (pdf)|https://pdfs.semanticscholar.org/4dbc/ba11b07a3144af8e7caaf2e9094c16e0712f.pdf]]|Incident_Handling|
|2018.12.07|//Coalfire//|[[Kubernetes Vulnerability: What You Can and Should Do to Protect Your Enterprise|https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do?feed=blogs]]|K8s|
|2018.12.07|//CyberArk Conjur//|[[Security Islands - What are they, and how can you avoid them?|https://www.conjur.org/blog/security-islands/]]|Architecture|
|2018.12.06|AWS Insider|[[New AWS Security Hub Shows Alerts, Compliance Info|https://awsinsider.net/articles/2018/12/06/security-hub.aspx]]|Misc|
|2018.12.06|Federal News Network|[[Cloud security and lessons from private sector|https://federalnewsnetwork.com/cyber-chat/2018/12/cloud-security-and-lessons-from-private-sector/]]|Misc|
|2018.12.06|//Backblaze//|[[Breaking the Cycle of Archive Migrations With B2 Cloud Storage|https://www.backblaze.com/blog/cloud-data-archiving/]]|Misc|
|2018.12.06|//McAfee//|[[Extending Security to the Public Cloud is the Easy Part|https://securingtomorrow.mcafee.com/business/extending-security-to-the-public-cloud-is-the-easy-part/]]|Misc|
|2018.12.05|//Microsoft//|[[Azure Container Service Will Retire on January 31, 2020|https://azure.microsoft.com/en-us/updates/azure-container-service-will-retire-on-january-31-2020/]]|Azure Container|
|2018.12.14|Recdmond Channel| → [[Microsoft Dropping Azure Container Service in 2020|https://rcpmag.com/articles/2018/12/14/microsoft-dropping-azure-container-service.aspx]]|Azure Container|
|2018.12.05|Enterprise Storage|![[Enterprise Cloud Storage Market: Key Drivers|https://www.enterprisestorageforum.com/storage-management/enterprise-cloud-storage-market.html]]|Storage|
|2018.12.05|CBR Online|[[Google to Amazon: We'll See Your Security Hub and Raise You a Command Centre|https://www.cbronline.com/news/google-cloud-security]]|Misc|
|2018.12.05|//Google Cloud//|[[Cloud Security Command Center is now in beta and ready to use|https://cloud.google.com/blog/products/identity-security/cloud-security-command-center-is-now-in-beta]]|GCP Monitor|
|2018.12.05|//Alcide//|[[The Evolution of Serverless (1/2): From Containers to Functions|https://blog.alcide.io/the-evolution-of-serverless-from-microservices-to-containers-to-functions-part-1-0]]|Misc|
|2018.12.05|//Microsoft//|![[Step 1. Identify users: top 10 actions to secure your environment|https://www.microsoft.com/security/blog/2018/12/05/step-1-identify-users-top-10-actions-to-secure-your-environment/]] (1/4)|AzureAD O365|
|2018.12.04|Kubernetes|[[CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections #71411|https://github.com/kubernetes/kubernetes/issues/71411]]|K8s Vulns CVE-2018-1002105|
|2018.12.04|Techerati| → [[Kubernetes security flaw allows hackers to infiltrate backend servers|https://techerati.com/the-stack-archive/cloud/2018/12/04/kubernetes-security-flaw-allows-hackers-to-infiltrate-backend-servers/]]|K8s Vulns CVE-2018-1002105|
|2018.12.04|//Rancher Labs//| → [[The Story of the First Kubernetes Critical CVE|https://rancher.com/blog/2018/2018-12-04-k8s-cve/]]|K8s Vulns CVE-2018-1002105|
|2018.12.05|//Tenable//| → [[Kubernetes Privilege Escalation Vulnerability Publicly Disclosed (CVE-2018-1002105)|https://www.tenable.com/blog/kubernetes-privilege-escalation-vulnerability-publicly-disclosed-cve-2018-1002105]]|K8s Vulns CVE-2018-1002105|
|2018.12.05|//Threatpost//| → [[Kubernetes Flaw is a "Huge Deal," Lays Open Cloud Deployments|https://threatpost.com/kubernetes-flaw-is-a-huge-deal-lays-open-cloud-deployments/139636/]]|K8s Vulns CVE-2018-1002105|
|2018.12.14|//Aqua Security//| → [[Severe Privilege Escalation Vulnerability in Kubernetes (CVE-2018-1002105)|https://blog.aquasec.com/kubernetes-security-cve-2018-1002105]]|K8s Vulns CVE-2018-1002105|
|2018.12.14|//Lacework//| → [[Kubernetes CVE-2018-1002105|https://www.lacework.com/kubernetes-vulnerability/]]|K8s Vulns CVE-2018-1002105|
|2018.12.04|//BitDefender//|[[2018 Sees API Breaches Surge With No Relief in Sight|https://businessinsights.bitdefender.com/2018-sees-api-breaches-surge-with-no-relief-in-sight]]|APIs Data_Leak|
|2018.12.04|//Backblaze//|[[LTO Versus Cloud Storage Costs - the Math Revealed|https://www.backblaze.com/blog/lto-versus-cloud-storage/]] ([[tableur|https://f001.backblazeb2.com/file/Backblaze_Blog/Backblaze-LTO-Calculator-Public-Nov2018.xlsx]])|Misc|
|2018.12.04|//Portworx//|[[2018 Annual Container Adoption Survey (pdf)|https://portworx.com/wp-content/uploads/2018/12/Portworx-Container-Adoption-Survey-Report-2018.pdf]]|Misc|
|2018.12.03|SecurityWeek| → [[Elasticsearch Instances Expose Data of 82 Million U.S. Users|https://www.securityweek.com/elasticsearch-instances-expose-data-82-million-us-users]]|Misc|
|2018.12.04|//Aqua Security//|![[Top Docker Security Best Practices|https://blog.aquasec.com/docker-security-best-practices]]|Docker Best_Practices|
|2018.12.04|//Fugue//|[[Why the Time Has Come to Address Cloud Misconfiguration with Automated Remediation|https://www.fugue.co/blog/why-the-time-has-come-to-address-cloud-misconfiguration-with-automated-remediation]]|Best_Practices|
|2018.12.03|HSJ|[[Supplier faces 'big penalties' after huge NHS email shutdown|https://www.hsj.co.uk/technology-and-innovation/exclusive-supplier-faces-big-penalties-after-huge-nhs-email-shutdown/7023950.article]]|Outage|
|2018.12.04|HSJ| → [[NHS Email Suffers Complete Outage: Accenture Facing Heavy Fines|https://www.cbronline.com/news/nhs-email-outage]]|Outage|
!"//Addressing the Skills Gap in Cloud Security Professionals//"
[>img(150px,auto)[iCSA_/ccsk-target.jpg]]Article de blog publié le 17 décembre 2018 — Rédigé par Ryan Bergsma, Training Program Director, CSA
<<<
__''Remédier au manque de compétences des professionnels de la sécurité dans le Cloud''__
//L'une des leçons de mathématiques dont je me souviens toujours depuis mon enfance, est que si vous preniez un pièce et que la doubliez chaque jour pendant un mois, vous seriez millionnaire. Le calcul montre même que cela ne prendrait même pas un mois, mais 28 jours. Bien sûr, la plupart d'entre nous réalisons que ce serait presque impossible à réaliser dans la réalité (à moins d'avoir investi dans la bonne cryptomonnaie et au bon moment à l'automne et au début de l'hiver 2017). La raison pour laquelle cette vieille leçon de mathématiques me vient à l'esprit quand je pense au manque de compétences en sécurité informatique, et en particulier en sécurité dans le Cloud, est la loi de Moore.//
[...] //Plus d'éléments sur la formation à la sécurité du Cloud sont disponibles sur la page "Formation [[CCSK]]" ([[ici|https://cloudsecurityalliance.org/education/]]), ou sur la page gratuite de préparation au [[CCSK]] ([[ici|https://cloudsecurityalliance.org/education/ccsk/#_prepare]]).//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/12/17/addressing-cloud-security-skills-gap/]] sur le blog de la CSA
La liste et les liens vers les présentaions traitant d'aspects sécurité lors de la conférence AWS re:Invent 2018 quis'est déroulée du 26 au 30 novebre 2018 à Las Vegas sont les suivants :
* __''AWS Services Security''__
** DEV349-R2 : [[Safeguard the Integrity of Your Code for Fast and Secure Deployments|https://www.slideshare.net/AmazonWebServices/safeguard-the-integrity-of-your-code-for-fast-and-secure-deployments-dev349r2-aws-reinvent-2018]]
** SEC397 : [[Introduction to AWS Security Hub|https://www.slideshare.net/AmazonWebServices/new-launch-introduction-to-aws-security-hub-sec397-aws-reinvent-2018]]
** CON366 : [[Introducing AWS Cloud Map|https://www.slideshare.net/AmazonWebServices/new-launch-introducing-aws-cloud-map-con366-aws-reinvent-2018]]
** GPSTEC402 : [[Understanding and Hardening the Attack Surface at the Edge|https://www.slideshare.net/AmazonWebServices/understanding-and-hardening-the-attack-surface-at-the-edge-gpstec402-aws-reinvent-2018]]
** ARC332 : [[Inventory and Patch Management Using AWS Systems Manager|https://www.slideshare.net/AmazonWebServices/inventory-and-patch-management-using-aws-systems-manager-arc332-aws-reinvent-2018]]
** CON317-R1 : [[Runtime Security across Kubernetes and AWS Fargate|https://www.slideshare.net/AmazonWebServices/runtime-security-across-kubernetes-and-aws-fargate-con317r1-aws-reinvent-2018]]
** STG304-S : [[Protecting Amazon EC2 Instances, Relational Databases, and NoSQL Workloads|https://www.slideshare.net/AmazonWebServices/protecting-amazon-ec2-instances-relational-databases-and-nosql-workloads-stg304s-aws-reinvent-2018]]
** CON303-R1 : [[Container Security and Avoiding the 2 A.M. Call|https://www.slideshare.net/AmazonWebServices/container-security-and-avoiding-the-2-am-call-con303r1-aws-reinvent-2018]]
** ENT213-S : [[Make Your Disaster Recovery Plan Resilient & Cost-Effective|https://www.slideshare.net/AmazonWebServices/make-your-disaster-recovery-plan-resilient-costeffective-ent213s-aws-reinvent-2018]]
** WIN307 : [[Security Best Practices for Microsoft Workloads|https://www.slideshare.net/AmazonWebServices/security-best-practices-for-microsoft-workloads-win307-aws-reinvent-2018]]
** CON316-R1 : [[Securing Container Workloads on AWS Fargate|https://www.slideshare.net/AmazonWebServices/securing-container-workloads-on-aws-fargate-con316r1-aws-reinvent-2018]]
** CON338-R1 : [[Kubernetes Clusters Security with Amazon EKS|https://www.slideshare.net/AmazonWebServices/kubernetes-clusters-security-with-amazon-eks-con338r1-aws-reinvent-2018]]
** SEC369-R1 : [[Securing Machine Learning Deployments for the Enterprise|https://www.slideshare.net/AmazonWebServices/securing-machine-learning-deployments-for-the-enterprise-sec369r1-aws-reinvent-2018]]
** SEC307-S : [[McAfee Skyhigh: Elevating Your AWS Security Posture|https://www.slideshare.net/AmazonWebServices/mcafee-skyhigh-elevating-your-aws-security-posture-sec307s-aws-reinvent-2018]]
** SEC319 : [[Meeting Enterprise Security Requirements with AWS Native Security Services|https://www.slideshare.net/AmazonWebServices/meeting-enterprise-security-requirements-with-aws-native-security-services-sec319-aws-reinvent-2018]]
** ANT392 : [[Security in Amazon Elasticsearch Service|https://www.slideshare.net/AmazonWebServices/security-in-amazon-elasticsearch-service-ant392-aws-reinvent-2018]]
* __''Governance''__
** SEC302 : [[How LogMeIn Automates Governance and Empowers Developers at Scale|https://www.slideshare.net/AmazonWebServices/how-logmein-automates-governance-and-empowers-developers-at-scale-sec302-aws-reinvent-2018]]
** SEC349-R1 : [[Governance at Scale|https://www.slideshare.net/AmazonWebServices/governance-at-scale-sec349r1-aws-reinvent-2018]]
** WPS204 : [[Building a Governance, Risk, and Compliance Strategy with AWS|https://www.slideshare.net/AmazonWebServices/building-a-governance-risk-and-compliance-strategy-with-aws-wps204-aws-reinvent-2018]]
** SEC336-R1 : [[Aligning to the NIST Cybersecurity Framework in the AWS Cloud|https://www.slideshare.net/AmazonWebServices/aligning-to-the-nist-cybersecurity-framework-in-the-aws-cloud-sec336r1-aws-reinvent-2018]]
** SEC350 : [[How Snap Accomplishes Centralized Security and Configuration Governance on AWS|https://www.slideshare.net/AmazonWebServices/how-snap-accomplishes-centralized-security-and-configuration-governance-on-aws-sec350-aws-reinvent-2018]]
** ENT350-R2 : [[AWS Landing Zone Deep Dive|https://www.slideshare.net/AmazonWebServices/aws-landing-zone-deep-dive-ent350r2-aws-reinvent-2018]]
** WPS206 : [[Executive Security Simulation Workshop|https://www.slideshare.net/AmazonWebServices/executive-security-simulation-workshop-wps206-aws-reinvent-2018]]
** ENT318 : [[Landing Zone Design: What to Do When Your Company Splits in Half|https://www.slideshare.net/AmazonWebServices/landing-zone-design-what-to-do-when-your-company-splits-in-half-ent318-aws-reinvent-2018]]
* __''Compliance''__
** LFS316 : [[Architecting for GxP Compliance in Life Sciences|https://www.slideshare.net/AmazonWebServices/architecting-for-gxp-compliance-in-life-sciences-lfs316-aws-reinvent-2018]]
** HLC302-S-i : [[Automating Compliance on AWS|https://www.slideshare.net/AmazonWebServices/automating-compliance-on-aws-hlc302si-aws-reinvent-2018]]
** GPSWS402 : [[Continuous Compliance for Modern Application Pipelines|https://www.slideshare.net/AmazonWebServices/continuous-compliance-for-modern-application-pipelines-gpsws402-aws-reinvent-2018]]
** SEC330 : [[Automating Compliance Certification with Automated Mathematical Proof|https://www.slideshare.net/AmazonWebServices/automating-compliance-certification-with-automated-mathematical-proof-sec330-aws-reinvent-2018pdf]]
** SEC206-R1 : [[GDPR Readiness and Management|https://www.slideshare.net/AmazonWebServices/gdpr-readiness-and-management-sec206r1-aws-reinvent-2018]]
** SEC317 : [[Set Up Compliance Automation Using AWS Management Tools|https://www.slideshare.net/AmazonWebServices/set-up-compliance-automation-using-aws-management-tools-sec317-aws-reinvent-2018]]
** ENT315-R1 : [[Automate & Audit Cloud Governance & Compliance in Your Landing Zone|https://www.slideshare.net/AmazonWebServices/automate-audit-cloud-governance-compliance-in-your-landing-zone-ent315r1-aws-reinvent-2018]]
** SEC205-R1 : [[Confidently Execute Your Cloud Audit: Expert Advice|https://www.slideshare.net/AmazonWebServices/confidently-execute-your-cloud-audit-expert-advice-sec205r1-aws-reinvent-2018]]
* __''Security / Network''__
** NET402 : [[AWS Transit Gateway and Transit VPCs - Reference Architectures for Many VPCs|https://www.slideshare.net/AmazonWebServices/new-launch-aws-transit-gateway-and-transit-vpcs-reference-architectures-for-many-vpcs-net402-aws-reinvent-2018]]
** SEC201-R1 : [[Security Framework Shakedown: Chart Your Journey with AWS Best Practices|https://www.slideshare.net/AmazonWebServices/security-framework-shakedown-chart-your-journey-with-aws-best-practices-sec201r1-aws-reinvent-2018]]
** SEC353-R1 : [[Keeping Secrets: Securing Your Data with AWS Cryptography|https://www.slideshare.net/AmazonWebServices/keeping-secrets-securing-your-data-with-aws-cryptography-sec353r1-aws-reinvent-2018]]
** NET306-R1 : [[Become an AWS VPN and AWS Direct Connect Expert|https://www.slideshare.net/AmazonWebServices/become-an-aws-vpn-and-aws-direct-connect-expert-net306r1-aws-reinvent-2018]]
** NET402 : [[Transit VPCs: Reference Architectures for Many VPCs|https://www.slideshare.net/AmazonWebServices/transit-vpcs-reference-architectures-for-many-vpcs-net402-aws-reinvent-2018]]
** SEC329 : [[AWS Encryption SDK: The Busy Engineer's Guide to Client-Side Encryption|https://www.slideshare.net/AmazonWebServices/aws-encryption-sdk-the-busy-engineers-guide-to-clientside-encryption-sec329-aws-reinvent-2018]]
** SEC203-R1 : [[A Practitioner's Guide to Securing Your Cloud (Like an Expert)|https://www.slideshare.net/AmazonWebServices/a-practitioners-guide-to-securing-your-cloud-like-an-expert-sec203r1-aws-reinvent-2018]]
** SEC325-R1 : [[Data Protection: Encryption, Availability, Resiliency, and Durability|https://www.slideshare.net/AmazonWebServices/data-protection-encryption-availability-resiliency-and-durability-sec325r1-aws-reinvent-2018]]
** [[Securing Your Customers Data From Day One - Startup Day|https://www.slideshare.net/AmazonWebServices/securing-your-customers-data-from-day-one-124305685]]
** SEC202-R1 : [[Top Cloud Security Myths - Dispelled!|https://www.slideshare.net/AmazonWebServices/top-cloud-security-myths-dispelled-sec202r1-aws-reinvent-2018]]
** SEC335-R1 : [[Configure Your Cloud to Make It Rain on Threats|https://www.slideshare.net/AmazonWebServices/configure-your-cloud-to-make-it-rain-on-threats-sec335r1-aws-reinvent-2018]]
** SEC313-S : [[A 360-Degree Cloud-Native Approach to Secure Your AWS Cloud Stack|https://www.slideshare.net/AmazonWebServices/a-360degree-cloudnative-approach-to-secure-your-aws-cloud-stack-sec313s-aws-reinvent-2018]]
** SEC337-R1 : [[Build a Vulnerability Management Program Using AWS for AWS|https://www.slideshare.net/AmazonWebServices/build-a-vulnerability-management-program-using-aws-for-aws-sec337r1-aws-reinvent-2018]]
** SEC312-S : [[The Perimeter is Dead. Long Live the Perimeters.|https://www.slideshare.net/AmazonWebServices/the-perimeter-is-dead-long-live-the-perimeters-sec312s-aws-reinvent-2018]]
* __''Incident Response Monitoring''__
** SEC420-R1 : [[Protecting Game Servers Against DDoS Attacks|https://www.slideshare.net/AmazonWebServices/protecting-game-servers-against-ddos-attacks-sec420r1-aws-reinvent-2018]]
** DEV206-S : [[Security Observability: Democratizing Security in the Cloud|https://www.slideshare.net/AmazonWebServices/security-observability-democratizing-security-in-the-cloud-dev206s-aws-reinvent-2018]]
** SEC327 : [[AWS Security in Your Sleep: Build End-to-End Automation for IR Workflows|https://www.slideshare.net/AmazonWebServices/aws-security-in-your-sleep-build-endtoend-automation-for-ir-workflows-sec327-aws-reinvent-2018]]
** SEC359-R1 : [[A DIY Guide to Runbooks, Security Incident Reports, & Incident Response|https://www.slideshare.net/AmazonWebServices/a-diy-guide-to-runbooks-security-incident-reports-incident-response-sec359r1-aws-reinvent-2018]]
** GPSTEC304 : [[Supercharge GuardDuty with Partners: Threat Detection and Response at Scale|https://www.slideshare.net/AmazonWebServices/supercharge-guardduty-with-partners-threat-detection-and-response-at-scale-gpstec304-aws-reinvent-2018]]
** SEC405-R1 : [[Scalable, Automated Anomaly Detection with GuardDuty, CloudTrail, & Amazon SageMaker|https://www.slideshare.net/AmazonWebServices/scalable-automated-anomaly-detection-with-guardduty-cloudtrail-amazon-sagemaker-sec405r1-aws-reinvent-2018]]
** SEC416-R1 : [[How to Perform Forensics on AWS Using Serverless Infrastructure|https://www.slideshare.net/AmazonWebServices/how-to-perform-forensics-on-aws-using-serverless-infrastructure-sec416r1-aws-reinvent-2018]]
** CTD304-R : [[Secure Your Site: Use CDN Security Features to Protect Your Content & Infrastructure|https://www.slideshare.net/AmazonWebServices/secure-your-site-use-cdn-security-features-to-protect-your-content-infrastructure-ctd304r-aws-reinvent-2018]]
** SEC321-R1 : [[How Zocdoc Achieves Automatic Threat Detection & Remediation with Security as Code|https://www.slideshare.net/AmazonWebServices/how-zocdoc-achieves-automatic-threat-detection-remediation-with-security-as-code-sec321r1-aws-reinvent-2018]]
** SEC323-R1 : [[Augmenting Security Posture and Improving Operational Health with AWS CloudTrail|https://www.slideshare.net/AmazonWebServices/augmenting-security-posture-and-improving-operational-health-with-aws-cloudtrail-sec323r1-aws-reinvent-2018]]
** SEC389 : [[Detecting Credential Compromise in AWS|https://www.slideshare.net/AmazonWebServices/detecting-credential-compromise-in-aws-sec389-aws-reinvent-2018]]
** SEC331 : [[Find All the Threats: AWS Threat Detection and Remediation|https://www.slideshare.net/AmazonWebServices/find-all-the-threats-aws-threat-detection-and-remediation-sec331-aws-reinvent-2018]]
* __''Automation''__
** SEC357-R1 : [[Turner's Journey to Scale Securely on a Lean Budget|https://www.slideshare.net/AmazonWebServices/turners-journey-to-scale-securely-on-a-lean-budget-sec357r1-aws-reinvent-2018]]
** SEC311-S : [[AWS and Symantec: Cyber Defense at Scale|https://www.slideshare.net/AmazonWebServices/aws-and-symantec-cyber-defense-at-scale-sec311s-aws-reinvent-2018]]
** ANT209-S : [[Security Challenges and Use Cases in the Modern Application Build-and-Deploy Pipeline|https://www.slideshare.net/AmazonWebServices/security-challenges-and-use-cases-in-the-modern-application-buildanddeploy-pipeline-ant209s-aws-reinvent-2018]]
** SEC309-S : [[Moody's: Deploying Cloud-Native Architectures with Automation|https://www.slideshare.net/AmazonWebServices/moodys-deploying-cloudnative-architectures-with-automation-sec309s-aws-reinvent-2018]]
** SEC318 : [[How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service Catalog Connector for ServiceNow|https://www.slideshare.net/AmazonWebServices/how-verizon-is-accelerating-cloud-adoption-and-migration-with-the-aws-service-catalog-connector-for-servicenow-sec318-aws-reinvent-2018]]
** CON321-R2 : [[Mythical Mysfits: DevSecOps with Docker and AWS Fargate|https://www.slideshare.net/AmazonWebServices/mythical-mysfits-devsecops-with-docker-and-aws-fargate-con321r2-aws-reinvent-2018]]
** SEC332-R1 : [[Adding the Sec to Your DevOps Pipelines|https://www.slideshare.net/AmazonWebServices/adding-the-sec-to-your-devops-pipelines-sec332r1-aws-reinvent-2018]]
** SEC391 : [[Inventory, Track, and Respond to AWS Asset Changes within Seconds at Scale|https://www.slideshare.net/AmazonWebServices/inventory-track-and-respond-to-aws-asset-changes-within-seconds-at-scale-sec391-aws-reinvent-2018]]
** SEC308-S : [[Orion Health CISO & Ops Unite for a Secure DevOps Practice|https://www.slideshare.net/AmazonWebServices/orion-health-ciso-ops-unite-for-a-secure-devops-practice-sec308s-aws-reinvent-2018]]
** ENT214-S : [[Autonomous DevSecOps: Five Steps to a Self-Driving Cloud|https://www.slideshare.net/AmazonWebServices/autonomous-devsecops-five-steps-to-a-selfdriving-cloud-ent214s-aws-reinvent-2018]]
** SEC395-R1 : [[Packetless Port Scanning: Automate DevSecOps with Amazon Inspector|https://www.slideshare.net/AmazonWebServices/packetless-port-scanning-automate-devsecops-with-amazon-inspector-sec395r1-aws-reinvent-2018]]
** ANT335-S : [[How to Automate Security Learning at Scale|https://www.slideshare.net/AmazonWebServices/how-to-automate-security-learning-at-scale-ant335s-aws-reinvent-2018]]
** SEC403 : [[Five New Security Automations Using AWS Security Services & Open Source|https://www.slideshare.net/AmazonWebServices/five-new-security-automations-using-aws-security-services-open-source-sec403-aws-reinvent-2018]]
* __''Identity''__
** SEC401-R1 : [[Mastering Identity at Every Layer of the Cake|https://www.slideshare.net/AmazonWebServices/mastering-identity-at-every-layer-of-the-cake-sec401r1-aws-reinvent-2018]]
** SEC324 : [[IAM for Enterprises: How Vanguard Matured IAM Controls to Support Micro Accounts|https://www.slideshare.net/AmazonWebServices/iam-for-enterprises-how-vanguard-matured-iam-controls-to-support-micro-accounts-sec324-aws-reinvent-2018]]
** FSV325 : [[How Nubank Automates Fine-Grained Security with IAM, AWS Lambda, and CI/CD|https://www.slideshare.net/AmazonWebServices/how-nubank-automates-finegrained-security-with-iam-aws-lambda-and-cicd-fsv325-aws-reinvent-2018]]
** SEC390-R1 : [[Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles)|https://www.slideshare.net/AmazonWebServices/unleash-the-power-of-temporary-aws-credentials-aka-iam-roles-sec390r1-aws-reinvent-2018]]
** SEC316-R1 : [[Become an IAM Policy Master in 60 Minutes or Less|https://www.slideshare.net/AmazonWebServices/become-an-iam-policy-master-in-60-minutes-or-less-sec316r1-aws-reinvent-2018pdf]]
** SEC320 : [[Policy Verification and Enforcement at Scale with AWS|https://www.slideshare.net/AmazonWebServices/policy-verification-and-enforcement-at-scale-with-aws-sec320-aws-reinvent-2018]]
* __''Serverless''__
** SRV314-R1 : [[Securing Serverless Applications and AWS Lambda|https://www.slideshare.net/AmazonWebServices/securing-serverless-applications-and-aws-lambda-srv314r1-aws-reinvent-2018]]
** SEC362-R1 : [[Best Practices for Securing Serverless Applications|https://www.slideshare.net/AmazonWebServices/best-practices-for-securing-serverless-applications-sec362r1-aws-reinvent-2018]]
** SRV306-R1 : [[Managing Identity Management, Authentication, & Authorization for Serverless Applications|https://www.slideshare.net/AmazonWebServices/repeat-1-managing-identity-management-authentication-authorization-for-serverless-applications-srv306r1-aws-reinvent-2018]]
** SRV319-R1 : [[Security & Compliance for Modern Serverless Applications|https://www.slideshare.net/AmazonWebServices/security-compliance-for-modern-serverless-applications-srv319r1-aws-reinvent-2018]]
** API317-R2 : [[Securing Data in Serverless Applications and Messaging Services|https://www.slideshare.net/AmazonWebServices/securing-data-in-serverless-applications-and-messaging-services-api317r2-aws-reinvent-2018]]
** SEC322-R1 : [[Using AWS Lambda as a Security Team|https://www.slideshare.net/AmazonWebServices/using-aws-lambda-as-a-security-team-sec322r1-aws-reinvent-2018]]
[>img(200px,auto)[iCSA_/streamlining-it.png]]__Streamlining Vendor IT Security and Risk Assessments__
<<<
//A perspective on standards-based assurance of Cloud Providers.//
<<<
__Lien de téléchargement :__
→ https://cloudsecurityalliance.org/artifacts/streamlining-vendor-it-security-and-risk-assessments/
!"//Development of Cloud Security Guidance, with Mapping MY PDPA Standard to CCM Control Domains//"
[>img(150px,auto)[iCSA/CCM.png]]Article de blog publié le 6 décembre 2018 — Rédigé par Ekta Mishra, Research Analyst/APAC, Cloud Security Alliance
<<<
__''Guide sur la sécurité dans le Cloud, avec correspondance entre la norme PDPA (Malaisie) et la Cloud Controls Matrix (CCM)''__
//La [[Cloud Controls Matrix]] (CCM) fournit un cadre de contrôle qui permet de bien appréhender les concepts et principes de sécurité alignés sur les directives de la Cloud Security Alliance dans 13 domaines. Les fondements de la CCM reposent sur ses correspondantes avec d'autres normes, règlements et cadres de contrôle de sécurité (ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum et NERC CIP...//
[...]
//Le Commissaire malaisien à la protection des données personnelles a publié le "Personal Data Protection Standards 2015" (ou "Normes de protection des données personnelles 2015"), qui sont entrées en vigueur le 23 décembre 2015. Pour les personnes concernées, c'est-à-dire toute personne qui "traite" et "contrôle ou autorise le traitement de données à caractère personnel dans le cadre de transactions commerciales" (donc toute personne ou société qui traite des données à caractère personnel dans le cadre de ses activités, également appelée "utilisateurs de données"), ces normes constituent un nouveau palier de conformité et imposent des responsabilités supplémentaires à ces utilisateurs, en plus de celles définies par la loi malaisienne de protection des données personnelles 2010 ("PDPA").//
[...]
Lien externe : [[Personal Data Protection Standards 2015|http://www.pdp.gov.my/index.php/en/akta-709/standard]] de Malaisie.
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/12/06/mapping-pdpa-standard-ccm-control-domains/]] sur le blog de la CSA
!La Cloud Security Alliance et OneTrust publient un outil gratuit "Vendor Risk Management Tool" pour les membres de la CSA.
__Seattle, le 4 décembre 2018.__ [>img(250px,auto)[iCSA_/onetrust.png]]
Aujourd'hui, la [[Cloud Security Alliance]] (''CSA'') et [[OneTrust|https://onetrust.com/]] ont lancé un outil gratuit de gestion du risque fournisseur ("Vendor Risk Management" ou "VRM") pour automatiser le cycle de vie du risque fournisseur afin de le rendre conforme au ''GDPR'', au ''CCPA'' ("California Consumer Privacy Act") et à d'autres cadres règlementaires portant sur la confidentialité et la sécurité. La ''CSA'' a choisi OneTrust, la plateforme technologique de gestion de la protection de la vie privée la plus importante et la plus utilisée, pour l'évaluation des risques des fournisseurs et l'automatisation de la conformité.
L'outil est prérempli de modèles reproduisant les meilleures pratiques de la ''CSA'' n matière de sécurité dans le Cloud, d'assurance de la protection de la vie privée et de conformité, y compris la [[Cloud Controls Matrix|Publications - Cloud Controls Matrix]] ([[CCM]]), le ''Consensus Assessments Initiative Questionnaire'' ([[CAIQ]]) et ''GDPR Code of Conduct''. Il est ainsi possible de s'appuyer sur des modèles existants ou créer des évaluations personnalisées des fournisseurs selon les besoins.
[>img(250px,auto)[iCSA_/CSA+OneTrust_VRM.png]]L'outil ''CSA-OneTrust VRM'' automatise l'ensemble du cycle de vie de la gestion des fournisseurs, notamment :
* Intégration et rupture avec des fournisseurs
* Sélection des fournisseurs
* Remplir les caractéristiques des fournisseurs et surveiller leur cycle de vie de gestion des risques
* Tenir à jour les informations à des fins de comptabilité et de conformité.
L'outil est alimenté par ''Vendorpedia''™ par ''OneTrust'', une base de données sur la confidentialité et la sécurité de plus de 4.000 fournisseurs qui alimente automatiquement les évaluations des fournisseurs à partir des informations les plus récentes.
L'outil est librement accessible [[ici|https://www.onetrust.com/csa-vrm]]
Le communiqué de presse est disponible [[ici|https://cloudsecurityalliance.org/articles/csa-and-onetrust-launch-free-vendor-risk-management-tool/]] sur le site de la Cloud Security Alliance.
!"//Typical Challenges in Understanding CCSK and CCSP: Technology Architecture//"
[>img(150px,auto)[iCSA_/ccsk-1-300x300.jpg]]Article de blog publié le 3 décembre 2018 — Rédigé par Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com
<<<
__''Les challenges pour comprendre le [[CCSK]] et le CCSP : l'architecture technologique''__
//Alors que le Cloud Computing devient de plus en plus courant, nombreux sont ceux qui cherchent à obtenir une certification en sécurité dans le Cloud. Parce que j'enseigne pour la préparation aux deux certifications les plus populaires — le "Certificate of Cloud Security Knowledge" ([[CCSK]]) de la [[Cloud Security Alliance]] (CSA), et le "Certified Cloud Security Professional" (CCSP) de l'ISC^^2^^ — nombreux sont ceux que je vois travailler pour réussir ces examens.
Mes étudiants viennent d'horizons très divers, chacun apportant ses propres expériences qui teintent sa compréhension de la façon dont le Cloud est géré et contrôlé. [...]
C'est pourquoi l'architecture technologique est si importante pour les personnes moins techniques. Et cela explique aussi pourquoi c'est difficile. L'ensemble des connaissances nécessaires au [[CCSK]] se concentre spécifiquement sur la façon dont l'architecture de la technologie du Cloud a un impact sur sa gestion, en particulier sur la gestion des risques, et cela en fait un excellent outil pour constituer des équipes efficaces dans l'adoption du Cloud.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/12/03/understanding-ccsk-ccsp-technology-architecture/]] sur le blog de la CSA
!"//Keeping Your Boat Afloat with a Cloud Access Security Broker//"
^^Bien que publié le 7 décembre 2018 sur le blog de la CSA, cet article l'a déjà été il y a __un mois__, le 5 novembre 2018 sur le site de Bitglass
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/12/07/keep-boat-afloat-casb/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/boat-afloat-casb]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201811>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Novembre 2018]]>><<tiddler fAll2LiTabs13end with: Blog","201811>>
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2018.12.02 -- 2018.11.26|
|2018.11.30|Help Net Security|[[The fundamentals of network security and cybersecurity hygiene|https://www.helpnetsecurity.com/2018/11/30/cybersecurity-hygiene/]] (1/3)|Misc|
|2018.11.30|Infosec Institute|[[Honeypots in the Cloud|https://resources.infosecinstitute.com/honeypots-in-the-cloud/]]|Misc|
|2018.11.30|TechRepublic|![[Amazon Web Services: A cheat sheet|https://www.techrepublic.com/article/amazon-web-services-the-smart-persons-guide/]]|AWS|
|2018.11.30|//Quadrotech//|[[How to Enhance the Security of Office 365|https://www.quadrotech-it.com/blog/how-to-enhance-the-security-of-office-365/]]|O365|
|2018.11.30|Medium|![[Leveraging AWS for Incident Response: Part 2|https://medium.com/faun/leveraging-aws-for-incident-response-part-2-bac66bfaf1a1]] (2/2)|AWS Incident_Response|
|2018.11.29|//QuoScient//|![[Golden Chickens: Uncovering A Malware-as-a-Service (MaaS) Provider and Two New Threat Actors Using It|https://medium.com/@quoscient/golden-chickens-uncovering-a-malware-as-a-service-maas-provider-and-two-new-threat-actors-using-61cf0cb87648]]|MaaS|
|2018.11.28|//AWS//|![[Introducing AWS Security Hub|https://aws.amazon.com/about-aws/whats-new/2018/11/introducing-aws-security-hub/]]|AWS Monitoring|
|2018.11.29|SecurityWeek| → [[AWS Security Hub Aggregates Alerts From Third-Party Tools|https://www.securityweek.com/aws-security-hub-aggregates-alerts-third-party-tools]]|AWS Monitoring|
|2018.11.28|CIS|[[Using a Hardened Container Image for Secure Applications in the Cloud|https://www.cisecurity.org/blog/using-hardened-container-image-secure-applications-cloud/]]|Container|
|2018.11.28|CBR Online|![[Did Amazon Just Kill Tape Storage?|https://www.cbronline.com/news/glacier-deep-archive]]|Storage|
|2018.11.28|CBR Online|[[Deja Vu All Over Again: Microsoft in Fresh MFA Meltdown|https://www.cbronline.com/news/microsoft-mfa-meltdown]]|Outage|
|2018.11.28|Netflix|[[Netflix Information Security: Preventing Credential Compromise in AWS|https://medium.com/netflix-techblog/netflix-information-security-preventing-credential-compromise-in-aws-41b112c15179]]|AWS Netflix|
|2018.11.28|//UpGuard//|![[S3 Security Is Flawed By Design|https://www.upguard.com/blog/s3-security-is-flawed-by-design]]|AWS_S3|
|2018.11.28|//AlienVault//|[[Security Issues and Monitoring in AWS: IAM and Common Abuses in AWS|https://www.alienvault.com/blogs/security-essentials/iam-and-common-abuses-in-aws]] (1/4)|AWS Monitor|
|2018.11.28|//HackenProof//|[[New Data Breach exposes 57 million records|https://blog.hackenproof.com/industry-news/new-data-breach-exposes-57-million-records/]]|Data_Leaks|
|2018.11.28|//Threatpost//|[[Leaky AWS Storage Bucket Spills Military Secrets, Again|https://threatpost.com/leaky-aws-storage-bucket-spills-military-secrets-again/129021/]]|DataLeak AWS|
|2018.11.27|The Register|[[Microsoft reveals terrible trio of bugs that knocked out Azure, Office 362.5 multi-factor auth logins for 14 hours|https://www.theregister.co.uk/2018/11/27/microsoft_azure_outage_postmortem/]]|Outage|
|2018.11.27|AWS Insider|[[AWS Adds Options To Move Data to Its Cloud|https://awsinsider.net/articles/2018/11/27/aws-adds-data-transfer-options.aspx]]|AWS|
|2018.11.27|//Backblaze//|[[What's the Diff: NAS vs SAN|https://www.backblaze.com/blog/whats-the-diff-nas-vs-san/]]|Misc|
|2018.11.27|//Zscaler//|[[Three reasons why SDP is replacing the VPN|https://www.zscaler.com/blogs/corporate/three-reasons-why-sdp-replacing-vpn]]|SDP|
|2018.11.26|Security Boulevard|[[Building a Multi-Cloud Strategy? Be Sure to Address the Security and Management Challenges|https://securityboulevard.com/2018/11/building-a-multi-cloud-strategy-be-sure-to-address-the-security-and-management-challenges/]]|Misc|
|>|>|>|!2018.11.25 -- 2018.11.19|
|2018.11.23|//Threatpost//|[[ThreatList: One-Third of Firms Say Their Container Security Lags|https://threatpost.com/threatlist-container-security-lagging/139304/]]|Container|
|2018.11.22|//StackRox//|[[Must-Have Capabilities When Evaluating Container Security Solutions|https://www.stackrox.com/post/2019/01/must-have-capabilities-when-evaluating-container-security-solutions/]]|Misc|
|2018.11.21|IT Business Edge|[[ERP Faces New Security Threats|https://www.itbusinessedge.com/blogs/infrastructure/erp-faces-new-security-threats.html]]|Misc|
|2018.11.21|Infosec Institute|[[Developments Around Cloud TAP Capability|https://resources.infosecinstitute.com/developments-around-cloud-tap-capability/]]|Misc|
|2018.11.21|//Lacework//|[[Next Generation Firewall is Your Grandfather's Generation in the Cloud|https://www.lacework.com/next-generation-firewall-your-grandfathers-cloud/]]|Misc|
|2018.11.20|CIS|[[New CIS Benchmark for Google Cloud Computing Platform|https://www.cisecurity.org/blog/new-cis-benchmark-for-google-cloud-computing-platform/]]|Google|
|2018.11.20|CBR Online|[[Redis Overload to Blame for 17-Hour Azure MFA Login Crisis|https://www.cbronline.com/news/azure-mfa-redis]]|Azure MFA Outage Lessons_Learnt|
|2018.11.19|Help Net Security|[[New security feature to prevent Amazon S3 bucket misconfiguration and data leaks|https://www.helpnetsecurity.com/2018/11/19/prevent-amazon-s3-bucket-misconfiguration/]]|AWS_S3|
|2018.11.19|NCSC UK|[[Software as a Service (SaaS) security guidance|https://www.ncsc.gov.uk/collection/saas-security]]|SaaS|
|2018.11.19|DZone|![[My Mental Model of AWS|https://dzone.com/articles/my-mental-model-of-aws]]|AWS|
|2018.11.19|Host Review|[[Cloud Security Alliance's CCSK Wins Cyber Defense Global Award for Leader Cybersecurity Training|https://www.hostreview.com/news/181119-cloud-security-alliances-ccsk-wins-cyber-defense-global-award-for-leader-cybersecurity-training]]|Misc|
|2018.11.19|CBR Online|![[Azure Down, Office 365 Down: Users "Reaching for Torches and Pitchforks"|https://www.cbronline.com/news/azure-down-office-355-down]]|Outage|
|2018.11.19|The Register|[[Microsoft confirms: We fixed Azure by turning it off and on again. PS: Office 362 is still borked|https://www.theregister.co.uk/2018/11/19/microsoft_azure_office_outage_latest/]]|Outage|
|2018.11.20|CBR Online| → [[Redis Overload to Blame for 17-Hour Azure MFA Login Crisis|https://www.cbronline.com/news/azure-mfa-redis]]|Outage|
|2018.11.19|CBR Online|[[Cloudy, with a Chance of Overspend|https://www.cbronline.com/feature/cloud-overspend-survey]]|Misc|
|2018.11.19|Medium|![[Leveraging AWS for Incident Response: Part 1|https://medium.com/faun/leveraging-aws-for-incident-response-part-1-2963bb31bc05]] (1/2)|AWS Incident_Response|
|>|>|>|!2018.11.18 -- 2018.11.12|
|2018.11.17|//Aviatrix//|![[Understanding AWS VPC Egress Filtering Methods|https://www.aviatrix.com/blog/understanding-aws-vpc-egress-filtering-methods/]]|AWS Filtering|
|2018.11.17|NCSC UK|[[Cloud security guidance|https://www.ncsc.gov.uk/collection/cloud-security]]|Guidance|
|2018.11.16|InfoSec Institut|[[The Cloud Browser|https://resources.infosecinstitute.com/the-cloud-browser/]]|Misc|
|2018.11.16|//Kromtech//|[[Australian Broadcasting Corporation Exposed Sensitive Data Online|https://kromtech.com/blog/security-center/australian-broadcasting-corporation-exposed-sensitive-data-online]]|Misc|
|2018.11.16|AWS Insider|[[AWS Adds Controls To Block Public Access to S3|https://awsinsider.net/articles/2018/11/16/aws-public-access-to-s3.aspx]]|Misc|
|2018.11.16|//Nutanix//|[[Enterprise Cloud Index - 2018 Edition (pdf)|https://www.nutanix.com/enterprise-cloud-index/docs/enterprise-cloud-index.pdf]]|Misc|
|2018.11.15|Christophe Parisel|[[Demystifying PaaS security (part 2)|https://www.linkedin.com/pulse/demystifying-paas-security-part-2-christophe-parisel/]] (2/3)|PaaS|
|2018.11.15|Bleeping Computer|[[Misconfigured Docker Services Actively Exploited in Cryptojacking Operation|https://www.bleepingcomputer.com/news/security/misconfigured-docker-services-actively-exploited-in-cryptojacking-operation/]]|Attacks Docker|
|2018.11.15|TechRepublic|[[The top 5 myths about cloud-based security|https://www.techrepublic.com/article/the-top-5-myths-about-cloud-based-security/]]|Misc|
|2018.11.15|//Amazon//|[[Amazon S3 Block Public Access - Another Layer of Protection for Your Accounts and Buckets|https://aws.amazon.com/blogs/aws/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets/]]|Amazon_S3|
|2018.11.14|SecurityWeek|[[Misconfiguration a Top Security Concern for Containers|https://www.securityweek.com/misconfiguration-top-security-concern-containers]]|Misc|
|2018.11.14|//Threatpost//|[[Permissions Flaw Found on Azure AD Connect|https://threatpost.com/permissions-flaw-found-azure-ad-connect/129170/]]|Azure Active_Directory|
|2018.11.14|//StackRox//|[[Survey Says … Security Tops the List of Container Strategy Concerns|https://www.stackrox.com/post/2018/11/survey-says-security-tops-the-list-of-container-strategy-concerns/]]|Misc|
|2018.11.14|//StackRox//|[[StackRox Report: Misconfigurations and Runtime Security Top Enterprise Concerns in Containers and Kubernetes Deployments|https://www.stackrox.com/press-releases/2018/11/stackrox-report-misconfigurations-and-runtime-security-top-enterprise-concerns-in-containers-and-kubernetes-deployments/]]|Misc|
|2018.11.13|//Microsoft Azure//|![[Risky sign-ins report in the Azure Active Directory portal|https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins]]|AzureAD Detection|
|2018.11.13|//Aqua Security//|[[Serverless Security: The Importance of FaaS Risk Assessment|https://blog.aquasec.com/serverless-security-faas-risk-assessment]]|Misc|
|2018.11.13|//Avanan//|[[5 Signs of a Compromised Account|https://www.avanan.com/resources/5-signs-of-a-compromised-account]]|Misc|
|2018.11.13|//Gartner//|[[Predicts 2019: Identity and Access Management|https://www.gartner.com/doc/3895045]]|Misc|
|2019.02.08|//BitDefender//| → [[40% of Organizations Will Adopt Biometric SaaS Authentication by 2022, Gartner Predicts|https://businessinsights.bitdefender.com/40-of-organizations-will-adopt-biometric-saas-authentication-by-2022-gartner-predicts]]|Misc|
|2018.11.12|Infosec Island|[[Addressing the CISO's Key Challenges in 2018 and Beyond with Endpoint Detection and Response|http://www.infosecisland.com/blogview/25136-Addressing-the-CISOs-Key-Challenges-in-2018-and-Beyond-with-Endpoint-Detection-and-Response.html]]|Cloud Misc.|
|2018.11.12|//Detectify//|[[Cloud security basics: 9 security issues to address as you move to cloud services|https://blog.detectify.com/2018/11/12/cloud-security-basics-address-as-you-move-to-cloud-services/]]|Risks|
|>|>|>|!2018.11.11 -- 2018.11.05|
|2018.11.09|ITweb|[[How to manage and secure your digital workplace|https://www.itweb.co.za/content/VgZeyqJAPaVMdjX9]]|Misc|
|2018.11.09|//Security Intelligence (IBM)//|[[How Can Companies Move the Needle on Enterprise Cloud Security Risks and Compliance?|https://securityintelligence.com/how-can-companies-move-the-needle-on-enterprise-cloud-security-risks-and-compliance/]]|Misc|
|2018.11.08|Premier Ministre[>img[iCSF/flag_fr.png]]|![[Doctrine d'utilisation de l'informatique en nuage par l'État|http://circulaires.legifrance.gouv.fr/pdf/2018/11/cir_44120.pdf]]|France Government|
|2018.11.08|//Backblaze//|[[Modern Storage Workflows in the Age of Cloud|https://www.backblaze.com/blog/cloud-based-video-production-workflows/]]|Misc|
|2018.11.08|//Sysdig//|[[29 Docker security tools compared|https://sysdig.com/blog/20-docker-security-tools/]]|Misc|
|2018.11.08|//Avanan//|[[How to Find and Quarantine Emails from Compromised Accounts in Office 365|https://www.avanan.com/resources/how-to-find-and-quarantine-emails-from-compromised-accounts-in-office-365]]|Misc|
|2018.11.08|//Radware//|[[Protecting Applications in a Serverless Architecture|https://blog.radware.com/security/2018/11/protecting-applications-in-a-serverless-architecture/]]|Serverless|
|2018.11.08|//Check Point//|[[The Spy Drone In Your Cloud|https://blog.checkpoint.com/2018/11/08/the-spy-drone-in-your-cloud/]]|Misc|
|2018.11.08|//Synopsys//|[[10 critical cloud security threats in 2018 and beyond|https://www.synopsys.com/blogs/software-security/10-cloud-security-threats-2018/]]|Threats|
|2018.11.07|//Alcide//|[[The Evolution of Serverless (2/2): From Microservices to Containers|https://blog.alcide.io/the-evolution-of-serverless-from-microservices-to-containers-to-functions-part-1]]|Misc|
|2018.11.07|//ThreatStack//|![[25 AWS Security Tips: Securing Your AWS Environment|https://dzone.com/articles/25-aws-security-tips]]|AWS|
|2018.11.06|Tech Republic|[[75% of organizations are buying more security tools to keep up with cloud in 2019|https://www.techrepublic.com/article/75-of-organizations-are-buying-more-security-tools-to-keep-up-with-cloud-in-2019/]]|Misc|
|2018.11.06|//Nuageo//[>img[iCSF/flag_fr.png]]|[[Donnez de l'éclat à vos données : valorisez-les|https://www.nuageo.fr/2018/11/valorisez-vos-donnees/]]|Misc|
|2018.11.06|//Alcide//|[[2018 Report: The State of Securing Cloud Workload|https://get.alcide.io/alcide-survey-cloud-security-2018]]|Misc|
|2018.11.05|//Securonix//|[[Detecting Phishing and Account Compromise in Office 365|https://www.securonix.com/detecting-phishing-and-account-compromise-in-office-365/]]|Misc|
|2018.11.05|//Lacework//|[[A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud|https://www.lacework.com/how-basketball-explains-risk-in-the-cloud/]]|Misc|
|2018.11.05|SANS|[[2018 Secure DevOps: Fact or Fiction?|https://www.sans.org/reading-room/whitepapers/analyst/2018-secure-devops-fact-fiction-38690]]|Analysis Misc.|
|>|>|>|!2018.11.04 -- 2018.10.29|
|2018.11.04|CBR Online|[[NHS Email Suffers Complete Outage: Accenture Facing Heavy Fines|https://www.cbronline.com/news/nhs-email-outage]]|Misc|
|2018.11.02|Petri|[[Paul Thurrott's Short Takes: November 2|https://www.petri.com/paul-thurrotts-short-takes-november-2]]|Misc|
|2018.11.02|//Google Cloud//|[[Exploring container security: running and connecting to HashiCorp Vault on Kubernetes|https://cloud.google.com/blog/products/identity-security/exploring-container-security-running-and-connecting-to-hashicorp-vault-on-kubernetes]]|Misc|
[>img(200px,auto)[iCSA_/Blockchain-DLT.png]]__Blockchain DLT Use Cases__
<<<
//Thanks to the rise in popularity of Bitcoin cryptocurrency, the innovative technologies of Blockchain and other systems of distributed ledger technology (DLT) have proven their ability to increase security of data during transactions and provide immutable long-term data storage.//
<<<
__Lien de téléchargement :__ https://cloudsecurityalliance.org/artifacts/blockchain-dlt-use-cases/
!"//Weigh in on the Cloud Control Matrix Addenda//"
[>img(200px,auto)[iCSA/I79BM.png]]Article de blog publié le 23 novembre 2018 — Rédigé par le [[Cloud Controls Matrix]]
<<<
__''Appel à commentaires sur la CCM avant le 20 décembre 2018''__
//La [[Cloud Security Alliance]] lance un appel à commentaires sur 2 annexes de la [[Cloud Controls Matrix|Publications - Cloud Controls Matrix]] pour les normes suivantes :
* Office fédéral allemand de la sécurité de l'information (BSI) : Cloud Computing Compliance Controls Catalogue (C5)
** [[Page d'explication|https://cloudsecurityalliance.org/artifacts/ccm-c5/]] sur le site de la [[Cloud Security Alliance]] "CCM Addendum - C5" →
** [[Document à remplir|https://docs.google.com/spreadsheets/d/1fpgXcvn4A0W68C1webxTZ4epqCsZbdcggqTWoy7J5ug/edit?usp=sharing]] sur Google Sheets avec 4 onglets : "Introduction", "C5", "CCM", "Terminology"
* ISO/IEC 27002, ISO/IEC 27017 et ISO/IEC 27018.
** [[Page d'explication|https://cloudsecurityalliance.org/artifacts/ccm-iso/]] sur le site de la [[Cloud Security Alliance]] "CCM Addendum - ISO/IEC 27002, 27017, 27018"
** [[Document à remplir|https://docs.google.com/spreadsheets/d/12g5oVb9tOlfBU_ky9xErcvNz0P5A2oQPd4MHuMk4VD4/edit?usp=sharing]] sur Google Sheets avec 4 onglets : "Introduction", "ISO", "CCM", "Terminology"
Ces documents contiennent donc :
* une équivalence entre les normes susmentionnées et la [[Cloud Controls Matrix|Publications - Cloud Controls Matrix]] (exemple : quel(s) contrôle(s) dans la CCM correspond(ent) à chaque contrôle donné dans la norme ISO 27017),
* une analyse des écarts,
* les contrôles de réduction des écarts (les annexes à proprement parlé).
Il est demandé de se concentrer sur le contenu du document, en faisant abstraction des éventuels commentaires éditoriaux sur la grammaire, le formatage, etc.
La date limite pour transmettre des commentaires est le ''20 décembre 2018''.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/11/20/cloud-control-matrix-addenda/]] sur le blog de la CSA
!"//Voice Your Opinion on the New Top Threats to Cloud Computing//"
[>img(150px,auto)[iCSA_/topthreats-deepdivecover.png]]Article de blog publié le 20 novembre 2018 — Rédigé par le [[Groupe de Travail - Top Threats]]
<<<
__''Exprimez votre opinion sur les nouvelles menaces qui pèsent sur le Cloud Computing''__
//Le [[Groupe de Travail - Top Threats]] de la [[Cloud Security Alliance]] publie un sondage pour la prochaine version du rapport sur les principales menaces sur le Cloud. 19 types de problèmes de sécurité ont été séletionnés, depuis des problèmes récurrents tels que les failles de sécurité, les interfaces et API non sécurisées, jusqu'à de nouveaux problèmes tels que la faiblesse des plan de contrôle.
Il s'agit de déterminer la perception de l'industrie quant aux enjeux les plus importants. La durée pour remplir ce sondage de 26 questions est inférieure à 10 minutes.
Lien vers le sondage sur le site SurveyMonkey [[ici|https://www.surveymonkey.com/r/MQ553TW]]. Le sondage est ouvert jusqu'au ''20 décembre 2018''.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/11/20/opinion-cloud-computing-top-threats/]] sur le blog de la CSA
!"//CCSK Success Stories: Cloud Security Training from a CTO's Perspective//"
[>img(200px,auto)[iCSA_/CCSKtraining.png]]Article de blog publié le 19 novembre 2018.
__''Retour d'expérience sur le [[CCSK]] : la formation Cloud Security Training vue par un Directeur Technique''__
<<<
Lancement d'une série sur la formations à la sécurité dans le Cloud avec Cory Cowgill, le vice-président et directeur technique de ''Fusion Risk Management'', qui a une longue expérience dans le développement logiciel et plusieurs certifications dont "Salesforce System Architect and Application Architect", "Amazon Web Services Solution Architect", et "Cloud Security Alliance Certificate of Cloud Security Knowledge" ([[CCSK]]). [...]
//Qu'est-ce qui vous a conduit au [[CCSK]] ?//
* La recherche et le travail avec la [[CCM]] ([[Cloud Controls Matrix]]) m'ont mené au [[CCSK]]. Je passe ma vie à apprendre, et j'ai donc décidé de passer l'examen que j'ai réussi récemment et j'ai trouvé qu'une grande partie du contenu était directement applicable et utile. Je le recommande à tous les professionnels de la sécurité informatique. Il fournit un ensemble de principes complets et objectifs qui sont d'une valeur inestimable en matière de sécurité. Le document [[CSA Security Guidance v4|Groupe de Travail - Security Guidance]] sera désormais une lecture obligatoire pour tous mes ingénieurs dans notre entreprise.
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/11/19/ccsk-success-stories-cto-perspective/]] sur le blog de la CSA
!"//AWS Cloud: Proactive Security and Forensic Readiness - Part 4//"
[>img(300px,auto)[iCSA/I3NBA.jpg]]Article de blog publié le 19 novembre 2018 — Rédigé par Neha Thethi, Information Security Analyst, BH Consulting
<<<
__''Cloud AWS : Contrôles de détection dans AWS (4^^ème^^ partie)''__
Les contrôles de sécurité peuvent être techniques ou administratifs. Une approche de sécurité à plusieurs niveaux pour protéger les actifs et l'infrastructure de l'information d'une organisation devrait comprendre des contrôles préventifs, des contrôles de détection et des contrôles de correction.
Il existe des contrôles préventifs pour éviter que la menace ne puisse exploiter des vulnérabilités. Il y a des contrôles de détection pour déterminer si la menace a affectivement frappé nos systèmes. Il existe des contrôles correctifs pour atténuer les effets de la menace qui se manifeste.
Cet article concerne les contrôles de détection au sein d'AWS Cloud.
Il s'agit du quatrième article d'une série de cinq qui fournit une liste de contrôle pour la sécurité proactive et l'état de préparation à l'analyse forensique dans un environnement Cloud Amazon.
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/11/16/aws-cloud-proactive-security-forensic-readiness-2/]] sur le blog de la CSA
Lien original : http://bhconsulting.ie/aws-detective-controls/
!Cloud Controls Matrix v3.0.1 (mise à jour du 12.11.2018)
[>img(100px,auto)[iCSA_/CSA-CCMv3.jpg]]__Extrait :__
> //This initiative aims to develop a research whitepaper, focusing on building up a cloud security services management platform. This whitepaper will serve as a guideline for cloud service providers to secure its cloud platform and provide cloud security services to cloud users, for cloud users to select security qualified cloud service providers, for security vendors to develop their cloud-based security products and services.//
__Lien de téléchargement :__ https://cloudsecurityalliance.org/artifacts/guideline-on-effectively-managing-security-service-in-the-cloud/
!"//Cloud Threat Report: Emotet, Dridex, Mylobot Malware Activity - Week of 11/26//"
^^Bien que publié le 30 novembre 2018 sur le blog de la CSA, cet article l'a déjà été le 27 novembre 2018 sur le site de TRU*STAR
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/11/30/cloud-threat-report-week-11-26/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.trustar.co/blog/cloud-threat-report-emotet-dridex-mylobot-malware-activity]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Bitglass Security Spotlight: US Government Breaches Abound//"
^^Bien que publié le 30 novembre 2018 sur le blog de la CSA, cet article l'a déjà été il y a __3 semaines__, le 7 novembre 2018 sur le site de Bitglass
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/11/30/bitglass-security-spotlight-us-govt-breaches/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/bss-us-gov-breaches-abound]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//How to Do the Impossible and Secure BYOD//"
^^Bien que publié le 26 novembre 2018 sur le blog de la CSA, cet article l'a déjà été le 15 novembre 2018 sur le site de Bitglass
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/11/26/impossible-secure-byod/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/the-impossible-securing-byod]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Fixing Your Mis-Deployed NGFW//"
[>img(70px,auto)[iCSA_/Firewall.png]]^^Bien que publié le 23 novembre 2018 sur le blog de la CSA, cet article l'a déjà été il y a __3 mois__, le 29 août 2018 sur le site de Bitglass
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/11/23/fixing-mis-deployed-ngfw/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/fixing-your-mis-deployed-ngfw]].^^
Ce court article, rédigé par Rich Campagna de la société Bitglass, mérite d'être lu.
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Seven Reasons Why Proxy-based CASBs Are Required for Office 365//"
^^Bien que publié le 9 novembre 2018 sur le blog de la CSA, cet article l'a déjà été il y a __presque 3 mois__, le 21 août 2018 sur le site de Bitglass
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/11/08/proxy-based-casbs-required-office-365/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/7-reasons-why-proxy-based-casbs-are-required-for-office-365]].^^
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201810>>
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2018.10.31|CloudTech|[[Why it's time to fight back against cyber risk to cloud computing and virtual machines|https://www.cloudcomputing-news.net/news/2018/oct/31/why-cyber-risk-cloud-computing-virtual-machines/]]|Misc|
|2018.10.31|//HashiCorp//|![[Cloud Adoption|https://www.hashicorp.com/cloud-adoption]]|SecOps DevSecOps Infrastructure|
|2018.10.30|!Marco Lancini |![[My Arsenal of Cloud Native (Security) Tools|https://www.marcolancini.it/2018/blog-arsenal-cloud-native-security-tools/]] |Tools Docker Kubernetes AWS GCP GIT|
|2018.10.30|CBR Online|[[Microsoft Admits to Fresh Office 365 Issues|https://www.cbronline.com/news/office-365-down]]|O365|
|2018.10.30|//Securosis//|[[Building a Multi-cloud Logging Strategy: Issues and Pitfalls|https://securosis.com/blog/building-a-multi-cloud-logging-strategy-issues-and-pitfalls]]|Misc|
|>|!|>||
|2018.10.29|DZone|[[Cattle, Pets, and Pink Eye|https://dzone.com/articles/cattle-pets-and-pink-eye]]|Misc|
|2018.10.29|//Pika//|[[Detecting Plaintext Passwords in Google Drive|https://medium.com/poka-techblog/detecting-plaintext-passwords-in-google-drive-21a10ec9ce9]]|Prevent Data_Leak|
|2018.10.29|//MacAfee//|[[5 Key Findings from 2019 Cloud Adoption and Risk Report|https://www.skyhighnetworks.com/cloud-security-blog/5-key-findings-from-2019-cloud-adoption-and-risk-report/]]|Misc|
|2018.10.27|Bleeping Computer|[[Exposed Docker APIs Continue to Be Used for Cryptojacking|https://www.bleepingcomputer.com/news/security/exposed-docker-apis-continue-to-be-used-for-cryptojacking/]]|Docker CryptoMining|
|2018.10.25|Dark Reading|[[Securing Serverless: (1/2) Defend or Attack?|https://www.darkreading.com/cloud/securing-severless-defend-or-attack/a/d-id/1333078]]|Attacks Serverless|
|2018.10.25|Dark Reading|![[Securing Serverless: (2/2) Attacking an AWS Account via a Lambda Function|https://www.darkreading.com/cloud/securing-serverless-attacking-an-aws-account-via-a-lambda-function/a/d-id/1333047]]|Attacks Serverless AWS|
|2018.10.23|//PR Newswire//|[[DataCore's "The State of Software-Defined, Hyperconverged and Cloud Storage" Market Survey Reveals that Storage Availability and Avoiding Vendor Lock-in Remain Top Concerns for IT Professionals|https://www.prnewswire.com/news-releases/datacores-the-state-of-software-defined-hyperconverged-and-cloud-storage-market-survey-reveals-that-storage-availability-and-avoiding-vendor-lock-in-remain-top-concerns-for-it-professionals-300736120.html]] ([[Rapport|https://www.datacore.com/document/state-of-sds-hci-cloud-storage-seventh-annual/]])|Report|
|2018.10.23|//Aqua Security//|[["Thin OS" Security for Container Hosts|https://blog.aquasec.com/thin-os-container-security]]|Misc|
|2018.10.23|//Outpost24//|[[Artificial Intelligence (AI) and Cloud Security: New Challenges|https://outpost24.com/blog/Artificial-intelligence-and-cloud-security-new-challenges]]|Artificial_Intelligence|
|2018.10.23|Christophe Parisel|[[Demystifying PaaS security (part 1)|https://www.linkedin.com/pulse/demystifying-paas-security-part-1-christophe-parisel/]] (1/3)|PaaS|
|2018.10.22|//Coalfire//|[[Automating Incident Prevention and Response in AWS|https://www.coalfire.com/The-Coalfire-Blog/October-2018/Automating-Incident-Prevention-and-Response-in-AWS]]|Incident_Handling|
|2018.10.21|TechnoFAQ|[[How Cloud Hosting Around the World Faces Security Challenges|https://technofaq.org/posts/2018/10/how-cloud-hosting-around-the-world-faces-security-challenges/]]|Misc|
|2018.10.20|//Securosis//|[[Building a Multi-cloud Logging Strategy: Introduction|https://securosis.com/blog/building-a-multi-cloud-logging-strategy-introduction]]|Misc|
|>|!|>||
|2018.10.19|//Avanan//|[[How to Monitor Successful Logins to Office 365 Coming from Outside the US|https://www.avanan.com/resources/monitor-successful-logins-to-o365-from-outside-us]]|Misc|
|2018.10.18|//Rencore//|[[Why you should perform a Risk Assessment for Office 365|https://rencore.com/blog/perform-risk-assessment-office-365/]]|O365 Risk_Assessment|
|2018.10.17|//Lacework//|[[Anatomy of a Redis Exploit|https://www.lacework.com/anatomy-of-a-redis-exploit/]]|Misc|
|2018.10.16|//Backblaze//|[[Hard Drive Stats for Q3 2018: Less is More|https://www.backblaze.com/blog/tag/hard-drive-stats/]]|Reliability|
|2018.10.13|//phoenixNAP//|![[Definitive Strategy Guide to Cloud Migration + Checklist|https://phoenixnap.com/blog/cloud-migration-strategy]]|Migration|
|2018.10.12|TechnoFAQ|[[Why The Cloud Is Your Best Backup System|https://technofaq.org/posts/2018/10/why-the-cloud-is-your-best-backup-system/]]|Misc|
|2018.10.11|//Google Cloud//|![[Store it, analyze it, back it up: Cloud Storage updates bring new replication options|https://cloud.google.com/blog/products/storage-data-transfer/store-it-analyze-it-back-it-up-cloud-storage-updates-bring-new-replication-options]]|GCP Replication Resilience|
|2018.10.10|The CyberWire Podcast|[[Stormy weather in the Office 365 cloud|https://thecyberwire.com/podcasts/cw-podcasts-rs-2018-10-20.html]]|Outage|
|2018.10.10|//Threatpost//|[[Innovative Phishing Tactic Makes Inroads Using Azure Blob|https://threatpost.com/innovative-phishing-tactic-makes-inroads-using-azure-blob/138183/]]|Azure Phishing|
|2018.10.10|//Alcide//|[[Micro-segmentation for Better Cloud Security|https://blog.alcide.io/micro-segmentation-for-better-cloud-security]]|Misc|
|>|!|>||
|2018.10.09|disrupt:Ops|[[How S3 Buckets Become Public, and the Fastest Way to Find Yours|https://disruptops.com/how-s3-buckets-become-public-and-the-fastest-way-to-find-yours/]]|Misc|
|2018.10.09|//Threatpost//|[[How Shared Pools of Cloud Computing Power Are Changing the Way Attackers Operate|https://threatpost.com/how-shared-pools-of-cloud-computing-power-are-changing-the-way-attackers-operate/138108/]]|Misc|
|2018.10.09|//Outpost24//|[[Top 5 Cloud security issues and how to fix them|https://outpost24.com/blog/top-5-cloud-security-issues-and-how-to-fix-them]]|Misc|
|2018.10.09|//Lacework//|[[The New Security Stack: While old school security vendors are trying to buy their way into relevance, it's still not making organizations any safer|https://www.lacework.com/the-new-cybersecurity-stack-power-of-one/]]|Misc|
|2018.10.07|DZone|[[4 Challenges In Kubernetes Log Transport|https://dzone.com/articles/4-challenges-in-kubernetes-log-transport]]|K8s|
|2018.10.03|Bleeping Computer|[[Phishing Attack Uses Azure Blob Storage to Impersonate Microsoft|https://www.bleepingcomputer.com/news/security/phishing-attack-uses-azure-blob-storage-to-impersonate-microsoft/]]|Azure Attacks|
|2018.10.03|//Google Cloud//|![[Elevating user trust in our API ecosystem|https://cloud.google.com/blog/products/g-suite/elevating-user-trust-in-our-api-ecosystems]]|GCP APIs|
|2018.10.05|CSA UK|![[Cloud Security Governance Approaches|http://www.cloudsecurityalliance.org.uk/blog/cloudsecuritygovernanceapproaches]]|Governance|
|2018.10.05|//MacAfee//|[[Skyhigh Uncovers 'KnockKnock,' a Widespread Attack on Office 365 Corporate Email Accounts|https://www.skyhighnetworks.com/press/skyhigh-uncovers-knockknock-a-widespread-attack-on-office-365-corporate-email-accounts/]]|Attack O365|
|2018.10.05|//MacAfee//| → [[Skyhigh Networks Reveals Sophisticated Cyber Attack Campaign on Enterprise Office 365 Users|https://www.skyhighnetworks.com/press/skyhigh-networks-reveals-sophisticated-cyber-attack-campaign-on-enterprise-office-365-users/]]|Attack O365|
|2018.12.17|//Tripwire//| → [['KnockKnock': New Attack on Office 365 Discovered|https://www.tripwire.com/state-of-security/featured/knockknock-new-attack-on-office-365-discovered/]]|Attack O365|
|2018.10.05|//Netskope//|[[Phishing in the public cloud: You've been served|https://www.netskope.com/blog/phishing-in-the-public-cloud]]|Taacks|
|2018.10.05|//Sensors techForum//| → [[Phishing Attack Exploits Azure Blob to Be Secured by Microsoft SSL|https://sensorstechforum.com/phishing-attack-azure-blob-microsft-sll/]]|Attacks|
|2018.10.04|Bleeping Computer|[[Phishing Attacks Distributed Through CloudFlare's IPFS Gateway|https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/]]|Phishing Cloudflare|
|2018.10.03|//Threatstack//|[[3 Things to Know About Kubernetes Security|https://www.threatstack.com/blog/3-things-to-know-about-kubernetes-security]]|K8s Risks|
|2018.10.03|//Fugue//|[[The Cost of Cloud Misconfiguration Whack-a-Mole|https://www.fugue.co/blog/2018-10-04-the-cost-of-cloud-misconfiguration-whack-a-mole.html]]|Configuration|
|2018.10.03|//Fugue//| → [[Cloud Infrastructure Misconfiguration Survey Report|https://resources.fugue.co/cloud-infrastructure-misconfiguration-report]]|Report Configuration|
|2018.10.03|//Fairwinds//|[[Making Sense of Kubernetes RBAC and IAM Roles on GKE|https://medium.com/uptime-99/making-sense-of-kubernetes-rbac-and-iam-roles-on-gke-914131b01922]]|K8s RBAC|
|2018.10.02|Infosec Island|[[6 Ways to Use CloudTrail to Improve AWS Security|http://www.infosecisland.com/blogview/25119-6-Ways-to-Use-CloudTrail-to-Improve-AWS-Security.html]]|Cloud Misc.|
|2018.10.01|//Rancher Labs//|[[Introduction to Container Security|https://rancher.com/blog/2018/2018-09-12-introduction-to-container-security-1/]]|Containers|
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Octobre 2018]]>><<tiddler fAll2LiTabs13end with: Actu","201810>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Octobre 2018]]>><<tiddler fAll2LiTabs13end with: Blog","201810>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Octobre 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201810>>
!Salon ''Cloud & Cyber Security Paris'' les 27 et 28 novembre 2018
[img[iCSF/CCSEP201811.jpg]]
__Paris, le 17 octobre 2018.__
Les inscriptions sont maintenant ouvertes pour le Salon ''Cloud & Cyber Security Paris'' : --{{{cloudexpoeurope.fr/csa-ccse}}}--
Le Salon ''Cloud & Cyber Security Paris'' est un salon réservé aux experts de la Sécurité du Cloud qui se tiendra :
{{floatC{
les ''mardi 27 et mercredi 28 novembre 2018 à Paris Porte de Versailles'' (Hall 3)
}}}
4 bonnes raisons de visiter le salon ''Cloud & Cyber Security Paris''
# __Rencontrer__ plus de 150 fournisseurs nationaux et internationaux.
# __Assister__ aux prises de parole de 250 experts dans un programme de conférence recouvrant l'actualité du secteur, dont des dizaines d'études de cas et des tables rondes. Des experts issus des plus grandes entreprises françaises, du secteur public, de PME et des prestataires de services viendront partager leurs expériences.
# __Consolider__ votre réseau et __construire__ des relations avec les acteurs du marché et découvrez les technologies de demain.
# __Optimiser__ votre temps et aborder tous vos objectifs technologiques en un seul lieu.
En suivant le lien ci-dessous, vous pouvez déjà obtenir votre invitation gratuite qui vous donnera accès aux évènements co-organisés ''Cloud Expo Europe Paris'' et ''Data Centre World Paris''.
Le [[Chapitre Français]] de la [[Cloud Security Alliance]] fera une intervention le ''mardi 27 novembre 2018 de 15h45 à 16h10''.
!"//Guideline on Effectively Managing Security Service in the Cloud//"
[>img(200px,auto)[iCSA/J14PG.png]]Article de blog publié le 16 octobre 2018 —Dr. Kai Chen, Director of Cybersecurity Technology, Huawei Technologies Co. Ltd.
<<<
//Le marché du cloud computing est en pleine croissance. Abordable, efficace et évolutif, le cloud computing reste la meilleure solution pour la plupart des entreprises, et il est encourageant de constater que le nombre de clients déployant des services cloud va toujours croissant.
Depuis le début du déploiement du cloud, la sécurité des services cloud en a été l'une des principales préoccupations.
Pour faire face à ce problème, diverses organisations ont consenti d'énormes efforts dans les normes de sécurité des services Cloud et dans la recherche des bonnes pratiques pour l'élaboration et la mise en application. Grâce aux efforts des fournisseurs de services dans le Cloud (CSP), la sécurité des services dans le Cloud a atteint un niveau acceptable. Mais du point de vue des clients du cloud, il manque encore quelque peu de bonnes pratiques sur la façon de sécuriser leurs services cloud.
La disponibilité de ces bonnes pratiques peut être particulièrement utile pour les petites et moyennes entreprises (PME) qui sont constamment confrontées à des pénuries de ressources en sécurité informatique. C'est dans cette optique que le groupe de travail sur la gestion des services de sécurité en nuage (CSSM, ou "Cloud Security Services Management") a élaboré la "Directive pour une gestion efficace des services de sécurité dans le Cloud" ("Guideline on Effectively Managing Security Service in the Cloud") qui s'applique aux différents modèles de déploiement Cloud, qu'ils soient privés, publics, hybrides ou communautaires.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/10/16/guideline-managing-cloud-security-service/]] sur le blog de la CSA ou sur le site du [[chapitre Asie-Pacifique|https://www.csaapac.org/cssm.html]].
[img(25%,1px)[iCSF/BluePixel.gif]]
La page du groupe de travail "Cloud Security Services Management" est : https://cloudsecurityalliance.org/working-groups/cloud-security-services-management/
__Traduction de la synthèse du document__
<<<
//Sur la base du modèle de la responsabilité partagée en matière de sécurité, les responsabilités spécifiques en matière de sécurité sont réparties entre le fournisseur de services dans le Cloud et le client dans le déploiement de services dans les différents Cloud (IaaS, PaaS et SaaS, par exemple) et, le cas échéant, les fournisseurs de services de sécurité dans le Cloud et l'offre SecaaS (Security-as-a-Service) pour les plates-formes cloud. Pour chaque responsabilité en matière de sécurité, il y a une ou plusieurs fonctions ou éléments de sécurité définis pour la traiter. Ce document fournit des conseils sur la façon de remplir les contrôles de cloud computing (basés sur la CCM) en utilisant des produits et des services de sécurité tiers. L'annexe A présente une étude de cas à l'aide d'exemples de solutions disponibles dans le commerce (aucun fournisseur n'étant référencé) afin d'illustrer de façon pratique des cas significatifs d'utilisation sur l'applicabilité de ces fonctions de sécurité.//
<<<
!"//How Can the Financial Industry Innovate Faster?//"
[>img(200px,auto)[iCSA_/shutterstock_25667818.jpg]]Article de blog publié le 15 octobre 2018 — Rédigé par Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com
<<<
__''Comment le secteur financier peut-il innover plus rapidement ?''__
//Comment le secteur financier peut-il innover plus rapidement ? Pourquoi les personnes non techniques doivent-elles comprendre un minimum ce qu'est la technologie du Cloud ?
Imaginez ce cas d'école où Davinci serait une société qui fournit une solution SaaS aux banques pour le traitement des demandes de prêts classiques et de prêts hypothécaires. Davinci exploite son propre logiciel sur une plate-forme Amazon AWS, et un nombre important de grands fournisseurs de prêts hypothécaires dépendent de ce service. Comme on peut l'imaginer, le processus d'approbation de prêt implique beaucoup de données personnelles et financières, qui font peser d'énormes risque énorme dupoint de vue de la protection de la vie privée. Cela soulève la question de savoir qui va s'occuper de ces risques spécifiques ainsi que des autres.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/10/15/how-can-financial-industry-innovate-faster/]] sur le blog de la CSA
!"//CCSK in the Wild: Survey of 2018 Certificate Holders//"
[>img(200px,auto)[iCSA_/ccsk-1-150x150.jpg]]Article de blog publié le 9 octobre 2018 — Rédigé par
<<<
__''CCSK : Sondage 2018 parmi les certifiés''__
//Même si de plus en plus d'entreprises migrent vers le cloud, on se demande toujours dans quelle mesure ces services cloud sont sécurisés. Selon un article de Forbes, "66 % des professionnels de l'informatique affirment que la sécurité est leur plus grande préoccupation lorsqu'ils adoptent une stratégie de cloud computing".
Alors que vous vous lancez dans votre quête pour combler ce manque de compétences, vous pourriez apprendre beaucoup de la façon dont d'autres professionnels ont utilisé les certifications pour élargir et valider leurs connaissances sur le Cloud. Dans cet article, nous allons découvrir à quoi sert le [[CCSK]] ("Certificate of Cloud Security Knowledge"). La première étape est un sondage auprès des certifiés [[CCSK]] pour savoir comment leur certificat avait un impact sur leur emploi, leur carrière et leur perfectionnement professionnel en général. Un résumé des résultats du sondage, des offres d'emploi et des témoignages est présenté ci-dessous.
Les sujets abordés dans cet article sont :
* Résultats du sondage
* Le [[CCSK]] dans les offres d'emploi
* Quelques témoignages
//[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/10/09/2018-ccsk-certificate-holders-survey/]] sur le blog de la CSA
!"//Software-Defined Perimeter Architecture Guide Preview (4/4)//"
[>img(200px,auto)[iCSA_/cyber-security-3400657__340.jpg]]Article de blog publié le 8 octobre 2018 — Rédigé par Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc.
<<<
__''Aperçu du guide sur l'architecture du Software-Defined Perimeter (SDP) -- article 4/4''__
//Dans les trois derniers articles sur ce sujet, nous avons donné un aperçu du "Software-Defined Perimeter (SDP) Architecture Guide", les concepts de base du SDP et un résumé des avantages du SDP. Dans ce dernier article, nous présenterons un modèlede gouvernance du SDP, et conclurons par quelques réflexions finales.
Bien qu'un système SDP soit techniquement responsable de l'autorisation ou de l'interdiction de la circulation des paquets entre deux systèmes, sa valeur réelle - et l'opportunité réelle qu'il représente en tant qu'architecture émergente - est de définir un modèle de gouvernance qui aligne la gestion des identités et l'accès aux applications avec le niveau du réseau. C'est-à-dire, permettre aux organisations d'élaborer des politiques qui déterminent quelles identités - humaines ou systémiques - devraient être autorisées à accéder à quels services cibles et dans quelles conditions. Et pour finir, d'avoir la capacité de faire appliquer cela en empêchant tout accès au niveau réseau par des utilisateurs non autorisés.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/10/08/sdp-architecture-guide-preview-part-4/]] sur le blog de la CSA
!"//Bitglass Security Spotlight: Veeam, Mongo Lock, Password Theft, Atlas Quantum & the 2020 Census//"
^^Bien que publié le 31 octobre 2018 sur le blog de la CSA, cet article est constitué de 2 articles publiés les 1er octobre et 19 septembre 2018 sur le site de Lacework
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/10/31/cybersecurity-headlines-2020-census/]] ou les deux [[articles|https://www.bitglass.com/blog/bss-atlas-quantum-2020-census]] [[originaux|https://www.bitglass.com/blog/bss-veeam-mongo-lock-password-theft]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//POC the CASB//"
[>img(100px,auto)[iCSA_/Rock_the_CASB.png]]^^Bien que publié le 19 octobre 2018 sur le blog de la CSA, cet article l'a déjà été le 17 septembre 2018 sur le site de Bitglass
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/10/29/poc-casb/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://blog.cloudsecurityalliance.org/2018/10/29/poc-casb/]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Bitglass Security Spotlight: Yale, LifeLock, SingHealth, Malware Evolving & Reddit Breached//"
^^Bien que publié le 25 octobre 2018 sur le blog de la CSA, cet article est constitué de 2 articles publiés les 4 septembre et 20 aout 2018 sur le site de Lacework
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/10/25/bitglass-cybersecurity-headlines/]] ou les deux [[articles|https://www.bitglass.com/blog/bss-yale-lifelock-singhealth]] [[originaux|https://www.bitglass.com/blog/bss-malware-evolving-reddit-breached]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//In Europe, Cloud Is the New Default//"
[>img(100px,auto)[iCSA_/raiders_EMEA_Cloud_Adoption.png]]^^Bien que publié le 19 octobre 2018 sur le blog de la CSA, cet article l'a déjà été le 27 août 2018 sur le site de Bitglass
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/10/19/in-europe-cloud-is-new-default/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/in-europe-cloud-is-the-new-default]]^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Office 365 Security: It Takes Two to Tango//"
[>img(80px,auto)[iCSA_/cq5dam.web.png]]^^Bien que publié le 17 octobre 2018 sur le blog de la CSA, cet article l'a déjà été le 24 septembre 2018 sur le site de Lacework
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/10/17/office-365-security-takes-two-tango/]] ou [[l'original|https://www.symantec.com/blogs/feature-stories/office-365-security-it-takes-two-tango]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201809>>
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2018.09.27|Medium|[[Docker Tips: Running a Container With a Non Root User|https://medium.com/better-programming/running-a-container-with-a-non-root-user-e35830d1f42a]]|Docker|
|2018.09.27|InfoSecurity UK|[[Penetration Testers in the Cloud|https://www.infosecurity-magazine.com/next-gen-infosec/penetration-testers-cloud/]]|PenTesting|
|2018.09.27|//Blissfully//|[[G Suite Security Checklist For Basic Best Practices|https://www.blissfully.com/blog/g-suite-security-checklist-for-basic-best-practices/]]|Best_Practices|
|2018.09.26|//AlertLogic//|[[Critical Watch Report: The State of Threat Detection 2018|https://www.alertlogic.com/resources/industry-reports/2018-critical-watch-report/]]|Report AlertLogic|
|2018.09.26|Solutions Review| → [[A Look at the 2018 Alert Logic State of Threat Detection Report|https://solutionsreview.com/cloud-platforms/alert-logic-state-threat-detection/]]|Report AlertLogic|
|2018.09.26|//Zscaler//|[[A First for Zero Trust: AWS Security Competency Status|https://www.zscaler.com/blogs/corporate/first-zero-trust-aws-security-competency-status]]|Products AWS Zero_Trust|
|2018.09.24|NextGov| → [[2018 Federal Cloud Computing Strategy|https://www.federalregister.gov/documents/2018/09/25/2018-20819/request-for-comments-on-2018-federal-cloud-computing-strategy]] ([[pdf|https://www.govinfo.gov/content/pkg/FR-2018-09-25/pdf/2018-20819.pdf]])|CloudSmart|
|2018.09.24|NextGov|[[White House Outlines Move from 'Cloud First' to 'Cloud Smart'|https://www.nextgov.com/it-modernization/2018/09/white-house-outlines-move-cloud-first-cloud-smart/151498/]]|CloudSmart|
|2018.09.24|//Summit Route//|![[Investigating malicious AMIs|https://summitroute.com/blog/2018/09/24/investigating_malicious_amis/]]|InsiderThreat|
|2018.09.24|//Alcide//|[[4 Steps to a Secured Serverless Deployment: Gartner's Security Considerations and Best Practices for Securing Serverless PaaS Report|https://blog.alcide.io/4-steps-secured-serverless-deployment-gartner-security-considerations-best-practices-securing-serverless-paas-report]]|Serverless|
|2018.09.24|Aristide Bouix|[[Penetration testing on AWS|https://aristidebouix.cloud/en/2018/09/penetration-testing-on-aws/index.html/]]|AWS PenTesting|
|>|!|>||
|2018.09.19|//McAfee//|[[The Top 3 Reasons to Integrate DLP with a Cloud Access Security Broker (CASB)|https://securingtomorrow.mcafee.com/business/data-security/the-top-3-reasons-to-integrate-dlp-with-a-cloud-access-security-broker-casb/]]|DLP CASB|
|2018.09.19|//Zscaler//|[[The latest cloud hosting service to serve malware|https://www.zscaler.com/blogs/research/latest-cloud-hosting-service-serve-malware]]|Malware|
|2018.09.19|//Lacework//|[[This is How to Optimize CloudTrail to Improve the Security of Your AWS Environment|https://www.lacework.com/optimize-cloudtrail-to-improve-aws-environment-security/]]|AWS|
|2018.09.18|TEISS|[[Unsecured cloud database nearly compromised 445 million customer records|https://www.teiss.co.uk/threats/cloud-database-data-breach/]]|Data_Leaks|
|2018.09.18|//RedLock//|[[AWS Security Tips: Understanding Access Controls in Amazon S3|https://redlock.io/blog/aws-security-tips-understanding-access-controls-amazon-s3]]|AWS|
|2018.09.18|//SpecterOps//|![[Head in the Clouds|https://posts.specterops.io/head-in-the-clouds-bd038bb69e48]] |IP_Address|
|2018.09.17|//ThreatStack//|![[50 Best Cloud Security Podcasts|https://www.threatstack.com/blog/50-best-cloud-security-podcasts]]|Podcasts|
|2018.09.17|//Aqua Security//|[[Securing ISV-Provided Container Images|https://blog.aquasec.com/securing-isv-provided-container-images]]|Container Third_Party|
|2018.09.13|//Appriver//|[[Barriers to the Cloud: The Ugly Truth About Ransomware|https://blog.appriver.com/barriers-to-the-cloud-the-ugly-truth-about-ransomware]]|Ransomware|
|2018.09.12|Infosec Island|[[Under Expanding Cyber Siege, CISOs Admit Clear Visibility on Attacks Is a Challenge|http://www.infosecisland.com/blogview/25112-Under-Expanding-Cyber-Siege-CISOs-Admit-Clear-Visibility-on-Attacks-Is-a-Challenge.html]]|Cloud Misc.|
|2018.09.11|//Google Cloud//|[[Trust through transparency: incident response in Google Cloud|https://cloud.google.com/blog/products/identity-security/trust-through-transparency-incident-response-in-google-cloud]]|Incident_Response|
|2018.09.11|Redmond Channel|[[Microsoft's Cloud Outage Postmortem: What Went Wrong in Texas|https://rcpmag.com/articles/2018/09/11/microsoft-cloud-outage-postmortem.aspx]]|Outage Azure|
|2018.09.11|//RedLock//|[[13 Cloud Security Statistics To Know In 2019 (With 9 Best Practices)|https://redlock.io/blog/13-cloud-security-statistics-to-know-in-2019-with-9-best-practices]]|Misc|
|>|!|>||
|2018.09.20|!Marco Lancini |![[So I Heard You Want to Learn Kubernetes|https://www.marcolancini.it/2018/blog-learn-kubernetes]] |K8s|
|2018.09.09|disrupt:Ops|[[(DevSec)Ops vs. Dev(SecOps)|https://disruptops.com/devsecops-vs-devsecops/]]|DevSecOps|
|2018.09.09|disrupt:Ops|[[What Security Managers Need to Know About Amazon S3 Exposures (2/2)|https://disruptops.com/what-security-managers-need-to-know-about-amazon-s3-exposures-2-2/]]|AWS|
|2018.09.08|Infosec Institute|[[Cloud Based IDS and IPS Solutions|https://resources.infosecinstitute.com/cloud-based-ids-and-ips-solutions/]]|IDS IPS|
|2018.09.07|//Alibaba Cloud//|![[DockerKiller Threat Analysis: First Instance of Batch Attack and Exploitation of Docker Services|https://medium.com/@Alibaba_Cloud/dockerkiller-threat-analysis-first-instance-of-batch-attack-and-exploitation-of-docker-services-28a19e1565fa]]|Docker Attacks|
|2018.09.07|//Microsoft//|[[Azure AD Conditional Access support for blocking legacy auth is in Public Preview!|https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-Conditional-Access-support-for-blocking-legacy-auth-is/ba-p/245417]]|Authenticate|
|2018.09.06|//ThreatStack//|[[Create a Security Risk Assessment for Containers in 5 Steps|https://www.threatstack.com/blog/create-a-security-risk-assessment-for-containers-in-5-steps]]|Container Assess|
|2018.09.04|Redmond Channel|[[Microsoft Cloud Services Stumble After Outage Hits Texas Datacenter|https://rcpmag.com/articles/2018/09/04/microsoft-cloud-outage-datacenter.aspx]]|Outage Azure|
|2018.09.04|ThousandEyes|[[The Building Blocks of SaaS are Also Risks|https://blog.thousandeyes.com/the-building-blocks-of-saas-are-also-risks/]]|SaaS|
|2018.12.04|//Backblaze//|[[LTO versus Cloud Storage: Choosing the Model That Fits Your Business|https://www.backblaze.com/blog/lto-vs-cloud-storage-vs-hybrid/]]|Misc|
|2018.09.03|TechnoFAQ|[[Tools for Encrypting Your Files In Cloud Storage|https://technofaq.org/posts/2018/09/tools-for-encrypting-your-files-in-cloud-storage/]]|Encrypt|
|2018.09.03|//UpGuard//|[[What Are Cloud Leaks?|https://www.upguard.com/blog/what-are-cloud-leaks]] (MàJ:27.08.2020)|Data_Leaks|
|2018.09.03|//UpGuard//|[[Why Do Cloud Leaks Matter?|https://www.upguard.com/blog/why-do-cloud-leaks-matter]]|Data_Leaks|
|2018.09.03|//Aqua Security//|[[Report by Gartner Highlights Maturing Options for Securing Containers|https://blog.aquasec.com/gartner-report-securing-containers]]|Containers|
|2018.09.01|Network Computing|[[Moving recovery to the cloud|http://www.btc.co.uk/Articles/index.php?mag=Networking&page=compDetails&link=9126]]|Recover|
|2018.09.01|//Poka//|![[Privilege escalation in the Cloud: From SSRF to Global Account Administrator|https://medium.com/poka-techblog/privilege-escalation-in-the-cloud-from-ssrf-to-global-account-administrator-fd943cf5a2f6]]|Flaws|
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Septembre 2018]]>><<tiddler fAll2LiTabs13end with: Actu","201809>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Septembre 2018]]>><<tiddler fAll2LiTabs13end with: Blog","201809>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Septembre 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201809>>
!"//CVE and Cloud Services, Part 2: Impacts on Cloud Vulnerability and Risk Management//"
[>img(200px,auto)[iCSA_/102643738.png]]Article de blog publié le 28 septembre 2018 — Rédigé par Victor Chin, Research Analyst, Cloud Security Alliance, et Kurt Seifried, Director of IT,
<<<
__''CVE et services Cloud, deuxième partie : Impacts sur la vulnérabilité du cloud et la gestion des risques''__
//Ce deuxième article de la série traite de la vulnérabilité des services Cloud et des tendances en matière de gestion des risques par rapport au système CVE (Common Vulnerability and Exposures). Dans l'article précédent, nous avons parlé de la Règle d'inclusion 3 (INC3) et de la façon dont elle affecte le comptage des vulnérabilités des services cloud. Ici, nous examinerons plus en détail comment l'exclusion des vulnérabilités des services dans le Cloud affecte la sécurité des entreprises et la gestion des risques.//
[...]
//Les 3 points abordés sont :
* les vulnérabilités traditionnelles et la gestion des risques
* le défis pour les clients des services cloud
* les lacunes dans le système CVE
Dans le prochain article nous examinerons comment d'autres acteurs clés sont affectés par les lacunes de la gestion de la vulnérabilité des services cloud.//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/09/28/cve-impacts-cloud-vulnerability-risk-management/]] sur le blog de la CSA
!La Cloud Security Alliance ouvre un siège européen et un Centre d'Excellence RGPD à Berlin
[>img(300px,auto)[iCSA_/gdpr-headquarters.jpg][https://gdpr.cloudsecurityalliance.org/emea/]]__Berlin, le 27 septembre 2018__
La [[Cloud Security Alliance]] annonce l'ouverture d'un siège européen et d'un Centre d'Excellence RGPD.
Ils seront ouverts à Berlin, d'ici à la fin de l'année 2018.
L'équipe européenne sera composée dans un premier temps de :
* Linda Strick : "Managing Director"
* Stephanie Köhl : "Project Officer"
La déclaration de Jim Reavis, CEO de la [[Cloud Security Alliance]] :
<<<
//We have seen strong growth in our enterprise members throughout Europe, most notably in the financial services sector. We also are collaborating closely with several national governments on critical, national cloud-security standards. In addition, CSA's research in developing a GDPR Code of Conduct and related best practices has put us in the forefront of the industry in assisting both customers and cloud providers in addressing this critical regulation. In order to meet CSA's continued growth in this region, we are expanding our presence in Europe and will use this base for coordination of all of our events, chapters and enterprise outreach throughout the continent.//
<<<
Le communiqué de presse "''Cloud Security Alliance Establishes New European Headquarters, GDPR Center of Excellence in Berlin''" est disponible [[ici|https://cloudsecurityalliance.org/media/press-releases/cloud-security-alliance-establishes-new-european-headquarters-gdpr-center-of-excellence-in-berlin/]]
|>|>|>|>|>|>| !Des informations complémentaires sont disponibles sur le site : https://gdpr.cloudsecurityalliance.org/emea/ |
| [img[iCSF/emea_on.png]] | [img[iCSF/home_on.png]] | [img[iCSF/resources_on.png]] | [img[iCSF/news_on.png]] | [img[iCSF/pr_on.png]] | [img[iCSF/glossary_on.png]] | [img[iCSF/wg_on.png]] |
| [[Siège EMEA|https://gdpr.cloudsecurityalliance.org/emea]] | [[RGPD|https://gdpr.cloudsecurityalliance.org/]] | [[Ressources|https://gdpr.cloudsecurityalliance.org/resources]] | [[Actualités|https://gdpr.cloudsecurityalliance.org/news]] | [[Public Registry|https://gdpr.cloudsecurityalliance.org/public-registry]] | [[Glossaire|https://gdpr.cloudsecurityalliance.org/glossary]] | [[Advisory Board|https://gdpr.cloudsecurityalliance.org/emea-advisory-board]] |
!Participation au Salon ''Cloud & Cyber Security Paris'' les 27 et 28 novembre 2018
[>img(100px,auto)[iCSF/CCSEP_201811.jpg]]
Le [[Chapitre Français]] de la [[Cloud Security Alliance]] participera au Salon ''Cloud & Cyber Security Paris''.
Les dates du salon sont les suivantes : les ''mardi 27 et mercredi 28 novembre 2018 à Paris Porte de Versailles'' (Hall 3)
L'intervention aura lieu le ''mardi 27 novembre 2018 de 15h45 à 16h10''.
En suivant le lien ci-dessous, vous pouvez obtenir une invitation gratuite qui donne accès aux deux évènements suivants :
* ''Cloud Expo Europe Paris''
* ''Data Centre World Paris''
!"//Recommendations for IoT Firmware Update Processes: Addressing complexities in a vast ecosystem of connected devices//"
[>img(150px,auto)[iCSA_/IoT-Firmware-Update-Processes.png]]Article de blog publié le 20 septembre 2018 — Rédigé par Sabri Khemissa, IT-OT-Cloud Cybersecurity Strategist,Thales
__''Recommandations pour les processus de mise à jour de micrologiciel dans l'IoT : Comment faire face aux complexités d'un vaste écosystème d'appareils connectés''__
<<<
//Traditionnellement, la mise à jour d'un logiciel pour les actifs informatiques comporte trois étapes : l'analyse, la mise à jour et la distribution de la mise à jour - un processus qui se déroule généralement en dehors des heures de bureau. Généralement, ces mises à jour recourent à des contrôles cryptographiques (signatures numériques) pour protéger l'intégrité et l'authenticité du logiciel. Cependant, l'Internet des objets (IoT), avec son vaste écosystème d'appareils connectés déployés dans de nombreux environnements, introduit plusieurs niveaux de complexité qui rendent nécessaire la réingénierie des processus.
Par exemple, les développeurs ne peuvent ignorer le fait que leurs systèmes IoT s'intègrent dans un système complexe et ils doivent réfléchir à la manière dont il peut être mis à jour en toute sécurité tout en coexistant avec d'autres composants. Quant à ceux qui sont chargés de la mise en œuvre, ils doivent tenir compte de l'ensemble du système (et de sa complexité), y compris des contraintes spécifiques de chaque composante IoT.
Pour compliquer encore un peu plus la tâche, il y a de nombreuses variantes dans les systèmes IoT qui requièrent des mises à jour logicielles et firmware. Par exemple, certains systèmes IoT sont souvent en mouvement et nécessitent des téléchargements relativement importants, comme les véhicules connectés. D'autres systèmes IoT, comme les appareils intelligents pour la domotique et le bâtiment, sont plus statiques. Quoi qu'il en soit, les facteurs associés à la saturation du réseau pendant les téléchargements vers des centaines, voire des milliers de périphériques doivent être pris en compte. L'impact de l'échec des mises à jour de firmware sur les consommateurs est tout aussi important.
''Atténuer les attaques avec les directives de mise à jour de micrologiciel de l'IoT.''
Pour aider les entreprises à naviguer dans ce contexte complexe, le Groupe de travail sur l'IoT de la CSA a compilé un ensemble de recommandations clés pour établir un processus de mise à jour sécuritaire et évolutif de l'IoT. Son dernier rapport, "Recommendations for IoT Firmware Update Processes", propose 10 lignes directrices pour les mises à jour de firmware et de logiciels IoT qui peuvent être entièrement ou partiellement intégrées. Chacune de ces 10 suggestions peut être adaptée et conçue pour des mises à jour de firmware qui reconnaissent les contraintes, dépendances et risques uniques associés au contexte de l'IoT et aux systèmes complexes. Ces recommandations s'adressent non seulement aux développeurs et aux implémenteurs, mais aussi aux fournisseurs qui doivent concevoir des solutions tenant compte de la sécurité.
L'espoir du Groupe de travail est qu'en s'attaquant à ce processus, les vecteurs d'attaque qui peuvent être exploités par les pirates informatiques seront réduits. Vous pouvez lire le rapport complet pour avoir une idée plus précise des défis à relever et un ensemble de bonnes pratiques pour les surmonter.//
<<<
⇒ Lire [[l'article en anglais|https://blog.cloudsecurityalliance.org/2018/09/20/recommendations-iot-firmware-update-processes/]] sur le blog de la CSA
⇒ Lien pour télécharger le rapport sur le site de la [[Cloud Security Alliance]] : https://cloudsecurityalliance.org/download/iot-firmware-update-processes/
[>img(200px,auto)[iCSA_/IoT-Firmware-Update-Processes.png]]__Publication d'un guide de recommendations sur les processus de mises à jour de firmaware pour l'IoT__
Ce rapport 10 lignes directrices pour les mises à jour de firmware et de logiciels IoT :
<<<
//1. Backup the current working configuration of IoT device before applying an update.
2. Rollbacks should be supported; however, older images should not be reloaded without
vendor authorization.
3. System design should allow administrators to schedule updates to their devices to avoid
network saturation and limit unintended downtime.
4. Vendors should support configuration options by system administrators in support of
automatic updates.
5. One component must manage updates of multiple microcontrollers that compose IoT devices.
6. Update strategy, differential or complete image should be adapted to the bandwidth constraint.
7. Updates should be authenticated and integrity protected from end-to-end.
8. Verification signing keys storage must be secured.
9. Provide a recovery procedure to cover update failure.
10. Ensure a long-term support contract by vendors.//
<<<
__Lien de téléchargement :__ https://cloudsecurityalliance.org/artifacts/iot-firmware-update-processes/
/% RealURL=https://downloads.cloudsecurityalliance.org/assets/research/internet-of-things/recommendations-for-iot-firmware-update-processes.pdf %/
!"//Software-Defined Perimeter Architecture Guide Preview (3/4)//"
[>img(200px,auto)[iCSA_/cyber-security-3400657__340.jpg]]Article de blog publié le 18 septembre 2018 — Rédigé par Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc.
<<<
__''Aperçu du guide sur l'architecture du Software-Defined Perimeter (SDP) -- article 3/4''__
//Dans ce troisième article qui donne un aperçu du prochain guide sur l'architecture SDP, nous nous concentrons sur la section "Core SDP Concepts" du document, qui présente les principes sous-jacents de DSP, et dans laquelle nous en expliquons les avantages. Dans le tableau ci-dessous, nous énumérons cinq catégories, et pour chacune d'elles, nous en expliquons plusieurs aspects ://
# Scénario 1: //Information/Infrastructure Hiding//
# Scénario 2: //Mutual Two-way Encrypted Connections//
# Scénario 3: //SDP and the Need-to-Know Access Model//
# Scénario 4: //Dynamic Firewall//
# Scénario 5: //Application Layer Access//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/09/18/sdp-architecture-guide-preview-part-3/]] sur le blog de la CSA
!"//PCI Compliance for Cloud Environments: Tackle FIM and Other Requirements with a Host-Based Approach//"
[>img(100px,auto)[iCSA_/pci-compliance-for-cloud-environments.jpg]]^^Bien que publié le 19 septembre 2018 sur le blog de la CSA, cet article l'a déjà été le 16 août 2018 sur le site de Lacework
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/09/19/pci-compliance-cloud-host-based-approach/]] ou [[l'original|https://www.lacework.com/pci-compliance-for-cloud-environments-tackle-fim-and-other-requirements-with-a-host-based-approach/]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Pwned Passwords - Have Your Credentials Been Stolen?//"
[>img(100px,auto)[iCSA_/pwned.png]]^^Bien que publié le 14 septembre 2018 sur le blog de la CSA, cet article l'a déjà été le 15 août 2018 sur le blog de la société Bitglass
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/09/14/pwned-passwords-stolen-credentials/]] ou [[l'original|https://www.bitglass.com/blog/pwnd-passwords-credentials]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Avoiding Holes in Your AWS Buckets//"
[>img(100px,auto)[iCSA_/avoiding-holes-in-your-s3-buckets.png]]^^Bien que publié le 7 septembre 2018 sur le blog de la CSA, cet article l'a déjà été le 12 avril 2018 sur le site Infosec Island
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/09/07/avoiding-holes-in-your-aws-buckets/]] ou [[l'original|http://www.infosecisland.com/blogview/25056-Avoiding-Holes-in-Your-AWS-Buckets.html]].^^
Cet article, rédigé par Sanjay Kalra de la société Lacework, mérite d'être lu.
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//US CLOUD Act Drives Adoption of Cloud Encryption//"
[>img(100px,auto)[iCSA_/US-Cloud.png]]^^Bien que publié le 5 septembre 2018 sur le blog de la CSA, cet article l'a déjà été le 12 juillet 2018 sur le blog de la société Bitglass
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/09/05/us-cloud-act-drives-cloud-encryption/]] ou [[l'original|https://www.bitglass.com/blog/us-cloud-act-drives-adoption-of-cloud-encryption]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201808>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Août 2018]]>><<tiddler fAll2LiTabs13end with: Actu","201808>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Août 2018]]>><<tiddler fAll2LiTabs13end with: Blog","201808>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Août 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201808>>
|!Août|!Sources|!Titres et Liens|!Keywords|
|2018.08.31|Christophe Parisel|[[The public Cloud coming of age|https://www.linkedin.com/pulse/public-cloud-coming-age-christophe-parisel/]]|Misc|
|2018.08.30|Infosec Island|[[Conceptual and Technical Challenges in Multi-cloud Security|http://www.infosecisland.com/blogview/25097-Conceptual-and-Technical-Challenges-in-Multi-cloud-Security.html]]|Cloud Misc.|
|2018.08.30|//Lastline//|![[Dark Clouds on the Horizon: Understanding Cloud Storage Data Theft and How to Prevent It|https://www.lastline.com/blog/dark-clouds-on-the-horizon-understanding-cloud-storage-data-theft-and-how-to-prevent-it/]]|Prevent|
|>|!|>||
|2018.08.29|//Rhino Security Labs//|[[Assume the Worst: Enumerating AWS Roles through 'AssumeRole'|https://rhinosecuritylabs.com/aws/assume-worst-aws-assume-role-enumeration/]]|AWS IAM|
|2018.08.29|//Whistic//|[[The Importance of Having a Cloud Vendor Assessment Policy|https://blog.whistic.com/the-importance-of-having-a-cloud-vendor-assessment-policy-cf2a227e7e3f]]|Assessment|
|2018.08.28|//BishopFox Labs//|![[An Introduction to AWS Cloud Security|https://labs.bishopfox.com/tech-blog/2018/08/an-introduction-to-aws-cloud-security]] |AWS|
|>|!|>||
|2018.08.27|Medium|[[AWS Slurp Github Takeover|https://medium.com/@SweetRollBandit/aws-slurp-github-takeover-f8c80b13e7b5]]|Tools AWS Enumation|
|2018.08.28|//Coalfire//| → [[AWS Slurp Github Takeover|https://www.coalfire.com/The-Coalfire-Blog/August-2018/AWS-Slurp-Github-Takeover]]|Tools AWS Enumation|
|2018.08.27|//MacAfee//|[[AWS Security Configuration Checklist|https://www.skyhighnetworks.com/cloud-security-blog/aws-security-configuration-checklist/]]|AWS Best_Practices|
|2018.08.27|Opensource.com|[[A sysadmin's guide to containers|https://opensource.com/article/18/8/sysadmins-guide-containers]]|Containers|
|2018.08.23|//Aqua Security//|[[Securing Serverless: Persistent Security for Ephemeral Environments|https://blog.aquasec.com/securing-serverless-persistent-security-for-ephemeral-environments]]|Misc|
|2018.08.21|SecTor|[[How A Map of the Cloud Leaked Online|https://sector.ca/how-a-map-of-the-cloud-leaked-online/]]|Data_Leaks|
|2018.08.21|//RedLock//|![[What You Must Know About AWS Security|https://redlock.io/blog/what-you-must-know-about-aws-security]]|Misc|
|2018.08.21|//phoenixNAP//|![[Data Security In Cloud Computing: How Secure Is Your Data?|https://phoenixnap.com/blog/cloud-computing-security]]|Misc|
|2018.08.21|Le MagIT[>img[iCSF/flag_fr.png]]|[[Quelles différences entre CLOUD Act et PATRIOT Act (et quels impacts sur les entreprises françaises)|https://www.lemagit.fr/conseil/Quelles-differences-entre-CLOUD-Act-et-PARTIOT-Act-et-quels-impacts-sur-les-entreprises-francaises]]|CLOUD_Act|
|2018.08.20|//MacAfee//|[[7 Reasons Why Microsoft Warns Against Proxy-Based CASBs for Office 365|https://www.skyhighnetworks.com/cloud-security-blog/7-reasons-why-microsoft-warns-against-proxy-based-casbs-for-office-365/]]|O365 CASB|
|2018.08.20|//MacAfee//|[[CASB RFP Template: 200+ Common Questions Enterprises Are Asking|https://www.skyhighnetworks.com/cloud-security-blog/casb-rfp-template-free-download/]] ([[document|https://info.skyhighnetworks.com/Cloud-Access-Security-Broker-Request-for-Proposal-Template_BannerCloud-MFE.html]])|CASB|
|>|!|>||
|2018.08.16|disrupt:Ops|[[What Security Managers Need to Know About Amazon S3 Exposures (1/2)|https://disruptops.com/what-security-managers-need-to-know-about-amazon-s3-exposures/]]|Misc|
|2018.08.15|Gartner|![[Gartner Survey Says Cloud Computing Remains Top Emerging Business Risk|https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-says-cloud-computing-remains-top-emerging-business-risk]]|Report|
|2018.08.15|//Aqua Security//|[[Kube-hunter - an open source tool for Kubernetes penetration testing|https://blog.aquasec.com/kube-hunter-kubernetes-penetration-testing]]|K8s Tools|
|2018.08.14|PogsDotNet|[[Azure Container Registry|https://www.pogsdotnet.com/2018/08/azure-container-registry.html]]|Azure Containers|
|2018.08.14|//IDG//|[[2018 Cloud Computing Survey|https://www.idg.com/tools-for-marketers/2018-cloud-computing-survey/]] ([[rapport|http://resources.idg.com/download/executive-summary/cloud-computing-2018]])|Report|
|2018.08.14|//RedLock//|[[How to Effectively Manage Multi-Cloud Security Challenges|https://redlock.io/blog/how-to-effectively-manage-multi-cloud-security-challenges]]|Misc|
|2018.08.13|//Rhino Security Labs//|[[AWS IAM Privilege Escalation - Methods and Mitigation|https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/]]|AWS Flaws|
|2018.08.13|//Threatpost//|[[GoDaddy Leaks 'Map of the Internet' via Amazon S3 Cloud Bucket Misconfig|https://threatpost.com/godaddy-leaks-map-of-the-internet-via-amazon-s3-cloud-bucket-misconfig/135009/]]|DataLeak GoDaddy AWS|
|2018.08.10|//Cloud Management Insider//|[[Top 5 most common cloud threats|https://www.cloudmanagementinsider.com/top-5-most-common-cloud-threats/]]|Threats|
|2018.08.10|//Microsoft//|![[Enhance security and simplify network integration with Extension Host on Azure Stack|https://azure.microsoft.com/en-us/blog/extension-host-coming-to-azure-stack/]]|Harden|
|2018.08.14|Redmond Channel| → [[Microsoft Shrinks Azure Stack's Attack Surface|https://rcpmag.com/blogs/scott-bekker/2018/08/microsoft-azure-stack-attack-surface.aspx]]|Harden|
|>|!|>||
|2018.08.09|//Microsoft//|[[Why you need a cloud access security broker in addition to your firewall |https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Why-you-need-a-cloud-access-security-broker-in-addition-to-your/ba-p/250062]]|CASB|
|2018.08.09|//UpGuard//|[[Public Domain: How Configuration Information For the World's Largest Domain Name Registrar Was Exposed Online|https://www.upguard.com/breaches/public-domain-how-configuration-information-for-the-worlds-largest-domain-name-registrar-was-exposed-online]]|Misc|
|2018.08.09|Engadget| → [[Amazon AWS error exposes info on 31,000 GoDaddy servers|https://www.engadget.com/2018/08/09/amazon-aws-error-exposes-31-000-godaddy-servers/]]|Misc|
|2018.08.09|//Zscaler//|[[Proxy-based security: a pillar of the cloud-first architecture|https://www.zscaler.com/blogs/corporate/proxy-based-security-pillar-cloud-first-architecture]]|Architecture|
|2018.08.13|SecurityWeek| → [[Amazon S3 Bucket Exposed GoDaddy Server Information|https://www.securityweek.com/amazon-s3-bucket-exposed-godaddy-server-information]]|Misc|
|2018.08.09|//Aqua Security//|[[Out-of the-Box Policies Simplify Container Compliance|https://blog.aquasec.com/container-compliance-policies]]|Containers Compliance|
|2018.08.07|//Alcide//|[[Cloud Security - Learning the Basics (3/3)|https://blog.alcide.io/cloud-security-learning-basics]]|Misc|
|2018.08.03|//Security Intelligence (IBM)//|[[An In-Depth Guide to Application Modernization and Cloud Security|https://securityintelligence.com/an-in-depth-guide-to-application-modernization-and-cloud-security/]]|Misc|
|2018.08.03|PogsDotNet|[[Azure Container Instance|http://www.pogsdotnet.com/2018/08/azure-container-instances.html]]|Azure containers|
|2018.08.02|Infosec Island|[[Cryptojacking - More than a Nuisance, It Poses a Serious Threat to Data Centers|http://www.infosecisland.com/blogview/25094-Cryptojacking--More-than-a-Nuisance-It-Poses-a-Serious-Threat-to-Data-Centers.html]]|Cloud Misc.|
|2018.08.02|//ThreatStack//|![[50 Best Cloud Security Training Resources|https://www.threatstack.com/blog/50-best-cloud-security-training-resources]]|Misc|
|2018.08.02|//Google Cloud//|![[Container Security with Maya Kaczorowski|https://www.gcppodcast.com/post/episode-140-container-security-with-maya-kaczorowski/]] (podcast : [[mp3|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.140.mp3]]|Containers Podcast|
|2018.08.02|//phoenixNAP//|[[What Is Cloud Security & What Are the Benefits?|https://phoenixnap.com/blog/what-is-cloud-security]]|Misc|
!//NIST SP 1800-19A -- Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments -- Volume A: Executive Summary (Prelim. Draft 1)//
[>img(150px,auto)[iCSF/NIST.gif]]Le 23 août 2018 : le NIST publie un appel à commentaires sur la synthèse managériale d'un document portant sur les pratiques de sécurité dans un environnement VMware en Cloud hybride IaaS.
Les commentaires sont à transmettre avant le 30 septembre 2018.
⇒ Pour les détails, consultez la page dédiée [[ici|https://csrc.nist.gov/publications/detail/sp/1800-19a/draft]] ou directement le document [[ici|https://www.nccoe.nist.gov/sites/default/files/library/sp1800/tc-hybrid-sp1800-19a-preliminary-draft.pdf]].
__Résumé :__
<<<
//Cloud services can provide organizations the opportunity to increase their flexibility, availability, resiliency, and scalability, which they can use in turn to increase security, privacy, efficiency, responsiveness, innovation, and competitiveness.
The core impediments to an organization's broader adoption of cloud technologies are the ability to protect its information and virtual assets in the cloud, and to have sufficient visibility so it can conduct oversight and ensure that it (and its cloud provider) are complying with applicable laws and business practices.
The National Cybersecurity Center of Excellence (NCCoE) at NIST built a laboratory environment using commercial off-the-shelf technology and cloud services to safeguard the security and privacy of an organization's applications and data being run within or transferred between private and hybrid/public clouds.
The full NIST Cybersecurity Practice Guide being developed for this project will demonstrate how organizations can implement trusted compute pools in order to enforce and monitor their security and privacy policies on their cloud workloads and meet compliance requirements as specified in NIST Special Publication 800-53 and the Cybersecurity Framework.//
<<<
__Mots clés :__
<<<
//Cloud Computing -- Cybersecurity -- Infrastructure as a Service (IaaS) -- Security and Privacy Policies -- Virtualization //
<<<
__Auteurs :__
<<<
//Donna Dodson (NIST), Daniel Carroll (Dell/EMC), Gina Scinta (Gemalto), Hemma Prafullchandra (HyTrust), Harmeet Singh (IBM), Raghuram Yeluri (Intel), Tim Shea (RSA), Carlos Phoenix (VMware)//
<<<
<<tiddler [[arOund0C]]>>
!"//Software-Defined Perimeter Architecture Guide Preview (2/4)//"
[>img(200px,auto)[iCSA_/cyber-security-3400657__340.jpg]]Article de blog publié le 23 août 2018 — Rédigé par Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc.
<<<
__''Aperçu du guide sur l'architecture du Software-Defined Perimeter (SDP) -- article 2/4''__
//Dans ce deuxième article, nous nous concentrons sur la section "Scénarios SDP" du document, qui présente brièvement les principaux scénarios pour le SDP, explique pourquoi les organisations devraient envisager d'adopter le SDP, et énumère les avantages que le SDP offre dans ce cas.
Cette section est, par conception, concise. Nous sommes passionnés par le SDP et la sécurité des réseaux, et nous pourrions écrire un roman entier sur ce sujet (dans lequel notre héros, l'architecte de la sécurité des réseaux Reavis Macdonald, utilise le SDP pour vaincre un adversaire malveillant et sauver son organisation d'une amende RGPD record ! Malheureusement, notre rédacteur en chef nous assure qu'une telle histoire ne serait pas un bestseller, et que notre guide d'architecture devrait également revoir le concept de briéveté...
Dans cet article, nous avons choisi d'étudier plusieurs scénarios et de les commenter ://
# Scénario 1: //Identity-Driven Network Access Control//
# Scénario 2: //Network Microsegmentation//
# Scénario 3: //Secure Remote Access (VPN Alternative)//
# Scénario 4: //Third-party User Access//
# Scénario 5: //Enabling Secure Transition to IaaS Cloud Environments//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/08/23/sdp-architecture-guide-preview-part-2/]] sur le blog de la CSA
!"//CVE and Cloud Services, Part 1: The Exclusion of Cloud Service Vulnerabilities//"
[>img(500px,auto)[iCSA_/CVE1.png]]Article de blog publié le 13 août 2018 — Rédigé par Kurt Seifried, Director of IT, Cloud Security Alliance and Victor Chin, Research Analyst, Cloud Security Alliance
<<<
__''CVE et services Cloud, première partie : L'exclusion des vulnérabilités des services cloud''__
//Le processus de gestion des vulnérabilités est traditionnellement soutenu par un écosystème en équilibre parfois incertain, qui comprend des parties prenantes telles que les chercheurs en sécurité, les entreprises et les fournisseurs. Au cœur de cet écosystème se trouve le système CVE d'Identification Commune des Vulnérabilités et des Expositions (CVE). Pour se voir attribuer un numéro de vulnérabilité CVE, certains critères doivent être remplis. Ces derniers temps, ces critères ont commencé à poser des problèmes, car ils excluent les vulnérabilités de certaines catégories de services informatiques qui deviennent de plus en plus courantes.
Cet article est le premier d'une série qui explorera les défis et les opportunités de la gestion des vulnérabilités en relation avec l'adoption croissante des services cloud.//
[...]
* //Vulnérabilités et expositions communes : CVE est une liste d'enregistrement, chacun contenant un numéro d'identification, une description et au moins une référence publique pour les vulnérabilités de elles mêmes publiques//
[...]
* //CVE et gestion des vulnérabilités : Le système CVE est la cheville ouvrière du processus de gestion des vulnérabilités, car son utilisation et son adoption généralisées permettent l'interopérabilité des différents services et processus métier.//
[...]
* //Règles et limites de l'inclusion CVE : La décision d'attribuer un numéro d'identifiant à une vulnérabilité est régie par les règles d'inclusion.//
[...]
* //Conclusion de cette première partie : La Cloud Security Alliance et le conseil d'administration de CVE explorent actuellement des solutions aux points évoqués ci-dessus.
L'une des premières tâches consiste à obtenir les commentaires des acteurs de l'industrie au sujet d'une éventuelle modification de INC3 pour tenir compte des vulnérabilités qui ne sont pas contrôlées par le client. Un tel changement mettrait officiellement les vulnérabilités des services cloud dans le champ d'application du système CVE. Cela permettrait non seulement de suivre correctement les vulnérabilités, mais aussi d'associer des informations importantes à une vulnérabilité liée.
Veuillez nous faire savoir ce que vous pensez d'un changement à INC3 et l'impact qui en résulterait sur l'écosystème de gestion des vulnérabilités//
[...]
//Les commentaires à envoyer à l'adresse "cve-services-feedback at cloudsecurityalliance point org"//
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/08/13/cve-cloud-services-part-1/]] sur le blog de la CSA
!"Top Threats to Cloud Computing: Deep Dive"
__''Description :''__[>img(auto,150px)[iCSA_/top-threats-to-cloud-computing-deep-dive.png]]
Ce document identifie les principaux risques de sécurité dans le Cloud, et comment ils s'intègrent dans une analyse de sécurité plus poussée, en s'appuyant sur 9 cas concrêts.
Le "''Top Threats to Cloud Computing: Deep Dive''" est une étude de cas qui fournit plus de détails sur l'architecture, la conformité, les risques et les mesures d'atténuation pour chacune des menaces et vulnérabilités identifiées dans le document "[[Treacherous 12 : Top Threats to Cloud Computing|2016.02.29 - Publication : The Treacherous Twelve]]" paru en 2016.
Jon-Michael C. Brook, coprésident du groupe de travail de la CSA sur les menaces et directeur de la sécurité, du Cloud & Privacy at Guide Holdings a ainsi déclaré: "//Bien que ces cas concrêts aient permis aux responsables cybersécurité de mieux communiquer avec leurs dirigeants et leurs pairs, ils n'ont pas fourni assez de détails sur la façon dont tout s'articule du point de vue de l'analyse sécurité. Ce nouveau rapport aborde ces limitations et offre des détails supplémentaires et des informations réutilisables qui identifient où et comment les principales menaces s'inscrivent dans une analyse sécurité plus poussée. Il fournit également une compréhension claire de la façon dont les leçons, les mesures d'atténuation et les concepts peuvent être appliqués dans des scénarios rencontrés au quotidien.//"
Les 9 cas étudiés sont les suivants :
|!Cas|!Menaces concernées |
|LinkedIn |Data Breaches; Insufficient Identity, Credential and Access Management; Account Hijacking; Denial of Service; Shared Technology Vulnerabilities |
|MongoDB |Data Breaches; Insufficient Identity, Credential and Access Management; Insecure Interfaces and APIs; Malicious Insiders; Data Loss |
|Dirty Cow |Insufficient Identity, Credential and Access Management; System Vulnerabilities |
|Zynga |Data Breaches; Insufficient Identity, Credential and Access Management; Malicious Insiders |
|Net Traveler |Data Breaches; Advanced Persistent Threats; Data Loss |
|Yahoo! |Data Breaches; Data Loss; Insufficient Due Diligence |
|Zepto |Data Breaches; Data Loss; Abuse and Nefarious Use of Cloud Services |
|DynDNS |Insufficient Identity, Credential and Access Management; Denial of Service |
|Cloudbleed |Data Breaches; Shared Technology Vulnerabilities |
[img(50%,1px)[iCSF/BluePixel.gif]]
|
Chacun des cas est présenté sous la forme d'un tableau de référence et d'un exposé détaillé.
Le document présente ensuite les domaines recommandés de la matrice de contrôle du Cloud ([[CCM|Groupe de Travail - Cloud Controls Matrix]]), triés selon la fréquence à laquelle les contrôles à l'intérieur des domaines sont pertinents comme contrôle d'atténuation.
Les mesures d'atténuation et de contrôle applicables aux neuf cas étudiés couvrent 13 des 16 domaines de la matrice [[CCM|Groupe de Travail - Cloud Controls Matrix]].|[<img(600px,auto)[iCSA_/top-threats-case-study.png]]|
[img(50%,1px)[iCSF/BluePixel.gif]]
__Lien de téléchargement :__ https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-deep-dive/
!OWASP Secure Medical Devices Deployment Standard
[>img(200px,auto)[iCSA/I87PO.png]]Le 7 août 2018, publication d'une mise à jour du guide sur le déploiement sécurisé des dispositifs médicaux.
Ce rapport comprend des sections mises à jour sur les achats et les contrôles des mécanismes, ainsi que sur les directives de la FDA (//Food and Drug Administration// américaine).
La [[Cloud Security Alliance]] et l'''OWASP (//Open Web Application Security Project//)'' ont publié la deuxième version du document ''OWASP Secure Medical Device Deployment Standard'', mise à jour pour le déploiement sécurisé des dispositifs médicaux dans un établissement de santé.
Parmi les nombreuses améliorations, à noter : la section sur les contrôles des achats en ce qui a trait aux vérifications et à l'évaluation de la sécurité, à l'évaluation des facteurs relatifs à la vie privée et aux contrôles d'évaluation de soutien.
Selon Christopher Frenz, chef de projet de l'OWASP :
> "//Trop de dispositifs de sécurité réseau actuels ne sont toujours pas déployés dans un souci de sécurité, exposant les fournisseurs de soins de santé et leurs patients à des atteintes à la protection des données au mieux et à des conséquences négatives potentielles pour la santé au pire. Avec les logiciels de rançon et les botnets ciblant les dispositifs IoT, il est plus essentiel que jamais que les dispositifs soient développés et déployés avec la sécurité à l'esprit ", a déclaré , auteur de l'article original.//"
Selon Hillary Baron, gestionnaire du programme de recherche de la [[Cloud Security Alliance]] :
> "//La croissance des dossiers médicaux électroniques et des appareils sur réseau a permis aux fournisseurs de soins de santé d'améliorer leur niveau de service et l'efficacité avec laquelle ils fournissent des soins. Cependant, cette même interconnexion a ouvert une boîte de Pandore de questions de sécurité concernant les anciens systèmes et les appareils de soins de santé qui n'ont pas été conçus en tenant compte de la sécurité. Nous espérons que ce document fournit une feuille de route claire pour les organisations de soins de santé qui cherchent à s'assurer que les dispositifs et systèmes médicaux à travers l'organisation suivent les meilleures pratiques en matière de sécurité de l'IT.//"
Le rapport, auquel le Groupe de travail de la CSA sur l'Internet des objets (IoT), a fourni des commentaires et des contributions importantes, dans des domaines tels que :
* Contrôle des achats : Vérifications/évaluations de la sécurité, évaluation des facteurs relatifs à la vie privée et soutien à l'évaluation ;
* Défenses du périmètre : Firewalls, Network Intrusion Detection/Prevention System (NIDS/NIPS), et Proxy Server/Web Filters ;
* Contrôles de sécurité du réseau : Segmentation du réseau, pare-feu interne, réseau interne IDS/IPS, serveurs syslog, surveillance des logs, analyse des vulnérabilités et dolines DNS.
* Contrôles de sécurité des appareils : Modifier les informations d'identification par défaut, verrouillage des comptes, activation du transport sécurisé, copies de rechange du firmware/logiciel, sauvegarde de la configuration des périphériques, configurations de base, chiffrement du stockage, différents comptes utilisateurs, restriction de l'accès à l'interface de gestion, mécanismes de mise à jour, surveillance de la conformité et sécurité physique ;
* Sécurité de l'interface et de la station centrale : Renforcement du système d'exploitation, transport crypté et sécurité des messages - normes de sécurité HL7 v3 ;
* Tests de sécurité : Essais d'intrusion; et
* Intervention en cas d'incident : Plan d'intervention en cas d'incident et incidents fictifs.
__Annonce :__
→ https://cloudsecurityalliance.org/media/press-releases/csa-owasp-issue-updated-guidance-for-secure-medical-%e2%80%a8device-deployment/
__Lien de téléchargement :__
→ https://cloudsecurityalliance.org/artifacts/owasp-secure-medical-devices-deployment-standard/
!Salon ''Cloud & Cyber Security Paris'' les 27 et 28 novembre 2018
[>img(250px,auto)[iCSF/CCSEP_201811.jpg]]__Paris, le 1er août 2018.__
Le [[Chapitre Français]] de la [[Cloud Security Alliance]] annonce un partenariat avec le Salon ''Cloud & Cyber Security Paris''.
Le Salon ''Cloud & Cyber Security Paris'' est un salon réservé aux experts de la Sécurité du Cloud qui se tiendra :
{{floatC{les ''mardi 27 et mercredi 28 novembre 2018 à Paris Porte de Versailles'' (Hall 3)}}}
4 bonnes raisons de visiter le salon ''Cloud & Cyber Security Paris''
# __Rencontrer__ plus de 150 fournisseurs nationaux et internationaux.
# __Assister__ aux prises de parole de 250 experts dans un programme de conférence recouvrant l'actualité du secteur, dont des dizaines d'études de cas et des tables rondes. Des experts issus des plus grandes entreprises françaises, du secteur public, de PME et des prestataires de services viendront partager leurs expériences.
# __Consolider__ votre réseau et __construire__ des relations avec les acteurs du marché et découvrez les technologies de demain.
# __Optimiser__ votre temps et aborder tous vos objectifs technologiques en un seul lieu.
En suivant le lien ci-dessous, vous pouvez déjà obtenir votre invitation gratuite qui vous donnera accès aux évènements co-organisés ''Cloud Expo Europe Paris'' et ''Data Centre World Paris''.
Le [[Chapitre Français]] de la [[Cloud Security Alliance]] fera une intervention le ''mardi 27 novembre 2018 de 15h45 à 16h10''.
!"//California's CCPA Brings EU Data Privacy to the US//"
[>img(100px,auto)[iCSA_/ccpa.png]]^^Bien que publié le 27 août 2018 sur le blog de la CSA, cet article l'a déjà été le 2 juillet 2018 sur le blog de la société Bitglass
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/08/27/ccpa-brings-eu-data-privacy-us/]] ou [[l'original|https://www.bitglass.com/blog/californias-ccpa-brings-eu-data-privacy-to-the-us]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//EU GDPR vs US: What Is Personal Data?//"
[>img(100px,auto)[iCSA_/CASB-personal-data.jpg]]^^Bien que publié le 20 août 2018 sur le blog de la CSA, cet article l'a déjà été le 11 juin 2018 sur le blog de la société Bitglass
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/08/20/eu-gdpr-vs-us-what-is-personal-data/]] ou [[l'original|https://www.bitglass.com/blog/eu-gdpr-vs-us-what-is-personal-data]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201807>>
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|2018.07.31|Cloud native Computing Foundation|[[CNCF to Host Harbor in the Sandbox|https://www.cncf.io/blog/2018/07/31/cncf-to-host-harbor-in-the-sandbox/]]|Docker Registry|
|2018.07.31|//Summit Route//|[[AWS Security Pillar Whitepaper updates|https://summitroute.com/blog/2018/07/31/aws_security_pillar_whitepaper_updates/]]|AWS|
|2018.07.31|Federal News Network|[[Air Force moves portal to commercial cloud, begins migrating other apps|https://federalnewsnetwork.com/federal-cloud-report/2018/07/air-force-moves-portal-to-commercial-cloud/]]|Misc|
|2018.07.30|SANS|[[How Visibility of the Attack Surface Minimizes Risk|https://www.sans.org/reading-room/whitepapers/analyst/visibility-attack-surface-minimizes-risk-38540]]|Analysis Misc.|
|>|!|>||
|2018.07.26|Infosec Island|[[Plug Your Cloud Cybersecurity Holes|http://www.infosecisland.com/blogview/25091-Plug-Your-Cloud-Cybersecurity-Holes.html]]|Cloud Misc.|
|2018.07.26|Gartner|[[The Data Center is Dead|https://blogs.gartner.com/david_cappuccio/2018/07/26/the-data-center-is-dead/]]|Misc|
|2018.07.26|//Alcide//|[[Cloud Network Management and Security (2/3)|https://blog.alcide.io/cloud-network-management-and-security]]|Manage|
|2018.07.26|//ThreatStack//|[[Why Kubernetes is Not a Silver Bullet|https://www.threatstack.com/blog/why-kubernetes-is-not-a-silver-bullet]]|K8s|
|2018.07.25|//Lacework//|[[I Just Looked at 2 Billion Cloud Events. Here's What I Found|https://www.lacework.com/lacework-trial-2-billion-cloud-events/]]|Manage|
|2018.07.25|SANS|[[A Guide to Managing Cloud Security|https://www.sans.org/reading-room/whitepapers/analyst/guide-managing-cloud-security-38530]]|Analysis Misc.|
|2018.07.24|//Threatpost//|[[Apache, IBM Patch Critical Cloud Vulnerability|https://threatpost.com/apache-ibm-patch-critical-cloud-vulnerability/134341/]]|Flaws|
|2018.07.24|//Backblaze//|[[Hard Drive Stats for Q2 2018|https://www.backblaze.com/blog/hard-drive-stats-for-q2-2018/]]|Reliability|
|2018.07.24|//Lastline//|[[Malscape Snapshot: Malicious Activity in the Office 365 Cloud|https://www.lastline.com/blog/malspam-malscape-snapshot-malicious-activity-in-the-office-365-cloud/]]|Attacks|
|2018.07.23|Eric D. Schabell|[[3 Pitfalls Everyone Should Avoid with Hybrid Multicloud (4/4)|http://www.schabell.org/2018/07/3-pitfalls-everyone-should-avoid-with-hybrid-multicloud-part-4.html]]|Hybrid_Cloud|
|>|!|>||
|2018.07.19|Infosec Institute|[[AWS Cloud Security for Beginners (1/2)|https://resources.infosecinstitute.com/aws-cloud-security-for-beginners-part-1/]]|AWS|
|2018.07.19|Infosec Institute|[[AWS Cloud Security for Beginners (2/2)|https://resources.infosecinstitute.com/aws-cloud-security-for-beginners-part-2/]]|AWS|
|2018.07.19|//Gartner//|[[G00338508: Hype Cycle for Cloud Security, 2018|https://www.gartner.com/doc/3883268/hype-cycle-cloud-security-]]|Report|
|2018.07.18|Toni de la Fuente|![[My arsenal of AWS security tools|https://blyx.com/2018/07/18/my-arsenal-of-aws-security-tools/]] |AWS|
|2018.07.18|Kubernetes|[[11 Ways (Not) to Get Hacked|https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/]]|Kubertenes|
|2018.07.18|Wired|[[Amazon Tests Out Two Tools to Help Keep Its Cloud Secure|https://www.wired.com/story/aws-cloud-security-tools-leaks/]]|AWS Leaks|
|2018.07.17|DFRWS|[[Turbinia: Automation of Forensic Processing in the Cloud|http://dfrws.org/sites/default/files/session-files/pres_turbinia_automations_of_forensic_processing_in_the_cloud.pdf]]|Forensics Conference|
|2018.07.17|Dark Reading|[[Cloud Security: Lessons Learned from Intrusion Prevention Systems|https://www.darkreading.com/endpoint/cloud-security-lessons-learned-from-intrusion-prevention-systems/a/d-id/1332300]]|IPS|
|2018.07.17|IntrusionTruth|[[Who was behind this unprecedented Cyber attack on Western infrastructure?|https://intrusiontruth.wordpress.com/2018/07/17/who-was-behind-this-unprecedented-cyber-attack-on-western-infrastructure/]]|Attacks APT|
|2018.07.17|Infosec Institute|[[AWS Security Monitoring Checklist|https://resources.infosecinstitute.com/aws-security-monitoring-checklist-part-2/]] (2/2)|AWS Monitor|
|2018.07.16|Infosec Island|[[Memory Protection beyond the Endpoint|http://www.infosecisland.com/blogview/25086-Memory-Protection-beyond-the-Endpoint.html]]|Cloud Misc.|
|2018.07.16|//Sysdig//|[[Docker image scanning - How to implement open source container security|https://sysdig.com/blog/container-security-docker-image-scanning/]] (2/2)|Docker|
|2018.07.12|Stanislas Quastana|![[Preparation Guide for ISC2 Certified Cloud Security Professional (CCSP) Certification|https://stanislas.io/2018/07/12/preparation-guide-for-isc2-certified-cloud-security-professional-ccsp-certification/]] |CCSP Certification|
|2018.07.12|//Sysdig//|[[Runtime container security - How to implement open source container security|https://sysdig.com/blog/oss-container-security-runtime/]] (1/2)|Docker|
|2018.07.12|//Netwrix//|[[Insiders Threaten Educational Data Security in the Cloud|https://blog.netwrix.com/2018/07/12/infographics-insiders-threaten-educational-data-security-in-the-cloud/]]|Insider_Threats|
|2018.07.11|//Google Cloud//|![[VirusTotal with Emi Martínez|https://www.gcppodcast.com/post/episode-135-virus-total-with-emi-martinez/]] (podcast [[mp3|https://eps-dot-gcppodcast.appspot.com/dl/Google.Cloud.Platform.Podcast.Episode.135.mp3]]|VirusTotal Podcast|
|2018.07.11|//Avanan//|[[What is a Cloud Access Security Broker (CASB)?|https://www.avanan.com/resources/what-is-a-casb]]|CASB|
|2018.07.10|//BishopFox Labs//|![[A Guide to AWS S3 Buckets Security|https://labs.bishopfox.com/tech-blog/2018/07/a-guide-to-aws-s3-buckets-security]] |AWS_S3|
|>|!|>||
|2018.07.09|freecodeCamp|![[A friendly introduction to Kubernetes|https://medium.freecodecamp.org/a-friendly-introduction-to-kubernetes-670c50ce4542]]|K8s|
|2018.07.05|//GrayHatWarfare//|[[How to search for Open Amazon s3 Buckets and their contents|https://medium.com/@grayhatwarfare/how-to-search-for-open-amazon-s3-buckets-and-their-contents-https-buckets-grayhatwarfare-com-577b7b437e01]]|Tools AWS|
|2018.07.05|//Outpost24//|[[How can security teams handle hybrid cloud infrastructure security?|https://outpost24.com/blog/How-can-security-teams-handle-hybrid-cloud-infrastructure-security]]|Hybrid|
|2018.07.05|Eric D. Schabell|[[3 Pitfalls Everyone Should Avoid with Hybrid Multicloud|https://www.schabell.org/2018/07/3-pitfalls-everyone-should-avoid-with-hybrid-multicloud-part-3.html]] (3/4)|Hybrid_Cloud|
|2018.07.04|//Alcide//|[[Cloud Security and the Shared Responsibility Model|https://blog.alcide.io/cloud-security-and-the-shared-responsibility-model]] (1/3)|Governance|
|2018.07.02|Infosec Institute|[[AWS Security Monitoring Checklist|https://resources.infosecinstitute.com/aws-security-monitoring-checklist/]]|AWS Monitor|
|2018.07.02|//Lacework//|[[Security Can't Start Until Multi-Factor Authentication is Turned On|https://www.lacework.com/security-cant-start-until-multi-factor-authentication-is-turned-on/]]|Authenticate|
|2018.07.02|//Microsoft//|![[Assessing Microsoft 365 security solutions using the NIST Cybersecurity Framework|https://www.microsoft.com/security/blog/2018/07/02/assessing-microsoft-365-security-solutions-using-the-nist-cybersecurity-framework/]]|NIST_CSF M365|
|2018.07.01|Network Computing|[[Multi-cloud simplicity|www.btc.co.uk/Articles/index.php?mag=Networking&page=compDetails&link=8995]]|Multi_Cloud|
|2018.07.01|Solutions Review|[[How to Keep Your Cloud Safe From Cypto Attacks|https://solutionsreview.com/cloud-platforms/cloud-crypto-attacks/]]|Attacks|
|2018.07.01|Yann Mulonda|[[What is Docker? "In Simple English"|https://blog.usejournal.com/what-is-docker-in-simple-english-a24e8136b90b]]|Docker|
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Juillet 2018]]>><<tiddler fAll2LiTabs13end with: Actu","201807>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Juillet 2018]]>><<tiddler fAll2LiTabs13end with: Blog","201807>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Juillet 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201807>>
!"//Software-Defined Perimeter Architecture Guide Preview (1/4)//"
[>img(200px,auto)[iCSA_/cyber-security-3400657__340.jpg]]Article de blog publié le 31 juillet 2018 — Rédigé par Jason Garbis, Vice President/Secure Access Products, Cyxtera Technologies Inc.
<<<
__''Aperçu du guide sur l'architecture du Software-Defined Perimeter (SDP) -- article 1/4''__
//Le Groupe de travail ''Software-Defined Perimeter'' (SDP) a été fondé il y a cinq ans, avec pour mission de promouvoir et d'évangéliser une nouvelle architecture plus sécurisée pour la gestion de l'accès des utilisateurs aux applications. Depuis la publication initiale de la spécification SDP, nous avons été témoins d'une adoption et d'une sensibilisation croissantes dans l'ensemble de l'industrie. En tant que praticiens, vendeurs, évangélistes et guides, nous (en tant que groupe de travail du SDP) avons beaucoup appris sur le SDP dans la pratique, et nous voulions capturer et partager cette connaissance.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/07/31/software-defined-perimeter-architecture-preview-part-1/]] sur le blog de la CSA
!"//Convincing Organizations to Say "Yes to InfoSec"//"
[>img(200px,auto)[iCSA/I7KBC.jpg]]Article de blog publié le 20 juillet 2018 — Rédigé par Jon-Michael C. Brook, Principal, Guide Holdings, LLC
<<<
__''Convaincre les organisations de dire "oui à la sécurité de l'information".''__
//La sécurité, la cause de tous les maux? La première moitié de ma carrière, je l'ai passée dans les services de l'état, et nous sommes toujours apparus comme ceux qui ne disaient que "non", tuant dans l'oeuf la plupart des initiatives avant même qu'elles ne commencent.
La plupart du temps, les risques l'emportaient sur les avantages, et à moins qu'il n'y ait un commanditaire à un niveau hiérarchue élevé, comme le PDG ou un membre du Comité Drecteur, les demandes étaient rejettées.
Plus récemment, en réponse à un "non" de l'équipe sécurité, le service informatique a lancé plusieurs projets de type "Shadow IT". Les gens ont commencé à utiliser des systèmes informatiques dans le cloud avec un paiement à la consommation via une carte de crédit d'entreprise. Résultat : des projets ont été lancés, développés et déployés rapidement, avant même que quiconque dans l'équipe sécurité ne puisse avoir un mot à dire.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/07/20/reshaping-value-of-security/]] sur le blog de la CSA
!"STAR Provider Verification Template
> [>img(200px,auto)[iCSA/J73STAR.png]]//If you don't already see your provider listed on the STAR registry submit a request to have them verified.//
> //Download the letter template and send it to your provider.//
__Lien :__
→ https://cloudsecurityalliance.org/artifacts/star-provider-verification-template/
!"//Avoiding Cyber Fatigue in Four Easy Steps//"
[>img(200px,auto)[iCSA/I7CBA.jpg]]Article de blog publié le 12 juillet 2018 — Rédigé par Jon-Michael C. Brook, Principal, Guide Holdings, LLC
<<<
__''Éviter la cyberfatigue en quatre étapes simples''__
//L'épuisement lié aux cyber-alertes.
Dans le domaine de la cybersécurité, c'est inévitable. Chaque jour, il y aura une nouvelle divulfation, un nouveau piratage, un nouveau titre accrocheur pour le dernier rebondissement d'une d'attaque précédente. En tant que praticien de 23 ans, l'épuisement professionnel est un phénomène réel et, malheureusement, il se produit par vagues.
Vous suivrez avec attention les toutes dernières nouvelles pendant des mois. Prenez ne serait-ce que quelques semaines de congés au mauvais moment de l'année, peut-être aux alentours d'une des grandes conférences sur la sécurité (par exemple RSA ou Blackhat/DEF CON), et vous pourriez avoir à ramer pendant 6 semaines pour rattraper votre retard. Tout le monde a une opinion, et s'il l'on n'est pas aux premières loges, il devient difficile de séparer le bon grain de l'ivraie. Comment pouvez-vous éviter, ou du moins réduire, le risque de ne pas pouvoir répondre à la prochaine question d'un RSSI tout en conservant un sentiment d'être sain de corps et d'esprit ?
Quel est le point de non-retour au delà duquel, la quête du savoir se transforme en spirale infinie ?//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/07/12/four-easy-steps-to-avoiding-cyber-fatigue/]] sur le blog de la CSA
!"//Methodology for the Mapping of the Cloud Controls Matrix//"
[>img(150px,auto)[iCSA/I79BM.png]]Article de blog publié le 9 juillet 2018 — Rédigé par Victor Chin, Research Analyst, Cloud Security Alliance
<<<
__''Méthodologie pour la cartographie de la matrice des contrôles CCM''__
//La [[Cloud Controls Matrix]] (CCM) de la [[Cloud Security Alliance]] (CSA) fournit des principes fondamentaux de sécurité pour guider les vendeurs et les clients du Cloud Computing qui cherchent à évaluer le risque global de sécurité d'un service Cloud.
Pour réduire la charge de travail dans l'industrie des services dans le Cloud, le programme CCM comprend également des équivalence avec d'autres cadres de l'industrie tels que l'ISO 27001 de l'ISO/IEC, le SP 800-53 du NIST (National Institute of Standards and Technology), et l'American Institute of Certified Public Accountants (AICPA) Trust Services Criteria (TSC) Trust Services (TSC).//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/07/09/methodology-for-mapping-the-cloud-controls-matrix/]] sur le blog de la CSA
Ce nouveau document est disponible ici : https://cloudsecurityalliance.org/download/ccm-mapping-methodology/
!"CCM Mapping Methodology"
[>img(200px,auto)[iCSA/I79BM.png]]__''Introduction''__//
The objective of this document was to create design - and guideline - yielding repeatable mapping consistency, providing continuity for members and volunteers who seek to support the CCM framework and its activities.
This document describes the CSA CCM mapping process, which aims to fulfill four primary functions:
1. Provide clarity and transparency regarding the CSA CCM Working Group's mapping approach, guidelines and naming conventions;
2. Encourage process review and improvement suggestions by the CSA community;
3. Yield a valuable reference for organizations — especially those seeking to benefit from and contribute to interoperable efforts by mapping their frameworks to the CCM;
4. Improve assessor criteria understanding and interpretation of all mapping processes through criteria mapping exercises.
//[...]
__''Conclusion''__//
This Methodology for the CSA CCM Mapping Project document was created to provide more clarity
on the mapping process. Subject matter included details on typical mapping strategies — such as the creation of work packages, outlining different gaps and identifying naming references — to ensure that CCM mappings are machine-readable and consistent.
This document will be published with downloadable sample work packages that can be used as a reference for future mapping projects. CSA will continue updating and improving this document as CCM matures, so please feel free to send any feedback to research-support@cloudsecurityalliance.org.//
__Lien :__
⇒ https://cloudsecurityalliance.org/download/ccm-mapping-methodology/
!Mastère Spécialisé® "Cloud Computing" : poursuite du partenariat avec l'ISEP Formation Continue [>img(auto,100px)[iCSF/ISEP-FC.jpg]]
__Paris, le 2 juillet 2018__
Pour la 7^^ème^^ année consécuritve, le partenariat est reconduit entre l'[[ISEP Formation Continue|https://formation-continue.isep.fr/]] et la [[Cloud Security Alliance]].
Le Chapitre français de la [[Cloud Security Alliance]] assure ainsi les cours sur la sécurité du Cloud Computing, et la gestion d'un projet "sécurité du Cloud".
__Planning :__
* Date de début de formation : octobre 2017
* Date de fin de formation : juin 2018
* Soutenances de thèses : janvier 2019
* Remise des diplômes : mars 2019
Toutes les informations sont disponibles sur le site ISEP Formation Continue ⇒ ''[[CloudSecurityAlliance.fr/go/McCC/|https://cloudsecurityalliance.fr/go/McCC/]]''
__Contacts et pour recevoir la documentation et le dossier d'inscription pour ce Mastère :__
* Mme Aïcha ABDAT, Assistante administrative ISEP Formation Continue
** Téléphone : 01 49 54 52 59
** Adresse : 10, rue de Vanves, 92130 Issy-les-Moulineaux
** email : ''‮rf.pesi@tadba.ahcia‬''
** Web : ''[[CloudSecurityAlliance.fr/go/McCC/|https://cloudsecurityalliance.fr/go/McCC/]]''
__Labels & Accréditations :__
* Le Mastère Spécialisé® est ''labellisé par la CGE (Conférence des Grandes Ecoles) depuis 2012''.
* Il est inscrit au ''RNCP (Registre National des Certifications Professionnelles)'' depuis janvier 2015. __Il est donc éligible au financement par les OPCA et les Fongecif__.
** Code RNCP [[21792|http://www.rncp.cncp.gouv.fr/grand-public/visualisationFiche?format=fr&fiche=21792]]
* Il est inscrit au CPF sous le n° 145653.
** Le Mastère est donc éligible au compte personnel de formation(CPF), et peut être partiellement ou totalement financé.
* Il est inscrit au CNCP (Commission Nationale de la Certification Professionnelle).
__Contexte de l'enseignement :__
* La formation s'étale sur une période de dix mois d'octobre à juin.
* Le rythme est celui de l'alternance :
** 2 jours de cours les semaines concernées : les jeudis / vendredis ou les vendredis / samedis.
** Des périodes de congés sont prévues en adéquation avec les congés scolaires.
** Elle permet de maintenir une activité professionnelle en temps partagé en parallèle.
{{floatC{
<html><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i></html>@@color:#014;<html><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i></html>@@
}}}
!"//What Is a CASB?//"
[>img(200px,auto)[iCSA_/CASB_cartoon_Man-300x169.png]]Article de blog publié le 16 juillet 2018 — Rédigé par Dylan Press, Director of Marketing, Avanan
<<<
__''CASB, kesako ?''__
//Email est devenu le premier vecteur d'attaque. La prse de contrôle de compte est devenue la première cible d'attaque.
Un CASB est le meilleur moyen de se protéger contre ces menaces.
Gartner a d'abord défini le terme //Cloud Access Security Broker// (CASB) en 2011, lorsque la plupart des applications informatiques étaient hébergées dans le centre informatique et que peu d'entreprises faisaient confiance au cloud. La plupart des services en ligne étaient principalement destinés aux consommateurs. À l'époque, les produits du CASB étaient conçus pour assurer la visibilité de ce qu'on appelait le Shadow IT et limiter l'accès des utilisateurs à des services Cloud non autorisés.
Aujourd'hui, les entreprises ont adopté le cloud, remplaçant un grand nombre de leurs applications internalisées par le mode "Software as a Service" (SaaS) ou transférant une grande partie de leur informatique vers des fournisseurs d'infrastructure (IaaS) comme Amazon ou Azure. Au lieu de limiter l'accès, les CASB ont évolué pour protéger les données hébergées dans le Cloud et fournir des niveaux de contrôles de sécurité dignes de ce nom afin que les enteprises puissent incorporer le SaaS et l'IaaS dans leur architecture de sécurité existante.
Les CASB fournissent quatre services de sécurité primaires : Visibilité, sécurité des données, protection contre les menaces et conformité. Lorsque vous comparez les solutions de CASB, vous devez d'abord vous assurer qu'elles répondent à vos besoins dans chacune de ces catégories.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/07/16/what-is-a-casb/]] sur le blog de la CSA
__Avertissement :__ bien que publié sur le site de la [[Cloud Security Alliance]], cet article a été rédigé par un tiers de la société Avanan
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201806>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Juin 2018]]>><<tiddler fAll2LiTabs13end with: Blog","201806>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Juin 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201806>>
|!Juin|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2018.06.25..30|
|2018.06.27|//Blackblaze//|[[What's the Diff: VMs vs Containers|https://www.backblaze.com/blog/vm-vs-containers/]]|Containers VMs|
|2018.06.27|Wired|[[Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records|https://www.wired.com/story/exactis-database-leak-340-million-records/]]|Misc|
|2018.06.29|SecurityWeek| → [[Massive Breach at Data Broker Exactis Exposes Millions of Americans|https://www.securityweek.com/massive-breach-data-broker-exactis-exposes-millions-americans]]|Misc|
|2018.06.27|//StackRox//|[[Continuous Security - More on Gartner's CARTA Model|https://www.stackrox.com/post/2018/06/continuous-security-more-on-gartners-carta-model/]]|Misc|
|2018.06.26|//RedLock//|[[The Business Case for Cloud Threat Defense|https://redlock.io/blog/business-case-cloud-threat-defense]]|Misc|
|>|>|>|!2018.06.18..24|
|2018.06.23|Steve Gathof|[[Deploying a Honeypot on AWS|https://medium.com/@sudojune/deploying-a-honeypot-on-aws-5bb414753f32]]|AWS Honeypot|
|2018.06.21|//Summit Route//|[[Guidance on deploying honey tokens|https://summitroute.com/blog/2018/06/22/guidance_on_deploying_honey_tokens/]]|Lure Detect|
|2018.06.21|Defense One|[[NSA 'Systematically Moving' All Its Data to The Cloud|https://www.defenseone.com/technology/2018/06/nsa-systematically-moving-all-its-data-cloud/149184/?oref=d1-related-article]]|NSA GovCloud|
|2018.06.21|//NCC Group//|[[Principal Mapper: Advanced and Automated AWS IAM Evaluation|https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/june/principal-mapper-advanced-and-automated-aws-iam-evaluation/]]|Misc|
|2018.06.20|SecurityWeek|[[Researchers Find 21,000 Exposed Container Orchestration Systems|https://www.securityweek.com/researchers-find-21000-exposed-container-orchestration-systems]]|Misc|
|2018.06.20|//Alcide//|[[AWS Security Best Practices|https://blog.alcide.io/aws-security-best-practices]]|Misc|
|2018.06.20|//RedHat//|[[What is container security?|https://www.redhat.com/en/topics/security/container-security]]|Containers|
|2018.06.19|//StackRox//|[[Gartner on Continuous Security - the Model|https://www.stackrox.com/post/2018/06/gartner-on-continuous-security-the-model/]]|Misc|
|2018.06.18|Infosec Island|[[Every Business Can Have Visibility into Advanced and Sophisticated Attacks|http://www.infosecisland.com/blogview/25078-Every-Business-Can-Have-Visibility-into-Advanced-and-Sophisticated-Attacks.html]]|Cloud Misc.|
|2018.06.18|//Threatpost//|[[22K Open, Vulnerable Containers Found Exposed on the Net|https://threatpost.com/22k-open-vulnerable-containers-found-exposed-on-the-net/132898/]]|Container Data_Leak|
|2018.06.18|Cyber Security Hub|[[Cloud-Based Security Extends Protection To The Edge - Market Report Provides Exhaustive Look At The 'Cloud'|https://www.cshub.com/cloud/reports/cloud-based-security-extends-protection-to-the-edge]]|Report|
|>|>|>|!2018.06.11..17|
|2018.06.14|Aristide Bouix|[[The three container security golden rules|https://aristidebouix.cloud/en/2018/06/the-three-container-security-golden-rules/index.html/]] (démonstration [[1|http://www.youtube.com/watch?v=lrpxKophI1I]] et [[2|http://www.youtube.com/watch?v=A3Edoc2WcuY]])|Containers|
|2018.06.14|Ars Technica|![[Backdoored images downloaded 5 million times finally removed from Docker Hub|https://arstechnica.com/information-technology/2018/06/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub/]] |Docker Image|
|2018.06.13|Bleeping Computer|![[17 Backdoored Docker Images Removed From Docker Hub|https://www.bleepingcomputer.com/news/security/17-backdoored-docker-images-removed-from-docker-hub/]]|Docker Flaws|
|2018.06.13|DataDog|[[8 Surprising Facts About Real Docker Adoption|https://www.datadoghq.com/docker-adoption/]]|Report Docker|
|2018.06.13|//Alcide//|[[Cloud Security Challenges - Takeaways from Gartner's Security & Risk Management Summit|https://blog.alcide.io/gartners-security-summit-cloud-security-challenges]]|Misc|
|2018.06.12|//Security Intelligence (IBM)//|[[Ransomware Recovery: Maintain Control of Your Data in the Face of an Attack|https://securityintelligence.com/ransomware-recovery-maintain-control-of-your-data-in-the-face-of-an-attack/]]|Misc|
|2018.06.12|//Kromtech//|![[Cryptojacking invades cloud. How modern containerization trend is exploited by attackers|https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers]] |Docker Cryptojacking|
|2018.07.13|//Threatpost//| → [[Malicious Docker Containers Earn Cryptomining Criminals $90K|https://threatpost.com/malicious-docker-containers-earn-crypto-miners-90000/132816/]]|Docker Cryptojacking|
|2018.06.13|Cloudy Forensics|[[Responding to Mining Malware Attacks against Servers|https://medium.com/@cloudyforensics/responding-to-mining-malware-attacks-against-servers-29749812e8a]]|Attacks|
|2018.06.13|//Summit Route//|![[CloudMapper "wot" - Command to identify a Web Of Trust of trusted AWS accounts|https://summitroute.com/blog/2018/06/13/cloudmapper_wot/]] |AWS Trust|
|2018.06.11|NCSC UK|[[SaaS security - surely it's simple?|https://www.ncsc.gov.uk/blog-post/saas-security-surely-its-simple]]|Misc|
|2018.06.11|Eric D. Schabell|[[3 Pitfalls Everyone Should Avoid with Hybrid Multicloud (2/4)|http://www.schabell.org/2018/06/3-pitfalls-everyone-should-avoid-with-hybrid-multicloud-part-2.html]]|Hybrid_Cloud|
|2018.06.11|Thilina Manamgoda|[[Authorization for Private Docker Registry|https://medium.com/@maanadev/authorization-for-private-docker-registry-d1f6bf74552f]]|Docker Registry|
|>|>|>|!2018.06.04..10|
|2018.06.08|//Kromtech//|[[WeightWatchers Exposure: a Simple, yet Powerful, Lesson in Cloud Security|https://kromtech.com/blog/security-center/weightwatchers-exposure-a-simple-yet-powerful-lesson-in-cloud-security]]|Data_Leaks|
|2018.06.05|//SecludIT//[>img[iCSF/flag_fr.png]]|[[Comprendre les défis de sécurité de la transformation numérique|https://secludit.com/blog/securite-transformation-numerique/]]|Misc|
|2018.06.05|//Tanable//|[[How to Secure Public Cloud and DevOps? Get Unified Visibility|https://www.tenable.com/blog/how-to-secure-public-cloud-and-devops-get-unified-visibility]]|DevOps|
|2018.06.04|//Outpost24//|[[How to ensure a secure migration to AWS, Azure and Docker|https://outpost24.com/blog/How-to-ensure-a-secure-migration-to-AWS-Azure-and-Docker]]|Misc|
|2018.06.04|//Sysdig//|[[Implementing Docker/Kubernetes runtime security|https://sysdig.com/blog/docker-runtime-security/]]|K8s|
|>|>|>|!2018.05.28..2018.06.03|
|2018.06.01|CRN|[[Here's Who Made Gartner's 2018 Magic Quadrant For Cloud IaaS|https://www.crn.com/slide-shows/cloud/300104391/heres-who-made-gartners-2018-magic-quadrant-for-cloud-iaas.htm]]|Gartner IaaS|
|2018.06.01|//ThreatStack//|![[50 Essential Cloud Security Blogs for IT Professionals and Cloud Enthusiasts|https://www.threatstack.com/blog/50-essential-cloud-security-blogs-for-it-professionals-and-cloud-enthusiasts]]|Misc|
|2018.06.01|//Threatpost//|[[Public Google Groups Leaking Sensitive Data at Thousands of Orgs|https://threatpost.com/public-google-groups-leaking-sensitive-data-at-thousands-of-orgs/132455/]]|Data_Leaks|
!"//Top Security Tips for Small Businesses//"
[>img(150px,auto)[iCSA_/95.png]]Article de blog publié le 27 juin 2018 — Rédigé par Jon-Michael C. Brook, Principal, Guide Holdings, LLC
<<<
__''Recommandations sécurité pour les petites entreprises''__
//La plupart des petites entreprises adoptent des offres de Cloud Computing, qu'il s'agisse de SaaS comme Quickbooks ou Salesforce, ou même de louer des ressources dans Amazon Web Services ou Azure de Microsoft, dans un environnement de type IaaS. Elles bénéficient ainsi d'une assistance informatique digne des grandes entreprises, y compris des niveaux de service qu'une petite entreprise ne pourrait jamais avoir, comme la sécurité des locaux ou la protection contre les pannes électriques avec une fiabilité de 99,999%.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/06/27/top-security-tips-small-businesses/]] sur le blog de la CSA
!"//Updated CCM Introduces Reverse Mappings, Gap Analysis//"
[>img(200px,auto)[iCSA/CCM.png]]Article de blog publié le 26 juin 2018 — Rédigé par Sean Cordero, VP Cloud Strategy, Netskope
<<<
__''Mise à jour de la [[Cloud Controls Matrix]] (CCM) avec tables de correspondances inversées et mesure d'écart''__
//Depuis son introduction en 2010, la [[Cloud Controls Matrix]] (CCM) de la [[Cloud Security Alliance]] est à la pointe quad il s'agit d'évaluer les fournisseurs de services cloud (CSP). La matrice de contrôle CCM offre aux fournisseurs (CSP) et aux consommateurs (utilisateurs) de Cloud Computing, un ensemble homogène de contrôles pour mesurer l'état de préparation et de maturité sécurité. Il continue d'être la norme utilisée pour mesurer, évaluer et informer les acteurs de la sécurité sur les bonnes pratiques pour sécuriser les services dans le Cloud.
Conformément à l'engagement de la [[Cloud Security Alliance]] d'oeuvrer à l'amélioration de la sécurité et de la confiance dans l'univers du Cloud, cette évolution de la [[Cloud Controls Matrix]] intègre les contrôles ISO/IEC 27017:2015, ISO/IEC 27018:2014 et ISO/IEC 27002:2013, et introduit à la fois une nouvelle approche pour l'élaboration de la [[Cloud Controls Matrix]], et une approche actualisée pour incorporer les nouvelles normes de l'industrie de la sécurité.
Les deux autres objectifs définis par le Groupe de travail de la CCM sont les tables de correspondances inversées (ou matrice inversée) et la mesure d'écart.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/06/26/ccm-iso-reverse-mapping/]] sur le blog de la CSA
__Autres liens :__
* https://cloudsecurityalliance.org/group/cloud-controls-matrix/#_overview
* https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1-iso-reverse-mapping
!"Cloud Controls Matrix (CCM) v3.0.1 ISO Reverse Mapping"
__''Description :''__[>img(150px,auto)[iCSA/CCM.png]]
//This latest expansion to the CCM incorporates the ISO/IEC 27017:2015:2015 and ISO/IEC 27018:20147:2015 and ISO/IEC 27002:2013 controls, introduces a new approach to the development of the CCM, and an updated approach to incorporate new industry control standards.//
__Liens :__
* Annonce → https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1-iso-reverse-mapping
* Matrice inversée → https://downloads.cloudsecurityalliance.org/assets/research/cloud-controls-matrix/CCM-ISO_Reverse_Mapping_and_Gap_Analysis_FINAL.xlsx
!"//Cybersecurity Trends and Training Q and A//"
[>img(150px,auto)[iCSA_/security-2337429_640.png]]Article de blog publié le 22 juin 2018 — Rédigé par Jon-Michael C. Brook, Principal, Guide Holdings, LLC
<<<
__''Questions/Réponses sur les tendances et les aspects de formation cybersécurité''__
//
Q: Why is it important for organizations and agencies to stay current in their cybersecurity training? A: Changes accelerate in technology. There's an idea called Moore's Law, named after Gordon Moore working with Intel, that the power of a micro-chip doubles every 18 months. When combined with the virtualization […]
Question : Pourquoi est-il important pour les entreprises et les entités gouvernementales de rester à jour dans leur formation en cybersécurité ?
R : Les changements s'accélèrent dans la technologie. Il y a une idée appelée loi de Moore, du nom de Gordon Moore qui travaillait pour Intel, selon laquelle la puissance d'un microprocesseur double tous les 18 mois.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/06/22/cybersecurity-trends-training-q-and-a/]] sur le blog de la CSA
!"//Cybersecurity Certifications That Make a Difference//"
[>img(150px,auto)[iCSA_/programming-3432058_640.jpg]]Article de blog publié le 14 juin 2018 — Rédigé par Jon-Michael C. Brook, Principal, Guide Holdings, LLC
<<<
__''Les certifications en cybersécurité qui font la différence''__
//L'industrie de la sécurité est en sous-effectif. Et de beaucoup. Les précédentes estimations de l'Institut Ponemon suggèrent jusqu'à 50% des postes de cybersécurité ne sont pas pourvus. Soixante-dix pour cent des organisations manquent de personnel et 58% déclarent avoir du mal à retenir les candidats qualifiés.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/06/14/cybersecurity-certifications-make-a-difference/]] sur le blog de la CSA
!"//Firmware Integrity in the Cloud Data Center//"
[>img(150px,auto)[iCSA_/firmware-usethis.png]]Article de blog publié le 12 juin 2018 — Rédigé par John Yeoh, Research Director/Americas, Cloud Security Alliance
<<<
__''Intégrité du firmware dans le Cloud Data Center''__
//Nous vous annonçons que le dernier rapport de la [[Cloud Security Alliance]] intitulé "Firmware Integrity in the Cloud Data Center" est disponible. Les principaux fournisseurs de services dans le Cloud (CSP) et les acteurs des centres de calcul partagent leurs réflexions sur la construction d'une infrastructure Cloud en utilisant des serveurs sécurisés.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/06/12/firmware-integrity-cloud-data-center/]] sur le blog de la CSA
__Page de téléchargement du rapport :__ https://cloudsecurityalliance.org/download/firmware-integrity-in-the-cloud-data-center
!"//New Software-Defined Perimeter Glossary Sheds Light on Industry Terms//"
[>img(150px,auto)[iCSA_/SDP-Glossary_Cover.png]]Article de blog publié le 12 juin 2018 — Rédigé par Shamun Mahmud, Research Analyst, Cloud Security Alliance
<<<
__''Le nouveau glossaire du SDP éclaire les termes de l'industrie''__
//Le groupe de travail sur le Software Defined Perimeter (SDP) de la [[Cloud Security Alliance]] a créé un glossaire sur les termes et définitions dans les architectures SDP, car le SDP a évolué depuis la création du groupe de travail en 2014.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/06/12/software-defined-perimeter-glossary/]] sur le blog de la CSA
__Page de téléchargement du glossaire :__ https://cloudsecurityalliance.org/download/software-defined-perimeter-glossary
[>img(200px,auto)[iCSA_/firmware-usethis.png]]__Firmware Integrity in the Cloud Data Center__
<<<
//This paper presents the point of view from key stakeholders in datacenter development regarding how to build cloud infrastructure using secure servers and in order to enable customers to trust the cloud provider's infrastructure at the hardware/firmware level. In general, security of a cloud server at the firmware level is comprised of two equally important aspects - integrity and quality of the firmware code.//
<<<
__Lien de téléchargement :__ https://cloudsecurityalliance.org/artifacts/firmware-integrity-in-the-cloud-data-center/
[>img(200px,auto)[iCSA_/SDP-glossary.png]]__Software Defined Perimeter Glossary__
<<<
//The Software Defined Perimeter (SDP) Glossary is a reference document that brings together SDP related terms and definitions from various professional resources. The terms and supporting information in the SDP glossary cover a broad range of areas, including the components of SDP and common supporting technologies.//
<<<
__Lien de téléchargement :__ https://cloudsecurityalliance.org/artifacts/software-defined-perimeter-glossary/
!"//Continuous Monitoring in the Cloud//"
[>img(150px,auto)[iCSA_/lock-3216823_640.jpg]]Article de blog publié le 11 juin 2018 — Rédigé par Michael Pitcher, Vice President, Technical Cyber Services, Coalfire Federal
<<<
__''Contrôle continue dans le Cloud''__
//J'ai récemment pris la parole lors du sommet fédéral de la [[Cloud Security Alliance]] sur le thème "//Continuous Monitoring / Continuous Diagnostics and Mitigation (CDM) Concepts in the Cloud//". Comme le gouvernement américain a commencé à migrer vers le Cloud, il devient de plus en plus important d'assurer que les objectifs de contrôle continu sont bien atteints.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/06/11/continuous-monitoring-in-the-cloud/]] sur le blog de la CSA
!"//Cloud Security Trailing Cloud App Adoption in 2018//"
[>img(200px,auto)[iCSA_/Screen-Shot-2018-05-14-at-4.18.12-PM.png]]^^Bien que publié le 6 juin 2018 sur le blog de la CSA, cet article l'a déjà été le 30 mai 2018 sur le blog de la société Bitglass^^
<<<
__''La sécurité à la traîne de l'adoption des applications dans le Cloud en 2018''__
//Au cours des dernières années, le Cloud Computing a attiré un nombre important d'entreprises avec ses promesses d'augmentation de la productivité, d'amélioration de la collaboration et de réduction des frais généraux informatiques. Au fur et à mesure que de plus en plus d'entreprises migrent vers le Cloud, de plus en plus d'outils Cloud voient le jour.
Dans son quatrième rapport sur l'adoption du Cloud, Bitglass présente son "état du Cloud en 2018". Comme on pouvait s'y attendre, les entreprises adoptent de plus en plus de solutions de Cloud que précédemment. Toutefois, elles n'utilisent pas les principaux outils de sécurité dans Cloud.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/06/06/cloud-security-trailing-cloud-app-adoption-in-2018/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/cloud-security-trailing-cloud-apps]].
Lien vers le rapport en anglais "Cloud Adoption: 2018 War" (inscription obligatoire): https://pages.bitglass.com/FY18BR-CloudAdoption_LP.html
__Avertissement :__ Le rapport a été rédigé par la société Bitglass et non par la [[Cloud Security Alliance]].
!"//Five Cloud Migration Mistakes That Will Sink a Business//"
[>img(200px,auto)[iCSA_/success-259710_640-300x180.jpg]]Article de blog publié le 5 juin 2018 — Rédigé par Jon-Michael C. Brook, Principal, Guide Holdings, LLC
<<<
__''Cinq erreurs de migration dans le Cloud qui feront couler une entreprise''__
//Aujourd'hui, avec la popularité croissante du Cloud Computing, il existe une multitude de ressources pour les entreprises qui envisagent ou qui sont en train de migrer leurs données vers le Cloud. Des listes de contrôle aux meilleures pratiques, Internet regorge de conseils. Mais qu'en est-il de ce que vous ne devriez pas faire ? Le meilleur des plans peut mal tourner, et il en est de même dans le cas d'une migration dans le Cloud... à moins que vous n'évitiez ces 5 erreurs courantes :
* "Le fournisseur de services cloud (Cloud Service Provider) fera tout."
* "La cryptographie est la solution à tout : la protection des données au repos et en transit fonctionne de la même manière dans le Cloud."
* "L'authentification par défaut de mon fournisseur de services cloud est suffisante."
* "Pour migrer dans le Cloud, il suffit de prendre tout ce qui est en place en interne et de le déplacer."
* "Bien évidemment, nous sommes conformes."
//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/06/05/five-cloud-migration-mistakes-that-will-sink-a-business/]] sur le blog de la CSA
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Cybersecurity and Privacy Certification from the Ground Up//"
[>img(200px,auto)[iCSA/I64BC.jpg]]Article de blog publié le 4 juin 2018 — Rédigé par Daniele Catteddu, CTO, Cloud Security Alliance
<<<
__''Cybersécurité et protection de la vie privée : bâtissons une certification''__
//La loi européenne sur la cybersécurité (European Cybersecurity Act), proposée en 2017 par la Commission européenne, est le plus récent des documents de gouvernance adoptés et/ou proposés par les gouvernements du monde entier, chacun avec notamment l'intention de clarifier les certifications en matière de cybersécurité pour divers produits et services.
La raison pour laquelle les certifications cybersécurité et plus récemment, de protection de la vie privée, sont si importantes est assez évidente : elles représentent un véhicule de confiance et servent à fournir une assurance quant au niveau de sécurité qu'une solution pourrait fournir. Ils représentent, du moins en théorie, un mécanisme simple par lequel les organisations et les individus peuvent prendre des décisions rapides et fondées sur les risques sans avoir besoin de comprendre pleinement les spécifications techniques du service ou du produit qu'ils achètent.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/06/04/cybersecurity-and-privacy-certification-from-the-ground-up/]] sur le blog de la CSA
Un sondage asocié est ouvert par la [[Cloud Security Alliance]]jusqu'au 2 juillet 2018
/% Lien : https://www.surveymonkey.com/r/csacertification %/
!//PLA Code of Conduct (CoC): Statement of Adherence Self-Assessment//
[>img(200px,auto)[iCSA_/SDP-glossary.png]]
<<<
//CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU's GDPR. The CSA PLA Code of Conduct for GDPR Compliance is designed to be an appendix to a Cloud Services Agreement to describe the level of privacy protection that a Cloud Service Provider will provide.//
<<<
__Lienss de téléchargement :__
* Détails → https://gdpr.cloudsecurityalliance.org/resource-center/pla-code-of-conduct-coc-statement-of-adherence-self-assessment
* Document (PDF) → https://gdpr.cloudsecurityalliance.org/wp-content/uploads/sites/2/2018/06/PLA-CoC_Statement-of-Adherence__Self-Assessment.pdf
!"//Microsoft Workplace Join Part 2: Defusing the Security Timebomb//"
/%[>img(50px,auto)[iCSA/I68BR.jpg]]%/^^Bien que publié le 13 juin 2018 sur le blog de la CSA, cet article l'a déjà été le 30 avril 2018 sur le blog de la société Bitglass
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/06/13/microsoft-workplace-join-defusing-the-security-timebomb/]] ou [[l'original|https://www.bitglass.com/blog/microsoft-workplace-join-part-2-defusing-security-timebomb]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Microsoft Workplace Join Part 1: The Security Timebomb//"
/%[>img(50px,auto)[iCSA/I68BR.jpg]]%/^^Bien que publié le 8 juin 2018 sur le blog de la CSA, cet article l'a déjà été le 25 avril 2018 sur le blog de la société Bitglass
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/06/08/microsoft-workplace-join-part-1-the-security-timebomb/]] ou [[l'original|https://www.bitglass.com/blog/microsoft-workplace-join-part-1-security-timebomb]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201805>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Mai 2018]]>><<tiddler fAll2LiTabs13end with: Blog","201805>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Mai 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201805>>
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2018.05.30|//Kromtech//|[[Honda leaked personal information from its Honda Connect App|https://kromtech.com/blog/security-center/honda-leaked-personal-information-from-its-honda-connect-app]]|Misc|
|2018.05.30|//Kromtech//|[[Contractor for Universal Music Group exposes internal credentials|https://kromtech.com/blog/security-center/contractor-for-universal-music-group-exposes-internal-credentials]]|Misc|
|2018.05.30|//Threatstack//|[[Securing an Infrastructure in Transition|https://www.threatstack.com/blog/infrastructure-in-transition-securing-containers]]|Containers|
|2018.05.29|Infosec Island|[[How to Prevent Cloud Configuration Errors|http://www.infosecisland.com/blogview/25066-How-to-Prevent-Cloud-Configuration-Errors.html]]|Cloud Misc.|
|2018.05.29|//Sysdig//|[[2018 Docker Usage Report|https://sysdig.com/blog/2018-docker-usage-report/]]|Misc|
|>|>|>|!2018.05.21..27|
|2018.05.27|Infosec Institute|[[Using Cloud Infrastructure to Gain Privacy and Anonymity|https://resources.infosecinstitute.com/using-cloud-infrastructure-to-gain-privacy-and-anonymity/]]|Misc|
|2018.05.26|DZone|![[Kubernetes Security Best Practices|https://dzone.com/articles/kubernetes-security-best-practices]]|K8s Best_Practices|
|2018.05.25|safeControls|[[Do you consider security when buying a SaaS subscription?|https://safecontrols.blog/2018/05/25/do-you-consider-security-when-buying-a-saas-subscription/]]|Misc|
|2018.05.24|Cloud Industry Forum|[[What's all the FaaS about?|https://www.cloudindustryforum.org/content/whats-all-faas-about]]|Misc|
|2018.05.23|Infosec Island|[[The AWS Bucket List for Security|http://www.infosecisland.com/blogview/25068-The-AWS-Bucket-List-for-Security.html]]|Cloud Misc.|
|2018.05.23|ZDnet|[[Google Cloud Platform breaks into leader category in Gartner's Magic Quadrant|https://www.zdnet.com/article/google-cloud-platform-breaks-into-leader-category-in-gartners-magic-quadrant/]]|Gartner IaaS|
|2018.05.23|//Sysdig//|[[Auditing container activity - A real example with wget and curl using Sysdig Secure|https://sysdig.com/blog/auditing-container-activity/]]|Misc|
|2018.05.22|Insider Pro|[[7 risk mitigation strategies for the cloud|https://www.idginsiderpro.com/article/3273707/7-risk-mitigation-strategies-for-the-cloud.html]]|Risks|
|2018.05.21|//Security Intelligence (IBM)//|[[Spotlight Your Data Within Shadow IT|https://securityintelligence.com/spotlight-your-data-within-shadow-it/]]|Misc|
|>|>|>|!2018.05.14..20|
|2018.05.18|//Threatpost//|[[Misconfigured Reverse Proxy Servers Spill Credentials|https://threatpost.com/misconfigured-reverse-proxy-servers-spill-credentials/132085/]]|Misc|
|2018.05.17|Infosec Institute|[[Secure Your Buckets|https://resources.infosecinstitute.com/secure-your-buckets/]]|Misc|
|2018.05.16|Forensic Lab|![[Azure Forensics and Incident Response|https://medium.com/@cloudyforensics/azure-forensics-and-incident-response-c13098a14d8d]]|Forensics|
|2018.05.16|Infosec Island|[[Achieving Effective Application Security in a Cloud Generation|http://www.infosecisland.com/blogview/25067-Achieving-Effective-Application-Security-in-a-Cloud-Generation.html]]|Cloud Misc.|
|2018.05.16|//Security Intelligence (IBM)//|[[Bumper to Bumper: Detecting and Mitigating DoS and DDoS Attacks on the Cloud, Part 2|https://securityintelligence.com/bumper-to-bumper-detecting-and-mitigating-dos-and-ddos-attacks-on-the-cloud-part-2/]]|Misc|
|2018.05.15|NCSC UK|[[Spray you, spray me: defending against password spraying attacks|https://www.ncsc.gov.uk/blog-post/spray-you-spray-me-defending-against-password-spraying-attacks]]|Attacks|
|2018.05.15|//Duo Labs//|![[Beyond S3: Exposed Resources on AWS|https://duo.com/blog/beyond-s3-exposed-resources-on-aws]]|AWS Flaws|
|>|>|>|!2018.05.07..13|
|2018.05.12|Forensic Lab|![[Ransomware Incident Response and Forensics|https://medium.com/@cloudyforensics/ransomware-incident-response-and-forensics-bbe74fb4cd98]]|Forensics|
|2018.05.11|Infosec Institute|[[Rise of the Rogue Cloud: The Fundamental Security Mistake Enterprises Make and How to Correct It|https://resources.infosecinstitute.com/rise-rogue-cloud-fundamental-security-mistake-enterprises-make-correct/]]|Misc|
|2018.05.11|//Google Cloud//|[[Exploring container security: Isolation at different layers of the Kubernetes stack|https://cloud.google.com/blog/products/gcp/exploring-container-security-isolation-at-different-layers-of-the-kubernetes-stack]]|Misc|
|2018.05.10|//Security Intelligence (IBM)//|[[Cut Through the Fog: Improve Cloud Visibility to Identify Shadow IT|https://securityintelligence.com/cut-through-the-fog-improve-cloud-visibility-to-identify-shadow-it/]]|Misc|
|2018.05.10|//Optiv//|[[Observations on Smoke Tests - Part 3|https://www.optiv.com/blog/observations-on-smoke-tests-part-3]]|Testing|
|2018.05.10|//Caylent//|[[50+ Useful Kubernetes Tools|https://caylent.com/50-useful-kubernetes-tools]]|K8s Tools|
|2018.05.09|//Alcide//|[[Has Olympus Fallen? Cloud Operations & Data Center Vulnerabilities in the Age of Kubernetes|https://blog.alcide.io/has-olympus-fallen-dealing-with-data-center-vulnerabilities-in-the-age-of-kubernetes]]|K8s|
|2018.05.08|Infosec Island|[[Understanding the Role of Multi-Stage Detection in a Layered Defense|http://www.infosecisland.com/blogview/25065-Understanding-the-Role-of-Multi-Stage-Detection-in-a-Layered-Defense.html]]|Cloud Misc.|
|2018.05.08|//Amazon AWS//|[[Xen Security Advisories 260-262 (XSA-260, XSA-261, XSA-262)|https://aws.amazon.com/security/security-bulletins/AWS-2018-014/]]|AWS Xen CVE-2018-8897|
|2018.05.08|//Xen//|Xen Security Advisories [[XSA-260|http://xenbits.xen.org/xsa/advisory-260.html]], [[XSA-261|http://xenbits.xen.org/xsa/advisory-261.html]], [[XSA-262|http://xenbits.xen.org/xsa/advisory-260.html]]|AWS Xen CVE-2018-8897|
|2018.05.09|//Avanan//|![[baseStriker: Office 365 Security Fails To Secure 100 Million Email Users|https://www.avanan.com/blog/basestriker-vulnerability-office-365]]|O365 Vulnerability baseStricker|
|>|>|>|!2018.04.30..2018.05.06|
|2018.05.04|TechBeacon|[[Container security: What you need to know about the NIST standards|https://techbeacon.com/enterprise-it/container-security-what-you-need-know-about-nist-standards]]|NIST Containers|
|2018.05.04|//Digital Shadows//|![[Too Much Information Misconfigured FTP, SMB, Rsync, and S3 Buckets Exposing 1.5 Billion Files|https://resources.digitalshadows.com/data-loss-detection/too-much-information-misconfigured-ftp-smb-rsync-and-s3-buckets-exposing-1-5-billion-files]]|DataLeak S3|
|2018.05.03|SecurityWeek|[[Amazon Introduces AWS Security Specialty Certification Exam|https://www.securityweek.com/amazon-introduces-aws-security-specialty-certification-exam]]|AWS Certification|
||//AWS//| → [[AWS Certified Security - Specialty|https://aws.amazon.com/certification/certified-security-specialty/]]|AWS Certification|
|2018.05.03|//Fortinet//|[[Yet Another Crypto Mining Botnet?|https://www.fortinet.com/blog/threat-research/yet-another-crypto-mining-botnet.html]]|Backdoor Docker Cryptomining|
|2018.05.03|//Google Cloud//|[[Exploring container security: Using Cloud Security Command Center (and five partner tools) to detect and manage an attack|https://cloud.google.com/blog/products/gcp/exploring-container-security-using-cloud-security-comma]]|Containers|
|2018.05.02|//Alcide//|[[Top Containerization Tools for AWS Deployment|https://blog.alcide.io/top-containerization-tools-for-aws-deployment]]|AWS Containers|
|2018.05.02|//Coalfire//|[[Cloud Security Governance - Optimizing the Business Benefits of Security in the Cloud|https://www.coalfire.com/The-Coalfire-Blog/May-2018/Cloud-Security-Governance]]|Governance|
|2018.05.01|//Lacework//|[[Containers in the Cloud: From Top Hazards to First-Class Cloud Security Citizen|https://www.lacework.com/containers-in-the-cloud-from-top-hazards-to-first-class-cloud-security-citizen/]]|Containers|
|2018.05.01|//Backblaze//|[[Hard Drive Stats for Q1 2018|https://www.backblaze.com/blog/hard-drive-stats-for-q1-2018/]]|Reliability|
!"//Prepare to Take (and Ace) the [[CCSK]] Exam at Infosecurity Europe//"
[>img(300px,auto)[iCSA/H8UBCCSK.png]]Article de blog publié le 31 mai 2018 — Rédigé par Ryan Bergsma, Training Program Director, Cloud Security Alliance
<<<
__''Préparez-vous à passer (et réussir) la certification examen [[CCSK]] à Infosecurity Europe''__
//Petite devinette.
J'ai été qualifié de "mère de toutes les certifications de sécurité en informatique dans le Cloud" par __CIO Magazine__. __Search Cloud Security__ a déclaré que j'étais une "bonne alternative de certification de sécurité dans le Cloud pour un professionnel de la sécurité de novice à intermédiaire, et qui s'intéresse à la sécurité dans le loud". Enfin __Certification Magazine__ m'a classé au premier rang de l'enquête sur les salaires en 2016.
Qui suis-je ?//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/05/31/prepare-to-take-ace-the-ccsk-certification-exam/]] sur le blog de la CSA
!"//Cloud Migration Strategies and Their Impact on Security and Governance//"
[>img(150px,auto)[iCSA_/102643738.png]]^^Bien que publié le 29 juin 2018 sur le blog de la CSA, cet article l'a déjà été le 27 mars 2018 sur le site CloudTweaks.com
Il a été rédigé par Peter HJ van Eijk, Head Coach and Cloud Architect, ClubCloudComputing.com
<<<
__''Les stratégies de migration dans le Cloud et leur impact sur la sécurité et la gouvernance''__
//Même si les migrations dans le Cloud public se font dans des contextes différents, je vois trois approches principales. Chacune d'entre elles a des implications techniques et de gouvernance très différentes.
Trois approches de la migration des nuages//
# //Approche "lift and shift", principalement IaaS//
# //Adoption de solutions SaaS//
# //Architecture Cloud native, de type PaaS//
[...]
<<<
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/06/29/cloud-migration-strategies-impact-on-security-governance/]] ou [[l'original|https://cloudtweaks.com/2018/03/cloud-migration-strategies-and-their-impact-on-security-and-governance/]].^^
!"CCSK Certification vs AWS Certification - A Definitive Guide"
[>img(300px,auto)[iCSA/H8UBCCSK.png]]Article de blog publié le 28 mai 2018 — Rédigé par Graham Thompson, CCSK, CCSP, CISSP, Authorized Trainer, Intrinsec Security
<<<
__''Certifications [[CCSK]] ou AWS, éléments de comparaison''__
//On m'a récemment demandé de comparer les certifications [[CCSK]] et AWS, et mon avis sur celle qui devrait être tentée par quelqu'un qui cherche à se lancer dans la sécurité du Cloud. Cet article tente de répondre à la question "quelle certification Cloud est la plus adaptée à votre cas". Je vous donnerai un aperçu des deux certifications, des formations existates, des examens, puis je conclurai par quelques réflexions sur la certification qui pourrait vous convenir.//
[...]
<<<
⇒ Lire [[la suite|https://blog.cloudsecurityalliance.org/2018/05/28/ccsk-certification-vs-aws-certification-a-definitive-guide/]] sur le blog de la CSA
!"//What If the Cryptography Underlying the Internet Fell Apart?//"
[>img(150px,auto)[iCSA_/PQC-cover2-233x300.png]]Article de blog publié le 23 mai 2018 — Rédigé par Roberta Faux, Director of Research, Envieta
<<<
__''Quel serait l'impact si la cryptographie sur laquelle Internet est basé, venait à s'effondrer ?''__
//Sans le chiffrement utilisé pour sécuriser les mots de passe pour se connecter à des services comme Paypal, Gmail ou Facebook, un utilisateur est vulnérable aux attaques. La sécurité en ligne devient un élément fondamental de la vie au XXIe siècle. Une fois l'informatique quantique établie, toutes les clés secrètes que nous utilisons pour sécuriser notre vie en ligne sont en danger.
Le Groupe de travail sur la sécurité quantique de la CSA (//Quantum-Safe Security Working Group//) a rédigé une nouvelle publication sur l'avenir de la cryptographie. Ce document, "//The State of Post-Quantum Cryptography//", a pour but d'aider les dirigeants d'entreprises non techniques à comprendre l'impact des ordinateurs quantiques sur l'infrastructure de sécurité d'aujourd'hui.
Parmi les sujets abordés, mentionnons :
* Qu'est-ce que la cryptographie post-quantum ?
* Briser la cryptographie à clé publique
* Echange de clés et signatures numériques
* Quantum Safe Alternative
* Planification de la transition vers un avenir avec cryptographie quantique.
//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/05/23/what-if-the-cryptography-underlying-the-internet-fell-apart/]] sur le blog de la CSA
!"The State of Post-Quantum Cryptography"
[>img(150px,auto)[iCSA/I5NBT.png]]
> //Most people pay little attention to the lock icon on their browser's address bar that signifies a secure connection called HTTPS. This connection establishes secure communications by providing authentication of the website and web server as well as encryption of communications between the client and server. If the connection is not secure, then a user may be vulnerable to malicious exploits such as malware injection, hijacking of financial transactions or stealing the user's private information.//
__Liens :__
* Annonce et téléchargement (après inscription)
:→ https://cloudsecurityalliance.org/download/the-state-of-post-quantum-cryptography/
[>img(200px,auto)[iCSA_/UBCTTSTIOT.png]]__''Using Blockchain Technology to Secure the Internet of Things''__
<<<
//In the last four years, technical experts, chief digital officers, marketing managers, journalists, bloggers and research institutions have discussed and promoted a new distributed model for secure transaction processing and storage using blockchain technology. IDC FutureScape predicted that by 2020, 20% of global trade finance will incorporate blockchain.//
<<<
__Lien : __
* ⇒ téléchargement : ''[[CloudSecurityAlliance.fr/go/i2di/|https://CloudSecurityAlliance.fr/go/i2di/]]''
!"//Bitglass Security Spotlight: Twitter, PyRoMine, & Stresspaint//"
[>img(150px,auto)[iCSA_/I5HBB.jpg]]^^Bien que publié le 31 mai 2018 sur le blog de la CSA, cet article l'a déjà été sur le blog de la société Bitglass^^
<<<
__''Synthèse sécurité de Bitglass : Twitter, PyRoMine et Stresspaint''__
//Voici les arthicles sur la cybersécurité de ces dernières semaines ://
* Twitter expose des informations d'identification de ses utilisateurs en clair.
* le maliciel PyRoMine fait du cryto-minage de Monero et désactive des fonctions de sécurité chez ses victimes
* le maliciel Stresspaint fait la chasse aux identifiants Facebook.
* le maliciel MassMiner fait lui aussi du cryto-minage
* l'organisation "Access Group Education Lending" a été compromise
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/05/31/bitglass-security-spotlight-twitter-pyromine-stresspaint/]] sur le blog de la CSA
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//How ChromeOS Dramatically Simplifies Enterprise Security//"
[>img(100px,auto)[iCSA_/chrome.png]]^^Bien que publié le 28 mai 2018 sur le blog de la CSA, cet article l'a déjà été le 3 mai 2018 sur le blog de la société Bitglass
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/05/25/how-chromeos-dramatically-simplifies-enterprise-security/]] ou [[l'original|https://www.bitglass.com/blog/chrome-os-security-with-casb]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Surprise Apps in Your CASB PoC//"
[>img(100px,auto)[iCSA_/casb-surprise-apps.png]]^^Bien que publié le 21 mai 2018 sur le blog de la CSA, cet article l'a déjà été le 4 avril 2018 sur le blog de la société Bitglass^^
<<<
__''Des applications surprises pour votre PoC CASB !''__
//Alors qu'il n'existe que depuis cinq ans, le marché du Cloud Access Security Broker (CASB) connaît son deuxième changement majeur dans l'utilisation. Les premiers CASBs qui ont été lancés sur le marché en 2013-2014 ont principalement fourni une visibilité à l'informatique en "Shadow IT". L'intérêt pour cette capacité à améliorer la visibilité a rapidement diminué en faveur de la protection des données (et plus tard de la protection contre les menaces) pour les applications SaaS autorisées et reconnues comme Office 365 et Box - ce fut le premier changement majeur sur le marché du CASB.
Le deuxième grand changement, celui que nous subissons actuellement, ne remplace pas ce cas d'utilisation, mais s'y ajoute. Au fur et à mesure que les équipes informatiques et de sécurité se sont familiarisées avec les applications ans le Cloud comme Office 365, l'entreprise a répondu par une demande accrue d'applications. Parfois cela signifie se traduit par d'autres applications SaaS, et parfois par plus d'applications personnalisées ou des progiciels qui migrent vers le cloud. Quoi qu'il en soit, ce qui a commencé comme un ensemble relativement restreint et bien défini d'applications a explosé en une demande beaucoup plus importante au cours de la dernière année et ne montre aucun signe de ralentissement - c'est le deuxième grand changement et nous le constatons dans toutes les industries et dans toutes les organisations de toutes tailles.//
[...]
<<<
⇒ Lire la suite [[sur le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/05/25/how-chromeos-dramatically-simplifies-enterprise-security/]] ou [[l'original|https://www.bitglass.com/blog/surprise-app-casb-poc]].
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//baseStriker: Office 365 Security Fails To Secure 100 Million Email Users//"
[>img(350px,auto)[iCSA_/baseStriker-wbase.png]]^^Bien que publié le 19 mai 2018 sur le blog de la CSA, cet article l'a déjà été le 8 mai 2018 sur le blog de la société Avanan^^
Rédigé par Yoav Nathaniel, Customer Success Manager, Avanan
<<<
__''BaseStriker : Office 365 Security ne parvient pas à sécuriser 100 millions d'utilisateurs d'emails''__
//Nous avons récemment découvert ce qui pourrait être la plus grande faille de sécurité d'Office 365 depuis la création du service. Contrairement aux attaques similaires qui peuvent être analysées puis bloquées, l'exploitation de cette vulnérabilité permet aux hackers de contourner complètement les mécanismes de sécurité de Microsoft, y compris ses services avancés comme ATP (//Advanced Threat Protection//) Safe Links, etc.
Le nom "baseStriker" fait référence à la méthode utilisée par les pirates pour tirer parti de cette vulnérabilité : décomposer et déguiser un lien malveillant en utilisant une balise HTML appelée balise <base> URL.
Jusqu'à présent, nous n'avons vu que des exploitations de cette vulnérabilité dans le cadre d'attaques de phishing, mais elle peut également permettre de distribuer des rançongiciels, des malwares et d'autres contenus malveillants.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/05/10/basestriker-office-365-security-fails-to-secure-100-million-email-users/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.avanan.com/resources/basestriker-vulnerability-office-365]]
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Majority of Australian Data Breaches Caused by Human Error//"
[>img(200px,auto)[iCSA_/map-1-300x151.png]]^^Bien que publié le 18 mai 2018 sur le blog de la CSA, cet article l'a déjà été le 16 avril 2018 sur le blog de la société Bitglass^^
<<<
__''La majorité des atteintes à la protection des données en Australie causées par une erreur humaine''__
//Il n'y a pas si longtemps, la première violation du projet de loi sur la protection de la vie privée ([[Privacy Amendment Bill|http://parlinfo.aph.gov.au/parlInfo/download/legislation/ems/r5747_ems_ed12b5bb-d3b3-4a6a-9536-53bb459a00df/upload_pdf/6000003.pdf]]) du Commissariat à l'information de l'Australie (//Office of the Australian Information Commissioner// : "OAIC") a été rendue publique. L'OAIC est de retour et vient de publier avec son premier rapport trimestriel sur les atteintes à la protection des données à déclaration obligatoire ([[Quarterly Statistics Report of Notifiable Data Breaches|https://www.oaic.gov.au/resources/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics/Notifiable_Data_Breaches_Quarterly_Statistics_Report_January_2018__March_.pdf]]). Bien que le rapport n'offre pas beaucoup de détails, il met en évidence quelques tendances intéressantes.
La statistique la plus notable est que parmi les 63 atteintes signalées au cours du premier trimestre, la majorité d'entre elles (51 %) était le résultat d'une "erreur humaine". Selon l'OAIC, la catégorie "erreur humaine" peut intégrer la "divulgation par inadvertance, par exemple par l'envoi d'un document contenant des renseignements personnels au mauvais destinataire". Il semble que trop peu d'organisations australiennes contrôlent des choses comme le partage avec des tiers, même si le partage (et beaucoup d'autres activités potentiellement à risques) peut être contrôlé assez facilement avec un Cloud Access Security Broker (CASB).//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/05/18/majority-of-australian-data-breaches-caused-by-human-error/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/australian-oaic-human-error-breaches]].
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Bitglass Security Spotlight : LinkedIn, Vector et AWS//"
[>img(150px,auto)[iCSA/I5HBB.jpg]]^^Bien que publié le 17 mai 2018 sur le blog de la CSA, cet article l'a déjà été le 9 mai 2018 sur le blog de la société Bitglass^^
<<<
__''Synthèse sécurité de Bitglass : LinkedIn, Vector et AWS''__
//Voici les arthicles sur la cybersécurité de ces dernières semaines ://
* Une faille de sécurité sur LinkedIn (fonction //AutoFill//) expose les données des utilisateurs
** https://www.securityweek.com/linkedin-vulnerability-allowed-user-data-harvesting
* Une application de Vector (société énergétique néo-zélandaise) révèle les informations de clients
** https://www.msn.com/en-nz/money/company-news/personal-information-leaked-by-vector-app/ar-AAwlF7X
* Une mauvaise configuration de LocalBlox rend accessible des informations sur les utilisateurs de LocalBlox
** https://www.bleepingcomputer.com/news/security/data-firm-left-profiles-of-48-million-users-on-a-publicly-accessible-aws-server/
* PowerHammer, un logiciel malveillant de démonstration qui exfiltre les données au travers des cables électriques
** https://www.securityweek.com/hackers-can-stealthily-exfiltrate-data-power-lines
* Les applications bancaires considérées comme étant les moins sécurisées
** https://www.zdnet.com/article/bank-sites-and-web-apps-are-most-vulnerable-to-hackers/
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/05/17/bitglass-security-spotlight-linkedin-vector-and-aws/]] sur le blog de la CSA
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Orbitz: Why You Can't Secure Data in the Dark//"
[>img(100px,auto)[iCSA_/cloudplug.jpg]]^^Bien que publié le 11 mai 2018 sur le blog de la CSA, cet article l'a déjà été le 22 mars 2018 sur le blog de la société Bitglass^^
<<<
__''Orbitz : Pourquoi l'on ne peut pas sécuriser les données sans visibilité''__
//Le 1er mars 2018, Orbitz a découvert qu'un acteur malveillant avait peut-être pu voler des informations sur l'une de ses plates-formes. La plate-forme compromise hébergeait des informations sur les clients d'Orbitz (la filiale d'Expedia spécialisée dans la réservation de voyages en ligne) telles que les adresses postales, les numéros de téléphone, les adresses électroniques, les noms complets, ainsi que des détails d'environ 900.000 cartes de paiement.
Cette incident met en évidence la lutte quotidienne à laquelle de nombreuses entreprises sont confrontées.
En termes simples, les entreprises ne peuvent pas se permettre de sécuriser leurs données sans visibilité. En l'absence d'une visibilité complète, il est presque impossible de protéger les informations sensibles : vous ne pouvez pas vous défendre contre des menaces que vous ne pouvez pas voir. Lorsque les entreprises ne parviennent pas à mettre en oeuvre une journalisation automatique et complète de tous les événements impliquant les données de l'entreprise, difficile de dire que les incidents sont une fatalité.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/05/11/orbitz-why-you-cant-secure-data-in-the-dark/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/orbitz-why-you-cant-secure-data-in-the-dark]].
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//One Simple Way to Avoid 57 Percent of Breaches//"
[>img(200px,auto)[iCSA_/patches.jpg]]^^Bien que publié le 8 mai 2018 sur le blog de la CSA, cet article l'a déjà été le 9 avril 2018 sur le blog de la société Bitglass^^
<<<
__''Une façon simple d'éviter 57% des atteintes à la vie privée''__
//J'ai récemment eu vent d'une enquête auprès de 3.000 professionnels de la cybersécurité commandée par la société "ServiceNow" et l'institut "Ponemon". Devinez quelle est l'une des premières statistiques qui m'a sauté aux yeux ?
"//57 % des victimes d'atteinte à la protection des données ont déclaré qu'elles ont été atteintes en raison d'une vulnérabilité non corrigée connue.//"
Du grand n'importe quoi !
Et ce nombre massif de brèches dues à l'absence de correctifs de vulnérabilité survient malgré le fait que les entreprises interrogées passent 321 heures par semaine, soit environ 8 ETPs, dans le processus de réponse aux vulnérabilités.
Donc, en moyenne, huit personnes en quête d'un processus manuel, et qui sont toujours en retard, ce qui fait que la majorité des fuites de données sont le résultat de vulnérabilités ''CONNUES'' pour lesquelles ''IL Y A UN CORRECTIF'' ?//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/05/08/one-simple-way-to-avoid-57-percent-of-breaches/]] sur le blog de la CSA
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(150px,auto)[iCSA/I51BH.jpg]]^^Bien que publié le 1er mai 2018 sur le blog de la CSA, cet article l'a déjà été le 19 mars 2018 sur le blog de la société Bitglass^^
<<<
__''Les arguments en faveur des CASBs : le secteur de la santé''__
//Au cours des deux dernières années, les Cloud Access Security Brokers (CASBs) sont passés d'une technologie naissante et à peine connue, à la norme //de facto// pour la sécurisation du cloud public dans toutes les secteurs verticaux. Au début, il est difficile de dessiner des modèles entre les industries, mais une fois que vous avez quelques centaines de déploiements d'entreprise sous votre ceinture, il devient très intéressant d'observer comment les organisations d'une industrie utilisent la même technologie (CASBs) d'une manière complètement différente des organisations d'une autre industrie.
Je suis en train de créer une série d'articles pour traiter certaines des principales différences dans l'utilisation des CASBs. Pour commencer, le secteur de la santé.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/05/01/the-case-for-casb-healthcare/]] sur le blog de la CSA
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201804>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Avril 2018]]>><<tiddler fAll2LiTabs13end with: Blog","201804>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Avril 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201804>>
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2018.04.30|//UpGuard//|[[Why Do Cloud Leaks Happen?|https://www.upguard.com/blog/why-do-cloud-leaks-happen]]|Data_Leaks|
|2018.04.30|//UpGuard//|[[How Can Cloud Leaks Be Prevented?|https://www.upguard.com/blog/how-can-cloud-leaks-be-prevented]]|Data_Leaks|
|>|>|>|!2018.04.23..29|
|2018.04.27|//Security Intelligence (IBM)//|[[Bumper to Bumper: Detecting and Mitigating DoS and DDoS Attacks on the Cloud, Part 1|https://securityintelligence.com/bumper-to-bumper-detecting-and-mitigating-dos-and-ddos-attacks-on-the-cloud-part-1/]]|Misc|
|2018.04.26|//Google Cloud//|[[Exploring container security: Running a tight ship with Kubernetes Engine 1.10|https://cloud.google.com/blog/products/gcp/exploring-container-security-running-a-tight-ship-with-kubernetes-engine-1-10]]|Misc|
|2018.04.26|//CyberArk//|[[Sneak Your Way to Cloud Persistence - Shadow Admins Are Here to Stay (vidéo)|https://www.youtube.com/watch?v=mK62I1BNmXs]] - Conférence RSA|Threats|
|2018.04.25|//Optiv//|[[Five Application Security Best Practices for Serverless Applications|https://www.optiv.com/blog/five-application-security-best-practices-for-serverless-applications]]|Serverless Best_Practices|
|2018.04.24|//Sysdig//|[[Securing Kubernetes components: kubelet, Kubernetes etcd and Docker registry - Kubernetes security guide (3/4)|https://sysdig.com/blog/kubernetes-security-kubelet-etcd/]]|Misc|
|2018.04.23|//Cloudflare//|[[What CloudFlare Logs|https://blog.cloudflare.com/what-cloudflare-logs/]]|Misc|
|2018.04.23|//CyberArk//|[[The Cloud Shadow Admin Threat: 10 Permissions to Protect|https://www.cyberark.com/resources/threat-research-blog/the-cloud-shadow-admin-threat-10-permissions-to-protect]]|Threats|
|>|>|>|!2018.04.16..22|
|2018.04.19|Cloud Native Computing Foundation|[[Container Attached Storage: A Primer|https://www.cncf.io/blog/2018/04/19/container-attached-storage-a-primer/]]|Container Storage|
|2018.04.18|Infosec Island|[[Cloud Security Alert - Log Files Are Not the Answer|http://www.infosecisland.com/blogview/25057-Cloud-Security-Alert--Log-Files-Are-Not-the-Answer.html]]|Cloud Misc.|
|2018.04.18|//Threatpost//|[[Cloud Credentials: New Attack Surface for Old Problem|https://threatpost.com/cloud-credentials-new-attack-surface-for-old-problem/131304/]]|Misc|
|2018.04.18|//Accenture//|[[Gaining ground on the cyber attacker|https://www.accenture.com/us-en/insights/security/2018-state-of-cyber-resilience-index]] ([[rapport|https://www.accenture.com/t20180416T134038Z__w__/us-en/_acnmedia/PDF-76/Accenture-2018-state-of-cyber-resilience.pdf]], [[Infographie|https://www.accenture.com/t20180719T034642Z__w__/us-en/_acnmedia/PDF-82/Accenture-Security-2018-State-of-Cyber-Resilience-Infographic.pdf]])|Misc.|
|2018.04.18|//FireEye//|[[An Anatomy of a Public Cloud Compromise|https://www.fireeye.com/blog/executive-perspective/2018/04/anatomy-of-a-public-cloud-compromise.html]] (rapport [[PDF|https://www.fireeye.com/content/dam/collateral/en/wp-public-cloud-security.pdf]])|Misc.|
|2018.04.18|//Security Intelligence (IBM)//|[[When Nobody Controls Your Object Stores - Except You|https://securityintelligence.com/when-nobody-controls-your-object-stores-except-you/]]|Misc|
|2018.04.18|//Google Cloud//|[[Exploring container security: Protecting and defending your Kubernetes Engine network|https://cloud.google.com/blog/products/gcp/exploring-container-security-protecting-and-defending-your-kubernetes-engine-network]]|Misc|
|2018.04.17|GigaMon|[[How to Achieve a Consistent Security Posture Even with a Multi-Cloud Strategy|https://blog.gigamon.com/2018/04/17/achieve-consistent-security-posture-even-multi-cloud-strategy/]]|Misc|
|2018.04.16|//Security Intelligence (IBM)//|[[Nearly 4 in 10 IT Professionals Struggle to Detect and Respond to Cloud Security Incidents|https://securityintelligence.com/news/nearly-4-in-10-it-professionals-struggle-to-detect-and-respond-to-cloud-security-incidents/]]|Misc|
|2018.04.16|DZone|[[The Fundamental Security Concepts in AWS - Part 1 |https://dzone.com/articles/the-fundamental-security-concept-in-aws-part-1]]|AWS|
|>|>|>|!2018.04.09..15|
|2018.04.14|//Oracle Cloud//|![[Oracle and KPMG Cloud Threat Report, 2018 (pdf)|http://www.oracle.com/us/dm/oraclekpmgcloudthreatreport2018-4437566.pdf]]|Report|
|2018.04.13|//Optiv//|[[Observations on Smoke Tests - Part 2|https://www.optiv.com/blog/observations-on-smoke-tests-part-2]]|Testing|
|2018.04.13|Dechert|[[Forecasting the Impact of the New US CLOUD Act|https://www.dechert.com/knowledge/publication/2018/4/forecasting-the-impact-of-the-new-u-s--cloud-act.html]] ([[pdf|https://www.dechert.com/content/dam/dechert%20files/knowledge/publication/2018/4/White%20paper%20-%20Cybersecurity%20-%20Cloud%20Act%20-%2004-18.pdf]])|Legal CLOUD_Act|
|2018.04.12|Infosec Island|[[Avoiding Holes in Your AWS Buckets|http://www.infosecisland.com/blogview/25056-Avoiding-Holes-in-Your-AWS-Buckets.html]]|Cloud Misc.|
|2018.04.12|//Google Cloud//|[[Exploring container security: Digging into Grafeas container image metadata|https://cloud.google.com/blog/products/gcp/exploring-container-security-digging-into-grafeas-container-image-metadata]]|Misc|
|2018.04.12|//Digital Shadows//|[[Misconfigured FTP, SMB, Rsync, and S3 Buckets Exposing 1.5 Billion Files|https://info.digitalshadows.com/FileSharingDataExposureResearch-HomePage.html]]|Report Data_Leak|
|2018.04.12|//NCC Group//|[[A hacker's guide to Kubernetes security|https://techbeacon.com/enterprise-it/hackers-guide-kubernetes-security]]|K8s PenTesting|
|2018.04.09|//Cylance//|[[How to Properly Secure Data|https://threatvector.cylance.com/en_us/home/how-to-properly-secure-data-stored-in-the-cloud.html]]|Protection|
|>|>|>|!2018.04.02..08|
|2018.04.08|Purple Squad Security|Podcast : [[Episode 26 - DFIR in the Cloud with Jonathon Poling|https://purplesquadsec.com/podcast/episode-26-dfir-in-the-cloud-with-jonathon-poling/]]|Forensics|
|2018.04.07|//CloudSploit//|[[CloudSploit Compliance Scanning Scans AWS Infrastructure for Compliance with Privacy Standards|https://blog.cloudsploit.com/cloudsploit-compliance-scanning-scans-aws-infrastructure-for-compliance-with-privacy-standards-f5847a9d5440]]|Compliance AWS|
|2018.04.05|//Google Cloud//|[[Exploring container security: Node and container operating systems|https://cloud.google.com/blog/products/gcp/exploring-container-security-node-and-container-operating-systems]]|Containers|
|2017.04.05|//Gartner//|[[Gartner Says a Massive Shift to Hybrid Infrastructure Services Is Underway|https://www.gartner.com/en/newsroom/press-releases/2017-04-05-gartner-says-a-massive-shift-to-hybrid-infrastructure-services-is-underway]] ([[rapport "Predicts 2017: Infrastructure Services Become Hybrid Infrastructure Services"|https://www.gartner.com/doc/3518617]])|Hybrid_Cloud|
|2018.04.04|//Sysdig//|[[Kubernetes security context, security policy, and network policy - Kubernetes security guide (2/4)|https://sysdig.com/blog/kubernetes-security-psp-network-policy/]]|K8s|
|2018.04.04|//Sysdig//|[[Kubernetes RBAC and TLS certificates - Kubernetes security guide (1/4)|https://sysdig.com/blog/kubernetes-security-rbac-tls/]]|K8s|
|2018.04.04|//Sysdig//|[[Kubernetes security guide (0/4)|https://sysdig.com/blog/kubernetes-security-guide/]]|K8s|
|2018.04.04|//Coalfire//|[[Sleuthing the Cloud: The Challenges of Forensics in Cloud Environments|https://www.coalfire.com/The-Coalfire-Blog/April-2018/Sleuthing-the-Cloud-The-Challenges-of-Forensics]]|Forensics|
|2018.04.02|Redmond Channel|[[Azure Availability Zones Come to Microsoft's Cloud Datacenters|https://rcpmag.com/articles/2018/04/02/azure-availability-zones-microsoft.aspx]]|Availability|
|2018.04.02|//Securosis//|[[Complete Guide to Enterprise Container Security|https://securosis.com/blog/complete-guide-to-enterprise-container-security-new-paper]] ([[pdf|https://securosis.com/assets/library/reports/Securosis_BuildingContainerSecProgram_2018.pdf]])|Misc.|
|2018.04.02|//Netwrix//|[[Top Cloud Security Risks for Healthcare|https://blog.netwrix.com/2018/04/02/infographics-top-cloud-security-risks-for-healthcare/]]|Risks Healthcare|
|2018.04.02|SANS|[[Securing the Hybrid Cloud: Traditional vs. New Tools and Strategies A SANS Whitepaper|https://www.sans.org/reading-room/whitepapers/analyst/securing-hybrid-cloud-traditional-vs-tools-strategies-whitepaper-38365]]|Analysis Misc.|
!"//CCSK vs CCSP: An Unbiased Comparison//"
[>img(150px,auto)[iCSA_/CCSP-Triangle-1.png]]Article de blog publié le 24 avril 2018 — Rédigé par Graham Thompson, CCSK, CCSP, CISSP, Authorized Trainer, Intrinsec Security
<<<
__''CCSK ou CCSP: une comparaison impartiale''__
//CCSK vs CCSP - On me pose souvent deux questions chaque fois que quelqu'un découvre que je suis instructeur pour les cours [[CCSK]] de la Cloud Security Alliance et ceux du CCSP de l'(ISC)^^2^^ :
# "Quelle est la différence entre les deux certifications ?"
# "L'examen [[CCSK]] est-il difficile ?" .... C'est très difficile, mais on en reparlera plus tard !
Dans cet article, je vais identifier les différences entre deux des certifications de sécurité dans le Cloud les plus respectées de l'industrie, à savoir le [[CCSK]] et le CCSP. Nous espérons qu'après lecture de cet article, vous saurez quelle certification correspondra le mieux à vos objectifs professionnels. Je ne pense pas être subjectif dans la mesure où j'enseigne les deux cours depuis un certain temps. En effet, j'ai donné le premier cours [[CCSK]] public en marge du cours initial de formation de formateurs à San Jose. Pour ce qui est du CCSP, j'ai participé à l'élaboration de ce cours. Je pense donc être objectif dans ma comparaison entre ces deux cours.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/04/24/ccsk-vs-ccsp-an-unbiased-comparison//]] sur le blog de la CSA
!"//GDPR Is Coming: Will the Industry Be Ready?//"
[>img(150px,auto)[iCSA_/GDPR_Prep-232x300.png]]Article de blog publié le 20 avril 2018 — Rédigé par Jervis Hui, Senior Product Marketing Manager, Netskope
<<<
__''Le RGPD arrive : l'industrie sera-t-elle prête ?''__
//Avec l'imminence du 25 mai 2018, date de mise en conformité de GDPR, Netskope a travaillé avec la Cloud Security Alliance (CSA) pour sonder les professionnels de l'IT et de la sécurité en vue de la publication du rapport récemment publié et qui concerne la préparation et les défis de RGPD. D'après l'un des rapports "Netskope Cloud Reports", seulement 25% de tous les services cloud à travers le SaaS et le IaaS sont prêts pour RGPD. Et avec l'omniprésence du cloud et des services Web, les entreprises font face à des défis de taille rien qu'avec le SaaS, l'IaaS et le Web, sans parler de la myriade d'autres questions qu'elles doivent aborder pour le GDPR.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/04/20/gdpr-is-coming-will-the-industry-be-ready//]] sur le blog de la CSA
⇒ Télécharger le rapport sur https://cloudsecurityalliance.org/download/gdpr-preparation-and-awareness-survey-report/ (lien [[direct|https://downloads.cloudsecurityalliance.org/assets/research/gdpr/GDPR_Survey.pdf]])
!"A Day Without Safe Cryptography"
[>img(200px,auto)[iCSA_/SafeCrypto-cover-234x300.png]]
> //Over the past fifty years, the digital age has sparked the creation of a remarkable infrastructure through which a nearly infinite variety of digital transactions and communications are executed, enabling businesses, education, governments, and communities to thrive and prosper. Millions of new devices are connecting to the Internet, creating, processing, and transferring digital information in greater volumes and with greater velocity than ever imagined.//
__Liens :__
* Annonce et téléchargement (après inscription)
:→ https://cloudsecurityalliance.org/artifacts/a-day-without-safe-cryptography/
!"//Imagine a Day Without Safe Cryptography//"
[>img(150px,auto)[iCSA_/SafeCrypto-cover-234x300.png]]Article de blog publié le 19 avril 2018 — Rédigé par Jeffrey Ritter, Visiting Fellow, Kellogg College, University of Oxford
<<<
__''Imaginez une journée sans une cryptographie de confiance''__
//Tout professionnel de la sécurité, à un moment ou à un autre (ou à plusieurs reprises), se heurte à l'opposition de sa Direction face à l'évolution de la technologie. Nous savons tous que toute innovation technologique exige des adaptations dans les services de sécurité, en introduisant de nouveaux coûts liés aux changements d'équipements, aux services de tiers et aux ressources humaines. Nous savons aussi, quels que soient les nouveaux risques liés à la nouvelle technologie, que les cadres supérieurs veulent avoir l'assurance que toute nouvelle dépense produira des résultats efficaces. Aussi souvent, le résultat final est que l'entreprise bloque, reporte les dépenses et décide de mieux évaluer la gravité des risques.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/04/19/imagine-a-day-without-safe-cryptography//]] sur le blog de la CSA
⇒ Télécharger le rapport sur https://cloudsecurityalliance.org/download/a-day-without-safe-cryptography (lien [[direct|https://downloads.cloudsecurityalliance.org/assets/research/quantum-safe-security/A_Day_without_Safe_Cryptography.pdf]])
!"GDPR Preparation and Awareness Survey Report"
[>img(200px,auto)[iCSA_/GDPR_Prep-232x300.png]]Document pulié le 17 avril 2018.
<<<
//Cloud computing, the Internet of Things, Artificial Intelligence, and other new technologies allow businesses to have better customer engagement, more access to data, and powerful analytical tools. Providers are racing to bring these technologies to the enterprise and users are anxious to take advantage of their benefits.//
<<<
__Lien de téléchargement :__
* Lien → https://cloudsecurityalliance.org/artifacts/gdpr-preparation-and-awareness-survey-report/
!Best Practices Cyber Incident Exchange
[>img(200px,auto)[iCSA_/Cloud-CISC-1.png]]__''Introduction''__
<<<
//''No organization is immune from cyber attack.'' Malicious actors collaborate with skill and agility, effectively moving from target to target at a breakneck pace. New attacks are directed at dozens of companies within the first 24 hours and hundreds within a few days.
A few years ago, visibility into the threat environment was essential if cybersecurity was to have any hope of being preventive. Today, visibility into what is coming next is critical to simply staying alive.
Sophisticated organizations, particularly cloud providers, know that the difference between a minor incident and massive breach lies in their ability to quickly detect, contain, and mitigate an attack. As increasing their speed of response has grown into a top priority, cloud providers are increasingly participating in programs that allow them to exchange information on cyber events with others in the industry. Sometimes known as threat intelligence exchange or cyber incident exchange, these programs enable cloud providers to share cyber event information with others who may be experiencing the same issue or at risk for the same type of attack.
There is no denying that cyber security information sharing has in the past been of somewhat limited value for security teams. While this was due in part to past legal and cultural obstacles to the free exchange of cyber threat data, the primary challenge was the manual and reactive design of legacy information sharing programs. These programs were more focused on sharing information about cyber security incidents after the threat was vetted, scrubbed and mitigated more as a public service to others than a tool to support rapid incident response. While this data served a purpose and had a place, as the speed and number of attacks increased, its value was diminished and information sharing was not widely adopted outside of a few critical infrastructure sectors.
Fast forward to today's security environment and the exchange of information about cyber incidents is practically unrecognizable from the information sharing programs of the past. As Security Operations Centers (SOCs) and Computer Security Incident Response Teams (CSIRTs) have matured, new tools and technologies in threat intelligence, data analytics and security incident management have created new opportunities for faster and actionable threat intelligence exchange. Incident data -- more accurately described as suspicious event data -- can now be rapidly shared and analyzed across teams, tools and even companies as part of the immediate response process. In fact, it can be said that if an organization waits to share information until they have an "incident", they've waited too long. Now the focus is on sharing suspicious event data as soon as it is identified, which materially speeds remediation and provides an early and actionable warning to those not yet affected.
The positive impact of this new model for threat intelligence exchange was demonstrated during the Wannacry Crisis in May 2017. Though the first reports of infection originated in Spain on May 12, the UK and Scotland were hit far harder by the malware. This was due in large part to the Spanish Government's incident response scheme for critical infrastructures, such as warnings from the National Cryptology Centre, which quickly identified the malware and its vectors, provided mitigation tools, and encouraged organizations to share this information. Spanish companies were able to quickly protect themselves against Wannacry even as the malware continued to spread in other countries. Threat intelligence spread by the United Kingdom's National Cyber Security Centre (NCSC) to understand and share the best mitigation guidance provided the eventual killswitch to the Wannacry virus.
Cloud providers haa unique role to play in threat intelligence exchange because they not only own and manage a massive amount of the world's IT infrastructure, but they also operate some of the most advanced CSIRTs/SOCs seen in the technology world. Due to this investment, they are arguably in the best position to operationalize shared intelligence to defend their systems. Further, because they can do this at scale and involve a significant part of the industry in the effort, they have a tangible opportunity to help level the playing field with malicious actors. CSA also has initiatives underway to help its members do both.
This paper, the first in a series, provides a framework to help corporations seeking to participate in threat intelligence exchange programs that enhance their event data and incident response capabilities. It is primarily written for corporations beginning to explore, or who have already begun, the exchange of cyber security event data. It is designed to be helpful to security teams with both emerging and mature internal threat intelligence capabilities. In fact, any organization with at least one person dedicated to threat intelligence should consider participation in an exchange to enhance its own data. To this end, this paper will provide high- level practical guidance to support companies in three key areas:
* Connecting with sharing partners and exchange platforms that best meet their needs
* Identifying the capabilities and business requirements that will form the foundation for a value-driven threat intelligence exchange program
* Understanding the basics of the exchange process so they can efficiently share event data they are seeing and more efficiently operationalize any intelligence they collect
The guidance in this paper was developed by members of the Cloud Security Alliance (CSA) working group on cyber incident sharing. The work has been instrumental to the design, development, and operation of the Cloud-CISC (Cloud Cyber Incident Sharing Center), a threat intelligence exchange platform for CSA members. The recommendations are based largely on the lessons learned through the development and operation of Cloud-CISC, as well as individual experiences in managing threat intelligence programs for large companies. Some common challenges identified through this work include:
1. Organizations that struggle to understand their internal event data have difficulty determining what event data to share.
2. Even when threat intelligence is provided by others, its value is often limited because it is delivered in an email format that cannot be easily integrated into the response process.
3. Organizations want the means to scale laterally to other sectors and vertically within their supply chains.
4. Perhaps most surprising, the motive for sharing is not necessarily helping others, but rather to provide better support for internal response capabilities.
The intent for this paper is to directly address these challenges and help establish a basic framework of key considerations for those getting started with threat intelligence exchange.
We hope to work with others in the industry to further develop this guidance and define the associated best practices to make threat intelligence exchange a valuable resource and community for all organizations facing increasing threats from cyber attacks.//
[...]
<<<
__''Etapes suivantes :''__
<<<
//''A Call to Action''
CSA believes any company that uses threat intelligence will tangibly benefit from the external exchange of threat intelligence data. No longer are companies being asked to risk their reputations, assets or customers by participating in one-way directional sharing of cyber security information with little return for them. It is time to embrace a new approach.
Because the cloud industry is already taking advantage of many advanced technologies that support threat intelligence exchange and has such a unique and large footprint across the IT infrastructure, there is a real opportunity to make threat intelligence sharing pervasive. Our commitment to the industry is to continue to provide a value-driven threat intelligence exchange for our members and support them in their efforts to participate by developing and publishing relevant guidance and best practices. While the cloud community is our first priority, we believe our efforts will serve as a model for those across the IT landscape seeking to derive value from threat intelligence exchange.
This paper is only the first in a series of planned efforts to provide that guidance and enable new users of threat intelligence exchange to benefit from the lessons learned from with those who already walked the path. We ask those across the community to provide feedback on our work to date and contribute to our ongoing effort by sharing best practices and lessons learned.
Finally, we call on all corporate CSA members to join Cloud-CISC. Our industry cannot afford to let another year pass working in silos while malicious actors collaborate against us. It is time to level the playing field, and perhaps even gain an advantage.//
<<<
__Lien :__
* Téléchargement ⇒ https://cloudsecurityalliance.org/artifacts/best-practices-for-cyber-incident-exchange/
!"//Building a Foundation for Successful Cyber Threat Intelligence Exchange: A New Guide from CSA//"
[>img(150px,auto)[iCSA_/Cloud-CISC-1.png]]Article de blog publié le 16 avril 2018 — Rédigé par Brian Kelly, Co-chair/Cloud Cyber Incident Sharing Center (CISC) Working Group, et CSO/Rackspace
<<<
__''Building a Foundation for Successful Cyber Threat Intelligence Exchange: A New Guide from CSA''__
//No organization is immune from cyber attack. Malicious actors collaborate with skill and agility, moving from target to target at a breakneck pace. With new attacks spreading from dozens of companies to a few hundred within a matter of days, visibility into...//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/04/16/building-a-foundation-for-successful-cyber-threat-intelligence-exchange-a-new-guide-from-csa/]] sur le blog de la CSA
[>img(200px,auto)[iCSA_/State_of_Cloud-2018.png]]__''State of Cloud Security Report 2018''__
__''Introduction''__
<<<
//Innovators and early adopters have been using cloud for years taking advantage of the quicker deployment, greater scalability, and cost saving of services. The growth of cloud computing continues to accelerate offering more solutions with added features and benefits, including security. In the age of information digitalization and innovation, enterprise users must keep pace with consumer demand and new technology solutions ensuring they can meet both baseline capabilities and security requirements.
This paper provides insights into some of the latest cloud practices and technologies enterprise information security practitioners must be aware of as IT and sensitive data extends beyond the traditional corporate perimeter. Providers, regulators, and the enterprise must cooperate to establish baseline security requirements across these services. Understanding the use of cloud and related technologies along with the roles and responsibilities of data security and ownership up front will improve the procurement and long term management of these services.
//[...]
__''Conclusion''__//
Technology is moving faster than the business' set of skills to adopt them. As organizations react to this demand to stay competitive, secure adoption of these technologies becomes an even greater challenge. With cloud and new IT technologies, the supply chain ecosystem needs to collaborate so that large enterprises and regulators can understand how to securely adopt new technologies and new features on existing provider technologies. Each party must play a role in securing customer data and sharing best practices for secure operations.
Education and awareness still needs to improve around provider services and new technologies for the enterprise. Small-scale adoption projects need to be shared so that security challenges and patterns can be adopted to scale with the business and across industry verticals. This skills gap, particularly around cloud and newer IT technologies, needs to be met by the industry through partnership and collaboration between all parties of the cyber ecosystem.//
<<<
!"//Speeding the Secure Cloud Adoption Process//"
[>img(100px,auto)[iCSA_/State_of_Cloud-2018.png]]Article de blog publié le 16 avril 2018 — Rédigé par Vinay Patel, Chair, CSA Global Enterprise Advisory Board, et Managing Director, Citigroup
<<<
__''Speeding the Secure Cloud Adoption Process''__
//Innovators and early adopters have been using cloud for years, taking advantage of the quicker deployment, greater scalability, and cost saving of services. The growth of cloud computing continues to accelerate, offering more solutions with added features and benefits, and with proper...//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/04/16/speeding-the-secure-cloud-adoption-process/]] sur le blog de la CSA
!"//Cloud Security and Compliance Is a Shared Responsibility//"
[>img(200px,auto)[iCSA/I4GBC.jpg]]Article de blog publié le 12 avril 2018 — Rédigé par Gail Coury, Chief Information Security Officer, Oracle
<<<
__''Cloud Security and Compliance Is a Shared Responsibility''__
//Cloud Organizations around the world are ramping up to comply with the European Union's General Data Protection Regulation (GDPR), which will be enforced beginning on May 25, 2018, and each must have the right people, processes and technology in place to comply or else potentially face litigation and heavy...//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/04/12/cloud-security-and-compliance-is-a-shared-responsibility/]] sur le blog de la CSA
!"//The "Ronald Reagan" Attack Allows Hackers to Bypass Gmail's Anti-phishing Security//"
[>img(200px,auto)[iCSA_/reagan.png]]Article de blog publié le 2 avril 2018 — Rédigé par Yoav Nathaniel, Customer Success Manager, Avanan
<<<
__''The "Ronald Reagan" Attack Allows Hackers to Bypass Gmail's Anti-phishing Security''__
//We started tracking a new method hackers use to bypass Gmail's SPF check for spear-phishing. The hackers send from an external server, the user sees an internal user (For example, your CEO) and Gmail's SPF-check, designed to indicate the validity of the sender, shows "SPF-OK." Why are we calling this "The Ronald Reagan" Attack...//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/04/02/the-ronald-reagan-attack-allows-hackers-to-bypass-gmails-anti-phishing-security/]] sur le blog de la CSA
!"//Are Traditional Security Tools Dead?//"
[>img(150px,auto)[iCSA_/cloud_hard.png]]^^Bien que publié le 26 avril 2018 sur le blog de la CSA, cet article l'a déjà été le 16 mars 2018 sur le blog de la société Bitglass^^
<<<
__''Les outils de sécurité traditionnels ont-ils encore un avenir?''__
//Lors de l'évaluation des différentes options en matière de sécurité, les RSSI et les architectes sécurité recherchent toujours la solution qui minimisera les coûts et les frais d'administration et d'exploitation tout en maximisant la protection des données. Au plus haut niveau, les entreprises se sont appuyées sur les outils traditionnels comme moyen de protection des données à long terme, mais au fur et à mesure de l'adoption des applications Cloud, ces outils sont de plus en plus considérés comme inefficaces, incapables de répondre aux besoins d'une entreprise en perpétuelle évolution avec un parc croissant d'applications Cloud et de terminaux non gérés capables d'accéder à ces applications.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/04/26/are-traditional-security-tools-dead/]] sur le blog de la CSA
⇒ Télécharger le rapport Bitglass sur https://pages.bitglass.com/CloudHard_LP.html
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//The Early Bird Gets the Virus//"
Bien que publié le 9 avril 2018 sur le blog de la CSA, cet article l'a déjà été le 5 mars 2018 sur le blog de la société Bitglass
⇒ Lire la suite sur [[le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/04/09/the-early-bird-gets-the-virus/]] ou [[l'original|https://www.bitglass.com/blog/early-bird-gets-virus]].
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Australia's First OAIC Breach Forecasts Grim GDPR Outcome//"
Bien que publié le 4 avril 2018 sur le blog de la CSA, cet article l'a déjà été le 16 mars 2018 sur le blog de la société Bitglass
⇒ Lire la suite sur [[le blog de la CSA|https://blog.cloudsecurityalliance.org/2018/04/04/australias-first-oaic-breach-forecasts-grim-gdpr-outcome/]] ou [[l'original|https://www.bitglass.com/blog/aus-oaic-breach-and-gdpr]].
[img(25%,1px)[iCSF/BluePixel.gif]]
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201803>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Mars 2018]]>><<tiddler fAll2LiTabs13end with: Actu","201803>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Mars 2018]]>><<tiddler fAll2LiTabs13end with: Blog","201803>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Mars 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201803>>
|!Mars|!Sources|!Titres et Liens|!Keywords|
|>|>|>|!2018.03.26..31|
|2018.03.30|//PaloAlto Networks//|[[2018 Cloud Security Report|https://start.paloaltonetworks.com/cloud-security-report-2018]]|Report|
|2018.03.30|infosec Buzz News|[[2018 Cloud Security Report Released Today|https://www.informationsecuritybuzz.com/expert-comments/2018-cloud-security-report-released-today/]]|Report|
|2018.03.29|Eric D. Schabell|[[3 Pitfalls Everyone Should Avoid with Hybrid Multicloud (1/4)|http://www.schabell.org/2018/03/3-pitfalls-everyone-should-avoid-with-hybrid-multicloud-part-1.html]]|Hybrid_Cloud|
|2018.03.29|//Google Cloud//|[[Exploring container security: An overview|https://cloud.google.com/blog/products/gcp/exploring-container-security-an-overview]]|Misc|
|2018.03.27|Gartner|![[Is the Cloud Secure?|https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/]]|Misc|
|2018.03.27|//BusinessWire//|[[New Cloud Security Report Reveals Rising Cybersecurity Concerns and Lack of Expertise|https://www.businesswire.com/news/home/20180327005304/en/New-Cloud-Security-Report-Reveals-Rising-Cybersecurity]]|Misc|
|2018.03.26|Infosec Island|[[Is Blockchain Really Disruptive in Terms of Data Security?|http://www.infosecisland.com/blogview/25050-Is-Blockchain-Really-Disruptive-in-Terms-of-Data-Security.html]]|Cloud Misc.|
|2018.03.26|//Aqua Security//|[[Taking a Comprehensive Approach to Container Security in 2018|https://blog.aquasec.com/assembling-a-container-security-program]]|Containers|
|2018.03.26|SANS|[[An Evaluator's Guide to Cloud-Based NGAV: The SANS Guide to Evaluating Next-Generation Antivirus|https://www.sans.org/reading-room/whitepapers/analyst/evaluator's-guide-cloud-based-ngav-guide-evaluating-next-generation-antivirus-38355]]|Analysis Misc.|
|>|>|>|!2018.03.19..25|
|2018.03.22|Bleeping Computer|[[CoinMiner Campaigns Move to the Cloud via Docker, Kubernetes|https://www.bleepingcomputer.com/news/security/coinminer-campaigns-move-to-the-cloud-via-docker-kubernetes/]]|K8s CryptoMining|
|2018.03.21|//Aqua Security//|![[A Brief History of Containers: From the 1970s to 2017|https://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-docker-2016]]|Containers Timeline|
|2018.03.20|//MacAfee//|[[73 Azure Security Best Practices Everyone Must Follow|https://www.skyhighnetworks.com/cloud-security-blog/73-azure-security-best-practices/]] ([[document|http://info.skyhighnetworks.com/WP_Definitive-Guide-to-Azure-Security_BannerCloud-MFE.html]])|AWS Best_Practices|
|2018.03.19|//Aqua Security//|[[Popular Docker Networking and Kubernetes Networking Tools|https://blog.aquasec.com/popular-docker-networking-and-kubernetes-networking-tools]]|Docker Kubernetes|
|>|>|>|!2018.03.12..18|
|2018.03.15|Question Sécu|[[Le monde change : brève réflexion sur le(s) Cloud(s), l'automatisation et l'avenir des pentesteurs|https://questionsecu.fr/cloud-automatisation-pentesteurs/]]|Misc|
|2018.03.14|//Kromtech//|[[Walmart jewelry partner exposed 1.3 million customer details|https://kromtech.com/blog/security-center/walmart-jewelry-partner-exposed-millions-customer-details]]|Misc|
|2018.03.14|//Optiv//|[[Observations on Smoke Tests - Part 1|https://www.optiv.com/blog/observations-on-smoke-tests-part-1]]|Testing|
|2018.03.13|Medium|![[Analysis of a Kubernetes hack - Backdooring through kubelet|https://medium.com/handy-tech/analysis-of-a-kubernetes-hack-backdooring-through-kubelet-823be5c3d67c]]|K8s Backdoor|
|>|>|>|!2018.03.05..11|
|2018.03.08|GigaMon & //Intellyx//|[[The Pros and Cons of Public Cloud Flow Logs (4/4)|https://blog.gigamon.com/2018/03/08/pros-cons-public-cloud-flow-logs/]]|Misc|
|2018.03.08|//StackRox//|[[Detecting Docker Exploits and Vulnerabilities - Your How-to Guide|https://www.stackrox.com/post/2018/03/breaking-bad-detecting-real-world-container-exploits/]]|Misc|
|2018.03.08|//Duo Labs//|![[Introducing: CloudTracker, an AWS CloudTrail Log Analyzer|https://duo.com/blog/introducing-cloudtracker-an-aws-cloudtrail-log-analyzer]]|Tools AWS|
|2018.03.07|//Aqua Security//|[[Kubernetes Security Deep-Dive|https://blog.aquasec.com/aqua-3.0-kubernetes-security-deep-dive]]|K8s|
|2018.03.05|Carnegie Mellon University|![[12 Risks, Threats, & Vulnerabilities in Moving to the Cloud|https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-to-the-cloud.html]] (Timothy Morrow) |Migration Risks Threats|
|2018.03.05|//Amazon AWS//|[[Processor Speculative Execution Research Disclosure|https://aws.amazon.com/security/security-bulletins/AWS-2018-013/]]|AWS CVE-2017-5715 CVE-2017-5753 CVE-2017-5754|
|>|>|>|!2018.02.26..04|
|2018.03.03|//Lacework//|[[Survey Highlights Top Four Trends in Cloud Security Adoption|https://www.lacework.com/survey-highlights-top-four-trends-in-cloud-security-adoption/]] ([[Rapport|https://info.lacework.com/hurwitz-survey-shows-security-automation-key-to-public-cloud-protection]])|Misc.|
|2018.03.03|Nino Crudele|[[AzureLeap - AES encryption and Hash algorithm concepts and best practices in cloud|https://ninocrudele.com/azureleap-aes-encryption-and-hash-algorithm-concepts-and-best-practices-in-cloud]]|AzureLeap|
|2018.03.02|//Amazon AWS//|[[AWS Federated Authentication with Active Directory Federation Services (AD FS)|https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/]]|AWS AzureADFS|
|2018.03.01|//Suse//|[[RightScale 2018State of the Cloud Report (pdf)|https://www.suse.com/media/report/rightscale_2018_state_of_the_cloud_report.pdf]]|Report Suse|
|2018.03.01|//Lacework//|[[Building Bridges from Security to Development (4/4)|https://www.lacework.com/context-is-king-building-bridges-between-devops-and-security-part-iv-2/]]|Misc|
!"//AWS Cloud: Proactive Security and Forensic Readiness - Part 3//"
[>img(300px,auto)[iCSA/I3NBA.jpg]]Article de blog publié le 27 mars 2018 — Rédigé par Neha Thethi, Information Security Analyst, BH Consulting
<<<
__''Cloud AWS : Sécurité proactive et préparation à l'analyse forensique (3^^ème^^ partie)''__
Il s'agit du troisième article d'une série de cinq qui fournit une liste de contrôle pour la sécurité proactive et l'état de préparation à l'analyse forensique dans un environnement Cloud Amazon. Il traite de la protection des données dans AWS.
La protection des données est un sujet très important dans les entreprises et chaud dans les organisations qui traitent les données personnelles des personnes physiques dans l'UE, car l'échéance du règlement général de l'UE sur la protection des données (GDPR) approche à grands pas.
AWS ne fait pas exception. L'entreprise fournit à ses clients des services et des ressources pour les aider à se conformer aux exigences du RGPD qui peuvent s'appliquer à leurs activités. Il s'agit notamment des contrôles d'accès aux données, des outils de surveillance et de journalisation, du chiffrement, de la gestion des clés, de la capacité de vérification et de la conformité aux normes de sécurité informatique. En outre, AWS a publié plusieurs livres blancs sur la protection de la vie privée, y compris certains spécifiques à certains pays.
Cet article va au delà de la protection des données personnelles. Ci-dessous, vous trouverez une liste de contrôle sur la protection des informations stockée dans AWS, statiques ou en transit, sur la protection des clés de chiffrement, la suppression des données sensibles et la compréhension des demandes d'accès aux données.
La liste de contrôle concerne les points suivants :
* Comment protégez-vous les données statiques ?
* Comment protégez-vous les données statiques dans Amazon S3 ?
* Comment protégez-vous les données statiques dans Amazon EBS ?
* Comment protégez-vous les données statiques dans Amazon RDS ?
* Comment protégez-vous les données statiques dans Amazon Glacier ?
* Comment protégez-vous les données statiques dans Amazon DynamoDB ?
* Comment protégez-vous les données statiques dans Amazon EMR ?
* Comment protégez-vous les données en transit ?
* Comment gérez-vous et protégez-vous vos clés de chiffrement ?
* Comment vous assurez-vous que les Amazon Machine Images (AMI) personnalisées sont sécurisées et exemptes de données sensibles avant leur publication pour usage interne (privé) ou externe (public) ?
* Comprenez-vous qui a le droit d'accéder à vos données stockées dans AWS ?
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/27/aws-cloud-proactive-security-and-forensic-readiness-part-3/]] sur le blog de la CSA
Lien original : http://bhconsulting.ie/data-protection-aws/
!"//34 Cloud Security Terms You Should Know//"
[>img(300px,auto)[iCSA_/cloud-security-101.png]]Article de blog publié le 23 mars 2018 — Rédigé par Dylan Press, Directeur Marketing, Avanan
<<<
__''34 termes liés à la sécurité du Cloud que vous devriez connaître''__
Nous espérons que vous vous en servirez comme référence, mais aussi pour votre équipe et pour la formation de votre entreprise. Imprimez [[le document associé|https://www.avanan.com/hubfs/docs/34-Cloud-Security-Terms.pdf]] et affichez le !
Comment pouvez-vous correctement rechercher une solution de sécurité dans le Cloud, si vous ne comprenez pas ce que vous lisez ? Nous avons toujours cru que la sécurité dans le Cloud devait être simple, c'est pourquoi nous avons créé Avananan. Dans le but de simplifier encore plus, nous avons créé un glossaire de 34 termes de sécurité dans le Cloud communément mal compris, et ce qu'ils signifient.
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/23/34-cloud-security-terms-you-should-know/]] sur le blog de la CSA
!"//AWS Cloud: Proactive Security and Forensic Readiness - Part 2//"
[>img(300px,auto)[iCSA_/defense-in-depth.jpg]]Article de blog publié le 13 mars 2018 — Rédigé par Neha Thethi, Information Security Analyst, BH Consulting
<<<
__''Cloud AWS : Sécurité proactive et préparation à l'analyse forensique (2^^ème^^ partie)''__
Il s'agit du deuxième d'une série de cinq articles qui fournit une liste de contrôle pour la sécurité proactive et l'état de préparation judiciaire dans l'univers du Cloud Amazon (AWS). Cet article concerne la protection de votre infrastructure virtuelle au sein d'AWS.
La protection de toute infrastructure informatique nécessite une approche de défense en couches ou en profondeur. Les couches sont généralement divisées en couches physique, réseau (périmètrique et interne), système (ou hôte), application et données. Dans un environnement //Infrastructure as a Service// (IaaS), AWS est responsable de la sécurité "du" Cloud, y compris le périmètre physique, le matériel, le traitement logiciel, le stockage et la mise en réseau, tandis que les clients sont responsables de la sécurité "dans" le Cloud ou sur les couches au-dessus de l'hyperviseur. [...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/13/aws-cloud-proactive-security-forensic-readiness-part-2/]] sur le blog de la CSA
__''En compléments ;''__
* Le premier article de la série est sur : http://bhconsulting.ie/aws-cloud-proactive-security-forensic-readiness-five-part-best-practice/
* Le second article de la série est sur : http://bhconsulting.ie/infrastructure-level-protection-aws/
* La troisième partie est sur le site : http://bhconsulting.ie/data-protection-aws/
!Conférences au [[Forum Securité@Cloud|http://www.cloudcomputing-world.com/security]] le jeudi 22 mars 2018
__Paris le 1er mars 2018 :__[>img(300px,auto)[iCSF/ForumSecuriteCloud-2018.png]]
La [[Cloud Security Alliance]] fera la présentation d'introduction le jeudi 22 mars 2018 à 14h15 et participera à une table ronde à 15h15 lors de la conférence [[Forum Securité@Cloud|http://www.cloudcomputing-world.com/security]] à Paris, Porte de Versailles.
* [[Forum Sécurité@Cloud]] : http://www.cloudcomputing-world.com/security
** Flux Twitter : https://twitter.com/forumsecucloud
* ''F10 : Panorama des attaques dans le Cloud''+++*[»]>
!F10 : Panorama des attaques dans le Cloud.
Y-a-t-il des rançongiciels dans le Cloud ? A quels types d'attaques devons-nous nous préparer ?
__Intervenant :__
* Olivier CALEFF - co-fondateur du Chapter français de la [[Cloud Security Alliance]]
===
* ''F12 : Comment réagir face à une attaque ?'' (Table ronde)+++*[»]>
!F12 : Comment réagir face à une attaque ?
Quelles mesures doit-on prendre avant et après une attaque ? Quels sont les organismes qui vont pouvoir vous aider ? Quelles conséquences vis-à-vis des clients et des fournisseurs ?
__Participants à la table ronde :__
* __Animateur :__ Olivier CALEFF -- co-fondateur du Chapter français de la [[Cloud Security Alliance]]
* Mahault BONNET-MADIN -- responsable partenariats au CSIRT-PJ
* Adrienne CHARMET -- chargée de mission, Cybermalveillance.gouv.fr
* Michel JUVIN -- expert en cybersécurité, CESIN
* Christophe MARAIS -- capitaine de police, chef adjoint du CSIRT-PJ
===
[img(25%,1px)[iCSF/BluePixel.gif]]
!Partenariat avec le salon [[Cloud Computing World Expo|http://www.cloudcomputing-world.com/]] les 21 et 22 mars 2018 à Paris, Porte de Versailles
[>img(100px,auto)[iCSF/CloudComputingWorld.jpg]]
La [[Cloud Security Alliance]] est partenaire de la [[Cloud Computing World Expo|http://www.cloudcomputing-world.com/]]
!"//Saturday Security Spotlight: Cryptomining, AWS, and O365//"
[>img(150px,auto)[iCSA/I38BS.jpg]]^^Bien que publié le 29 mars 2018 sur le blog de la CSA, cet article l'a déjà été précédemment sur le blog de la société Bitglass
<<<
__''Plein feu dominical sur la sécurité : Cryptomining, AWS, and Office365''__
Voici les principaux articles sur la cybersécurité de ces dernières semaines:
* Le minage malveillant de monnaies virtuelles, la première des activités cybercriminelles
* De nouveaux détails émergent sur les //buckets// AWS mal sécurisés
* Le rançongiciel Data Keeper commence à se répandre
* Office 365 utilisé dans des attaques récentes de phishing de masse
* SgxSpectre attaque les enclaves Intel SGX
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/29/saturday-security-spotlight-cryptomining-aws-and-o365/]] sur le blog de la CSA^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Are Healthcare Breaches Down Because of CASBs?//"
[>img(150px,auto)[iCSA_/chart.jpg]]^^Bien que publié le 19 mars 2018 sur le blog de la CSA, cet article l'a déjà été précédemment sur le blog de la société Bitglass
<<<
__''Les atteintes aux données de santé sont-elles en baisse à cause des CASBs''__
Bitglass vient de publier son quatrième rapport annuel sur les atteintes au secteur de la santé (//Healthcare Breach Report//). Il porte sur les fuites de données de santé en 2017 et compare le taux de ces fuites aux années précédentes. Il y a une surprise cette année avec la chute importante du volume des fuites et de l'ampleur de chaque attaque. Notre équipe de chercheurs a entrepris de découvrir le pourquoi.
Notre rapport annuel sur le secteur de la santé est fondé sur les atteintes à la vie privée issues du ministère américain de la Santé et des Services Sociaux. Le gouvernement américain exige que tous les organismes de santé et leurs affiliés divulguent publiquement les fuites qui affectent au moins 500 personnes.
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/19/healthcare-breaches-casbs/]] sur le blog de la CSA^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//You Are the Weakest Link -- Goodbye//"
[>img(150px,auto)[iCSA/I3EBY.jpg]]^^Bien que publié le 14 mars 2018 sur le blog de la CSA, cet article l'a déjà été précédemment sur le blog de la société Bitglass.
<<<
__''Vous êtes le maillon faible -- Au revoir.''__
La sécurité dans le nuage est une préoccupation majeure pour l'entreprise moderne. Heureusement, à condition que les organisations fassent preuve de diligence raisonnable lorsqu'elles évaluent les outils de sécurité, le stockage de données dans le Cloud peut être encore plus sûr que le stockage de données dans les locaux de l'entreprise.
Cependant, cela nécessite le déploiement d'une variété de solutions pour sécuriser les données statiques, sécuriser l'accès aux données, sécuriser les appareils mobiles et non gérés, se défendre contre les logiciels malveillants, détecter les applications non autorisées dans le Cloud (shadow IT), et plus encore. Dans ce contexte d'adoption effrénée des outils de sécurité, les entreprises oublient souvent de soutenir le maillon le plus faible de leur chaîne de sécurité, leurs utilisateurs. [...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/14/weakest-link-goodbye/]] sur le blog de la CSA^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Securing the Internet of Things: Devices & Networks//"
^^[>img(150px,auto)[iCSA_/weigand-wedding-300x126.jpg]]Bien que publié le 12 mars 2018 sur le blog de la CSA, cet article l'a déjà été précédemment sur le blog de la société Entrust Datacard.
<<<
__''Sécuriser l'Internet des objets: les appareils et les réseaux''__
L'Internet des objets (IoT) est en train de changer la prodution industrielle pour le meilleur.
Avec les données provenant de milliards d'appareils connectés et de trillions de capteurs, les opérateurs de la chaîne d'approvisionnement et de la prodution industrielle profitent de nouveaux avantages. Il faut penser amélioreration de l'efficacité et flexibilité pour des modèles d'affaires potentiels. Mais comme l'IoT joue un rôle plus important dans toutes les industries, la sécurité doit être une priorité absolue. Voici un aperçu des quatre principaux défis à relever avant de réaliser les avantages d'une connectivité accrue.
__''Réduire les risques''__
Atténuer les risques ne doit pas toujours se faire aux dépens de la disponibilité et de la fiabilité. [...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/12/securing-internet-things-devices-networks/]] sur le blog de la CSA^^
!"//Zero-Day in the Cloud -- Say It Ain't So//"
^^[>img(150px,auto)[iCSA/I39BZ.jpg]]Bien que publié le 9 mars 2018 sur le blog de la CSA, cet article l'a déjà été le 21 février 2018 sur le blog de la société Bitglass
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/09/zero-day-cloud-say-aint/]] sur le blog de la CSA ou [[l'original|https://www.bitglass.com/blog/zero-day-cloud]].
<<<
__''Des vulnérabilités //zéro-day// dans le Cloud... Dites moi que ce n'est pas vrai''__
Les vulnérabilités "//zéro day//" sont des failles de sécurité informatique ou logicielle inconnues du public, en particulier de ceux qui souhaitent combler ces failles, comme les fournisseurs de logiciels vulnérables.
Pour beaucoup de membres de la communauté de la sécurité informatique, le terme "//zéro day//" est synonyme de correctif de sécurité ou de mise à jour des systèmes. Prenons, par exemple, le monde des éditeurs de logiciels anti-programmes malveillants. Il y a ceux dont les solutions utilisent des signatures ou des codes de hachage pour se défendre contre les menaces. Leurs produits reçoivent en entrée un logiciel malveillant, l'analysent dans différents systèmes, font peut-être analyser le fichier par un humain, puis génèrent une signature. [...]
<<<
^^[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Saturday Security Spotlight: Tesla, FedEx, & the White House//"
^^[>img(150px,auto)[iCSA/I38BS.jpg]]Bien que publié le 8 mars 2018 sur le blog de la CSA, cet article l'a déjà été précédemment sur le blog de la société Bitglass.
<<<
__''Plein feu dominical sur la sécurité : Tesla, FedEx et la Maison-Blanche''__
Voici les principaux articles sur la cybersécurité de ces dernières semaines:
* Tesla a été piraté et utilisé pour extraire la cryptocurrence
* FedEx expose les données des clients dans une erreur de configuration AWS
* La Maison-Blanche publie un rapport sur la cybersécurité
* Le SEC classe la connaissance d'infractions non annoncées dans la catégorie des informations privilégiées.
* Plus de données d'Equifax volées que ce que l'on croyait initialement
__Tesla a été piraté et utilisé pour extraire de la cryptocurrence__
En ciblant une instance Tesla de Kubernetes, la console d'administration open-source de Google pour les applications cloud, les pirates ont pu infiltrer la société. Les attaquants ont ensuite obtenu des informations d'identification sur l'environnement AWS de Tesla, ont accédé à des informations propriétaires et ont commencé à exécuter des scripts pour générer de la cryptomonnaie en utilisant la puissance de calcul de Tesla. [...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/08/saturday-security-spotlight-tesla-fedex-white-house/]] sur le blog de la CSA^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//FedRAMP - Three Stages of Vulnerability Scanning and their Pitfalls//"
^^[>img(150px,auto)[iCSA_/FedRamp-300x169.jpg]]Bien que publié le 7 mars 2018 sur le blog de la CSA, cet article l'a aussi été le 14 mars 2018 sur le blog de la société Schellman.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/07/fedramp-three-stages-vulnerability-scanning-pitfalls/]] sur le blog de la CSA ou [[l'original|https://www.schellman.com/blog/fedramp-three-stages-of-vulnerability-scanning-and-their-pitfalls]]
<<<
__''FedRAMP -- Les trois étapes de l'analyse des vulnérabilités et leurs pièges''__
Bien que l'analyse des vulnérabilités ne soit qu'une des exigences de contrôle de FedRAMP, c'est en fait l'un des pièges les plus fréquents en termes d'impact sur une autorisation d'exploitation (ATO : //Authorization To Operate//), car les exigences de FedRAMP attendent des fournisseurs de services cloud (CSP : //Cloud Service provider//) qu'ils aient un programme de gestion des vulnérabilités mature. Un CSP doit avoir les personnes adaptées, les bons processus et les bonnes technologies en place et doit faire preuve de maturité pour les trois. Les CSPs qui ont plus de facilité avec les exigences d'analyse des vulnérabilités suivent une approche similaire, qui peut être mieux articulée en décomposant les attentes en trois étapes. [...]
<<<
— Rédigé par Matt Wilgus, Responsable de l'entité, Évaluation des menaces et de la vulnérabilité, Schellman & Co. —
^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Securing the Internet of Things: Connected Cars//"
^^[>img(150px,auto)[iCSA_/CarSmile-300x126.jpg]]Bien que publié le 5 mars 2018 sur le blog de la CSA, cet article l'a déjà été le 18 octobre 2018 sur le site de Entrust Datacard
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/05/securing-internet-things-connected-cars/]] sur le blog de la CSAou [[l'original|https://www.entrustdatacard.com/blog/2017/october/securing-the-internet-of-things---connected-cars]].
<<<
__''Sécuriser l'Internet des objets: Voitures connectées''__
Le déploiement de la sécurité et de la sûreté dans la conception automobile va bien au-delà des essais de collision.
D'ici 2022, on s'attend à ce que le marché mondial de l'Internet des Objets (IoT) dans le secteur automobile atteigne 82,79 milliards de dollars, et les constructeurs se précipitent sur cette opportunité. Bien que les calculateurs embarqués et les technologies réseaux existent depuis les années 1980, l'avènement de la connectivité ouvre un éventail de nouvelles options pour les constructeurs automobiles. De la détection avancée des collisions et des diagnostics prédictifs aux systèmes de divertissement qui chargent les mélodies préférées du conducteur dès qu'il s'assied, les voitures connectées sont prêtes à améliorer l'expérience du consommateur. [...]
<<<
^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//CASBs and Education's Flight to the Cloud//"
^^[>img(150px,auto)[iCSA/I2GBC.jpg]]Bien que publié le 1er mars 2018 sur le blog de la CSA, cet article l'a déjà été le 16 février 2018 sur le blog de la société Bitglass.
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/03/01/casbs-educations-flight-cloud/]] sur le blog de la Cloud Security Alliance ou [[l'original|https://www.bitglass.com/blog/casbs-and-educations-flight-to-the-cloud]]
<<<
__''L'envol des CASBs et du monde de l'éducation dans le Cloud''__
Le Cloud fait de plus en plus partie intégrante des entreprises qui recherchent productivité et flexibilité. Pour l'enseignement supérieur, le Cloud permet la création de cours en ligne, la collaboration dynamique sur des documents de recherche, etc. Comme de nombreux services cloud comme la [[G Suite|https://www.bitglass.com/g-suite-security]] sont offerts gratuitement aux établissements d'enseignement, l'adoption est encore plus simple. Toutefois, dans tous les cas d'utilisation multiple en éducation, des solutions de sécurité complètes doivent être utilisées pour protéger les données où qu'elles se trouvent. [...]
<<<
^^
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201802>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Février 2018]]>>
!"//Saturday Security Spotlight: Malware, AWS, and US Defense//"
[>img(150px,auto)[iCSA/I38BS.jpg]]^^Bien que publié le 26 février 2019 sur le blog de la CSA, cet article l'a déjà été le 17 février 2018 sur le site de Bitglass.
<<<
__''Plein feu dominical sur la sécurité : Malware, AWS, et le Ministère de la Défense américain''__
Voici les principaux articles sur la cybersécurité de ces dernières semaines:
* le logiciel malveillant AndroRAT espionne les utilisateurs Android
* les Smart TV facilement piratables
* l'outil BuckHacker trouve des données non sécurisées dans les //buckets// AWS
* la divulgation de données de Octoly expose les données personnelles de stars des médias sociaux
* Les pirates russes ciblent les sous-traitants du Ministère de la Défense américain.
__le logiciel malveillant AndroRAT espionne les utilisateurs Android__
Un nouveau type de logiciel malveillant ciblant les périphériques Android donne aux pirates informatiques un contrôle étendu sur les téléphones des utilisateurs. La menace permet aux malveillants d'utiliser les microphones des appareils (pour enregistrer de l'audio), les caméras (pour prendre des photos) et les fichiers (pour voler de l'information). Cela pose bien évidemment un grand problème de confidentialité pour tous les utilisateurs d'Android du monde.
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/02/26/saturday-security-spotlight-malware-aws-us-defense/]] sur le blog de la CSA ou [[l'original|https://www.bitglass.com/blog/sss-malware-aws-us-defense]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Unmanaged Device Controls, External Sharing, and Other Real CASB Use Cases//"
[>img(150px,auto)[iCSA/I2CBU.jpg]]^^Bien que publié le 23 février 2019 sur le blog de la CSA, cet article l'a déjà été le 12 février 2018 sur le site de Bitglass.
<<<
__''Contrôles de périphériques non gérés, partage externe et autres cas d'utilisation réels du CASB''__
Beaucoup de gens dans l'industrie de la sécurité ont entendu parler des CASB (//Cloud Access Security Brokers// ou courtiers en sécurité d'accès au nuage) comme étant les solutions de référence pour la protection des données et des menaces dans le Cloud. Mais où les CASB s'intègrent ils exactement ? Si vous possédez déjà un pare-feu NGFW (//Next Generation FireWall// : Pare-Feu de Nouvelle Génération) ou peut-être une solution de type passerelle Web sécurisée, pourquoi investir dans le déploiement d'un CASB?
Ci-dessous, nous vous présentons trois des cas d'utilisation les plus courants dans le monde réel pour un courtier en sécurité d'accès au Cloud.
__Partage externe__
La plupart des applications cloud ont une forme de contrôle de partage externe intégré. Peut-être un administrateur peut-il révoquer l'accès à certains documents, définir des permissions granulaires dans toute l'organisation ou bloquer le partage dans son ensemble.
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/02/23/unmanaged-device-controls-external-sharing-real-casb-use-cases/]] sur le blog de la CSA ou [[l'original|https://www.bitglass.com/blog/real-world-casb-use-cases]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//A Home for CASB//"
[>img(150px,auto)[iCSA_/A-home-for-CASB-300x161.png]]^^Bien que publié le 21 février 2019 sur le blog de la CSA, cet article l'a déjà été le 2 février 2018 sur le site de Cedrus
<<<
__''Un positionnement organisationnel pour les CASB''__
Au cours des 18 derniers mois, j'ai travaillé sur le CASB sous une forme ou une autre, y compris:
* des vidéos architecturales et techniques éducatives
* des demandes d'assistance pour une demande de proposition (RFP : //Request for Proposal//)
* des présentations avant-vente et des démos
* des maquettes et des Preuve des Concepts (PoC : //Proof Of Concept//)
* des mises en œuvre
* des opération de construction er des transitions
J'ai découvert des choses intéressantes en travaillant avec des fournisseurs, des clients et notre propre personnel technique de sécurité au sein de la société Cedrus. L'une d'entre elles concerne le modèle de propriété. Il n' y a pas de cartographie avec relations bi-directionnelles lorsque vous comparez les fonctionnalités de la solution CASB aux structures des organisations qui les déploient. Il semble qu'il y ait un manque de placement organisationnel, un foyer permanent lorsqu'il s'agit du CASB.
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/02/21/a-home-for-casb/]] sur le blog de la CSA ou [[l'original|https://cedrus.digital/a-home-for-casb/]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Malware P.I. - Odds Are you're Infected//"
[>img(150px,auto)[iCSA_/br-malware-pi-thumb-300x232.png]]^^Bien que publié le 19 février 2019 sur le blog de la CSA, cet article l'a déjà été le 7 février 2018 sur le site de Bitglass.
<<<
In Bitglass' latest report, Malware P.I., the Next-Gen CASB company uncovered startling information about the rate of malware infection amongst organizations. Additionally, experiments with a new piece of zero-day malware yielded shocking results. Here is a glimpse at some of the outcomes.
Nearly half of organizations have malware in one of their cloud apps
While the cloud endows organizations with great flexibility, efficiency, and collaboration, cloud apps and personal devices accessing corporate data can inadvertantly house and spread malware. However, this does not mean that operating in the cloud is inherently more dangerous than the traditional way of doing things.
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/02/19/malware-p-odds-youre-infected/]] sur le blog de la CSA ou [[l'original|https://www.bitglass.com/blog/malware-pi-odds-are-youre-infected]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Agentless Mobile Security: No More Tradeoffs//"
[>img(150px,auto)[iCSA_/Triangle-300x173.png]]^^Bien que publié le 15 février 2019 sur le blog de la CSA, cet article l'a déjà été le 27 janvier 2018 sur le site de Bitglass.
<<<
Have you ever seen a "Pick two out of three" diagram? They present three concepts and force individuals to select the one that they see as the least important. The tradeoffs between convenience, privacy, and security serve as a perfect example of a "Pick two" situation for many mobile security solutions.
Industries have seen massive growth in the number of personal devices that touch sensitive information, resulting in a need to secure data as it is accessed by these endpoints. Various solutions have been adopted by many companies, but all tend to fall into the classic "Pick two" scenario.
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/02/15/agentless-mobile-security-no-tradeoffs/]] sur le blog de la CSA ou [[l'original|https://www.bitglass.com/blog/agentless-mobile-security-no-more-tradeoffs]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Saturday Security Spotlight: Military, Apps, and Threats//"
[>img(150px,auto)[iCSA/I38BS.jpg]]^^Bien que publié le 12 février 2019 sur le blog de la CSA, cet article l'a déjà été le 3 février 2018 sur le site de Bitglass.
<<<
Here are the top cybersecurity stories of recent weeks:
* Fitness app exposes military bases
* Soldiers' names revealed by app
* Google Play filled with fake apps
* Medical devices easily hacked
* The internet of things creates risk for the enterprise
Fitness app exposes military bases
Strava, the creators of a fitness tracking app, released heatmaps of its users' movements. Unfortunately, this revealed the inner workings of military bases abroad by highlighting the movements of soldiers who use said app within their bases. Naturally, making this information publicly available raises questions of privacy and national security.
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/02/12/saturday-security-spotlight-military-apps-threats/]] sur le blog de la CSA ou [[l'original|https://www.bitglass.com/blog/sss-military-apps-threats]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//Why Next-Gen Firewalls Can't Replace CASBs//"
[>img(150px,auto)[iCSA_/Server-hallway-in-the-sky-300x200.jpg]]^^Bien que publié le 7 février 2019 sur le blog de la CSA, cet article l'a déjà été le 1er février 2018 sur le site de Bitglass.
<<<
A security solution is only as good as the data it protects. Some solutions focus on data protection on the corporate network, others focus entirely on cloud data, and a select few enable security at access from any network.
Next-gen firewalls (NGFWs) are the traditional solution for many organizations looking to secure their corporate networks. They are effective at what they do, securing corporate network traffic by routing everything through on-premises appliances. As corporate data begins moving outside the corporate network, as it does with cloud and mobile, the NGFW can no longer provide protection.
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/02/07/next-gen-firewalls-cant-replace-casbs/]] sur le blog de la CSA ou [[l'original|https://www.bitglass.com/blog/why-ngfws-cant-replace-casbs]].^^
[img(25%,1px)[iCSF/BluePixel.gif]]
!"//EMV Chip Cards Are Working - That's Good and Bad//"
[>img(150px,auto)[iCSA_/emv-casb-300x134.jpg]]^^Bien que publié le 2 février 2019 sur le blog de la CSA, cet article l'a déjà été le 23 janvier 2018 sur le site de Bitglass.
<<<
For many years, credit card companies and retailers ruled the news headlines as victims of breaches. Why? Hackers' profit motives lead them to credit card numbers as the quickest path to monetization. Appropriate data in hand and a working counterfeit card could be cranked out in seconds and used to purchase a laptop or TV at the local Walmart -- easy to fence in the local black market.
Sick of being the target, the payment card industry got smart about fraud detection, created a set of regulatory compliance requirements (PCI-DSS) and perhaps even more importantly, rolled out EMV "chip-and-pin" technologies, which are meant to reduce counterfeit card fraud by presenting a unique cryptographic code for each transaction -- much more difficult to duplicate than the static information embedded in the magnetic stripe of older cards.
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2018/02/02/emv-chip-cards-working-thats-good-bad/]] sur le blog de la CSA ou [[l'original|https://www.bitglass.com/blog/emv-credit-card-security-casb]].^^
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Février 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201802>>
|!Février|!Sources|!Titres et Liens|!Keywords|
|2018.02.28|GigaMon & //Intellyx//|[[The Multi-Cloud and Hybrid IT Security Challenge (3/4)|https://blog.gigamon.com/2018/02/28/multi-cloud-hybrid-security-challenge/]]|Misc|
|2018.02.28|//Heptio//|[[On Securing the Kubernetes Dashboard|https://blog.heptio.com/on-securing-the-kubernetes-dashboard-16b09b1b7aca]]|Misc|
|2018.02.27|Infosec Island|[[Today's Threat Landscape Demands User Monitoring|http://www.infosecisland.com/blogview/25040-Todays-Threat-Landscape-Demands-User-Monitoring.html]]|Cloud Misc.|
|>|>|>|!2018.02.19..25|
|2018.02.22|//Amazon AWS//|[[Using a Cloud Center of Excellence (CCOE) to Transform the Entire Enterprise|https://aws.amazon.com/de/blogs/enterprise-strategy/using-a-cloud-center-of-excellence-ccoe-to-transform-the-entire-enterprise/]]|AWS|
|2018.02.21|GigaMon & //Intellyx//|[[Closing the Cloud Security Gap by Breaking Down Silos (2/4)|https://blog.gigamon.com/2018/02/21/closing-cloud-security-gap-breaking-silos/]]|Misc|
|2018.02.20|Bleeping Computer|[[Tesla Internal Servers Infected with Cryptocurrency Miner|https://www.bleepingcomputer.com/news/security/tesla-internal-servers-infected-with-cryptocurrency-miner/]]|Attacks Kubernetes CryptoMining|
|2018.02.20|//Security Intelligence//|[[The Journey to Security and Cyber Resiliency|https://securityintelligence.com/the-journey-to-security-and-cyber-resiliency/]]|Cyber_resilience|
|2018.02.20|//RedLock//| → [[Lessons from the Cryptojacking Attack at Tesla|https://redlock.io/blog/cryptojacking-tesla]]|K8s CryptoMining|
|2018.02.20|//Aqua Security//|[[10 Essential Container CI/CD Tools|https://blog.aquasec.com/10-essential-container-ci/cd-tools]]|Containers CD/CI|
|2018.02.19|//Odaseva//|[[Security Series Part 1 : Enhance your Odaseva Security by Adding IP Access Restrictions|https://www.odaseva.com/blog/security-series-part-1-enhance-odaseva-security-adding-ip-access-restrictions/]]|Misc|
|2018.02.19|Nino Crudele|[[AzureLeap - Azure Onboarding Resources|https://ninocrudele.com/azureleap-azure-onboarding-resources-2]]|AzureLeap|
|>|>|>|!2018.02.12..18|
|2018.02.16|//MacAfee//|[[Open AWS S3 Bucket Exposes Private Data of Thousands of FedEx Customers|https://www.skyhighnetworks.com/cloud-security-blog/reduce-aws-s3-bucket-data-exposures-with-the-right-protection/]]|DataLeak AWS|
|2018.02.15|//HTTPCS//[>img[iCSF/flag_fr.png]]|![[Etude d'impact - Configuration AWS Buckets Amazon S3|https://blog.httpcs.com/etude-dimpact-configuration-aws-buckets-amazon-s3/]]|AWS|
|2018.02.15|//HTTPCS//|![[Impact Study: Amazon S3 Buckets Configuration|https://blog.httpcs.com/en/impact-study-amazon-s3-buckets-configuration/]]|AWS|
|2018.03.01|//Bitdefender//| → [[1 in 50 Publicly Readable Amazon Buckets Are Also Writable - And That's a Data Disaster Waiting to Happen|https://businessinsights.bitdefender.com/amazon-buckets-writable-data-disaster]]|AWS|
|2018.02.15|//SecludIT//[>img[iCSF/flag_fr.png]]|[[7 conseils pour sécuriser son Cloud hybride rapidement|https://secludit.com/blog/7-conseils-securiser-son-cloud-hybride/]]|Misc|
|2018.02.15|//Kromtech//|[[FedEx Customer Records Exposed|https://kromtech.com/blog/security-center/fedex-customer-records-exposed]]|Data_Leaks|
|2018.02.15|//Aqua Security//|![[Cryptocurrency Miners Abusing Containers: Anatomy of an (Attempted) Attack|https://blog.aquasec.com/cryptocurrency-miners-abusing-containers-anatomy-of-an-attempted-attack]]|Containers CryptoMining Attacks|
|2018.02.15|//Verizon//|![[2018 Verizon Data Breach Investigations Report (DBIR) (pdf)|https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf]]|Report Data_Breaches|
|2018.02.15|//Optiv//| → [[Security Simplified|https://www.optiv.com/blog/security-simplified]]|Report Best_Practices|
|2018.02.14|CIO Dive|[[Is multi-cloud the answer? Most companies are using up to 5|https://www.ciodive.com/news/is-multi-cloud-the-answer-most-companies-are-using-up-to-5/517077/]]|Multi_Cloud|
|2018.02.12|SecurityWeek|[[Thousands More Personal Records Exposed via Misconfigurations|https://www.securityweek.com/thousands-more-personal-records-exposed-misconfigurations]]|Misc|
|2018.02.12|GigaMon & //Intellyx//|[[Cloud Security Pitfall: Understanding the Shared Responsibility Mode (1/4)|https://blog.gigamon.com/2018/02/12/cloud-security-pitfall-understanding-shared-responsibility-model/]]|Misc|
|2018.02.12|//Microsoft//|[[Cyber resilience for the modern enterprise|https://cloudblogs.microsoft.com/microsoftsecure/2018/02/12/cyber-resilience-for-the-modern-enterprise/]]|Misc|
|>|>|>|!2018.02.05..11|
|2018.02.09|//Odaseva//|[[Top Data Governance Predictions for 2018|https://www.odaseva.com/blog/top-data-governance-predictions-2018/]]|Misc|
|2018.02.08|SecurityWeek|[[Malware is Pervasive Across Cloud Platforms: Report|https://www.securityweek.com/malware-pervasive-across-cloud-platforms-report]]|Misc|
|2018.02.07|//Bitglass//|[[Bitglass Report: Microsoft SharePoint, Google Drive, and Majority of AV Engines Fail to Detect New Ransomware Variant|https://globenewswire.com/news-release/2018/02/07/1335286/0/en/Bitglass-Report-Microsoft-SharePoint-Google-Drive-and-Majority-of-AV-Engines-Fail-to-Detect-New-Ransomware-Variant.html]]|Ransomware|
|2018.02.08|//Threatpost//| → [[Gojdue Variant Eludes Microsoft, Google Cloud Protection, Researchers Say|https://threatpost.com/gojdue-variant-eludes-microsoft-google-cloud-protection-researchers-say/129837/]]|Ransomware|
|2018.02.08|//MacAfee//|[[Must-Have CASB Capability When Evaluating Vendors|https://www.skyhighnetworks.com/cloud-security-blog/must-have-casb-capability-when-evaluating-vendors/]] ([[document|http://info.skyhighnetworks.com/WP-Gartner-CASB-Magic-Quadrant-2017_BannerCloud-MFE.html]])|Misc.|
|2018.02.07|//Security Intelligence (IBM)//|[[Architecting Segmentation Defense in the Cloud|https://securityintelligence.com/architecting-segmentation-defense-in-the-cloud/]]|Misc|
|2018.02.06|//Threatpost//|[[Leaky Amazon S3 Bucket Exposes Personal Data of 12,000 Social Media Influencers|https://threatpost.com/leaky-amazon-s3-bucket-exposes-personal-data-of-12000-social-media-influencers/129810/]]|DataLeak AWS|
|>|>|>|!2018.01.29..2018.02.04|
|2018.02.02|//Security Intelligence (IBM)//|[[Cloud Security Is a Moving Target|https://securityintelligence.com/cloud-security-is-a-moving-target/]]|Misc|
|2018.02.01|ZDNet|[[Commonwealth pushes public cloud by default|https://www.zdnet.com/article/commonwealth-pushes-public-cloud-by-default/]]|Commonwealth Public_Cloud|
||Digital Transformation Agency|[[Secure Cloud Strategy|https://www.dta.gov.au/files/cloud-strategy/secure-cloud-strategy.pdf]] (pdf)|Australia Strategy|
|2018.02.01|//Backblaze//|[[Backblaze Hard Drive Stats for 2017|https://www.backblaze.com/blog/hard-drive-stats-for-2017/]]|Reliability|
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201801>>
<<tiddler .ReplaceTiddlerTitle with: [[Actualités - Janvier 2018]]>><<tiddler fAll2LiTabs13end with: Actu","201801>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Janvier 2018]]>>Aucun article n'est repris sur ce site pour le moment.
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Janvier 2018]]>><<tiddler fAll2LiTabs13end with: Publ","201801>>
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|2018.01.31|//Ikoula//|[[RGPD et les fournisseurs d'infrastructures de Cloud : il est bon d'être français|https://blog.ikoula.com/fr/RGPD-et-le-cloud]]|Misc|
|2018.01.31|//Optiv//|[[Cloud Critical Controls|https://www.optiv.com/blog/cloud-critical-controls]]|Controls|
|>|>|>|!2018.01.16..28|
|2018.01.26|//Securosis//|[[Wrangling Backoffice Security in the Cloud Age|https://securosis.com/blog/wrangling-backoffice-security-in-the-cloud-age-part-2]] (2/2)|Misc|
|2018.01.24|//Securosis//|[[Wrangling Backoffice Security in the Cloud Age|https://securosis.com/blog/wrangling-backoffice-security-in-the-age-of-cloud]] (1/2)|Misc|
|2018.01.24|//Securosis//|[[Container Security 2018: Logging and Monitoring|https://securosis.com/blog/container-security-2018-logging-and-monitoring]]|Misc|
|2018.01.23|//Lacework//|[[Building Bridges from Security to Development|https://www.lacework.com/visibility-a-technical-chauffeur-of-data-part-iii/]] (3/4)|Misc|
|2018.01.22|//Securosis//|[[Container Security 2018: Runtime Security Controls|https://securosis.com/blog/container-security-2018-runtime-security-controls]]|Misc|
|2018.01.22|//Kromtech//|[[HBO database exposure|https://kromtech.com/blog/security-center/hbo-database-exposure]]|Misc|
|2018.01.22|SANS|[[Building the New Network Security Architecture for the Future|https://www.sans.org/reading-room/whitepapers/analyst/building-network-security-architecture-future-38255]]|Analysis Misc.|
|>|>|>|!2018.01.15..21|
|2018.01.21|Purple Squad Security|Podcast : [[Episode 17 - A Look At The Treacherous Twelve From The CSA|https://purplesquadsec.com/podcast/episode-17-look-treacherous-twelve-csa/]]|Misc|
|2018.01.18|//Kromtech//|[[Kromtech releases Key Inspector, free tool to check your SSH keys|https://kromtech.com/blog/security-center/kromtech-releases-key-inspector-free-tool-to-check-your-ssh-keys]]|Misc|
|2018.01.18|//Aqua Security//|[[5 Essential Docker Storage Tools|https://blog.aquasec.com/5-essential-docker-storage-tools]]|Docker Storage|
|2018.01.17|//Netskope//|[[Decoys, Phishing, and the Cloud: The Latest Fan-out Effect|https://www.netskope.com/blog/decoys-phishing-cloud-latest-fan-effect]]|Attacks Phishing|
|2018.01.17|//McAfee//|[[Office 365 Security Use Case #4: Detect Compromised Accounts and Insider/Privileged User Threats|https://www.skyhighnetworks.com/cloud-security-blog/office-365-security-for-a-casb-detect-compromised-accounts-and-insider-privileged-user-threats/]]|O365 Detect|
|2018.01.17|//Security Intelligence (IBM)//|[[Lacking Cloud Security Policies Leave 60 Percent of Data at Risk|https://securityintelligence.com/news/lacking-cloud-security-policies-leave-60-percent-of-data-at-risk/]]|Misc|
|2018.01.17|//Lacework//|[[Building Bridges from Security to Development (2/4)|https://www.lacework.com/building-bridges-from-security-to-development-part-2/]]|Misc|
|2018.01.16|//Security Intelligence (IBM)//|[[Meeting Identity and Access Management Challenges in the Era of Mobile and Cloud|https://securityintelligence.com/meeting-identity-and-access-management-challenges-in-the-era-of-mobile-and-cloud/]]|Misc|
|2018.01.15|//Coalfire//|[[Has Your O365 Account Been Hacked?|https://www.coalfire.com/The-Coalfire-Blog/January-2018/Has-Your-O365-Account-Been-Hacked]]|O365 Attacks|
|2018.01.15|//Securosis//|[[Container Security 2018: Securing Container Contents|https://securosis.com/blog/container-security-2018-securing-container-contents]]|Misc|
|2018.01.15|PostMortem Security|[[The Five Stages of Cloud Grief|https://postmodernsecurity.com/2018/01/12/the-five-stages-of-cloud-grief/]]|Misc|
|>|>|>|!2018.01.08..14|
|2018.01.13|SANS|[[Digital Forensic Analysis of Amazon Linux EC2 Instances|https://www.sans.org/reading-room/whitepapers/cloud/digital-forensic-analysis-amazon-linux-ec2-instances-38235]]|Analysis Misc.|
|2018.01.12|Nino Crudele|[[AzureLeap - Microsoft Azure Networking Troubleshooting Guideline|https://ninocrudele.com/azureleap-microsoft-azure-networking-troubleshooting-guideline]]|AzureLeap|
|2018.01.11|//Cloudonaut//|[[AWS Monitoring Primer|https://cloudonaut.io/aws-monitoring-primer/]] ([[AWS Monitoring Primer Overview Mind Map|https://cloudonaut.io/images/2018/01/aws-monitoring-primer-overview.pdf]])|AWS Monitorig|
|2018.01.11|//Securosis//|[[Container Security 2018: Build Pipeline Security|https://securosis.com/blog/container-security-2018-build-pipeline-security]]|Misc|
|2018.01.11|//Aqua Security//|[[Do Containers Provide Better Protection Against Meltdown and Spectre?|https://blog.aquasec.com/do-containers-provide-better-protection-against-meltdown-and-spectre]]|Containers Meltdown Spectre|
|2018.01.09|//Securosis//|[[Container Security 2018: Threats and Concerns|https://securosis.com/blog/container-security-2018-threats-and-concerns]]|Misc|
|2018.01.09|//AppSecCo//|[[Using Google Cloud Platform to store and query 1.4 billion usernames and passwords|https://blog.appsecco.com/using-google-cloud-platform-to-store-and-query-1-4-billion-usernames-and-passwords-6cac572f5a29]]|GCP|
|2018.01.08|Infosec Island|[[What Global Manufacturers Need to Know About Security in the Cloud|http://www.infosecisland.com/blogview/25025-What-Global-Manufacturers-Need-to-Know-About-Security-in-the-Cloud.html]]|Cloud Misc.|
|2018.01.08|//Sysdig//|[[Making sense of Meltdown/Spectre|https://sysdig.com/blog/making-sense-of-meltdown/]]|Misc|
|2018.01.08|Nino Crudele|[[AzureLeap - Azure Security Health Check with Azure TechCenter|https://ninocrudele.com/azureleap-azure-security-health-check-with-azure-techcenter]]|AzureLeap|
|>|>|>|!2018.01.01..07|
|2018.01.07|Forbes|[[83% Of Enterprise Workloads Will Be In The Cloud By 2020|https://www.forbes.com/sites/louiscolumbus/2018/01/07/83-of-enterprise-workloads-will-be-in-the-cloud-by-2020/]]|Trends Workloads|
|2018.01.06|DZone|[[The History and State of Virtualization|https://dzone.com/articles/the-history-and-state-of-virtualization]]|Virtualization|
|2018.01.07|//Securosis//|[[Building a Container Security Program 2018: Introduction|https://securosis.com/blog/building-a-container-security-program-2018-intro]]|Misc|
|2018.01.05|//Argentra//|[[DLP in the Cloud: Why You Need a CASB for Cloud DLP|https://www.argentra.com/dlp-in-the-cloud-why-you-need-a-casb-for-cloud-dlp/]]|CASB DLP|
|2018.01.04|Nino Crudele|[[AzureLeap - troubleshoot unexpected shutdown and automatic updated in your Azure VMs|https://ninocrudele.com/azureleap-troubleshoot-unexpected-shutdown-and-automatic-updated-in-your-azure-vms]]|AzureLeap|
|2018.01.05|//Securosis//|![[How Cloud Security Managers Should Respond to Meltdown and Spectre|https://securosis.com/blog/how-cloud-security-managers-should-respond-to-meltdown-and-spectre]]|Misc|
|2018.01.02|//SysDig//|![[Fishing for Miners - Cryptojacking Honeypots in Kubernetes|https://sysdig.com/blog/detecting-cryptojacking/]] |Cryptomining|
|2018.01.02|//PogsDotNet//|![[Microservices: Why choose Containers over Virtual Machines|https://www.pogsdotnet.com/2018/01/microservices-why-choose-containers.html]] |Containers VMs|
!Réactivation du serveur Web du chapitre français de la [[Cloud Security Alliance]]
|ssTablN0L|k
|Après plusieurs mois d'arrêt, le serveur Web du [[Chapitre français|CSA-FR]] de la [[Cloud Security Alliance]] sera remis en ligne le |!|[img(200px,auto)[iCSA/logoCSAFR.png]]|
| {{firstletter{1er mars 2018}}} |~|~|
|Les nuages se lèvent, les travaux sont terminés, le site va de nouveau être actif ! |~|~|
|Le lien à ajouter à vos favoris : ''[[CloudSecurityAlliance.fr|https://www.cloudsecurityalliance.fr]]'' |~|~|
<<tiddler fAll2Tabs7 with: '_Veille17'>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Année 2017]]>><<tiddler fAll2Tabs with: _Blog17>>
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|2017.12.30|OpenSecGeek|[[SIEM From Scratch: Getting Logs From Google|https://opensecgeek.blogspot.com/2017/12/siem-from-scratch-getting-logs-from_30.html]]|GCP Logging|
|2017.12.22|Infosec Island|[[Goodbye 2017, Hello 2018: New and Old Cloud Security Challenges|http://www.infosecisland.com/blogview/25017-Goodbye-2017-Hello-2018-New-and-Old-Cloud-Security-Challenges.html]]|Cloud Misc.|
|2017.12.22|//Symantec//|![[8 Essentials Requirement Step-by-Step Approach for Rethinking Cloud Security (pdf)|https://www.symantec.com/content/dam/symantec/docs/other-resources/eight-essentials-rethinking-security-for-the-cloud-generation-en.pdf]]|Misc|
|2017.12.22|//Kromtech//|[[Massive Trove of Medical Records Potentially Exposed|https://kromtech.com/blog/security-center/massive-trove-of-medical-records-potentially-exposed]]|Data_Leaks|
|2017.12.18|//Microsoft//|[[Gaining visibility to "shadow IT" and discovering cloud apps in use today|https://blogs.technet.microsoft.com/skypehybridguy/2017/12/18/gaining-visibility-to-shadow-it-and-discovering-cloud-apps-in-use-today/]]|ShadowIT|
|2017.12.17|//Lacework//|[[Bridging the Gap Between Security and DevOps|https://www.lacework.com/bridging-the-gap-between-security-and-devops-part-i-2/]] (1/4)|DevOps|
|2017.12.15|//Odaseva//|![[A Four-Step Approach to Data Backup, Recovery and Business Continuity|https://www.odaseva.com/blog/four-step-approach-data-backup-recovery-business-continuity/]]|BCP DRP|
|2017.12.15|CSA UK|![[O365 Identity Article|http://www.cloudsecurityalliance.org.uk/blog/guestpost-francescocipollone]]|Azure o365|
|2017.12.11|Infosec Island|[[Unidentified Leak Paths Led to Successful Hack of South Korean Military by North Korea - Part I|http://www.infosecisland.com/blogview/25009-Unidentified-Leak-Paths-Led-to-Successful-Hack-of-South-Korean-Military-by-North-Korea--Part-I.html]]|Cloud Misc.|
|2017.12.10|//Aqua Security//|[[DevSecOps Will Ensure That Time-to-Market and Security Don't Clash|https://blog.aquasec.com/devsecops-time-to-market-and-security-dont-clash]]|DevSecOps|
|2017.12.08|//Ikoula//|[[Cloud : les 10 points à vérifier avant de choisir votre partenaire|https://blog.ikoula.com/fr/Cloud-10-points]]|Controls|
|2017.12.08|//Argentra//|[[2 Ways Cloud Access Security Brokers (CASB) Prevent Data Leakage|https://www.argentra.com/2-ways-cloud-access-security-brokers-casbs-prevent-data-leakage/]]|CASB DLP|
|2017.12.07|//McAfee//|[[How Enterprises Remediate AWS S3 Buckets Exposed to GhostWriter|https://www.skyhighnetworks.com/cloud-security-blog/how-enterprises-remediate-aws-s3-buckets-exposed-to-ghostwriter/]]|AWS Protect|
|2017.12.07|//Outpost24//|[[Cloud monitoring: 7 tips to follow absolutely|https://outpost24.com/blog/cloud-monitoring-7-tips]]|Monitoring|
|2017.12.07|//StackRox//|[[Containers, security, and compliance in the financial sector: putting it all together|https://www.stackrox.com/post/2017/12/containers-security-and-compliance-in-the-financial-sector-putting-it-all-together/]]|Container|
|2017.12.05|The Register|[[Good news: Unsecured Amazon Web Services S3 bucket discovery just got easier|https://www.theregister.co.uk/2017/12/05/unsecured_s3_bucket_discovery_tools/]]|Detection AWS|
|2017.12.04|//Aqua Security//|[[Survey: DevSecOps Own Enterprise Containerized Application Security|https://blog.aquasec.com/devsecops-are-todays-rising-star-of-tomorrows-secured-containerized-applications]] (2/2) ([[rapport|https://cta-redirect.hubspot.com/cta/redirect/1665891/3a8d41a7-7708-4434-80fe-9ec9c5bf565e]])|Survey Aqua Containers|
|2017.12.01|SC Mag|[[Stanford University server exposes data of 10,000 staffers|https://www.scmagazine.com/home/network-security/stanford-university-server-exposes-data-of-10000-staffers/]]|Data_Leaks|
!"//AWS Cloud: Proactive Security and Forensic Readiness - Part 1//"
[>img(200px,auto)[iCSA_/417070-cropped.jpg]]Article de blog publié le 11 décembre 2017 — Rédigé par Neha Thethi, Information Security Analyst, BH Consulting
<<<
__''Gestion des identités et des accès dans AWS — Première partie 1''__
//This is the first in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to identity and access management in AWS.
In a recent study by Dashlane regarding password strength, AWS was listed as an organization that supports weak password rules. However, AWS has numerous features that enable granular control for access to an account's resources by means of the Identity and Access Management (IAM) service. IAM provides control over who can use AWS resources (authentication) and how they can use those resources (authorization).
The following list focuses on limiting access to, and use of, root account and user credentials; defining roles and responsibilities of system users; limiting automated access to AWS resources; and protecting access to data stored in storage buckets - including important data stored by services such as CloudTrail.//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2017/12/11/aws-cloud-proactive-security-forensic-readiness-part-1/]] sur le blog de la CSA
⇒Lien original : http://bhconsulting.ie/identity-access-management-aws/
!"//AWS Cloud: Proactive Security & Forensic Readiness//"
[>img(200px,auto)[iCSA_/417070-cropped.jpg]]Article de blog publié le 1er décembre 2017 -- Rédigé par Neha Thethi, Information Security Analyst, BH Consulting
<<<
__''Sécurité proactive et niveau de préparation à l'analyse forensique dans AWS''__
//This post kicks off a series examining proactive security and forensic readiness in the AWS cloud environment.
In a time where cyber-attacks are on the rise in magnitude and frequency, being prepared during a security incident is paramount. This is especially crucial for organisations adopting the cloud for storing confidential or sensitive information.
This blog is an introduction to a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment.
__Cyber-attack via third party services__
A number of noteworthy information security incidents and data breaches have come to light recently that involve major organisations being targeted via third-party services or vendors. Such incidents are facilitated in many ways, such as a weakness or misconfiguration in the third-party service, or more commonly, a failure to implement or enable existing security features.//
[...]
__Five-part best practice checklist__
//The blog series will offer the following five-part best practice checklists, for proactive security and forensic readiness in AWS Cloud.//
# //Identity and Access Management in AWS//
# //Infrastructure Level Protection in AWS//
# //Data Protection in AWS//
# //Detective Controls in AWS//
# //Incident Response in AWS//
[...]
<<<
⇒ Lire [[l'original|https://blog.cloudsecurityalliance.org/2017/12/01/aws-cloud-proactive-security-forensic-readiness/]] sur le blog de la CSA
⇒Lien original : http://bhconsulting.ie/aws-cloud-proactive-security-forensic-readiness-five-part-best-practice/
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2017.11.29|//MacAfee//|[[Eight Security Capabilities You Need to Protect Your Amazon Web Services Infrastructure|https://www.skyhighnetworks.com/cloud-security-blog/eight-security-capabilities-you-need-to-protect-your-amazon-web-services-infrastructure/]]|AWS Protect|
|2017.11.29|//Aqua Security//|[[Securing Struts in AWS Fargate|https://blog.aquasec.com/securing-struts-in-aws-fargate]]|Struts Protection|
|2017.11.28|//Talos / Cisco //|[[ROKRAT Reloaded|https://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html]]|Malware|
|2017.11.27|Dejan Zelic|![[Using DNS to Break Out of Isolated Networks in a AWS Cloud Environment|https://dejandayoff.com/using-dns-to-break-out-of-isolated-networks-in-a-aws-cloud-environment/]]|AWS DNS Exfiltration|
|2017.11.27|//Nuageo//[>img[iCSF/flag_fr.png]]|[[RGPD en pratique : un règlement pour relancer la confiance ?|https://www.nuageo.fr/2017/11/rgpd-relancer-la-confiance/]]|GDPR|
|2017.11.27|//Sysdig//|[[Kubernetes Security: How to harden internal kube-system services (4/4)|https://sysdig.com/blog/kubernetes-security-harden-kube-system/]]|K8s|
|2017.11.23|Nino Crudele|[[AzureLeap - Azure Cyber Security and threats guideline|https://ninocrudele.com/azure-cyber-security-and-threats-guideline]]|AzureLeap|
|2017.11.27|//CyberArk//|![[Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps|https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps]] |Attack Authentication|
|2017.11.27|//CyberArk//|[[shimit: a python tool that implements the Golden SAML attack|https://github.com/cyberark/shimit]]|Attack Authentication Tools |
|2017.11.17|Forrester|[[The Forrester Wave™: Identity-As-A-Service, Q4 2 017|https://www.idaptive.com/sites/default/files/resources/downloads/The%20Forrester%20Wave%E2%84%A2_%20Identity-As-A-Service%2C%20Q4%202017.pdf]]|Report|
|2017.11.16|//Kromtech//|[[Australian Broadcasting Corporation Exposed Sensitive Data Online|https://kromtech.com/blog/security-center/australian-broadcasting-corporation-exposed-sensitive-data-online]]|Data_Leaks|
|2017.11.15|//Gartner//|![[G00342344 : Implementing Disaster Recovery for Public Cloud IaaS-Based Workloads|https://www.gartner.com/en/documents/3829463/implementing-disaster-recovery-for-public-cloud-iaas-bas]]|DRaaS|
|2017.11.14|//MacAfee//|[[How to Eliminate your AWS GhostWriter Exposure by Understanding S3 Bucket Permissions|https://www.skyhighnetworks.com/cloud-security-blog/how-to-eliminate-your-aws-ghostwriter-exposure-by-understanding-s3-bucket-permissions/]]|AWS Protect|
|2017.11.13|//Aqua Security//|![[10 Top Talks and Resources About DevSecOps|https://blog.aquasec.com/10-top-talks-and-resources-about-devsecops]]|DevSecOps|
|2017.11.08|Infosec Island|[[4 Questions Businesses Must Ask Before Moving Identity into the Cloud|http://www.infosecisland.com/blogview/25005-4-Questions-Businesses-Must-Ask-Before-Moving-Identity-into-the-Cloud.html]]|Cloud Misc.|
|2017.11.06|//Aqua Security//|[[Survey Reveals: Detecting Vulnerabilities in Images and Managing Secrets Are Top Focus|https://blog.aquasec.com/container-security-in-the-enterprise-survey-part-one]] (1/2) ([[rapport|https://cta-redirect.hubspot.com/cta/redirect/1665891/3a8d41a7-7708-4434-80fe-9ec9c5bf565e]]|Survey Aqua Containers|
|2017.11.06|//Amazon//|![[New Amazon S3 Encryption & Security Features|https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/]]|AW3_S3 Encryption|
|2017.11.06|//Threatpost//|[[Data Pours from Cloud - And 'The Enemy is Us'|https://threatpost.com/data-pours-from-cloud-and-the-enemy-is-us/128747/]]|Misconfigurations|
|2017.11.02|SC Mag|[[Another misconfigured Amazon S3 server leaks data of 50,000 Australian employees|https://www.scmagazine.com/home/network-security/another-misconfigured-amazon-s3-server-leaks-data-of-50000-australian-employees/]]|AWS Data_Leak|
|2017.11.01|//MacAfee//|[[Skyhigh Discovers GhostWriter: MITM Exposure In Cloud Storage Services|https://www.skyhighnetworks.com/cloud-security-blog/skyhigh-discovers-ghostwriter-a-pervasive-aws-s3-man-in-the-middle-exposure/]]|Attacks|
!"GDPR: What is Means for US-Based Companies"
<<<
//This article focuses primarily on the obligations faced by companies whose principal business establishment is located outside the European Union (EU) and the European Economic Area (EEA).
[...]
The US stands to be affected directly by the GDPR because the new privacy model applies to any enterprise in the world that targets the European market in offering goods or services or profiles European citizens, and as a result, must process the personal data drawn from those member states.//
<<<
__Table des Matières__
<<<
* Overview
* How It Will Affect US-Based Companies
* Data Breach Notification
* Data Protection Officer
* Consent
* Data Transfers Across Borders
* Right To Be Forgotten And Data Portability
* Vendor Management
* Pseudonymization
* Code Of Conduct And Certifications
* Enforcement And Fines
* Conclusion
* Getting Started
<<<
__Liens :__
* Annonce → https://gdpr.cloudsecurityalliance.org/resource-center/schellman-gdpr-what-it-means-for-us-based-companies
* Document PDF → http://www.csa-gdpr-build.s3-website-us-east-1.amazonaws.com/artifact/Schellman_GDPR_What_It_Means_for_US-based_Companies.pdf
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2017.10.31|SANS|[[Cloud Security: Defense in Detail if Not in Depth|https://www.sans.org/reading-room/whitepapers/analyst/cloud-security-defense-detail-in-depth-38120]]|Analysis Misc.|
|2017.10.30|Jericho Forum|![[The Jericho Cloud Cube Model|https://cloudman.fr/2017/10/30/the-jericho-cloud-cube-model/]]|Governance|
|2017.10.28|//Virtue Security//|[[AWS Penetration Testing Part 2. S3, IAM, EC2|https://www.virtuesecurity.com/aws-penetration-testing-part-2-s3-iam-ec2/]]|AWS PenTesting|
|2017.10.28|//Virtue Security//|[[AWS Penetration Testing Part 1. S3 Buckets|https://www.virtuesecurity.com/aws-penetration-testing-part-1-s3-buckets/]]|AWS PenTesting|
|2017.10.26|//Kromtech//|[[Securing Rsync|https://kromtech.com/blog/security-center/securing-rsync]]|[[Tools|GitHub-Tools]]|
|2017.10.24|AWS Insider|[[Researchers Launch Open Source Tool To Protect Amazon S3 Buckets|https://awsinsider.net/articles/2017/10/24/kromtech-tool-to-protect-amazon-s3.aspx]]|AWS AWS|
|2017.10.24|Cybersecurity Insiders|[[Top 5 Cloud Security related Data Breaches!|https://www.cybersecurity-insiders.com/top-5-cloud-security-related-data-breaches/]]|DataBreach|
|2017.10.23|Medium|[[How We Built an Intrusion Detection System on AWS using Open Source Tools|https://medium.com/vtion-ai/how-we-built-an-intrusion-detection-system-on-aws-using-open-source-tools-8b755e965d54]]|AWS Detection|
|2017.10.23|//Rancher Labs//|[[Comparing 10 Docker Container Monitoring Solutions for Rancher|https://rancher.com/comparing-10-container-monitoring-solutions-rancher/]]|Containers Monitoring|
|2017.10.20|Infosec Island|[[Calming the Complexity: Bringing Order to Your Network |http://www.infosecisland.com/blogview/24996-Calming-the-Complexity-Bringing-Order-to-Your-Network.html]]|Cloud Misc.|
|2017.10.17|//Firemon//|[[Top 10 Things CSPs Need to Know about FedRAMP Authorization on Amazon Web Services|https://www.coalfire.com/The-Coalfire-Blog/October-2017/Top-10-Things-CSPs-Need-to-Know-FedRAMP-on-AWS]]|FedRAMP AWS|
|2017.10.17|//Rancher Labs//|[[What is a CaaS? Containers as a Service, Defined|https://rancher.com/caas-containers-service-defined/]]|Containers|
|2017.10.13|Infosec Island|[[Why Cloud Security Is a Shared Responsibility|http://www.infosecisland.com/blogview/24988-Why-Cloud-Security-Is-a-Shared-Responsibility.html]]|Cloud Misc.|
|2017.10.10|Solutions Review|[[What's Holding Cloud Security Back?|https://solutionsreview.com/cloud-platforms/whats-holding-cloud-security-back/]]|Misc|
|2017.10.10|//Nuageo//[>img[iCSF/flag_fr.png]]|[[La confiance à l'ère du digital : c'est pas Byzance !|https://www.nuageo.fr/2017/10/confiance-a-lere-digital-cest-byzance/]]|Trust|
|2017.10.10|//Kromtech//|[[Kromtech Security Center Releases S3 Inspector for Amazon S3 Users|https://kromtech.com/blog/security-center/kromtech-security-center-releases-s3-inspector-for-amazon-s3-users]]|AWS [[Tools|Tools-GitHub]]|
|2017.10.09|//Rancher Labs//|[[Containers vs. Serverless Computing|https://rancher.com/containers-vs-serverless-computing/]]|Containers Serveless|
|2017.10.06|//Microsoft//|![[The cloud powers greater cyber resilience|https://blogs.microsoft.com/on-the-issues/2017/10/06/cloud-powers-greater-cyber-resilience/]]|Resilience|
|2017.10.06|//Skyhigh Networks//|[[Skyhigh Discovers Ingenious New Attack Scheme on O365 System Accounts|https://www.skyhighnetworks.com/cloud-security-blog/skyhigh-discovers-ingenious-new-attack-scheme-on-office-365/]]|Attack O365|
|2017.10.05|//RedLock//|[[RedLock Report Indicates Data Breaches in the Cloud Will Continue to Rise|https://redlock.io/news/redlock-report-indicates-data-breaches-cloud-will-continue-rise]]|Report|
|2017.10.04|//StackRox//|[[Why a move to containers means a giant leap forward for incident response|https://www.stackrox.com/post/2017/10/why-a-move-to-containers-means-a-giant-leap-forward-for-incident-response/]]|Container Incident|
|2017.10.04|//Proofpoint//|[[GDPR, PSD2, and NIS: The Role of Security Awareness Training|https://www.proofpoint.com/us/security-awareness/post/gdpr-psd2-and-nis-role-security-awareness-training]]|NISD GDPR PSD2|
|2017.10.02|The Linux Foundation|[[Secure Your Container Data With Ephemeral Docker Volumes|https://www.linux.com/audience/devops/secure-your-container-data-ephemeral-docker-volumes/]]|Docker Cotainer|
!"Code of Conduct (CoC): Statement of Adherence 3rd Party Certification"
<<<
CSA PLA Code of Conduct for GDPR Compliance provides a consistent and comprehensive framework for complying with the EU's GDPR. The CSA PLA Code of Conduct for GDPR Compliance is designed to be an appendix to a Cloud Services Agreement to describe the level of privacy protection that a Cloud Service Provider will provide.
<<<
__Liens :__
* Annonce → https://gdpr.cloudsecurityalliance.org/resource-center/pla-code-of-conduct-coc-statement-of-adherence-3rd-party-certification
* Document PDF → http://www.csa-gdpr-build.s3-website-us-east-1.amazonaws.com/artifact/CoC_GDPR_Annex_2b_Statement_of_Adherance_PLA_CoC_Certification_Template.pdf
!"Top Threats to Cloud Computing Plus: Industry Insights"
__''Description :''__[>img(150px,auto)[iCSA_/2017-top-threats-12.jpg]]
Exemples de 21 incidents de sécurité lié au Cloud Computing, et utilisation du modèle ''STRIDE'' de Microsoft
* S → //''S''poofing identity// → Usurpation d'identité
* T → //''T''ampering with data// → Altération de données
* R → //''R''epudiation// → Répudiation
* I → //''I''nformation Disclosure// → Divulgation d'information
* D → //''D''enial of service// → Déni de service
* E → //''E''levation of privilege// → Élévation de privilèges
__Liens :__
* Annonce → https://cloudsecurityalliance.org/download/top-threats-cloud-computing-plus-industry-insights/
* Document PDF → https://downloads.cloudsecurityalliance.org/assets/research/top-threats/treacherous-12-top-threats.pdf
* Le modèle ''STRIDE'' → https://social.technet.microsoft.com/wiki/contents/articles/51078.comprendre-le-modele-stride-fr-fr.aspx
!"Cloud Controls Matrix (CCM) v3.0.1"
__''Description :''__[>img(150px,auto)[iCSA/CCM.png]]
//The CCM, the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing. CCM is currently considered a de-facto standard for cloud security assurance and compliance.//
__Lien :__
:→ https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2017.09.25|Bleeping Computer|[[7% of All Amazon S3 Servers Are Exposed, Explaining Recent Surge of Data Leaks|https://www.bleepingcomputer.com/news/security/7-percent-of-all-amazon-s3-servers-are-exposed-explaining-recent-surge-of-data-leaks/]] |AWS_S3 Data_Leak|
|2017.09.22|//Kromtech//|[[Protect your S3 bucket in a right way|https://kromtech.com/blog/security-center/protect-your-s3-bucket-in-a-right-way]]|AWS|
|2017.09.22|//Kromtech//|[[Verizon Wireless Employee Exposed Confidential Data Online|https://kromtech.com/blog/security-center/verizon-wireless-employee-exposed-confidential-data-online]]|Data_Leaks|
|2017.09.21|//StackRox//|[[Clearing the enterprise's path to the public cloud with container security|https://www.stackrox.com/post/2017/09/clearing-the-enterprises-path-to-the-public-cloud-with-container-security/]]|Container|
|2017.09.21|//Optiv//|![[Six Key Alignments for CISO's on Cloud Security|https://www.optiv.com/blog/six-key-alignments-for-cisos-on-cloud-security]]|Risks|
|2017.09.20|//Rancher Labs//|[[The Similarities and Differences Between Windows and Linux Containers|https://rancher.com/the-similarities-and-differences-between-windows-and-linux-containers/]]|Containers|
|2017.09.17|//Blendle Engineering//|![[Protecting our mission-critical domain names|https://blendle.engineering/protecting-our-mission-critical-domain-names-e9807db9d84c]] |!DNS|
|2017.09.14|//Microsoft//|[[Essential role of cloud computing in cyber resilience and digital continuity|https://www.microsoft.com/en-us/cybersecurity/content-hub/essential-role-of-cloud-computing-in-cyber-resilience-and-digital-continuity]] ([[document associé|https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE1Fluk]])|Residency|
|2017.09.13|//Rapid7//|[[Container Security Assessment in InsightVM|https://blog.rapid7.com/2017/09/13/container-security-assessment-in-insightvm/]]|Containers Tools|
|2017.09.10|//Microsoft//|Livre Blanc [[Advancing cyber resilience with cloud computing|https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWeEwf]]|Resilience|
|2017.09.08|//Outpost24//|[[Improve Security of Docker, Containers, and Microservices|https://outpost24.com/blog/Improve-Security-Docker-Containers-Microservices]]|Container Docker|
|2017.09.07|//Outpost24//|[[The Google Cloud Platform security|https://outpost24.com/blog/the-google-cloud-platform-security]]|Google|
|2017.09.06|SANS|[[A Technical Approach at Securing SaaS using Cloud Access Security Brokers|https://www.sans.org/reading-room/whitepapers/cloud/technical-approach-securing-saas-cloud-access-security-brokers-37960]]|Analysis Misc.|
|2017.09.02|Accounting Today|[[What happened at Cloudnine|https://www.accountingtoday.com/opinion/the-tech-take-what-happened-at-cloudnine]]|Attacks|
!"EU General Data Protection Regulation: What Impact for Businesses Established Outside the EU and EEA"
Document rédigé par Françoise Gilbert, Greenberg Traurig LLP
<<<
//This article focuses primarily on the obligations faced by companies whose principal business establishment is located outside the European Union (EU) and the European Economic Area (EEA).//
<<<
__Liens :__
* Annonce → https://gdpr.cloudsecurityalliance.org/resource-center/eu-general-data-protection-regulation-impact
* Document PDF → http://www.csa-gdpr-build.s3-website-us-east-1.amazonaws.com/artifact/EU_GDPR_Impact_for_Businesses-Established_Outside_the_EU_and_EEA.pdf
!Survey Report: "Beyond the General Data Protection Regulation (GDPR)"
Résultat du sondage publié par McAfee.
<<<
//Data residency insights from around the world. This study reveals the top data protection concerns and strategies of more than 800 senior business professionals from eight countries and a range of industries. Beyond the European Union's General Data Protection Regulation (GDPR) and other regulatory developments, enterprises think data privacy can create competitive advantage. What drives their decisions and investments in data management? Do they place their faith in cloud providers? Are they prepared to meet regulatory mandates and exceed customer expectations?//
<<<
__Liens :__
* Annonce → https://gdpr.cloudsecurityalliance.org/resource-center/beyond-the-general-data-protection-regulation-gdpr
* Document PDF → http://www.csa-gdpr-build.s3-website-us-east-1.amazonaws.com/artifact/CoC_GDPR_Annex_2b_Statement_of_Adherance_PLA_CoC_Certification_Template.pdf
|!Août|!Sources|!Titres et Liens|!Keywords|
|2017.08.29|CSA UK|[[Cloud integration and portability|http://www.cloudsecurityalliance.org.uk/blog/cloudintegrationandportability]]|Portability|
|2017.08.29|The Linux Foundation|[[Hardening Docker Hosts with User Namespaces|https://www.linux.com/audience/devops/hardening-docker-hosts-user-namespaces/]]|Docker Hardening|
|2017.08.29|//Backblaze//|[[Hard Drive Stats for Q2 2017|https://www.backblaze.com/blog/hard-drive-failure-stats-q2-2017/]]|Reliability|
|2017.08.24|//Outpost24//|[[Top 10 Microsoft Azure security best practices|https://outpost24.com/blog/top-10-microsoft-azure-best-security-practices]]|AWS|
|2017.08.23|//Microsoft//|[[Microsoft's perspective on cyber resilience|https://cloudblogs.microsoft.com/microsoftsecure/2017/08/23/microsoft-perspective-on-cyber-resilience/]]|Resilience|
|2017.08.18|Techrepublic|[[Microsoft cloud cybersecurity attacks up 300% in last year, report says|https://www.techrepublic.com/article/microsoft-cloud-cybersecurity-attacks-up-300-in-last-year-report-says/]]|Report|
|2017.08.17|//StackRox//|[[CSI: Container Edition - forensics in the age of containers|https://www.stackrox.com/post/2017/08/csi-container-edition-forensics-in-the-age-of-containers/]]|Container Forensics|
|2017.08.17|//AWS//|![[Building a Cloud-Specific Incident Response Plan|https://aws.amazon.com/blogs/publicsector/building-a-cloud-specific-incident-response-plan/]]|Incident_Response|
|2017.08.14|SANS|[[Packet Capture on AWS|https://www.sans.org/reading-room/whitepapers/cloud/packet-capture-aws-37905]]|Analysis Misc.|
|2017.08.10|//StackRox//|[[Hardening Docker Containers With Docker Security Best Practices|https://www.stackrox.com/post/2017/08/hardening-docker-containers-and-hosts-against-vulnerabilities-a-security-toolkit/]]|Docker Hardening|
|2017.08.08|//StackRox//|[[Protecting against containerized web app attacks|https://www.stackrox.com/post/2017/08/protecting-against-containerized-web-app-attacks/]]|Attacks|
|2017.08.02|Infosec Island|[[How to Choose the Right Data Protection Strategy |http://www.infosecisland.com/blogview/24961-How-to-Choose-the-Right-Data-Protection-Strategy-.html]]|Cloud Misc.|
|2017.08.01|//Rancher Labs//|[[Container Security Tools Breakdown|https://rancher.com/container-security-tools-breakdown/]]|Containers Tools|
!"CCSK v4 Exam Preparation Kit"
__''Description :''__[>img(200px,auto)[iCSA/H8UBCCSK.png]]
Le paquet d'autoformation ("//CCSKv4_Exam_Preparation_Kit.zip//", 2,3 Mo) est constitué de 4 documents au format 'PDF' :
# "read-me-first.pdf" : 1 page de Foire aux Questions
# "ccsk-prep-guide.pdf" : 6 pages de présentation et de liens
# "ccsk_v4_sample_questions.pdf" : 1 page d'exemples de questions posées lors de l'examen
# "Cloud Computing Security Risk Assessment.pdf" : le document "Cloud Computing - Benefits, risks and recommendations for information security" de l'ENISA (125 pages)
__Liens de téléchargement :__
* Accueil → https://cloudsecurityalliance.org/artifacts/ccskv4_exam_prep_kit
* Lien direct → https://cloudsecurityalliance.org/download/artifacts/ccskv4_exam_prep_kit/
!"CCSK v3 Exam Preparation Kit"
__''Description :''__[>img(200px,auto)[iCSA/H8UBCCSK.png]]
Le paquet d'autoformation ("//CCSK_Exam_Preparation_Kit.zip//", 1,8 Mo) est constitué de 3 documents au format 'PDF' :
# "01-CCSK_Preparation_Guide.pdf" : 4 pages de présentation et de liens
# "02-CCSK_Sample_Questions.pdf" : 1 page d'exemples de questions posées lors de l'examen
# "03-Cloud_Computing_Security_Risk_Assessment.pdf" : le document "Cloud Computing - Benefits, risks and recommendations for information security" de l'ENISA (125 pages)
__Liens de téléchargement :__
* Accueil → https://cloudsecurityalliance.org/artifacts/ccsk_exam_prep_kit
* Lien direct → https://cloudsecurityalliance.org/download/artifacts/ccsk_exam_prep_kit/
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
[>img(100px,auto)[iCSA_/17-IMICR.jpg]]__''Improving Metrics in Cyber Resiliency''__
__Lien : __
* ⇒ téléchargement : https://cloudsecurityalliance.org/artifacts/improving-metrics-in-cyber-resiliency/
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|2017.07.31|//Aqua Security//|[[Protecting PII in Container Environments for PCI and GDPR Compliance|https://blog.aquasec.com/protecting-pii-in-container-environments-for-pci-and-gdpr-compliance]]|Containers Compliance GDPR PCI|
|2017.07.27|//CloudSploit//|[[Introducing: S3 Security Visualizer|https://blog.cloudsploit.com/introducing-s3-security-visualizer-9f0c9df1073e]]|AWS Tools|
|2017.07.27|PostMortem Security|[[Security Group Poop|https://postmodernsecurity.com/2017/07/27/security-group-poop/]]|AWS SecurityGroups|
|2017.07.24|//Aqua Security//|[[Why Container Security Matters for PCI Compliant Organizations|https://blog.aquasec.com/why-container-security-matters-for-pci-compliant-organizations]]|Containers Compliance PCI|
|2017.07.20|Infosec Island|[[How Does UC in the Cloud Impact Your Security Posture?|http://www.infosecisland.com/blogview/24956-How-Does-UC-in-the-Cloud-Impact-Your-Security-Posture.html]]|Cloud Misc.|
|2017.07.20|//Skyhigh Networks//|[[Skyhigh Discovers Super Sneaky Brute Force Attack on High-Value O365 Accounts|https://www.skyhighnetworks.com/cloud-security-blog/skyhigh-discovers-a-targeted-brute-force-attack-on-enterprise-customers/]]|Attack O365|
|2017.07.20|CSO Online|[[Lacework unmasks hidden attackers amid data center and cloud chaos|https://www.csoonline.com/article/3208110/lacework-unmasks-hidden-attackers-amid-data-center-and-cloud-chaos.html]]|Attacks|
|2017.07.20|SANS|[[Automating Cloud Security to Mitigate Risk|https://www.sans.org/reading-room/whitepapers/analyst/automating-cloud-security-mitigate-risk-37880]]|Analysis Misc.|
|2017.07.13|//Detectify//|[[AWS S3 Misconfiguration Explained - And How To Fix It|https://blog.detectify.com/2017/07/13/aws-s3-misconfiguration-explained-fix/]]|AWS Misconfigurations|
|2017.07.13|//Detectify//| → [[A deep dive into AWS S3 access controls - taking full control over your assets|https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/]]|AWS Misconfigurations|
|2017.07.12|//Coalfire//|[[Getting cert-y with all-5 AWS certs|https://www.coalfire.com/The-Coalfire-Blog/July-2017/Getting-cert-y-with-all-5-AWS-certs]]|Certification|
|2017.07.11|Olivier Iteanu|[[RGPD / GDPR, je notifie, tu notifies …|https://blog.iteanu.law/index.php?post/2017/07/11/RGPD-/-GDPR%2C-je-notifie%2C-tu-notifies-%E2%80%A6]]|RGPD|
|2017.07.10|//Aqua Security//|[[Kube-Bench: An Open Source Tool for Running Kubernetes CIS Benchmark Tests|https://blog.aquasec.com/announcing-kube-bench-an-open-source-tool-for-running-kubernetes-cis-benchmark-tests]]|K8s CIS_Benchmark|
|2017.07.06|//CloudSploit//|[[The Importance of Continual Auditing in the Cloud|https://blog.cloudsploit.com/the-importance-of-continual-auditing-in-the-cloud-8d22e0554639]]|Audit|
|2017.07.06|//Twistlock//|[[The Ultimate Guide to Container Security|https://www.twistlock.com/2017/07/06/ultimate-guide-container-security/]]|Containers|
|2017.07.05|DZone|[[How to Avoid the Cloud Trap|https://dzone.com/articles/how-to-avoid-the-cloud-trap]]|Misc|
|2017.07.05|//Shared Assessment//|[[Applying a Risk Management Approach to Evaluating Cloud Technologies|https://sharedassessments.org/applying-a-risk-management-approach-to-evaluating-cloud-technologies/]]|Risk_Assessment|
|2017.07.03|//Aqua Security//|[[Keys, Tokens and Too Much Trust Found in Popular Container Images|https://blog.aquasec.com/container-secrets-keys-tokens-and-too-much-trust-found-in-popular-container-images]]|Containers|
|!Juin|!Sources|!Titres et Liens|!Keywords|
|2017.06.27|SANS|[[Zero-Touch Detection and Investigation of Cloud Breaches: A Review of Lacework's Cloud Workload Security Platform|https://www.sans.org/reading-room/whitepapers/analyst/zero-touch-detection-investigation-cloud-breaches-review-laceworks-cloud-workload-security-platform-37840]]|Analysis Misc.|
|2017.06.15|SANS|[[Testing Web Apps with Dynamic Scanning in Development and Operations|https://www.sans.org/reading-room/whitepapers/analyst/testing-web-apps-dynamic-scanning-development-operations-37820]]|Analysis Misc.|
|2017.06.07|SANS|[[Security by Design: The Role of Vulnerability Scanning in Web App Security|https://www.sans.org/reading-room/whitepapers/analyst/security-design-role-vulnerability-scanning-web-app-security-37810]]|Analysis Misc.|
|2017.06.20|//AWS//|[[Incident Response in the Cloud (119678)|https://www.youtube.com/watch?v=ZyeTSI900zw]] (vidéo)|AWS Incident_Response|
|2017.06.12|//Shared Assessment//|[[Evaluating Cloud Risk for the Enterprise - An Updated Shared Assessments Guide|https://sharedassessments.org/evaluating-cloud-risk-for-the-enterprise-an-updated-shared-assessments-guide/]] ([[pdf|https://22dyr93oemmu1f89w73y1wlh-wpengine.netdna-ssl.com/wp-content/uploads/2017/06/SA_Best-Prac-Enterprise-Cloud-WP-061217-FINAL.pdf]])|Risks|
|2017.06.07|SecurityWeek|[[Popular Chat Platforms Can Serve as C&C Servers: Researchers|https://www.securityweek.com/popular-chat-platforms-can-serve-cc-servers-researchers]]|Misc|
|2017.06.07|//Trendmicro//|[[How Cybercriminals Can Abuse Chat Platform APIs as C&C Infrastructures|https://documents.trendmicro.com/assets/wp/wp-how-cybercriminals-can-abuse-chat-platform-apis-as-cnc-infrastructures.pdf]]|Report|
|2017.06.07|//Rancher//|[[Focus on Services, Not on Containers|https://rancher.com/focus-services-not-containers/]]|Containers|
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2017.05.30|//Twistlock//|[[The How and Why of Shift-Left Security|https://www.twistlock.com/2017/05/31/shift-left-security/]]|DevSecOps|
|2017.05.30|//Securosis//|[[DLP in the Cloud|https://securosis.com/blog/dlp-in-the-cloud]]|DLP|
|2017.06.27|Matt Wade|[[How it's made: Periodic Table of Office 365|https://www.linkedin.com/pulse/how-its-made-periodic-table-office-365-matt-wade/]]|O365|
|2017.06.27|//Netwrix//|[[Office 365: Configuring User Passwords to Never Expire|https://blog.netwrix.com/2017/05/25/office-365-configuring-user-passwords-to-never-expire/]]|O365|
|2017.05.24|Linux Freelancer|![[Cloud service providers IP ranges - AWS, Azure and GCP|https://linuxfreelancer.com/cloud-service-providers-ip-ranges-aws-azure-and-gcp]]|IP_Address|
|2017.05.24|Infosec Island|[[Cloud Control: Key Points to Consider When Going to the Cloud|http://www.infosecisland.com/blogview/24932-Cloud-Control-Key-Points-to-Consider-When-Going-to-the-Cloud.html]]|Cloud Misc.|
|2017.05.23|//Outpost24//|[[Docker Vulnerabilities, Failures and Issues|https://outpost24.com/blog/docker-vulnerabilities-failures-and-issues]]|Docker|
|2017.05.22|//Aqua Security//|[[CIS Benchmark for Kubernetes 1.6|https://blog.aquasec.com/cis-benchmark-for-kubernetes-security]]|K8s CIS_Benchmark|
|2017.05.22|//Twistlock//|[[The Ultimate Guide to Container Orchestrators|https://www.twistlock.com/2017/05/22/container-orchestrators/]]|Containers Orchestration|
|2017.05.19|IT Security Expert|[[How to Stay Safe in the Cloud |https://blog.itsecurityexpert.co.uk/2017/05/how-to-stay-safe-in-cloud.html]]|Misc|
|2017.05.12|Infosec Island|[[Convenience vs. Control: Achieving the Right Security Balance|http://www.infosecisland.com/blogview/24925-Convenience-vs-Control-Achieving-the-Right-Security-Balance.html]]|Cloud Misc.|
|2017.05.09|Infosec Island|[[Cloud-Based Access Governance: Organizational Continuity Achieved|http://www.infosecisland.com/blogview/24919-Cloud-Based-Access-Governance-Organizational-Continuity-Achieved.html]]|Cloud Misc.|
|2017.05.09|//Backblaze//|[[Hard Drive Stats for Q1 2017|https://www.backblaze.com/blog/hard-drive-failure-rates-q1-2017/]]|Reliability|
|2017.05.09|//Coalfire//|[[SOC 2 Type 1 and SOC 2 Type 2 Frequently Asked Questions|https://www.coalfire.com/The-Coalfire-Blog/May-2017/FAQ-SOC2-Type2-SOC2-Type1]]|SOC2|
|2017.05.07|Matt Wade|[[The Periodic Table of Office 365|https://www.linkedin.com/pulse/everyday-intro-office-365-matt-wade/]]|O365|
|2017.05.05|Infosec Island|[[To Tackle IoT Security's Murky Future, We Need Only to Look to the Past|http://www.infosecisland.com/blogview/24922-To-Tackle-IoT-Securitys-Murky-Future-We-Need-Only-to-Look-to-the-Past.html]]|Cloud Misc.|
|2017.05.02|//Rancher//|[[How to Monitor and Secure Containers in Production|https://rancher.com/monitor-secure-containers-production/]]|Containers|
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
[>img(100px,auto)[iCSA_/17-OAROCVS.png]]__''Observations and Recommendations on Connected Vehicle Security''__
<<<
//The introduction of Connected Vehicles (CVs) has been discussed for many years. Pilot implementations currently underway are evaluating CV operations in realistic municipal environments. CVs are beginning to operate in complex environments composed of both legacy and modernized traffic infrastructure. Security systems, tools and guidance are needed to aid in protecting CVs and the supporting infrastructure. //
<<<
__Lien : __
* ⇒ téléchargement : https://cloudsecurityalliance.org/artifacts/connected-vehicle-security/
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2017.04.28|Infosec Island|[[SWIFT Attacks are Evolving - Is Your Segmentation Strategy?|http://www.infosecisland.com/blogview/24916-SWIFT-Attacks-are-Evolving-Is-Your-Segmentation-Strategy.html]]|Cloud Misc.|
|2017.04.27|US-CERT|[[Alert (TA17-117A) - Intrusions Affecting Multiple Victims Across Multiple Sectors|https://www.us-cert.gov/ncas/alerts/TA17-117A]] (mise à jour le 20 décembre 2018)|Attacks APT|
|2017.04.27|US-CERT| → [[IR-ALERT-MED-17-093-01C - Intrusions Affecting Multiple Victims Across Multiple Sectors (pdf)|https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01C-Intrusions_Affecting_Multiple_Victims_Across_Multiple_Sectors.pdf]]|Attacks APT|
|2017.04.27|US-CERT| → [[IR-ALERT-MED-17-093-01C - Indicators of compromise (xlsx)|https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01C.xlsx]]|Attacks APT|
|2017.04.27|US-CERT| → [[IR-ALERT-MED-17-093-01C - Indicators of compromise (xml - STIX)|https://www.us-cert.gov/sites/default/files/publications/IR-ALERT-MED-17-093-01-C.XML]]|Attacks APT|
|2017.04.26|CircleID|[[The Sysadmin's Guide to Securing Your SaaS Apps|http://www.circleid.com/posts/20170426_the_sysadmins_guide_to_securing_your_saas_apps/]] |SaaS|
|2017.04.26|Infosec Island|[[We Can't Control Devices and People, but We Can Control the Network|http://www.infosecisland.com/blogview/24915-We-Cant-Control-Devices-and-People-but-We-Can-Control-the-Network.html]]|Cloud Misc.|
|2017.04.17|//Aqua Security//|[[Container Security Automation: Keeping Up With The DevOps Crowd|https://blog.aquasec.com/container-security-automation-keeping-up-with-the-devops-crowd]]|Containers|
|2017.04.15|//Aqua Security//|[[DevOps Terms Security Pros Need to Know|https://blog.aquasec.com/devops-terms-security-pros-need-to-know]]|Thesaurus|
|2017.04.13|Infosec Institute|[[Attacking the Cloud|https://resources.infosecinstitute.com/attacking-the-cloud/]]|Attacks|
|2017.04.13|Infosec Island|[[What Is Your Security Canary?|http://www.infosecisland.com/blogview/24912-What-Is-Your-Security-Canary.html]]|Cloud Misc.|
|2017.04.07|//Aqua Security//|![[Containers - The Dr. Jekyll and Mr. Hyde of Security|https://blog.aquasec.com/rsac-2017-presentation-video-containers-the-dr.-jekyll-and-mr.-hyde-of-security]] ([[vidéo|https://youtu.be/_5uZnM1yv0Y]])|Containers|
|2017.04.06|Infosec Island|[[Cybersecurity Industry Must Adopt Cyberdefense Tech that Utilizes Analytics, Artificial Intelligence|http://www.infosecisland.com/blogview/24904-Cybersecurity-Industry-Must-Adopt-Cyberdefense-Tech-that-Utilizes-Analytics-Artificial-Intelligence.html]]|Cloud Misc.|
|2017.04.06|Infosec Island|[[4 Things that Make Cloud Compliance Harder Than You Think |http://www.infosecisland.com/blogview/24906-4-Things-that-Make-Cloud-Compliance-Harder-Than-You-Think-.html]]|Cloud Misc.|
|2017.04.04|//Nuageo//[>img[iCSF/flag_fr.png]]|![[Construire un écosystème de confiance dans le Cloud|https://www.nuageo.fr/2017/04/ecosysteme-confiance-cloud/]]|Trust|
|2017.04.04|//Microsoft//|![[Shared Responsibilities for Cloud Computing|http://aka.ms/sharedresponsibility]] ([[.pdf|https://gallery.technet.microsoft.com/Shared-Responsibilities-81d0ff91/file/153019/2/Shared%20Responsibilities%20for%20Cloud%20Computing%20(2017-04-03).pdf]])|Governance|
|2017.04.03|//PwC// & //BAE Systems//|[[Operation Cloud Hopper|https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html]]|Attacks APT Cloud_Hopper|
|2017.04.03|//PwC// & //BAE Systems//| → [[Operation Cloud Hopper (pdf)|https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf]]|Attacks APT Cloud_Hopper|
|2017.04.03|//PwC// & //BAE Systems//| → [[Operation Cloud Hopper - Annex A: Indicators of Compromise (pdf)|https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-indicators-of-compromise-v2.2.pdf]]|Attacks APT Cloud_Hopper|
|2017.04.03|//PwC// & //BAE Systems//| → [[Operation Cloud Hopper - Annex B: Technical Annex (pdf)|https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf]]|Attacks APT Cloud_Hopper|
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2017.03.12|//Rancher Labs//|[[Your Guide to Container Security|https://rancher.com/complete-guide-container-security/]]|Containers|
|2017.03.27|//AWS//|![[How to Help Protect Dynamic Web Applications Against DDoS Attacks by Using Amazon CloudFront and Amazon Route 53|https://aws.amazon.com/blogs/security/how-to-protect-dynamic-web-applications-against-ddos-attacks-by-using-amazon-cloudfront-and-amazon-route-53/]]|DDoS Protection|
|2017.03.27|Make Use Of|![[Yes, Ransomware Can Encrypt Your Cloud Storage|https://www.makeuseof.com/tag/cloud-drive-ransomware/]]|Attacks Ransomware|
|2017.03.22|TechRepublic|[[Docker: A cheat sheet|https://www.techrepublic.com/article/docker-the-smart-persons-guide/]]|Docker|
|2017.03.20|SANS|[[Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017|https://www.sans.org/reading-room/whitepapers/analyst/cyber-security-trends-aiming-target-increase-security-2017-37702]]|Analysis Misc.|
|2017.03.13|SANS|[[Cloud Security Monitoring|https://www.sans.org/reading-room/whitepapers/cloud/cloud-security-monitoring-37672]]|Analysis Misc.|
|2017.03.12|//Aqua Security//|[[Security Best Practices for Kubernetes: Redux|https://blog.aquasec.com/security-best-practices-for-kubernetes-redux]] ([[slides|https://www.slideshare.net/MichaelCherny]])|K8s|
|2017.03.09|//Outpost24//|[[The 3 Main Security Risks in IaaS Cloud|https://outpost24.com/blog/3-main-security-risks-in-IaaS-cloud]]|Risks IaaS|
|2017.03.09|//AlienVault//|[[11 Simple Yet Important Tips to Secure AWS|https://www.alienvault.com/blogs/security-essentials/11-simple-yet-important-tips-to-secure-aws]]|AWS Best_Practices|
|2017.03.08|//Nuageo//[>img[iCSF/flag_fr.png]]|![[Black-out AWS : le Cloud au ras-du-sol ?|https://www.nuageo.fr/2017/03/black-out-aws-cloud-ras-sol/]]|AWS Outage|
|2017.03.06|//Aqua Security//|[[Don't Leave Your Keys Exposed: Lessons from IBM Privilege Escalation Flaw|https://blog.aquasec.com/dont-leave-your-keys-exposed-lessons-from-ibm-privilege-escalation-flaw]]|Docker IBM Flaw|
|2017.03.03|The Verge|[[How a typo took down S3, the backbone of the internet|https://www.theverge.com/2017/3/2/14792442/amazon-s3-outage-cause-typo-internet-server]]|Outage AWS|
|2017.03.02|Infosec Island|[[Security Policies Matter for Disaster Recovery|http://www.infosecisland.com/blogview/24889-Security-Policies-Matter-for-Disaster-Recovery.html]]|Cloud Misc.|
|2017.02.02|//Aqua Security//|[[The Challenges of Docker Secrets Management|https://blog.aquasec.com/managing-secrets-in-docker-containers]]|Docker|
|!Février|!Sources|!Titres et Liens|!Keywords|
|2017.02.23|//Cloudflare//|![[Incident report on memory leak caused by Cloudflare parser bug|https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/]]|CloudBleed Flaws|
|2017.02.27|//Skyhigh Networks//| → [[Cloudbleed: This Time, We Were Ready|https://www.skyhighnetworks.com/cloud-security-blog/cloudbleed-this-time-we-were-ready/]]|CloudBleed|
|2017.03.03|//Skyhigh Networks//| → [[Cloudbleed Technical Analysis|https://www.skyhighnetworks.com/cloud-security-blog/cloudbleed-technical-analysis/]]|CloudBleed|
|2017.02.21|//Twistlock//|[[Trusted images: Integral to Container Security|https://www.twistlock.com/2017/02/21/integral-container-security/]]|Containers|
|2017.02.16|Infosec Island|[[When Ransomware Strikes: Does Your Company Have a Data Disaster Recovery Plan?|http://www.infosecisland.com/blogview/24882-When-Ransomware-Strikes-Does-Your-Company-Have-a-Data-Disaster-Recovery-Plan.html]]|Cloud Misc|
|2017.02.17|//Rancher Labs//|[[Playing Catch-up with Docker and Containers|https://rancher.com/playing-catch-docker-containers/]]|Docker Containers|
|2017.02.11|//Microsoft//|[[Data Classification for Cloud Readiness|https://gallery.technet.microsoft.com/Data-Classification-for-51252f03]] ([[rapport (pdf)|https://gallery.technet.microsoft.com/Data-Classification-for-51252f03/file/172083/1/Data%20Classification%20for%20Cloud%20Readiness%20(2017-04-11).pdf]])|Governance|
|2017.02.08|NCSC UK|[[Debunking cloud security myths|https://www.ncsc.gov.uk/blog-post/debunking-cloud-security-myths]]|Misc|
|2017.02.07|//Microsoft//|[[Microsoft Azure Responses to CSA Consensus Assessments Initiative Questionnaire|https://gallery.technet.microsoft.com/Azure-Responses-to-CSA-46034a11]] ([[pdf|https://gallery.technet.microsoft.com/Azure-Responses-to-CSA-46034a11/file/155556/1/Azure%20Responses%20to%20CSA%20CAIQ%20301.pdf]])|Azure CAIQ|
|2017.02.07|//Microsoft//|[[Microsoft Azure Security Response in the Cloud|https://gallery.technet.microsoft.com/Azure-Security-Response-in-dd18c678]] ([[pdf|https://gallery.technet.microsoft.com/Azure-Security-Response-in-dd18c678/file/150826/4/Microsoft%20Azure%20Security%20Response%20in%20the%20cloud.pdf]])|Azure Incidents|
|2017.02.07|//Microsoft//|[[13 Effective Security Controls for ISO 27001 Compliance|https://gallery.technet.microsoft.com/13-Effective-Security-72447e11]] ([[pdf|https://gallery.technet.microsoft.com/13-Effective-Security-72447e11/file/155885/1/13%20Effective%20Security%20Controls%20for%20ISO%2027001%20Compliance.pdf]])|Compliance|
|2017.02.07|//Microsoft//|[[14 Cloud Security Controls for UK cloud Using Microsoft Azure|https://gallery.technet.microsoft.com/14-Cloud-Security-Controls-670292c1]]|Azure Controls|
|2017.02.07|//Twistlock//|[[Three Pillars of Intent-Based Security for Containers|https://www.twistlock.com/2017/02/01/intent-based-security/]]|Containers|
|2017.02....|ComputerWeekly|[[Why Azure developers need security skills|https://www.computerweekly.com/opinion/Why-Azure-developers-need-security-skills]]|Misc|
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
[>img(100px,auto)[iCSA_/17-EASASMDP.jpg]]__''Establishing a Safe and Secure Municipal Drone Program''__
__Lien : __
* ⇒ téléchargement : https://cloudsecurityalliance.org/artifacts/establishing-a-safe-and-secure-municipal-drone-program/
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|2017.01.31|//Backblaze//|[[Backblaze Hard Drive Stats for 2016|https://www.backblaze.com/blog/hard-drive-benchmark-stats-2016/]]|Reliability|
|2017.01.30|//Optiv//|![[Cloud Powered Without Compromise|https://www.optiv.com/blog/cloud-powered-without-compromise]]|Risks|
|2017.01.24|//Slack//|[[Slack's approach to security (pdf)|https://slack.com/img/security_ent/Security_White_Paper.pdf]]|Governance|
|2017.01.24|//Slack//| → [[How we handle security at Slack|https://slackhq.com/how-we-handle-security-at-slack]]|Misc|
|2017.01.21|Cryptographic Engineering|[[Zero Knowledge Proofs: An illustrated primer|https://blog.cryptographyengineering.com/2017/01/21/zero-knowledge-proofs-an-illustrated-primer-part-2/]] (2/2)|Cryptography Zero_Trust|
|2017.01.18|//BishopFox Labs//|![[In the News: A BGP Hijacking Technical Post-Mortem|https://labs.bishopfox.com/tech-blog/2017/01/in-the-news-a-bgp-hijacking-technical-post-mortem]] |!BGP|
|2017.01.12|//Skyhigh Networks//|[[The Science of Detecting Insider Threats in the Cloud|https://www.skyhighnetworks.com/cloud-security-blog/the-science-of-detecting-insider-threats-in-the-cloud/]]|InsiderThreat Detect|
|2017.01.10|//Rancher//|[[Moving Containers to Production - A Short Checklist|https://rancher.com/moving-containers-to-production-a-short-checklist/]]|Containers|
|2017.01.05|//SecludIT//|[[Qu'est ce que la sécurité de Cloud Workload ?|https://secludit.com/blog/securite-de-cloud-workload/]]|Workloads|
|2017.01.05|//Outpost24//|[[What is Cloud Workload Security?|https://outpost24.com/blog/what-is-cloud-workload-security]]|Workloads|
|2017.01.04|Medium|[[Dockerfile security tuneup|https://medium.com/microscaling-systems/dockerfile-security-tuneup-166f1cdafea1]]|Docker|
|2017.01.03|//Securosis//|![[Tidal Forces: The Trends Tearing Apart Security As We Know It|https://securosis.com/blog/tidal-forces-the-trends-tearing-apart-security-as-we-know-it]] |Impacts|
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|2016.12.27|CircleID|[[Edge Computing, Fog Computing, IoT, and Securing Them All|http://www.circleid.com/posts/20161227_edge_computing_fog_computing_iot_and_securing_them_all/]] |Fog_Computing|
|2016.12.26|//Aqua Security//|[[Cisco CloudCenter: Docker Privilege Escalation Vulnerability Explained|https://blog.aquasec.com/cisco-cloudcenter-orchestrator-docker-privilege-escalation-vulnerability-explained]]|Docker Flaw|
|2016.12.22|//Skyhigh Networks//|[[How to Detect a Data Exfiltration Threat in a Custom App|https://www.skyhighnetworks.com/cloud-security-blog/how-to-detect-a-data-exfiltration-threat-in-a-custom-app/]]|Detect|
|2016.12.20|//Aqua Security//|![[10 Key Security Terms DevOps Need to Know|https://blog.aquasec.com/10-key-security-terms-devops-need-to-know]]|Thesaurus|
|2016.12.14|Medium|[[Why Kubernetes is Abbreviated k8s|https://medium.com/@rothgar/why-kubernetes-is-abbreviated-k8s-905289405a3c]]|K8s|
|2016.12.15|//Tripwire//|[[Phishing Attack Uses Punycode to Try to Steal Office 365 Credentials|https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/phishing-attack-uses-punycode-to-try-to-steal-office-365-business-credentials/]]|O365 Attack|
|2016.12.14|DZone|[[Adopt a Cloud Security Maturity Model|https://dzone.com/articles/adopt-a-cloud-security-maturity-model]]|Maturity_Model|
|2016.12.14|Infosec Island|[[Top 10 Cloud and Security Predictions for 2017|http://www.infosecisland.com/blogview/24860-Top-10-Cloud-and-Security-Predictions-for-2017.html]]|Cloud Misc.|
|2016.12.14|//Threat Stack//|[[Threat Stack Cloud Security Use Case Playbook|https://resources.threatstack.com/ebooks/cloud-security-use-cases]] (après inscription)|Playbook|
|2016.12.13|//Aqua Security//|[[The Year That Was (Almost) - 10 Milestones in The Container Ecosystem|https://blog.aquasec.com/2016-milestones-in-the-container-ecosystem]]|Containers|
|2016.12.11|Douglas Muth|[[How to Undelete Files in Amazon S3|https://www.dmuth.org/how-to-undelete-files-in-amazon-s3/]]|AWS|
|2016.12.08|//Aqua Security//|[[Docker Images Vulnerability Scanning on a Massive Scale|https://blog.aquasec.com/scanning-docker-images-on-a-massive-scale]] ([[vidéo|https://youtu.be/FXO2gt7Ni_s]])|Containers Scanning|
|2016.12.02|Infosec Island|[[The Hidden Security Risks of Cloud APIs|http://www.infosecisland.com/blogview/24853-The-Hidden-Security-Risks-of-Cloud-APIs.html]]|Cloud Misc.|
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2016.11.22|SANS|[[Security Assurance of Docker Containers|https://www.sans.org/reading-room/whitepapers/cloud/security-assurance-docker-containers-37432]]|Analysis Misc.|
|2016.11.15|//Backblaze//|[[Hard Drive Stats for Q3 2016: Less is More|https://www.backblaze.com/blog/hard-drive-failure-rates-q3-2016/]]|Reliability|
|2016.11.15|//MacAfee//|[[8 criteria to ensure you select the right cloud service provider|https://www.cloudindustryforum.org/content/8-criteria-ensure-you-select-right-cloud-service-provider]]|Assessment|
|2016.11.13|//Skyhigh Networks//|''[[How to Detect Ransomware Attacking your Cloud Data Repositories|https://www.skyhighnetworks.com/cloud-security-blog/how-to-detect-ransomware-attacking-your-cloud-data-repositories/]]''|Ransomware Detect|
|2016.11.01|//Aqua Security//|![[Dirty COW Vulnerability: Impact on Containers|https://blog.aquasec.com/dirty-cow-vulnerability-impact-on-containers]]|Containers Vulnerability DirtyCow|
|2016.11...|ResearchGate|![[A survey on cloud forensics challenges and solutions|https://www.researchgate.net/publication/310514661_A_survey_on_cloud_forensics_challenges_and_solutions]]|Forensics|
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2016.10.25|Infosec Island|[[Winter Is Coming: Forget the Firewall and Layer Up|http://www.infosecisland.com/blogview/24839-Winter-Is-Coming-Forget-the-Firewall-and-Layer-Up.html]]|Cloud Misc.|
|2016.10.25|//Netwrix//|[[Complete Guide to Azure Active Directory Password Policy|https://blog.netwrix.com/2016/10/25/complete-guide-to-azure-active-directory-password-policy/]]|AzureAD|
|2016.10.20|Infosec Island|[[Minimize "Dwell Time" to Cut the Cost of Data Center Breaches|http://www.infosecisland.com/blogview/24835-Minimize-Dwell-Time-to-Cut-the-Cost-of-Data-Center-Breaches.html]]|Cloud Misc.|
|2016.10.13|//Oracle Cloud//|[[2016 IOUG Cloud Security Survey|http://www.ioug.org/d/do/6857]]|Report|
|2016.10.13|//Aqua Security//|[[Container Security Best Practices for Conscientious DevOps|https://blog.aquasec.com/container-security-best-practices-for-conscientious-devops]]|Containers Best_Practices|
|2016.10.10|SANS|[[Security and Accountability in the Cloud Data Center: A SANS Survey|https://www.sans.org/reading-room/whitepapers/analyst/security-accountability-cloud-data-center-survey-37327]]|Analysis Misc.|
|2016.10.06|CircleID|[[How to Handle an Outage Like a Pro|http://www.circleid.com/posts/20161006_how_to_handle_an_outage_like_a_pro/]] |Outage DNS|
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2016.09.22|//Odaseva//|[[In the New Cloud Economy, Big Data Rules and Business Continuity is the Newest Superhero|https://www.odaseva.com/blog/big-data-rules-business-continuity-newest-superhero/]]|BCP|
|2016.09.21|Infosec Island|[[Automating Access May Be Best for Remote Users |http://www.infosecisland.com/blogview/24822-Automating-Access-May-Be-Best-for-Remote-Users-.html]]|Cloud Misc.|
|2016.09.02|//Demisto//|[[Best practices for incident response in the age of cloud|https://www.networkworld.com/article/3116011/best-practices-for-incident-response-in-the-age-of-cloud.html]]|Incident_Response|
|2016.09.01|//Aqua Security//|[[Security Best Practices for Kubernetes Deployment|https://blog.aquasec.com/security-best-practices-for-kubernetes-deployment]]|K8s|
|!Août|!Sources|!Titres et Liens|!Keywords|
|2016.08.23|Kubernetes|[[Security Best Practices for Kubernetes Deployment|https://kubernetes.io/blog/2016/08/security-best-practices-kubernetes-deployment/]]|K8s Best_Practices|
|2016.08.23|Infosec Island|[[What Elements Are Needed for Security Analytics Success?|http://www.infosecisland.com/blogview/24812-What-Elements-Are-Needed-for-Security-Analytics-Success.html]]|Cloud Misc.|
|2016.08.17|Infosec Island|[[What the Auto Industry Can Learn from Payments Sector about Cybersecurity|http://www.infosecisland.com/blogview/24807-What-the-Auto-Industry-Can-Learn-from-Payments-Sector-about-Cybersecurity.html]]|Cloud Misc.|
|2016.08.17|Raspberry Pi Foundation|[[Docker comes to Raspberry Pi|https://www.raspberrypi.org/blog/docker-comes-to-raspberry-pi/]]|Docker RaspberryPi|
|2016.08.17|NCSC UK|[[Separation and cloud security|https://www.ncsc.gov.uk/guidance/separation-and-cloud-security]]|Best_Practices|
|2016.08.15|//Aqua Security//|[[Docker Image Security: Do It Early, Often, and Continuously|blog]]|Docker|
|2016.08.04|//MacAfee//|[[17 Security Criteria to Look at When Evaluating a Cloud Service|https://www.skyhighnetworks.com/cloud-security-blog/17-security-criteria-to-look-at-when-evaluating-a-cloud-service/]] ([[document|https://info.skyhighnetworks.com/Cloud-Service-Security-Assessment-Checklist-MFE.html]])|Assessment|
|2016.08.04|SANS|[[Changing the Perspective of Information Security in the Cloud: Cloud Access Security Brokers and Cloud Identity and Access Management|https://www.sans.org/reading-room/whitepapers/cloud/changing-perspective-information-security-cloud-cloud-access-security-brokers-cloud-identity-access-management-37150]]|Analysis Misc.|
|2016.08.02|//Backblaze//|[[Hard Drive Stats for Q2 2016|https://www.backblaze.com/blog/hard-drive-failure-rates-q2-2016/]]|Reliability|
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|2016.07.26|//Aqua Security//|[[Vine's Docker Registry "Hack": A Bad Case of RTFM|https://blog.aquasec.com/vines-docker-registry-hack-a-bad-case-of-rtfm]]|Attack Vine|
|2016.07.25|Infosec Island|[[PaloAlto Networks Webinar: Five Steps to a Secure Hybrid Architecture|http://www.infosecisland.com/blogview/24792-Palo-Alto-Networks-Webinar-Five-Steps-to-a-Secure-Hybrid-Architecture.html]]|Cloud Misc.|
|2016.07.22|//4D//|[[Should your Company Trust the Public Cloud?|https://www.4d-dc.com/insight/trust-the-public-cloud]]|Trust|
|2016.07.13|//CEIS//|[[Strategic Notes - Anticipating Risks and Adopting Cloud Computing with Confidence|https://ceis.eu/en/strategic-notes-anticipating-risks-and-adopting-cloud-computing-with-confidence/]] (rapport [[pdf|http://ceis.eu/wp-content/uploads/2016/07/note-strategique-anticipating-risks-and-adopting-cloud-computing-with-confidence.pdf]])|Risks|
|2016.07.06|//Aqua Security//|[[6 (More) Free Docker Tools to Make Container Deployments Easier|https://blog.aquasec.com/6-more-free-tools-to-make-your-docker-container-deployments-faster]]|Docker|
|2016.07.04|//Aqua Security//|[[Running a Security Service in Google Cloud - Real World Example|https://blog.aquasec.com/running-a-security-service-in-google-cloud-real-world-example]] ([[slides|https://www.slideshare.net/MichaelCherny/running-security-service-in-gcloud]])|Containers|
|!Juin|!Sources|!Titres et Liens|!Keywords|
|2016.06.29|arXiv.org|[[New framework model to secure Cloud data storage|https://arxiv.org/ftp/arxiv/papers/2001/2001.08575.pdf]]|Storage|
|2016.06.23|Medium|''[[Dockerized Pwnage|https://medium.com/@omercnet/dockerized-pwnage-f4cacecfb129]]''|Docker|
|2016.06.14|CircleID|[[Who Is Responsible for Your Application's Security?|http://www.circleid.com/posts/20160614_who_is_responsible_for_your_applications_security/]] |Shared_Responsibility|
|2016.06.08||[[A History of Virtualization (pdf)|https://www.newera.com/INFO/History_of_Virtualization.pdf]]|Virtualization|
|2016.06.07|DZone|''[[The Top 7 AWS Security Issues: What You Need to Know|https://dzone.com/articles/the-top-7-aws-security-issues-what-you-need-to-kno]]''|AWS Risks|
|2016.06.07|Infosec Institute|[[Data Sanitization for Cloud Storage|https://resources.infosecinstitute.com/data-sanitization-for-cloud-storage/]]|Sanitization|
|2016.06.06|//Deloitte//|[[Pen testing cloud-based apps: A step-by-step guide|https://techbeacon.com/enterprise-it/pen-testing-cloud-based-apps-step-step-guide]]|PenTesting|
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2016.05.17|//Backblaze//|[[One Billion Drive Hours and Counting: Q1 2016 Hard Drive Stats|https://www.backblaze.com/blog/hard-drive-reliability-stats-q1-2016/]]|Reliability|
|2016.05.12|SciencePG|[[Using Fully Homomorphic Encryption to Secure Cloud Computing|http://article.sciencepublishinggroup.com/html/10.11648.j.iotcc.20160402.12.html]]Homomorphic_Encryption|
|2016.05.10|UK Essays|[[The History Of Virtualization Information Technology Essay|https://www.ukessays.com/essays/information-technology/the-history-of-virtualization-information-technology-essay.php]]|Virtualization|
|2016.05.10|Docker|[[Docker Security Scanning safeguards the container content lifecycle|https://blog.docker.com/2016/05/docker-security-scanning/]]|Docker|
|2016.05.09|Infosec Island|[[Cloud Security Can't Be Ignored Anymore, Thanks to Millennials|http://www.infosecisland.com/blogview/24757-Cloud-Security-Cant-Be-Ignored-Anymore-Thanks-to-Millennials.html]]|Cloud Misc.|
|2016.05.11|//Aqua Security//|[[Top 10 #Container Influencers to Follow on Twitter|https://blog.aquasec.com/top-10-container-influencers-to-follow-on-twitter]]|Containers|
|2016.05.06|SANS|[[Full Packet Capture Infrastructure Based on Docker Containers|https://www.sans.org/reading-room/whitepapers/cloud/full-packet-capture-infrastructure-based-docker-containers-36977]]|Analysis Misc.|
|2016.05.05|GigaMon|[[Bringing More Security to OpenStack Clouds with Tap as a Service|https://blog.gigamon.com/2016/05/05/bringing-security-openstack-clouds-tap-service/]]|Misc|
|2016.05.03|Infosec Island|[[The Role of CASBs in Protection Against the 2016 "Treacherous 12"|http://www.infosecisland.com/blogview/24755-The-Role-of-CASBs-in-Protection-Against-the-2016-Treacherous-12.html]]|Cloud Misc.|
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2016.04.28|//Microsoft//|[[What Does Shared Responsibility in the Cloud Mean?|https://blogs.msdn.microsoft.com/azuresecurity/2016/04/18/what-does-shared-responsibility-in-the-cloud-mean/]]|Misc|
|2016.04.27|SANS|[[Cloud Security Framework Audit Methods |https://www.sans.org/reading-room/whitepapers/cloud/cloud-security-framework-audit-methods-36922]]|Analysis Misc.|
|2016.04.26|//Aqua Security//|![[Docker 1.11 and CIS Benchmark: What's New in Security?|https://blog.aquasec.com/docker-1.11-and-cis-benchmark-whats-new-in-security]]|Containers|
|2016.04.21|SANS|[[Incident Response in Amazon EC2: First Responders Guide to Security Incidents in the Cloud|https://www.sans.org/reading-room/whitepapers/cloud/incident-response-amazon-ec2-first-responders-guide-security-incidents-cloud-36902]]|Analysis Misc.|
|2016.04.14|//Netwrix//|[[What You Need to Know About Cloud Storage Security Breaches|https://blog.netwrix.com/2016/04/15/what-you-need-to-know-about-cloud-storage-security-breaches/]]|Storage Data_Breach|
|2016.04.14|//Microsoft//|[[Microsoft Incident Response and shared responsibility for cloud computing|https://azure.microsoft.com/en-us/blog/microsoft-incident-response-and-shared-responsibility-for-cloud-computing/]]|Misc|
|2016.04.13|//Aqua Security//|[[Six Free Tools to Make Your Container Deployments Easier|https://blog.aquasec.com/six-free-tools-to-make-your-container-deployments-easier]]|Containers|
|2016.04.13|//Threat Stack//|[[Cloud Security Playbook: Strategies & Best Practices for Today's Volatile Threat Landscape|https://resources.threatstack.com/ebooks/cloud-security-playbook]] (après inscription)|Playbook|
|2016.04.12|Infosec Island|[[Cloud Email Applications Could Put Your Corporate Data at Risk|http://www.infosecisland.com/blogview/24740-Cloud-Email-Applications-Could-Put-Your-Corporate-Data-at-Risk.html]]|Cloud Misc.|
|2016.02.10|SANS|[[Implementing the Critical Security Controls in the Cloud|https://www.sans.org/reading-room/whitepapers/cloud/implementing-critical-security-controls-cloud-36725]]|Analysis Misc.|
|2016.04.08|SecurityWeek|''[[Cloud App Security - Microsoft's Very Own CASB|https://www.securityweek.com/cloud-app-security-microsofts-very-own-casb]]''|CASB|
|2016.04.05|Infosec Island|[[Five Key Security Questions to Ask Your Enterprise Communications Vendor|http://www.infosecisland.com/blogview/24738-Five-Key-Security-Questions-to-Ask-Your-Enterprise-Communications-Vendor.html]]|Cloud Misc.|
|2016.04.04|Infosec Island|[[Protecting Yourself (and Your Organization) from Ransomware|http://www.infosecisland.com/blogview/24737-Protecting-Yourself-and-Your-Organization-from-Ransomware.html]]|Cloud Misc.|
|2016.04.03|//Aqua Security//|[[The known knowns - the importance of ongoing security scans for containers|https://blog.aquasec.com/the-known-unknowns-the-importance-of-ongoing-security-scans-for-containers]]|Containers|
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2016.03.24|Infosec Island|[[Encryption and Privacy Debates Highlight Serious Challenges for Both Consumers and Businesses|http://www.infosecisland.com/blogview/24715-Encryption-and-Privacy-Debates-Highlight-Serious-Challenges-for-Both-Consumers-and-Businesses.html]]|Cloud Misc.|
|2016.03.23|//Aqua Security//|[[The Challenges of Bridging Containers and the Cloud|https://blog.aquasec.com/challenges-to-bridging-containers-and-the-cloud]] (2/2)|Containers|
|2016.03.14|Infosec Island|[[March Madness Security Threats Can Drive Any Organization Mad!|http://www.infosecisland.com/blogview/24711-March-Madness-Security-Threats-Can-Drive-Any-Organization-Mad.html]]|Cloud Misc.|
|2016.03.07|//Skyhigh Networks//|[[620 Cloud Services Still Vulnerable to DROWN One Week After Disclosure|https://www.skyhighnetworks.com/cloud-security-blog/620-cloud-services-still-vulnerable-to-drown-one-week-after-disclosure/]]|Vulnerability DROWN|
|2016.03.03|//Aqua Security//|[[Docker 1.10 Security Features, Part 3: User Namespace|https://blog.aquasec.com/docker-1.10-user-namespace]] (3/3)|Docker|
|2016.03.01|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Drown : la faille qui met en danger un tiers des serveurs HTTPS|https://www.silicon.fr/drown-faille-danger-tiers-serveurs-https-140674.html]]|Vulnerability DROWN|
|2016.03.01|OpenSSL|[[An OpenSSL User's Guide to DROWN|https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/]]|Vulnerability DROWN|
|2016.03.01|Federal News Network|[[Cloud in Government: Promise and Practice|https://federalnewsnetwork.com/federal-insights/2016/03/cloud-in-government-promise-and-practice/]]|Government|
|2016.03....|ComputerWeekly|[[Are cloud users worrying about nothing when it comes to data sovereignty?|https://www.computerweekly.com/opinion/Are-cloud-users-worrying-about-nothing-when-it-comes-to-data-sovereignty]]|Misc|
|!Février|!Sources|!Titres et Liens|!Keywords|
|2016.02.26|//Aqua Security//|[[Docker 1.10 Security Features, part 2: Authorization Plug-In|https://blog.aquasec.com/docker-1.10-security-features-part-2-authorization-plug-in]] (2/3)|Docker|
|2016.02.22|Infosec Island|[[Bringing Innovation into Cyberdefense Technologies|http://www.infosecisland.com/blogview/24705-Bringing-Innovation-into-Cyberdefense-Technologies.html]]|Cloud Misc.|
|2016.02.17|Infosec Island|[[Yes. The World Needs More Security Predictions|http://www.infosecisland.com/blogview/24703-Yes-The-World-Needs-More-Security-Predictions.html]]|Cloud Misc.|
|2016.02.16|//Backblaze//|[[Hard Drive Reliability Review for 2015|https://www.backblaze.com/blog/hard-drive-reliability-q4-2015/]]|Reliability|
|2016.02.16|//Planful//|[[Fake vs. Real Cloud: Why it Matters|https://planful.com/blog/fake-vs-real-cloud-why-it-matters/]]|Misc|
|2016.02.10|//Aqua Security//|[[New Docker Security Features and What They Mean: Seccomp Profiles|https://blog.aquasec.com/new-docker-security-features-and-what-they-mean-seccomp-profiles]] (1/3)|Docker|
|2016.02.10|//CloudAcademy//|[[Amazon S3 Security: master S3 bucket polices and ACLs|https://cloudacademy.com/blog/amazon-s3-security-master-bucket-polices-acls/]]|AWS S3 ACL|
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|2016.01.28|Infosec Island|[[Five Security Threats Businesses Should Prepare for in 2016|http://www.infosecisland.com/blogview/24696-Five-Security-Threats-Businesses-Should-Prepare-for-in-2016.html]]|Cloud Misc.|
|2016.01.19|//Aqua Security//|[[Cloud Operations Will Depend on Virtualized Containers in 2016|https://blog.aquasec.com/docker-cloud-operations-will-depend-on-virtualized-containers-in-2016]] (1/2)|Containers|
|2016.01.14|KrebsOnSecurity|[[Ransomware a Threat to Cloud Services, Too|https://krebsonsecurity.com/2016/01/ransomware-a-threat-to-cloud-services-too/]]|Attacks|
|>|!|>||
<<tiddler .ReplaceTiddlerTitle with: [[Veille Web - Année 2016]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Année 2016]]>>Pour 2016, aucun article n'est repris sur ce site pour le moment.
Consultez directement le blog sur le site original : https://blog.cloudsecurityalliance.org/
!!'Future Proofing the Connected World'
<<<
[>img(150px,auto)[iCSA/GA7PF.jpg]]//An IoT system is only as secure as its weakest link, this document is our attempt at providing actionable and useful guidance for securing the individual products that make up an IoT system - to raise the overall security posture of IoT products.
We hope that this document is found especially useful by those organizations that have begun transforming their existing products into IoT-enabled devices.
That is, manufacturers that do not have the background and experience to be aware of the myriad ways that bad guys may try to misuse their newly connected equipment.
These manufacturers are often told that there are shortcomings in their security strategy, but have not yet had a good reference guide to help them understand exactly what those shortcomings are and how to fix them.
We also hope that those in the startup communities will find this guide useful.
Startups in the connected product/system space are challenged with getting their products to market quickly.
Finding the right talent to help secure those products early in the development cycle is not an easy task.
This document provides a starting point for creating a security strategy that we hope will help mitigate at least the most pressing threats to both consumer and business IoT products.//
<<<
__Lien : __
* ⇒ téléchargement : https://cloudsecurityalliance.org/artifacts/future-proofing-the-connected-world/
/% [>img(100px,auto)[iCSA_/16-FPTCW.jpg]]__''Future Proofing the Connected World''__
Table of Contents
* Forward
* Introduction
* Document Scope
* The Need for IoT Security
* Why Development Organizations Should Care About Securing IoT Products
* Guidance for Secure IoT Development
** 1. Start with a Secure Development Methodology
** 2. Implement a Secure Development and Integration Environment
** 3. Identify Framework and Platform Security Features
** 4. Establish Privacy Protections
** 5. Design in Hardware-based Security Controls
** 6. Protect Data
** 7. Secure Associated Applications and Services
** 8. Protect Logical Interfaces/APIs
** 9. Provide a Secure Update Capability
** 10. Implement Authentication, Authorization and Access Control Features
** 11. Establish a Secure Key Management Capability
** 12. Provide Logging Mechanisms
** 13. Perform Security Reviews (Internal and External)
* Appendix A - Categorizing IoT Devices
* Appendix B - References
* Appendix B - References
* [1] http://www.securityweek.com/serious-security-flaws-found-hospira-lifecare-drug-pumps
* [2] http://www.devttys0.com/2012/11/reverse-engineering-serial-ports/
* [3] Y.2060. Overview of the Internet of things. International Telecommunications Union (ITU-T), 6/2012. Available at https://www.itu.int/rec/T-REC-Y.2060-201206-I
* [4] https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf
* http://devops.com/2014/10/13/devops-iot/
* http://www.itproportal.com/2015/05/05/what-internet-of-things-means-for-devops/
* http://theagileadmin.com/what-is-devops/
* http://techcrunch.com/2015/05/15/what-is-devops/#.2rzef7r:5XYN
* [10] http://www.informationweek.com/mobile/mobile-applications/11-iot-programming-languages-worth-knowing/d/d-id/1319375?image_number=1
* http://www.emdt.co.uk/daily-buzz/how-deal-it-security-threats-connected-medical-devices
* http://www.adlawbyrequest.com/wp-content/uploads/sites/491/2015/01/IOT-Report-Lah-1.29.15.pdf
* [20]
* http://www.ti.com/lit/wp/slay041/slay041.pdf
* [21]
* http://micrium.com/iot/iot-rtos/
* [22] H. Ning and H. Liu, "Cyber-Physical-Social Based Security Architecture for Future Internet of Things", Advances in Internet of Things, vol. 02, no. 01, pp. 1-7, 2012.
* [23] PubNub, "A New Approach to IoT Security", 2015.
* [24] Wind River, "SECURITY IN THE INTERNET OF THINGS", 2015.
* Appendix C - IoT Standards and Guidance Organizations
* Appendix D - Other Guidance Documents
%/
!!'Mobile Application Security Testing'
<<<
[>img(150px,auto)[iCSA/G6UPM.jpg]]//The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications.
MAST aims define a framework for secure mobile application development, achieving privacy and security by design.
Implementation of MAST will result in clearly articulated recommendations and best practices in the use of mobile applications.
Mobile application security testing and vetting processes utilized through MAST involve both static and dynamic analyses to evaluate security vulnerabilities of mobile applications for platforms such as Android, iOS and Windows.
These processes cover permissions, exposed communications, potentially dangerous functionality, application collusion, obfuscation, excessive power consumption and traditional software vulnerabilities.
It also covers internal communications such as debug flag and activities and external communications such as GPS, NFC access as well as checking the links that are written in the source code.
In addition to security testing and vetting, the initiative has also proposed processes and procedures for security incidence response.
The use of mobile applications has become unavoidable, almost a necessity, in today's world.//
<<<
__Lien : __
* ⇒ téléchargement : https://cloudsecurityalliance.org/artifacts/mobile-application-security-testing/
!"//Conférence 'SecureCloud 2016'//"
La conférence s'est tenue les 24 et 25 juin à l'Aviva Stadium de Dubin, en Irlande.
Les présentations sont maintenant disponibles.
__Liens :__
* Site et présentationss → https://csacongress.org/event/securecloud-2016/
* Annonce ENISA ⇒ https://www.enisa.europa.eu/events/secure-cloud-2016
!"The Treacherous Twelve Cloud Computing Top Threats in 2016"
__''Description :''__[>img(150px,auto)[iCSA_/2016-treacherous-twelve-top-threats.jpg]]
Ajout de 3 nouvelles menaces critiques pour 2016 :
* 1. //Data Breaches//
* 2. //Weak Identity, Credential and Access Management// (Nouveau)
* 3. //Insecure APIs//
* 4. //System and Application Vulnerabilities// (Nouveau)
* 5. //Account Hijacking//
* 6. //Malicious Insiders//
* 7. //Advanced Persistent Threats (APTs)// (Nouveau)
* 8. //Data Loss//
* 9. //Insufficient Due Diligence//
* 10. //Abuse// and Nefarious Use //of Cloud Services//
* 11. //Denial of Service//
* 12. //Shared Technology Issues//
__Liens :__
* Annonce → https://cloudsecurityalliance.org/download/the-treacherous-twelve-cloud-computing-top-threats-in-2016/
* Document PDF → https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf
|[img(150px,auto)[iCSA_/CSA-StateCloud2016.jpg]]|* Date : 27 février 2016
* Page de téléchargement : https://cloudsecurityalliance.org/download/state-of-cloud-security-2016/
* Lien direct : https://downloads.cloudsecurityalliance.org/assets/board/CSA-GEAB-State-of-Cloud-Security-2016.pdf |
!The State of Enterprise Resource Planning Security in the Cloud
[>img(150px,auto)[iCSA/G27PT.jpg]]Publication du 7 février 2018
> //The State of ERP Security in the Cloud briefly highlights some of the issues and challenges of migrating ERP solutions to the cloud. The document examines common security and privacy risks that organizations might incur during a transition to the cloud, as well as how organizations have mitigated these hazards.//
__Lien :__
* Annonce → https://cloudsecurityalliance.org/download/enterprise-resource-planning-security-in-the-cloud/
* Téléchargement → https://cloudsecurityalliance.org/download/artifacts/enterprise-resource-planning-security-in-the-cloud/
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|2015.12.31|Surya Seetharaman|[[Ethical Issues of Cloud Computing|https://tssurya.wordpress.com/2015/12/31/ethical-issues-of-cloud-computing/]]|Ethics|
|2015.12.30|Infosec Institute|[[Cloud Computing: Attack Vectors and Counter Measures|https://resources.infosecinstitute.com/cloud-computing-attacks-vectors-and-counter-measures/]]|Attacks CounterMeasurement|
|2015.12.28|SANS|[[Moving Legacy Software and FOSS to the Cloud, Securely|https://www.sans.org/reading-room/whitepapers/cloud/moving-legacy-software-foss-cloud-securely-36567]]|Analysis Misc.|
|2015.12.22|Infosec Institute|[[Deep Packet Inspection in Cloud Containers|https://resources.infosecinstitute.com/deep-packet-inspection-in-cloud-containers/]]|Containers|
|2015.12.21|Infosec Island|[[What Do Star Wars and Recent Data Breaches Teach Us About Cyber Ethics?|http://www.infosecisland.com/blogview/24687-What-Do-Star-Wars-and-Recent-Data-Breaches-Teach-Us-About-Cyber-Ethics.html]]|Cloud Misc.|
|2015.12.16|Infosec Island|[[Cybersecurity Predictions for 2016|http://www.infosecisland.com/blogview/24685-Cybersecurity-Predictions-for-2016.html]]|Cloud Misc.|
|2015.12.16|MITRE CVE|''DROWN attack [[CVE-2016-0800|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800]] Local Command Execution Vulnerability''|CVE-2016-0800 DROWN|
|2015.12.16|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Olivier Rafal, PAC : "Deux Cloud souverains en France, c'était délirant !"|https://www.silicon.fr/rafal-pac-deux-cloud-souverains-france-delirant-133370.html]]|Sovereign_Cloud|
|2015.12.15|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud : clap de fin pour Numergy, récupéré par SFR|https://www.silicon.fr/cloud-fin-numergy-recupere-sfr-133076.html]]|Sovereign_Cloud|
|2015.12.14|Infosec Island|[[Why Companies Fail to Secure Their Web Apps |http://www.infosecisland.com/blogview/24683--Why-Companies-Fail-to-Secure-Their-Web-Apps-.html]]|Cloud Misc.|
|2015.12.14|//Imperva//|[[Top 10 Security Concerns for Cloud-Based Services|https://www.imperva.com/blog/top-10-cloud-security-concerns/]]|CSA Report|
|2015.12.08|Infosec Island|[[Playing Hide and Seek In the Cloud|http://www.infosecisland.com/blogview/24680-Playing-Hide-and-Seek-In-the-Cloud.html]]|Cloud Misc.|
|2015.12.07|Infosec Island|[[Managing Security Resources: It's All About People and Awareness (Part II)|http://www.infosecisland.com/blogview/24679-Managing-Security-Resources-Its-All-About-People-and-Awareness-Part-II.html]]|Cloud Misc.|
|2015.12.01|Infosec Island|[[Managing Security Resources: It's All About People and Awareness (Part I)|http://www.infosecisland.com/blogview/24676-Managing-Security-Resources-Its-All-About-People-and-Awareness-Part-I.html]]|Cloud Misc.|
|2015.12...|DROWN Attack| → [[DROWN Attack web site|https://drownattack.com/]]|CVE-2016-0800 DROWN|
|2015.12...|Wikipedia[>img[iCSF/flag_fr.png]]| → [[DROWN|https://fr.wikipedia.org/wiki/DROWN]]|CVE-2016-0800 DROWN|
|2015.12...|Wikipedia| → [[DROWN attack|https://en.wikipedia.org/wiki/DROWN_attack]]|CVE-2016-0800 DROWN|
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2015.11.20|Infosec Institute|[[Security Vulnerabilities in Cloud Applications|https://resources.infosecinstitute.com/security-vulnerabilities-in-cloud-applications/]]|Flaws|
|2015.11.16|//Aqua Security//|[[The Race for Security: Can VMs and Containers Really Compete?|https://blog.aquasec.com/2015/11/16/the-race-for-security-can-vms-and-containers-really-compete/]]|VMs Containers|
|2015.11.10|SANS|[[Cloud Assessment Survival Guide|https://www.sans.org/reading-room/whitepapers/cloud/cloud-assessment-survival-guide-36427]]|Analysis Misc.|
|2015.11.09|//Bitglass//|[[The Four Pillars of CASB|https://www.bitglass.com/blog/the-four-pillars-of-casbs]]|CASB|
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2015.10.28|Infosec Institute|[[Analyzing the Internals of Cloud Applications|https://resources.infosecinstitute.com/analyzing-the-internals-of-cloud-applications/]]|Misc|
|2015.10.26|Infosec Institute|[[SecureDB Offers Encryption as a Service|https://resources.infosecinstitute.com/securedb-offers-encryption-as-a-service/]]|Encryption|
|2015.10.23|//Aqua Security//|[[DockerCon Embraces Container Security|https://blog.aquasec.com/2015/11/23/dockercon-embraces-container-security/]]|Docker|
|2015.10.22|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud souverain : Numergy dans l'impasse|https://www.silicon.fr/cloud-souverain-numergy-impasse-129611.html]]|Sovereign_Cloud|
|2015.10.19|RedZone Podcast|[[An Insider's Look at the Security of Microsoft Azure - Assume the Breach!|https://soundcloud.com/theredzonepodcast/an-insaciders-look-at-the-security-of-microsoft-azure-assume-the-breach-episode-28]] (podcast)|Misc.|
|2015.10.14|//Backblaze//|[[What Can 49,056 Hard Drives Tell Us? Hard Drive Reliability Stats for Q3 2015|https://www.backblaze.com/blog/hard-drive-reliability-q3-2015/]]|Reliability|
|2015.10.07|//BishopFox Labs//|[[Fishing the AWS IP Pool for Dangling Domains|https://labs.bishopfox.com/tech-blog/2015/10/fishing-the-aws-ip-pool-for-dangling-domains]]|AWS|
|2015.10.06|Infosec Island|[[How Well Do You Really Know Your Network?|http://www.infosecisland.com/blogview/24660-How-Well-Do-You-Really-Know-Your-Network.html]]|Cloud Misc.|
|2015.10.06|O'Reilly|![[Docker security|https://www.oreilly.com/ideas/docker-security]] report |Docker Report|
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2015.09.28|Infosec Island|[[The Necessity of Cloud Delivered Integrated Security Platforms|http://www.infosecisland.com/blogview/24658-The-Necessity-of-Cloud-Delivered-Integrated-Security-Platforms.html]]|Cloud Misc.|
|2015.09.23|//BishopFox Labs//|[[Stand Your Cloud #2: Host Server Hardening|https://labs.bishopfox.com/tech-blog/2015/09/stand-your-cloud-2-host-server-hardening]]|Hardening|
|2015.09.16|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Numergy lâché par l'Etat et SFR ? Le Pdg du Cloud souverain dément|https://www.silicon.fr/numergy-lache-etat-sfr-pdg-dement-126591.html]]|Sovereign_Cloud|
|2015.09.15|Infosec Institute|[[Establishing a Secure IPSec Connection to the Cloud Server|https://resources.infosecinstitute.com/establishing-a-secure-ipsec-connection-to-cloud-server/]]|Misc|
|!Août|!Sources|!Titres et Liens|!Keywords|
|2015.08.25|Jumploud|[[Requirements for a Good Cloud Directory|https://jumpcloud.com/blog/requirements-cloud-directory/]]|Directory|
|2015.08.24|//Intralinks//|[[Data Location in the Cloud: Understanding the Regulatory Issues|https://www.intralinks.com/blog/2015/08/data-location-cloud-understanding-regulatory-issues]]|Regulations Gartner|
|2015.08.20|Infosec Island|[[A Guide to AWS Security|http://www.infosecisland.com/blogview/24642-A-Guide-to-AWS-Security.html]]|Cloud Misc.|
|2015.08.17|//BishopFox Labs//|![[An Overview of BGP Hijacking|https://labs.bishopfox.com/blog/2015/08/an-overview-of-bgp-hijacking]] |!BGP|
|2015.08.11|//Managed Methods//|[[3 Steps to Control and Embrace Shadow IT|https://managedmethods.com/blog/3-steps-to-control-and-embrace-shadow-it/]]|Shadow_IT|
|2015.08.04|Infosec Island|[[Hackers and Threats: Cybercrime Syndicates Go Global|http://www.infosecisland.com/blogview/24633-Hackers-and-Threats-Cybercrime-Syndicates-Go-Global.html]]|Cloud Misc.|
|2015.08.01|The Journal of Internet Law|![[Cloud Computing, Export Controls and Sanctions|https://www.dechert.com/content/dam/dechert%20files/knowledge/publication/2015/8/CloudComputing.pdf]]|Legal|
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|2015.07.28|Techtarget|[[Lack of secure APIs can create IaaS risks|https://searchcloudsecurity.techtarget.com/tip/Lack-of-secure-APIs-can-create-IaaS-risks]]|Risks APIs|
|2015.07.28|//Backblaze//|[[Hard Drive Reliability Stats for Q2 2015|https://www.backblaze.com/blog/hard-drive-reliability-stats-for-q2-2015/]]|Reliability|
|2015.07.27|//Managed Methods//|[[Getting IT Done in the Shadows |https://managedmethods.com/blog/getting-it-done-in-the-shadows/]]|Shadow_IT|
|2015.07.13|//TrendMicro//|[[The implications of malware-as-a-service for enterprise IT|https://blog.trendmicro.com/the-implications-of-malware-as-a-service-for-enterprise-it/]]|MaaS|
|2015.07.06|Infosec Island|[[Cloud Security: It's in the Cloud - But Where? (Part III)|http://www.infosecisland.com/blogview/24622-Cloud-Security-Its-in-the-Cloud-But-Where-Part-III.html]]|Cloud Misc.|
|!Juin|!Sources|!Titres et Liens|!Keywords|
|2015.06.23|Infosec Island|[[Trouble In The Cloud?!|http://www.infosecisland.com/blogview/24610-Trouble-In-The-Cloud.html]]|Cloud Misc.|
|2015.06.22|Infosec Island|[[Cloud Security: It's in the Cloud - But Where? (Part II)|http://www.infosecisland.com/blogview/24607-Cloud-Security-Its-in-the-Cloud-But-Where-Part-II.html]]|Cloud Misc.|
|2015.06.15|Infosec Island|[[Cloud Security: It's in the Cloud - But Where? (Part I)|http://www.infosecisland.com/blogview/24591-Cloud-Security-Its-in-the-Cloud-But-Where-Part-I.html]]|Cloud Misc.|
|2015.06...|International Journal of Computer Science and Mobile Computing|[[Vulnerability, Threats And Its Countermeasure In Cloud Computing (pdf)|https://pdfs.semanticscholar.org/8406/2f6a6b34ecede5d1b87554323791669bdfeb.pdf]]|Vulnerabilities Threats CounterMeasurement|
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2015.05.27|//Managed Methods//|[[On-Premise Cloud Access Security|https://managedmethods.com/blog/on-premise-cloud-access-security/]]|Access_Controls|
|2015.05.26|Infosec Island|[[Cloud Security Monitoring … Revisited (aka It Is Not 2012 Anymore!)|http://www.infosecisland.com/blogview/24544-Cloud-Security-Monitoring--Revisited-aka-It-Is-Not-2012-Anymore.html]]|Cloud Misc.|
|2015.05.21|//Backblaze//|[[Hard Drive Reliability Stats for Q1 2015|https://www.backblaze.com/blog/hard-drive-reliability-q1-2015/]]|Reliability|
|2015.05.06|Infosec Island|[[5 Ways Schools Can Upgrade Cyber Security|http://www.infosecisland.com/blogview/24505-5-Ways-Schools-Can-Upgrade-Cyber-Security.html]]|Cloud Misc.|
|2015.05.06|Infosec Island|[[Embracing Cyber Resilience in Today's Cyber-Enabled World|http://www.infosecisland.com/blogview/24506-Embracing-Cyber-Resilience-in-Todays-Cyber-Enabled-World.html]]|Cloud Misc.|
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2015.04.30|DZone|[[7 Rules for Hybrid Cloud Architectures|https://dzone.com/articles/7-rules-hybrid-cloud]]|Hybrid_Cloud|
|2015.04.10|Infosec Island|[[Cybersecurity Trends for SMBs: Mobile, Security and the Cloud|http://www.infosecisland.com/blogview/24450-Cybersecurity-Trends-for-SMBs-Mobile-Security-and-the-Cloud.html]]|Cloud Misc.|
|2015.04.08|Infosec Island|[[The Cloud is Covered: VPNs Enhance Data Security in the Cloud|http://www.infosecisland.com/blogview/24444-The-Cloud-is-Covered-VPNs-Enhance-Data-Security-in-the-Cloud.html]]|Cloud Misc.|
|2015.04.07|Infosec Island|[[Security Reviews Critical to Cloud Migration|http://www.infosecisland.com/blogview/24442-Security-Reviews-Critical-to-Cloud-Migration.html]]|Cloud Misc.|
|2015.04.07|Infosec Island|[[Tomorrow's Forecast: Increasing Clouds. Extending Your Secure Identity Environment into the Cloud|http://www.infosecisland.com/blogview/24443-Tomorrows-Forecast-Increasing-Clouds-Extending-Your-Secure-Identity-Environment-into-the-Cloud.html]]|Cloud Misc.|
|2015.04.01|SANS|[[Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloud|https://www.sans.org/reading-room/whitepapers/cloud/proposal-standard-cloud-computing-security-slas-key-metrics-safeguarding-confidential-data-cloud-35872]]|Analysis Misc.|
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2015.03.28|//Slack//|''[[March 2015 security incident and the launch of Two Factor Authentication|https://slackhq.com/march-2015-security-incident-and-the-launch-of-two-factor-authentication]]''|Incident|
|2015.03.28|//Mauro Israel//[>img[iCSF/flag_fr.png]]|[[La sécurité du cloud|http://mauro-israel.over-blog.com/2015/03/la-securite-du-cloud.html]]|Risks|
|2015.03.24|Les Echos[>img[iCSF/flag_fr.png]]|[[Cloud souverain, un gâchis à la française|https://www.lesechos.fr/2015/02/cloud-souverain-un-gachis-a-la-francaise-1105856]]|Sovereign_Cloud France|
|2015.03.24|//Praetorian//|[[Navigating Today's Shared Security Responsibility Model in the Cloud|https://www.praetorian.com/blog/shared-security-responsibility-model-in-amazon-aws-cloud]]|AWS Shared_Responsibility|
|2015.03.21|Direction Générale des Entreprises[>img[iCSF/flag_fr.png]]|[[Acquisition par Orange de Cloudwatt|https://www.entreprises.gouv.fr/dge/acquisition-par-orange-cloudwatt]] ([[Communiqué .pdf|https://www.entreprises.gouv.fr/files/files/directions_services/secteurs-professionnels/numerique/cloud-computing.pdf]])|Sovereign_Cloud Cloudwatt|
|2015.03.20|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Orange confirme la reprise de 100% de CloudWatt|https://www.silicon.fr/orange-confirme-la-reprise-de-100-de-cloudwatt-111658.html]]|Sovereign_Cloud|
|2015.03.18|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloudwatt sur les rails de la croissance d'Orange Business Services|https://www.silicon.fr/cloudwatt-sur-les-rails-de-la-croissance-dorange-business-services-111309.html]]|Sovereign_Cloud Cloudwatt|
|2015.03.17|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Numergy et Cloudwatt : embrouilles sur le financement étatique|https://www.silicon.fr/numergy-et-cloudwatt-embrouilles-sur-le-financement-etatique-111295.html]]|Sovereign_Cloud Cloudwatt Numergy|
|2015.03.03|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Le faux départ du Cloud souverain (tribune)|https://www.silicon.fr/faux-depart-cloud-souverain-109780.html]]|Sovereign_Cloud|
|!Février|!Sources|!Titres et Liens|!Keywords|
|2015.02.03|//Optiv//|''[[Challenges of Computer Forensics in Cloud and Hosted Environments|https://www.optiv.com/blog/challenges-of-computer-forensics-in-cloud-and-hosted-environments]]''|Forensics|
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|2015.01.31|Surya Seetharaman|[[How to Tackle Threats to Cloud Security|https://tssurya.files.wordpress.com/2015/01/91-93_cloud-security-jan-15.pdf]] (pdf)|Threats|
|2015.01.20|CircleID|[[Top Cloud Management Trends: Adopt or Incur the Risk|http://www.circleid.com/posts/20150120_top_cloud_management_trends_adopt_or_incur_the_risk/]] |Risks|
|>|!|>||
<<tiddler .ReplaceTiddlerTitle with: [[Veille Web - Année 2015]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Année 2015]]>>Pour 2015, aucun article n'est[[ |.]]repris sur ce site pour le moment.
Consultez directement le blog sur le site original : https://blog.cloudsecurityalliance.org/
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
[>img(200px,auto)[iCSA_/15-IAAMFTIOT.jpg]]__''Identity and Access Management for the Internet of Things''__
__Lien : __
* ⇒ téléchargement : https://cloudsecurityalliance.org/artifacts/identity-and-access-management-for-the-iot/
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
[>img(100px,auto)[iCSA_/15-CFCMM.jpg]]__''Cloud Forensics Capability Maturity Model''__
__Lien : __
* ⇒ téléchargement : https://cloudsecurityalliance.org/artifacts/cloud-forensics-capability-model/
|[img(150px,auto)[iCSA/F6DPT.png]]|* Date : 13 juin 2015
* Page de téléchargement : https://cloudsecurityalliance.org/artifacts/the-mandate-for-meaningful-cyber-incident-sharing-for-the-cloud/
* Lien direct : https://downloads.cloudsecurityalliance.org/assets/research/cloud-cisc/downloads/Cloud-CISC-The-Mandate-for-Meaningful-Cyber-Incident-Sharing-for-the-Cloud.pdf |
[>img(200px,auto)[iCSA/F4KPN.png]]__''New Security Guidance for Early Adopters of the IoT''__
<<<
//This document is a product of the CSA Mobile Working Group — IoT Initiative. The document was created using inputs
from a number of security and mobility experts representing diverse industries. We have tried to incorporate references
and information from existing guidance in the field whenever possible in order to avoid duplication and promote
alignment with the work of other industry bodies.
The guidance in this document has been created in a manner that allows for usefulness across industries. This was
achieved by examining architectures across multiple industries and selecting security controls that would support each
industry.//
<<<
__Table des matières :__//
<<<
# Introduction
# Purpose
# IoT Threats to Individuals and Organizations
# Challenges to Secure IoT Deployments
# Recommended Security Controls
## Analyze privacy impacts to stakeholders and adopt a Privacy-by-Design approach to IoT development and deployment
## Apply a Secure Systems Engineering approach to architecting and deploying a new IoT System
## Implement layered security protections to defend IoT assets
## Implement data protection best practices to protect sensitive information
## Define Life Cycle Security Controls for IoT devices
## Define and implement an authentication/authorization framework for the Organization's IoT Deployments
## Define a Logging and Audit Framework for the Organization's IoT Ecosystem
# Future Efforts
## Standards
## Situational Awareness of the IoT Security Posture
## Information Sharing
## SDP and the IoT
## Privacy in the IoT Environment
# Appendix A: References
<<<
//__Lien : __
* ⇒ téléchargement : ''[[CloudSecurityAlliance.fr/go/i2di/|https://CloudSecurityAlliance.fr/go/i2di/]]''
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|2014.12.01|ISACA Journal|[[Data Owners' Responsibilities When Migrating to the Cloud|https://www.isaca.org/resources/isaca-journal/past-issues/2014/data-owners-responsibilities-when-migrating-to-the-cloud]]|Responsibility|
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2014.11.27|Cryptographic Engineering|[[Zero Knowledge Proofs: An illustrated primer|https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/]] (1/2)|Cryptography Zero_Trust|
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2014.10....|ComputerWeekly|[[Security Think Tank: Seven strategies for limiting cloud data leakage|https://www.computerweekly.com/opinion/Security-Think-Tank-Seven-strategies-for-limiting-cloud-data-leakage]]|Data_Leaks|
|2014.10.22|Netflix|[[FIT: Failure Injection Testing|https://medium.com/netflix-techblog/fit-failure-injection-testing-35d8e2a9bb2]]|Chaos_Engineering|
|2014.10.14|CIO|[[CIOs Face Cloud Computing Challenges, Pitfalls|https://www.cio.com/article/2825257/cio-face-cloud-computing-challenges-pitfalls.html]]|Challenges|
|2014.10.02|//Praetorian//|[[Cloud Security Best Practices for Amazon Web Services (AWS)|https://www.praetorian.com/blog/cloud-security-best-practices-amazon-web-services-aws]]|AWS Best_Practices|
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2014.09.24|Next INpact[>img[iCSF/flag_fr.png]]|Cloud souverain : deux ans après, on fait le point ([[1|https://www.nextinpact.com/dossier/734-cloud-souverain-deux-ans-apres-on-fait-le-point/1.htm]]) ([[2|https://www.nextinpact.com/dossier/734-cloud-souverain-deux-ans-apres-on-fait-le-point/2.htm]]) ([[3|https://www.nextinpact.com/dossier/734-cloud-souverain-deux-ans-apres-on-fait-le-point/3.htm]])|Sovereign_Cloud Cloudwatt Numergy|
|2014.09.02|Journal (IJACT)|[[Secure Cloud Computing through Homomorphic Encryption|https://arxiv.org/ftp/arxiv/papers/1409/1409.0829.pdf]]|Homomorphic_Encryption|
|!Août|!Sources|!Titres et Liens|!Keywords|
|2014.08.13|Infosec Island|[[National Cybersecurity = Cloud Computing Security|http://www.infosecisland.com/blogview/23914-National-Cybersecurity--Cloud-Computing-Security.html]]|Cloud Misc.|
|2014.08.11|SANS|[[Its 10PM...Do you know where your cloud is?|https://www.sans.org/reading-room/whitepapers/cloud/10pmdo-cloud-is-35332]]|Analysis Misc.|
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|2014.07.23|Infosec Island|[[EBS Encryption: Enhancing the Amazon Web Services Offering with Key Management|http://www.infosecisland.com/blogview/23882-EBS-Encryption-Enhancing-the-Amazon-Web-Services-Offering-with-Key-Management.html]]|Cloud Misc.|
|2014.07.09|ComputerWeekly|[[Daring Deal|https://www.nextgov.com/it-modernization/2014/07/daring-deal/100872/]]|CIA AWS|
|!Juin|!Sources|!Titres et Liens|!Keywords|
|2014.06.27|Infosec Island|[[Key Management in the Public Cloud|http://www.infosecisland.com/blogview/23842-Key-Management-in-the-Public-Cloud.html]]|Cloud Misc.|
|2014.06.24|Infosec Island|[[Big Data's Big Promise Isn't Here Yet |http://www.infosecisland.com/blogview/23837-Big-Datas-Big-Promise-Isnt-Here-Yet-.html]]|Cloud Misc.|
|2014.06.23|Infosec Island|[[Two Signs You Should Invest in Cloud Computing Data Security|http://www.infosecisland.com/blogview/23831-Two-Signs-You-Should-Invest-in-Cloud-Computing-Data-Security.html]]|Cloud Misc.|
|2014.06.18|Infosec Island|[[What is Continuous Compliance and Assurance?|http://www.infosecisland.com/blogview/23823-What-is-Continuous-Compliance-and-Assurance.html]]|Cloud Misc.|
|2014.06.17|//Coalfire//|[[Embracing the Cloud's Potential for Security|https://www.coalfire.com/The-Coalfire-Blog/June-2014/Embracing-the-Cloud-s-Potential-for-Security]]|Misc|
|2014.06.16|Infosec Island|[[An Interview with Johan Hybinette|http://www.infosecisland.com/blogview/23817-An-Interview-with-Johan-Hybinette.html]]|Cloud Misc.|
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2014.05.14|//Optiv//|[[Reducing Risk in the Cloud: What You Should be Thinking About|https://www.optiv.com/blog/reducing-risk-in-the-cloud-what-you-should-be-thinking-about]]|Risks|
|2014.05.01|ISACA Journal|[[Selecting the Right Cloud Operating Model: Privacy and Data Security in the Cloud|https://www.isaca.org/resources/isaca-journal/past-issues/2014/selecting-the-right-cloud-operating-model-privacy-and-data-security-in-the-cloud]]|Misc|
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2014.04.29|//Gartner//|![[G00222114: The Snowden Effect: Data Location Matters|https://www.gartner.com/en/documents/2724017]]|!Localisation|
|2014.04.25|CircleID|[[Overcoming Cloud Storage Security Concerns: 7 Key Steps|http://www.circleid.com/posts/20140425_overcoming_cloud_storage_security_concerns_7_key_steps/]] |Storage|
|2014.04.17|//Coalfire//|[[The Top 3 Security Issues in Federal Cloud Computing|https://www.coalfire.com/The-Coalfire-Blog/April-2014/The-Top-3-Security-Issues-in-Federal-Cloud-Computi]]|Federal_Cloud|
|2014.04.12|Infosec Island|[[NSA vs. Cloud Encryption: Which is Stronger?|http://www.infosecisland.com/blogview/23671-NSA-vs-Cloud-Encryption-Which-is-Stronger.html]]|Cloud Misc.|
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2014.03.31|Infosec Island|[[Pros and Cons of US-Based Cloud Services|http://www.infosecisland.com/blogview/23697-Pros-and-Cons-of-US-Based-Cloud-Services.html]]|Cloud Misc.|
|2014.03.29|Infosec Island|[[We Have to Find Ways to Reinforce Trust |http://www.infosecisland.com/blogview/23689-We-Have-to-Find-Ways-to-Reinforce-Trust-.html]]|Cloud Misc.|
|2014.03.23|Infosec Island|[[BYOD For Government?|http://www.infosecisland.com/blogview/23679-BYOD-For-Government.html]]|Cloud Misc.|
|2014.03.19|CircleID|[[Cloud Computing Can Make You More Secure|http://www.circleid.com/posts/20140319_cloud_computing_can_make_you_more_secure/]] |Risks|
|2014.03.10|Infosec Island|[[PerspecSys Survey Reveals Cloud-based Security Concerns for 2014|http://www.infosecisland.com/blogview/23660-PerspecSys-Survey-Reveals-Cloud-based-Security-Concerns-for-2014.html]]|Cloud Misc.|
|2014.03.05|Infosec Island|[[NCOIC Debuts Roadmap for Designing, Managing Cyber-secure Hybrid Computing Environment|http://www.infosecisland.com/blogview/23651-NCOIC-Debuts-Roadmap-for-Designing-Managing-Cyber-secure-Hybrid-Computing-Environment.html]]|Cloud Misc.|
|!Février|!Sources|!Titres et Liens|!Keywords|
|2014.02.27|Infosec Island|[[Zero Trust and the Age of Global Connectivity|http://www.infosecisland.com/blogview/23641-Zero-Trust-and-the-Age-of-Global-Connectivity.html]]|Cloud Misc.|
|2014.02.19|Infosec Island|[[Surveillance and Pressure Against WikiLeaks and Its Readers|http://www.infosecisland.com/blogview/23631-Surveillance-and-Pressure-Against-WikiLeaks-and-Its-Readers.html]]|Cloud Misc.|
|2014.02.10|Infosec Island|[[Interoperability: A Much Needed Cloud Computing Focus|http://www.infosecisland.com/blogview/23615-Interoperability-A-Much-Needed-Cloud-Computing-Focus.html]]|Cloud Misc.|
|2014.02.04|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Déploiement du Cloud : pourquoi ça coince|https://www.silicon.fr/deploiement-du-cloud-pourquoi-ca-coince-92505.html]]|Sovereign_Cloud|
|2014.02.04|//Optiv//|[[Internet Security Questions for the Cloud Provider|https://www.optiv.com/blog/internet-security-questions-cloud-provider-optiv]]|Assess|
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|2014.01.14|//CobaltStrike//|[[Cloud-based Redirectors for Distributed Hacking|https://blog.cobaltstrike.com/2014/01/14/cloud-based-redirectors-for-distributed-hacking/]]|Redirection Attacks|
|>|!|>||
<<tiddler .ReplaceTiddlerTitle with: [[Veille Web - Année 2014]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Année 2014]]>>Pour 2014, aucun article n'est repris sur ce site pour le moment.
Consultez directement le blog sur le site original : https://blog.cloudsecurityalliance.org/
!la vulnérabilité CVE-2014-7188
> //The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors.//
!Liste ''NON'' exhaustive de liens vers des articles et des blogs
|>|>|!Octore 2012|
|2012.10.29|Netflix|[[Post-mortem of October 22,2012 AWS degradation|http://techblog.netflix.com/2012/10/post-mortem-of-october-222012-aws.html]] |
|~|~|__Commentaire :__ //Cet article n'est pas lié au CVE-2014-7188, mais intéressant dans la démarche suivie//|
|>|>|!Septembre 2014|
|!|Xen Project|[[Xen Security Problem Response Process|http://www.xenproject.org/security-policy.html]]|
|2014.09.24|RightScale Cloud Management Blog|[[AWS to Reboot a Number of EC2 Instances|http://www.rightscale.com/blog/rightscale-news/aws-reboot-number-ec2-instances]]|
|2014.09.25|Amazon Web Services Blog|[[EC2 Maintenance Update|http://aws.amazon.com/blogs/aws/ec2-maintenance-update/]]|
|2014.09.25|RightScale Cloud Management Blog|[[AWS Reboot: FAQs|http://www.rightscale.com/blog/rightscale-news/aws-reboot-faqs]]|
|2014.09.25|IT News Australia|[[Amazon forced to reboot EC2 to patch Xen bug|http://www.itnews.com.au/News/396180%2camazon-forced-to-reboot-ec2-to-patch-xen-bug.aspx]]|
|2014.09.25|CMS Wire|[[Rackspace Guarantees 99.99% Uptime on Private Cloud|http://www.cmswire.com/cms/information-management/oops-is-rackspace-rethinking-its-9999-uptime-boast-026662.php]]|
|2014.09.25|Data Center Knowledge Blog|[[Amazon Initiates Massive Global EC2 Server Reboot|http://www.datacenterknowledge.com/archives/2014/09/25/amazon-reboot-will-affect-less-10-percent-cloud-instances/]]|
|2014.09.25|Datacenter Dynamics|[[Amazon Initiates Massive Global EC2 Server Reboot|http://www.datacenterdynamics.com/focus/archive/2014/09/amazon-initiates-massive-global-ec2-server-reboot]]|
|2014.09.26|InformationWeek|[[Amazon Reboots Cloud Servers, Xen Bug Blamed|http://www.informationweek.com/cloud/software-as-a-service/amazon-reboots-cloud-servers-xen-bug-blamed/d/d-id/1316093]]|
|2014.09.27|Rackspace Support Network|[[URGENT NOTICE - CLOUD SERVER REBOOTS (Standard, Performance 1, Performance 2)|https://community.rackspace.com/general/f/34/t/4318]]|
|2014.09.27|The Register|[[Rackspace to hit GLOBAL CLOUD REBOOT button to flush out Xen security nasty -- Sysadmins warned of incoming blitz|http://www.theregister.co.uk/2014/09/27/rackspace_hits_global_cloud_reboot_button_on_xen_security_bug/]]|
|2014.09.27|The Register|[[Xen security bug, you say? Amazon readies GLORIOUS GLOBAL CLOUD REBOOT|http://www.theregister.co.uk/2014/09/25/amazon_readies_global_glory_reboot/]]|
|2014.09.29|Data Center Knowledge Blog|[[Rackspace Reboots Cloud Servers to Apply Xen Security Patch|http://www.datacenterknowledge.com/archives/2014/09/29/rackspace-undergoes-xen-cloud-reboot-for-cloud/]]|
|2014.09.29|CMS Wire|[[Oops! Is Rackspace Rethinking its 99.99% Uptime Boast?|http://www.cmswire.com/cms/information-management/oops-is-rackspace-rethinking-its-9999-uptime-boast-026662.php]]|
|>|>|!Octobre 2014|
|2014.10.01|Xen Security Advisory|⇒ [[XSA-108 -- Improper MSR range used for x2APIC emulation|http://xenbits.xen.org/xsa/advisory-108.html]]|
|2014.10.01|Amazon Web Services Blog|[[EC2 Maintenance Update II|http://aws.amazon.com/blogs/aws/ec2-maintenance-update-2/]]|
|2014.10.01|Rackspace|[[An Apology|http://www.rackspace.com/blog/an-apology/]]|
|2014.10.01|Datacenter Dynamics|[[Rackspace Follows AWS, Reboots Cloud Servers To Patch Xen|http://www.datacenterdynamics.com/focus/archive/2014/10/rackspace-follows-aws-reboots-cloud-servers-patch-xen]]|
|2014.10.01|CMS Wire|[[Rackspace CEO: We Screwed Up During Cloud Reboot|http://www.cmswire.com/cms/information-management/rackspace-ceo-we-screwed-up-during-cloud-reboot-026688.php]]|
|2014.10.01|Virtual Server Update||
|2014.10.01|PC World|[[Xen Project discloses serious vulnerability that impacts virtualized servers|http://www.pcworld.com/article/2690612/xen-project-discloses-serious-vulnerability-that-impacts-virtualized-servers.html]]|
|2014.10.01|GigaOm|[[And now it's IBM's turn to reboot its cloud|https://gigaom.com/2014/10/01/and-now-its-ibm-softlayers-turn-to-reboot-its-cloud/]]|
|2014.10.01|IBM/SoftLayer|[[Virtual Server Update|http://blog.softlayer.com/2014/virtual-server-update]]|
|2014.10.01|Neovise|![[The Problem with Forced Cloud Reboots|http://www.neovise.com/forced-cloud-reboots-aws-rackspace-softlayer]]|
|2014.10.02|Mitre|[[CVE-2014-7188|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7188]]|
|2014.10.02|National Cyber Awareness System|⇒ [[CVE-2014-7188|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7188]]|
|2014.10.02|Xen Project blog|[[Additional information|https://blog.xenproject.org/2014/10/02/xsa-108-additional-information-from-the-xen-project-2/]]|
|2014.10.03|InfoWorld|[[3 lessons from the big cloud reboot|http://www.infoworld.com/article/2691239/cloud-computing/3-lessons-from-the-big-cloud-reboot.html]]|
|2014.10.08|Xen Project Mailing-list|[[Security policy ambiguities - XSA-108 process post-mortem|http://bugs.xenproject.org/xen/bug/44]]|
|2014.10.09|RightScale Cloud Management Blog|⇒ [[Xen Bug Drives Cloud Reboot: Survey Shows Users Undeterred|http://www.rightscale.com/blog/cloud-industry-insights/xen-bug-drives-cloud-reboot-survey-shows-users-undeterred]]|
|2014.10.09|RightScale on SlideShare|[[RightScale Survey Cloud Reboot Survey/Xen Vulnerability October 2014|http://www.slideshare.net/rightscale/cloud-reboot-survey-oct-2014-for-sharing-final]]|
|2014.10.09|CMS Wire|[[Was Amazon Web Services the Winner in Xen Cloud Reboot?|http://www.cmswire.com/cms/information-management/was-amazon-web-services-the-winner-in-xen-cloud-reboot-026785.php]]|
|>|>|!Mars 2015|
|2015.03.02|AWS Security Maintenance|[[Important **Update** About Upcoming AWS Security Maintenance|https://aws.amazon.com/premiumsupport/maintenance-2015-03/]]|
|2015.03.10|Xen Security Advisory|⇒ [[XSA-123 -- Hypervisor memory corruption due to x86 emulator flaw|https://xenbits.xen.org/xsa/advisory-123.html]]|
!!12ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La douzième réunion du [[Chapitre Français]] de la CSA se déroulera le 12 octobre 2014 à partir de 18h30 dans les en audio/vidéo
Un numéro d'appel est mis en place pour les personnes à distance via GoTo Meeting+++^*[»] https://www3.gotomeeting.com/join/983214734 ===
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
!"//Cloud Security Alliance Releases New Cloud Controls Matrix v3.0.1 and Consensus Assessments Initiative Questionnaire v3.0.1//" -- 2014
<<<
[>img(100px,auto)[iCSA_/CCM+CAIQ-v301.jpg]]//__''Two De Facto Industry Standards Now Aligned with One-to-One Mapping to Allow for Smarter Decisions by Cloud Consumers and More Transparency for Cloud Providers''__
The [[CCM]] is currently considered a de-facto standard for cloud security assurance and compliance.
The Cloud Security Alliance (CSA) today announced the release of significant updates to two de facto industry standards, the Cloud Controls Matrix ([[CCM]]) Version v3.0.1 and the Consensus Assessments Initiative Questionnaire ([[CAIQ]]) v3.0.1.
With the updates, the CSA has completed a major milestone in the alignment between the Security Guidance for Critical Areas of Focus in Cloud Computing v3, [[CCM]], and [[CAIQ]].
"With the release of the new [[CAIQ]] and [[CCM]], alongside a strong migration path to CSA's Security, Trust & Assurance Registry, we have intentionally created a much needed one-stop-shop in the cloud provider assessment process," says Jim Reavis, CEO of the CSA. "This will allow cloud providers to be more transparent in the baseline assessment process, helping accelerate the implementation process where cloud consumers will be able to make smart, efficient decisions. We expect the new versions to have an enormous and positive impact on the cloud industry." Together the [[CCM]] v3.0.1 and [[CAIQ]] v3.0.1 allow for greater efficiencies and transparency in the cloud assessment and implementation process.
[>img(300px,auto)[iCSA_/CCM+CAIQ-Download-v301.jpg]]Additionally, the new guidance documents will serve as a seamless transition point to those providers wishing to submit to the CSA Security, Trust & Assurance Registry ([[STAR]]), a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings.
Specifically, [[CAIQ]] v3.0.1 realigns [[CAIQ]] questions to [[CCM]] v3.0.1 control domains and the CSA's Guidance for Critical Areas of Focus in Cloud Computing v3.0. It also maps the [[CAIQ]] questions to the latest compliance requirements found in the [[CCM]] v3.0.1. In both documents, redundancies have been reduced and language rewritten for clarity of intent, STAR enablement, and Standards Development Organization alignment. Additionally, [[CCM]] v3.0.1 contains new or updated mappings in all 16 domain control areas.//
<<<
Lien → https://cloudsecurityalliance.org/articles/csa-releases-new-ccm-caiq-v3-0-1/
!"//Conférence 'SecureCloud 2014'//"
La conférence s'est tenue les 1er et 2 avril 2014 à l'Amsterdam RAI Convention Centre à Amsterdam, aux Pays-Bas.
Les présentations sont maintenant disponibles.
__Liens :__
* Site et présentationss → https://cloudsecurityalliance.org/events/securecloud2014/
* Annonce ENISA ⇒ https://www.enisa.europa.eu/news/enisa-news/enisa-organises-securecloud-2014
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2013.11.14|Infosec Island|[[What the Snowden Leaks Can Teach Us About Data Security|http://www.infosecisland.com/blogview/23492-What-the-Snowden-Leaks-Can-Teach-Us-About-Data-Security.html]]|Cloud Misc.|
|2013.11.12|Infosec Island|[[Security Advisor Alliance, A Nonprofit of Elite CISOs giving back to the community. |http://www.infosecisland.com/blogview/23486-Security-Advisor-Alliance-A-Nonprofit-of-Elite-CISOs-giving-back-to-the-community-.html]]|Cloud Misc.|
|2013.11.12|//Backblaze//|[[How long do disk drives last?|https://www.backblaze.com/blog/how-long-do-disk-drives-last/]]|Reliability|
|2013.11.04|Infosec Island|[[The Road To Identity Relationship Management|http://www.infosecisland.com/blogview/23461-The-Road-To-Identity-Relationship-Management.html]]|Cloud Misc.|
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2013.10.16|Infosec Island|[[Encrypting Data At Rest Or In The Cloud: Is It Value Adding?|http://www.infosecisland.com/blogview/23430-Encrypting-Data-At-Rest-Or-In-The-Cloud-Is-It-Value-Adding.html]]|Cloud Misc.|
|2013.10.10|Netflix|[[Introducing Chaos to C*|http://techblog.netflix.com/2013/10/introducing-chaos-to-c.html]]|Netflix Resilience|
|2013.10.03|//Markerbench//|[[The DevOps Security Handbook: Building Security In With Chef, Part III|http://www.markerbench.com/blog/2013/10/06/chef-3rd-course/]] (3/3)|DevSecOps Chef|
|2013.10.03|//Markerbench//|[[The DevOps Security Handbook: Building Security In With Chef, Part II|http://www.markerbench.com/blog/2013/10/03/chef-2nd-course/]] (2/3)|DevSecOps Chef|
|2013.10.03|//Markerbench//|[[The DevOps Security Handbook: Building Security In With Chef, Part I|http://www.markerbench.com/blog/2013/10/01/chef-starter/]] (1/3)|DevSecOps Chef|
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2013.09.25|//Orange Business Service//[>img[iCSF/flag_fr.png]]|[[CSA STAR Certification - un label de sécurité pour le cloud|https://www.orange-business.com/fr/blogs/securite/cloud-computing/csa-star-certification-un-label-de-securite-pour-le-cloud]]|[[STAR]]|
|2013.09.25|Infosec Island|[[The Cloud Problem - How Security Pros Can Migrate and Maintain Security|http://www.infosecisland.com/blogview/23402-The-Cloud-Problem--How-Security-Pros-Can-Migrate-and-Maintain-Security.html]]|Cloud Misc.|
|2013.09.17|SANS|[[The Security Onion Cloud Client Network Security Monitoring for the Cloud|https://www.sans.org/reading-room/whitepapers/cloud/security-onion-cloud-client-network-security-monitoring-cloud-34335]]|Analysis Misc.|
|!Août|!Sources|!Titres et Liens|!Keywords|
|2013.08.30|Mobile & Technology Exploration|[[Lawful Interception - Cloud/Virtual Services|https://trewmte.blogspot.com/2013/08/lawful-interception-cloudvirtual.html]]|Misc|
|2013.08.21|SANS|[[Simplifying Cloud Access Without Sacrificing Corporate Control: A Review of McAfees Integrated Web and Identity Solutions|https://www.sans.org/reading-room/whitepapers/analyst/simplifying-cloud-access-sacrificing-corporate-control-review-mcafees-integrated-web-identity-solutions-35005]]|Analysis Misc.|
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|2013.07.30|Infosec Island|[[Top Secret SCI Jobs - The Value of Smaller Contractors|http://www.infosecisland.com/blogview/23320-Top-Secret-SCI-Jobs-The-Value-of-Smaller-Contractors.html]]|Cloud Misc.|
|2013.07.18|Infosec Island|[[Achieving Code Compliance in an Agile Environment|http://www.infosecisland.com/blogview/23291-Achieving-Code-Compliance-in-an-Agile-Environment.html]]|Cloud Misc.|
|2013.07.17|Infosec Island|[[2-Factor Is Great, But Passwords Still Weak Spot|http://www.infosecisland.com/blogview/23290-2-Factor-Is-Great-But-Passwords-Still-Weak-Spot.html]]|Cloud Misc.|
|2013.07.11|Infosec Island|[[Mitigate Security Risk Before Your Business Collapses|http://www.infosecisland.com/blogview/23276-Mitigate-Security-Risk-Before-Your-Business-Collapses.html]]|Cloud Misc.|
|2013.07.04|Infosec Island|[[What Magneto's Helmet and Non-ICFR SSAE 16 Controls have in Common|http://www.infosecisland.com/blogview/23258-What-Magnetos-Helmet-and-Non-ICFR-SSAE-16-Controls-have-in-Common.html]]|Cloud Misc.|
|2013.07.03|Infosec Island|[[HIPAA in Public Cloud: The Rules Have Been Set|http://www.infosecisland.com/blogview/23257-HIPAA-in-Public-Cloud-The-Rules-Have-Been-Set.html]]|Cloud Misc.|
|2013.07.01|Infosec Island|[[Trend Spotting @BlackHatEvents: Did I Mention the Irony @BrianKrebs is Bringing?|http://www.infosecisland.com/blogview/23252-Trend-Spotting-BlackHatEvents-Did-I-Mention-the-Irony-BrianKrebs-is-Bringing.html]]|Cloud Misc.|
|!Juin|!Sources|!Titres et Liens|!Keywords|
|2013.06.28|Infosec Island|[[Five Factors InfoSec Teams Should Consider When Deploying to the Cloud|http://www.infosecisland.com/blogview/23241-Five-Factors-InfoSec-Teams-Should-Consider-When-Deploying-to-the-Cloud.html]]|Cloud Misc.|
|2013.06.24|Infosec Island|[[Cyber Attacks the Reality, the Reason and the Resolution Part 3|http://www.infosecisland.com/blogview/23233-Cyber-Attacks-the-Reality-the-Reason-and-the-Resolution-Part-3.html]]|Cloud Misc.|
|2013.06.19|Infosec Island|[[Identity & Access Management: Give Me a REST|http://www.infosecisland.com/blogview/23223-Identity-amp-Access-Management-Give-Me-a-REST.html]]|Cloud Misc.|
|2013.06.14|Infosec Island|[[From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget|http://www.infosecisland.com/blogview/23210-From-the-SMB-to-Security-Guru-Five-Ways-IT-Pros-Can-Manage-Security-on-a-Budget.html]]|Cloud Misc.|
|2013.06.04|Infosec Island|[[Irregardless, Begs the Question, and SSAE 16 Certified|http://www.infosecisland.com/blogview/23193-Irregardless-Begs-the-Question-and-SSAE-16-Certified.html]]|Cloud Misc.|
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2013.05.20|Netflix|[[Conformity Monkey - Keeping your cloud instances following best practices|http://techblog.netflix.com/2013/05/conformity-monkey-keeping-your-cloud.html]]|Netflix|
|2013.05.01|ISACA Journal|[[IT Security Responsibilities Change When Moving to the Cloud|https://www.isaca.org/resources/isaca-journal/past-issues/2013/it-security-responsibilities-change-when-moving-to-the-cloud]]|Responsibility|
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2013.04.23|//Cloudflare//|[[What CloudFlare Logs|https://blog.cloudflare.com/what-cloudflare-logs/]]|Misc|
|2013.04.23|Infosec Island|[[Google: Black Hat or White Hat? |http://www.infosecisland.com/blogview/23100-Google-Black-Hat-or-White-Hat-.html]]|Cloud Misc.|
|2013.04.22|//Coalfire//|[[The PCI DSS Cloud Computing Guidelines: An Executive Summary|https://www.coalfire.com/The-Coalfire-Blog/April-2013/The-PCI-DSS-Cloud-Computing-Guidelines-An-Executiv]]|PCI_DSS Compliance|
|2013.04.09|SANS|[[Cloud Forensics with F-Response|https://www.sans.org/blog/cloud-forensics-with-f-response/]]|Forensics|
|2013.04.05|Infosec Island|[[Protect Data Not Devices?|http://www.infosecisland.com/blogview/23063-Protect-Data-Not-Devices.html]]|Cloud Misc.|
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2013.03.27|//Rapid7//|[[There's a Hole in 1,951 Amazon S3 Buckets|https://blog.rapid7.com/2013/03/27/open-s3-buckets/]]|AWS Bucket Data_Leak|
|2013.03.18|FCW|''[[Sources: Amazon and CIA ink cloud deal|https://fcw.com/articles/2013/03/18/amazon-cia-cloud.aspx]]''|CIA AWS|
|2013.03.12|Infosec Island|[[Identity in the Modern Enterprise|http://www.infosecisland.com/blogview/22996-Identity-in-the-Modern-Enterprise.html]]|Cloud Misc.|
|2013.03...|Journal of Networks|[[CloudProxy: A NAPT Proxy for Vulnerability Scanners based on Cloud Computing (pdf)|https://pdfs.semanticscholar.org/4887/7c7dccc81fa24a1a7579c46c7eaadbf8e792.pdf]]|Scanners|
|!Février|!Sources|!Titres et Liens|!Keywords|
|2013.02.21|CircleID|[[IP Address Management as a Service on the Cloud|http://www.circleid.com/posts/20130221_ip_address_management_as_a_service_on_the_cloud/]] |Addressing|
|2013.02.07|CircleID|[[Cloud Security Hinges on IP Addressing|http://www.circleid.com/posts/20130207_cloud_security_hinges_on_ip_addressing/]] |Addressing (3/3)|
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|2013.01.29|Infosec Island|[[These Cloud and Big Data Things are REALLY Cool|http://www.infosecisland.com/blogview/22723-These-Cloud-and-Big-Data-Things-are-REALLY-Cool.html]]|Cloud Misc.|
|2013.01.29|Infosec Island|[[Banking 2.0 and The Future of Bank Branches|http://www.infosecisland.com/blogview/22750-Banking-20-and-The-Future-of-Bank-Branches.html]]|Cloud Misc.|
|2013.01.29|CircleID|[[Maslow's Hammer Meets the Software Defined Data Center|http://www.circleid.com/posts/20130129_maslows_hammer_meets_the_software_defined_data_center/+(2/3)]] ||
|2013.01.24|Infosec Island|[[CISO Challenges: The Build vs. Buy Problem (2:2)|http://www.infosecisland.com/blogview/22655-CISO-Challenges-The-Build-vs-Buy-Problem-22.html]]|Cloud Misc.|
|2013.01.22|Infosec Island|[[Cloud App Integration: Incredibly Important, But Also Problematic|http://www.infosecisland.com/blogview/22752-Cloud-App-Integration-Incredibly-Important-But-Also-Problematic.html]]|Cloud Misc.|
|2013.01.22|//Optiv//|![[Driving a Hard Bargain: Cloud Computing Contracts|https://www.optiv.com/blog/driving-a-hard-bargain-cloud-computing-contracts]]|Contract|
|2013.01.21|Infosec Island|[[CISO Challenges: The Build vs. Buy Problem (1:2)|http://www.infosecisland.com/blogview/22654-CISO-Challenges-The-Build-vs-Buy-Problem-12.html]]|Cloud Misc.|
|2013.01.18|CircleID|[[Software Defined Data Centre Needs DNS|http://www.circleid.com/posts/20130118_software_defined_data_centre_needs_dns/]] (1/3)|!DNS|
|2013.01.17|Infosec Island|[[Dismantling cyber warfare on "3 troubling cyber scenarios worth discussing"|http://www.infosecisland.com/blogview/22862-Dismantling-cyber-warfare-on-3-troubling-cyber-scenarios-worth-discussing.html]]|Cloud Misc.|
|2013.01.13|Infosec Island|[[Common Sense Cybersecurity|http://www.infosecisland.com/blogview/22849-Common-Sense-Cybersecurity.html]]|Cloud Misc.|
|2013.01.08|//Markerbench//|[[Outsource your web risks with a static website|http://www.markerbench.com/blog/2013/01/08/static-blogging/]]|Cloud Misc.|
|2013.01.07|Infosec Island|[[Actual Cloud - The One To Chose|http://www.infosecisland.com/blogview/22753-Actual-Cloud--The-One-To-Chose.html]]|Cloud Misc.|
|2013.01.02|Infosec Island|[[On Cloud Adoption|http://www.infosecisland.com/blogview/22751-On-Cloud-Adoption.html]]|Cloud Misc.|
|>|!|>||
<<tiddler .ReplaceTiddlerTitle with: [[Veille Web - Année 2013]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Année 2013]]>>Pour 2013, aucun article n'est repris sur ce site pour le moment.
Consultez directement le blog sur le site original : https://blog.cloudsecurityalliance.org/
!La disparition de Nirvanix
[>img[iCSF/Nirvanix.png]]Quelques éléments de référence :
* Wikipedia : [[Nirvalix|http://en.wikipedia.org/wiki/Nirvanix]]
* CrunchBase : [[Nirvalix|http://www.crunchbase.com/organization/nirvanix]]
* 2013.09.17 : [[Nirvanix is reportedly shuttering its cloud storage service|http//gigaom.com/2013/09/17/nirvanix-is-reportedly-shuttering-its-cloud-storage-service/]]
* 2013.09.17 : [[Cloud Storage Startup Nirvanix Tells Customers, Partners It's Shutting Down|http//:www.crn.com/news/cloud/240161410/cloud-storage-startup-nirvanix-tells-customers-partners-its-shutting-down.htm]]+++*[»]>
"//Founded in 2007, Nirvanix has raised more than $70 million in venture capital funding to date, including a $25 million Series C round last May led by Khosla Ventures. Other investors include Valhalla Partners, Intel Capital, Mission Ventures and Windward Ventures.//"
"//IBM uses Nirvanix's cloud storage technology in its SmartCloud Enterprise portfolio, and Dell in September of 2012 signed a reseller agreement with Nirvanix.//"
===
* 2013.09.17 : [[Cloud provider Nirvanix gives customers two weeks to vacate data|http//www.information-age.com/technology/cloud-and-virtualisation/123457347/cloud-provider-nirvanix-gives-customers-two-weeks-to-vacate-data]]
* 2013.09.18 : [[Cloud Exit Strategies - You DO need them!|http//blogs.gartner.com/kyle-hilgendorf/2013/09/18/cloud-exit-strategies-you-do-need-them/]]
* 2013.09.19 : [[Prepare for the Worst: What Nirvanix Teaches Us about Cloud Storage Reliability|http//www.neovise.com/prepare-for-worst-what-nirvanix-teaches-us-about-cloud-storage-reliability]]
* 2013.09.27 : [[Nirvanix fesses up: "It's true. We're gone"|https://gigaom.com/2013/09/27/nirvanix-fesses-up-its-true-were-gone/]]
* 2013.09.30 : [[Nirvanix Collapse Provides Stress Test for Cloud Migration|http//www.datacenterknowledge.com/archives/2013/09/30/nirvanix-collapse-provides-stress-test-for-cloud-migration/]]
* 2013.10.01 : [[Nirvanix Files for Chapter 11 Bankruptcy|http//blogs.wsj.com/venturecapital/2013/10/01/nirvanix-files-for-chapter-11-bankruptcy/]]
* 2014.10.04 : [[Cloud Storage Company Nirvanix Files for Bankruptcy - Pull Your Data By October 15th|http//www.legitreviews.com/cloud-storage-company-nirvanix-files-bankruptcy-pull-data-october-15th_125580]]
* 2014.10.14 : [[Nirvanix Shut-Down Sends Shockwaves through the Cloud Services Industry|http//www.serverwatch.com/server-trends/nirvanix-shut-down-sends-shockwaves-through-the-cloud-services-industry.html]]
!"//Cloud Controls Matrix (CCM) v3//" -- 2013
__''Description :''__[>img(150px,auto)[iCSA/CCM.png]]
//The CCM is currently considered a de-facto standard for cloud security assurance and compliance.//
__Lien :__
:→ https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3/
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
[>img(200px,auto)[iCSA_/13-MTFSISO37TCC.gif]]__''Mapping the Forensic Standard ISO/IEC 27037 to Cloud Computing''__
<<<
//The purpose of this document is to survey the issues related to forensic investigation in cloud environments, to describe the international standards for cloud forensics, and to summarize the current integration of cloud forensic requirements into service level agreements (SLAs).//
<<<
__Lien : __
* ⇒ téléchargement : https://cloudsecurityalliance.org/artifacts/mapping-the-forensic-standard-isoiec-27037-to-cloud-computing/
!"The Notorious Nine: Cloud Computing Top Threats in 2013"
__''Synthèse :''__[>img(150px,auto)[iCSA_/2013-notorious-nine.jpg]]
Identification de 9 menaces critiques pour 2013 :
* 1. //Data Breaches//
* 2. //Data Loss//
* 3. //Account Hijacking//
* 4. //Insecure APIs//
* 5. //Denial of Service//
* 6. //Malicious Insiders//
* 7. //Abuse of Cloud Services//
* 8. //Insufficient Due Diligence//
* 9. //Shared Technology Issues//
__Liens :__
* Annonce → https://cloudsecurityalliance.org/download/the-notorious-nine-cloud-computing-top-threats-in-2013/
* Document PDF → https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|2012.12.26|Infosec Island|[[The Obligatory 2013 Infosec Predictions Post|http://www.infosecisland.com/blogview/22809-The-Obligatory-2013-Infosec-Predictions-Post.html]]|Cloud Misc.|
|2012.12.13|Infosec Island|[[If IaaS is Going to be Heterogeneous, PaaS Will be Even More So|http://www.infosecisland.com/blogview/22500-If-IaaS-is-Going-to-be-Heterogeneous-PaaS-Will-be-Even-More-So.html]]|Cloud Misc.|
|2012.12.13|Infosec Island|[[The Dutch, the Yanks, the Cloud and YOU|http://www.infosecisland.com/blogview/22789-The-Dutch-the-Yanks-the-Cloud-and-YOU.html]]|Cloud Misc.|
|2012.12.13|Infosec Island|[[Mobile Devices get means for Tamper-Evident Forensic Auditing|http://www.infosecisland.com/blogview/22790-Mobile-Devices-get-means-for-Tamper-Evident-Forensic-Auditing.html]]|Cloud Misc.|
|2012.12.11|Infosec Island|[[CloudBeat 2012 - "Whose job is cloud security?"|http://www.infosecisland.com/blogview/22739-CloudBeat-2012-Whose-job-is-cloud-security.html]]|Cloud Misc.|
|2012.12.10|Infosec Island|[[If you are not serious enough about your security don't expect your IT service provider to care|http://www.infosecisland.com/blogview/22780-If-you-are-not-serious-enough-about-your-security-dont-expect-your-IT-service-provider-to-care.html]]|Cloud Misc.|
|2012.12.06|Infosec Island|[[Is PaaS the optimal cloud service model option for security? (Part 1 of 2)|http://www.infosecisland.com/blogview/22740-Is-PaaS-the-optimal-cloud-service-model-option-for-security-Part-1-of-2.html]]|Cloud Misc.|
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2012.11.27|SANS|[[An Introduction To Securing a Cloud Environment|https://www.sans.org/reading-room/whitepapers/cloud/introduction-securing-cloud-environment-34052]]|Analysis Misc.|
|2012.11.25|Infosec Island|[[On Terms of Service, and a Global Code|http://www.infosecisland.com/blogview/22499-On-Terms-of-Service-and-a-Global-Code.html]]|Cloud Misc.|
|2012.11.18|Infosec Island|[[Modernizing Physical Security and Incorporating Best Practices Into New Assets|http://www.infosecisland.com/blogview/22687-Modernizing-Physical-Security-and-Incorporating-Best-Practices-Into-New-Assets.html]]|Cloud Misc.|
|2012.11.08|Infosec Island|[[Six Sneaky Ways to Bring Down Your Company|http://www.infosecisland.com/blogview/22667-Six-Sneaky-Ways-to-Bring-Down-Your-Company.html]]|Cloud Misc.|
|2012.11.06|Infosec Island|[[CloudSigma and the Perils of Choice|http://www.infosecisland.com/blogview/22498-CloudSigma-and-the-Perils-of-Choice.html]]|Cloud Misc.|
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2012.10.29|Netflix|[[Post-mortem of October 22, 2012 AWS degradation|http://techblog.netflix.com/2012/10/post-mortem-of-october-222012-aws.html]]|Netflix|
|2012.10.29|CircleID|[[The Hybrid Cloud Impact on IPv6 Adaptation|http://www.circleid.com/posts/20121029_the_hybrid_cloud_impact_on_ipv6_adaptation/]] |IPv6|
|2012.10.29|Infosec Island|[[The Coming Storm: Forensics in the Cloud|http://www.infosecisland.com/blogview/22621-The-Coming-Storm-Forensics-in-the-Cloud.html]]|Cloud Misc.|
|2012.10.28|Infosec Island|[[Cloud Confusion is Considerable|http://www.infosecisland.com/blogview/22365-Cloud-Confusion-is-Considerable.html]]|Cloud Misc.|
|2012.10.24|Dechert|[[UK Information Commissioner Issues Guidance on Deleting Personal Data and the Use of Cloud Computing|https://info.dechert.com/10/502/october-2012/2012-10-24---onpoint---uk-information-commissioner-issues-guidance-on-deleting-personal-data-and-the-use-of-cloud-computing.asp]]|Legal ICO Privacy|
|2012.10.18|//BLG//|[[Cloud Services - Canadian Privacy Law Compliance|https://www.blg.com/fr/insights/2012/10/cloud-services-canadian-privacy-law-compliance]]|Canada Privacy|
|2012.10.05|CircleID|[[Trust - The Key to Cloud Computing Growth in Europe|http://www.circleid.com/posts/20121005_trust_the_key_to_cloud_computing_growth_in_europe/]] |Trust|
|2012.10.02|Infosec Island|[[eSignatures Go Keyless in the Cloud|http://www.infosecisland.com/blogview/22507-eSignatures-Go-Keyless-in-the-Cloud.html]]|Cloud Misc.|
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2012.09.26|Infosec Island|[[Accessibility and the Untold Issue Around Cloud Computing|http://www.infosecisland.com/blogview/22117-Accessibility-and-the-Untold-Issue-Around-Cloud-Computing.html]]|Cloud Misc.|
|2012.09.17|Infosec Island|[[Preparing Developers for Tomorrow's Cloudy World|http://www.infosecisland.com/blogview/22119-Preparing-Developers-for-Tomorrows-Cloudy-World.html]]|Cloud Misc.|
|2012.09.16|Infosec Island|[[CIOs Seek Value But See Challenges with Cloud Computing|http://www.infosecisland.com/blogview/22127--CIOs-Seek-Value-But-See-Challenges-with-Cloud-Computing.html]]|Cloud Misc.|
|2012.09.15|Infosec Island|[[Are Applications and Services on the Public Cloud Secure?|http://www.infosecisland.com/blogview/22218-Are-Applications-and-Services-on-the-Public-Cloud-Secure.html]]|Cloud Misc.|
|2012.09.12|Infosec Island|[[Data is the New Perimeter for Cloud Security |http://www.infosecisland.com/blogview/22387-Data-is-the-New-Perimeter-for-Cloud-Security-.html]]|Cloud Misc.|
|2012.09.12|Infosec Island|[[Data is the New Perimeter for Cloud Security|http://www.infosecisland.com/blogview/22387-Data-is-the-New-Perimeter-for-Cloud-Security-.html]]|Data|
|2012.09.10|Infosec Island|[[Data Mobility and Security Biggest Cloud Computing Concern|http://www.infosecisland.com/blogview/22126-Data-Mobility-and-Security-Biggest-Cloud-Computing-Concern.html]]|Cloud Misc.|
|2012.09.09|Infosec Island|[[Keeping Safe In The Cloud|http://www.infosecisland.com/blogview/22275-Keeping-Safe-In-The-Cloud.html]]|Cloud Misc.|
|2012.09.07|Infosec Island|[[DMTF's Cloud Infrastructure Standard|http://www.infosecisland.com/blogview/22358-DMTFs-Cloud-Infrastructure-Standard.html]]|Cloud Misc.|
|2012.09.06|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Projet Andromède : Orange et Thales matérialisent leur alliance avec Cloudwatt|https://www.silicon.fr/projet-andromede-orange-et-thales-materialisent-leur-alliance-avec-cloudwatt-78219.html]]|Sovereign_Cloud Andromède Cloudwatt|
|2012.09.05|Silicon.fr[>img[iCSF/flag_fr.png]]|[[Cloud Andromède : Bull et SFR présentent Numergy|https://www.silicon.fr/cloud-andromede-bull-sfr-numergy-78121.html]]|Sovereign_Cloud Andromède Numergy|
|2012.09.01|ISACA Journal|[[Cloud Risk - 10 Principles and a Framework for Assessment|https://www.isaca.org/resources/isaca-journal/past-issues/2012/cloud-risk-10-principles-and-a-framework-for-assessment]]|Risks Assessment|
|2012.09.01|//BLG//|[[Cloud computing - Regulatory guidance for managing risk|https://www.blg.com/fr/insights/2012/09/cloud-computing-regulatory-guidance-for-managing-risk]]|Canada Regulatory Risks|
|!Août|!Sources|!Titres et Liens|!Keywords|
|2012.08.30|Infosec Island|[[Steps to Ensure a Smooth(er) Migration to a Cloud Service|http://www.infosecisland.com/blogview/21872-Steps-to-Ensure-a-Smoother-Migration-to-a-Cloud-Service.html]]|Cloud Misc.|
|2012.08.29|Infosec Island|[[How the Cloud Disrupted the Corporate Ecosystem |http://www.infosecisland.com/blogview/22177-How-the-Cloud-Disrupted-the-Corporate-Ecosystem-.html]]|Cloud Misc.|
|2012.08.29|Infosec Island|[[On Cloud Outages (Yeah, They Happen)|http://www.infosecisland.com/blogview/22197-On-Cloud-Outages-Yeah-They-Happen.html]]|Cloud Misc.|
|2012.08.25|Infosec Island|[[Mobile Infrastructure: The Elephant in the Data Center|http://www.infosecisland.com/blogview/22083-Mobile-Infrastructure-The-Elephant-in-the-Data-Center.html]]|Cloud Misc.|
|2012.08.21|Infosec Island|[[The Cloud: It's About Flexibility|http://www.infosecisland.com/blogview/22115-The-Cloud-Its-About-Flexibility.html]]|Cloud Misc.|
|2012.08.21|Infosec Island|[[The Unforeseen Risks of the Cloud|http://www.infosecisland.com/blogview/22178-The-Unforeseen-Risks-of-the-Cloud.html]]|Cloud Misc.|
|2012.08.15|Infosec Island|[[The Future Ain't Homogenized: Please Stop the FUD Vendors|http://www.infosecisland.com/blogview/21969-The-Future-Aint-Homogenized-Please-Stop-the-FUD-Vendors.html]]|Cloud Misc.|
|2012.08.08|Infosec Island|[[Don't Miss the TECHEXPO Cloud Computing Hiring Event|http://www.infosecisland.com/blogview/22144-Dont-Miss-the-TECHEXPO-Cloud-Computing-Hiring-Event.html]]|Cloud Misc.|
|2012.08.06|Infosec Island|[[Dropbox Security Issues: IT Has Only Itself to Blame|http://www.infosecisland.com/blogview/22116-Dropbox-Security-Issues-IT-Has-Only-Itself-to-Blame.html]]|Cloud Misc.|
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|2012.07.31|Infosec Island|[[Five Security Tips for Android Phones and Tablets|http://www.infosecisland.com/blogview/22041-Five-Security-Tips-for-Android-Phones-and-Tablets.html]]|Cloud Misc.|
|2012.07.30|Netflix|[[Chaos Monkey Released Into The Wild|http://techblog.netflix.com/2012/07/chaos-monkey-released-into-wild.html]]|Netflix|
|2012.07.29|Infosec Island|[[Technical Considerations when Moving to the Cloud|http://www.infosecisland.com/blogview/21811-Technical-Considerations-when-Moving-to-the-Cloud.html]]|Cloud Misc.|
|2012.07.28|Infosec Island|[[GSA Seeks Cloud Brokerage Information|http://www.infosecisland.com/blogview/21964-GSA-Seeks-Cloud-Brokerage-Information.html]]|Cloud Misc.|
|2012.07.19|Infosec Island|[[Moving To The Cloud: Internal Business Considerations|http://www.infosecisland.com/blogview/21810-Moving-To-The-Cloud-Internal-Business-Considerations.html]]|Cloud Misc.|
|2012.07.18|Infosec Island|[[Security Mistakes You Will Make on Your Next Cloud Project|http://www.infosecisland.com/blogview/21448-Security-Mistakes-You-Will-Make-on-Your-Next-Cloud-Project.html]]|Cloud Misc.|
|2012.07.17|Infosec Island|[[Penetration Testing the Cloud: Three Important Points|http://www.infosecisland.com/blogview/21929-Penetration-Testing-the-Cloud-Three-Important-Points.html]]|Cloud Misc.|
|2012.07.17|Infosec Island|[[Ten Things I've Learned About Cloud Security|http://www.infosecisland.com/blogview/21937-Ten-Things-Ive-Learned-About-Cloud-Security.html]]|Cloud Misc.|
|2012.07.12|Infosec Island|[[Department of Defense's Cloud Computing Strategy|http://www.infosecisland.com/blogview/21906-Department-of-Defenses-Cloud-Computing-Strategy.html]]|Cloud Misc.|
|2012.07.11|Infosec Island|[[Cloud Surveys and Extrapolating Out to Disruption|http://www.infosecisland.com/blogview/21736-Cloud-Surveys-and-Extrapolating-Out-to-Disruption.html]]|Cloud Misc.|
|2012.07.11|Infosec Island|[[The Patchwork Cloud: Breaking Laws You Didn't Know Applied|http://www.infosecisland.com/blogview/21746-The-Patchwork-Cloud-Breaking-Laws-You-Didnt-Know-Applied.html]]|Cloud Misc.|
|2012.07.06|Infosec Island|[[Leap Second, Public Cloud and a Lesson in Enterprise Resiliency|http://www.infosecisland.com/blogview/21819-Leap-Second-Public-Cloud-and-a-Lesson-in-Enterprise-Resiliency.html]]|Cloud Misc.|
|2012.07.05|SANS|[[Pen Testing in the Cloud|https://pen-testing.sans.org/blog/2012/07/05/pen-testing-in-the-cloud]]|PenTesting|
|2012.07.03|CircleID|[[Cloud Redundancy: How Amazon Should Repair Credibility|http://www.circleid.com/posts/20120703_cloud_redundancy_how_amazon_should_repair_credibility/]] |Resilience|
|!Juin|!Sources|!Titres et Liens|!Keywords|
|2012.06.27|Infosec Island|[[The Patchwork Cloud: To Rent or Buy Your Cloud?|http://www.infosecisland.com/blogview/21659-The-Patchwork-Cloud-To-Rent-or-Buy-Your-Cloud.html]]|Cloud Misc.|
|2012.06.25|CNIL|[[Cloud computing : les conseils de la CNIL pour les entreprises qui utilisent ces nouveaux services|https://www.cnil.fr/fr/cloud-computing-les-conseils-de-la-cnil-pour-les-entreprises-qui-utilisent-ces-nouveaux-services]] ([[rapport|https://www.cnil.fr/sites/default/files/typo/document/Recommandations_pour_les_entreprises_qui_envisagent_de_souscrire_a_des_services_de_Cloud.pdf]] et ([[réponses à la consultation|https://www.cnil.fr/sites/default/files/typo/document/Synthese_des_reponses_a_la_consultation_publique_sur_le_Cloud_et_analyse_de_la_CNIL.pdf]])|Best_Practices|
|2012.06.24|Infosec Island|[[The Cloud: It's Not About Cost|http://www.infosecisland.com/blogview/21521-The-Cloud-Its-Not-About-Cost.html]]|Cloud Misc.|
|2012.06.14|Infosec Island|[[Cloud Insecurity? NSA Chief Keith Alexander Thinks Not|http://www.infosecisland.com/blogview/21631-Cloud-Insecurity-NSA-Chief-Keith-Alexander-Thinks-Not.html]]|Cloud Misc.|
|2012.06.11|Infosec Island|[[Making Sense of Data Storage in the Cloud|http://www.infosecisland.com/blogview/21296-Making-Sense-of-Data-Storage-in-the-Cloud.html]]|Cloud Misc.|
|2012.06.11|Infosec Island|[[Forecast 2012–Enterprise Cloud Best Practices Panel|http://www.infosecisland.com/blogview/21595-Forecast-2012Enterprise-Cloud-Best-Practices-Panel.html]]|Cloud Misc.|
|2012.06.05|Infosec Island|[[Cloud Migration: The Pain and the Opportunity|http://www.infosecisland.com/blogview/21522-Cloud-Migration-The-Pain-and-the-Opportunity.html]]|Cloud Misc.|
|2012.06.01|Infosec Island|[[Megaupload User Asks Court for Their Files Back... Again|http://www.infosecisland.com/blogview/21441-Megaupload-User-Asks-Court-for-Their-Files-Back-Again.html]]|Cloud Misc.|
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2012.05.23|Infosec Island|[[Cloud Patch Management: Consistency and Automation|http://www.infosecisland.com/blogview/21141-Cloud-Patch-Management-Consistency-and-Automation.html]]|Patch_Management|
|2012.05.23|//CloudCheckr//|[[AWS S3 Buckets & Bucket Finder|https://cloudcheckr.com/cloud-security/aws-s3-buckets-bucket-finder/]]|Tools AWS S3|
|2012.05.23|Arxiv|[[Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques|https://arxiv.org/ftp/arxiv/papers/1204/1204.0764.pdf]]|Survey Risks Mitigation|
|2012.05.16|Infosec Island|[[Big Opportunities in the Cloud|http://www.infosecisland.com/blogview/21081-Big-Opportunities-in-the-Cloud.html]]|Cloud Misc.|
|2012.05.15|Infosec Island|[[The Patchwork Cloud: Portability of Security in Cloud Computing|http://www.infosecisland.com/blogview/21076-The-Patchwork-Cloud-Portability-of-Security-in-Cloud-Computing.html]]|Cloud Misc.|
|2012.05.15|Infosec Island|[[Where Will the Buck Stop in Cloud Security?|http://www.infosecisland.com/blogview/21324-Where-Will-the-Buck-Stop-in-Cloud-Security.html]]|Cloud Misc.|
|2012.05.13|Infosec Island|[[Taming the WWW or Wild Wild West|http://www.infosecisland.com/blogview/21289-Taming-the-WWW-or-Wild-Wild-West.html]]|Cloud Misc.|
|2012.05.12|Infosec Island|[[The Absurdity of Cloud Computing and Hosted Services|http://www.infosecisland.com/blogview/21225-The-Absurdity-of-Cloud-Computing-and-Hosted-Services.html]]|Cloud Misc.|
|2012.05.11|Infosec Island|[[Keeping Security Relevant: From Control to Governance in the Cloud|http://www.infosecisland.com/blogview/21233-Keeping-Security-Relevant-From-Control-to-Governance-in-the-Cloud.html]]|Cloud Misc.|
|2012.05.11|Infosec Island|[[FedRAMP Releases Updated Security Assessment Templates|http://www.infosecisland.com/blogview/21286-FedRAMP-Releases-Updated-Security-Assessment-Templates.html]]|Cloud Misc.|
|2012.05.09|Infosec Island|[[Is Cloud Security in the Clouds?|http://www.infosecisland.com/blogview/21266-Is-Cloud-Security-in-the-Clouds.html]]|Cloud Misc.|
|2012.05.05|Infosec Island|[[The Patchwork Cloud: Making the Security Case|http://www.infosecisland.com/blogview/21045-The-Patchwork-Cloud-Making-the-Security-Case.html]]|Cloud Misc.|
|2012.05.03|Infosec Island|[[Five Conversations that will Shape Your Cloud Security Model|http://www.infosecisland.com/blogview/21145-Five-Conversations-that-will-Shape-Your-Cloud-Security-Model.html]]|Cloud Misc.|
|2012.05.01|Infosec Island|[[More on Banking 2.0 - Who Ya Gonna Trust?|http://www.infosecisland.com/blogview/21156-More-on-Banking-20-Who-Ya-Gonna-Trust.html]]|Cloud Misc.|
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2012.04.30|Infosec Island|[[Unmasking Agility: Cloud Reality or Myth of Marketing Hype?|http://www.infosecisland.com/blogview/21142-Unmasking-Agility-Cloud-Reality-or-Myth-of-Marketing-Hype.html]]|Cloud Misc.|
|2012.04.27|Infosec Island|[[The Patchwork Cloud - A Model Driven Approach|http://www.infosecisland.com/blogview/21044-The-Patchwork-Cloud-A-Model-Driven-Approach.html]]|Cloud Misc.|
|2012.04.25|Infosec Island|[[Court Orders Megaupload Parties to Come Up with a Plan|http://www.infosecisland.com/blogview/21041-Court-Orders-Megaupload-Parties-to-Come-Up-with-a-Plan.html]]|Cloud Misc.|
|2012.04.19|Infosec Island|[[Cloud Adoption Tension: IT vs Business|http://www.infosecisland.com/blogview/20948-Cloud-Adoption-Tension-IT-vs-Business.html]]|Cloud Misc.|
|2012.04.16|SANS|[[Diskless Cluster Computing: Security Benefit of oneSIS and Git|https://www.sans.org/reading-room/whitepapers/cloud/diskless-cluster-computing-security-benefit-onesis-git-33924]]|Analysis Misc.|
|2012.04.04|Infosec Island|[[Cloud Security: Forecast Sunny with Possibility of Showers|http://www.infosecisland.com/blogview/20715-Cloud-Security-Forecast-Sunny-with-Possibility-of-Showers.html]]|Cloud Misc.|
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2012.03.30|Infosec Island|[[Cloud Services Strategy: Security First - Growth Second|http://www.infosecisland.com/blogview/20787-Cloud-Services-Strategy-Security-First-Growth-Second.html]]|Cloud Misc.|
|2012.03.29|Infosec Island|[[Cloud Security and the Enterprise|http://www.infosecisland.com/blogview/20578-Cloud-Security-and-the-Enterprise.html]]|Misc|
|2012.03.28|Infosec Island|[[How Secure Is the Cloud? IT Pros Speak Up|https://www.cio.com/article/2397747/how-secure-is-the-cloud--it-pros-speak-up.html]]|Misc|
|2012.03.21|Infosec Island|[[Reaching for the Cloud: A Contemporary Infosec Perspective|http://www.infosecisland.com/blogview/20767-Reaching-for-the-Cloud-A-Contemporary-Infosec-Perspective.html]]|Cloud Misc.|
|2012.03.16|Infosec Island|[[On Security, Legislation and Cloud Vendors|http://www.infosecisland.com/blogview/20659-On-Security-Legislation-and-Cloud-Vendors.html]]|Cloud Misc.|
|2012.03.14|Infosec Island|[[The Patchwork Cloud - What's the Deal with Cloud Security?|http://www.infosecisland.com/blogview/20587-The-Patchwork-Cloud-Whats-the-Deal-with-Cloud-Security.html]]|Cloud Misc.|
|2012.03.14|Infosec Island|[[Understanding Cloud Security Part Two|http://www.infosecisland.com/blogview/20673-Understanding-Cloud-Security-Part-Two.html]]|Cloud Misc.|
|2012.03.11|Infosec Island|[[Understanding Cloud Security Part One|http://www.infosecisland.com/blogview/20672-Understanding-Cloud-Security-Part-One.html]]|Cloud Misc.|
|2012.03.10|Infosec Island|[[To the Cloud: Cloud Powering an Enterprise|http://www.infosecisland.com/blogview/19913-To-the-Cloud-Cloud-Powering-an-Enterprise.html]]|Cloud Misc.|
|2012.03.05|Infosec Island|[[Cloud Security Report: The Cloud May Be Safer|http://www.infosecisland.com/blogview/20602-Cloud-Security-Report-The-Cloud-May-Be-Safer.html]]|Cloud Misc.|
|2012.03.04|Infosec Island|[[The Patchwork Cloud - Security and Incentives|http://www.infosecisland.com/blogview/20399-The-Patchwork-Cloud-Security-and-Incentives.html]]|Cloud Misc.|
|2012.03.02|Infosec Island|[[Cross-Border Sovereignty Issues in the Cloud|http://www.infosecisland.com/blogview/20162-Cross-Border-Sovereignty-Issues-in-the-Cloud.html]]|Cloud Misc.|
|2012.03.01|Infosec Island|[[The Cloud's Low-Rent District|http://www.infosecisland.com/blogview/20354-The-Clouds-Low-Rent-District.html]]|Cloud Misc.|
|!Février|!Sources|!Titres et Liens|!Keywords|
|2012.02.27|Infosec Island|[[Cyber Insurance: Efficient Way to Manage Risk in the Cloud?|http://www.infosecisland.com/blogview/20185-Cyber-Insurance-Efficient-Way-to-Manage-Risk-in-the-Cloud.html]]|Cloud Misc.|
|2012.02.26|Infosec Island|[[A Checklist for a Move to the Cloud|http://www.infosecisland.com/blogview/20181-A-Checklist-for-a-Move-to-the-Cloud.html]]|Cloud Misc.|
|2012.02.24|Infosec Island|[[Compliance in the Digital Era: Watch Out for the Third Party|http://www.infosecisland.com/blogview/20189-Compliance-in-the-Digital-Era-Watch-Out-for-the-Third-Party.html]]|Cloud Misc.|
|2012.02.23|Infosec Island|[[The Patchwork Cloud Part 1: An Overview|http://www.infosecisland.com/blogview/20156-The-Patchwork-Cloud-Part-1-An-Overview.html]]|Cloud Misc.|
|2012.02.20|Infosec Island|[[Choosing Secure Data Storage - A Difficult Dance|http://www.infosecisland.com/blogview/19740-Choosing-Secure-Data-Storage-A-Difficult-Dance.html]]|Cloud Misc.|
|2012.02.19|Infosec Island|[[The Security Impact of Putting it in the Cloud|http://www.infosecisland.com/blogview/20389-The-Security-Impact-of-Putting-it-in-the-Cloud.html]]|Cloud Misc.|
|2012.02.12|Infosec Island|[[NIST Finalized Guidelines for Security in the Cloud|http://www.infosecisland.com/blogview/20183-NIST-Finalized-Guidelines-for-Security-in-the-Cloud.html]]|Cloud Misc.|
|2012.02.09|Infosec Island|[[Tips for Organizations Heading to the Cloud|http://www.infosecisland.com/blogview/19745-Tips-for-Organizations-Heading-to-the-Cloud.html]]|Cloud Misc.|
|2012.02.08|Infosec Island|[[Department of Justice Misdirection on Cloud Computing|http://www.infosecisland.com/blogview/19754-Department-of-Justice-Misdirection-on-Cloud-Computing.html]]|Cloud Misc.|
|2012.02.06|Infosec Island|[[Paper Clarifies PaaS for Federal IT Buyers|http://www.infosecisland.com/blogview/19779-Paper-Clarifies-PaaS-for-Federal-IT-Buyers.html]]|Cloud Misc.|
|2012.02.02|Infosec Island|[[Living in the Clouds: Master the Cloud Event - Toronto|http://www.infosecisland.com/blogview/19854-Living-in-the-Clouds-Master-the-Cloud-Event-Toronto.html]]|Cloud Misc.|
|2012.02.01|Infosec Island|[[Master the Cloud, Montréal - Notes from the Road Part 2|http://www.infosecisland.com/blogview/19851-Master-the-Cloud-Montral-Notes-from-the-Road-Part-2.html]]|Cloud Misc.|
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|2012.01.31|Infosec Island|[[Master the Cloud, Montréal: Notes from the Road...|http://www.infosecisland.com/blogview/19850-Master-the-Cloud-Montral-Notes-from-the-Road.html]]|Cloud Misc.|
|2012.01.16|Infosec Island|[[Data Loss Prevention Step 5: Disable Access to Cloud Storage Services|http://www.infosecisland.com/blogview/19375-Data-Loss-Prevention-Step-5-Disable-Access-to-Cloud-Storage-Services.html]]|Cloud Misc.|
|2012.01.14|Infosec Island|[[The Next Generation Search Engine Hacking Arsenal|http://www.infosecisland.com/blogview/18981-The-Next-Generation-Search-Engine-Hacking-Arsenal.html]]|Cloud Misc.|
|2012.01.10|Infosec Island|[[Standards, Audits, and Certifications: Which One is Right?|http://www.infosecisland.com/blogview/19296-Standards-Audits-and-Certifications-Which-One-is-Right.html]]|Cloud Misc.|
|>|!|>||
<<tiddler .ReplaceTiddlerTitle with: [[Veille Web - Année 2012]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Année 2012]]>>Pour 2012, aucun article n'est repris sur ce site pour le moment.
Consultez directement le blog sur le site original : https://blog.cloudsecurityalliance.org/
!!11ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La onzième réunion du [[Chapitre Français]] de la CSA se déroulera le 10 décembre 2012 à partir de 18h00 en présentiel et en audio/vidéo
* Lieu : I/% %/-/% %/-Tracing, Tour Chante Coq, 5 Rue Chante Coq, 12 ieme etage · Puteaux
Un numéro d'appel est mis en place pour les personnes à distance via +++^*[GoTo Meeting »] https://global.gotomeeting.com/join/584372317 ===
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
!!10ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La dixième réunion du [[Chapitre Français]] de la CSA se déroulera le 12 juin 2012 à partir de 18h00.
* Lieu : Devo/% %/team, 73 rue Anatole France, Levallois-Perret
* Métro : Anatole France a 400 mètres
* Parking : 2 rue Antonin Raynaud a 200 mètres
Ordre du jour :
* Organisation événement en Septembre
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
!!9ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La neuvième réunion du [[Chapitre Français]] de la CSA se déroulera le 15 mai 2012 à partir de 18h00.
* Lieu : Devo/% %/team, 73 rue Anatole France, Levallois-Perret
* Métro : Anatole France a 400 mètres
* Parking : 2 rue Antonin Raynaud a 200 mètres
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
!!8ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La huitième réunion du [[Chapitre Français]] de la CSA se déroulera le 15 mars 2012 à partir de 18h00.
* Lieu : Devo/% %/team, 73 rue Anatole France, Levallois-Perret
* Métro : Anatole France a 400 mètres
* Parking : 2 rue Antonin Raynaud a 200 mètres
Ordre du jour :
* Avancement groupes de travail
* Organisation événement en Septembre
* Point les nouveaux documents et actions de la Cloud Security Alliance
* Discussion au sujet de la portabilité et réversibilité
Un numéro d'appel est mis en place pour les personnes à distance.
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|2011.12.31|Infosec Island|[[Cybersecurity in Today's World|http://www.infosecisland.com/blogview/22826-Cybersecurity-in-Todays-World.html]]|Cloud Misc.|
|2011.12.28|Infosec Island|[[Data Center Complexity and Clarity Around Outages|http://www.infosecisland.com/blogview/18521-Data-Center-Complexity-and-Clarity-Around-Outages.html]]|Cloud Misc.|
|2011.12.27|Infosec Island|[[SSAE 16 "First to Fail"?|http://www.infosecisland.com/blogview/18997-SSAE-16-First-to-Fail.html]]|Cloud Misc.|
|2011.11.27|//IBM//|[[Top 5 Challenges to Cloud Computing|https://www.ibm.com/developerworks/community/blogs/sreek/entry/top_5_challenges_to_cloud_computing?lang=en]]|Risks|
|2011.12.20|Infosec Island|[[Fed CIO: Minimum Security Standards Set for Cloud Providers|http://www.infosecisland.com/blogview/18899-Fed-CIO-Minimum-Security-Standards-Set-for-Cloud-Providers.html]]|Cloud Misc.|
|2011.12.16|Infosec Island|[[Transparency in Cloud Services from the Security Perspective|http://www.infosecisland.com/blogview/18379-Transparency-in-Cloud-Services-from-the-Security-Perspective.html]]|Cloud Misc.|
|2011.12.14|Infosec Island|[[Three Things Experts Won't Tell You About Cloud Security|http://www.infosecisland.com/blogview/18639-Three-Things-Experts-Wont-Tell-You-About-Cloud-Security.html]]|Cloud Misc.|
|2011.12.13|Infosec Island|[[Case Study: A Cloud Security Assessment|http://www.infosecisland.com/blogview/18507-Case-Study-A-Cloud-Security-Assessment.html]]|Cloud Misc.|
|2011.12.12|Infosec Island|[[Closing the Gate Before the Horse Bolts - On Passwords for the Cloud|http://www.infosecisland.com/blogview/18522-Closing-the-Gate-Before-the-Horse-Bolts--On-Passwords-for-the-Cloud.html]]|Cloud Misc.|
|2011.12.06|Infosec Island|[[A Checklist for Customer Cloud Security|http://www.infosecisland.com/blogview/18524-A-Checklist-for-Customer-Cloud-Security.html]]|Cloud Misc.|
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2011.11.28|Infosec Island|[[Cloud Security - It's All About Partnership|http://www.infosecisland.com/blogview/17949-Cloud-Security--Its-All-About-Partnership.html]]|Cloud Misc.|
|2011.11.28|Infosec Island|[[GovCloud.com: New Hub for Government Cloud Computing |http://www.infosecisland.com/blogview/18267-GovCloudcom-New-Hub-for-Government-Cloud-Computing-.html]]|Cloud Misc.|
|2011.11.22|Infosec Island|[[The Cloud of Clouds: Amazon Web Services|http://www.infosecisland.com/blogview/17680-The-Cloud-of-Clouds-Amazon-Web-Services.html]]|Cloud Misc.|
|2011.11.13|Infosec Island|[[Flawed Analysis: On Clouds "Playing Nice"|http://www.infosecisland.com/blogview/17766-Flawed-Analysis-On-Clouds-Playing-Nice.html]]|Cloud Misc.|
|2011.11.10|Infosec Island|[[Is iCloud the Next Big Security Challenge?|http://www.infosecisland.com/blogview/18087-Is-iCloud-the-Next-Big-Security-Challenge.html]]|Cloud Misc.|
|2011.11.03|Infosec Island|[[NIST Releases Final Definition of Cloud Computing|http://www.infosecisland.com/blogview/17775-NIST-Releases-Final-Definition-of-Cloud-Computing.html]]|Cloud Misc.|
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2011.10.26|Infosec Island|[[Is Cloud Computing Secure?|http://www.infosecisland.com/blogview/17690-Is-Cloud-Computing-Secure.html]]|Cloud Misc.|
|2011.10.24|Infosec Island|[[The Economic Benefit of Cloud Computing|http://www.infosecisland.com/blogview/17130-The-Economic-Benefit-of-Cloud-Computing.html]]|Cloud Misc.|
|2011.10.18|Infosec Island|[[Federal Cloud Technology Roadmap to be Introduced|http://www.infosecisland.com/blogview/17466-Federal-Cloud-Technology-Roadmap-to-be-Introduced.html]]|Cloud Misc.|
|2011.10.18|SANS|[[Cloud Computing - Maze in the Haze|https://www.sans.org/reading-room/whitepapers/cloud/cloud-computing-maze-haze-33819]]|Analysis Misc.|
|2011.10.11|Infosec Island|[[How the Cloud Will Change Technology|http://www.infosecisland.com/blogview/16420-How-the-Cloud-Will-Change-Technology.html]]|Cloud Misc.|
|2011.10.09|Infosec Island|[[SOC 2 for Cloud Computing|http://www.infosecisland.com/blogview/17174-SOC-2-for-Cloud-Computing.html]]|Cloud Misc.|
|2011.10.06|US Government Accountability Office|GAO-12-130T: [[Additional Guidance Needed to Address Cloud Computing Concerns|https://www.gao.gov/products/GAO-12-130T]] ([[report|https://www.gao.gov/assets/590/585638.pdf]])|Guidance|
|2011.10.06|Infosec Island|[[Researchers Develop Enhanced Security for Cloud Computing|http://www.infosecisland.com/blogview/17106-Researchers-Develop-Enhanced-Security-for-Cloud-Computing.html]]|Cloud Misc.|
|2011.10.05|Infosec Island|[[Keys To Successful Cloud Application Deployment|http://www.infosecisland.com/blogview/16985-Keys-To-Successful-Cloud-Application-Deployment.html]]|Cloud Misc.|
|2011.10.04|Infosec Island|[[Cloud Computing Solutions in Federal Agencies part 4|http://www.infosecisland.com/blogview/16973-Cloud-Computing-Solutions-in-Federal-Agencies-part-4.html]]|Cloud Misc.|
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2011.09.28|Infosec Island|[[Security: Tip Toeing Through the Clouds|http://www.infosecisland.com/blogview/16275-Security-Tip-Toeing-Through-the-Clouds.html]]|Cloud Misc.|
|2011.09.27|Infosec Island|[[What to Look for in Cloud Security|http://www.infosecisland.com/blogview/16332-What-to-Look-for-in-Cloud-Security.html]]|Cloud Misc.|
|2011.09.27|Infosec Island|[[Cloud Computing Solutions in Federal Agencies part 3|http://www.infosecisland.com/blogview/16708-Cloud-Computing-Solutions-in-Federal-Agencies-part-3.html]]|Cloud Misc.|
|2011.09.23|CircleID|![[Cloud Is the New Mainframe|http://www.circleid.com/posts/cloud_is_the_new_mainframe/]] |Context|
|2011.09.22|Infosec Island|[[Cloud versus Local Storage Security|http://www.infosecisland.com/blogview/16682-Cloud-versus-Local-Storage-Security.html]]|Cloud Misc.|
|2011.09.21|Infosec Island|[[On Definitions - Keeping it Simple with OSSM|http://www.infosecisland.com/blogview/16285-On-Definitions--Keeping-it-Simple-with-OSSM.html]]|Cloud Misc.|
|2011.09.21|Journal of Medical Internet Research|[[Opportunities and Challenges of Cloud Computing to Improve Health Care Services|https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3222190/]]|HealthCare|
|2011.09.20|Infosec Island|[[Cloud Computing Solutions in Federal Agencies part 2|http://www.infosecisland.com/blogview/16519-Cloud-Computing-Solutions-in-Federal-Agencies-part-2.html]]|Cloud Misc.|
|2011.09.15|Infosec Island|[[Cloud Computing Challenges at Federal Agencies|http://www.infosecisland.com/blogview/16384-Cloud-Computing-Challenges-at-Federal-Agencies.html]]|Cloud Misc.|
|2011.09.15|Infosec Island|[[NIST Releases Secure Cloud Computing Guidelines|http://www.infosecisland.com/blogview/16479-NIST-Releases-Secure-Cloud-Computing-Guidelines.html]]|Cloud Misc.|
|2011.09.14|Infosec Island|[[The Perception Risks of Multi Language PaaS|http://www.infosecisland.com/blogview/16284-The-Perception-Risks-of-Multi-Language-PaaS.html]]|Cloud Misc.|
|2011.09.13|Infosec Island|[[SharePoint DLP: Don't Bring a Gun to a Knife Fight|http://www.infosecisland.com/blogview/16399-SharePoint-DLP-Dont-Bring-a-Gun-to-a-Knife-Fight.html]]|Cloud Misc.|
|2011.09.09|Infosec Island|[[A Bunch of Virtual Machines Does Not a Cloud Make|http://www.infosecisland.com/blogview/16277-A-Bunch-of-Virtual-Machines-Does-Not-a-Cloud-Make.html]]|Cloud Misc.|
|2011.09.08|Infosec Island|[[Taming the Cloud - Provisioning and Security|http://www.infosecisland.com/blogview/15870-Taming-the-Cloud-Provisioning-and-Security.html]]|Cloud Misc.|
|2011.09.01|Infosec Island|[[Vivek Kundra Makes the Case for Government Cloud|http://www.infosecisland.com/blogview/16241-Vivek-Kundra-Makes-the-Case-for-Government-Cloud.html]]|Cloud Misc.|
|!Août|!Sources|!Titres et Liens|!Keywords|
|2011.08.31|Infosec Island|[[FedPlatform.org Focuses on a Government PaaS|http://www.infosecisland.com/blogview/16143-FedPlatformorg-Focuses-on-a-Government-PaaS.html]]|Cloud Misc.|
|2011.08.30|Infosec Island|[[Cloudpocalypse - When the Cloud Eats Your Corporate IP|http://www.infosecisland.com/blogview/16018-Cloudpocalypse-When-the-Cloud-Eats-Your-Corporate-IP.html]]|Cloud Misc.|
|2011.08.26|Infosec Island|[[Four Cloud Trends on the CIOs Radar|http://www.infosecisland.com/blogview/15709-Four-Cloud-Trends-on-the-CIOs-Radar.html]]|Cloud Misc.|
|2011.08.23|Infosec Island|[[Microsoft and Amazon Outages - The Need for More Redundancy|http://www.infosecisland.com/blogview/15884-Microsoft-and-Amazon-Outages--The-Need-for-More-Redundancy.html]]|Cloud Misc.|
|2011.08.18|Infosec Island|[[Seven Areas of Concern With Cloud Security|http://www.infosecisland.com/blogview/15878-Seven-Areas-of-Concern-With-Cloud-Security.html]]|Cloud Misc.|
|2011.08.16|Infosec Island|[[The Great Cloud Blockage: 80/20|http://www.infosecisland.com/blogview/15700-The-Great-Cloud-Blockage-8020.html]]|Cloud Misc.|
|2011.08.13|Infosec Island|[[Hybrid Delivery: Corporate Applications and the Cloud|http://www.infosecisland.com/blogview/15690-Hybrid-Delivery-Corporate-Applications-and-the-Cloud.html]]|Cloud Misc.|
|2011.08.12|//Cisco//|[[Penetration Testing in the Cloud|https://blogs.cisco.com/security/penetration-testing-in-the-cloud]]|PenTesting|
|2011.08.09|Dark Reading|![[Cloud Security Certification Not So Simple|https://www.darkreading.com/risk/cloud-security-certification-not-so-simple/d/d-id/1136144]]|CCSK|
|2011.08.08|Infosec Island|[[Enterprise IT - Surprisingly Repetitive|http://www.infosecisland.com/blogview/15713-Enterprise-IT-Surprisingly-Repetitive.html]]|Cloud Misc.|
|2011.08.03|Infosec Island|[[Rolling Out the Cloud In Australasia|http://www.infosecisland.com/blogview/15448-Rolling-Out-the-Cloud-In-Australasia.html]]|Cloud Misc.|
|2011.08.03|Infosec Island|[[Software Security for the Cloud - Same Pig, Shiny Lipstick|http://www.infosecisland.com/blogview/15550-Software-Security-for-the-Cloud-Same-Pig-Shiny-Lipstick.html]]|Cloud Misc.|
|2011.08.02|Infosec Island|[[Informal Cloud Buyers - A Growing IT Problem|http://www.infosecisland.com/blogview/15280-Informal-Cloud-Buyers-A-Growing-IT-Problem.html]]|Cloud Misc.|
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|2011.07.27|Infosec Island|[[Cloud Computer Security Techniques and Tactics|http://www.infosecisland.com/blogview/15427-Cloud-Computer-Security-Techniques-and-Tactics.html]]|Cloud Misc.|
|2011.07.15|Infosec Island|[[The Cloud - Time for Some Serious Consideration|http://www.infosecisland.com/blogview/14755-The-Cloud-Time-for-Some-Serious-Consideration.html]]|Cloud Misc.|
|2011.07.13|Infosec Island|[[On Cloud Computing and Things Outside the US|http://www.infosecisland.com/blogview/14767-On-Cloud-Computing-and-Things-Outside-the-US.html]]|Cloud Misc.|
|2011.07.12|Infosec Island|[[Who You Gonna Call When You Lose Data in the Cloud?|http://www.infosecisland.com/blogview/14775-Who-You-Gonna-Call-When-You-Lose-Data-in-the-Cloud.html]]|Cloud Misc.|
|2011.07.07|Infosec Island|[[Three Things About Consumer Cloud Technology|http://www.infosecisland.com/blogview/14752-Three-Things-About-Consumer-Cloud-Technology.html]]|Cloud Misc.|
|2011.07.06|Infosec Island|[[Evaluating the Cloud-Based Services Option Part II|http://www.infosecisland.com/blogview/14773-Evaluating-the-Cloud-Based-Services-Option-Part-II.html]]|Cloud Misc.|
|2011.07.03|Infosec Island|[[Server Security in the Cloud|http://www.infosecisland.com/blogview/14891-Server-Security-in-the-Cloud.html]]|Cloud Misc.|
|!Juin|!Sources|!Titres et Liens|!Keywords|
|2011.06.28|Infosec Island|[[Hey You, Get Off of the iCloud|http://www.infosecisland.com/blogview/14825-Hey-You-Get-Off-of-the-iCloud.html]]|Cloud Misc.|
|2011.06.27|InfoWorld|[[The 10 worst cloud outages (and what we can learn from them)|https://www.infoworld.com/article/2622201/the-10-worst-cloud-outages--and-what-we-can-learn-from-them-.html]]|Outages|
|2011.06.23|Infosec Island|[[Public Cloud/Private Cloud - A Redux|http://www.infosecisland.com/blogview/14205-Public-CloudPrivate-Cloud--A-Redux.html]]|Cloud Misc.|
|2011.06.16|Infosec Island|[[Cloud Computing, Security, and You|http://www.infosecisland.com/blogview/13899-Cloud-Computing-Security-and-You.html]]|Cloud Misc.|
|2011.06.15|Infosec Island|[[HIPAA Compliance and Cloud Security|http://www.infosecisland.com/blogview/14328-HIPAA-Compliance-and-Cloud-Security.html]]|Cloud Misc.|
|2011.06.08|Infosec Island|[[Application Software in the Cloud - Power to the People|http://www.infosecisland.com/blogview/14187-Application-Software-in-the-Cloud--Power-to-the-People.html]]|Cloud Misc.|
|2011.06.06|Infosec Island|[[Evaluating the Cloud-Based Services Option|http://www.infosecisland.com/blogview/13907-Evaluating-the-Cloud-Based-Services-Option.html]]|Cloud Misc.|
|2011.06.02|Infosec Island|[[Game Over: Cloud Computing and the Sony Breach|http://www.infosecisland.com/blogview/14081-Game-Over-Cloud-Computing-and-the-Sony-Breach.html]]|Cloud Misc.|
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2011.05.25|Digi.Ninja|[[Analysing Amazon's Buckets|https://digi.ninja/blog/analysing_amazons_buckets.php]]|AWS|
|2011.05.20|Infosec Island|[[WAN Optimization and Catalysts for Cloud Deployment|http://www.infosecisland.com/blogview/13753-WAN-Optimization-and-Catalysts-for-Cloud-Deployment.html]]|Cloud Misc.|
|2011.05.19|Infosec Island|[[Ponemon Study: Cloud Providers and Confidential Info|http://www.infosecisland.com/blogview/13759-Ponemon-Study-Cloud-Providers-and-Confidential-Info.html]]|Cloud Misc.|
|2011.05.17|Infosec Island|[[NIST Releases Draft of Cloud Computing Synopsis|http://www.infosecisland.com/blogview/13831-NIST-Releases-Draft-of-Cloud-Computing-Synopsis.html]]|Cloud Misc.|
|2011.05.09|Infosec Island|[[Why My Head Is In the Cloud|http://www.infosecisland.com/blogview/13087-Why-My-Head-Is-In-the-Cloud.html]]|Cloud Misc.|
|2011.05.02|Infosec Island|[[The Amazon Outage is OK? Well, Kind Of...|http://www.infosecisland.com/blogview/13421-The-Amazon-Outage-is-OK-Well-Kind-Of.html]]|Cloud Misc.|
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2011.04.27|World Economic Forum|[[Advancing Cloud Computing: What To Do Now?|https://www.weforum.org/reports/advancing-cloud-computing-what-do-now]] ([[rapport|http://www3.weforum.org/docs/WEF_IT_AdvancedCloudComputing_Report_2011.pdf]])|Report WEF|
|2011.05.23|ENISA| → [[Final World Economic Forum report on Cloud Computing with Agency input launched|https://www.enisa.europa.eu/news/enisa-news/final-world-economic-forum-report-on-cloud-computing-with-agency-input-launched]]|Report WEF|
|2011.04.26|Infosec Island|[[Washington DC Leads Cloud Trend Despite Security Concerns|http://www.infosecisland.com/blogview/13331-Washington-DC-Leads-Cloud-Trend-Despite-Security-Concerns.html]]|Cloud Misc.|
|2011.04.17|Infosec Island|[[Forklifting Apps to the Cloud - Realistic or Not?|http://www.infosecisland.com/blogview/13074-Forklifting-Apps-to-the-Cloud--Realistic-or-Not.html]]|Cloud Misc.|
|2011.04.12|Infosec Island|[[Microsoft Slams Google Over FISMA Certification Claims|http://www.infosecisland.com/blogview/12943-Microsoft-Slams-Google-Over-FISMA-Certification-Claims.html]]|Cloud Misc.|
|2011.04.08|Infosec Island|[[Epsilon Breach Deals Another Blow to Cloud Security|http://www.infosecisland.com/blogview/12814-Epsilon-Breach-Deals-Another-Blow-to-Cloud-Security.html]]|Cloud Misc.|
|2011.04.05|Infosec Island|[[Commodity Clouds for Enterprise: Inside the Economics|http://www.infosecisland.com/blogview/12774-Commodity-Clouds-for-Enterprise-Inside-the-Economics.html]]|Cloud Misc.|
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2011.03.23|Infosec Island|[[Cloud in the Enterprise is Far from a Reality|http://www.infosecisland.com/blogview/12641-Cloud-in-the-Enterprise-is-Far-from-a-Reality.html]]|Cloud Misc.|
|2011.03.14|Infosec Island|[[Federal Cyber Security and Trusting the Cloud|http://www.infosecisland.com/blogview/12523-Federal-Cyber-Security-and-Trusting-the-Cloud.html]]|Cloud Misc.|
|2011.03.12|Infosec Island|[[TechAmerica and INSA Form Cloud Advisory Groups |http://www.infosecisland.com/blogview/12489-TechAmerica-and-INSA-Form-Cloud-Advisory-Groups-.html]]|Cloud Misc.|
|2011.03.10|Infosec Island|[[Moving Your Data to the Cloud - Sense and Sensibility|http://www.infosecisland.com/blogview/12149-Moving-Your-Data-to-the-Cloud--Sense-and-Sensibility.html]]|Cloud Misc.|
|2011.03.09|Infosec Island|[[SMBs, the Cloud and Disaster Recovery|http://www.infosecisland.com/blogview/12367-SMBs-the-Cloud-and-Disaster-Recovery.html]]|Cloud Misc.|
|2011.03.09|Infosec Island|[[Is Oracle Playing Nice With Java and MySQL?|http://www.infosecisland.com/blogview/12442-Is-Oracle-Playing-Nice-With-Java-and-MySQL.html]]|Cloud Misc.|
|2011.03.07|Infosec Island|[[On Cloud Logging Standards and Unique IDs|http://www.infosecisland.com/blogview/12361-On-Cloud-Logging-Standards-and-Unique-IDs.html]]|Cloud Misc.|
|2011.03.03|Infosec Island|[[Cloud Standards - The Great Debate|http://www.infosecisland.com/blogview/11967-Cloud-Standards-The-Great-Debate.html]]|Cloud Misc.|
|2011.03.01|SANS|[[Following Incidents into the Cloud|https://www.sans.org/reading-room/whitepapers/cloud/incidents-cloud-33619]]|Analysis Misc.|
|!Février|!Sources|!Titres et Liens|!Keywords|
|2011.02.28|Infosec Island|[[Gmail Data Vanishes Into the Cloud|http://www.infosecisland.com/blogview/12162-Gmail-Data-Vanishes-Into-the-Cloud.html]]|Cloud Misc.|
|2011.02.20|Infosec Island|[[Federal Cloud Computing Strategy Officially Launched|http://www.infosecisland.com/blogview/11950-Federal-Cloud-Computing-Strategy-Officially-Launched.html]]|Cloud Misc.|
|2011.02.12|Infosec Island|[[The True State of Next-Generation Data Centers|http://www.infosecisland.com/blogview/11600-The-True-State-of-Next-Generation-Data-Centers.html]]|Cloud Misc.|
|2011.02.05|Infosec Island|[[How the Cloud Can Lock You In|http://www.infosecisland.com/blogview/11444-How-the-Cloud-Can-Lock-You-In.html]]|Cloud Misc.|
|!Janvier|!Sources|!Titres et Liens|!Keywords|
|2011.01.28|Infosec Island|[[Securing Web Services in the Cloud|http://www.infosecisland.com/blogview/11274-Securing-Web-Services-in-the-Cloud.html]]|Cloud Misc.|
|2011.01.27|Infosec Island|[[Global GovCloud and the Virtual Environment|http://www.infosecisland.com/blogview/11273-Global-GovCloud-and-the-Virtual-Environment.html]]|Cloud Misc.|
|2011.01.27|Infosec Island|[[Why the Cloud is a Security Nightmare|http://www.infosecisland.com/blogview/11281-Why-the-Cloud-is-a-Security-Nightmare.html]]|Cloud Misc.|
|2011.01.21|Infosec Island|[[The Public Cloud versus the Private Cloud|http://www.infosecisland.com/blogview/11030-The-Public-Cloud-versus-the-Private-Cloud.html]]|Cloud Misc.|
|2011.01.20|Infosec Island|[[Bohu Trojan is Designed to Disable Cloud Antivirus|http://www.infosecisland.com/blogview/11144-Bohu-Trojan-is-Designed-to-Disable-Cloud-Antivirus.html]]|Cloud Misc.|
|2011.01.19|Infosec Island|[[Securing Web Services in the Cloud|http://www.infosecisland.com/blogview/11014-Securing-Web-Services-in-the-Cloud.html]]|Cloud Misc.|
|2011.01.16|Infosec Island|[[Today's Nonsense - The Cloud as a Government Plot|http://www.infosecisland.com/blogview/11035-Todays-Nonsense--The-Cloud-as-a-Government-Plot.html]]|Cloud Misc.|
|2011.01.10|Infosec Island|[[NIST Launches Cloud Computing Collaboration Twiki|http://www.infosecisland.com/blogview/10787-NIST-Launches-Cloud-Computing-Collaboration-Twiki.html]]|Cloud Misc.|
|2011.01.06|Infosec Island|[[Realizing the Potential of Virtualization|http://www.infosecisland.com/blogview/10644-Realizing-the-Potential-of-Virtualization.html]]|Cloud Misc.|
|2011.01.02|Infosec Island|[[GovCloud Predictions for 2011|http://www.infosecisland.com/blogview/10648-GovCloud-Predictions-for-2011.html]]|Cloud Misc.|
|>|!|>||
<<tiddler .ReplaceTiddlerTitle with: [[Veille Web - Année 2011]]>>
<<tiddler .ReplaceTiddlerTitle with: [[Blog - Année 2011]]>>Pour 2011, aucun article n'est repris sur ce site pour le moment.
Consultez directement le blog sur le site original : https://blog.cloudsecurityalliance.org/
<<forEachTiddler
where 'tiddler.tags.containsAny(["FRmeet"])'
sortBy 'tiddler.title' descending
write '(index < 10) ? "|"+(index+1)+"|[["+tiddler.title+"]]|\n" : ""' begin '"|>|!Réunions : Annonces et Compte-Rendus|\n"' end '' none ''>>
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201111>>
!!7ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La septième réunion du [[Chapitre Français]] de la CSA se déroulera le 21 novembre 2011 à partir de 18h00.
* Lieu : Devo/% %/team, 73 rue Anatole France, Levallois-Perret
* Métro : Anatole France a 400 mètres
* Parking : 2 rue Antonin Raynaud a 200 mètres
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201110>>
!!6ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La sixième réunion du [[Chapitre Français]] de la CSA se déroulera le 19 octobre 2011 à partir de 18h00.
* Lieu : Devo/% %/team, 73 rue Anatole France, Levallois-Perret
* Métro : Anatole France a 400 mètres
* Parking : 2 rue Antonin Raynaud a 200 mètres
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201109>>
!!5ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La cinquième réunion du [[Chapitre Français]] de la CSA se déroulera le 15 septembre 2011 à partir de 18h00.
* Lieu : Devo/% %/team, 73 rue Anatole France, Levallois-Perret
* Métro : Anatole France a 400 mètres
* Parking : 2 rue Antonin Raynaud a 200 mètres
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201106>>
!!4ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La quatrième réunion du [[Chapitre Français]] de la CSA se déroulera le 6 juin 2011 à partir de 18h00.
* Lieu : Devo/% %/team, 73 rue Anatole France, Levallois-Perret
* Métro : Anatole France a 400 mètres
* Parking : 2 rue Antonin Raynaud a 200 mètres
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201105>>
!!3ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La troisième réunion du [[Chapitre Français]] de la CSA est reportée du 11 avril au 9 mai 2011 à partir de 17h30.
* Lieu : Devo/% %/team, 73 rue Anatole France, Levallois-Perret
* Métro : Anatole France a 400 mètres
* Parking : 2 rue Antonin Raynaud a 200 mètres
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201103>>
!!2ème réunion CSA-FR
[>img(100px,auto)[iCSA/logoCSAFR.png]]La deuxième réunion du [[Chapitre Français]] de la CSA se déroulera le 3 mars 2011 à partir de 17h30.
* Lieu : Devo/% %/team, 73 rue Anatole France, Levallois-Perret
* Métro : Anatole France a 400 mètres
* Parking : 2 rue Antonin Raynaud a 200 mètres
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Inscription obligatoire sur [[Meetup|https://www.meetup.com/CSA-France/]].
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201102>>
[>img[iCSF/In.png][http://www.linkedin.com/groupRegistration?gid=3758242]]19.02.2011 : Notre groupe LinkedIn compte maintenant ''55'' inscrits.
Faites passer le message autour de vous !
Cliquez [[ici|http://www.linkedin.com/groupRegistration?gid=3758242]] ou sur le logo
----
[>img(128px,auto)[iCSA/logoCSAFR.png]]13.02.2011 : La deuxième réunion du chapitre Français de la ''Cloud Security Alliance'' se déroulera le ''3 Mars 2011'' dans les locaux de la société ''DEVOTEAM''.
Pour plus de détails, cliquez [[ici|Réunion Cloud Security Alliance France #02 Annonce]]
----
01.02.2011 : Nouveau groupe de travail "''Security as a Service''" au sein de la ''Cloud Security Alliance''
Plus d'informations [[ici|2011.02.12 - Actu : Nouveau Groupe de Travail CSA: 'Cloud as a Service']]
----
28.01.2011 : Le ''NIST'' américain a publié le draft SP 800-144 "Guidelines on Security and Privacy in Public Cloud Computing" : "//it provides an overview of the security and privacy challenges for public cloud computing and gives recommendations that organizations should consider when outsourcing data, applications, and infrastructure to a public cloud environment//".
__Source:__ [[NIST (pdf)|http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf]]
----
28.01.2011 : Le ''NIST'' américain a publié le draft SP 800-145 "A NIST Definition of Cloud Computing" : "//it restates the existing NIST cloud computing definition as a formal NIST publication//.
__Source:__ [[NIST (pdf)|http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf]]
----
27.01.2011 : ''Orange Busines Services'' rejoint la ''Cloud Security Alliance'' en tant que "Membre Corporate"
__Source:__ [[Orange Business Services|http://www.orange-business.com/mnc/press/press_releases/2011/cloud-security-alliance.html]]
----
20.01.2011 : Mise à disposition de l'analyse du ''Gartner'' "Three Styles of Securing Public and Private Clouds" par John Pescatore (publié en Juillet 2010).
"//Enterprises that are moving toward private or public cloud computing will face new security challenges due to the inherent risks involved in multi-tenancy and outsourcing data. In this paper, John Pescatore of Gartner discusses three different methods for properly securing public and private clouds. He suggests that the responsibility of security lies partially with the vendors through built-in security in the cloud infrastructure and partially with the enterprise through IT security management controls.//"
__Source:__ [[Cloud Commons|http://www.cloudcommons.com/c/document_library/get_file?uuid=302618b7-da3d-44e3-b775-5f095deee208&groupId=10322]]
----
[>img(128px,auto)[iCSA/logoCSAFR.png]]20.01.2011 : La première réunion du chapitre Français de la ''Cloud Security Alliance'' s'est déroulée le 20 Janvier 2011 dans les locaux de la société ''DEVOTEAM''.
Il y avait une quinzaine de participants. Le compte-rendu est publié [[ici|Réunion Cloud Security Alliance France #01 Compte-Rendu]]
----
17.01.2011 : L'''ENISA'' a publié un rapport intitulé "Security and Resilience in Governmental Clouds".
L'ENISA (European Network and Information Security Agency) a mis en exergue les guide et référentiels de déploiement, les risques et les bénéfices liés au Cloud pour les états membres de la Communauté Européenne lorsque cette technologie est appliquée aux administrations publiques, au domanie de la santé, et des infrastructures gouvernementales
__Source:__ [[ENISA|http://www.enisa.europa.eu/act/rm/emerging-and-future-risk/deliverables/security-and-resilience-in-governmental-clouds/at_download/fullReport]]
----
!Actualités au 20 Février 2011
!!Revue de presse en anglais
* 17.02: "//Is Cloud Computing Secure?//" ^^(source : [[Cloud Computing Journal|http://cloudcomputing.sys-con.com/node/1718314/print]])^^
* 17.02: "//Cloud security advances not yet on IT radar//" ^^(source : [[searchCloudComputing.com|http://searchcloudcomputing.techtarget.com/news/2240032220/Cloud-security-advances-not-yet-on-IT-radar?vgnextfmt=print]])^^
* 15.02: "//What's missing from cloud security//" ^^(source : [[Government Computer News|http://gcn.com/Articles/2011/02/15/RSA-2-Cloud-Security.aspx?p=1]])^^
* 10.02: "//Vendors Tap Into Cloud Security Concerns with New Encryption Tools//" ^^(source : [[CIO.com|http://www.cio.com/article/print/663515]])^^
* 03.02: "//Weighing the cloud computing standards dilemma//" ^^(source : [[searchCIO.com|http://searchcloudcomputing.techtarget.com/feature/Weighing-the-cloud-computing-standards-dilemma?vgnextfmt=print]])^^
* 02.02: "//Advice for dealing with the top 10 risks in public cloud computing//" ^^(source : [[searchCIO.com|http://searchcio.techtarget.com/news/2240031598/Advice-for-dealing-with-the-top-10-risks-in-public-cloud-computing?vgnextfmt=print]])^^
* 01.02: "//4 reasons the cloud is safer than you thought//" ^^(source : [[Government Computer News|http://gcn.com/Articles/2011/01/31/cloud-security.aspx?p=1]])^^
!!NIST
* 16.02: Mise à jour du Wiki du NIST Cloud Computing Security Working Group (//NCC-SWG//) avec les documents de la réunion du 9 Février ^^(source : [[NIST|http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/CloudSecurity]])^^
!!Revue de blogs en anglais
* 13.02 : "Encryption in the Cloud" et "Compliance in the Cloud" ^^(source : wrLapinsky Corporation [[chiffrement|http://wrlapinsky.wordpress.com/2011/02/13/encryption-in-the-cloud/]] et [[conformité|http://wrlapinsky.wordpress.com/2011/01/16/compliance-in-the-cloud/]])^^
* 10.02 : "Tackling the Cloud Security Question: Core Security's Viewpoint" ^^(source : [[Core Technologies|http://blog.coresecurity.com/2011/02/10/tackling-the-cloud-security-question-core-security%E2%80%99s-viewpoint/]])^^
!!Revue de presse en anglais
* 10.02 : "A New Twist on the Cloud Security Issue" ^^(source : [[Secure Cloud Review|http://securecloudreview.com/2011/02/a-new-twist-on-the-cloud-security-issue/]])^^
* 10.02 : "Vendors Tap Into Cloud Security Concerns With New Encryption Tools" ^^(source : [[PC World|http://www.pcworld.com/printable/article/id,219275/printable.html]])^^
* 31.01: "SaaS, PaaS, and IaaS: A security checklist for cloud models" ^^(source : [[CSO Online|http://www.csoonline.com/article/print/660065]])^^
* 26.01: "How Secure is that Cloud Vendor?" ^^(source : [[CIO Online|http://www.cio.com/article/print/658213]] et [[2eme partie|http://www.cio.com/article/print/661013]])^^
* 26.01: "Cloud Printers Rain On Security Parade" ^^(source : [[PC World|http://www.pcworld.com/businesscenter/article/217825/cloud_printers_rain_on_security_parade.html]])^^
* 26.01: "Cloud Security: Ten Questions to Ask Before You Jump In" ^^(source : [[CIO Online|http://www.cio.com/article/print/524214]])^^
!!Cloud Security Alliance
* 01.02 : "Extend the Enterprise into the Cloud with Single Sign-On to Cloud-Based services" ^^(source : [[blog du CSA|http://blog.cloudsecurityalliance.org/2011/02/01/extend-the-enterprise-into-the-cloud-with-single-sign-on-to-cloud-based-services/]])^^
* 07.02 : "Sure the Cloud's Insecure; it's Like Everything Else" ^^(source : [[CIO Online|http://www.cio.com/article/print/662603]])^^
!!Gartner
* 20.01 : "Three Styles of Securing Public and Private Clouds" par John Pescatore (publié en Juillet 2010). "//Enterprises that are moving toward private or public cloud computing will face new security challenges due to the inherent risks involved in multi-tenancy and outsourcing data. In this paper, John Pescatore of Gartner discusses three different methods for properly securing public and private clouds. He suggests that the responsibility of security lies partially with the vendors through built-in security in the cloud infrastructure and partially with the enterprise through IT security management controls.//"<br>^^(source : [[Cloud Commons|http://www.cloudcommons.com/c/document_library/get_file?uuid=302618b7-da3d-44e3-b775-5f095deee208&groupId=10322]])^^
!!Europe
* 11.02 : "Cloud computing: A legal maze for Europe" ^^(source : [[EurActiv|http://www.euractiv.com/en/infosociety/cloud-computing-opportunity-legal-maze-linksdossier-502073]])^^
|>|>| La date de la deuxième réunion du Chapitre français de la //Cloud Security Alliance// est maintenant fixée |
|>|>| !<br>@@color:#014;font-size:12pt;le ''jeudi 3 mars 2011'' à partir de 17h30@@<br> |
|>|Lieu |Une annexe des locaux de la société DEVOTEAM à Levallois-Perret |
|>|Adresse |__''@@color:#014;font-size:10pt;86@@''__ rue Anatole France, 92300 Levallois-Perret (plan sur [[Mappy|http://fr.mappy.com/#d=86,+Rue+Anatole+France,+92300,+Levallois-Perret,+Ile-de-France,+France&p=map]] et sur [[GoogleMaps|http://maps.google.com/maps?&cid=12257688209775101729&iwloc=A&ved=0CBoQpQY&sa=X&ei=EUU2TbCyJIfOjAev2OneAw]]) |
|>|Métro |Station ''Anatole France'' sur la ((ligne 3(^Gallieni -- Pont de Levallois - Bécon))), à 200 mètres |
|>|Parking |Parking Antonin Raynaud, 2 rue Antonin Raynaud à 200 mètres (détails sur le site de [[Levaparc|http://www.levaparc.fr/parc-raynaud.php]]) |
|>|>| ! |
|>|>| Pour des raisons logistiques, merci de vous inscrire en vous connectant sur ''MeetUp'' [[www.meetup.com/CSA-France|http://www.meetup.com/CSA-France]] |
|>|>|!Proposition d'ordre du jour |
|1|>|''Constitution d'un Bureau'' |
|2|>|''Constitution de groupes de travail'' |
|~| » |Exemples : traduction, conformité, réversibilité, communication |
|3|>|''Présentation détaillée des différents documents de la //Cloud Security Alliance//'' |
|4|>|''Communication'' |
|~| » |Discussion sur le Mission Statement, et communiqué de presse |
|~| » |Retour sur les premières actions de communications |
|5|>|''Le point sur les activités de la //Cloud Security Alliance//'' |
|~| » |Débriefing de ce qui s'est passé à la conférence du //Cloud Security Alliance// le 14 Février à San Francisco |
|~| » |Point sur quelques groupes de travail existants de la //Cloud Security Alliance// |
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
!Actualités, Blog, Publications et Veille "Sécurité du Cloud"
<<tiddler fAll2LiTabs13end with: 201101>>
!!Cloud Security Alliance
* 24.01 : Le Chapitre Français de la Cloud Security Alliance dispose maintenant d'un groupe sur LinkedIn. Pour le rejoindre, connectez vous avec votre compte sur LinkedIn : cliquez [[ici|http://www.linkedin.com/groupRegistration?gid=3758242]]
* 27.01 : ''Orange Busines Services'' rejoint la ''Cloud Security Alliance'' en tant que "Membre Corporate"<br>^^(source : [[Orange Business Services|http://www.orange-business.com/mnc/press/press_releases/2011/cloud-security-alliance.html]])^^
!!NIST
* 28.01 : Le ''NIST'' américain vient de publier deux drafts. Les commentaires sont attendus jusqu'au 28 février 2011
* DRAFT SP 800-144 "Guidelines on Security and Privacy in Public Cloud Computing" : "//it provides an overview of the security and privacy challenges for public cloud computing and gives recommendations that organizations should consider when outsourcing data, applications, and infrastructure to a public cloud environment//".<br>^^(source : [[NIST (pdf)|http://csrc.nist.gov/publications/drafts/800-144/Draft-SP-800-144_cloud-computing.pdf]])^^
* DRAFT SP 800-145 "A NIST Definition of Cloud Computing" : "//it restates the existing NIST cloud computing definition as a formal NIST publication//.<br>^^(source : [[NIST (pdf)|http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf]])^^
!!Attaques
* 18.01 : L'équipe du ''Malware Protection Center'' de ''Microsoft'' a découvert un malware appelé ''Bohu''. Il embarque des moyens de contre-mesures contre des antivirus effectuant qui effectuent certains de leurs traitements à distance, typiquement dans une infrastructure de cloud computing.<br>^^(source: [[Microsoft|http://blogs.technet.com/b/mmpc/archive/2011/01/19/bohu-takes-aim-at-the-cloud.aspx]] et [[CNIS-Mag|http://www.cnis-mag.com/bohu-premier-virus-cloud-officiel.html]])^^
!!Europe
* 17.01 : L'''ENISA'' a publié un rapport intitulé "Security and Resilience in Governmental Clouds" ^^(source : [[ENISA|http://www.enisa.europa.eu/act/rm/emerging-and-future-risk/deliverables/security-and-resilience-in-governmental-clouds/at_download/fullReport]])^^
|wideTable|k
|>| Texte original : http://www.cloudsecurityalliance.org/secaas.html |
|!Français |!English |
|<<tiddler "2011.02.12 - Security as a Service (Français)">> |<<tiddler "2011.02.12 - Security as a Service (English)">> |
|>|!|
!!Security as a Service
The mission statement of the Cloud Security Alliance is "//... a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.//" In order to provide greater focus on the second part of our mission statement, the CSA is embarking on a new research project to provide greater clarity on the area of Security as a Service. A whitepaper will be produced as a result of this research, which will also be considered to be a candidate new domain for version 3 of the [[CSA guidance|http://www.cloudsecurityalliance.org/guidance.html]].
Numerous security vendors are now leveraging cloud based models to deliver security solutions. This shift has occurred for a variety of reasons including greater economies of scale and streamlined delivery mechanisms. Regardless of the motivations for offering such services, consumers are now faced with evaluating security solutions which do not run on premises. Consumers need to understand the unique nature of cloud delivered security offerings so that they are in a position to evaluate the offerings and to understand if they will meet their needs.
The purpose of this research will be to identify consensus definitions of what Security as a Service means, to categorize the different types of Security as a Service and to provide guidance to organizations on reasonable implementation practices. Other research purposes will be identified by the working group. A progress report on this research will be presented at the [[CSA Summit at the RSA Conference|http://www.cloudsecurityalliance.org/rsa2011.html]] on February 14, 2011.
Click [[here|mailto:info@cloudsecurityalliance.org?subject=Group 9: Security as a Service"]] to join this working group.
!!Security as a Service
La lettre de mission de la ''Cloud Security Alliance'' la décrit comme devant être "//... une organisation à but non lucratif formée pour promouvoir le respect des meilleures pratiques pour offrir un bon niveau de sécurité dans le Cloud Computing, et pour offrir de la formation sur l'utilisation du Cloud Computing pour aider à sécuriser toutes les autres formes de l'informatique.//" Afin de mettre davantage l'accent sur la deuxième partie de cet énoncé de mission, le ''CSA'' se lance dans un nouveau projet de recherche pour apporter des précisions sur le domaine de la sécurité en tant que service. Un livre blanc sera produit à la suite de ce projet, qui sera également considérée comme un domaine nouveau candidat pour la version 3 du document de gouvernance de la CSA.
De nombreux éditeurs de sécurité profitent maintenant des modèles d'//informatique en nuage// pour fournir des solutions de sécurité. Ce changement a pour origine pour diverses raisons, notamment de rechercher de plus grandes économies d'échelle et de rationaliser les mécanismes des prestations. Quelques soient les motivations pour offrir de tels services, les utilisateurs sont aujourd'hui confrontés à l'évaluation de solutions de sécurité qui ne fonctionnent pas en local. Les utilisateurs ont besoin de comprendre la nature unique des offres de sécurité dans le nuage, afin qu'ils soient en mesure d'évaluer les offres et de comprendre si elles répondent à leurs besoins.
Le but de ce projet de recherche sera d'identifier des définitions consensuelles de ce que "''Security as a Service''" signifie, de catégoriser les différents types de "''Security as a Service''" et de fournir des orientations aux organisations sur des pratiques raisonnables d'implémentation. D'autres objectifs seront identifiés par le groupe de travail. Un rapport d'étape de ce projet de recherche sera présenté lors de la ''Conférence de la CSA'' à la Conférence RSA du 14 Février 2011.
Cliquez [[ici|mailto:info@cloudsecurityalliance.org?subject=Group 9: Security as a Service"]] pour participer à ce groupe de travail.
!!1ère réunion CSA-FR[>img(100px,auto)[iCSA/logoCSAFR.png]]
__Objectifs :__
# Présenter la "Cloud Security Alliance" (CSA)
# Préparer la constitution du "Chapitre Français de la Cloud Security Alliance" (CSA-FR)
!!Contexte
* La réunion s'est tenue le jeudi 20 Janvier 2011 de 17h30 à 19h30 dans les locaux de la société Devoteam à Levallois-Perret à l'initiative de Pierre Vacherand (société Apalia) et Olivier Caleff (société Devoteam)
* Une quinzaine de personnes représentant une douzaine de sociétés étaient présentes.
!!Ordre du jour
# Tour de table
# Présentation d'introduction du contexte CSA et de l'expérience du Chapitre californien de la CSA, par Pierre Apalia ([[format PDF|docs/CSA-FR-20110120-PierreVacherand.pdf]])
# Présentation d'introduction de corpus documentaires (CSA et autres) sur la sécurité du Cloud Computing, par Olivier Caleff ([[format PDF|docs/CSA-FR-20110120-OlivierCaleff.pdf]])
# Discussion ouverte
!!Synthèse des points abordés :
# Mission et objectifs du CSA-FR : définir le "Mission Statement"
# Organisation
** constituer un groupe d'au moins 20 personnes nommées pour être référencé auprès de la CSA et pouvoir créer un Chapitre Français
** constituer ensuite un Bureau pour le CSA-FR
** constituer des groupes de travail sur les différentes problématiques
** intégrer la composante juridique dansun groupe de travail
# Terminologie et traduction
** disposer d'un vocabulaire cohérent
** traduire certains documents de la CSA en français
# Communication
** mener des actions pour diffuser et évangéliser autour de la notion de la sécurité du Cloud Computing
** mettre en avant des retours d'expérience
** établir des relations avec des journalistes et des groupes de travail similaires autour du Cloud Computing et de la Sécurité
** participer à des tout type d'événements ou de conférences
# Spécificités françaises à prendre en considération
** la conformité et la protection des données, notamment avec les aspects liés à la CNIL, la localisation et la proximité des données
** la notion de réversibilité, similaire aux problématiques de l'externalisation/outsourcing
# Certification : les certifications actuelles (CCSK pour les personnes) et futures (pour les entreprises, les fournisseurs, les intégrateurs, ...)
# Moyens du CSA-FR sur Internet
** un site Web : http://www.cloudsecurityalliance.fr
** un email générique : info@cloudsecurityalliance.fr
** un flux RSS associé : http://www.cloudsecurityalliance.fr/index.xml
** un compte MeetUp pour organiser les réunions : http://www.meetup.com/CSA-France
** un groupe LinkedIn : http://www.linkedin.com/groupRegistration?gid=3758242
!!Prochaine réunion
La prochaine réunion aura lieu le jeudi 3 Mars 2011 à partir de 17h30
La première réunion du Chapitre français de la Cloud Security Alliance aura lieu :
|>| !<br>@@color:#014;font-size:12pt;le ''jeudi 20 janvier 2011 à partir de 17h30''@@<br> |
|Lieu |Une annexe des locaux de la société DEVOTEAM à Levallois-Perret |
|Adresse |113 rue Anatole France, 92300 Levallois-Perret (plan sur [[Mappy|http://fr.mappy.com/#d=113,+Rue+Anatole+France,+92300,+Levallois-Perret,+Ile-de-France,+France&p=map]] et sur [[GoogleMaps|http://maps.google.com/maps?&cid=12257688209775101729&iwloc=A&ved=0CBoQpQY&sa=X&ei=EUU2TbCyJIfOjAev2OneAw]]) |
|Métro |Station "''Anatole France''" sur la ((ligne 3(^Gallieni -- Pont de Levallois - Bécon))), à 400 mètres |
|Parking |2 rue Antonin Raynaud à 200 mètres (détails sur le site de [[Levaparc|http://www.levaparc.fr/parcs.php]]) |
|>| ! |
|>| Pour des questions logistiques, il est recommandé de s'inscrire en se connectant sur<br>''MeetUp'' : [[www.meetup.com/CSA-France|http://www.meetup.com/CSA-France]] |
Les objectifs de cette première réunion sont :
# de présenter les travaux et documents existants de la //Cloud Security Alliance//
# d'expliquer le mode de fonctionnement du Chapitre Français de la //Cloud Security Alliance//
# de réfléchir collectivement aux axes de recherches que nous pourrions conduire pour tenir compte des spécificités françaises.
Organisateurs : ''Pierre Vacherand'' et ''Olivier Caleff''
Le Chapitre Français de la //Cloud Security Alliance// est une association formée pour faire la promotion des meilleures pratiques de sécurité au sein des infrastructures Cloud Computing.
Il se chargera notamment :
* d'adapter certains documents de la //Cloud Security Alliance// aux spécificités françaises (notamment réglementaires)
* de favoriser les meilleures pratiques de sécurité auprès des fournisseurs de Cloud Public français et au sein des Entreprises qui batissent des Clouds Privés
* de publier de nouvelles recommandations de sécurité relatives au Cloud Computing
Pour tout renseignement, contactez nous à l'adresse suivante : ''‮rf.ecnaillaytirucesduolc@ofni‬''
Le site de la //Cloud Security Alliance// est http://www.CloudSecurityAlliance.org
|>|!|>||
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|2010.12.28|Infosec Island|[[Strategies For The Efficient CISO|http://www.infosecisland.com/blogview/10548-Strategies-For-The-Efficient-CISO.html]]|Cloud Misc.|
|2010.12.15|Infosec Island|[[Amazon's WikiLeaks Ban Breeds Cloud Insecurity|http://www.infosecisland.com/blogview/10291-Amazons-WikiLeaks-Ban-Breeds-Cloud-Insecurity.html]]|Cloud Misc.|
|2010.12.10|Infosec Island|[[Virtualization Can Mean Less is More|http://www.infosecisland.com/blogview/10017-Virtualization-Can-Mean-Less-is-More.html]]|Cloud Misc.|
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2010.11.28|Infosec Island|[[Mafiaboy Sees Security Problems for Cloud Computing|http://www.infosecisland.com/blogview/9860-Mafiaboy-Sees-Security-Problems-for-Cloud-Computing.html]]|Cloud Misc.|
|2010.11.26|Infosec Island|[[Predictive Analysis in the Cloud Infrastructure|http://www.infosecisland.com/blogview/9758-Predictive-Analysis-in-the-Cloud-Infrastructure.html]]|Cloud Misc.|
|2010.11.25|Infosec Island|[[Beware of the Private Cloud|http://www.infosecisland.com/blogview/9755-Beware-of-the-Private-Cloud.html]]|Cloud Misc.|
|2010.11.24|Infosec Island|[[The Cloud Needs More Security and Lower Prices|http://www.infosecisland.com/blogview/9760-The-Cloud-Needs-More-Security-and-Lower-Prices.html]]|Cloud Misc.|
|2010.11.21|Infosec Island|[[LISA 2010: OS Security In The Cloud|http://www.infosecisland.com/blogview/9707-LISA-2010-OS-Security-In-The-Cloud.html]]|Cloud Misc.|
|2010.11.19|Infosec Island|[[OS33 and the Abstraction of IT|http://www.infosecisland.com/blogview/9131-OS33-and-the-Abstraction-of-IT.html]]|Cloud Misc.|
|2010.11.14|Infosec Island|[[The Big Shift to Cloud-Based Security|http://www.infosecisland.com/blogview/9573-The-Big-Shift-to-Cloud-Based-Security.html]]|Cloud Misc.|
|2010.11.13|Infosec Island|[[NIST Moves Forward on Cloud Computing|http://www.infosecisland.com/blogview/9527-NIST-Moves-Forward-on-Cloud-Computing.html]]|Cloud Misc.|
|2010.11.07|Infosec Island|[[Duffner Interviews Kemp and Jackson on GovCloud|http://www.infosecisland.com/blogview/9388-Duffner-Interviews-Kemp-and-Jackson-on-GovCloud.html]]|Cloud Misc.|
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2010.10.30|Infosec Island|[[On The Frontlines: Cloud Computing in Government|http://www.infosecisland.com/blogview/9255-On-The-Frontlines-Cloud-Computing-in-Government.html]]|Cloud Misc.|
|2010.10.28|Infosec Island|[[Enterprise Data Storage Reaches for the Cloud|http://www.infosecisland.com/blogview/9120-Enterprise-Data-Storage-Reaches-for-the-Cloud.html]]|Cloud Misc.|
|2010.10.26|Infosec Island|[[SuccessFactors Acquires YouCalc, Launches Inbuilt Analytics|http://www.infosecisland.com/blogview/9130-SuccessFactors-Acquires-YouCalc-Launches-Inbuilt-Analytics.html]]|Cloud Misc.|
|2010.08.25|CircleID|[[IT Risks for Cloud Computing|http://www.circleid.com/posts/it_risks_for_cloud_computing/]] |Risks|
|2010.10.22|Infosec Island|[[Virtualization: Making Seductive Promises a Reality|http://www.infosecisland.com/blogview/9024-Virtualization-Making-Seductive-Promises-a-Reality.html]]|Cloud Misc.|
|2010.10.19|Infosec Island|[[NIST to Hold 2nd Cloud Computing Forum|http://www.infosecisland.com/blogview/8901-NIST-to-Hold-2nd-Cloud-Computing-Forum.html]]|Cloud Misc.|
|2010.10.16|Infosec Island|[[Verecloud Hoping to Save the Telcos|http://www.infosecisland.com/blogview/8672-Verecloud-Hoping-to-Save-the-Telcos.html]]|Cloud Misc.|
|2010.10.13|Infosec Island|[[Infrastructure is Incredibly Underutilised|http://www.infosecisland.com/blogview/8664-Infrastructure-is-Incredibly-Underutilised.html]]|Cloud Misc.|
|2010.10.13|Infosec Island|[[A Cloud Computing Customer Bill of Rights|http://www.infosecisland.com/blogview/8738-A-Cloud-Computing-Customer-Bill-of-Rights.html]]|Cloud Misc.|
|2010.10.07|Infosec Island|[[Vulnerability Management in the Cloud|http://www.infosecisland.com/blogview/8599-Vulnerability-Management-in-the-Cloud.html]]|Cloud Misc.|
|2010.10.06|Infosec Island|[[Industry Standards and Trusting the Cloud|http://www.infosecisland.com/blogview/8503-Industry-Standards-and-Trusting-the-Cloud.html]]|Cloud Misc.|
|2010.10.01|Infosec Island|[[Data Centers Slow to Adopt Cloud Computing|http://www.infosecisland.com/blogview/8468-Data-Centers-Slow-to-Adopt-Cloud-Computing.html]]|Cloud Misc.|
|!Août|!Sources|!Titres et Liens|!Keywords|
|2010.08.06|SANS|[[Cloud Security and Compliance: A Primer|https://www.sans.org/reading-room/whitepapers/analyst/cloud-security-compliance-primer-34910]]|Analysis Misc.|
|!Juillet|!Sources|!Titres et Liens|!Keywords|
|2010.07.01|US Government Accountability Office|GAO-10-855T: [[Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing|https://www.gao.gov/products/GAO-10-855T]] ([[report|https://www.gao.gov/assets/130/124969.pdf]])|Guidance|
|2010.07.01|US Government Accountability Office|GAO-10-513: [[Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing|https://www.gao.gov/products/GAO-10-513]] ([[report|https://www.gao.gov/assets/310/305000.pdf]])|Guidance|
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2010.05.20|SANS|[[A Guide to Virtualization Hardening Guides|https://www.sans.org/reading-room/whitepapers/analyst/guide-virtualization-hardening-guides-34900]]|Analysis Misc.|
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2010.03...|ComputerWeekly|[[Jericho Forum: Self-assessment guide (1/2)|https://www.computerweekly.com/video/Jericho-Forum-Self-assessment-guide]]|Misc|
|2010.03...|ComputerWeekly|[[Jericho Forum: Cloud computing (2/2)|https://www.computerweekly.com/video/Jericho-Forum-Cloud-computing]]|Misc|
|>|!|>||
<<tiddler .ReplaceTiddlerTitle with: [[Veille Web - Année 2010]]>>
Pour 2010, seul le tout premier article est repris sur ce site pour le moment.
Consultez directement le blog sur le site original : https://blog.cloudsecurityalliance.org/
!"//Welcome to the CSA Blog//"
[>img(200px,auto)[iCSF/cloud-security-alliance.png]]Premier article de blog publié le 17 mai 2010 — Rédigé par Jim Reavis
<<<
Welcome to the Cloud Security Alliance blog. We have initiated this service to allow for more rapid communications between our expert volunteers and the larger community interested in cloud security. We plan to use this venue to comment on the important issues of the day related to our mission, as well as to provide some insights into our research in progress, including version 2 of our guidance, which is schedule for completion in October of 2009.
-Jim
<<<
⇒ Lire [[l'article original|https://blog.cloudsecurityalliance.org/2010/05/17/welcome-to-the-csa-blog/]] sur le blog de la CSA
|!Décembre|!Sources|!Titres et Liens|!Keywords|
|2009.12.10|MIT Technology Review|[[Harnessing the Cloud for Hacking|https://www.technologyreview.com/s/416624/harnessing-the-cloud-for-hacking/]]|Hacking|
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2009.11.16|MIT Technology Review|[[How Secure Is Cloud Computing?|https://www.technologyreview.com/s/416293/how-secure-is-cloud-computing/]]|Cryptography Diffie|
|!Octobre|!Sources|!Titres et Liens|!Keywords|
|2009.10.23|MIT Technology Review|[[Vulnerability Seen in Amazon's Cloud-Computing|https://www.technologyreview.com/s/415953/vulnerability-seen-in-amazons-cloud-computing/]]|AWS Flaw|
|2009.10.23|Homeland Security News Wire| → [[Vulnerability identified in Amazon's cloud computing|http://www.homelandsecuritynewswire.com/vulnerability-identified-amazons-cloud-computing]]|AWS Flaw|
|2009.10.01|MIT Technology Review|[[A More Secure, Trustworthy Cloud|https://www.technologyreview.com/s/415528/a-more-secure-trustworthy-cloud/]]|Trust AWS|
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2009.09.04|MIT Technology Review|[[How to Survive a Gmail Outage|https://www.technologyreview.com/s/415166/how-to-survive-a-gmail-outage/]]|Outage Gmail|
|!Mai|!Sources|!Titres et Liens|!Keywords|
|2009.05.13|CircleID|[[Securing a Cloud Infrastructure|http://www.circleid.com/posts/20090513_securing_a_cloud_infrastructure/]] |Architecture|
|!Avril|!Sources|!Titres et Liens|!Keywords|
|2009.04.24|LeMagIT[>img[iCSF/flag_fr.png]]|[[RSA Conference : La Cloud Security Alliance milite pour un nuage sécurisé|https://www.lemagit.fr/actualites/2240197029/RSA-Conference-La-Cloud-Security-Alliance-milite-pour-un-nuage-securise]]|CSA|
|2009.04.17|ZDnet|[[Jericho Forum offers cloud security tips|https://www.zdnet.com/article/jericho-forum-offers-cloud-security-tips/]]|Misc|
|2009.04.17|Jericho Forum|[[Securely Collaborating in the Clouds|https://www.youtube.com/watch?v=2Hq9FEqUntI]] (vidéo)|Misc.|
|!Mars|!Sources|!Titres et Liens|!Keywords|
|2009.03.06|CircleID|[[Cloud Computing Types: Public Cloud, Hybrid Cloud, Private Cloud|http://www.circleid.com/posts/20090306_cloud_computing_types_public_hybrid_private/]] |Context|
<<tiddler .ReplaceTiddlerTitle with: [[Veille Web - Année 2009]]>>
|!Novembre|!Sources|!Titres et Liens|!Keywords|
|2008.11.02|CircleID|[[Who is Responsible in Our Cloudy World?|http://www.circleid.com/posts/20081102_who_responsible_in_cloudy_world/]] |Shared_responsibility|
|!Septembre|!Sources|!Titres et Liens|!Keywords|
|2008.09.16|CircleID|[[Cloud Computing and Privacy|http://www.circleid.com/posts/89163_cloud_computing_and_privacy/]] |Privacy|
|!Août|!Sources|!Titres et Liens|!Keywords|
|2008.08.26|MIT Technology Review|[[Moving Security to the Cloud|https://www.technologyreview.com/s/410747/moving-security-to-the-cloud/]]|Misc|
<<tiddler .ReplaceTiddlerTitle with: [[Veille Web - Année 2008]]>>
<<tabs tCAIQ 'Présentation' '' [[CAIQ##Intro]] 'CAIQ-Lite' '' [[CAIQ##CAIQ-Lite]] 'Actualités' '' [[CAIQ##Actu]] 'Blog' '' [[CAIQ##Blog]] 'Publications' '' [[CAIQ##Publ]]>>
/%
!Intro
[>img[iCSA/CSA-CAI.png]]L'un des principaux obstacles à l'adoption du Cloud est le manque de transparence des contrôles de sécurité.
La ''Cloud Security Alliance Consensus Assessments Initiative'' (''CAI'') a été lancée pour effectuer des recherches, créer des outils et créer des partenariats avec l'industrie afin de permettre l'évaluation du Cloud. Nous nous concentrons sur la fourniture de moyens acceptés par l'industrie pour documenter les contrôles de sécurité existants dans les offres de type IaaS, PaaS et SaaS, en assurant la transparence des contrôles de sécurité.
Cet effort de conception est intégré à d'autres projets des partenaires de recherche de la [[Cloud Security Alliance]] et les appuiera.
Les 2 livrables actuels de la ''CAI'' sont :
* ''CAIQ'', actuellement en version 3.1 depuis novembre 2019
* ''CAIQ-Lite''
__Liens :__
→ https://cloudsecurityalliance.org/working-groups/consensus-assessments/
→ https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/
→ https://cloudsecurityalliance.org/download/artifacts/consensus-assessments-initiative-questionnaire-v3-0-1/
!CAIQ-Lite
<<tiddler [[2019.03.01 - Blog : Présentation de 'CAIQ Lite']]>>
!Actu
<<tiddler fAll2LiTabs13end with: CAIQ","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: CAIQ","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: CAIQ","Publ>>
!end
%/
<<tabs tCCAK 'Présentation' '' [[CCAK - Présentation]] 'Actualités' '' [[CCAK##Actu]] 'Blog' '' [[CCAK##Blog]] 'Publications' '' [[CCAK##Publ]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: CCAK","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: CCAK","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: CCAK","Publ>>
!end
%/
<<tabs tCCM 'Présentation' '' [[Groupe de Travail - Cloud Controls Matrix]] 'Domaines' '' [[CCM##Domaines]] 'Référentiels' '' [[CCM##Referentiels]] 'Actualités' '' [[CCM##Actu]] 'Blog' '' [[CCM##Blog]] 'Publications' '' [[CCM##Publ]]>>
/%
!Domaines
<<tiddler [[CCM - Domaines]]>>
!Referentiels
<<tiddler [[CCM - Référentiels]]>>
!Actu
<<tiddler fAll2LiTabs13end with: CCM","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: CCM","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: CCM","Publ>>
!end
%/
!!Les 16 domaines de la [[Cloud Controls Matrix]][>img(50px,auto)[CCM|iCSA/CAOBCCM.png][Cloud Controls Matrix]]
# AIS → Application & Interface Security
# AAC → Audit Assurance & Compliance
# BCR → Business Continuity Management & Operational Resilience
# CCC → Change Control & Configuration Management
# DSI → Data Security & Information Lifecycle Management
# DCS → Datacenter Security
# EKM → Encryption & Key Management
# GRM → Governance and Risk Management
# HRS → Human Resources
# IAM → Identity & Access Management
# IVS → Infrastructure & Virtualization Security
# IPY → Interoperability & Portability
# MOS → Mobile Security
# SEF → Security Incident Management, E-Discovery, & Cloud Forensics
# STA → Supply Chain Management, Transparency, and Accountability
# TVM → Threat and Vulnerability Management
[img(98%,1px)[iCSF/BluePixel.gif]]
!!30+ référentiels de conformité dans la [[Cloud Controls Matrix]][>img(50px,auto)[CCM|iCSA/CAOBCCM.png][Cloud Controls Matrix]]
''Allemagne'' → BSI
''Europe'' → ENISA Cloud Computing IAF^^(Information Assurance Framework)^^
''Europe'' → 95/46/EC^^(European Union Data Protection Directive)^^
''États-Unis'' → FedRAMP Security Controls
''États-Unis'' → FERPA^^(Family Educational Rights and Privacy Act)^^
''États-Unis'' → ITAR^^(International Traffic in Arms Regulations)^^
''États-Unis'' → AICPA ^^(American Institute of Certified Public Accountants)^^ Trust Service Criteria
''Canada'' → PIPEDA
''Nouvelle Zélande'' → NZISM
''Mexique'' → Federal Law on Protection of Personal Data Held by Private Parties
[img(98%,1px)[iCSF/BluePixel.gif]]
''CSA'' → CCM, CSA Enterprise Architecture, CSA Security Guidance
''NIST'' → SP800-53
''CISecurity'' → CIS-AWS-Foundation
''ISO/IEC'' → 27001, 27002, 27017, 27018
''Jericho Forum
''GAPP ^^(Generally Accepted Privacy Principles)^^
''BITS Shared Assessments ^^(SFG)^^
''PCI DSS
''COBIT, COPPA
''ODCA UM ^^(Open Data Center Alliance Usage Model)^^
[img(98%,1px)[iCSF/BluePixel.gif]]
''Santé'' → HIPAA ^^(Health Insurance Portability and Accountability Act)^^
''Santé'' → HITECH Act ^^(Health Information Technology for Economic and Clinical Health Act)^^
''Santé'' → HITRUST CSF''Energie → NERC ^^(North American Electric Reliability Corporation)^^ CIP
[img(98%,1px)[iCSF/BluePixel.gif]]
<<tabs tCCSK 'Présentation' '' [[CCSK - Présentation]] 'Actualités' '' [[CCSK##Actu]] 'Blog' '' [[CCSK##Blog]] 'Publications' '' [[CCSK##Publ]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: CCSK","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: CCSK","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: CCSK","Publ>>
!end
%/
<<tabs tCrypto 'Présentation' '' [[Cryptographie - Présentation]] 'Actu' '' [[Cryptographie##Actu]] 'Blog' '' [[Cryptographie##Blog]] 'Publications' '' [[Cryptographie##Publ]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: Crypto","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: Crypto","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: Crypto","Publ>>
!end
'Actualités' '' [[Cryptographie##Actu]]
%/
La [[Cloud Security Alliance]] a un groupe de travail qui traite des problématiques cryptographiques et du Cloud.
Les onglets suivant fournissent quelques uns des articles et publications disponibles à ce jour.
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tabs tERP 'Présentation' '' [[ERP - Présentation]] 'Actualités' '' [[ERP##Actu]] 'Blog' '' [[ERP##Blog]] 'Publications' '' [[ERP##Publ]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: ERP","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: ERP","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: ERP","Publ>>
!end
%/
La [[Cloud Security Alliance]] a un groupe de travail qui traite de la problématique des ERP et du Cloud.
Les onglets suivant fournissent quelques uns des articles et publications disponibles à ce jour.
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tabs tIncidents 'Présentation' '' [[Incidents - Présentation]] 'Actualités' '' [[Incidents##Actu]] 'Blog' '' [[Incidents##Blog]] 'Publications' '' [[Incidents##Publ]] 'Liens' '' [[Incidents - Liens]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: Incidents","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: Incidents","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: Incidents","Publ>>
!end
%/
La [[Cloud Security Alliance]] a un groupe de travail qui traite de la problématique des incidents dans le contexte Cloud.
Les onglets suivant fournissent quelques uns des articles et publications disponibles à ce jour.
[img(25%,1px)[iCSF/BluePixel.gif]]
quelques liens vers des documents pertinents sur le sujet de la gestion d'incidents et n'émanant pas de la ''Cloud Security Alliance''
|!Date|!Auteur|!Titre|!Mots clés|
|2020.08.10|Tim Oor|![[AWS Incident Response|https://easttimor.github.io/aws-incident-response/]] |Incidents AWS|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tabs tIoT 'Présentation' '' [[IoT - Présentation]] 'Actualités' '' [[IoT##Actu]] 'Blog' '' [[IoT##Blog]] 'Publications' '' [[IoT##Publ]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: IoT","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: IoT","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: IoT","Publ>>
!end
%/
La [[Cloud Security Alliance]] a un groupe de travail qui traite de la problématique de l'IoT et du Cloud.
Les onglets suivant fournissent quelques uns des articles et publications disponibles à ce jour.
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tabs tRGPD 'Présentation' '' [[RGPD - Présentation]] 'Actualités' '' [[RGPD##Actu]] 'Blog' '' [[RGPD##Blog]] 'Publications' '' [[RGPD##Publ]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: RGPD","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: RGPD","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: RGPD","Publ>>
!end
%/
La [[Cloud Security Alliance]] a un groupe de travail qui traite de la problématique du RGPD et du Cloud.
Les onglets suivant fournissent quelques uns des articles et publications disponibles à ce jour.
La [[Cloud Security Alliance]] a mis en place un site dédié au [[RGPD]] → https://gdpr.cloudsecurityalliance.org/
avec plusieurs parties:
|ssTablN0|k
| ![[GDPR Center of Excellence|https://gdpr.cloudsecurityalliance.org/center-of-excellence]] | ![[GDPR Code of Conduct|https://gdpr.cloudsecurityalliance.org/code-of-conduct]] | ![[Resources Center|https://gdpr.cloudsecurityalliance.org/resource-center]] | ![[Working Groups|https://gdpr.cloudsecurityalliance.org/working-groups]] |
|[img(200px,auto)[iCSA/GDPR_CoE.png]]|[img(200px,auto)[iCSA/GDPR_CoC.png]]|[img(200px,auto)[iCSA/GDPR_ResourcesC.png]]|[img(200px,auto)[iCSA/GDPR_WG.png]]|
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tabs tThreats 'Présentation' '' [[Groupe de Travail - Top Threats]] 'Actu' '' [[Menaces##Actu]] 'Blog' '' [[Menaces##Blog]] 'Publications' '' [[Menaces##Publ]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: Threats","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: Threats","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: Threats","Publ>>
!end
'Actualités' '' [[Menaces##Actu]]
%/
<<tiddler fAll2Tabs with: Pano>>
<<tabs tHealth 'Présentation' '' [[Health - Présentation]] 'Actualités' '' [[Health##Actu]] 'Blog' '' [[Health##Blog]] 'Publications' '' [[Health##Publ]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: Health","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: Health","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: Health","Publ>>
!end
%/
La [[Cloud Security Alliance]] a un groupe de travail qui traite de la problématique de la Santé et du Cloud.
Les onglets suivant fournissent quelques uns des articles et publications disponibles à ce jour.
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler fAll2LiTabs13end with: Health>>
<<tabs tSDP 'Présentation' '' [[SDP - Présentation]] 'Actualités' '' [[SDP##Actu]] 'Blog' '' [[SDP##Blog]] 'Publications' '' [[SDP##Publ]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: SDP","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: SDP","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: SDP","Publ>>
!end
%/
La [[Cloud Security Alliance]] a un groupe de travail qui traite de la problématique du SDP et du Cloud.
Les onglets suivant fournissent quelques uns des articles et publications disponibles à ce jour.
[img(25%,1px)[iCSF/BluePixel.gif]]
Lien vers la page d'accueil du ''Software Defined Perimeter Working Group'' ⇒ ''[[CloudSecurityAlliance.fr/go/wgSDP/|https://cloudsecurityalliance.fr/go/wgSDP/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tabs tSECt 'Présentation' '' [[SECtember##Pres]] 'Actualités' '' [[SECtember##Actu]]>>
/%
!Pres
[>img(500px,auto)[iCSA/K9GSECtember.jpg][https://cloudsecurityalliance.fr/go/k9ee/]][[SECtember]] est une conférence annuelle créée par la ''Cloud Security Alliance'' en 2020.
Elle se déroulera dorénavant en septembre -- d'où son nom -- à Seattle aux États-Unis sur 5 jours :
* 2 jours de formation, le lundi et le mardi
* 2 jours de conférence, le mercredi et le jeudi
* 1 jour réservé pour des réunions et des groupes de travail
La première conférence [[SECtember]] devait se dérouler à Seattle du lundi 14 au 18 septembre 2020.
Elle est maintenant transformée en une onférence en ligne (voir la rubrique "Actualités").
!Actu
<<tiddler fAll2LiTabs13end with: 'SECtember'>>
!end
%/
<<tabs tSTAR 'Présentation' '' [[STAR - Présentation]] 'Actualités' '' [[STAR##Actu]] 'Blog' '' [[STAR##Blog]] 'Publications' '' [[STAR##Publ]]>>
/%
!Actu
<<tiddler fAll2LiTabs13end with: STAR","Actu>>
!Blog
<<tiddler fAll2LiTabs13end with: STAR","Blog>>
!Publ
<<tiddler fAll2LiTabs13end with: STAR","Publ>>
!end
%/
''CSA'' [[STAR]] est un programme ou une méthodologie visant à l'assurance de la sécurité dans le Cloud. [[STAR]] englobe les principes clés de ''transparence, de vérification rigoureuse et d'harmonisation des normes''. Le programme [[STAR]] offre de nombreux avantages, notamment des indications sur les bonnes pratiques et la validation de la posture de sécurité des offres de cloud computing.
Le sigle [[STAR]] signifie "//__''S''__ecurity, __''T''__rust and __''A''__ssurance __''R''__egistry//".
Sur le site de la ''CSA'', toutes les informations sont regroupées [[ici|https://cloudsecurityalliance.fr/go/STAR/]].
<<tabs tSTAR 'Présentation' '' [[STAR - Présentation##Intro]] 'Registre' '' [[STAR - Présentation##Registre]] 'Évaluation et Certification' '' [[STAR - Présentation##EvalCert]]>>
/%
!Intro
[>img(450px,auto)[iCSA/OCF-1.png]]''CSA'' [[STAR]] se compose de trois niveaux d'assurance :
# Auto-évaluation
# Certification par une tierce partie
# Audit continu
Ces 3 niveaux d'assurance de la ''CSA'' [[STAR]] sont basés sur :
# [[CCM]] : la matrice de contrôle
** La [[CCM]], le seul métacadre de contrôles de sécurité propres au Cloud, s'appuie sur des normes, des bonnes pratiques et des règlements. Il s'agit de fournir la structure, les détails et la clarté nécessaires en matière de sécurité de l'information adaptée au Cloud. La [[CCM]] est actuellement considérée comme une norme de fait pour l'assurance de la sécurité et de la conformité dans le Cloud.
# [[CAIQ]] : le questionnaire de l'anitiative d'évaluation par consensus
** La [[CAIQ]] est basée sur la [[CCM]] et propose un questionnaire à réponses fermées (Oui/Non) que des consommateurs cloud ou des auditeurs Cloud peuvent poser à des prestataires Cloud afin de leur conformité à la [[CCM]].
# Le ''Code de conduite'' de la CSA sur la conformité au RGPD
** Ce ''Code de conduite'' est un outil créé en collaboration avec des experts de l'industrie et des représentants des autorités nationales de protection des données de l'UE pour aider les organisations à se conformer au RGPD. Ce ''Code de conduite'' intègre toutes les exigences qu'un fournisseur de services Cloud doit satisfaire pour se conformer au RGPD.
** Lien → https://gdpr.cloudsecurityalliance.org/resource/csa-code-of-conduct-for-gdpr-compliance/
!Registre
L'une des caractéristiques essentielles du programme [[STAR]] est son ''registre'' (//registry//) qui documente les contrôles de sécurité et de confidentialité fournis par les offres de Cloud.
Ce ''registre'' accessible à tous et a été conçu pour permettre aux utilisateurs de services Cloud d'évaluer leurs prestataires de services Cloud, les prestataires de sécurité et les sociétés de services, de conseil ou d'évaluation afin de faire les meilleurs choix d'approvisionnement.
Sur le site de la ''CSA'', toutes les informations sur le ''registre'' sont regroupées [[ici|https://cloudsecurityalliance.fr/go/STARr/]].
[>img(400px,auto)[iCSA_/STAR-Registry.jpg][https://cloudsecurityalliance.fr/go/STARr/]]En termes de statistiques sur le registre, il y avait au 1er janvier 2019 :
* 450 entités différents sont enregistrées, dont :
** 406 entités au Niveau 1 "//Self-Assessment//"
** 7 entités au Niveau 2 "//Attestation//"
** 56 entités au Niveau 2 "//Certification//"
** 10 entités au Niveau 2 "//Evaluation C-STAR//"
* 26 entités ont au moins 2 qualifications d'assurance, dont :
** 3 entités ont au moins 3 qualifications d'assurance :
*** +++*[Dropbox]> Enregistré depuis Juillet 2014 → https://cloudsecurityalliance.org/registry/dropbox-inc/ ===,+++*[Microsoft]> Enregistré depuis Mars 2012 → https://cloudsecurityalliance.org/registry/microsoft/ === et+++*[Ribose]> Enregistré depuis Octobre 2013 → https://cloudsecurityalliance.org/registry/ribose/ ===
!EvalCert
En termes d'évaluations et de certification CSA STAR[>img(450px,auto)[iCSA/OCF-2.png]]
Le découpage de [[STAR]] se fait en 3 niveaux d'assurance :
* Niveau 1 → Auto-évaluation
** Auto-évaluation ''CSA'' [[STAR]], ou
** Auto-évaluation du ''Code de conduite'' de la ''CSA'' sur le RGPD
* Niveau 2 → Certification par une tierce partie
** Attestation ''CSA'' [[STAR]],
** Certification ''CSA'' [[STAR]], ou
** Évaluation ''C-STAR''
* Niveau 3 → Audit continu
** //CSA [[STAR]] Continuous// (actuellement en cours de développement)
__''Niveau 1 : Auto-évaluation CSA STAR / //Self-Assessment//''__
L'autoévaluation ''CSA'' [[STAR]] est une offre gratuite qui documente les contrôles de sécurité fournis par diverses offres Cloud, aidant ainsi les utilisateurs à évaluer la sécurité des prestataires qu'ils utilisent ou envisagent d'utiliser.
Les prestataires de services Cloud soumettent :
* soit un questionnaire [[CAIQ]] dûment rempli
* soit un rapport sur la conformité à la [[CCM]]
Ces informations sont ensuite rendues publiques, ce qui favorise la transparence de l'industrie et donne une visibilité sur les pratiques de sécurité spécifiques des prestataires.
** Lien → https://cloudsecurityalliance.org/star/self-assessment/
__''Niveau 1 : Auto-évaluation du ''Code de conduite'' de la ''CSA'' sur le RGPD''__
L'auto-évaluation du Code consiste en la publication volontaire de deux documents sur le registre [[STAR]] :
* //Code of Conduct Statement of Adherence//
** Lien → https://gdpr.cloudsecurityalliance.org/resource/pla-code-of-conduct-statement-of-adherence-self-assessment/
* //Self-assessment results based on the PLA Code of Practice (CoP) Template - Annex 1//
** Lien → https://gdpr.cloudsecurityalliance.org/resource/coc-gdpr-annex-1-compliance-assessment-template/
Les frais d'enregistrement et de publication s'élèvent à 1.495 Euros.
Un certificat de Conformité valable pendant 1 an est alors délivré.
L'autoévaluation doit être révisée chaque fois qu'il y a un changement aux politiques ou aux pratiques de l'entreprise concernant le service évalué.
** Lien → https://cloudsecurityalliance.org/star/self-assessment/
__''Niveau 2 : Attestation CSA STAR''__
L'attestation ''CSA'' [[STAR]] est le fruit d'une collaboration entre la ''CSA'' et l'AICPA qui vise à fournir des lignes directrices aux CPA (//Chartered Professional Accountant// ou //Compyables Agréé//) afin qu'ils puissent mener des missions //SOC// 2 selon les critères de l'AICPA (//Trust Service Principles//, //AT 101//) et de la [[CCM]].
L'attestation [[STAR]] prévoit des évaluations indépendantes et rigoureuses des prestataires de services Cloud par des tierces parties.
** Lien → https://cloudsecurityalliance.org/star/attestation/
__''Niveau 2 : Certification CSA STAR''__
La certification ''CSA'' [[STAR]] est une évaluation indépendante et rigoureuse de la sécurité d'un fournisseur de services Cloud.
La certification, technologiquement neutre, s'appuie sur les exigences de la norme ISO/IEC 27001:2013 sur les systèmes de management ainsi que sur la [[CCM]].
** Lien → https://cloudsecurityalliance.org/star/certification/
__''Niveau 2 : Évaluation C-STAR''__
L'évaluation ''C-STAR'' est une évaluation indépendante effectuée par une tierce partie d'un prestataire de services Cloud pour le marché Chinois élargi (//Greater China//). Elle a pour but d'harmoniser les bonnes pratiques de la CSA avec les normes nationales chinoises. L'évluation ''C-STAR'' tire parti des exigences de la norme GB/T 22080-2008 sur les systèmes de gestion ainsi que de la matrice [[CCM]] et de 29 contrôles connexes sélectionnés parmi les normes GB/T 22239-2008 et GB/Z 28828-2012.
** Lien → https://cloudsecurityalliance.org/star/c-star/
__''Niveau 3 : Surveillance permanente CSA STAR / //''CSA'' [[STAR]] Continuous//''__
Actuellement en cours de développement, la ''surveillance permanente'' ''CSA'' [[STAR]] permet d'automatiser les pratiques de sécurité actuelles des fournisseurs de Cloud.
//''CSA'' [[STAR]] Continuous// sera basé sur une évaluation ou un audit en continu de critères de sécurité pertinents, et sera basé sur :
* [[CCM]] : Cloud Controls Matrix
* CTP : Cloud Trust Protocol
* A6 : CloudAudit
Les fournisseurs publient leurs pratiques de sécurité conformément à la mise en forme et aux spécifications de la ''CSA'', et les clients et les fournisseurs d'outils peuvent récupérer et présenter cette information dans divers contextes.
** Lien → https://cloudsecurityalliance.org/star/continuous/
!Ressources
Les principales ressources à consulter sont les suivantes :
# Le site "STARwatch" [>img(200px,auto)[iCSA_/STARwatch.png]]
** ''STARWatch'' est une application SaaS qui permet de gérer la conformité aux exigences de la ''CSA''' [[STAR]].
** ''STARWatch'' fournit le contenu de la ''Cloud Controls Matrix'' ([[CCM]]) et du ''Consensus Assessments Initiative Questionnaire'' ([[CAIQ]]) sous la forme d'une base de données.
** Site STARwatch → https://star.watch/en
** Communiqué de presse de l'annonce de STARwatch en février 2017 &rrarr:https://cloudsecurityalliance.org/articles/cloud-security-alliance-announces-general-availability-of-starwatch-cloud-security-management-application/
# Document : "''STAR Continuous Technical Guidance''"[>img(100px,auto)[iCSA_/star-technical-guidance-thumb.png]]
** Date : 27 février 2019
** Lien → https://cloudsecurityalliance.org/artifacts/star-continuous-technical-guidance/
# Document : "''Streamlining Vendor IT Security and Risk Assessments''"[>img(100px,auto)[iCSA_/streamlining-it.png]]
** Date : 8 décembre 2018
** Lien → https://cloudsecurityalliance.org/artifacts/streamlining-vendor-it-security-and-risk-assessments/
# Document : "''CSA STAR Certification Intake Form''"
** Date : 7 juin 2018
** Lien → https://cloudsecurityalliance.org/artifacts/csa-star-certification/
# Blog : "What You Need to Know About Changes to the STAR Program"
** Date : 9 mai 2017
** Lien → https://blog.cloudsecurityalliance.org/2017/05/09/need-know-changes-star-program/
# Document : "''Guidelines for CPAs Providing CSA STAR Attestation v2''"[>img(100px,auto)[iCSA_/Guidelines_for_CPAs_Providing_CSA_STAR_Attestation_v2.jpg]]
** Date : 20 mars 2017
** Lien → https://cloudsecurityalliance.org/artifacts/guidelines-for-cpas-providing-csa-star-attestation-v2/
# Blog : "''3-2-1, Takeoff. The STARWatch Cloud Security Management Application Has Launched''"
** Date : 13 février 2017
** Lien → https://blog.cloudsecurityalliance.org/2017/02/13/3-2-1-takeoff-starwatch-cloud-security-management-application-launched/
# Blog : "''Standardizing Cloud Security with CSA STAR Certification''"
** Date : 14 décembre 2016
** Lien → https://blog.cloudsecurityalliance.org/2016/12/14/standardizing-cloud-security-csa-star-certification/
# Document : "''STAR Overview''"[>img(100px,auto)[iCSA_/star-overview.jpg]]
** Date : 20 avril 2015
** Lien → https://cloudsecurityalliance.org/download/star-overview-pdf/
!4 - Contacts
* Pour toute information générale : starwatch-support (at) cloudsecurityalliance point org
* ''CSA'' [[STAR]] Certification Auditors: https://cloudsecurityalliance.org/star/certification/#_auditors
* ''CSA'' [[STAR]] Attestation Auditors: https://cloudsecurityalliance.org/star/attestation/#_auditors
!end
%/
<<tiddler fAll2Tabs with: Vuln>>
<html><i class="fa fa-graduation-cap fa-3x" aria-hidden="true"></i></html> [>img(200px,auto)[iCSF/ISEP-FC.jpg]] En 2012, le [[Chapitre français|CSA-FR]] de la [[Cloud Security Alliance]] a établi un partenariat en matière de formation avec l'[[ISEP Formation Continue|https://cloudsecurityalliance.fr/go/MasteresISEP/]] dans le cadre des ''Mastères Spécialisés ®''.
Cela se traduit notamment par :
# Pour le ''[[Mastères Spécialisés® Expertise Cloud Computing|https://cloudsecurityalliance.fr/go/McCC/]]'' :
** Enseignement du module "Sécurité du Cloud"
** Participation au Conseil Scientifique
** Animation d'un des 3 projets réalisés par les apprenants
** Participation au jury de thèses des apprenants
** Lien ⇒ ''[[CloudSecurityAlliance.fr/go/McCC/|https://cloudsecurityalliance.fr/go/McCC/]]''
# Pour le ''[[Mastères Spécialisés® Architecture Cybersécurité et Intégration|https://cloudsecurityalliance.fr/go/McCS/]]'' :
** Enseignement de plusieurs cours
** Participation au Conseil Scientifique
** Animation d'un des 3 projets réalisés par les apprenants
** Participation au jury de thèses des apprenants
** Lien ⇒ ''[[CloudSecurityAlliance.fr/go/McCS/|https://cloudsecurityalliance.fr/go/McCS/]]''
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler fAll2Tabs7 with: _ActuM>>
!Le groupe de travail "Application Containers and Microservices" a besoin de vous !
[>img(150px,auto)[iCSA_/microservices.png][https://cloudsecurityalliance.org/group/containerization/]]La [[Cloud Security Alliance]] recherche des bénévoles pour participer à l'élaboration et la rédaction d'un livre blanc sur les bonnes pratiques et les défis en matière de sécurisation des containers et des micro-services.
Si vous êtes intéressés, veuillez vous inscrire au groupe de travail sur la page du Groupe de Travail [[ici|https://cloudsecurityalliance.org/group/containerization/]].
__''Extrait :''__
> //The Cloud Security Alliance is launching the Application Containers and Microservices (ACM) Working Group. The CSA ACM Working Group previously work with the National Institute of Standards and Technology (NIST) ACM Working Group to provide research, guidance, and best practices for the secure use of application containers and microservices.//
[...]
> //The mission of the CSA Application Containers and Microservices working group is to conduct research on the security of application containers and microservices and publish guidance and best practices for the secure use of application containers and microservices.//
!Certificate of Cloud Auditing Knowledge
[>img(200px,auto)[iCSA/JC4CCAK.png]][>img(200px,auto)[iCSA/CCAK.png]]Le ''Certificate of Cloud Auditing Knowledge'' ou ''CCAK'' est une certification en cours de développement par la [[Cloud Security Alliance]] et sera disponible au ''3^^ème^^ trimestre 2020''.
Le corpus de connaissances du ''CCAK'' comprendra plusieurs éléments bien connus :
* La ''Cloud Controls Matrix'' ([[CCM]])
* Le ''Consensus Assessments Initiative Questionnaire'' ([[CAIQ]])
* Le programme ''Security, Trust, Assurance & Risk'' ([[STAR]])
__Lien :__
* Le site dédié au [[CCAK]] → [[CloudSecurityAlliance.fr/go/CCAK|https://CloudSecurityAlliance.fr/go/CCAK]]
[img(25%,1px)[iCSF/BluePixel.gif]]
!Certificate of Cloud Security Knowledge [>img(400px,auto)[iCSA_/CCSK_banner.jpg]]
Le ''Certificate of Cloud Security Knowledge'' ou ''CCSK'' est une certification qui permet :
# de valider vos compétences acquises grâce à votre expérience en matière de sécurité Cloud
# de démontrer vos connaissances techniques, vos compétences et vos capacités à développer efficacement un programme holistique de sécurité Cloud par rapport aux normes
# de vous différencier des autres candidats sur le marché en pleine croissance de la sécurité Cloud
# d'accéder à des ressources professionnelles précieuses, comme des outils, du réseautage et des échanges d'idées avec vos pairs.
Depuis fin 2017, la version du [[CCSK]] est : ''CCSK v4''.
__Lien :__
* Le site dédié au [[CCSK]] → [[CloudSecurityAlliance.fr/go/CCSK|https://CloudSecurityAlliance.fr/go/CCSK]]
|ssTabl99|k
|!Les informations relatives à l'organisation de formations CCSK en France sont publiées régulièrement sur le site [[CloudSecurityAlliance.fr|https://CloudSecurityAlliance.fr]]|
[img(25%,1px)[iCSF/BluePixel.gif]]
Nous vous invitons à consulter l'article ci-dessous "[[CCSK : la formation à suivre|2019.01.24 - Blog : CCSK la formation à suivre]]" rédigé par ''Guillaume Boutisseau'', premier ''CCSK Authorized Instructor'' français.
<<<
<<tiddler [[2019.01.24 - Blog : CCSK la formation à suivre]]>>
<<<
[img(25%,1px)[iCSF/BluePixel.gif]]
[>img(500px,auto)[iCSA_/DownloadCSA.jpg]]La page de téléchargement générale de tous les documents de la [[Cloud Security Alliance]] est la suivante : https://cloudsecurityalliance.org/download/
Parmi la centaine de documents publiés par la [[Cloud Security Alliance]], plusieurs font office de référence ou doivent être connus, parmi lesquels :
# ''Security Guidance for Critical Areas of Focus in Cloud Computing''+++*[»]>
|<<tiddler "Groupe de Travail - Security Guidance">> |
===
# ''Cloud Controls Matrix''+++*[»]>
|<<tiddler "Groupe de Travail - Cloud Controls Matrix">> |
===
# ''Cloud Computing Top Threats''+++*[»]>
|<<tiddler "Groupe de Travail - Top Threats">> |
===
# ''Mitigating Risk''+++*[»]> [>img(200px,auto)[iCSA_/CSA-MitigatingRisk.jpg]]
** Date : 17 août 2016
** Page de téléchargement : https://cloudsecurityalliance.org/download/mitigatingrisk/ (après inscription)
===
# ''State of Cloud Security''+++*[»]>
|<<tiddler "Publications - Situation">> |
===
# ''Security Considerations for Private vs. Public Clouds''+++*[»]> [>img(200px,auto)[iCSA_/CSA-ConsiderationsPrivatePublicClouds.png]]
** Date : 15 juin 2015
** Page de téléchargement : https://cloudsecurityalliance.org/download/security-considerations-for-private-vs-public-clouds/ (après inscription)
===
!Forum Sécurité@Cloud les --18 et 19 mars-- 23 et 24 septembre 2020
Le prochain Forum se déroulera à la Porte de Versailles à Paris.[>img(auto,80px)[iCSF/ForumSecuriteAtCloud.jpg]][>img(auto,80px)[iCSF/CloudComputingWorld_2.jpg]]
Après deux participations en mars 2018 et mars 2019, le [[Chapitre Français]] de la [[Cloud Security Alliance]] sera de nouveau partenaire du Forum en 2020.
Le site du Salon ⇒ ''[[CloudSecurityAlliance.fr/go/k9ns/|https://cloudsecurityalliance.fr/go/k9ns/]]''
[img(50%,1px)[iCSF/BluePixel.gif]]
''@@color:#014;font-size:125%;2020@@''
[img(300px,auto)[iCSF/K33AR.jpg]][img(300px,auto)[iCSF/K34AR.jpg]]
[img(50%,1px)[iCSF/BluePixel.gif]]
''@@color:#014;font-size:125%;2019@@''
[img(300px,auto)[iCSF/ForumSecuriteCloud-2019.png]]
[img(50%,1px)[iCSF/BluePixel.gif]]
''@@color:#014;font-size:125%;2018@@''
[img(300px,auto)[iCSF/ForumSecuriteCloud-2018.png]]
[img(50%,1px)[iCSF/BluePixel.gif]]
!Salon Cloud Security Expo les 27 et 28 novembre 2019
Le prochain Salon se déroulera à la Porte de Versailles à Paris.[>img(200px,auto)[iCSF/CloudSecurityExpoFrance.png]]
Après une première participation en 2018, le [[Chapitre Français]] de la [[Cloud Security Alliance]] est en cours de discussion avec les organisateurs du Salon pour y participer de nouveau en 2019.
4 bonnes raisons de visiter le salon ''Cloud & Cyber Security Paris''
# __Rencontrer__ plus de 150 fournisseurs nationaux et internationaux.
# __Assister__ aux prises de parole de 250 experts dans un programme de conférence recouvrant l'actualité du secteur, dont des dizaines d'études de cas et des tables rondes. Des experts issus des plus grandes entreprises françaises, du secteur public, de PME et des prestataires de services viendront partager leurs expériences.
# __Consolider__ votre réseau et __construire__ des relations avec les acteurs du marché et découvrez les technologies de demain.
# __Optimiser__ votre temps et aborder tous vos objectifs technologiques en un seul lieu.
Le site du Salon ⇒ ''[[CloudSecurityAlliance.fr/go/jBiM/|https://cloudsecurityalliance.fr/go/jBiM/]]''
{{floatC{
[img(50%,1px)[iCSF/BluePixel.gif]]
''@@color:#014;font-size:125%;2019@@''
[img(600px,auto)[iCSF/CCSEP2019.png]][img(600px,auto)[iCSF/CloudExpo2019.jpg]]
[img(50%,1px)[iCSF/BluePixel.gif]]
''@@color:#014;font-size:125%;2018@@''
[img(600px,auto)[iCSF/CCSEP201811.jpg]]
[img(50%,1px)[iCSF/BluePixel.gif]]
}}}
<<tiddler fAll2Tabs7 with: _BlogM>>
!"//CSA Security Update//"
[>img(150px,auto)[iCSA/CSAsecUpd.jpg]]Ces podcasts sont gérés par John DiMaria, Assurance Investigatory Fellow, CSA
<<<
//CSA STAR is the industry's most powerful program for security assurance in the cloud.
The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards.
Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.
This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.//
<<<
Lien ⇒ https://www.buzzsprout.com/303731
<<tiddler fAll2Tabs10 with: PodC>>
/%
apple https://podcasts.apple.com/us/podcast/csa-security-update/id1463409667?uo=4">Apple Podcasts
spotify https://open.spotify.com/show/0bWL4WpUdl34CtOWKRoN94">Spotify
google https://podcasts.google.com/?feed=aHR0cHM6Ly9mZWVkcy5idXp6c3Byb3V0LmNvbS8zMDM3MzEucnNz">Google Podcasts
overcast https://overcast.fm/itunes1463409667 Overcast
pocketcast http://pca.st/itunes/1463409667 Pocket Cast
castro https://castro.fm/itunes/1463409667 Castro
castbox http://castbox.fm/vic/1463409667?ref=buzzsprout Castbox
podchaser https://www.podchaser.com/f/pod/1463409667 Podchaser
rss https://feeds.buzzsprout.com/303731.rss RSS Feed
%/
!"//CSA Security Update//"
|2021.02.01|CSA|[[|https://www.buzzsprout.com/303731/7610968-a-case-study-ccm-and-star-integrating-with-third-party-assessments-and-regulations-to-avoid-duplication-of-effort-and-cost.mp3]] → [[mp3|https://www.buzzsprout.com/303731/7610968-a-case-study-ccm-and-star-integrating-with-third-party-assessments-and-regulations-to-avoid-duplication-of-effort-and-cost.mp3]]|Podcast CSA|
|2020.10.16|CSA|[[The Business Value of STAR Attestation|https://www.buzzsprout.com/303731/5924110-the-business-value-of-star-attestation]] → [[mp3|https://www.buzzsprout.com/303731/5924110-the-business-value-of-star-attestation.mp3]]|Podcast CSA|
|2020.07.27|CSA|[[How to Engage with Cloud Customers|https://www.buzzsprout.com/303731/4732466-how-to-engage-with-cloud-customers]] → [[mp3|https://www.buzzsprout.com/303731/4732466-how-to-engage-with-cloud-customers.mp3]]|Podcast CSA|
|2020.05.26|CSA|[[CSA STAR + SOC2 - From Readiness to Attestation|https://www.buzzsprout.com/303731/3927878-csa-star-soc2-from-readiness-to-attestation]] → [[mp3|https://www.buzzsprout.com/303731/3927878-csa-star-soc2-from-readiness-to-attestation.mp3]]|Podcast CSA|
|2020.03.02|CSA|[[IoT and SMART Nations - Building Resilience - Guest: David Mudd; BSI Group |https://www.buzzsprout.com/303731/2895877-iot-and-smart-nations-building-resilience-guest-david-mudd-bsi-group]] → [[mp3|https://www.buzzsprout.com/303731/2895877-iot-and-smart-nations-building-resilience-guest-david-mudd-bsi-group.mp3]]|Podcast CSA|
|2020.03.25|CSA|[[CSA STAR Certification Case Study Guest: Larry Greenblatt, CISSP, CCSP; Information Security Specialist at QAD|https://www.buzzsprout.com/303731/3118498-csa-star-certification-case-study-guest-larry-greenblatt-cissp-ccsp-information-security-specialist-at-qad]] → [[mp3|https://www.buzzsprout.com/303731/3118498-csa-star-certification-case-study-guest-larry-greenblatt-cissp-ccsp-information-security-specialist-at-qad.mp3]]|Podcast CSA|
|2020.02.11|CSA|[[Sneak Preview of CSA Summit and RSA 02 24 - 27 2020|https://www.buzzsprout.com/303731/2715373-sneak-preview-of-csa-summit-and-rsa-02-24-27-2020]] → [[mp3|https://www.buzzsprout.com/303731/2715373-sneak-preview-of-csa-summit-and-rsa-02-24-27-2020.mp3]]|Podcast CSA|
|2020.01.17|CSA|[[CSA 2019 Year in Review and look into 2020 with Co-Founder & CEO Jim Reavis|https://www.buzzsprout.com/303731/2513809-csa-2019-year-in-review-and-look-into-2020-with-co-founder-ceo-jim-reavis]] → [[mp3|https://www.buzzsprout.com/303731/2513809-csa-2019-year-in-review-and-look-into-2020-with-co-founder-ceo-jim-reavis.mp3]]|Podcast CSA|
|2019.12.11|CSA|[[The STAR Certification Journey - Guest:Willibert Fabritius; Global Head of Information Security and Business Continuity, BSI Group|https://www.buzzsprout.com/303731/2265872-the-star-certification-journey-guest-willibert-fabritius-global-head-of-information-security-and-business-continuity-bsi-group]] → [[mp3|https://www.buzzsprout.com/303731/2265872-the-star-certification-journey-guest-willibert-fabritius-global-head-of-information-security-and-business-continuity-bsi-group.mp3]]|Podcast CSA|
|2019.11.06|CSA|[[Reducing Business Risk with Forensic Readiness - Guest: Lamont Orange; CISO, Netskope|https://www.buzzsprout.com/303731/2006425-reducing-business-risk-with-forensic-readiness-guest-lamont-orange-ciso-netskope]] → [[mp3|https://www.buzzsprout.com/303731/2006425-reducing-business-risk-with-forensic-readiness-guest-lamont-orange-ciso-netskope.mp3]]|Podcast CSA|
|2019.11.19|CSA|[[CSA STAR Attestation; The first cloud-specific attestation program. Guest: Debbie Zallar; Principle, Schellman & Company LLC|https://www.buzzsprout.com/303731/2119125-csa-star-attestation-the-first-cloud-specific-attestation-program-guest-debbie-zallar-principle-schellman-company-llc]] → [[mp3|https://www.buzzsprout.com/303731/2119125-csa-star-attestation-the-first-cloud-specific-attestation-program-guest-debbie-zallar-principle-schellman-company-llc.mp3]]|Podcast CSA|
|2019.10.08|CSA|[[CSA STAR Case Study - Guest: Deepak Gupta; Co-founder and CTO at LoginRadius|https://www.buzzsprout.com/303731/1835209-csa-star-case-study-guest-deepak-gupta-co-founder-and-cto-at-loginradius]] → [[mp3|https://www.buzzsprout.com/303731/1835209-csa-star-case-study-guest-deepak-gupta-co-founder-and-cto-at-loginradius.mp3]]|Podcast CSA|
|2019.10.21|CSA|[[EU-SEC-Multiparty Recognition Framework - Guest Damir Savanovic; Senior Analyst & Researcher; CSA|https://www.buzzsprout.com/303731/1907231-eu-sec-multiparty-recognition-framework-guest-damir-savanovic-senior-analyst-researcher-csa]] → [[mp3|https://www.buzzsprout.com/303731/1907231-eu-sec-multiparty-recognition-framework-guest-damir-savanovic-senior-analyst-researcher-csa.mp3]]|Podcast CSA|
|2019.09.24|CSA|[[What Executives Should Know About Security Breaches and Prevention - Guest: Phillip Merrick; CEO, Fugue|https://www.buzzsprout.com/303731/1761535-what-executives-should-know-about-security-breaches-and-prevention-guest-phillip-merrick-ceo-fugue]] → [[mp3|https://www.buzzsprout.com/303731/1761535-what-executives-should-know-about-security-breaches-and-prevention-guest-phillip-merrick-ceo-fugue.mp3]]|Podcast CSA|
|2019.09.12|CSA|[[Live from Hong Kong! Meeting Business Requirements with CSA STAR - Guest: Ron Tse; CEO of Ribose|https://www.buzzsprout.com/303731/1696357-live-from-hong-kong-meeting-business-requirements-with-csa-star-guest-ron-tse-ceo-of-ribose]] → [[mp3|https://www.buzzsprout.com/303731/1696357-live-from-hong-kong-meeting-business-requirements-with-csa-star-guest-ron-tse-ceo-of-ribose.mp3]]|Podcast CSA|
|2019.08.28|CSA|[[CSA Research - Providing solutions for tomorrow's problems today - Guest: John Yeoh; Global V.P. of Research|https://www.buzzsprout.com/303731/1615879-csa-research-providing-solutions-for-tomorrow-s-problems-today-guest-john-yeoh-global-v-p-of-research]] → [[mp3|https://www.buzzsprout.com/303731/1615879-csa-research-providing-solutions-for-tomorrow-s-problems-today-guest-john-yeoh-global-v-p-of-research.mp3]]|Podcast CSA|
|2019.08.14|CSA|[[Business Email Compromise Scams Remain a Billion-Dollar Problem - Guest: Ken Dunham, Optiv|https://www.buzzsprout.com/303731/1548796-business-email-compromise-scams-remain-a-billion-dollar-problem-guest-ken-dunham-optiv]] → [[mp3|https://www.buzzsprout.com/303731/1548796-business-email-compromise-scams-remain-a-billion-dollar-problem-guest-ken-dunham-optiv.mp3]]|Podcast CSA|
|2019.07.03|CSA|[[CSA CAIQ-Lite - When is a more Streamlined Vendor Security Assessment option applicable? Guest: Nick Sorensen, CEO, Whistic|https://www.buzzsprout.com/303731/1364536-csa-caiq-lite-when-is-a-more-streamlined-vendor-security-assessment-option-applicable-guest-nick-sorensen-ceo-whistic]] → [[mp3|https://www.buzzsprout.com/303731/1364536-csa-caiq-lite-when-is-a-more-streamlined-vendor-security-assessment-option-applicable-guest-nick-sorensen-ceo-whistic.mp3]]|Podcast CSA|
|2019.07.30|CSA|[[Measuring the Value that Information Sharing adds to Threat Intelligence - Guest: Paul Kurtz; Co-Founder, CEO, TruStar |https://www.buzzsprout.com/303731/1480729-measuring-the-value-that-information-sharing-adds-to-threat-intelligence-guest-paul-kurtz-co-founder-ceo-trustar]] → [[mp3|https://www.buzzsprout.com/303731/1480729-measuring-the-value-that-information-sharing-adds-to-threat-intelligence-guest-paul-kurtz-co-founder-ceo-trustar.mp3]]|Podcast CSA|
|2019.07.21|CSA|[[The Business Case Behind Continuous Monitoring - Guest: Stephen Boyer; Founder & CTO, BitSight|https://www.buzzsprout.com/303731/1440220-the-business-case-behind-continuous-monitoring-guest-stephen-boyer-founder-cto-bitsight]] → [[mp3|https://www.buzzsprout.com/303731/1440220-the-business-case-behind-continuous-monitoring-guest-stephen-boyer-founder-cto-bitsight.mp3]]|Podcast CSA|
|2019.06.4|CSA|[[Trust and Transparency - The continued challenges in the cloud - Guest: Jim Reavis|https://www.buzzsprout.com/303731/1236428-trust-and-transparency-the-continued-challenges-in-the-cloud-guest-jim-reavis]] → [[mp3|https://www.buzzsprout.com/303731/1236428-trust-and-transparency-the-continued-challenges-in-the-cloud-guest-jim-reavis.mp3]]|Podcast CSA|
|2019.06.18|CSA|[[The growing complexity around cybersecurity and evolving technology Guest: Dr. Ron Ross, NIST|https://www.buzzsprout.com/303731/1298485-the-growing-complexity-around-cybersecurity-and-evolving-technology-guest-dr-ron-ross-nist]] → [[mp3|https://www.buzzsprout.com/303731/1298485-the-growing-complexity-around-cybersecurity-and-evolving-technology-guest-dr-ron-ross-nist.mp3]]|Podcast CSA|
|2019.05.13|CSA|[[Pilot Episode - CVE Vulnerability, Information Sharing and applicability to CSA STAR|https://www.buzzsprout.com/303731/1128269-pilot-episode-cve-vulnerability-information-sharing-and-applicability-to-csa-star]] → [[mp3|https://www.buzzsprout.com/303731/1128269-pilot-episode-cve-vulnerability-information-sharing-and-applicability-to-csa-star.mp3]]|Podcast CSA|
<<tabs tAutoTab 'Publications Principales' '' 'Publications Principales' 'Par Groupes de Travail' '' 'Groupes de Travail' 'Par Catégories' '' 'Publications par Catégories' 'Par Dates' '' 'Publications par Dates' >><<tiddler .ReplaceTiddlerTitle with: "Publications de la Cloud Security Alliance">>
<<tiddler .ReplaceTiddlerTitle with: [[Publications par thèmes]]>><<tabs tPubl 'Cloud Controls Matrix' 'Cloud Controls Matrix' 'Publications - Cloud Controls Matrix' 'Blockchain' 'Blockchain' 'Publications - Blockchain' 'IoT' 'IoT' 'Publications - IoT' 'Santé' 'Santé' 'Publications - Santé' 'Menaces' 'Menaces' 'Publications - Menaces' 'Cryptographie' 'Cryptographie' 'Publications - Cryptographie' 'RGPD' 'RGPD' 'Publications - RGPD' 'Incidents' 'Incidents' 'Publications - Incidents' 'Panorama' 'Panorama de la Sécurité' 'Publications - Panorama' 'ERP' 'ERP' 'Publications - ERP' >>
<<forEachTiddler where 'tiddler.tags.containsAll(["_PublM"])' sortBy 'tiddler.title.toUpperCase()' descending write '" [["+tiddler.title.substr(0,7)+"]] \"view ["+tiddler.title+"]\" [["+tiddler.title+"]] "' begin '"<<tabs tAutoTab "' end '">"+">"' none '"//FINI//"'>>
!"Using Blockchain Technology to Secure the Internet of Things"
Publication du 13 février 2018
Lien : https://cloudsecurityalliance.org/download/using-blockchain-technology-to-secure-the-internet-of-things/
[img(150px,auto)[iCSA_/Using_BlockChain_Technology_to_Secure_the_Internet_of_Things.png][https://cloudsecurityalliance.org/download/a-day-without-safe-cryptography/]]
[img(25%,1px)[iCSF/BluePixel.gif]]
!"Blockchain/Distributed Ledger Working Group Glossary"
Publication du 15 décembre 2017
Lien : https://cloudsecurityalliance.org/download/blockchaindistributed-ledger-working-group-glossary/
[img(150px,auto)[iCSA_/blockchain-distributed-ledger-glossary.png][https://cloudsecurityalliance.org/download/blockchaindistributed-ledger-working-group-glossary/]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Blockchain]]>>
Publications de la [[Cloud Security Alliance]] qui concernent la [[Cloud Controls Matrix]].
[img(50%,1px)[iCSF/BluePixel.gif]]<<tiddler fAll2LiTabs13end with: CCM","Publ>><<tiddler .ReplaceTiddlerTitle with: [[Publications - Cloud Controls Matrix (CCM)]]>>
Publications de la [[Cloud Security Alliance]] qui concernent la [[Cryptographie]].
<<tiddler Cryptographie>><<tiddler .ReplaceTiddlerTitle with: [[Publications - Cryptographie]]>>
Les publications de la [[Cloud Security Alliance]] qui concernent les [[ERP]].
[img(50%,1px)[iCSF/BluePixel.gif]]<<tiddler fAll2LiTabs13end with: ERP","Publ>><<tiddler .ReplaceTiddlerTitle with: [[Publications - ERP]]>>
Les publications de la [[Cloud Security Alliance]] qui concernent les [[Incidents]] et leur ''traitement''.
[img(50%,1px)[iCSF/BluePixel.gif]]<<tiddler fAll2LiTabs13end with: Incidents","Publ>>
<<tiddler .ReplaceTiddlerTitle with: [[Publications - Incidents de Sécurité]]>>
Les publications de la [[Cloud Security Alliance]] qui concernent l'[[IoT]].
[img(50%,1px)[iCSF/BluePixel.gif]]<<tiddler fAll2LiTabs13end with: IoT","Publ>><<tiddler .ReplaceTiddlerTitle with: [[Publications - Internet des Objets et Objects Connectés]]>>
Publications de la [[Cloud Security Alliance]] qui concernent le domaine médical et de la santé.
[img(50%,1px)[iCSF/BluePixel.gif]]<<tiddler fAll2LiTabs13end with: Medical","Publ>><<tiddler .ReplaceTiddlerTitle with: [[Publications - Médical et Santé]]>>
Les publications de la [[Cloud Security Alliance]] qui concernent les [[Menaces]].
[img(50%,1px)[iCSF/BluePixel.gif]]<<tiddler fAll2LiTabs13end with: Threats","Publ>><<tiddler .ReplaceTiddlerTitle with: [[Publications - Menaces]]>>
Les publications de la [[Cloud Security Alliance]] qui dressent un [[Panorama]] ou un bilan de la sécurité du Cloud Computing.
[img(50%,1px)[iCSF/BluePixel.gif]]<<tiddler fAll2LiTabs13end with: Pano","Publ>><<tiddler .ReplaceTiddlerTitle with: [[Publications - Panorama]]>>
!"GDPR Preparation and Awareness Survey Report"
Publication du 17 avril 2018
Lien : https://cloudsecurityalliance.org/download/gdpr-preparation-and-awareness-survey-report/
[img(150px,auto)[iCSA_/GDPR_Prep-232x300.png][https://cloudsecurityalliance.org/download/gdpr-preparation-and-awareness-survey-report/]]
<<tiddler .ReplaceTiddlerTitle with: [[Publications - RGPD]]>>
!"State of Cloud Security Report" 2018
|!16 avril 2018 |!Lien : https://cloudsecurityalliance.org/download/state-of-cloud-report/ |
|[img(150px,auto)[iCSA_/State_of_Cloud-2018.png][https://cloudsecurityalliance.org/download/state-of-cloud-report/]]|<<tiddler [[2018.04.16 - State of Cloud Security Report 2018]]>>|
!"State of Cloud Security Report" 2016
|!27 février 2016 |!Lien : https://cloudsecurityalliance.org/download/state-of-cloud-security-2016 |
|[img(150px,auto)[iCSA_/CSA-StateCloud2016.jpg][https://cloudsecurityalliance.org/download/state-of-cloud-security-2016/]]|<<tiddler [[2016.02.27 - State of Cloud Security Report 2016]]>>|
/%
downloads.cloudsecurityalliance.org__assets__board__CSA-GEAB-State-of-Cloud-Security-2016.pdf
%/<<tiddler .ReplaceTiddlerTitle with: [[Publications - Situation]]>>
Les différents groupes de travail ''actifs'' de la [[Cloud Security Alliance]] sont :{{ss2col{
* [[Application Containers and Microservices|https://cloudsecurityalliance.org/research/working-groups/containerization/]] • [[Artificial Intelligence|https://cloudsecurityalliance.org/research/working-groups/artificial-intelligence-ai/]] •
* [[Blockchain/Distributed Ledger|https://cloudsecurityalliance.org/research/working-groups/blockchain/]] •
* [[CloudCISC|https://cloudsecurityalliance.org/research/working-groups/cloudcisc/]] • [[Cloud Component Specifications|https://cloudsecurityalliance.org/research/working-groups/cloud-component-specifications/]] • ''[[Cloud Controls Matrix|https://cloudsecurityalliance.org/research/working-groups/cloud-controls-matrix/]]'' • ''[[Cloud Incident Response|https://cloudsecurityalliance.org/research/working-groups/cloud-incident-response/]]'' • [[Cloud Key Management|https://cloudsecurityalliance.org/research/working-groups/cloud-key-management/]] • [[Cloud Security Services Management|https://cloudsecurityalliance.org/research/working-groups/cloud-security-services-management/]] • [[Consensus Assessments|https://cloudsecurityalliance.org/research/working-groups/consensus-assessments/]] •
* [[DevSecOps|https://cloudsecurityalliance.org/research/working-groups/devsecops/]] • [[Enterprise Architecture|https://cloudsecurityalliance.org/research/working-groups/enterprise-architecture/]] • [[Enterprise Resource Planning|https://cloudsecurityalliance.org/research/working-groups/enterprise-resource-planning/]] •
* [[Financial Services Stakeholder Platform|https://cloudsecurityalliance.org/research/working-groups/financial-services-stakeholder-platform/]] •
* [[Health Information Management|https://cloudsecurityalliance.org/research/working-groups/health-information-management/]] • [[High Performance Computing|https://cloudsecurityalliance.org/research/working-groups/high-performance-computing-cloud-security/]] • [[Hybrid Cloud Security|https://cloudsecurityalliance.org/research/working-groups/hybrid-cloud-security/]] •
* [[Industrial Control Systems|https://cloudsecurityalliance.org/research/working-groups/industrial-control-systems-ics-security/]] • [[Internet of Things|https://cloudsecurityalliance.org/research/working-groups/internet-of-things/]] •
* [[Mobile Application Security Testing|https://cloudsecurityalliance.org/research/working-groups/mobile-application-security-testing-mast/]] •
* [[Open API|https://cloudsecurityalliance.org/research/working-groups/open-api/]] • [[Open Certification Framework|https://cloudsecurityalliance.org/research/working-groups/open-certification/]] •
* [[Privacy Level Agreement|https://cloudsecurityalliance.org/research/working-groups/privacy-level-agreement/]] •
* [[Quantum-safe Security|https://cloudsecurityalliance.org/research/working-groups/quantum-safe-security/]] •
* [[SaaS Governance|https://cloudsecurityalliance.org/research/working-groups/saas-governance/]] • [[Security as a Service|https://cloudsecurityalliance.org/research/working-groups/security-as-a-service/]] • [[Security Guidance|https://cloudsecurityalliance.org/research/working-groups/security-guidance/]] • [[Serverless|https://cloudsecurityalliance.org/research/working-groups/serverless/]] • [[Software Defined Perimeter|https://cloudsecurityalliance.org/research/working-groups/software-defined-perimeter/]] •
* ''[[Top Threats|https://cloudsecurityalliance.org/research/working-groups/top-threats/]]'' •
}}}
D'autres groupes de travail sont actuellement devenus ''inactifs'' : {{ss2col{
* Anti-bot • Big Data •
* CloudAudit • ''CloudCERT'' • Cloud Data Center Security • Cloud Data Governance • CloudTrust • CloudTrust Protocol • Cloud Vulnerabilities •
* ''Incident Management and Forensics'' • Innovation •
* Legal • Mobile • Service Level Agreement • Small Business •
* Telecom • Virtualization
[img[iCSA_/WG-CCM.jpg]]
La ''Cloud Controls Matrix'' ([[CCM]]) de la [[Cloud Security Alliance]] est spécialement conçue pour décliner les principes fondamentaux de sécurité afin de guider les fournisseurs d'énergie cloud et d'aider les clients potentiels à évaluer le risque global de sécurité de ces fournisseurs.
La [[CCM]] de la CSA fournit un cadre de contrôle qui permet une meilleure compréhension des concepts et des principes de sécurité qui sont alignés en 13 domaines sur les directives de la [[Cloud Security Alliance]].
Les fondements de la [[CCM]] reposent sur sa relation avec d'autres normes, règlements et cadres de contrôle de sécurité acceptés par l'industrie, tels que ISO 27001/27002, ISACA COBIT, PCI, NIST, Jericho Forum et NERC CIP. Elle permet ainsi de fournir une orientation de contrôle interne pour les attestations de rapports de contrôle.
En tant que cadre, la ''Cloud Controls Matrix'' fournit la structure, les détails et la clarté nécessaires en matière de sécurité de l'information adaptée à l'industrie du Cloud Computing.
La [[CCM]] :
* met particulèrement l'accent sur les exigences de contrôle de la sécurité de l'information,
* réduit et identifie les menaces et les vulnérabilités liées au Cloud Computing,
* fournit une sécurité normalisée et une gestion du risque opérationnel,
* cherche à normaliser les attentes en matière de sécurité, la taxonomie et la terminologie du Cloud Computing, et les mesures de sécurité mises en œuvre.
__Liens :__
* Sur ce site, les différents articles et liens vers les publications+++*[»]
<<tiddler CCM>>===
* La page du groupe de travail ''Cloud Controls Matrix'' : https://cloudsecurityalliance.org/group/cloud-controls-matrix/
* La page de téléchargement de la ''Cloud Controls Matrix'' : https://cloudsecurityalliance.org/group/cloud-controls-matrix/#_downloads
* Le lien direct vers la version 3.0.1 de la ''Cloud Controls Matrix'' publiée le 03.10.2017 : [[CSA_CCM_v.3.0.1-09-01-2017_FINAL.xlsx|https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/]]
* Le lien direct vers la matrice inversée de la version 3.0.1 de la ''Cloud Controls Matrix'' publiée le 26.06.2018 : [[CSA_CCM_v.3.0.1-09-01-2017_FINAL.xlsx|https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/]]
* Le lien direct ver le document sur la méthodologie pour les équivalences de la ''Cloud Controls Matrix'' publiée le 9 juillet 2018 : [[Methodology for the Mapping of the Cloud Controls Matrix|https://cloudsecurityalliance.org/download/ccm-mapping-methodology/]]
[>img(160px,auto)[iCSA_/CSA-IMF.png]]
Le groupe de travail ''Incident Management and Forensics'' a produit 3 documents.
Références :
* https://cloudsecurityalliance.org/working-groups/incident-management-and-forensics/
* https://cloudsecurityalliance.org/group/incident-management-and-forensics/
[img(25%,1px)[iCSF/BluePixel.gif]]
<<tiddler fAll2LiTabs13end with: Forensics","Publ>>
[img(25%,1px)[iCSF/BluePixel.gif]]
[img(701px,auto)[iCSA_/guidance-v4-header.jpg]]
Le document "Guide de sécurité pour les domaines critiques de l'informatique dans le Cloud Computing" (//Security Guidance for Critical Areas of Focus in Cloud Computing//) de la [[Cloud Security Alliance]] en est à quatrième version. Il a été conçu sur les versions précédentes (v1 et v2 en 2009, v3 en 2011), des actions de recherche spécifiques, la participation des membres de le Cloud Securitty Alliance, des groupes de travail et des experts de l'industrie au sein de notre communauté. Cette version intègre les avancées dans le Cloud, la sécurité et les technologies de support, réfléchit sur les pratiques réelles de sécurité dans le Cloud, intègre les derniers projets de recherche de la [[Cloud Security Alliance]] et offre des conseils pour les technologies connexes.
L'objectif de la quatrième version du guide ''Security Guidance for Critical Areas of Focus in Cloud Computing'' est à la fois de fournir des conseils et être source d'inspiration pour soutenir les objectifs métiers tout en gérant et en atténuant les risques associés à l'adoption de la technologie du Cloud Computing.
__Liens :__
* La page de présentation du document ''Security Guidance for Critical Areas of Focus in Cloud Computing''
** https://cloudsecurityalliance.org/group/security-guidance/
* La page de téléchargement du document ''Security Guidance for Critical Areas of Focus in Cloud Computing'' version 4 publié le 26.07.2017
** https://cloudsecurityalliance.org/download/security-guidance-v4/ (nécessite une inscription)
* Document "Security Guidance v4.0 ''Info Sheet''" du 26.07.''2017'' :
** https://cloudsecurityalliance.org/download/security-guidance-v4-info-sheet/
* Document "New Security Guidance for Early Adopters of the IoT" du 20.04.2015 :
** https://cloudsecurityalliance.org/download/new-security-guidance-for-early-adopters-of-the-iot/
* Document "Security Guidance for Critical Areas of Focus in Cloud Computing ''V3.0''" du 14.11.''2011'' :
** https://cloudsecurityalliance.org/download/security-guidance-for-critical-areas-of-focus-in-cloud-computing-v3/
* Document "Security Guidance for Critical Areas of Focus in Cloud Computing ''V2.0''" du 02.12.''2009'' :
** https://cloudsecurityalliance.org/download/security-guidance-for-critical-areas-of-focus-in-cloud-computing-v2-0/
* Document "Security Guidance for Critical Areas of Focus in Cloud Computing ''V1.0''" du 01.04.''2009'' :
** https://cloudsecurityalliance.org/download/security-guidance-for-critical-areas-of-focus-in-cloud-computing-v1-0/
[img(701px,auto)[iCSA_/moving-domains.jpg]]
[>img(160px,auto)[iCSA/TopThreats_logo.png]]
Le groupe de travail de la [[Cloud Security Alliance]] sur les principales menaces (''Top Threats'') a pour objet fournir la vision éclairée des experts des risques, des menaces et des vulnérabilités sur la sécurité dans le Cloud.
Il s'agit de permettre une bonne compréhension de cette problématique de sécurité afin de pouvoir prendre des décisions en toute connaissance de cause, en matière de gestion des risques et de stratégies d'adoption du Cloud Computing.
Le groupe de travail a déjà publié plusieurs documents de type "Top 10" en 2013, puis tous les ans depuis 2016.
Le dernier en date a été publié en août 2019 : "+++*[Top Threats to Cloud Computing: Egregious Eleven]> <<tiddler [[2019.08.06 - Publication : 'Top Threats to Cloud Computing: Egregious Eleven']]>>===".
<<tiddler fAll2Tabs7 with: _NewsM>>
Vous pouvez aussi consulter plusieurs autres sites de référence qui traitent de la sécurité du Cloud Computing. Vous en trouverez ci-dessous une liste ''non exhaustive''.
<<tabs tRef 'Agences Nationales de Sécurité' '' [[Ref-AgencesNat]] 'Organismes Officiels' '' [[Ref-OrgOff]] 'Prestataires Cloud' '' [[Ref-Prestataires]] 'Autres Entités' '' [[Ref-Autres]]'Bonnes Pratiques' '' [[Ref-BestP]] 'Ressources' '' [[Ref-Ressources]] 'Divers/Médias' '' [[Ref-Sources]] 'Sigles' '' [[Ref-Sigles]]>>[img(50%,1px)[iCSF/BluePixel.gif]]
[img(400px,4px)[iCSF/BluePixel.gif]]
<<tabs tRefRAN 'France' 'FR' [[Ref-ANSSI]] 'Royaume-Uni' 'UK' [[Ref-AgencNat-UK]] 'Etats-Unis' 'EU' [[Ref-AgencNat-US]] 'Australie' 'AU' [[Ref-AgencNat-AU]] 'Irlande' 'IE' [[Ref-AgencPriv-IE]] 'Canada' 'CA' [[Ref-AgencNat-CA]] 'Allemagne' 'DE' [[Ref-AgencNat-DE]]>>[img(50%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - Agences Nationales de Sécurité]]>>
!ANSSI : Agence Nationale de la Sécurité des Systèmes d'Information
[>img(auto,100px)[iCSF/ANSSI.gif]]L'ANSSI a publié en 3 étapes (mentionnées par ordre chronologique inverse ci-dessous) un référentiel d'exigences applicables aux prestataires de services d'informatique en nuage (''SecNumCloud'') :
# __22 juin 2018 : "//''SecNumCloud évolue et passe à l'heure du RGPD''//"__
** Les nouvelles exigences en matière de protection des données à caractère personnel, suite à l'entrée en vigueur du RGPD, sont maintenant intégrées dans le référentiel
** Lien vers l'annonce [[sur le site de l'ANSSI|https://www.ssi.gouv.fr/actualite/secnumcloud-evolue-et-passe-a-lheure-du-rgpd/]]
** Lien vers le référentiel "''Prestataires de services d'informatique en nuage (SecNumCloud) référentiel d'exigences''", version 3.1 [[sur le site de l'ANSSI|https://www.ssi.gouv.fr/uploads/2014/12/secnumcloud_referentiel_v3.1_anssi.pdf]]
# __12 décembre 2016 : "//''SecNumCloud — La nouvelle référence pour les prestataires d'informatique en nuage de confiance''//"__
** Le référentiel d'exigences évolue vers deux documents :
*** un référentiel d'exigences du niveau "''Essentiel''" (anciennement ''Secure Cloud'') publié en français et en anglais, en version 3.0 et qui est daté du 8 décembre 2016.
*** un référentiel d'exigences qui est censé être publié ultérieurement (sic) et contenant les exigences du niveau "''Avancé''" (anciennement ''Secure Cloud Plus'')
** Lien vers l'annonce [[sur le site de l'ANSSI|https://www.ssi.gouv.fr/actualite/secnumcloud-la-nouvelle-reference-pour-les-prestataires-dinformatique-en-nuage-de-confiance/]]
/%
Prestataires de service d'informatique en nuage en cours de qualification
https://www.ssi.gouv.fr/administration/qualifications/prestataires-de-services-de-confiance-qualifies/prestataires-de-service-dinformatique-en-nuage-secnumcloud/
CHEOPS TECHNOLOGY FRANCE
Prestations de Cloud et Services Managés France
Cloud Solutions
Wimi Entreprise (SaaS)
Plateforme de travail collaboratif (Partage et co-édition de documents, Gestion de projet, visioconférence, chat) France
CLOUD TEMPLE
Iaas - Secure Temple
Infrastructure cloud privée - Fourniture du réseau, de la puissance de calcul, de la mémoire et du stockage. France
IDNOMIC (Keynectis)
ID-PKI en mode SaaS France
OVH
Private Cloud France
WORLDLINE
Cloud By Worldline (IaaS)
Mise à disposition d'environnements virtuels (VM, stockage, réseaux) en mode public (infrastructure partagée) ou privé (infrastructure dédiée). France
référentiel version 3.0 : maintenant inaccessible - /uploads/2014/12/secnumcloud_referentiel_v3.0_niveau_essentiel.pdf /uploads/2014/12/secnumcloud_referentiel_synthese_niveau_essentiel.pdf
%/
# __en septembre 2014 : "//''Appel Public à Commentaires sur le Référentiel d'Exigences Applicables aux Prestataires de Services Sécurisés d'Informatique en Nuage''//".__
** Une première version du référentiel (version 1.3 datée du 30.07.2014) a été mise en ligne dans le cadre d'un appel public à commentaires. Les observations, commentaires et propositions devaient être transmis pour le 3 novembre 2014.
/% www.ssi.gouv.fr/actualite/appel-public-a-commentaires-sur-le-referentiel-dexigences-applicables-aux-prestataires-de-services-securises-dinformatique-en-nuage/ %/
[img(400px,4px)[iCSF/BluePixel.gif]]
La page de référence pour les "Prestataires de service d'informatique en nuage (SecNumCloud)" est accessible [[sur le site de l'ANSSI|https://www.ssi.gouv.fr/entreprise/qualifications/prestataires-de-services-de-confiance-qualifies/prestataires-de-service-dinformatique-en-nuage-secnumcloud/]].
Les "Prestataires de service d'informatique en nuage qualifiés" sont intégrés dans la "List des Produits et Services Qualifiés"
* → https://www.ssi.gouv.fr/liste-produits-et-services-qualifies (pdf)
En revanche, les "Prestataires de service d'informatique en nuage en cours de qualification" sont directement indiqués sur [[sur le site de l'ANSSI|https://www.ssi.gouv.fr/entreprise/qualifications/prestataires-de-services-de-confiance-qualifies/prestataires-de-service-dinformatique-en-nuage-secnumcloud/]].
[img(400px,4px)[iCSF/BluePixel.gif]]
[>img(100px,auto)[iCSF/BC3PFR.jpg]]L'ANSSI a aussi publié un ''document de référence'' en décembre 2010 à lire absolument.
Il est intitulé "''Maîtriser les Risques de L'Infogérance — Externalisation des systèmes d'information''".
* → https://www.ssi.gouv.fr/uploads/IMG/pdf/2010-12-03_Guide_externalisation.pdf (pdf)
[img(400px,4px)[iCSF/BluePixel.gif]]
/%
__Introduction__
Dans le domaine des systèmes d'information, le recours à l'externalisation est devenu une pratique courante qui présente un certain nombre d'avantages, mais aussi de risques qu'il convient d'évaluer avant de prendre cette décision.
Il convient à cet égard de ne pas opposer sécurité et externalisation. En effet, le recours à un prestataire peut permettre de pallier l'absence ou l'insuffisance de moyens internes, à condition que le prestataire s'engage sur la sécurité.
Les risques en matière de sécurité des systèmes d'information peuvent être liés au contexte de l'opération d'externalisation mais aussi à des spécifications contractuelles déficientes ou incomplètes.
Forte de ce constat, l'ANSSI a donc entrepris de rédiger un guide, poursuivant les objectifs suivants :
* faire prendre conscience aux décideurs informatiques des risques en matière de sécurité des systèmes d'information (SSI) liés à toute opération d'externalisation ;
* fournir une démarche cohérente de prise en compte des aspects SSI lors de la rédaction du cahier des charges d'une opération d'externalisation ;
* fournir un ensemble de clauses types ainsi qu'une base d'exigences de sécurité, à adapter et personnaliser en fonction du contexte particulier de chaque projet d'externalisation.
La démarche fournie dans ce guide vise à réduire les risques associés à une opération d'externalisation.
__Table des Matières__
* Introduction
* Avant-Propos
!La Démarche d'Externalisation
* Terminologie
* Typologie de l'Infogérance
!Les Risques Inhérents à l'Externalisation
* Risques Liés à la Perte de Maîtrise de son Système d'Information
* Risques Liés à la Sous-Traitance
* Risques Liés à la Localisation des Données
* Risques Liés aux Données à Caractère Personnel
* Risques Liés aux Choix Techniques du Prestataire
* Risques Liés aux Interventions à Distance
* Champ d'Application
* Risques Inhérents aux Interventions Distantes
* Recommandations
* Mise en Oeuvre d'Une Passerelle Sécurisée
* Risques Liés à l'Hébergement Mutualisé
* Champ d'Application
* Risques Inhérents à l'Hébergement Mutualisé
* Recommandations
* L'informatique en Nuage ou Nébuleuse
!Prise en Compte de la Sécurité Dans les Appels d'offres
* Apprécier les Risques et Déterminer les Objectifs de Sécurité
* Rédaction du Cahier des Charges
* Choix du Prestataire
!Le Plan d'Assurance Sécurité
* 1. Objet du Document
* 2. Documents de Référence
* 3. Description du Système Externalisé
* 4. Rappel des Exigences
* 5. Organisation
* 6. Responsabilités Liées au Pas
* 7. Procédure d'Évolution du Pas
* 8. Applicabilité du Pas
* 9. Mesures de Sécurité
* 10. Matrice de Couverture des Exigences de Sécurité
* 11. Documentation de Suivi
!Clauses de Sécurité
* Transfert du Système
* Responsabilité
* Obligations du Prestataire
* Comité de Suivi
* Confidentialité
* Localisation des Données
* Convention de Service
* Audits de Sécurité
* Application des Plans Gouvernementaux
* Sécurité des Développements Applicatifs
* Gestion des Évolutions
* Réversibilité
* Résiliation
!Annexes
* Annexe 1 : Clause de Confidentialité Type en Cas de Soustraitance
* Annexe 2 : Exigences de Sécurité Types
* Annexe 3 : Bonnes Pratiques Pour l'hebergement Mutualise
%/
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - ANSSI]]>>
[>img(200px,auto)[iCSF/UK-NCSC.png]]NCSC UK publie des guides, des bonnes pratiques et des recommandations depuis 2016 dont:
* Les 8 principes de l'analyse de risques+++*[»]>
# Know your business requirements
# Understand your information
# Determine relevant security principles
# Understand how the principles are implemented
# Understand the level of assurance offered
# Identify additional mitigations you can apply
# Consider residual risks
# Continue to monitor and manage the risks
===
* Les 14 Principes du IaaS+++*[»]>
# [[Data in transit protection|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-1-data-in-transit-protection]]
# [[Asset protection and resilience|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-2-asset-protection-and-resilience]]
# [[Separation between consumers|https://www.ncsc.gov.uk/collection/cloud-security/iaas/iaas-principle-3-separation-between-consumers]]
# [[Governance framework|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-4-governance-framework]]
# [[Operational security|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-5--operational-security]]
# [[Personnel security|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-6-personnel-security]]
# [[Secure development|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-7-secure-development]]
# [[Supply chain security|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-8-supply-chain-security]]
# [[Secure user management|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-9-secure-user-management]]
# [[Identity and authentication|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-10-identity-and-authentication]]
# [[External interface protection|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-11-external-interface-protection]]
# [[Secure service administration|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-12-secure-service-administration]]
# [[Audit information provision to users|https://www.ncsc.gov.uk/collection/cloud-security/iaas-principle-13-audit-information-provision-to-users]]
# Secure use of the service
===
[img(50%,1px)[iCSF/BluePixel.gif]]
__''Quelques liens pertinents''__
|2020.06.24|NCSC UK|[[Why cloud first is not a security problem|https://www.ncsc.gov.uk/blog-post/why-cloud-first-is-not-a-security-problem]]|Misc|
|2020.04.08|NCSC UK|[[Cloud backup options for mitigating the threat of ransomware|https://www.ncsc.gov.uk/blog-post/cloud-backup-options-for-mitigating-the-threat-of-ransomware]]|BackUps Ransomware|
|2020.04.08|NCSC UK|[[NCSC IT: There's confidence and then there's SaaS|https://www.ncsc.gov.uk/blog-post/ncsc-it-theres-confidence-and-then-theres-saas]]|SaaS|
|2019.12.17|Gov UK|![[Managing technical lock-in in the cloud|https://www.gov.uk/guidance/managing-technical-lock-in-in-the-cloud]]|Guidance|
|2019.08.20|NCSC UK|[[Cloud security made easier with Serverless|https://www.ncsc.gov.uk/blog-post/cloud-security-made-easier-with-serverless]]|Serverless|
|2019.08.13|NCSC UK|[[Offline backups in an online world|https://www.ncsc.gov.uk/blog-post/offline-backups-in-an-online-world]]|Backups|
|2019.06.06|NCSC UK|[[Applying the Cloud Security Principles in practice: a case study|https://www.ncsc.gov.uk/blog-post/applying-the-cloud-security-principles]]|Best_Practices|
|2019.05.29|NCSC UK|[[Building Web Check using PaaS|https://www.ncsc.gov.uk/blog-post/building-web-check-using-paas]]|Controls Best_Practices|
|2019.02.14|NCSC UK|[[Securing Office 365 with better configuration|https://www.ncsc.gov.uk/blog-post/securing-office-365-better-configuration]]|O365 Best_Practices|
|2019.01.21|NCSC UK|[[A number of holes leaking water in a bucket|https://www.ncsc.gov.uk/blog-post/theres-hole-my-bucket]]|AWS|
|2018.11.19|NCSC UK|[[Software as a Service (SaaS) security guidance|https://www.ncsc.gov.uk/collection/saas-security]]|SaaS|
|2018.11.19|NCSC UK|[[Understanding Software as a Service (SaaS) security|https://www.ncsc.gov.uk/collection/saas-security/understanding-saas-security]]|SaaS|
|2018.11.19|NCSC UK|[[SaaS security principles|https://www.ncsc.gov.uk/collection/saas-security/saas-security-principles]]|SaaS|
|2018.11.19|NCSC UK|[[Product evaluations|https://www.ncsc.gov.uk/collection/saas-security/product-evaluations]]
^^Basecamp, Confluence, G Suite, Jira, Mailchimp, Office 365, Slack, Smartsheet, Stride, Trello, Yammer, Zendesk security review^^|SaaS|
|2018.11.17|NCSC UK|[[Cloud security guidance|https://www.ncsc.gov.uk/collection/cloud-security]]|Guidance|
|2018.11.17|NCSC UK|[[Having confidence in cyber security|https://www.ncsc.gov.uk/collection/cloud-security/having-confidence-in-cyber-security]]|Guidance|
|2018.11.17|NCSC UK|[[Separation and cloud security|https://www.ncsc.gov.uk/collection/cloud-security/separation-and-cloud-security]]|Guidance|
|2018.11.17|NCSC UK|[[IaaS - Managing your responsibilities|https://www.ncsc.gov.uk/collection/cloud-security/iaas]]|Guidance IaaS|
|2018.11.17|NCSC UK|[[Implementing the Cloud Security Principles|https://www.ncsc.gov.uk/collection/cloud-security/implementing-the-cloud-security-principles]]|Guidance|
|2018.07.06|NCSC UK|[[My cloud isn't a castle|https://www.ncsc.gov.uk/blog-post/my-cloud-isnt-castle]]|Misc|
|2018.06.11|NCSC UK|[[SaaS security - surely it's simple?|https://www.ncsc.gov.uk/blog-post/saas-security-surely-its-simple]]|Misc|
|2018.01.08|NCSC UK|[[NCSC IT: how the NCSC chose its cloud services|https://www.ncsc.gov.uk/blog-post/ncsc-it-how-ncsc-chose-its-cloud-services]]|Misc|
|2017.12.01|NCSC UK|[[Managing supply chain risk in cloud-enabled products|https://www.ncsc.gov.uk/blog-post/managing-supply-chain-risk-cloud-enabled-products]]|Misc|
|2017.11.30|NCSC UK|[[Managing the risk of cloud-enabled products|https://www.ncsc.gov.uk/guidance/managing-risk-cloud-enabled-products]]|Misc|
|2017.10.23|NCSC UK|[[Cloudy with a chance of transparency|https://www.ncsc.gov.uk/blog-post/cloudy-chance-transparency]]|Misc|
|2017.10.11|NCSC UK|[[Backing up your data|https://www.ncsc.gov.uk/guidance/backing-your-data]]|BackUps|
|2017.09.26|NCSC UK|[[Brightening the outlook for security in the cloud|https://www.ncsc.gov.uk/blog-post/brightening-outlook-security-cloud]]|Misc|
|2017.03.28|NCSC UK|[[NCSC IT: Networking in the cloud|https://www.ncsc.gov.uk/blog-post/ncsc-it-networking-cloud]]|Misc|
|2017.02.16|NCSC UK|[[NCSC IT: How the NCSC built its own IT system|https://www.ncsc.gov.uk/blog-post/ncsc-it-how-ncsc-built-its-own-it-system-0]]|Misc|
|2017.02.08|NCSC UK|[[Debunking cloud security myths|https://www.ncsc.gov.uk/blog-post/debunking-cloud-security-myths]]|Misc|
|2016.08.17|NCSC UK|[[Separation and cloud security|https://www.ncsc.gov.uk/guidance/separation-and-cloud-security]]||
[img(50%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - NCSC(UK)]]>>
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
Plusieurs portails sont à consulter : NSA, CIO.gov, Cloud.gov, DoD ([[Cyber Exchange|https://public.cyber.mil/devsecops/]]), DISA,
|2020.01.22|NSA|Mitigating Cloud Vulnerabilities|[[PDF|https://media.defense.gov/2020/Jan/22/2002237484/-1/-1/0/CSI-MITIGATING-CLOUD-VULNERABILITIES_20200121.PDF]]|
|2019.12.27|Cloud.Gov|Security Incident Response Guide|[[HTML|https://cloud.gov/docs/ops/security-ir/]]|
|2019.12.27|Cloud.Gov|Security Incident Response checklist|[[HTML|https://cloud.gov/docs/ops/security-ir-checklist/]]|
|2019.07.16|NSA|Cloud Security Basics|[[PDF|https://media.defense.gov/2019/Jul/16/2002158059/-1/-1/0/CSI-CLOUD-SECURITY-BASICS.PDF]]|Guidance|
|2019.06.26|Cio.Gov|Federal Cloud Computing Strategy - From Cloud First to Cloud Smart|[[HTML|https://cloud.cio.gov/strategy/]]|
|2019.02.06|DoD|Best Practices Guide for DoD Cloud Mission Owners|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/unclass-best_practices_guide_for_dod_cloud_mission_owners_FINAL.pdf]]|
|2019.02.04|DoD|Cloud Computing SRG - Version 1, Release 1 04 Feb 2019|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/u-cloud_computing_srg_v1r1_final.pdf]]|
|2019.02.04|DoD|Cloud Computing SRG - Version 1, Release 2 04 Feb 2019|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/Cloud_Computing_SRG_v1r2.pdf]]|
|2019.02.04|DoD|Cloud Computing SRG Revision History - Version 1, Release 2|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/CC_SRG_v1r2_Revision_History.pdf]]|
|2019.03.20|DoD|Cloud Computing SRG v1r3|[[HTML|https://dl.cyber.mil/cloud/SRG/index.html]]|
|2019.02.04|~|~|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/Cloud_Computing_SRG_v1r3.pdf]]|
|2019.02.06|DoD|Cloud Related Baselines and EMASS Cloud Overlays Ver 1, Rel 1|[[XLSX|https://dl.dod.cyber.mil/wp-content/uploads/cloud/xls/cloud_related_baseline_and_emass_cloud_overlays_v1r1p.xlsx]]|
|2019.02.09|DoD|Cloud Service Providers in FedRAMP Process|[[HTML|https://www.fedramp.gov/marketplace/in-process-systems/]]|
|2019.02.04|DoD|Cloud SRG v1r3 Release Memo|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/U_Cloud_Computing_SRG_v1r3_Release_Memo.pdf]]|
|2018.11.21|DoD|Documentation Checklist|[[XLSX|https://dl.dod.cyber.mil/wp-content/uploads/cloud/xls/CSP-DoD-Security-Package-Documentation-Checklist-v1.0.xlsx]]|
|2019.03.12|DoD|CIO Cloud Day Closing Keynote|[[ZIP|https://dl.dod.cyber.mil/wp-content/uploads/cloud/zip/DoD_CIO_Cloud-Day_Closing_Keynote.zip]]|
|2019.03.12|DoD|CIO Cloud Day Cloud Open Mic|[[ZIP|https://dl.dod.cyber.mil/wp-content/uploads/cloud/zip/DoD_CIO_Cloud-Day_Closing_Keynote.zip]]|
|2019.03.12|DoD|CIO Cloud Day Cloud Sec Deep Dive|[[ZIP|https://dl.dod.cyber.mil/wp-content/uploads/cloud/zip/DoD_CIO_Cloud_Day_Cloud_Sec_Deep_Dive.zip]]|
|2019.03.12|DoD|CIO Cloud Day Cloud Security Requirements|[[ZIP|https://dl.dod.cyber.mil/wp-content/uploads/cloud/zip/DoD_CIO_Cloud_Day_Cloud_Security_Requirements.zip]]|
|2019.03.12|DoD|CIO Cloud Day Featured Keynote Speaker|[[ZIP|https://dl.dod.cyber.mil/wp-content/uploads/cloud/zip/DoD_CIO_Cloud_Day_Featured_Keynote_Speaker.zip]]|
|2019.03.12|DoD|CIO Cloud Day Fireside Chat|[[ZIP|https://dl.dod.cyber.mil/wp-content/uploads/cloud/zip/DoD_CIO_Cloud_Day_Fireside_Chat.zip]]|
|2019.03.12|DoD|CIO Cloud Day Mr. Halvorsen Opening Keynote|[[ZIP|https://dl.dod.cyber.mil/wp-content/uploads/cloud/zip/DoD_CIO_Cloud_Day_Mr_Halvorsen_Opening_Keynote.zip]]|
|2019.03.12|DoD|CIO Cloud Memo|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/commercial_cloud_computing_services.pdf]]|
|2019.02.05|DoD|DoD Cloud Cyberspace Protection Guide|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/DOD_Cloud_Cyberspace_Protection_Guide-19DEC2017.pdf]]|
|2019.03.12|DoD|DoD Cloud Way Forward|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/dodciomemo_w-attachment_cloudwayforwardreport-20141106.pdf]]|
|2019.02.05|DoD|DoD Cybersecurity Activities Performed for Cloud Service Memo|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/DoD-CIO-Memo-CS-Activities-Perf-for-Cloud-Serv-Activ-Offerings.pdf]]|
|2014.03.20|DoD|DoD Enterprise Cloud Service Broker Cloud Security Model Version 2.1|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/cloudsecuritymodel_v2-1_20140320.pdf]]|
|2018.11.21|DoD|DoD RAR template|[[DOC|https://dl.dod.cyber.mil/wp-content/uploads/cloud/doc/DoD_RAR_template_DRAFT_%28002%29.doc]]|
|2019.03.09|Cio.Gov|FedRAMP Home Page|[[HTML|http://cloud.cio.gov/fedramp]]|
|2018.11.21|DoD|Level 4 SRGv1r2 SSP Addendum v1.0|[[DOC|https://dl.dod.cyber.mil/wp-content/uploads/cloud/doc/Level_4_SRGv1r2_SSP_Addendum_v1.0.doc]]|
|2018.11.21|DoD|Level 5 SRGv1r2 SSP Addendum v1.0|[[DOC|https://dl.dod.cyber.mil/wp-content/uploads/cloud/doc/Level_5_SRGv1r2_SSP_Addendum_v1.0.doc]]|
|2018.11.21|DoD|Secure Cloud Computing Architecture (SCCA) Functional Requirements (FR) v2-9|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/SCCA_FRD_v2-9.pdf]]|
|2018.11.21|DoD|SSP template - CSM Level 2 IaaS, PaaS|[[DOCX|https://dl.dod.cyber.mil/wp-content/uploads/cloud/doc/U_CSM_level_2_laas_paas_template.docx]]|
|2018.11.21|DoD|SSP template - CSM Level 2 SaaS|[[DOCX|https://dl.dod.cyber.mil/wp-content/uploads/cloud/doc/U_CSM_level_2_saas_template.docx]]|
|2018.11.21|DoD|SSP template - CSM Level 4 IaaS|[[DOCX|https://dl.dod.cyber.mil/wp-content/uploads/cloud/doc/U_CSM_level_4_iaas_template.docx]]|
|2018.11.21|DoD|SSP template - CSM Level 4 SaaS|[[DOCX|https://dl.dod.cyber.mil/wp-content/uploads/cloud/doc/U_CSM_level_4_saas_template.docx]]|
|2018.11.21|DoD|SSP template - CSM Level 5 IaaS|[[DOCX|https://dl.dod.cyber.mil/wp-content/uploads/cloud/doc/U_CSM_level_5_iaas_ssptemplate.docx]]|
|2018.11.21|DoD|SSP template - CSM Level 5 SaaS|[[DOCX|https://dl.dod.cyber.mil/wp-content/uploads/cloud/doc/U_CSM_level_5_SaaS_template.docx]]|
|2018.11.21|DoD|Cloud Connection Process Guide v2|[[PDF|https://dl.dod.cyber.mil/wp-content/uploads/cloud/pdf/Cloud_CCPG_v2_2017_0310.pdf]]|
|2018.02.28|DHS/US CERT|Cloud Security Guidance|[[PDF|https://www.us-cert.gov/sites/default/files/publications/Cloud_Security_Guidance-.gov_Cloud_Security_Baseline.pdf]]Guidance|
/% RealURL=https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-cloud-security-basics.pdf?v=1 %/
[img(50%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - DHS / DoD / NSA / Cio.gov (US)]]>>
[>img(auto,80px)[iCSF/ASD+ACSC.png]]Le portail australien de l'ACSC (Australian Cyber Security Center) est :
→ https://www.cyber.gov.au/advice/cloud-computing-security
Ci-dessous, une liste de documents pertinents, avec leurs différentes versions, classés par date de publication.
Un article sur ce site donne plus de détails sur les publications de mise à jour de ''fin juilet 2020''. Voir +++*[ici »]> <<tiddler [[2020.08.03 - Actu : Mise à jour du corpus documentaire Cloud de l'Agence Australienne de CyberSecurité]]>> ===
|>|>|>||>|>| !Format |
|!Publication|!Source|!Titre|!Page|!PDF|!DOCX|!XLSX|
|2020.07.27|ACSC (AU)|Anatomy of a Cloud Assessment and Authorisation|[[HTML|https://www.cyber.gov.au/node/2735]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-07/Anatomy%20of%20a%20Cloud%20Assessment%20and%20Authorisation%20%28July%202020%29.pdf]]|[[DOCX|https://www.cyber.gov.au/sites/default/files/2020-07/Anatomy%20of%20a%20Cloud%20Assessment%20and%20Authorisation%20%28July%202020%29.docx]]|!|
|2020.07.27|ACSC (AU)|Cloud Computing Security Considerations|[[HTML|https://www.cyber.gov.au/acsc/view-all-content/publications/cloud-computing-security-considerations]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20Considerations%20%28July%202020%29.pdf]]|[[DOCX|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20Considerations%20%28July%202020%29.docx]]|!|
|2020.07.27|ACSC (AU)|Cloud Computing Security for Cloud Service Providers|[[HTML|https://www.cyber.gov.au/node/1315]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28July%202020%29.pdf]]|[[DOCX|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28July%202020%29.docx]]|!|
|2020.07.27|ACSC (AU)|Cloud Security Assessment Report Template|[[HTML|https://www.cyber.gov.au/node/2736]]|!|[[DOCX|https://www.cyber.gov.au/sites/default/files/2020-07/Cloud%20Security%20Assessment%20Report%20Template%20%28July%202020%29.docx]]|!|
|2020.07.27|ACSC (AU)|Cloud Computing Security for Tenants|[[HTML|https://www.cyber.gov.au/node/1316]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28July%202020%29.pdf]]|[[DOCX|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28July%202020%29.docx]]|!|
|2020.07.27|ACSC (AU)|Cloud Security Controls Matrix|[[HTML|https://www.cyber.gov.au/node/2737]]|!|!|[[XLSX|https://www.cyber.gov.au/sites/default/files/2020-08/Cloud%20Security%20Controls%20Matrix%20%28July%202020%29.xlsx]]|
|2020.07.27|ACSC (AU)|Cloud Assessment and Authorisation - Frequently Asked Questions|[[HTML|https://www.cyber.gov.au/node/2734]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-08/PROTECT%20-%20Cloud%20Assessment%20and%20Authorisation%20%E2%80%93%20Frequently%20Asked%20Questions%20%28July%202020%29.pdf]]|!|!|
|2020.04.30|ACSC (AU)|^^Cloud Computing Security Considerations (→ obsolète)^^|[[HTML|https://www.cyber.gov.au/publications/cloud-computing-security-considerations]]|[[PDF|https://www.cyber.gov.au/publications/cloud-computing-security-considerations]]|!|!|
|2020.02.28|ACSC (AU)|^^Cloud Computing Security for Cloud Service Providers (→ obsolète)^^|[[HTML|https://www.cyber.gov.au/publications/cloud-computing-security-for-cloud-service-providers]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-03/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28March%202020%29.pdf]]|!|!|
|2020.02.28|ACSC (AU)|^^Cloud Computing Security for Tenants (→ obsolète)^^|[[HTML|https://www.cyber.gov.au/publications/cloud-computing-security-for-tenants]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-03/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28March%202020%29.pdf]]|!|!|
|2020.01.30|ACSC (AU)|Hardening Microsoft Office 365 ProPlus, Office 2019 and Office 2016|[[HTML|https://www.cyber.gov.au/publications/hardening-microsoft-office-365-proplus-office-2019-and-office-2016]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2020-01/PROTECT%20-%20Hardening%20Microsoft%20Office%20365%20ProPlus%2C%20Office%202019%20and%20Office%202016%20%28January%202020%29_2.pdf]]|!|!|
|2019.06.27|cloud.gov.au|Incident response|[[HTML|https://docs.cloud.gov.au/support/incident_response/]]|!|!|!|
|2019.04.30|ACSC (AU)|Questions to ask Managed Service Providers|[[HTML|https://www.cyber.gov.au/publications/questions-to-ask-managed-service-providers]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2019-05/PROTECT%20-%20Questions%20to%20ask%20Managed%20Service%20Providers%20%28April%202019%29.pdf]]|!|!|
|2019.04.30|ACSC (AU)|^^Cloud Computing Security Considerations (→ obsolète)^^|[[HTML|https://www.cyber.gov.au/node/837]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2019-05/PROTECT%20-%20Cloud%20Computing%20Security%20Considerations%20%28April%202019%29_0.pdf]]|!|!|
|2019.04.30|ACSC (AU)|^^Cloud Computing Security Considerations (→ obsolète)^^|[[HTML|https://www.cyber.gov.au/publications/cloud-computing-security-considerations]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2019-05/PROTECT%20-%20Cloud%20Computing%20Security%20Considerations%20%28April%202019%29_0.pdf]]|!|!|
|2019.04.30|ACSC (AU)|^^Cloud Computing Security for Cloud Service Providers (→ obsolète)^^|[[HTML|https://www.cyber.gov.au/publications/cloud-computing-security-for-cloud-service-providers]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2019-05/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Cloud%20Service%20Providers%20%28April%202019%29.pdf]]|!|!|
|2019.04.30|ACSC (AU)|^^Cloud Computing Security for Tenants (→ obsolète)^^|[[HTML|https://www.cyber.gov.au/publications/cloud-computing-security-for-tenants]]|[[PDF|https://www.cyber.gov.au/sites/default/files/2019-05/PROTECT%20-%20Cloud%20Computing%20Security%20for%20Tenants%20%28April%202019%29.pdf]]|!|!|
|2018.07.01|ACSC (AU)|Cloud computing security|[[HTML|https://www.cyber.gov.au/advice/cloud-computing-security]]|!|!|!|
|2018.03.27|ACSC (AU)|Anatomy of a Cloud Certification|!|[[PDF|https://acsc.gov.au/publications/irap/IRAP_Anatomy_of_a_Cloud_Certification.pdf]]|!|!|
|2018.01|Digital Transformation Agency|Secure Cloud Strategy (Australia Strategy)|!|[[PDF|https://www.dta.gov.au/files/cloud-strategy/secure-cloud-strategy.pdf]]|!|!|
||ACSC (AU)|ASD Certified Cloud Services|[[HTML|https://acsc.gov.au/infosec/irap/certified_clouds.htm]]|!|!|!|
[img(50%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - ACSC / ASD / DTA (AU)]]>>
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
[>img(500px,auto)[iCSF/CyberGCCA.png]]Quelques éléments sont disponible sur le site du :
* "Centre canadien pour la cyber sécurité"+++^*[»] https://cyber.gc.ca/fr/ ===
* "Canadian Centre for Cyber Security"+++^*[»] https://cyber.gc.ca/en/ ===
|>|>|>| !Centre canadien pour la cyber sécurité / Canadian Centre for Cyber Security |
|2020.06.03|Guide sur l'évaluation et l'autorisation de la sécurité infonuagique (ITSP.50.105)|[[HTML|https://cyber.gc.ca/fr/orientation/guide-sur-levaluation-et-lautorisation-de-la-securite-infonuagique-itsp50105]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/ITSP.50.105-fr.pdf]]|
|2020.06.03|Guidance on Cloud Security Assessment and Authorization (ITSP.50.105)|[[HTML|https://cyber.gc.ca/en/guidance/guidance-cloud-security-assessment-and-authorization-itsp50105]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/ITSP.50.105-e.pdf]]|
|2020.06.03|Guide sur la défense en profondeur pour les services fondés sur l'infonuagique (ITSP.50.104)|[[HTML|https://cyber.gc.ca/fr/orientation/guide-sur-la-defense-en-profondeur-pour-les-services-fondes-sur-linfonuagique-itsp50104]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/ITSP.50.104-fra.pdf]]|
|2020.06.03|ITSP.50.104 Guidance on Defence in Depth for Cloud-Based Services|[[HTML|https://cyber.gc.ca/en/guidance/itsp50104-guidance-defence-depth-cloud-based-services]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/ITSP.50.104-e.pdf]]|
|2020.06.03|Guide sur le chiffrement des services infonuagiques (ITSP.50.106)|[[HTML|https://cyber.gc.ca/fr/orientation/guide-sur-le-chiffrement-des-services-infonuagiques-itsp50106]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/ITSP.50.106-fr.pdf]]|
|2020.06.03|Guidance on Cloud Service Cryptography (ITSP.50.106)|[[HTML|https://cyber.gc.ca/en/guidance/guidance-cloud-service-cryptography-itsp50106]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/ITSP.50.106-e.pdf]]|
|2020.02.18|Contrôles de cybersécurité de base pour les petites et moyennes organisations|[[HTML|https://cyber.gc.ca/fr/orientation/controles-de-cybersecurite-de-base-pour-les-petites-et-moyennes-organisations]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/Baseline.Controls.SMO1_.2-fr.pdf]]|
|2020.02.18|Baseline Cyber Security Controls for Small and Medium Organizations|[[HTML|https://cyber.gc.ca/en/guidance/baseline-cyber-security-controls-small-and-medium-organizations]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/Baseline.Controls.SMO1_.2-e%20.pdf]]|
|2019.03.08|Gestion des risques liés à la sécurité infonuagique (ITSM.50.062)|[[HTML|https://cyber.gc.ca/fr/orientation/gestion-des-risques-lies-la-securite-infonuagique-itsm50062]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/itsm.50.062-fra.pdf]]|
|2019.03.08|Cloud Security Risk Management (ITSM.50.062)|[[HTML|https://cyber.gc.ca/en/guidance/cloud-security-risk-management-itsm50062]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/itsm.50.062-eng.pdf]]|
|2018.08.15|Guide sur la catégorisation de la sécurité des services fondés sur l'infonuagique (ITSP.50.103)|[[HTML|https://cyber.gc.ca/fr/orientation/guide-sur-la-categorisation-de-la-securite-des-services-fondes-sur-linfonuagique]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/ITSP.50.103-fr_0.pdf]], Annexe [[A (XLSX)|https://cyber.gc.ca/sites/default/files/publications/Annex%20A%20CCCS%20LOW%20Cloud%20Profile%20Recommendations_fr.xlsx]], [[B (XLSX)|https://cyber.gc.ca/sites/default/files/publications/Annex%20B%20CCCS%20MEDIUM%20Cloud%20Profile%20Recommendations_fr.xlsx]]|
|2018.08.15|Guidance on the Security Categorization of Cloud-Based Services (ITSP.50.103)|[[HTML|https://cyber.gc.ca/en/guidance/guidance-security-categorization-cloud-based-services-itsp50103]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/ITSP.50.103-e_0.pdf]], Annex [[A (XLSX)|https://cyber.gc.ca/sites/default/files/publications/Annex%20A%20CCCS%20LOW%20Cloud%20Profile%20Recommendations_0.xlsx]], [[B (XLSX)|https://cyber.gc.ca/sites/default/files/publications/Annex%20B%20CCCS%20MEDIUM%20Cloud%20Profile%20Recommendations_0.xlsx]])|
|2018.08.15|Security Considerations for the Contracting of Public Cloud Computing Services (ITSB-105)|[[HTML|https://www.cyber.gc.ca/en/guidance/security-considerations-contracting-public-cloud-computing-services-itsb-105]]||
|2018.08.15|Cloud Service Provider Information Technology Security Assessment Process (ITSM.50.100)|[[HTML|https://cyber.gc.ca/en/guidance/cloud-service-provider-information-technology-security-assessment-process-itsm50100]]||
|2018.08.15|Avantages et risques liés à l'adoption des services fondés sur l'infonuagique par votre organisation (ITSE.50.060)|[[HTML|https://cyber.gc.ca/fr/orientation/avantages-et-risques-lies-ladoption-des-services-fondes-sur-linfonuagique-par-votre]]|[[PDF|https://cyber.gc.ca/sites/default/files/publications/ITSE.50.060-fr_0.pdf]]|
|2018.08.15|Benefits and Risks of Adopting Cloud-Based Services in Your Organization (ITSE.50.060)|[[HTML|https://www.cyber.gc.ca/en/guidance/benefits-and-risks-adopting-cloud-based-services-your-organization-itse50060]]||
|>|>|>|[img(50%,1px)[iCSF/BluePixel.gif]]|
|>|>|>| !Commissariat à la protection de la vie privée du Canada / Office of the Privacy Commissioner of Canada |
|2015.06.29|Évaluation des répercussions sur la protection de la vie privée de l'externalisation internationale des données du nuage|[[HTML|https://www.priv.gc.ca/fr/mesures-et-decisions-prises-par-le-commissariat/recherche/financement-pour-les-projets-de-recherche-et-d-application-des-connaissances/projets-menes-a-bien-dans-le-cadre-du-programme-des-contributions/2014-2015/p_201415_01/]]||
|2015.06.29|Assessing the Privacy Implications of Extra-National Outsourcing to the Cloud|[[HTML|https://www.priv.gc.ca/en/opc-actions-and-decisions/research/funding-for-privacy-research-and-knowledge-translation/completed-contributions-program-projects/2014-2015/p_201415_01/]]||
|2013|IXmaps : cartographie des risques liés au respect de la vie privée au Canada dans le nuage Internet|https://www.priv.gc.ca/fr/mesures-et-decisions-prises-par-le-commissariat/recherche/financement-pour-les-projets-de-recherche-et-d-application-des-connaissances/projets-menes-a-bien-dans-le-cadre-du-programme-des-contributions/2012-2013/p_201213_08/]]|[[Portail|https://www.ixmaps.ca/index.php]]|
|2013|IXmaps: Mapping Canadian Privacy Risks in the Internet Cloud|[[HTML|https://www.priv.gc.ca/en/opc-actions-and-decisions/research/funding-for-privacy-research-and-knowledge-translation/completed-contributions-program-projects/2012-2013/p_201213_08/]]|[[Portail|https://www.ixmaps.ca/index.php]]|
|2012.06|Cloud computing for small and medium-sized enterprises|[[HTML|https://www.priv.gc.ca/en/privacy-topics/technology/online-privacy-tracking-cookies/online-privacy/cloud-computing/gd_cc_201206/]]||
|2012.06|L'infonuagique pour les petites et moyennes entreprises|[[HTML|https://www.priv.gc.ca/fr/sujets-lies-a-la-protection-de-la-vie-privee/technologie/protection-de-la-vie-privee-en-ligne-surveillance-et-temoins/protection-de-la-vie-privee-en-ligne/infonuagique/gd_cc_201206/]]||
|2010.12.14|Un cadre autour des nuages : Défis contemporains en matière de protection des renseignements personnels|[[HTML|https://www.priv.gc.ca/fr/nouvelles-du-commissariat/allocutions/2010/sp-d_20101018_cb/]]||
|2010.12.14|A Framework Around the Cloud: Contemporary Challenges to Personal Information Protection|[[HTML|https://www.priv.gc.ca/en/opc-news/speeches/2010/sp-d_20101018_cb/]]||
|2010.03|Reaching for the Cloud(s): Privacy Issues related to Cloud Computing (archivé)|[HTML|https://www.priv.gc.ca/en/opc-actions-and-decisions/research/explore-privacy-research/2010/cc_201003/]]||PDF|https://www.priv.gc.ca/media/1723/cc_201003_e.pdf]]|
[img(50%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - CCCS (CA)]]>>
[>img(auto,80px)[iCSF/DE-BSI.png]][>img(auto,80px)[iCSF/DE-BSI-Cloud.jpg]]Le BSI (Office Fédéral pour la Sécurité de l'Information) publie aussi des documents sur la sécurité du Cloud, et a travaillé avec l'ANSSI pour une certification commune.
__''Quelques liens et documents pertinents''__
Page d'accueil "Cloud" du BSI → https://www.bsi.bund.de/EN/Topics/CloudComputing/CloudComputing_node.html
||[[New Release C5:2020|https://www.bsi.bund.de/EN/Topics/CloudComputing/Compliance_Criteria_Catalogue/C5_NewRelease/C5_NewRelease_node.html]]||HTML|
||[[Changes in comparison to the previous version|https://www.bsi.bund.de/EN/Topics/CloudComputing/Compliance_Criteria_Catalogue/C5_NewRelease/C5_Changes_node.html]]||HTML|
||[[Criteria Catalogue C5:2020|https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/ComplianceControlsCatalogue/2020/C5_2020.pdf]]||PDF|
||[[C5:2020 Criteria|https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/ComplianceControlsCatalogue/2020/C5_2020_editable.xlsx]]||XLSX|
|[img(100px,auto)[iCSF/DE-BSI-ComplianceControlsCatalog.jpg]]|[[Compliance Controls Catalogue (C5)|https://www.bsi.bund.de/EN/Topics/CloudComputing/Compliance_Controls_Catalogue/Compliance_Controls_Catalogue_node.html]]|[[Anforderungskatalog Cloud Computing (C5)|https://www.bsi.bund.de/DE/Themen/DigitaleGesellschaft/CloudComputing/Anforderungskatalog/Anforderungskatalog_Cloud_Computing.html]]|HTML|
|~|[[Cloud Computing Compliance Controls Catalogue (C5)|https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/CloudComputing/ComplianceControlsCatalogue-Cloud_Computing-C5.pdf?__blob=publicationFile&v=3]]|[[Anforderungskatalog Cloud Computing (C5)|https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Broschueren/Anforderungskatalog-Cloud_Computing-C5.pdf]]|PDF|
|~|[[Referencing Cloud Computing Compliance Controls Catalogue (C5) to International Standards|https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/ComplianceControlsCatalogue/Referencing_Cloud_Computing_Compliance_Controls_Catalogue.pdf?__blob=publicationFile&v=4]]|[[Referenzierung des Anforderungskatalogs Cloud Computing auf internationale Standards|https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/CloudComputing/Anforderungskatalog/Anforderungskatalog_Referenzierung.pdf]]|PDF|
|~|[[Mapping from BSI Cloud Computing Compliance Controls Catalogue (C5) to ISO/IEC 27017|https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/ComplianceControlsCatalogue/Mapping_BSI_C5_ISO_27017.pdf?__blob=publicationFile&v=3]]|[[Mapping des Anforderungskatalogs Cloud Computing auf ISO/IEC 27017|https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/CloudComputing/Anforderungskatalog/Anforderungskatalog_Mapping_ISO_27017.pdf]]|PDF|
|~|[[The Controls of the Cloud Computing Compliance Controls Catalogue (C5)|https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/ComplianceControlsCatalogue/ComplianceControlsCatalogue_tables_editable.xlsx?__blob=publicationFile&v=8]]|[[Die Anforderungsbereiche (Tabellen) des Anforderungskatalogs Cloud Computing (C5)|https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/CloudComputing/Anforderungskatalog/Anforderungskatalog_Tabellen_bearbeitbares_Format.xlsx]]|XLSX|
|~|[[Referencing Cloud Computing Compliance Controls Catalogue (C5) to International Standards|https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/CloudComputing/Anforderungskatalog/Anforderungskatalog_Referenzierung_bearbeitbares_Format.xls?__blob=publicationFile&v=3]]|[[Referenzierung des Anforderungskatalogs Cloud Computing (C5) auf internationale Standards|https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/CloudComputing/Anforderungskatalog/Anforderungskatalog_Referenzierung_bearbeitbares_Format.xls]]|XLS|
|[img(100px,auto)[iCSF/ESCloud_Label.jpg]]|>|[[European Secure Cloud (ESCloud) - Memorandum of Understanding|https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/ESCloud_Label/Memorandum_of_Understanding.pdf?__blob=publicationFile&v=4]]|PDF|
|~|>|[[European Secure Cloud (ESCloud) - Annex B|https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/ESCloud_Label/Annex_B_Core_Principles.pdf?__blob=publicationFile&v=3]]|PDF|
||[[Secure use of cloud services|https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/SecureUseOfCloudServices/SecureUseOfCloudServices.pdf?__blob=publicationFile&v=6]]|[[Sichere Nutzung von Cloud-Diensten|https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Broschueren/Sichere_Nutzung_Cloud_Dienste.pdf?__blob=publicationFile&v=11]]|PDF|
||[[Cloud Certification|https://www.bsi.bund.de/EN/Topics/CloudComputing/CloudCertification/CloudCertification_node.html]]|[[Cloud-Zertifizierung|https://www.bsi.bund.de/DE/Themen/DigitaleGesellschaft/CloudComputing/CloudZertifizierung/CloudZertifizierung_node.html]]|HTML|
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - BSI (DE)]]>>
<<tabs tRefOrgOff 'CNIL (FR)' 'FR' [[Ref-AgencPriv-FR]] 'IDPA (IE)' 'IE' [[Ref-AgencPriv-IE]] 'ENISA (EU)' 'EU' [[Ref-ENISA]] 'NIST (US)' 'US' [[Ref-NIST]] 'ISO' 'INT' [[Ref-ISO]] 'IETF' 'INT' [[Ref-IETF]] 'ITU' 'ONU' [[Ref-ITU]] >>[img(50%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - Organismes Officiels]]>>
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
!CNIL : Commission Nationale Informatique et Liberté
[>img(auto,50px)[iCSF/CNIL.png]]
|Cloud computing : les conseils de la CNIL pour les entreprises qui utilisent ces nouveaux services|[[HTML|https://www.cnil.fr/fr/cloud-computing-les-conseils-de-la-cnil-pour-les-entreprises-qui-utilisent-ces-nouveaux-services]]|
|• Cloud computing : CNIL's recommendations for companies using these new services|[[HTML|https://www.cnil.fr/fr/node/15476]]|
|Recommandations pour les entreprises qui envisagent de souscrire a des services de Cloud|[[PDF|https://www.cnil.fr/sites/default/files/typo/document/Recommandations_pour_les_entreprises_qui_envisagent_de_souscrire_a_des_services_de_Cloud.pdf]]|
|• Recommendations for companies planning to use Cloud computing services|[[PDF|https://www.cnil.fr/sites/default/files/typo/document/Recommendations_for_companies_planning_to_use_Cloud_computing_services.pdf]]|
|Synthese des reponses a la consultation publique sur le Cloud et analyse de la CNIL|[[PDF|https://www.cnil.fr/sites/default/files/typo/document/Synthese_des_reponses_a_la_consultation_publique_sur_le_Cloud_et_analyse_de_la_CNIL.pdf]]|
|• Summary of responses to the public consultation on Cloud computing|[[PDF|https://www.cnil.fr/sites/default/files/typo/document/Summary_of_responses_to_the_public_consultation_on_Cloud_computing.pdf]]|
|>|!|
|Sécurité : Gérer la sous-traitance|[[HTML|https://www.cnil.fr/fr/securite-gerer-la-sous-traitance]]|
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - CNIL (FR)]]>>
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
Quelques éléments sont disponible sur le site de la "Irish Data Protection Authority"+++*[»]> https://www.dataprotection.ie/ ===.
|2019|Guidance for Organisations Engaging Cloud Service Providers|[[HTML|https://www.dataprotection.ie/en/guidance-landing/guidance-organisations-engaging-cloud-service-providers]]|[[PDF|https://www.dataprotection.ie/sites/default/files/uploads/2019-11/Guidance%20for%20Engaging%20Cloud%20Service%20Providers_Nov19.pdf]]|
||>|>|+++*[»]> There are an increasing number of services offering 'cloud storage', allowing documents, photos, videos, and other files be uploaded to and stored on a remote server, to enable sharing or remote access, or to act as a backup copy. The use of any cloud services as part of their business is an important area in which organisations need to ensure there is adequate security for the personal data they process.
A data controller must remain in control of the personal data it collects when it subcontracts the processing to a cloud provider. A key element of control is to ensure the security of the data. Controllers (both clients and cloud service providers) also need to be transparent about the processing of personal data. Important for both control and security is the location of the data. A related issue is also the requirement for a written contract. This guidance is aimed at helping controllers ensure that they meet each of these obligations when utilising cloud services=== |
|2019|Securing Cloud-based Environments|[[HTML|https://www.dataprotection.ie/en/securing-cloud-based-environments]]||
|2019|Five Steps To Secure Cloud-based Environments|[[HTML|https://dataprotection.ie/en/guidance-landing/five-steps-secure-cloud-based-environments]]|[[PDF|https://www.dataprotection.ie/sites/default/files/uploads/2019-06/190606%20Five%20Steps%20to%20Secure%20Cloud-based%20Environments.pdf]]|
||>|>|+++*[»]> Cloud-based environments offer many advantages to organisations; however, they also introduce a number of technical security risks which organisations should be aware of, including data breaches, hijacking of accounts, and unauthorised access to personal data. Organisations should determine and implement a documented policy and apply the appropriate technical security and organisational measures to secure any cloud-based environments they utilise. The DPC has prepared guidance to assist organisations understand their obligations with regard to the security of personal data, and to mitigate their risks when utilising a cloud-based environment.=== |
[img(50%,1px)[iCSF/BluePixel.gif]]
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - IDPA (IE)]]>>
!ENISA : //European Union Agency for Network and Information Security//
<<tabs tENISA 'Présentation' 'Présentation' [[Ref-ENISA##Pres]] 'Cloud Computing Certification' 'Cloud Computing Certification - CCSL and CCSM' [[Ref-ENISA##CCSL+CCSM]]
'2018' '2018' [[Ref-ENISA##2018]]
'2017' '2017' [[Ref-ENISA##2017]]
'2016' '2016' [[Ref-ENISA##2016]]
'2015' '2015' [[Ref-ENISA##2015]]
'2014' '2014' [[Ref-ENISA##2014]]
'2013' '2013' [[Ref-ENISA##2013]]
'2012' '2012' [[Ref-ENISA##2012]]
'2011' '2011' [[Ref-ENISA##2011]]
'2009' '2009' [[Ref-ENISA##2009]]
>>
/%
!Pres
[>img(150px,auto)[iCSF/ENISA.png]]L'ENISA est l'''Agence européenne chargée de la sécurité des réseaux et de l'information'' (''European Network and Information Security Agency'').
Sa nouvelle dénomination est "'European Union Agency For Cybersecurity'", soit l'''Agence de l'Union Européenne de Cyber Sécurité''.
Sa création remonte au 13 mars 2004, et elle a démarré ses activités opérationnelles le 1er septembre 2015.
Elle a publié plusieurs documents pertinents sur la sécurité du Cloud mentionnés dans les onglets de cet article et classés par date de publication.
La page d'accueil pour accéder aux problématiques liées au domaine du Cloud est
* ⇒ https://www.enisa.europa.eu/topics/cloud-and-big-data/cloud-security
[>img(50px,auto)[iCSF/ENISA-CCBRRIS.png]]
Les tous premiers documents publiés par l'ENISA sur la sécurité du Cloud l'ont été le 20 novembre 2009, avec notamment le célèbre ''"Cloud Computing: Benefits, Risks and Recommendations for Information Security"'' dont la lecture est indispensable+++*[»]> <<tiddler [[Ref-ENISA##2009]]>> ===.
!CCSL+CCSM
__''"Cloud Computing Certification - CCSL and CCSM"''__
* Cadre de certification Cloud+++*[»]> //''What is a cloud certification scheme?''
Before buying a cloud service, customers want to know if the service is secure and reliable. But cloud computing services are complex and built up from many different ICT components (cables, large data centers, software, etc), so it is hard for individual customers to check all the technical details by themselves. Cloud providers have many customers (this is the main idea of cloud computing) so if all customers would check their security requirements separately, then this would mean double work. If each customer would want to do an on-site audit, for example, there would be long cues at the gates of data centers. Now, the idea of a certification scheme is to check one basic set of security requirements, once for all customers. In this way certification can simplify the procurement of cloud services by customers. Note that certification schemes do not replace the need for customers to do due-diligence when procuring, rather certification is a way to simplify this process.// ===
* ''CCSL - the Cloud Certification Schemes List''+++*[»]> //[>img(150px,auto)[iCSF/CloudCertSchemesList.jpg]]
CCSL - the Cloud Certification Schemes List - gives an overview of different existing certification schemes which could be relevant for cloud computing customers. CCSL also shows which are the main characteristics of each certification scheme. For example, CCSL answers questions like "which are the underlying standards?", "who issues the certifications", "is the cloud service provider audited?", "who audits?". CCSL provides links and references to each certification scheme for further reading.// ===
* ''CCSM - the Cloud Certification Schemes Metaframework''+++*[»]> //[>img(150px,auto)[iCSF/CloudCertSchemesMeta.jpg]]
CCSM - the Cloud Certification Schemes Metaframework - is an extension of CCSL. It is a meta-framework of cloud certification schemes. The goal of the meta-framework is to provide a neutral high-level mapping from the customer's Network and Information Security requirements to security objectives in existing cloud certification schemes, which facilitates the use of existing certification schemes during procurement// ===
*+++*[Outils »]> //To start using the tool, first select the "CCSM security objectives" which are relevant for you, then scroll down to see the matrix which maps to different certification schemes. Below the matrix you can print checklists and forms for use during procurement.//
⇒ https://resilience.enisa.europa.eu/cloud-computing-certification/list-of-cloud-certification-schemes/cloud-certification-schemes-metaframework ===
*+++*[Matrice »]
|CCSM security objectives | Certified Cloud Service - TÜV Rheinland | CSA Attestation - OCF Level 2 | CSA Certification - OCF Level 2 | CSA Self Assessment - OCF Level 1 | EuroCloud Self Assessment | EuroCloud Star Audit Certification | ISO/IEC 27001 Certification | Leet Security Rating Guide | Service Organization Control (SOC) 2 | Service Organization Control (SOC) 3 | Cloud Industry Forum Code of Practice |
|Information security policy | X | X | X | X | X | X | X | X | X | X | X |
|Risk management | X | X | X | X | X | X | | X | X | X | X |
|Security roles | X | X | X | X | X | X | X | X | X | X | X |
|Security in Supplier relationships | X | X | X | X | X | X | X | X | X | X | X |
|Background checks | X | X | X | X | | X | X | X | X | X | |
|Security knowledge and training | X | X | X | X | X | X | X | X | X | X | X |
|Personnel changes | X | X | X | X | | X | X | X | X | X | X |
|Physical and environmental security | X | X | X | X | X | X | X | X | X | X | X |
|Security of supporting utilities | X | X | X | X | | X | X | X | X | X | X |
|Access control to network and information systems | X | X | X | X | X | X | X | X | X | X | X |
|Integrity of network and information systems | X | X | X | X | X | X | X | X | X | X | X |
|Operating procedures | X | X | X | X | | X | X | X | X | X | X |
|Change management | X | X | X | X | | X | X | X | X | X | |
|Asset management | X | X | X | X | | X | X | X | X | X | |
|Security incident detection and response | X | X | X | X | X | X | X | X | X | X | |
|Security incident reporting | X | X | X | X | X | X | X | X | X | X | |
|Business continuity | X | X | X | X | X | X | X | X | X | X | X |
|Disaster recovery capabilities | X | X | X | X | X | X | X | X | X | X | X |
|Monitoring and logging policies | X | X | X | X | X | X | X | X | X | X | |
|System tests | X | X | X | X | X | X | X | X | X | X | |
|Security assessments | X | X | X | X | X | X | X | X | X | X | X |
|Checking compliance | X | X | X | X | X | X | X | X | X | X | X |
|Cloud data security | X | X | X | X | X | X | | X | X | X | X |
|Cloud interface security | X | X | X | X | X | X | | X | X | X | X |
|Cloud software security | X | X | X | X | X | X | X | X | X | X | X |
|Cloud interoperability and portability | X | X | X | X | X | X | | X | X | X | X |
|Cloud monitoring and log access | X | X | X | X | X | X | X | X | X | X | |
===
* Annonce → https://resilience.enisa.europa.eu/cloud-computing-certification
* Outils → https://resilience.enisa.europa.eu/cloud-computing-certification/list-of-cloud-certification-schemes/cloud-certification-schemes-metaframework
!2020
Aucun article pour le moment
[img(50%,1px)[iCSF/BluePixel.gif]]
!2019
Aucun article pour le moment
[img(50%,1px)[iCSF/BluePixel.gif]]
!2018
__2018.09.17 : "''Towards secure convergence of Cloud and IoT''"__
<<<
//ENISA publishes today a short paper aiming to identify and tackle the security challenges that the IoT ecosystem brings to Cloud and vice-versa.
In the last few years, we have witnessed a burst of Internet of Things (IoT) products and Cloud has evolved to accommodate the needs of IoT applications, providing many new features specific to aggregating, storing and processing data generated by IoT.
This work combines the existing knowledge of ENISA in IoT and Cloud security and presents an analysis of security challenges and potential security takeaways that vendors of IoT devices and Cloud Service Providers can consider. Among the security takeaways, end-to-end security and adoption of baseline security measures are the ones confirming the need for a holistic approach on security for the IoT ecosystem.
ENISA's work on Baseline security recommendations for IoT introduced an IoT high-level reference model, which encompasses key elements that promote a significant degree of interoperability across different assets, platforms and environments for IoT. The ENISA IoT high-level reference model formed the basis for this work to divide the challenges and takeaways in three main dimensions: analysis, connectivity and integration.
The paper includes also four attack scenarios, which highlight how these security challenges can be materialised, and concludes mapping the challenges to the security takeaways.//
<<<
* Annonce → https://www.enisa.europa.eu/news/enisa-news/towards-secure-convergence-of-cloud-and-iot
[img(50%,1px)[iCSF/BluePixel.gif]]
__2018.09.17 : "''Towards secure convergence of Cloud and IoT''"__
> //The aim of this work is to provide a high-level overview on the security issues to IoT developers and IoT integrators that make use of IoT Cloud Computing and Cloud service Providers (CSPs) of IoT Cloud offerings.//
* Annonce → https://www.enisa.europa.eu/publications/towards-secure-convergence-of-cloud-and-iot
* Document → https://www.enisa.europa.eu/publications/towards-secure-convergence-of-cloud-and-iot/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
!2017
__2017.02.10 : "''Security aspects of virtualization''"__
> //This report provides an analysis of the status of virtualization security. ENISA presents current efforts, emerging best practices and known security gaps, discussing the impact the latter have on environments based on virtualization technologies. The report provides a better understanding of the opportunities, challenges and limits of virtualized systems and will improve the effectiveness of future policies and regulations.//
* Annonce → https://www.enisa.europa.eu/publications/security-aspects-of-virtualization
* Document → https://www.enisa.europa.eu/publications/security-aspects-of-virtualization/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2017.02.07 : "''Privacy and Security in Personal Data Clouds''"__
> //The main objective of this study is to identify the different architectures and components of Personal Data Clouds (PDCs) and discuss their privacy and security challenges. Based on an empirical analysis of various applications that fall under, or are close to, the definition of PDCs, the study presents a "state of the art" analysis of the security and privacy features of PDCs.//
* Annonce ⇒ https://www.enisa.europa.eu/publications/privacy-and-security-in-personal-data-clouds
* Document → https://www.enisa.europa.eu/publications/privacy-and-security-in-personal-data-clouds/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
!2016
__2016.06.01 : "''Exploring Cloud Incidents''"__
<<<
//[>img(200px,auto)[iCSF/ENISA-ECI.png]]ENISA publishes a paper on "Exploring cloud incidents" introducing an analysis of the current approaches to conduct a post mortem analysis of an incident, occurring in a cloud environment.
ENISA identifies the multidimensional challenges of cloud forensic investigations by signifying the most common problems experts are facing when needed to investigate a cyber incident in cloud. The analysis and the recommendations are divided into three different axes: technical, legal and organisational.
The main objective of this paper is:
* To identify the main challenges of post analysis of cloud incidents,mainly in referce to technical, organisational and legal aspects.
* To produce an overview of the techniques, approaches and good practices for the analysis of incidents in the cloud, based on a desk research.
* To provide recommendations and suggestions - in particular related to SLAs, security measures, and policies - in order to make the post analysis activity more effective.
Furthermore, key recommendations are proposed to cloud providers, law enforcement agencies and forensic experts as a result of this analysis.//
<<<
* Annonce → https://www.enisa.europa.eu/news/enisa-news/exploring-cloud-incidents
[img(50%,1px)[iCSF/BluePixel.gif]]
__2016.06.01 : "''Exploring Cloud Incidents''"__[>img(150px,auto)[iCSF/G61EE.png]]
> //The use of cloud computing technologies is gaining increased popularity and quickly becoming the norm. At the same time, the cloud service providers (CSP) are not always able to keep up the pace with new technologies. This also affects forensic analysis of incidents in these systems. With this paper, ENISA aims to give an overview of the current status of the forensic analysis techniques and processes of cloud incidents.//
* Document → https://www.enisa.europa.eu/publications/exploring-cloud-incidents/at_download/fullReport
|ssTablN0|k
|!A noter que ce document a été conçu en 2014 et qu'il prenait donc en compte l'état des connaissances à cette date.|
|!Il n'a été publié que plus d'une année et demie plus tard, __sans aucune mise à jour__.|
|!Le lecteur doit bien avoir conscience que les évolutions sont rapides dans le domaine de l'analyse forensique et dans le traitement des incidnets dans le Cloud|
[img(50%,1px)[iCSF/BluePixel.gif]]
!2015
__2015.11.15 : "''Good Practice Guide for securely deploying Governmental Clouds''"__[>img(100px,auto)[iCSF/ENISA-GPGSDGC.png]]
> //In this report, ENISA identifies the Member States with operational government Cloud infrastructures and underlines the diversity of Cloud adoption in the public sector in Europe. Moreover through this document, ENISA aims to assist Member States in elaborating a national Cloud strategy implementation, to understand current barriers and suggest solutions to overcome those barriers, and to share the best practices paving the way for a common set of requirements for all Member States (MS)//
* Annonce → https://www.enisa.europa.eu/publications/good-practice-guide-for-securely-deploying-governmental-clouds
* Document → https://www.enisa.europa.eu/publications/good-practice-guide-for-securely-deploying-governmental-clouds/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2015.02.26 : "''The steps for 'Going Cloud' for Governments and Public Administration''"__
<<<
//ENISA's Security Framework for Governmental Clouds details a step-by-step guide for the Member States (MS) for the procurement and secure use of Cloud services.
This framework addresses the need for a common security framework when deploying Gov Clouds and builds on the conclusions of two previous ENISA studies. It is recommended to be part of the public administrations' toolbox when planning migration to the Cloud, and when assessing the deployed security controls and procedures.
The suggested framework is structured into four (4) phases, nine (9) security activities and fourteen (14) steps that details the set of actions Member States should follow to define and implement a secure Gov Cloud. In addition the model is empirically validated, through the analysis of four (4) Gov Cloud case studies - Estonia, Greece, Spain and UK - serving also as examples to Gov Cloud implementation.
The framework focuses on the following activities: risk profiling, architectural model, security and privacy requirements, security controls, implementation, deployment, accreditation, log/ monitoring, audit, change management and exit management.
//[...]//
In essence the framework serves as a pre-procurement guide and can be used throughout the entire lifecycle of cloud adoption. The next step by ENISA is to offer this framework as a tool.//
<<<
* Annonce ⇒ https://www.enisa.europa.eu/news/enisa-news/the-steps-for-going-cloud-for-governments-and-public-administration
[img(50%,1px)[iCSF/BluePixel.gif]]
__"''Security Framework for Govenmental Clouds''"__
* Lien ⇒ https://www.enisa.europa.eu/publications/security-framework-for-govenmental-clouds
* Annex A & B Case Studies and interviews ⇒ https://www.enisa.europa.eu/publications/security-framework-for-govenmental-clouds/annex-a-b-case-studies-and-interviews/at_download/file
* Annex C - Questionnaire templates ⇒ https://www.enisa.europa.eu/publications/security-framework-for-govenmental-clouds/annex-c-questionnaire-templates/at_download/file
[img(50%,1px)[iCSF/BluePixel.gif]]
__2015.04.10 : "''Cloud Security Guide for SMEs"''[>img(150px,auto)[iCSF/F4AEE.jpg]]
> //This guide wants to assist SMEs understand the security risks and opportunities they should take into account when procuring cloud services. This document includes a set of security risk, a set of security opportunities and a list of security questions the SME could pose to the provider to understand the level of security. The risks and opportunities are linked to the security questions so the end result is customised according to the user's needs and requirements. This information is supported by two example use cases and an annex that gives an overview of the data protection legislation applicable and the authorities involved in each country.//
* Annonce → https://www.enisa.europa.eu/publications/cloud-security-guide-for-smes
* Document → https://www.enisa.europa.eu/publications/cloud-security-guide-for-smes/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2015.02.26 : "''Security Framework for Governmental Clouds''"__[>img(200px,auto)[iCSF/F2QEE.jpg]]
> //ENISA after having analysed the present state of play of governmental Cloud deployment in 2013 report, presents a guide on the steps public administration has to take to deploy cloud computing. This report gives guidance on the process from pre-procurement till finalisation and exit from a cloud contract, explaining which are the steps to take when focusing on security and privacy. It offers example approaches, based on four already deployed governmental cloud models in a national level namely: Estonia, Greece, Spain and United Kingdom. As this report is not only a guide but also a tool, in the Annex the reader will find the actual questionnaire template to use.//
* Annonce → https://www.enisa.europa.eu/publications/security-framework-for-governmental-clouds
* Document → https://www.enisa.europa.eu/publications/security-framework-for-governmental-clouds/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2015.01.29 : "''ENISA Cloud Certification Schemes Metaframework''"__[>img(200px,auto)[iCSF/F1TEU.jpg]]
<<<//ENISA publishes a meta-framework and an online tool to help customers with cloud security when buying cloud services.
ENISA launches CCSM, the "Cloud Certification Schemes Metaframework". CCSM is a metaframework, which maps detailed security requirements used in the public sector to describe security objectives in existing cloud certification schemes. The goal of CCSM is to provide more transparency about certification schemes and to help customers with procurement of cloud computing services.
This first version of CCSM is restricted to network and information security requirements. It is based on 29 documents with NIS requirements from 11 countries (United Kingdom, Italy, Netherlands, Spain, Sweden, Germany, Finland, Austria, Slovakia, Greece, Denmark). It covers 27 security objectives, and maps these to 5 cloud certification schemes.
//[...]//
This version of CCSM has been implemented as an online tool+++*[»]>
https://resilience.enisa.europa.eu/cloud-computing-certification ===. The tool maps different certification schemes to a single list of security objectives. The tool allows customers to choose the security objectives most relevant to them, and
* generate a matrix mapping to different cloud certification schemes, and/or
* generate procurement checklists or questionaires as printouts or spreadsheets.
Next steps for CCSM might be to include NIS requirements from other countries and to extend the scope of CCSM to include also NIS requirements specific for personal data protection.//
<<<
* Annonce → https://www.enisa.europa.eu/news/enisa-news/enisa-cloud-certification-schemes-metaframework
* Document →
** __Lien :__ https://www.enisa.europa.eu/media/press-releases/enisa-cloud-certification-schemes-metaframework
[img(50%,1px)[iCSF/BluePixel.gif]]
!2014
__2014.12.18 : "''New Schemes on the Cloud Certification List''"__
<<<
//ENISA has been working throughout 2014 together with the European Commission and industry actors, on an action under the EU Cloud Strategy to make a list of voluntary certification schemes relevant for cloud computing.
The cloud certification list, called CCSL, gives an overview of relevant certification schemes and provides answers to frequently asked questions like: What is the underlying standard? How does a provider get certified? Who audits the security? How many providers are certified?
CCSL was first launched in April with just five certification schemes. The last months ENISA worked with industry to add more schemes and to extend the information on the list. Now the list has 12 individual schemes, including some self-assessment schemes and some schemes commonly used overseas, like PCI DSS and AICPA SOC.
//[...]//
In the coming weeks ENISA will also publish a framework to map from customer requirements to the security objectives in existing certification schemes. The Cloud Certification Schemes Metaframework (CCSM) will be launched in January as a procurement tool for the public sector.//
<<<
* Annonce ⇒ http://www.enisa.europa.eu/media/news-items/new-schemes-on-the-cloud-certification-list-1
* Détails → https://resilience.enisa.europa.eu/cloud-computing-certification
[img(50%,1px)[iCSF/BluePixel.gif]]
__2014.08 : "''Cloud Standards, a preliminary report''"__
> //In this report we provide an overview of standards relevant for cloud computing security. It is the ENISA contribution to the ETSI work on Cloud Standards under the EC Cloud Strategy.//
* Document → https://resilience.enisa.europa.eu/cloud-security-and-resilience/Cloudstandards.pdf
[img(50%,1px)[iCSF/BluePixel.gif]]
__2014.03 : "''Annex Good Practice Guide for securely deploying Governmental Clouds''"__
<<<
//In this study ENISA, aiming at "enabling and facilitating faster adoption of Cloud computing" collected information on Cloud services deployed (projects, initiatives, plans) in the public sector, collected the best practices and presents a list of recommendations, covering all aspects of Cloud computing. The goal is to help Member States in:
* the elaboration of a national Cloud strategy,
* the implementation of a national Cloud strategy and governmental Cloud infrastructure,
* understanding current barriers by suggesting solutions to overcome them,
* sharing the best practices and paving the way for a common set of requirements for all Member States.
This document is the separate Annex of the report: Good practice guide on how to securely deploy governmental clouds. It summarizes all the findings of the desk research, based on which the final deliverable was syhtesized. The material was updated February 2014.//
<<<
* Document ⇒ https://www.enisa.europa.eu/topics/cloud-and-big-data/good-practice-guide-for-securely-deploying-governmental-clouds-annex
[img(50%,1px)[iCSF/BluePixel.gif]]
!2013
__2013.12.09 : "''Incident Reporting for Cloud Computing''"__[>img(100px,auto)[iCSF/ENISA-IRCC2.png]][>img(100px,auto)[iCSF/ENISA-IRCC.png]]
> //The proposed NIS Directive mentions cloud computing explicitly. This is not surprising. Cloud infrastructures play an increasingly important role in the digital society. A large part of the EU's Digital Agenda is the European cloud strategy which aims to speed up adoption of cloud computing for financial and economic benefits. ENISA has often underlined the security opportunities of cloud computing. In this report we analyse how cloud providers, customers in critical sectors, and government authorities can set up cloud security incident reporting schemes.//
* Annonce → https://www.enisa.europa.eu/publications/incident-reporting-for-cloud-computing/
* Document → https://www.enisa.europa.eu/publications/incident-reporting-for-cloud-computing/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2013.11.15 : "''Good Practice Guide for securely deploying Governmental Clouds''"__
> //In this report, ENISA identifies the Member States with operational government Cloud infrastructures and underlines the diversity of Cloud adoption in the public sector in Europe.//
* Annonce ⇒ https://www.enisa.europa.eu/publications/good-practice-guide-for-securely-deploying-governmental-clouds
* Document → https://www.enisa.europa.eu/publications/good-practice-guide-for-securely-deploying-governmental-clouds/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2013.11.12 : "''Certification in the EU Cloud Strategy''"__
> //In 2012 the EC issued a communication called "European strategy for Cloud computing - unleashing the power of cloud computing in Europe". One of the actions outlined there is to assist the development of EU-wide voluntary certification schmes make a list of such schemes. In the strategy ENISA is asked to support this work. The EC, as one of the first steps, set up a group of experts from industry, called Cloud Select Industry Group (C-SIG), with a number of working groups, also on Certification, abbreviated as the CERT-SIG. For several months the CERT-SIG met and discussed about the possible role of (voluntary) cloud certification schemes in the context of the European cloud computing strategy. The CERT-SIG derived a list of high-level criteria (for cloud certification schemes) and a first list of certification schemes. In this paper ENISA collects and summarizes the results of the CERT-SIG and proposes further steps as a recommendation to the EC, CERT-SIG and the European Cloud Partnership.//
* Annonce → https://resilience.enisa.europa.eu/cloud-computing-certification/certification-in-the-eu-cloud-strategy
* Document → https://resilience.enisa.europa.eu/cloud-computing-certification/certification-in-the-eu-cloud-strategy/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2013.02.14 : "''New ENISA report: The double-edged sword of Cloud computing in Critical Information Infrastructure Protection''"__
> //ENISA has launched a new report looking at Cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective, and identifying that Cloud computing is critical given the concentration of users and data and its growing use in critical sectors, such as finance, health and insurance.//
<<<
//In a few years, a large majority of organisations will be dependent on Cloud computing. Large Cloud services will have tens of millions of end-users. What happens if one of these cloud services fails, or gets hacked?
//[...]//
This report looks at the threats from a CIIP perspective, i.e. how to prevent large cyber disruptions and large cyber-attacks. The key messages of the report are:
* Critical infrastructure: Soon, the vast majority of organisations will use cloud computing notably also in critical sectors like finance, energy and transport. Cloud services are themselves becoming a critical information infrastructure.
* Natural disasters and DDoS attacks: A benefit of Cloud computing is resilience in the face of natural disasters and Distributed Denial of Service (DDoS)-attacks, which are difficult to mitigate using traditional approaches (servers on site, or single data centre).
* Cyber attacks: Cyber attacks exploiting software flaws can cause large data breaches, affecting millions of users, because of the large concentration of users and data. Physical redundancy does not safeguard against certain cyber attacks, such as data breaches exploiting software flaws.
//[...]//
The report also provides nine recommendations for bodies responsible for critical information infrastructures. Key points: Include large cloud services in national risk assessments, track cloud dependencies, and work with providers on incident reporting schemes.//
<<<
* Annonce → https://www.enisa.europa.eu/news/enisa-news/new-enisa-report--the-double-edged-sword-of-cloud-computing-in-critical-information-infrastructure-protection
[img(50%,1px)[iCSF/BluePixel.gif]]
__2013.02.14 : "''Critical Cloud Computing -- A CIIP perspective on cloud computing services''"__[>img(100px,auto)[iCSF/ENISA-CCC.png]]
> //In this report we look at cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective and we look at a number of scenarios and threats relevant from a CIIP perspective, based on a survey of public sources on uptake of cloud computing and large cyber attacks and disruptions of cloud computing services.//
* Annonce → https://www.enisa.europa.eu/publications/critical-cloud-computing
* Document → https://www.enisa.europa.eu/publications/critical-cloud-computing/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2013.02.14 : "''Nouveau rapport de l'Agence européenne ENISA : Le Cloud Computing, une épée à double tranchant concernant la protection des infrastructures d'information critiques''"__
> //L'agence de cyber-sécurité européenne ENISA a publié un nouveau rapport qui examine le Cloud Computing du point de vue de la protection des infrastructures d'information critiques (PIIC), et souligne l'importance croissante du Cloud Computing compte tenu de la concentration des utilisateurs et des données ainsi que de son utilisation croissante dans les secteurs critiques, comme les finances, la santé et l'assurance//
* Annonce → https://www.enisa.europa.eu/news/enisa-news/prs-in-french/le-cloud-computing-une-epee-a-double-tranchant-concernant-la%20protection-des-infrastructures-d-information-critiques
[img(50%,1px)[iCSF/BluePixel.gif]]
!2012
__2012.12 : "''Critical Cloud Computing -- A CIIP perspective on cloud computing services''"__[>img(100px,auto)[iCSF/ENISA-CCC.png]]
version 1.0, document de travail
* Document → https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/critical-cloud-computing"
[img(50%,1px)[iCSF/BluePixel.gif]]
__2012.04.02 : "''Procure secure: ENISA's new guide for monitoring cloud computing contracts''"__[>img(100px,auto)[iCSF/ENISA-PSGMSSLCC.png]]
> //Procure secure: ENISA's new guide for monitoring cloud computing contracts//
* Annonce ⇒ https://www.enisa.europa.eu/news/enisa-news/procure-secure-enisa2019s-new-guide-for-monitoring-cloud-computing-contracts
[img(50%,1px)[iCSF/BluePixel.gif]]
__2012.04.02 : "''Acheter de façon sécurisée: le nouveau guide d'ENISA sur le contrôle des contrats des services de cloud computing''"__
> //Procure secure: ENISA's new guide for monitoring cloud computing contracts//
* Annonce ⇒ https://www.enisa.europa.eu/news/enisa-news/prs-in-french/acheter-de-facon-securisee
[img(50%,1px)[iCSF/BluePixel.gif]]
__2012.03.21 : "''Presentation on Cloud Security and Identity''"__
* Présentation → https://www.enisa.europa.eu/topics/cloud-and-big-data/Cloud_Identity_Hogben.pdf
[img(50%,1px)[iCSF/BluePixel.gif]]
__2012.04.02 : "''Procure Secure: A guide to monitoring of security service levels in cloud contracts''"__
> //A practical guide aimed at the procurement and governance of cloud services. This guide provides advice on questions to ask about the monitoring of security. The goal is to improve public sector customer understanding of the security of cloud services and the potential indicators and methods which can be used to provide appropriate transparency during service delivery. One-off or periodic provider assessments are a vital component of effective security management. However, they are insufficient without additional feedback in the intervals between assessments: they do not provide real-time information, regular checkpoints or threshold based alerting, as covered in this report. //
* Annonce ⇒ https://www.enisa.europa.eu/publications/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts
* Document → https://www.enisa.europa.eu/publications/procure-secure-a-guide-to-monitoring-of-security-service-levels-in-cloud-contracts/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
!2011
__2011.12.21 : "''Survey and analysis of security parameters in cloud SLAs across the European public sector''"__[>img(100px,auto)[iCSF/ENISA-SAPCSLAAEPS.png]]
> //In the past, organizations would buy IT equipment (hardware or software) and manage it themselves. Today many organizations prefer to use cloud computing and outsourced IT services. The work of an organisation's IT officer has changed as a consequence: Instead of setting up hardware or installing.//
* Annonce → https://www.enisa.europa.eu/publications/survey-and-analysis-of-security-parameters-in-cloud-slas-across-the-european-public-sector
* Document → https://www.enisa.europa.eu/publications/survey-and-analysis-of-security-parameters-in-cloud-slas-across-the-european-public-sector/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2011.01.17 : "''Security and Resilience in Governmental Clouds''"__
<<<
//Cloud computing offers a host of potential benefits to public bodies, including scalability, elasticity, high performance, resilience and security together with cost efficiency.
Understanding and managing risks related to the adoption and integration of cloud computing capabilities into public bodies is a key challenge.
Effectively managing the security and resilience issues related to cloud computing capabilities is prompting many public bodies to innovate, and some cases to rethink, their processes for assessing risk and making informed decisions related to this new service delivering model.
This report identifies a decision-making model that can be used by senior management to determine how operational, legal and information security requirements, as well as budget and time constraints, can drive the identification of the architectural solution that best suits the needs of their organisation.
The main objectives of the report are:
* to highlight the pros and cons, with regard to information security and resilience, of community, private and public cloud computing delivery models;
* to guide public bodies in the definition of their requirements for information security and resilience when evaluating cloud computing service delivery models;
Moreover this report wants to indirectly to support European Union Member States in the definition of their national cloud strategy with regards to security and resilience.//
<<<
* Annonce → https://www.enisa.europa.eu/publications/security-and-resilience-in-governmental-clouds
* Document → https://www.enisa.europa.eu/publications/security-and-resilience-in-governmental-clouds/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
!2010
Aucun article pour le moment
[img(50%,1px)[iCSF/BluePixel.gif]]
!2009
__2009.11.20 : "''WEF Cloud Computing''"__
> //Exploring the Future of Cloud Computing * Phase II * Stakeholder consultation: key issues for discussion//
* Présentation → https://www.enisa.europa.eu/media/news-items/wef-cloud-computing
[img(50%,1px)[iCSF/BluePixel.gif]]
__2009.11.20 : "''Cloud Computing: Benefits, Risks and Recommendations for Information Security''"__
<<<
[>img(200px,auto)[iCSF/9BKBRARFIS.jpg]]//ENISA, supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, has conducted, in the context of the Emerging and Future Risk Framework project, an risks assessment on cloud computing business model and technologies.
The result is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing.
The report provide also a set of practical recommendations.Produced by ENISA with contributions from a group of subject matter expert comprising representatives from Industry, Academia and Governmental Organizations, a risk assessment of cloud computing business model and technologies.
This is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing.
The report provide also a set of practical recommendations. It is produced in the context of the Emerging and Future Risk Framework project.//
<<<
* Annonce → https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment
* Document → https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2009.11.20 : "''Cloud Computing - SME Survey''"__
<<<
//ENISA (the European Network and Information Security Agency) has conducted a security risk assessment of cloud computing technologies aimed at giving advice to (among others) SME's on the most important risks in adopting cloud computing technologies, as well as ways to address those risks.
As part of this study, we have launched a survey of the actual needs, requirements and expectations of SMEs for cloud computing services.
The results of the survey were used to support the creation of a use case scenario: "An SME perspective on Cloud Computing".//
<<<
* Document → https://www.enisa.europa.eu/publications/cloud-computing-sme-survey/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
__2009.11.20 : "''Cloud Computing Information Assurance Framework''"__
> //One of the most important recommendations in the ENISA's Cloud Computing Risk Assessment report is the Information Assurance Framework, a set of assurance criteria designed to assess the risk of adopting cloud services, compare different Cloud Provider offers, obtain assurance from the selected cloud providers, reduce the assurance burden on cloud providers.//
* Annonce → https://www.enisa.europa.eu/publications/cloud-computing-information-assurance-framework
* Document → https://www.enisa.europa.eu/publications/cloud-computing-information-assurance-framework/at_download/fullReport
[img(50%,1px)[iCSF/BluePixel.gif]]
!end
'2020' '2020' [[Ref-ENISA##2020]]
'2019' '2019' [[Ref-ENISA##2019]]
'2010' '2010' [[Ref-ENISA##2010]]
%/
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - ENISA]]>>
!ISO : //International Standisation Organisation//
[>img(150px,auto)[iCSF/ISO.jpg]]L'ISO a publié plusieurs standards sur le Cloud Computing dont :
* __''ISO/IEC 27017:2015 / ITU-T X.1631''__ : "Technologies de l'information -- Techniques de sécurité -- Code de pratique pour les contrôles de sécurité de l'information fondés sur l'ISO/IEC 27002 pour les services du nuage"
** Publication : décembre 2015
** L'ISO/IEC 27017:2015 fournit des directives sur la sécurité de l'information et pour l'utilisation de services dans le Cloud.
** Elle traite aussi des aspects de contrôle et fait le lien avec ceux de l'ISO/IEC 27002, tant pour les fournisseurs que pour les consommateurs d'énergie Cloud.
** Elle en ajoute d'autres spécifiques au Cloud avec des recommandations sur leur implémentation .
**+++*[Table des Matières »]>
# Introduction
# Portée
# Références normatives
# Termes et définitions
# Vue d'ensemble
# Politiques de sécurité de l'information
# Organisation de la sécurité de l'information
# Sécurité des ressources humaines
# Gestion d'actifs
# Contrôle d'accès
# Cryptographie
# Zones sécurisées
# Sécurité des opérations
# Sécurité de la communication
# Acquisition, développement et maintenance du système
# Relations avec les fournisseurs
# Gestion des incidents de sécurité de l'information
# Aspects de la sécurité de l'information dans la gestion de la continuité
# Conformité
===
** __Liens :__
*** ISO → https://www.iso.org/fr/standard/43757.html (non encore disponible en français)
* __''ISO/IEC 27018:2019''__ "Technologies de l'information -- Techniques de sécurité -- Code de bonnes pratiques pour la protection des informations personnelles identifiables (PII) dans l'informatique en nuage public agissant comme processeur de PII"
** "Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds act-ing as PII processors" (Drft)
** Date de publication : janvier 2019
** Lien : https://www.iso.org/fr/standard/76559.html
* __''ISO/IEC 27036-4:2016''__ "Information technology -- Security techniques -- Information security for supplier relationships -- Part 4: Guidelines for security of cloud services"
** Date de publication : octobre 2016
** Lien :
* __''ISO/IEC 19086-4:2019''__ : "Informatique en nuage -- Cadre de travail de l'accord du niveau de service -- Partie 4: Eléments de sécurité et de protection des PII"
** Date de publication : janvier 2019
** Lien : https://www.iso.org/fr/standard/68242.html
* __''ISO/IEC 19086-4:2019''__ : "Informatique en nuage -- Cadre de travail de l'accord du niveau de service -- Partie 4: Eléments de sécurité et de protection des PII"
** "Cloud computing -- Service level agreement (SLA) framework -- Part 4: Components of security and of protection of PII"
* __''ISO/IEC 17788''__ : "Cloud computing -- Overview and vocabulary"
* __''ISO/IEC 17789''__ : "Cloud computing - Reference architecture"
* __''TC46 Information and documentation''__ :
** __''ISO/DTR 22428''__ : "Information and documentation -- Records management in the cloud: Issues and concerns"
* __Autres document du ''JTC 1''__ :
** __''ISO/IEC CD 22123''__ : "Information Technology -- Cloud Computing -- Concepts and Terminology"
** __''ISO/IEC DIS 22624''__ : "Information Technology -- Cloud Computing -- Taxonomy based data handling for cloud services"
** __''ISO/IEC TR 22678:2019''__ : "Information Technology -- Cloud computing -- Guidance for policy development"
** __''ISO/IEC PDTS 23167''__ : "Information Technology -- Cloud Computing -- Common Technologies and Techniques"
** __''ISO/IEC TR 23186:2018''__ : "Information Technology -- Cloud computing -- Framework of trust for processing of multi-sourced data"
** __''ISO/IEC PDTR 23188''__ : "Information Technology -- Cloud computing -- Edge computing landscape"
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - ISO]]>>
!NIST : //National Institute of Standards and Technology//
[>img(150px,auto)[iCSF/NIST.gif]]Les publications du NIST américain font office de référence dans de nombreux domaines dont l'informatique et la sécurité.
<<tabs tNIST 'Présentation' '' [[Ref-NIST##NIST_Presentation]] 'SP 800' '' [[Ref-NIST##NIST_SP800]] 'SP 1800' '' [[Ref-NIST##NIST_SP1800]] 'SP 500' '' [[Ref-NIST##NIST_SP500]] 'NISTR' '' [[Ref-NIST##NIST_NISTR]] 'Divers' '' [[Ref-NIST##NIST_Divers]]>>
/%
!NIST_Presentation
Les publications du NIST sont toutes accessibles depuis le portail du "//Computer Security Resource Center//" du NIST : https://csrc.nist.gov/
Elles sont regroupées en au moins 5 catégories :
# les ''SP 800'' : les "NIST Special Publication" 800-xxx
** Lien : https://csrc.nist.gov/publications/search?keywords-lg=800-
# les ''SP 500'' : les "NIST Special Publication" 500-xxx
** Lien : https://csrc.nist.gov/publications/search?keywords-lg=500-
# les ''SP 1800'' : les "NIST Special Publication" 1800-xxx
** Lien : https://csrc.nist.gov/publications/search?keywords-lg=1800-
# les ''NIST IR'' : les "NIST Internal Reports" 5xxx, 6xxx, 7xxx, ou 8xxx
** Lien : https://csrc.nist.gov/publications/nistir
# les ''FIPS'' : les "Federal Information Processing Standards" xxx
** Aucune ne concerne directement la sécurité du Cloud
** Lien : https://csrc.nist.gov/publications/fips
!NIST_SP800
Liste des documents SP 800 pertinents :
# ''SP 800-210 -- "General Access Control Guidance for Cloud Systems"''
**+++*[»]>
* __Date :__ 2020.07.30
/% * __Annonce :__ %/
===
** __Téléchargement :__ https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-210.pdf
# ''SP 800-204 -- "Security Strategies for Microservices-based Application Systems"'' (DRAFT)
**+++*[»]>
* __Date :__ 2019.03.26
* __Annonce :__ https://csrc.nist.gov/publications/detail/sp/800-204/draft
===
** __Téléchargement :__ https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-204-draft.pdf
# ''SP 800-190 -- "Application Container Security Guide" ''
**+++*[»]>
* __Date :__ 2017.09.25
<<<
//Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This publication explains the potential security concerns associated with the use of containers and provides recommendations for addressing these concerns.//
<<<
* __Annonce :__ https://csrc.nist.gov/publications/detail/sp/800-190/final
===
** __Téléchargement :__ https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-190.pdf ou https://doi.org/10.6028/NIST.SP.800-190
# ''SP 800-180 -- "NIST Definition of Microservices, Application Containers and System Virtual Machines"''
**+++*[»]>
* __Date :__ 2016.02.18
* __Lien :__ https://csrc.nist.gov/publications/detail/sp/800-180/draft
===
** __Téléchargement :__ https://csrc.nist.gov/CSRC/media/Publications/sp/800-180/draft/documents/sp800-180_draft.pdf
# ''SP 800-146 -- Cloud Computing Synopsis and Recommendations''
**+++*[»]>
* __Date :__ 2012.05.29
* __Lien :__ http://www.nist.gov/itl/cloud-052912.cfm
===
** __Téléchargement :__ https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-146.pdf ou https://doi.org/10.6028/NIST.SP.800-146
# ''SP 800-145 -- The NIST Definition of Cloud Computing''
**+++*[»]>
* __Date :__ 2011.09.28
* __Lien :__ https://www.nist.gov/news-events/news/2011/10/final-version-nist-cloud-computing-definition-published
===
** __Téléchargement :__ https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf ou https://doi.org/10.6028/NIST.SP.800-145
# ''SP 800-144 -- Guidelines on Security and Privacy in Public Cloud Computing''
**+++*[»]>
* __Date :__ 2011.12.09
* __Lien :__ https://www.nist.gov/news-events/news/2012/01/nist-issues-cloud-computing-guidelines-managing-security-and-privacy
===
** __Téléchargement :__ https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf ou https://doi.org/10.6028/NIST.SP.800-144
# ''SP 800-125A -- Revision 1 (DRAFT) "Ensuring the Security of Virtualized Server Platforms Against Potential Threats''
**+++*[»]>
* __Date :__ 2018.04.12
* __Annonce :__ https://csrc.nist.gov/News/2018/NIST-Releases-Draft-SP-800-125A-Rev-1
<<<
//A virtualized server platform -- like a physical server platform -- needs to be protected against attacks from hackers who might want to steal information or take control of parts of the server. NIST is releasing a publication that addresses this issue by providing recommendations to ensure that the core software used in a virtual server, the hypervisor, remains secure against such attacks. Draft NIST Special Publication 800-125A Revision 1, Security Recommendations for Server-based Hypervisor Platforms, analyzes the potential threats to the secure execution of the functions of a hypervisor and provides a series of recommendations to provide assurance against such potential threats.
The approach taken in this publication is to identify the baseline functions that a hypervisor performs, the tasks involved in each baseline function, the potential threats to the secure execution of the task, and the countermeasures that can provide assurance against exploitation of these threats in the form of security recommendations. In addition to these security recommendations, a recommendation for ensuring the overall integrity of all components of a hypervisor platform is also provided.
The target audience for the security recommendations in this document are the Chief Security Officer (CSO) or the Chief Technology Officer (CTO) of an Enterprise IT department in a private enterprise or government agency who wants to develop a virtualization infrastructure, as well as managers of data centers who want to offer a virtualization infrastructure for hosting cloud offerings and who want to provide security assurance for that infrastructure to cloud service clients.
It has been found that to deploy virtualized servers for high performance applications (e.g., big data, analytics etc.), other forms of device virtualization besides the "emulation" approach covered in this document are required. This publication captures these additional technologies for device virtualization, such as para-virtualization, passthrough and self-virtualizing hardware devices as well as associated security recommendations. Major content changes in this publication, which is a revision of NIST SP 800-125A, Security Recommendations for Hypervisor Deployment on Servers, can be found in Sections 1.1, 2.2.2 and 5.//
<<<
===
** __Lien :__ https://csrc.nist.gov/publications/detail/sp/800-125a/rev-1/draft
# ''SP 800-125B -- "Security Recommendations for Deploying Hypervisors on Servers"''
**+++*[»]>
* __Date :__ 2016.03.07
* __Téléchargement :__ https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-125B.pdf ou https://doi.org/10.6028/NIST.SP.800-125B
===
** __Lien :__ https://csrc.nist.gov/publications/detail/sp/800-125a/final
# ''SP 800-125A -- https://csrc.nist.gov/publications/detail/sp/800-125b/final''
**+++*[»]>
* __Date :__ 2018.01.24
* __Annonce :__ https://csrc.nist.gov/News/2018/Security-Recommendations-for-Deploying-Hypervisors
<<<
//NIST has published Special Publication (SP) 800-125A, Security Recommendations for Hypervisor Deployment on Servers. A hypervisor is a collection of software modules that provides virtualization of hardware resources, enabling multiple computing stacks called Virtual Machines (VMs) to be run on a single physical host.
The security recommendations in this document relate to ensuring the secure execution of baseline functions of the hypervisor, when deployed for the purpose of server virtualization (but not for other use cases such as embedded systems or desktops). Recommendations for secure configuration of a virtual network are dealt with separately in SP 800-125B.//
<<<
* __Lien SP 800-125B :__ https://csrc.nist.gov/publications/detail/sp/800-125b/final
===
** __Lien :__ https://csrc.nist.gov/publications/detail/sp/800-125a/final
# ''SP 800-125 -- "Guide to Security for Full Virtualization Technologies"''
**+++*[»]>
* __Date :__ 2018.01.18
* __Annonce :__ https://www.nist.gov/news-events/news/2011/02/nist-issues-final-version-full-virtualization-security-guidelines
===
** __Lien :__ https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-125.pdf ou https://doi.org/10.6028/NIST.SP.800-125
!NIST_SP1800
Liste des documents SP 1800 pertinents :
# ''SP 1800-19A -- "Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments -- Volume A: Executive Summary" (Prelim. Draft 1)''
**+++*[»]>
* __Date :__ 2018.08.24
* __Annonce :__ https://csrc.nist.gov/publications/detail/sp/1800-19a/draft
<<<
//The National Cybersecurity Center of Excellence (NCCoE) at NIST recognizes the need to address security and privacy challenges for the use of shared cloud services in hybrid cloud architectures, and has launched this project. This project is using commercially available technologies to develop a cybersecurity reference design that can be implemented to increase security and privacy for cloud workloads on hybrid cloud platforms.
This project will demonstrate how the implementation and use of trusted compute pools not only will provide assurance that workloads in the cloud are running on trusted hardware and are in a trusted geolocation, but also will improve the protections for the data within workloads and flowing between workloads. This project will result in a NIST Cybersecurity Practice Guide - a publicly available description of the solution and practical steps needed to implement a cybersecurity reference design that addresses this challenge.// ===
<<<
===
* __Lien :__ https://www.nccoe.nist.gov/sites/default/files/library/sp1800/tc-hybrid-sp1800-19a-preliminary-draft.pdf
# ''SP 1800-4 -- "Mobile Device Security: Cloud and Hybrid Builds"''
**+++*[»]>
* __Date :__ 2019.02.21
** __Site :__ https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/cloud-hybrid
* __Date :__ 2015.11.02
** __Annonce :__ https://www.nist.gov/news-events/news/2015/11/nist-invites-comments-practice-guide-improving-mobile-device-security
** __Téléchargement :__
*** Présentation → https://nccoe.nist.gov/projects/building_blocks/mobile_device_security
*** Document → https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-4.pdf
===
** __Site :__
*** https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/cloud-hybrid
** __Téléchargement :__
*** https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-4.pdf
!NIST_SP500
Liste des documents SP 500 pertinents :
# ''SP 500-325 -- Fog Computing Conceptual Model''
**+++*[»]>
* __Date :__ 2018.03.19
* __Annonce :__ "NIST Releases Report on Fog Computing for Internet of Things Devices "
<<<
//An increasing number of people and organizations are using smart, interconnected devices, which form the so-called Internet of Things (IoT). This increase is fueled by the proliferation of mobile devices, smart sensors used to power electric grids, self-driving cars, and fitness trackers, and wireless sensors. All of these products are generating and accessing a growing amount of data that needs to be accessed more quickly and locally.
Until recently, much of this data has been managed and stored through cloud computing, a centralized network of computers and servers connected together over the Internet. But access to data through the cloud can be slow at times, because the data needs to be transported to the cloud for processing, analysis and storage.
An alternative to cloud computing is fog computing, a decentralized infrastructure in which data is accessed locally, which significantly reduces the amount of time it takes to access the data. In addition to fog computing, other concepts have been developed as alternatives to cloud computing, called mist computing, cloudlets, and edge computing. But no consensus exists on the distinction among these concepts. So NIST is releasing Special Publication 500-325, Fog Computing Conceptual Model, a report that presents the conceptual models of fog and mist computing and how they relate to cloud-based computing models for IoT.
The report not only provides the conceptual models of fog computing and its subsidiary mist computing, but it also introduces the notion of a fog node and the nodes federation model, which is composed of both distributed and centralized clusters of fog nodes operating in harmony. The report is intended to serve as a means for broad comparisons of fog computing capabilities, service models, and deployment strategies, and to provide a baseline for discussion of what fog computing is and how it may be used.//
<<<
* __Lien :__ https://csrc.nist.gov/News/2018/Fog-Computing-for-Internet-of-Things-Devices
===
** __Lien :__ https://csrc.nist.gov/publications/detail/sp/500-325/final
# ''SP 500-299 (DRAFT) -- NIST Cloud Computing Security Reference Architecture''
**+++*[»]>
* __Date :__ 2013.05
*__Synthèse :__
<<<
//The purpose of this document is to define a NIST Cloud Computing Security Reference Architecture (NCC-SRA) -- a framework that:
## identifies a core set of Security Components that can be implemented in a Cloud Ecosystem to secure the environment, the operations, and the data migrated to the cloud;
## provides, for each Cloud Actor, the core set of Security Components that fall under their responsibilities depending on the deployment and service models;
## defines a security-centric formal architectural model that adds a security layer to the current NIST SP 500-292, "NIST Cloud Computing Reference Architecture";
## provides several approaches for analyzing the collected and aggregated data.
//
<<<
* __Lien :__ https://csrc.nist.gov/publications/detail/sp/500-299/draft
===
** __Téléchargement :__ http://collaborate.nist.gov/twiki-cloud-computing/pub/CloudComputing/CloudSecurity/NIST_Security_Reference_Architecture_2013.05.15_v1.0.pdf
!NIST_NISTR
Liste des documents NISTR pertinents :
# ''NISTIR 8176 -- Security Assurance Requirements for Linux Application Container Deployments''
**+++*[»]>
* __Date :__ 2017.10.12
* __Annonce :__ https://csrc.nist.gov/News/2017/NIST-Releases-NISTIR-8176
<<<
//Application containers are now slowly finding adoption in production environments due to agile deployment process, efficient resource utilization and availability of automation tools. At the same time, to ensure secure deployment, security guidelines and countermeasures have been proposed (Application Container Security Guide, NIST Special Publication 800-190) to cover various components of a container environment such as: Hardware, Host Operating System (OS), Container Runtime, Image, Registry and Orchestrator.
To carry out these recommendations in the form of countermeasures, one or more security solutions are needed with defined metrics in the form of security assurance requirements. Linux (and its various distributions) being open-source and being the predominant host OS in the deployed container platforms, has sufficient reservoir of information to analyze the security impact of its various configuration options. The focus of this document is to derive the security assurance requirements for various security solutions for application containers hosted on Linux. The target audience includes system security architects and administrators who are responsible for the actual design and deployment of security solutions in enterprise infrastructures hosting containerized hosts.//
<<<
* __Lien :__ https://csrc.nist.gov/publications/detail/nistir/8176/final
===
** __Téléchargement :__ https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8176.pdf ou https://doi.org/10.6028/NIST.IR.8176
# ''NISTIR 8006 -- NIST Cloud Computing Forensic Science Challenges''
**+++*[»]>
* __Date :__ 2014.06.23
* __Annonce :__ https://csrc.nist.gov/publications/detail/nistir/8006/draft
<<<
//This document summarizes the research performed by the members of the NIST Cloud Computing Forensic Science Working Group, and aggregates, categorizes and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem. The challenges are presented along with the associated literature that references them. The immediate goal of the document is to begin a dialogue on forensic science concerns in cloud computing ecosystems. The long-term goal of this effort is to gain a deeper understanding of those concerns (challenges) and to identify technologies and standards that can mitigate them.//
<<<
* __Synthèse :__
<<<
//This document summarizes the research performed by the members of the NIST Cloud Computing Forensic Science Working Group, and aggregates, categorizes and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem. The challenges are presented along with the associated literature that references them. The immediate goal of the document is to begin a dialogue on forensic science concerns in cloud computing ecosystems. The long-term goal of this effort is to gain a deeper understanding of those concerns (challenges) and to identify technologies and standards that can mitigate them.// ===
<<<
===
** __Téléchargement :__ https://csrc.nist.gov/CSRC/media/Publications/nistir/8006/draft/documents/draft_nistir_8006.pdf
# ''NISTIR 7956 -- Cryptographic Key Management Issues & Challenges in Cloud Services''
**+++*[»]>
* __Date :__ 2013.09.18
* __Synthèse :__
<<<
//To interact with various services in the cloud and to store the data generated/processed by those services, several security capabilities are required. Based on a core set of features in the three common cloud services - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), we identify a set of security capabilities needed to exercise those features and the cryptographic operations they entail. An analysis of the common state of practice of the cryptographic operations that provide those security capabilities reveals that the management of cryptographic keys takes on an additional complexity in cloud environments compared to enterprise IT environments due to: (a) difference in ownership (between cloud Consumers and cloud Providers) and (b) control of infrastructures on which both the Key Management System (KMS) and protected resources are located. This document identifies the cryptographic key management challenges in the context of architectural solutions that are commonly deployed to perform those cryptographic operations.//
<<<
* __Lien :__ https://csrc.nist.gov/publications/detail/nistir/7956/final
===
** __Téléchargement :__ https://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7956.pdf ou https://doi.org/10.6028/NIST.IR.7956
# ''NISTIR 7904 -- Trusted Geolocation in the Cloud: Proof of Concept Implementation''
**+++*[»]>
* __Date :__ 2015.12.10
* __Synthèse :__
<<<
//This publication explains selected security challenges involving Infrastructure as a Service (IaaS) cloud computing technologies and geolocation. It then describes a proof of concept implementation that was designed to address those challenges. The publication provides sufficient details about the proof of concept implementation so that organizations can reproduce it if desired. The publication is intended to be a blueprint or template that can be used by the general security community to validate and implement the described proof of concept implementation. //
<<<
* __Auteurs :__ Michael Bartock (NIST), Murugiah Souppaya (NIST), Raghuram Yeluri (Intel), Uttam Shetty (Intel), James Greene (Intel), Steve Orrin (Intel), Hemma Prafullchandra (HyTrust), John McLeese (HyTrust), Karen Scarfone (Scarfone Cybersecurity)
* __Lien :__ https://csrc.nist.gov/publications/detail/nistir/7904/final
===
** __Téléchargement :__ https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.7904.pdf ou https://doi.org/10.6028/NIST.IR.7904
!NIST_Divers
Dans cette rubrique, d'autres nouvelles ou publications dans le contexte du NIST
# ''Présentation "Modeling and Mitigating the Insider Threat of Remote Administrators in Clouds"''
**+++*[»]>
* __Date :__ 2018.07.10
* __Synthèse :__
<<<
//As today's cloud providers strive to attract customers with better services and less downtime in a highly competitive market, they increasingly rely on remote administrators including those from third party providers for fulfilling regular maintenance tasks. In such a scenario, the privileges granted for remote administrators to complete their assigned tasks may allow an attacker with stolen credentials of an administrator, or a dishonest remote administrator, to pose severe insider threats to both the cloud tenants and provider. In this paper, we take the first step towards understanding and mitigating such a threat. Specifically, we model the maintenance task assignments and their corresponding security impact due to privilege escalation. We then mitigate such impact through optimizing the task assignments with respect to given constraints. The simulation results demonstrate the effectiveness of our solution in various situations.//
<<<
* __Auteurs :__ Nawaf Alhebaishi (Concordia University), Lingyu Wang (Concordia University), Sushil Jajodia (George Mason University), and Anoop Singhal (NIST)
* __Lien :__ https://csrc.nist.gov/publications/detail/conference-paper/2018/07/10/insider-threat-of-remote-administrators-in-clouds
===
** __Téléchargement :__ https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=925918
!end
%/
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - NIST]]>>
!IETF : Internet Engineering Task Force
[>img(auto,100px)[iCSF/IETF.gif]]L'IETF publie notamment les RFC (Request For Comments)
|!Date|!RFC|!Titre|
|2019.04.27|RFC 8576|[[Internet of Things (IoT) Security: State of the Art and Challenges|https://www.rfc-editor.org/rfc/rfc8576.txt]]|
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - IETF]]>>
!ITU / UIT : International Telecommunication Union / Union Internationale des Telecommunications
[>img(auto,100px)[iCSF/ITU.jpg]]L'ITU est l'une des agences utiles de l'ONU...
|!Date|!Origine|!Titre|
|2012.02|Focus Group on Cloud Computing|Technical Report Part 1: Introduction to the cloud ecosystem: definitions, taxonomies, use cases and high-level requirement |
|2012.02|Focus Group on Cloud Computing|Technical Report Part 2: Functional requirements and reference architecture |
|2012.02|Focus Group on Cloud Computing|Technical Report Part 3: Requirements and framework architecture of cloud infrastructure |
|2012.02|Focus Group on Cloud Computing|Technical Report Part 4: Cloud Resource Management Gap Analysis |
|2012.02|Focus Group on Cloud Computing|Technical Report Part 5: Cloud security |
|2012.02|Focus Group on Cloud Computing|Technical Report Part 6: Overview of SDOs involved in cloud computing |
|2012.02|Focus Group on Cloud Computing|Technical Report Part 7: Cloud computing benefits from telecommunication and ICT perspectives |
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - ITU]]>>
<<tabs tRefAutr 'CIS' 'Center for Internet Security' [[Ref-CIS]] 'Gartner' 'Gartner' [[Ref-Gartner]] 'GEANT' 'GEANT (EU)' [[Ref-GEANT]] 'Horizon 2020' 'Horizon 2020 (EU)' [[Ref-Horizon2020]] 'SWIPO' 'SWIPO (EU)' [[Ref-SWIPO]] 'MITRE' 'MITRE' [[Ref-MITRE]] 'OMG' 'OMG (ex CSCC)' [[Ref-OMG]] 'OWASP' 'OWASP' [[Ref-OWASP]] 'PCI DSS' 'PCI DSS' [[Ref-PCIDSS]] 'SANS' 'SANS' [[Ref-SANS]]>>
[img(50%,1px)[iCSF/BluePixel.gif]]
!CIS : Center for Internet Security
[>img(300px,auto)[iCSF/CIS.png]]Le CIS^^®^^ est le "Center for Internet Security, Inc.
Le CIS est une entité à but non lucratif s'appuyant sur la communauté informatique pour protéger les organisations privées et publiques contre les cybermenaces.
Plusieurs publications récententes concernent la thématique "Cloud et Sécurité".
[img(50%,1px)[iCSF/BluePixel.gif]]
<<tabs tCIS 'Présentation' '' [[Ref-CIS##CIS_Pres]] 'Annonces' '' [[Ref-CIS##CIS_Ann]] 'Publications' '' [[Ref-CIS##CIS_Publ]]>>
/%
!CIS_Pres
Le CIS développe deux standards reconnus en matières de bonnes pratiques :
* [img(100px,auto)[iCSF/CIS_Controls.jpg]] le "CIS Controls™"
* [img(120px,auto)[iCSF/CIS_Benchmarks.png]] le "CIS Benchmarks™"
Ces directives sont affinées au fur et à mesure, et sont vérifiées par les "CIS Communities", des communautés de professionnels expérimentés et bénévoles.
Le CIS propose aussi, sur abonnement, le "CIS Hardened Images™" qui sont des machines virtuelles préconfigurées pour fournir des environnements informatiques sécurisés, à la demande et évolutifs dans le cloud.
Le CIS héberge également le Multi-State Information Sharing and Analysis Center® (MS-ISAC®).
La mission du CIS consiste à :
* Identifier, développer, valider, promouvoir et soutenir les meilleures pratiques en matière de cyberdéfense
* Bâtir et animer des communautés pour créer un environnement de confiance dans le cyberespace
[img(50%,1px)[iCSF/BluePixel.gif]]
!CIS_Ann
# 14.02.2019 : "//''CIS Controls Companion Guide for the Cloud Now Available''//"
**+++*[»]> ⇒ https://www.cisecurity.org/press-release/cis-controls-companion-guide-for-cloud-now-available/
<<<
//"Working with an army of global adopters and cybersecurity experts, the CIS Controls team has created a new companion guide to help organizations break down and map the applicable CIS Controls and their implementation in cloud environments using consensus-developed best practices," said Tony Sager, CIS® Senior Vice President, and Chief Evangelist. "It's another great example of the CIS Community model - sharing labor and ideas to create products that can help every enterprise conduct a security assessment and develop an improvement roadmap," he added.
''Cloud Challenge: Sharing the Responsibility''
One of the main challenges in applying best practices to cloud environments is the knowledge that these systems operate under different assumed security responsibilities than traditional on-premises environments. There is often a shared security responsibility between the user and the cloud provider. In the CIS Controls Cloud Companion Guide, CIS identifies who is responsible for cloud security tasks outlined in the CIS Controls that are specific to the service models:
* IaaS (Infrastructure as a Service)
* PaaS (Platform as a Service)
* SaaS (Software as a Service)
* FaaS (Function as a Service)
The guide also takes into consideration the special mission and business requirements found in cloud environments. It examines unique risks (vulnerabilities, threats, consequences, and security responsibilities) to cloud environments. These risks drive the priority of enterprise security requirements (e.g., availability, integrity, and confidentiality of data).
The CIS Controls Cloud Companion Guide will allow users to manage cloud deployments by tailoring the CIS Controls in the context of a specific IT/OT cloud environment.//
<<<
Lien : https://www.cisecurity.org/white-papers/cis-controls-cloud-companion-guide/ ===
# 11.02.2019 : "//''CIS Controls™ Cloud Companion Guide''//"
**+++*[»]>
[>img(100px,auto)[iCSF/CIS-Jcccg7.png]]"//''CIS Controls™ Cloud Companion Guide and Public Call for IoT Companion Guide''//"
//Working with an army of global adopters and cybersecurity experts, the CIS Controls team created a cloud security companion guide to help secure cloud environments. This guide helps organizations break down and map the applicable CIS Controls and their implementation in cloud environments using consensus-developed best practices.//
Lien de téléchargement direct ⇒ ''[[CloudSecurityAlliance.fr/go/j2bc/|https://cloudsecurityalliance.fr/go/j2bc/]]'' (pdf) ===
# 08.01.2019 : "//''CIS Hardened Images on Google Cloud Platform (GCP)''//"
**+++*[»]> //__CIS hardened images on GCP__
All of these images are available on Google Cloud Platform.
* Ubuntu Linux: CIS Ubuntu Linux 14.04 LTS Benchmark, CIS Ubuntu Linux 16.04 LTS Benchmark, CIS Ubuntu Linux 18.04 LTS Benchmark
* CentOS Linux: CIS CentOS Linux 7 Benchmark, CIS CentOS Linux 6 Benchmark
* Red Hat Linux: CIS Red Hat Enterprise Linux 7 Benchmark, CIS Red Hat Enterprise Linux 6 Benchmark
* SUSE Linux: CIS SUSE Linux Enterprise 11 Benchmark, CIS SUSE Linux Enterprise 12 Benchmark
* Microsoft Windows Server: CIS Microsoft Windows Server 2008 R2 Benchmark, CIS Microsoft Windows Server 2012 R2 Benchmark, CIS Microsoft Windows Server 2012 (non-R2) Benchmark, CIS Microsoft Windows Server 2016 RTM (Release 1607) Benchmark
__CIS Google Cloud Platform Foundations Benchmark__
Anyone using GCP, regardless of whether CIS Hardened Images are used, should secure their environment with the CIS Google Cloud Platform Foundations Benchmark. The purpose of this CIS Benchmark is to provide prescriptive guidance about security configuration on GCP.//
Link: https://www.cisecurity.org/benchmark/google_cloud_computing_platform/ ===
# 10.12.2018 : "//''Call for participation: Help the CIS Controls Secure Mobile and Cloud Environments''//"
**+++*[»]> //__Defending mobile and cloud environments__
Developing mobile and cloud technologies introduce technological and societal benefits. It also means that data and applications are distributed across multiple locations, many of which are not within the organization's infrastructure. With all these threats, how can we get on track with a roadmap of fundamentals and guidance to measure and improve mobile and cloud security? Which defensive steps have the greatest value?
The CIS Controls started as a grassroots activity over a decade ago to help organizations focus on the most fundamental and valuable cybersecurity actions. The CIS Controls are downloaded by thousands each year to help secure systems and data. Now, we're bringing the trusted security of the CIS Controls to mobile and cloud environments with the CIS Controls Mobile Companion Guide and CIS Controls Cloud Companion Guide. These guides will break down and map the applicable CIS Controls and their implementation in mobile and cloud environments.
__A community approach__
At CIS, we believe in community-driven, consensus-developed resources that help every organization improve its cyber defenses. That's why we're creating the CIS Controls Mobile Companion Guide and CIS Controls Cloud Companion Guide. In these documents, we'll provide guidance on how to apply the security best practices found in CIS Controls Version 7 to any mobile or cloud environment from the user perspective.
We're excited to produce these guides, but we need your help. Are you an IT security expert or cloud technology super-user? Join our communities on CIS WorkBench. For each top-level CIS Control, we'll discuss of how to interpret and apply the security recommendations in mobile and cloud environments. We'll also examine any unique considerations or differences in applying the CIS Control to these systems as compared to more traditional IT environments.
To get involved, join CIS WorkBench - our free community collaboration platform. Once you've registered, search for the CIS Controls cloud or mobile community to start contributing to the discussion.
* CIS Controls Cloud Companion Guide Community ⇒ https://workbench.cisecurity.org/communities/80
* CIS Controls Mobile Companion Guide Community ⇒ https://workbench.cisecurity.org/communities/82
// ===
# 29.11.2018 : "//''CIS Introduces its First Hardened Container Image for Secure Applications in the Cloud''//"
**+++*[»]> //CIS® (Center for Internet Security, Inc.) today announced the availability of its first Hardened Container Image, now available on the newly launched Amazon Web Services Marketplace for Containers.
CIS made the announcement in conjunction with the AWS re:Invent 2018 Conference in Las Vegas, where Amazon Web Services (AWS) announced the added support for software products that use Docker® containers.
CIS Hardened Images™ are cloud-based images secured according to the proven configuration recommendations of the CIS Benchmarks™. The CIS Benchmarks are recognized as global standards and best practices for securing IT systems and data against cyber threats. The CIS Hardened Container Image reflects baseline requirements in accordance with applicable CIS Benchmarks to optimize systems running containers. AWS customers can now use the Amazon Elastic Container Service (Amazon ECS) console and AWS Marketplace for Containers website to discover, produce, and deploy container solutions - including the CIS Hardened Images. With today's release, AWS Marketplace has extended its existing benefits and features to container products, with a rich discovery and search experience offering access to a curated catalog of trusted software from reputable vendors.
"For the first time, we are making available a container version of our industry-leading CIS Benchmarks," said Curtis Dukes, CIS Executive Vice President, Security Best Practices & Automation. "These images provide enterprises with greater flexibility and ease of deployment for securing their computing environments in the cloud."
Cloud-based container images have grown in popularity recently due to their portability, cost effectiveness, and ease of use. CIS is initially offering an Ubuntu® 16.04 LTS Server Container Image, which is available now on AWS at https://aws.amazon.com/marketplace/pp/B07KPP1YPF. // ===
# 28.11.2018 : "//''Using a Hardened Container Image for Secure Applications in the Cloud''//"
**+++*[»]> //CIS® is continuing to expand its cloud offerings with new CIS Hardened Images™ for containers. The CIS Hardened Image for Ubuntu 16.04 is the first hardened container image we'll release for use in a Docker container on AWS. Read on to learn more about the CIS hardening process and whether a hardened container image is right for your application.
__Working Securely in the Cloud__
CIS Hardened Images have been available on AWS for several years and more recently on Azure and GCP. They are cloud-based images that are preconfigured according to the proven security recommendations of the CIS Benchmarks™. The CIS Benchmarks are recognized as global standards and best practices for securing IT systems and data against cyber threats.
[...]
Launch a CIS Hardened Image for Ubuntu 16.04 for Docker on AWS ⇒ https://aws.amazon.com/marketplace/pp/B07KPP1YPF // ===
# 20.11.2018 : "//''New CIS Benchmark for Google Cloud Computing Platform''//"
**+++*[»]> //The CIS Benchmarks™ community has been hard at work the past several months developing a new cloud benchmark: CIS Google Cloud Computing Platform Foundations Benchmark v1.0.0. This new benchmark can be used to help an organization build a set of security policies and processes to protect data and assets in Google Cloud Platform (GCP).
Much like on-premises systems, cloud environments are configured by default for convenience over security. This means they should be "hardened" to protect organizations' data. "Hardening" is the process of securing a technical system to benchmarks like the CIS Benchmarks. When applied, the recommended configuration settings in the CIS Benchmarks can help protect systems from common cyber threats and improve overall security posture.
__Getting started__
The CIS Google Cloud Computing Platform Foundations Benchmark v1.0.0 is intended to serve as a guide to secure the Google Cloud Computing Platform environment. This new benchmark joins hundreds of CIS Benchmarks, covering everything from network and mobile devices to mail servers and operating systems. You can download the new benchmark in PDF format for free:
Download the CIS Google Cloud Computing Platform Foundations Benchmark v.1.0.0 ⇒ https://learn.cisecurity.org/benchmarks
__Benchmark details__
The Audit and Remediation sections within this CIS Benchmark have been developed to include both the console steps and Command Line Interface commands where applicable and available. The structure of this benchmark is similar to that of other cloud-based CIS Benchmarks (such as AWS Foundations and Microsoft Azure Foundations) to ensure equal coverage in benchmark recommendations for as many cloud providers as possible.
Here is a brief glimpse of the sections covered in this CIS Benchmark:
* Identity and Access Management
* Logging and Monitoring configurations
* Virtual Networking Security settings
* Virtual Machine instance settings
* Storage Security configuration
* Cloud SQL Database Services settings
* Kubernetes Engine configuration
[...]
Learn more & browse all CIS Hardened Images ⇒ https://www.cisecurity.org/hardened-images/ // ===
!CIS_Publ
|>|!Pages sur les domaines liés au Cloud et aux containers|!Date|
|>|>|![[Amazon Web Services|https://www.cisecurity.org/benchmark/amazon_web_services]]|
||[[CIS Benchmarks for Amazon Web Services Foundations v1.3.0|https://www.cisecurity.org/benchmark/amazon_web_services/]]|[[09.2020|https://www.cisecurity.org/blog/cis-benchmarks-september-2020-update/]]|
|~|CIS Benchmark for Amazon Web Services Three-tier Web Architecture v1.0.0||
|~|CIS Benchmark for AWS End User Compute Services v1.0.0||
|>|>|![[Docker|https://www.cisecurity.org/benchmark/docker]]|
||CIS Benchmark for Docker v1.2.0||
|~|CIS Benchmark for Docker Community Edition v1.1.0||
|~|CIS Benchmark for Docker 1.6 v1.0.0||
|~|CIS Benchmark for Docker 1.13.0 v1.0.0||
|~|CIS Benchmark for Docker 1.12.0 v1.0.0||
|~|CIS Benchmark for Docker 1.11.0 v1.0.0||
|>|>|![[Google Cloud Computing Platform|https://www.cisecurity.org/benchmark/google_cloud_computing_platform]]|
||CIS Benchmark for Google Cloud Platform Foundation v1.1.0||
|>|>|![[IBM Cloud Computing Platform|https://www.cisecurity.org/benchmark/ibm_cloud]]|
||CIS Benchmark for IBM Cloud Platform Foundation v1.1.0||
|>|>|![[Kubernetes|https://www.cisecurity.org/benchmark/kubernetes]]|
||CIS Benchmarks for Kubernetes v1.4.0||
|~|CIS Benchmark for Kubernetes v1.6.0|[[08.2020|https://www.cisecurity.org/blog/cis-benchmarks-august-2020-update/]]|
|~|CIS Benchmark for Oracle Cloud Infrastructure Container Engine for Kubernetes(OKE) v1.0||
|~|CIS Benchmarks for Google Kubernetes Engine (GKE) v1.1.0|[[07.2020|https://www.cisecurity.org/blog/cis-benchmarks-july-2020-update/]]|
|~|CIS Benchmarks for Amazon Elastic Kubernetes Service (EKS) v1.0.1|[[07.2020|https://www.cisecurity.org/blog/cis-benchmarks-july-2020-update/]]|
|>|>|![[LXD|https://www.cisecurity.org/benchmark/LXD]]|
||CIS Benchmark for Ubuntu Linux 18.04 LXD Host v1.0.0||
|~|CIS Benchmark for Ubuntu 18.04 LXD Container v1.0.0||
|>|>|![[Microsoft Azure|https://www.cisecurity.org/benchmark/azure]]|
||CIS Benchmarks for Microsoft Azure Foundations v1.2.0||
|>|>|![[Oracle Cloud Infrastructure|https://www.cisecurity.org/benchmark/Oracle_Cloud]]|
||CIS Benchmarks for Oracle Cloud Infrastructure Foundations v1.1.0|[[08.2020|https://www.cisecurity.org/blog/cis-benchmarks-august-2020-update/]]|
|>|>|![[VMware|https://www.cisecurity.org/benchmark/vmware]]|
||CIS Benchmarks for VMware ESXi 6.7 v1.1.0|[[07.2020|https://www.cisecurity.org/blog/cis-benchmarks-july-2020-update/]]|
|~|CIS Benchmark for VMware ESXi 6.5 v1.0.0||
|~|CIS Benchmarks for VMware ESXi 5.5 v1.2.0||
|~|CIS Benchmarks for VMware ESXi 5.1 v1.0.1||
!end
%/
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - CIS (Center for Internet Security)]]>>
|ssTabl99|k
|>|>|>| [img(auto,50px)[iCSF/Work.gif]] |
|>|>|>| !Article en cours de rédaction |
|>|>|>| [img[iCSF/Gartner.gif]] |
|2020.08.27||[[Top Actions From Gartner Hype Cycle for Cloud Security, 2020|https://www.gartner.com/smarterwithgartner/top-actions-from-gartner-hype-cycle-for-cloud-security-2020/]]|Public|
|2020.07.17|G00448013|[[Gartner Hype Cycle for Cloud Security, 2020|https://www.gartner.com/document/code/448013]]|Payant|
|2019.07.23|G00369584|[[Gartner Hype Cycle for Cloud Security, 2019|https://www.gartner.com/document/code/369584]]|Payant|
|2019.07.03||[[Gartner Predicts 90% of Current Enterprise Blockchain Platform Implementations Will Require Replacement by 2021|https://www.gartner.com/en/newsroom/press-releases/2019-07-03-gartner-predicts-90--of-current-enterprise-blockchain]]|Public|
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - Gartner]]>>
|ssTabl99|k
|>| [img(auto,50px)[iCSF/Work.gif]] |
|>| !Article en cours de rédaction |
|>| [img(150px,auto)[iCSF/GEANT.gif]][img[iCSF/GEANTCloudServices.png]] |
|>| [[clouds.geant.org/cloud-security|https://clouds.geant.org/cloud-security/]] |
| |[[Cloud Security - Introduction|https://clouds.geant.org/resources/cloud-security/cloud-security-introduction/]]|
|~|[[Fundamental Cloud Security Concepts Part 1 - CIA|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-concepts-part-1-cia/]]|
|~|[[Fundamental Cloud Security Concepts Part 2 - AAA|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-concepts-part-2-aaa/]]|
|~|[[Fundamental Cloud Security Concepts Part 3 - Encryption and Cryptography|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-concepts-part-3-encryption-and-cryptography/]]|
|~|[[Fundamental Cloud Security Concepts Part 4 - Shared Responsibility Model|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-concepts-part-4-shared-responsibility-model/]]|
|~|[[Fundamental Cloud Security Concepts Part 5 - Compliance|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-concepts-part-5-compliance/]]|
|~|[[Fundamental Cloud Security Concepts Part 6 - Network and Security in Amazon Web Services (AWS)|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-concepts-part-6-network-and-security-in-amazon-web-services-aws]]|
|~|[[Fundamental Cloud Security Concepts Part 7 - Network Security in Microsoft Azure|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-concepts-part-7-network-security-in-microsoft-azure/]]|
|~|[[Fundamental Cloud Security Concepts Part 8 - Network Security in Google Cloud Platform (GCP)|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-concepts-part-8-network-security-in-google-cloud-platform-gcp/]]|
|~|[[Fundamental Cloud Security Part 9 - Identity Management in AWS|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-9-identity-management-in-aws/]]|
|~|[[Fundamental Cloud Security Part 10 - Identity Management in Microsoft Azure|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-10-identity-management-in-microsoft-azure/]]|
|~|[[Fundamental Cloud Security Part 11 - Identity Management in Google Cloud Platform (GCP)|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-11-identity-management-in-google-cloud-platform-gcp/]]|
|~|[[Fundamental Cloud Security Part 12 - Supply Chain in the Cloud|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-12-supply-chain-in-the-cloud/]]|
|2019.09.16|[[Fundamental Cloud Security Part 13 – Case Study: Building a Secure Research Environment in AWS|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-12-case-study-building-a-secure-research-environment-in-aws/]]|
|2019.10.31|[[Fundamental Cloud Security Part 14 – Case Study: Building a Secure Research Environment in Microsoft Azure|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-14-case-study-building-a-secure-research-environment-in-microsoftazure/]]|
|2019.11.18|[[Fundamental Cloud Security Part 15 – Case Study: Building a Secure Research Environment in Google Cloud Platform|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-15-case-study-building-a-secure-research-environment-in-google-cloud-platform/]]|
|2019.12.18|[[Fundamental Cloud Security Part 16 – Encryption in Public Cloud Services|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-16-encryption-in-public-cloud-services/]]|
|2020.01.15|[[Fundamental Cloud Security Part 17 – Cloud Access Security Broker|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-17-cloud-access-security-broker/]]|
|2020.01.26|[[Fundamental Cloud Security Part 18 – Top security threats in cloud environments|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-18-top-security-threats-in-cloud-environments/]]|
|2020.02.24|[[Fundamental Cloud Security Part 19 – Impact on security policies when implementing cloud solutions|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-19-impact-on-security-policies-when-implementing-cloud-solutions/]]|
|2020.03.18|[[Fundamental Cloud Security Part 20 – Security testing of cloud environments|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-20-security-testing-of-cloud-environments/]]|
|2020.05.12|[[Fundamental Cloud Security Part 21 – Security monitoring of cloud environments|https://clouds.geant.org/resources/cloud-security/fundamental-cloud-security-part-21-security-monitoring-of-cloud-environments/]]|
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - GEANT]]>>
!Horizon 2020 : //CloudWATCH2 - Think Cloud Services for Government, Business and Research//
[>img(150px,auto)[iCSF/Cloudwatch2.png]]
Le ''CloudWATCH2 Consortium'' était constitué de :
* Trust-IT Services → http://www.trust-itservices.com/
* Le e-Research Centre de l'Université d'Oxford → http://www.oerc.ox.ac.uk/
* La branche Européenne de la [[Cloud Security Alliance]]
* Strategic Blue → http://www.strategic-blue.com/
* ICT Legal Consulting → https://www.ictlegalconsulting.com/
Détails → http://www.cloudwatchhub.eu/cloudwatch2-think-cloud-services-government-business-and-research-0
[img(50%,1px)[iCSF/BluePixel.gif]]
Les principales publications sont les suivantes :
# CloudWATCH2 - Security and Interoperability Standards Status Report (octobre 2017)
** Ce document fait un état des lieux des normes de sécurité et d'interopérabilité. Il comprend :
*** une liste des normes utilisées dans les projets du FP7 et du programme H2020,
*** les écarts identifiés en matière de normalisation
*** une liste des priorités recommandées pour les futurs efforts en matière de normalisation
** Il décrit également le niveau d'adoption des normes utilisées et les implémentations les plus courantes
** __Liens :__
*** Annonce → http://www.cloudwatchhub.eu/cloudwatch2-security-and-interoperability-standards-status-report
*** Document → http://www.cloudwatchhub.eu/sites/default/files/CloudWATCH2_Security-and-Interoperability-Standards-Status-Report.pdf
# CloudWATCH2: Risk-based decision making mechanisms for cloud service - Final report
** __Liens :__
*** Annonce → http://www.cloudwatchhub.eu/cloudwatch2-risk-based-decision-making-mechanisms-cloud-service-final-report
*** Document → http://www.cloudwatchhub.eu/sites/default/files/CloudWATCH2_Risk-based-decision-making-mechanisms-for-cloud-services.pdf
# CloudWATCH: Assessment of Cloud Profile interoperability testing
** __Liens :__
*** Annonce → http://www.cloudwatchhub.eu/cloudwatch-assessment-cloud-profile-interoperability-testing
*** Document → http://www.cloudwatchhub.eu/sites/default/files/D4.4_Assessment-of-Cloud-Profile-interoperability-testing%20_vFinal_0.pdf
# CloudWATCH: Final report on Cloud standards profile development (Update 1)
** __Liens :__
*** Annonce → http://www.cloudwatchhub.eu/cloudwatch-final-report-cloud-standards-profile-development-update-1
*** Document → http://www.cloudwatchhub.eu/sites/default/files/D4.3_Final-report-on-Cloud-standards-profile-development_vFinal-Update1_0.pdf
# CloudWATCH: Legal Guide to the Cloud: How to protect personal data in cloud service contracts
** __Liens :__
*** Annonce → http://www.cloudwatchhub.eu/cloudwatch-legal-guide-cloud-how-protect-personal-data-cloud-service-contracts
*** Document → http://www.cloudwatchhub.eu/sites/default/files/D3%205_Legal%20Guide%20to%20the%20Cloud_v1.0_Final_1.pdf
# Cloud Certification Recommendations
** __Liens :__
*** Annonce → http://www.cloudwatchhub.eu/cloud-certifications
*** Document → http://www.cloudwatchhub.eu/sites/default/files/CloudWATCH_Cloud_Certification_Recommendations_summary_March2015_web.pdf
# CloudWATCH: Guidelines on how to protect personal data in cloud service contracts
** __Liens :__
*** Annonce → http://www.cloudwatchhub.eu/cloudwatch-guidelines-how-protect-personal-data-cloud-service-contracts
*** Document → http://www.cloudwatchhub.eu/sites/default/files/Guidelines%20on%20how%20to%20protect%20personal%20data%20in%20cloud%20service%20contracts_0_0.pdf
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - Horizon 2020]]>>
!MITRE
<<tabs tMITRE 'Présentation' '' [[MITRE]] 'Publications' '' [[MITRE Publications]] 'MITRE ATT&CK' '' [[MITRE ATTACK]] 'ATT&CK Cloud' '' [[MITRE ATTACK Cloud]] 'ATT&CK Cloud IaaS' '' [[MITRE ATTACK Cloud IaaS]] 'ATT&CK Cloud Azure AD' '' [[MITRE ATTACK Cloud AzureAD]] 'ATT&CK Cloud Office 365' '' [[MITRE ATTACK Cloud O365]] 'ATT&CK Cloud Cloud SaaS' '' [[MITRE ATTACK Cloud SaaS]] >>
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - MITRE]]>>
!MITRE
[>img(150px,auto)[iCSF/MITRE.png]]Le ''MITRE'' est une organisation à but non lucratif américaine.
Elle traite des technologie de l'information, mais aussi de l'ingénierie des systèmes et des aspects opérationnels.
Les 3 projets les plus connus du ''MITRE'' (mais ce ne sont pas les seuls) sont :
* CVE (//Common Vulnerabilities and Exposures//) : un dictionnaire des vulnérabilités de sécurité, uniquement basées sur des informations publiques
** Lien → http://cve.mitre.org/
* CWE (//Common Weakness Enumeration//) : une liste des vulnérabilités susceptibles d'être découvertes dans des logiciels
** Lien → http://cwe.mitre.org/
* ATT&CK (//Adversarial Tactics, Techniques, and Common Knowledge//) : une description des tactiques, techniques et connaissances de base des attaquants.
** Lien → https://attack.mitre.org/
[img(400px,2px)[iCSF/BluePixel.gif]]
Le ''MITRE'' a aussi publié plusieurs documents abordant de façon plus globale la problématique du Cloud.
!Publications du MITRE
[>img(150px,auto)[iCSF/MITRE.png]]
|2019.04|Enterprise Cloud Adoption Framework Briefing|[[HTML|https://www.mitre.org/publications/technical-papers/enterprise-cloud-adoption-framework-briefing]]|[[PDF|https://www.mitre.org/sites/default/files/publications/pr-18-2385-enterprise-cloud-adoption-framework%20for%20PR%20Case%20number%2018-2385.pdf]]|
|2018.01|Planning & Management Methods for Migration to a Cloud Environment|[[HTML|https://www.mitre.org/publications/technical-papers/planning-management-methods-for-migration-to-a-cloud-environment]]|[[PDF|https://www.mitre.org/sites/default/files/publications/pr-17-4029-planning-management-methods-migration-to-cloud-environment.pdf]]|
|2017.02|Cybersecurity in the Cloud|[[HTML|https://www.mitre.org/publications/technical-papers/cybersecurity-in-the-cloud]]|[[PDF|https://www.mitre.org/sites/default/files/publications/17-0247-cybersecurity-in-the-cloud.pdf]]|
|2016.10|Resiliency Mitigations in Virtualized and Cloud Environments|[[HTML|https://www.mitre.org/publications/technical-papers/resiliency-mitigations-in-virtualized-and-cloud-environments]]|[[PDF|https://www.mitre.org/sites/default/files/publications/pr-16-3043-virtual-machine-attacks-and-cyber-resiliency.pdf]]|
|2016.01|Federal Cloud Security|[[HTML|https://www.mitre.org/publications/technical-papers/federal-cloud-security]]|[[PDF|https://www.mitre.org/sites/default/files/publications/pr-15-3482-cloud-security-for-federal-government.pdf]]|
|2015.09|Cloud SLA Considerations for the Government Consumer|[[HTML|https://www.mitre.org/publications/technical-papers/cloud-sla-considerations-for-the-government-consumer-0]]|[[PDF|https://www.mitre.org/sites/default/files/publications/pr_15-2504.pdf]]|
|2015.04|January 2015 Federal Cloud Computing Summit Summary|[[HTML|https://www.mitre.org/publications/technical-papers/january-2015-federal-cloud-computing-summit-summary]]|[[PDF|https://www.mitre.org/sites/default/files/publications/pr-15-1080-jan-2015_federal-cloud-computing-summit_summary.pdf]]|
|2014.10|July 2014 Federal Cloud Computing Summit Summary|[[HTML|https://www.mitre.org/publications/technical-papers/july-2014-federal-cloud-computing-summit-summary]]|[[PDF|https://www.mitre.org/sites/default/files/publications/pr_14-3272-july-2014-federal-cloud-computing-summit.pdf]]|
|2014.02|Ahead in the Clouds: An Online Forum for Government|[[HTML|https://www.mitre.org/publications/technical-papers/ahead-in-the-clouds-an-online-forum-for-government]]|[[PDF|https://www.mitre.org/sites/default/files/publications/ahead-in-the-clouds-government-forum-2010-2011.pdf]]|
|2012.09|Leveraging Public Clouds to Ensure Data Availability|[[HTML|https://www.mitre.org/publications/technical-papers/leveraging-public-clouds-to-ensure-data-availability]]|[[PDF|https://www.mitre.org/sites/default/files/pdf/12_0230.pdf]]|
|2010.11|Information Security in the Clouds|[[HTML|https://www.mitre.org/publications/technical-papers/information-security-in-the-clouds]]|[[PDF|https://www.mitre.org/sites/default/files/pdf/cloud_information_security.pdf]]|
[img(400px,2px)[iCSF/BluePixel.gif]]
!MITRE ATT&CK
[>img(auto,50px)[iCSF/MITRE_ATTACK.png]]Le ''MITRE ATT&CK'' est cadre de sécurité qui répertorie en catégories les différents types de tactiques, techniques et procédures (//TTP//) utilisées par les attaquants.
Ces TTP sont présentées sous la forme de matrices :
* Matrice "Pré-ATT&CK"
* Matrice "Entreprise"
* Matrice "Mobile"
* Matrice "Cloud" depuis octobre 2019.
** Lien → https://attack.mitre.org/matrices/enterprise/cloud/
Les 12 tactiques sont les suivantes :
|!Dénomination
en français |!Dénomination
en anglais|!Code |!Description en anglais|
|Accès initial|//Initial Access//|[[TA0001|https://attack.mitre.org/tactics/TA0001/]]|//The adversary is trying to get into your network//|
|Exécution|//Execution//|[[TA0002|https://attack.mitre.org/tactics/TA0002/]]|//The adversary is trying to run malicious code//|
|Persistance|//Persistence//|[[TA0003|https://attack.mitre.org/tactics/TA0003/]]|//The adversary is trying to maintain their foothold//|
|Escalade de privilèges|//Privilege Escalation//|[[TA0004|https://attack.mitre.org/tactics/TA0004/]]|//The adversary is trying to gain higher-level permissions//|
|Évasion de la détection|//Defense Evasion//|[[TA0005|https://attack.mitre.org/tactics/TA0005/]]|//The adversary is trying to avoid being detected//|
|Accès aux justificatifs|//Credential Access//|[[TA0006|https://attack.mitre.org/tactics/TA0006/]]|//The adversary is trying to steal account names and passwords//|
|Découverte|//Discovery//|[[TA0007|https://attack.mitre.org/tactics/TA0007/]]|//The adversary is trying to figure out your environment//|
|Mouvement latéral|//Lateral Movement//|[[TA0008|https://attack.mitre.org/tactics/TA0008/]]|//The adversary is trying to move through your environment//|
|Collecte|//Collection//|[[TA0009|https://attack.mitre.org/tactics/TA0009/]]|//The adversary is trying to gather data of interest to their goal//|
|Commande et contrôle|//Command and Control//|[[TA0011|https://attack.mitre.org/tactics/TA0011/]]|//The adversary is trying to communicate with compromised systems to control them//|
|Exfiltration|//Exfiltration//|[[TA0010|https://attack.mitre.org/tactics/TA0010/]]|//The adversary is trying to steal data//|
|Impact|//Impact//|[[TA0040|https://attack.mitre.org/tactics/TA0040/]]|//The adversary is trying to manipulate, interrupt, or destroy your systems and data//|
[img(400px,2px)[iCSF/BluePixel.gif]]
!MITRE ATT&CK Cloud
[>img(auto,50px)[iCSF/MITRE_ATTACK.png]]La matrice ''ATT&CK Cloud'' est déclinée pour les environnements suivants :
* Amazon Web Services (AWS), Microsoft Azure (Azure), et Google Cloud Platform (GCP)
** AWS → https://attack.mitre.org/matrices/enterprise/cloud/aws/
** Azure → https://attack.mitre.org/matrices/enterprise/cloud/azure/
** GCP → https://attack.mitre.org/matrices/enterprise/cloud/gcp/
* Software as a service (SaaS)
** SaaS → https://attack.mitre.org/matrices/enterprise/cloud/saas/
* Azure Active Directory (Azure AD)
** Azure AD → https://attack.mitre.org/matrices/enterprise/cloud/azuread/
* Office 365 (O365)
** Office 365 → https://attack.mitre.org/matrices/enterprise/cloud/office365/
{{floatC{[img(90%,auto)[iCSF/JAPMAC.png]]}}}
Les 36 techniques répertoriées contre les environnements et plates-formes Cloud sont les suivantes :{{ss2col{
# [[Application Access Token|https://attack.mitre.org/techniques/T1527]]
# [[Cloud Instance Metadata API|https://attack.mitre.org/techniques/T1522]]
# [[Cloud Service Dashboard|https://attack.mitre.org/techniques/T1538]]
# [[Cloud Service Discovery|https://attack.mitre.org/techniques/T1526]]
# [[Data from Cloud Storage Object|https://attack.mitre.org/techniques/T1530]]
# [[Implant Container Image|https://attack.mitre.org/techniques/T1525]]
# [[Internal Spearphishing|https://attack.mitre.org/techniques/T1534]]
# [[Revert Cloud Instance|https://attack.mitre.org/techniques/T1536]]
# [[Steal Application Access Token|https://attack.mitre.org/techniques/T1528]]
# [[Steal Web Session Cookie|https://attack.mitre.org/techniques/T1539]]
# [[Transfer Data to Cloud Account|https://attack.mitre.org/techniques/T1537]]
# [[Unused Cloud Regions|https://attack.mitre.org/techniques/T1535]]
# [[Web Session Cookie|https://attack.mitre.org/techniques/T1506]]
# [[Account Discovery|https://attack.mitre.org/techniques/T1087]]
# [[Account Manipulation|https://attack.mitre.org/techniques/T1098]]
# [[Brute Force|https://attack.mitre.org/techniques/T1110]]
# [[Create Account|https://attack.mitre.org/techniques/T1136]]
# [[Credentials in Files|https://attack.mitre.org/techniques/T1081]]
# [[Data from Information Repositories|https://attack.mitre.org/techniques/T1213]]
# [[Data from Local System|https://attack.mitre.org/techniques/T1005]]
# [[Data Staged|https://attack.mitre.org/techniques/T1074]]
# [[Drive-by Compromise|https://attack.mitre.org/techniques/T1189]]
# [[Email Collection|https://attack.mitre.org/techniques/T1114]]
# [[Exploit Public-Facing Application|https://attack.mitre.org/techniques/T1190]]
# [[Network Service Scanning|https://attack.mitre.org/techniques/T1046]]
# [[Network Share Discovery|https://attack.mitre.org/techniques/T1135]]
# [[Office Application Startup|https://attack.mitre.org/techniques/T1137]]
# [[Permission Groups Discovery|https://attack.mitre.org/techniques/T1069]]
# [[Redundant Access|https://attack.mitre.org/techniques/T1108]]
# [[Remote System Discovery|https://attack.mitre.org/techniques/T1018]]
# [[Resource Hijacking|https://attack.mitre.org/techniques/T1496]]
# [[Spearphishing Link|https://attack.mitre.org/techniques/T1192]]
# [[System Information Discovery|https://attack.mitre.org/techniques/T1082]]
# [[System Network Connections Discovery|https://attack.mitre.org/techniques/T1049]]
# [[Trusted Relationship|https://attack.mitre.org/techniques/T1199]]
# [[Valid Accounts|https://attack.mitre.org/techniques/T1078]]
}}}[img(400px,2px)[iCSF/BluePixel.gif]]
!MITRE ATT&CK Cloud IaaS
[>img(auto,50px)[iCSF/MITRE_ATTACK.png]]La matrice ''MITRE ATT&CK Cloud'' est la même pour les 3 environnements :
* Amazon Web Services (AWS) → https://attack.mitre.org/matrices/enterprise/cloud/aws/
* Microsoft Azure (Azure) → https://attack.mitre.org/matrices/enterprise/cloud/azure/
* Google Cloud Platform (GCP) → https://attack.mitre.org/matrices/enterprise/cloud/gcp/
|!Accès initial|!Exécution|!Persistance|!Escalade des privilèges|!Évasion de la défense|!Accès aux justificatifs|!Découverte|!Mouvement latéral|!Collecte|!Commande et contrôle|!Exfiltration|!Impact|
|!//Initial Access//|!//Execution//|!//Persistence//|!//Privilege Escalation//|!//Defense Evasion//|!//Credential Access//|!//Discovery//|!//Lateral Movement//|!//Collection//|!//Command and Control//|!//Exfiltration//|!//Impact//|
|![[TA0001|https://attack.mitre.org/tactics/TA0001/]]|![[TA0002|https://attack.mitre.org/tactics/TA0002/]]|![[TA0003|https://attack.mitre.org/tactics/TA0003/]]|![[TA0004|https://attack.mitre.org/tactics/TA0004/]]|![[TA0005|https://attack.mitre.org/tactics/TA0005/]]|![[TA0006|https://attack.mitre.org/tactics/TA0006/]]|![[TA0007|https://attack.mitre.org/tactics/TA0007/]]|![[TA0008|https://attack.mitre.org/tactics/TA0008/]]|![[TA0009|https://attack.mitre.org/tactics/TA0009/]]|![[TA0011|https://attack.mitre.org/tactics/TA0011/]]|![[TA0010|https://attack.mitre.org/tactics/TA0010/]]|![[TA0040|https://attack.mitre.org/tactics/TA0040/]]|
|>|>|>|>|>|>|>|>|>|!|>||
|[[Drive-by Compromise|https://attack.mitre.org/techniques/T1189]]|!|[[Account Manipulation|https://attack.mitre.org/techniques/T1098]]|[[Valid Accounts|https://attack.mitre.org/techniques/T1078]]|[[Application Access Token|https://attack.mitre.org/techniques/T1527]]|[[Account Manipulation|https://attack.mitre.org/techniques/T1098]]|[[Account Discovery|https://attack.mitre.org/techniques/T1087]]|[[Application Access Token|https://attack.mitre.org/techniques/T1527]]|[[Data from Cloud Storage Object|https://attack.mitre.org/techniques/T1530]]|!|[[Transfer Data to Cloud Account|https://attack.mitre.org/techniques/T1537]]|[[Resource Hijacking|https://attack.mitre.org/techniques/T1496]]|
|[[Exploit Public-Facing Application|https://attack.mitre.org/techniques/T1190]]|!|[[Create Account|https://attack.mitre.org/techniques/T1136]]|!|[[Redundant Access|https://attack.mitre.org/techniques/T1108]]|[[Brute Force|https://attack.mitre.org/techniques/T1110]]|[[Cloud Service Dashboard|https://attack.mitre.org/techniques/T1538]]|[[Internal Spearphishing|https://attack.mitre.org/techniques/T1534]]|[[Data from Information Repositories|https://attack.mitre.org/techniques/T1213]]|!|!|!|
|[[Spearphishing Link|https://attack.mitre.org/techniques/T1192]]|!|[[Implant Container Image|https://attack.mitre.org/techniques/T1525]]|!|[[Revert Cloud Instance|https://attack.mitre.org/techniques/T1536]]|[[Cloud Instance Metadata API|https://attack.mitre.org/techniques/T1522]]|[[Cloud Service Discovery|https://attack.mitre.org/techniques/T1526]]|[[Web Session Cookie|https://attack.mitre.org/techniques/T1506]]|[[Data from Local System|https://attack.mitre.org/techniques/T1005]]|!|!|!|
|[[Trusted Relationship|https://attack.mitre.org/techniques/T1199]]|!|[[Office Application Startup|https://attack.mitre.org/techniques/T1137]]|!|[[Unused/Unsupported Cloud Regions|https://attack.mitre.org/techniques/T1535]]|[[Credentials in Files|https://attack.mitre.org/techniques/T1081]]|[[Network Service Scanning|https://attack.mitre.org/techniques/T1046]]|!|[[Data Staged|https://attack.mitre.org/techniques/T1074]]|!|!|!|
|[[Valid Accounts|https://attack.mitre.org/techniques/T1078]]|!|[[Redundant Access|https://attack.mitre.org/techniques/T1108]]|!|[[Valid Accounts|https://attack.mitre.org/techniques/T1078]]|[[Steal Application Access Token|https://attack.mitre.org/techniques/T1528]]|[[Network Share Discovery|https://attack.mitre.org/techniques/T1135]]|!|[[Email Collection|https://attack.mitre.org/techniques/T1114]]|!|!|!|
|!|!|[[Valid Accounts|https://attack.mitre.org/techniques/T1078]]|!|[[Web Session Cookie|https://attack.mitre.org/techniques/T1506]]|[[Steal Web Session Cookie|https://attack.mitre.org/techniques/T1539]]|[[Permission Groups Discovery|https://attack.mitre.org/techniques/T1069]]|!|!|!|!|!|
|!|!|!|!|!|!|[[Remote System Discovery|https://attack.mitre.org/techniques/T1018]]|!|!|!|!|!|
|!|!|!|!|!|!|[[System Information Discovery|https://attack.mitre.org/techniques/T1082]]|!|!|!|!|!|
|!|!|!|!|!|!|[[System Network Connections Discovery|https://attack.mitre.org/techniques/T1049]]|!|!|!|!|!|
[img(400px,2px)[iCSF/BluePixel.gif]]
!MITRE ATT&CK Cloud AzureAD
[>img(auto,50px)[iCSF/MITRE_ATTACK.png]]La matrice ''MITRE ATT&CK Cloud'' pour Azure Active Directory (Azure AD)
* Azure AD → https://attack.mitre.org/matrices/enterprise/cloud/azuread/
|>|>|>|>|>|>|>|>|>|>|>|!AzureAD|
|!Accès initial|!Exécution|!Persistance|!Escalade des privilèges|!Évasion de la défense|!Accès aux justificatifs|!Découverte|!Mouvement latéral|!Collecte|!Commande et contrôle|!Exfiltration|!Impact|
|!//Initial Access//|!//Execution//|!//Persistence//|!//Privilege Escalation//|!//Defense Evasion//|!//Credential Access//|!//Discovery//|!//Lateral Movement//|!//Collection//|!//Command and Control//|!//Exfiltration//|!//Impact//|
|||Persistence |Defense Evasion |Credential Access |Discovery|||||||
|||Account Manipulation |Redundant Access |Account Manipulation |Account Discovery|||||||
|||Create Account ||Brute Force |Cloud Service Dashboard|||||||
|||Redundant Access ||Steal Application Access Token |Cloud Service Discovery|||||||
||||||Permission Groups Discovery|||||||
[img(400px,2px)[iCSF/BluePixel.gif]]
!MITRE ATT&CK Cloud Office 365
[>img(auto,50px)[iCSF/MITRE_ATTACK.png]]La matrice ''MITRE ATT&CK Cloud'' pour Office 365 (O365)
* Office 365 → https://attack.mitre.org/matrices/enterprise/cloud/office365/
|>|>|>|>|>|>|>|>|>|>|>|!Office 365|
|!Accès initial|!Exécution|!Persistance|!Escalade des privilèges|!Évasion de la défense|!Accès aux justificatifs|!Découverte|!Mouvement latéral|!Collecte|!Commande et contrôle|!Exfiltration|!Impact|
|!//Initial Access//|!//Execution//|!//Persistence//|!//Privilege Escalation//|!//Defense Evasion//|!//Credential Access//|!//Discovery//|!//Lateral Movement//|!//Collection//|!//Command and Control//|!//Exfiltration//|!//Impact//|
|Initial Access ||Persistence |Privilege Escalation |Defense Evasion |Credential Access |Discovery |Lateral Movement |Collection||||
|Spearphishing Link ||Account Manipulation |Valid Accounts |Application Access Token |Account Manipulation |Account Discovery |Application Access Token |Email Collection||||
|Valid Accounts ||Create Account ||Redundant Access |Brute Force |Cloud Service Dashboard |Internal Spearphishing |||||
|||Office Application Startup ||Valid Accounts |Steal Application Access Token |Cloud Service Discovery |Web Session Cookie |||||
|||Redundant Access ||Web Session Cookie |Steal Web Session Cookie |Permission Groups Discovery ||||||
|||Valid Accounts ||||||||||
[img(400px,2px)[iCSF/BluePixel.gif]]
!MITRE ATT&CK Cloud SaaS
[>img(auto,50px)[iCSF/MITRE_ATTACK.png]]La matrice ''MITRE ATT&CK Cloud'' pour le Software as a service (SaaS)
* SaaS → https://attack.mitre.org/matrices/enterprise/cloud/saas/
|>|>|>|>|>|>|>|>|>|>|>|!SaaS|
|!Accès initial|!Exécution|!Persistance|!Escalade des privilèges|!Évasion de la défense|!Accès aux justificatifs|!Découverte|!Mouvement latéral|!Collecte|!Commande et contrôle|!Exfiltration|!Impact|
|!//Initial Access//|!//Execution//|!//Persistence//|!//Privilege Escalation//|!//Defense Evasion//|!//Credential Access//|!//Discovery//|!//Lateral Movement//|!//Collection//|!//Command and Control//|!//Exfiltration//|!//Impact//|
|Initial Access ||Persistence |Privilege Escalation |Defense Evasion |Credential Access |Discovery |Lateral Movement |Collection||||
|Drive-by Compromise ||Redundant Access |Valid Accounts |Application Access Token |Brute Force |Cloud Service Discovery |Application Access Token |Data from Information Repositories||||
|Spearphishing Link ||Valid Accounts ||Redundant Access |Steal Application Access Token ||Internal Spearphishing |||||
|Trusted Relationship ||||Valid Accounts |Steal Web Session Cookie ||Web Session Cookie |||||
|Valid Accounts ||||Web Session Cookie ||||||||
[img(400px,2px)[iCSF/BluePixel.gif]]
[>img(150px,auto)[iCSF/CSCC2OMG_2.jpg]][>img(150px,auto)[iCSF/CSCC.jpg]]
L'[[Object Management Group|https://www.omg.org/cloud/]] est le nouveau nom du ''Cloud Standards Customer Council''.
Au début des années 2010, il a constitué un [[Cloud Working Group|https://www.omg.org/cloud/]] et a publié 28 livrables+++*[»] lien → https://www.omg.org/cloud/published-deliverables.htm ===
> //The OMG Cloud Working Group publishes vendor-neutral guidance on important considerations for cloud computing adoption, highlighting standards, opportunities for standardization, cloud customer requirements, and best practices to foster an ecosystem of open, standards-based cloud computing technologies.
The Cloud Working Group or "CWG" takes over the mission of the Cloud Standards Customer Council™ (CSCC™), an OMG-managed program that launched in 2011 and published 28 deliverables over the course of its operation.//
Parmi ces livrables, 4 ont été publiés en 2011 et traitent d'aspects 'Cloud et Sécurit
* "Security for Cloud Computing: 10 Steps to Ensure Success"
* "Cloud Security Standards: What to Expect and What to Negotiate"
* "Cloud Customer Architecture for Securing Workloads on Cloud Services"
* "Data Residency Challenges"
!!Security for Cloud Computing: 10 Steps to Ensure Success
<<<
//[>img(200px,auto)[iCSF/CSCC-SFCC.jpg]]Security for Cloud Computing: 10 Steps to Ensure Success provides a practical reference to help enterprise information technology (IT) and business decision makers analyze the security implications of cloud computing on their business.
The guide includes a list of ten steps designed to help decision makers evaluate and compare security and privacy offerings from different cloud providers in key areas, covering:
* Security and privacy challenges pertinent to cloud computing and considerations that organizations should weigh when migrating data, applications, and infrastructure
* Threats, technology risks, and safeguards for cloud computing environments and the insight needed to make informed IT decisions on their treatment
* A Cloud Security Assessment to assess the security capabilities of cloud providers
Version 3.0 introduces new and updated security standards, worldwide privacy regulations, and stresses the importance of including security in continuous delivery and deployment approaches, among other things.
~~This paper was published by the Cloud Standards Customer Council, a program launched by the OMG in 2011 to advance the adoption of cloud computing. This work is now under the purview of the OMG Cloud Working Group. Copyright is owned by OMG.~~//
<<<
__Liens :__
* Présentation : [[HTML|https://www.omg.org/cloud/deliverables/security-for-cloud-computing-10-steps-to-ensure-success.htm]]
* Document : version 3.0 en [[PDF|https://www.omg.org/cloud/deliverables/CSCC-Security-for-Cloud-Computing-10-Steps-to-Ensure-Success.pdf]]
!!Cloud Security Standards: What to Expect and What to Negotiate
<<<
//[>img(200px,auto)[iCSF/CSCC-CSS.jpg]]Cloud Security Standards: What to Expect and What to Negotiate is a guide to security standards, frameworks, and certifications that exist for cloud computing. This guide will help you assess the security standards support of cloud service providers.
As customers transition their applications and data to use cloud computing, it is important that the level of security provided in the cloud environment is equal to or better than the security provided by their traditional IT environment. Cloud security standards and their support by prospective cloud service providers and within the enterprise is a critical area of focus for cloud service customers.
The landscape has matured with new cloud-specific security standards, like ISO/IEC 27017 and ISO/IEC 27018 for cloud computing security and privacy, being adopted.
~~This paper was published by the Cloud Standards Customer Council, a program launched by the OMG in 2011 to advance the adoption of cloud computing. This work is now under the purview of the OMG Cloud Working Group. Copyright is owned by OMG.~~//
<<<
__Liens :__
* Présentation : [[HTML|https://www.omg.org/cloud/deliverables/cloud-security-standards-what-to-expect-and-what-to-negotiate.htm]]
* Document : version 2.0 en [[PDF|https://www.omg.org/cloud/deliverables/CSCC-Cloud-Security-Standards-What-to-Expect-and-What-to-Negotiate.pdf]]
!!Cloud Customer Architecture for Securing Workloads on Cloud Services
<<<
//[>img(200px,auto)[iCSF/CSCC-CCAFSW.jpg]]Cloud Customer Architecture for Securing Workloads on Cloud Services was written as practical reference to help IT architects and IT security professionals architect, install, and operate the information security components of solutions built using cloud services.
Many cloud services are now available covering infrastructure, platform and application capabilities. Building business solutions using these cloud services requires a clear understanding of the available security services, components and options, allied to a clear architecture which provides for the complete lifecycle of the solutions, covering development, deployment and operations.
This paper introduces best practices for architecting the security of cloud service solutions.
~~This paper was published by the Cloud Standards Customer Council, a program launched by the OMG in 2011 to advance the adoption of cloud computing. This work is now under the purview of the OMG Cloud Working Group. Copyright is owned by OMG.~~//
<<<
__Liens :__
* Présentation : [[HTML|https://www.omg.org/cloud/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm]]
* Document : version 1.0 en [[PDF|https://www.omg.org/cloud/deliverables/CSCC-Cloud-Customer-Architecture-for-Securing-Workloads-on-Cloud-Services.pdf]]
!!Data Residency Challenges
<<<
//[>img(200px,auto)[iCSF/CSCC-DRC.jpg]]As data is increasingly accessed and shared across geographic boundaries, a growing web of conflicting laws and regulations dictate where data can be transferred, stored, and shared, and how it is protected. The Object Management Group® (OMG®) and the Cloud Standards Customer Council™ (CSCC™) completed a significant effort to analyze and document the challenges posed by data residency.
This discussion paper defines data residency as:
"...the set of issues and practices related to the location of data and metadata, the movement of (meta)data across geographies and jurisdictions, and the protection of that (meta)data against unintended access and other location-related risks."
This paper covers issues and risks, laws and regulations, applicable and related standards.
~~This paper was published by the Cloud Standards Customer Council, a program launched by the OMG in 2011 to advance the adoption of cloud computing. This work is now under the purview of the OMG Cloud Working Group. Copyright is owned by OMG. This paper was a joint effort between the Cloud Standards Customer Council and the OMG Data Residency Working Group.+++*[»] http://www.omg.org/data-residency/ ===~~//
<<<
__Liens :__
* Présentation : [[HTML|https://www.omg.org/cloud/deliverables/data-residency-challenges.htm]]
* Document : version 1.0 en [[PDF|https://www.omg.org/cloud/deliverables/CSCC-Data-Residency-Challenges.pdf]]
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - Object Management Group (OMG) / Cloud Working Group]]>>
!OWASP - //Open Web Application Security Project//
[>img(auto,100px)[iCSF/OWASP.png]]L'OWASP est une communauté oeuvrant pour la sécurité des applications Web. Elle publie des recommandations liées à la sécurisation Web ainsi que des méthodes et outils permettant de contrôler le niveau de sécurisation d'applications Web.
Les 7 projets les plus connus ou à connaître sont :
# "Top Ten OWASP"
** Objet : principales décliné depuis en différents contexte (Web, mobilité...)
# "WebGoat"
** Objet : décliné depuis sous différents contextes (Web, Docker, ...)
# "WebScarab"
** Objet : proxy utilisé lors de contrôles, d'audit, et de tests d'intrusion
# "OWASP Testing Guide"
** Objet : document d'aide à l'évaluation d'un niveau de sécurité d'une application Web
# "OWASP Code Review Guide"
** Objet : document d'aide à la revue de sécurité d'un code
** Page du projet → https://www.owasp.org/index.php/Code_Review_Guide_Frontispiece
# "''OWASP Cloud Security Project''"
** Objet : //The OWASP Cloud Security project aims to help people secure their products and services running in the cloud by providing a set of easy to use threat and control BDD (Behaviour Driven Development) stories that pool together the expertise and experience of the development, operations, and security communities.//
** Page du projet → https://www.owasp.org/index.php/OWASP_Cloud_Security_Project
** Répertoire Github → https://github.com/owasp-cloud-security/owasp-cloud-security
# "''OWASP Cloud-Native Application Security Top 10''"
** Objet : //The primary goal of this document is to provide assistance and education for organizations looking to adopt Cloud-Native Applications. The guide provides information about what are the most prominent security risks for Cloud-Native applications, the challenges involved, and how to overcome them.//
** Page du projet → https://www.owasp.org/index.php/OWASP_Cloud-Native_Application_Security_Top_10
** Répertoire Github → https://github.com/OWASP/Cloud-Native-Application-Security-Top-10
# "''OWASP Docker Top 10''"
** Page du projet → https://www.owasp.org/index.php/OWASP_Docker_Top_10
** Répertoire Github → https://github.com/OWASP/Docker-Security
# "OWASP Serverless Top 10"
** Objet : //OWASP Serverless Top 10 aims at educating practitioners and organizations about the consequences of the most common serverless application security vulnerabilities, as well as providing basic techniques to identify and protect against them.//
** Page du projet → https://www.owasp.org/index.php/OWASP_Serverless_Top_10_Project
** Répertoire Github → https://github.com/OWASP/Serverless-Top-10-Project
# "OWASP Serverless Goat"
** Page du projet → https://www.owasp.org/index.php/OWASP_Serverless_Goat
** Répertoire Github → https://github.com/OWASP/Serverless-Goat
# "OWASP Internet of Things Project"
** Page du projet → https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
** Répertoire Github → https://github.com/OWASP/IoTGoat/
# "OWASP API Security Project"
** Page du projet → https://www.owasp.org/index.php/OWASP_API_Security_Project
** Répertoire Github → https://github.com/OWASP/API-Security
** Première version officielle (31.12.2019) : [[API Security Top 10 2019|https://github.com/OWASP/API-Security/raw/master/2019/en/dist/owasp-api-security-top-10.pdf]]
*** Dernière version draft (30.09.2019) : [[OWASP API Security Top 10 release candidate (RC)|https://github.com/OWASP/API-Security/raw/master/2019/en/dist/owasp-api-security-top-10.pdf]]
Et en complément :
* Projet "CheatSheets"
** Répertoire Github → https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets
** Fiche "[[Docker Security|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Docker_Security_Cheat_Sheet.md]]"
** Fiche "[[Microservices based Security Arch Doc|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Microservices_based_Security_Arch_Doc_Cheat_Sheet.md]]"
**+++*[Liste (non exhaustive) des autres fiches]>
* AJAX Security, Abuse Case, Access Control, Attack Surface Analysis, Authentication, Authorization Testing Automation,
* Bean Validation,
* C-Based Toolchain Hardening, C-Based Toolchain Hardening, Choosing and Using Security Questions, Clickjacking Defense, Content Security Policy, Credential Stuffing Prevention, Cross-Site Request Forgery Prevention, Cross Site Scripting Prevention, Cryptographic Storage,
* DOM based XSS Prevention, Denial of Service, Deserialization, [[Docker Security|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Docker_Security_Cheat_Sheet.md]], DotNet Security,
* Error Handling,
* Forgot Password,
* HTML5 Security, HTTP Strict Transport Security,
* Injection Prevention, Injection Prevention Cheat Sheet in Java, Input Validation, Insecure Direct Object Reference Prevention,
* JAAS, JSON Web Token Cheat Sheet for Java,
* Key Management,
* LDAP Injection Prevention, Logging, Mass Assignment,
* [[Microservices based Security Arch Doc|https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Microservices_based_Security_Arch_Doc_Cheat_Sheet.md]],
* OS Command Injection Defense,
* PHP Configuration, Password Storage, Pinning, Protect FileUpload Against Malicious File,
* Query Parameterization,
* REST Assessment, REST Security, Ruby on Rails Cheatsheet,
* SAML Security, SQL Injection Prevention, Securing Cascading Style Sheets, Server Side Request Forgery Prevention, Session Management,
* TLS Cipher String, Third Party Javascript Management, Threat Modeling, Transaction Authorization, Transport Layer Protection,
* Unvalidated Redirects and Forwards, User Privacy Protection,
* Virtual Patching, Vulnerability Disclosure, Vulnerable Dependency Management,
* Web Service Security,
* XML External Entity Prevention, XML Security ===
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - OWASP]]>>
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
!PCI DSS - //Payment Card Industry Data Security Standard//
[>img(auto,100px)[iCSF/PCI.png]]
__Quelques documents :__
* Information Supplement: ''PCI SSC Cloud Computing Guidelines'' (avril 2018)
:→ https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Cloud_Guidelines_v3.pdf
**+++*[Table des matières]>
* 1. Introduction
* 2. Cloud Overview
* 3. Cloud Provider/Customer Relationships
** 3.1. Understanding Roles and Responsibilities
** 3.2. Roles and Responsibilities for Different Cloud Deployment Models
** 3.3. Responsibilities for Different Cloud Service Categories
** 3.4. Nested Service Provider Relationships
* 4. PCI DSS Considerations
** 4.1. Understanding PCI DSS Responsibilities
** 4.2. PCI DSS Responsibilities for Different Cloud Service Categories
** 4.3. Understanding Responsibilities of Security as a Service (SECaaS)
** 4.4. Segmentation Considerations
* *5. PCI DSS Compliance Challenges
** 5.1. What Does It Mean When a Provider States, "I Am PCI DSS Compliant"?
** 5.2. Verifying the Scopeof PCI DSS Validated Services and Components
** 5.3. Verifying PCI DSS Controls Managed by the Cloud Service Provider
* 6. Security Considerations
** 6.1. Governance, Risk and Compliance
** 6.2. Facilities and Physical Security
** 6.3. Data Security Considerations
** 6.4. Incident Response and Forensic Investigation
** 6.5. Vulnerability Management
* Appendix A: Sample PCI DSS Responsibilities for Different Cloud Service Categories
* Appendix B: Sample Inventory
* Appendix C: Sample PCI DSS Responsibility Management Matrix
* Appendix D: PCI DSS Implementation Considerations
* Appendix E: Technical Security Considerations
** E.1. Evolving Security Technologies
** E.2. Multi-tenancy
** E.3. Internet of Things and Fog Computing
** E.4. Software Defined Networking
** E.5. Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS)
** E.6. Hypervisor Access and Introspection
** E.7. Containers
** E.8. Virtual Desktop Infrastructure in the Cloud
** E.9. Elastic Resources Inventory and Control
** E.10. Data Encryption and Cryptographic Key Management
** E.11. Secure Cryptography Devices in the Cloud
** E.12. Change Detection for Cloud-based Systems
** E.13. Security of Software Interfaces and APIs
** E.14. Identity and Access Management
** E.15. Logging and Audit Trails
===
* Information Supplement: ''PCI DSS Virtualization Guidelines'' (juin 2011)
:→ https://www.pcisecuritystandards.org/documents/Virtualization_InfoSupp_v2.pdf
**+++*[Table des matières]>
* 1. Introduction
* 2. Virtualization Overview
* 3. Risks for Virtualized Environments
** 3.1. Vulnerabilities in the Physical Environment Apply in a Virtual Environment
** 3.2. Hypervisor Creates New Attack Surface
** 3.3. Increased Complexity of Virtualized Systems and Networks
** 3.4. More Than One Function per Physical System
** 3.5. Mixing VMs of Different Trust Levels
** 3.6. Lack of Separation of Duties
** 3.7. Dormant Virtual Machines
** 3.8. VM Images and Snapshots
** 3.9. Immaturity of Monitoring Solutions
** 3.10. Information Leakage between Virtual Network Segments
** 3.11. Information Leakage between Virtual Components
* 4. Recommendations
** 4.1. General Recommendations
** 4.2. Recommendations for Mixed-Mode Environments
** 4.3. Recommendations for Cloud Computing Environments
** 4.4. Guidance for Assessing Risks in Virtual Environments
* 5. Conclusion
* 6. Acknowledgments
* 7. Appendix - Virtualization Considerations for PCI DSS
===
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - PCI-DSS]]>>
|!Date|!|!Titre, Lien et (Auteur)|!|
|2020.12.22|SANS|[[A New Take on Cloud Shared Responsibility|https://www.sans.org/reading-room/whitepapers/analyst/cloud-shared-responsibility-40040]] (ExtraHop)|Shared_Rsponsibility|
|2020.12.09|SANS|[[Detecting and Preventing the Top AWS Database Security Risks|https://www.sans.org/reading-room/whitepapers/cloud/detecting-preventing-top-aws-database-security-risks-40015]] (Gavin Grisamore)|AWS Risks Database|
|2020.12.02|SANS|[[How to Manage the Shift to Cloud Security|https://www.sans.org/reading-room/whitepapers/analyst/manage-shift-cloud-security-39985]] (Dave Shackleford) (Netskope)|Misc|
|2020.10.30|SANS|[[How to Create a Scalable and Automated Edge Strategy in the AWS Cloud|https://www.sans.org/reading-room/whitepapers/analyst/create-scalable-automated-edge-strategy-aws-cloud-39924]] (AWS)|AWS|
|2020.10.27|SANS|[[Extending DevSecOps Security Controls into the Cloud: A SANS Survey|https://www.sans.org/reading-room/whitepapers/analyst/extending-devsecops-security-controls-cloud-survey-39910]] (Jim Bird, Eric Johnson)|Survey|
|2020.10.26|SANS|[[The SANS Guide to Evaluating Attack Surface Management|https://www.sans.org/reading-room/whitepapers/analyst/guide-evaluating-attack-surface-management-39905]] (Pierre Lidome)|Attack_Surface|
|2020.10.14|SANS|[[Prescriptive Model for Software Supply Chain Assurance in Private Cloud Environments|https://www.sans.org/reading-room/whitepapers/cloud/prescriptive-model-software-supply-chain-assurance-private-cloud-environments-39895]] (Robert Wood)||
|2020.10.08|SANS|[[Firebase: Google Cloud's Evil Twin|https://www.sans.org/reading-room/whitepapers/cloud/firebase-google-clouds-evil-twin-39885]] (Brandon Evans)|GCP|
|2020.10.07|SANS|[[Shall We Play a Game?: Analyzing the Security of Cloud Gaming Services|https://www.sans.org/reading-room/whitepapers/cloud/play-game-analyzing-security-cloud-gaming-services-39865]] (Adam Knepprath)||
|2020.10.08|SANS|[[Firebase: Google Cloud's Evil Twin|https://www.sans.org/reading-room/whitepapers/cloud/firebase-google-clouds-evil-twin-39885]] (Brandon Evans)||
|2020.10.02|SANS|[[Continuously Monitor and Assess Your Security Posture in the AWS Cloud|https://www.sans.org/reading-room/whitepapers/analyst/continuously-monitor-assess-security-posture-aws-cloud-39860]] ()|AWS CSPM|
|2020.09.30|SANS|[[Mitigating Risk with the CSA 12 Critical Risks for Serverless Applications|https://www.sans.org/reading-room/whitepapers/cloud/mitigating-risk-csa-12-critical-risks-serverless-applications-39845]] ()||
|2020.09.30|SANS|[[The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment|https://www.sans.org/reading-room/whitepapers/cloud/poisoned-postman-detecting-manipulation-compliance-features-microsoft-exchange-online-environment-39850]] ()||
|2020.09.25|SANS|[[Compliance Benchmarks using Cloud Custodian|https://www.sans.org/reading-room/whitepapers/cloud/compliance-benchmarks-cloud-custodian-39830]] (Vishnu Varma)|!|
|2020.09.14|SANS|[[2020 SANS Enterprise Cloud Incident Response Survey|https://www.sans.org/reading-room/whitepapers/analyst/2020-enterprise-cloud-incident-response-survey-39805]] (Chris Dale)|!|
|2020.08.31|SANS|[[How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK Matrix|https://www.sans.org/reading-room/whitepapers/analyst/improve-threat-detection-hunting-aws-cloud-mitre-att-ck-matrix-39775]] (Dave Shackleford)|!|
|2020.07.28|SANS|[[How to Protect All Surfaces and Services in the AWS Cloud|https://www.sans.org/reading-room/whitepapers/analyst/protect-surfaces-services-aws-cloud-39705]] (Dave Shackleford)|.|
|2020.07.22|SANS|[[ATT&CK-Based Live Response for GCP CentOS Instances|https://www.sans.org/reading-room/whitepapers/cloud/att-ck-based-live-response-gcp-centos-instances-39690]] (Allen Cox)|.|
|2020.05.18|SANS|[[How to Implement a Software-Defined Network Security Fabric in AWS|https://www.sans.org/reading-room/whitepapers/analyst/implement-software-defined-network-security-fabric-aws-39570]] (Dave Shackleford)|.|
|2020.05.18|SANS|[[Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative?|https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580]] (Dennis Taggart)|.|
|2020.04.15|SANS|[[Top 5 Considerations for Multicloud Security|https://www.sans.org/reading-room/whitepapers/cloud/top-5-considerations-multicloud-security-39505]] (Brandon Evans)|!|
|2020.01.03|SANS|[[Lateral traffic movement in Virtual Private Clouds|https://www.sans.org/reading-room/whitepapers/cloud/lateral-traffic-movement-virtual-private-clouds-39360]] (Andy Huang)|!|
|2019.12.17|SANS|[[How to Leverage a CASB for Your AWS Environment|https://www.sans.org/reading-room/whitepapers/analyst/leverage-casb-aws-environment-39345]] (Kyle Dickinson)|!|
|2019.12.03|SANS|[[How to Build a Threat Hunting Capability in AWS|https://www.sans.org/reading-room/whitepapers/analyst/build-threat-hunting-capability-aws-39300]] (Shaun McCullough)|!|
|2019.11.27|SANS|[[Catch Me If You Can: Detecting Server-Side Request Forgery Attacks on Amazon Web Services|https://www.sans.org/reading-room/whitepapers/cloud/catch-can-detecting-server-side-request-forgery-attacks-amazon-web-services-39290]] (Sean McElroy)|!|
|2019.11.22|SANS|[[Taming the Wild West: Finding Security in Linux|https://www.sans.org/reading-room/whitepapers/analyst/taming-wild-west-finding-security-linux-39270]] (Matt Bromiley)|!|
|2019.11.08|SANS|[[JumpStart Guide to Investigations and Cloud Security Posture Management in AWS|https://www.sans.org/reading-room/whitepapers/analyst/jumpstart-guide-investigations-cloud-security-posture-management-aws-39250]] (Kyle Dickinson)|!|
|2019.10.30|SANS|[[How to Perform a Security Investigation in AWS A SANS Whitepaper|https://www.sans.org/reading-room/whitepapers/analyst/perform-security-investigation-aws-whitepaper-39230]] (Kyle Dickinson)|!|
|2019.10.30|SANS|[[An AWS Network Monitoring Comparison|https://www.sans.org/reading-room/whitepapers/cloud/aws-network-monitoring-comparison-39235]] (Nichole Dugan)|!|
|2019.10.16|SANS|[[How to Secure App Pipelines in AWS|https://www.sans.org/reading-room/whitepapers/analyst/secure-app-pipelines-aws-39205]] (Dave Shackleford)|!|
|2019.09.10|SANS|[[How to Build a Threat Detection Strategy in Amazon Web Services (AWS)|https://www.sans.org/reading-room/whitepapers/analyst/build-threat-detection-strategy-amazon-web-services-aws-39155]] (David Szili)|!|
|2019.08.20|SANS|[[JumpStart Guide for SIEM in AWS|https://www.sans.org/reading-room/whitepapers/analyst/jumpstart-guide-siem-aws-39110]] (J. Michael Butler)|!|
|2019.07.26|SANS|[[How to Protect Enterprise Systems with Cloud-Based Firewalls|https://www.sans.org/reading-room/whitepapers/analyst/protect-enterprise-systems-cloud-based-firewalls-39085]] (Kevin Garvey)|!|
|2019.07.24|SANS|[[JumpStart Guide for Cloud-Based Firewalls in AWS|https://www.sans.org/reading-room/whitepapers/analyst/jumpstart-guide-cloud-based-firewalls-aws-39080]] (Brian Russell)|!|
|2019.07.02|SANS|[[Building Cloud-Based Automated Response Systems|https://www.sans.org/reading-room/whitepapers/cloud/building-cloud-based-automated-response-systems-39050]] (Mishka McCowan)|!|
|2019.06.27|SANS|[[How to Build an Endpoint Security Strategy in AWS|https://www.sans.org/reading-room/whitepapers/analyst/build-endpoint-security-strategy-aws-39040]] (Thomas J. Banasik)|!|
|2019.06.19|SANS|[[JumpStart Guide for Endpoint Security in AWS|https://www.sans.org/reading-room/whitepapers/analyst/jumpstart-guide-endpoint-security-aws-39020]] (David Hazar)|!|
|2019.06.13|SANS|[[How to Build a Data Security Strategy in AWS|https://www.sans.org/reading-room/whitepapers/analyst/build-data-security-strategy-aws-39010]] (Dave Shackleford)|!|
|2019.05.09|SANS|[[How to Protect a Modern Web Application in AWS|https://www.sans.org/reading-room/whitepapers/analyst/protect-modern-web-application-aws-38955]] (Shaun McCullough)|!|
|2019.04.30|SANS|[[SANS 2019 Cloud Security Survey|https://www.sans.org/reading-room/whitepapers/analyst/2019-cloud-security-survey-38940]] (Dave Shackleford)|!|
|2019.04.17|SANS|[[How to Build a Security Visibility Strategy in the Cloud|https://www.sans.org/reading-room/whitepapers/analyst/build-security-visibility-strategy-cloud-38903]] (Dave Shackleford)|!|
|2019.03.27|SANS|[[How to Automate Compliance and Risk Management for Cloud Workloads|https://www.sans.org/reading-room/whitepapers/analyst/automate-compliance-risk-management-cloud-workloads-38885]] (Matt Bromiley)|!|
|2019.02.25|SANS|[[How to Optimize Security Operations in the Cloud Through the Lens of the NIST Framework|https://www.sans.org/reading-room/whitepapers/analyst/optimize-security-operations-cloud-lens-nist-framework-38820]] (John Pescatore)|!|
|2018.12.11|SANS|[[Protecting Data To, From and In the Cloud|https://www.sans.org/reading-room/whitepapers/analyst/protecting-data-to-cloud-38725]] (Dave Shackleford)|!|
|2018.11.05|SANS|[[2018 Secure DevOps: Fact or Fiction?|https://www.sans.org/reading-room/whitepapers/analyst/2018-secure-devops-fact-fiction-38690]] (Jim Bird and Barbara Filkins)|!|
|2018.07.30|SANS|[[How Visibility of the Attack Surface Minimizes Risk|https://www.sans.org/reading-room/whitepapers/analyst/visibility-attack-surface-minimizes-risk-38540]] (Dave Shackleford)|!|
|2018.07.25|SANS|[[A Guide to Managing Cloud Security|https://www.sans.org/reading-room/whitepapers/analyst/guide-managing-cloud-security-38530]] (Dave Shackleford)|!|
|2018.04.02|SANS|[[Securing the Hybrid Cloud: Traditional vs. New Tools and Strategies A SANS Whitepaper|https://www.sans.org/reading-room/whitepapers/analyst/securing-hybrid-cloud-traditional-vs-tools-strategies-whitepaper-38365]] (Dave Shackleford)|!|
|2018.03.26|SANS|[[An Evaluator's Guide to Cloud-Based NGAV: The SANS Guide to Evaluating Next-Generation Antivirus|https://www.sans.org/reading-room/whitepapers/analyst/evaluator's-guide-cloud-based-ngav-guide-evaluating-next-generation-antivirus-38355]] (Barbara Filkins)|!|
|2018.01.22|SANS|[[Building the New Network Security Architecture for the Future|https://www.sans.org/reading-room/whitepapers/analyst/building-network-security-architecture-future-38255]] (Sonny Sarai)|!|
|2018.01.13|SANS|[[Digital Forensic Analysis of Amazon Linux EC2 Instances|https://www.sans.org/reading-room/whitepapers/cloud/digital-forensic-analysis-amazon-linux-ec2-instances-38235]] (Ken Hartman)|!|
|2017.10.31|SANS|[[Cloud Security: Defense in Detail if Not in Depth|https://www.sans.org/reading-room/whitepapers/analyst/cloud-security-defense-detail-in-depth-38120]] (Dave Shackleford)|!|
|2017.09.06|SANS|[[Zero-Touch Detection and Investigation of Cloud Breaches: A Review of Lacework's Cloud Workload Security Platform|https://www.sans.org/reading-room/whitepapers/cloud/technical-approach-securing-saas-cloud-access-security-brokers-37960]] (Luciana Obregon)|!|
|2017.08.14|SANS|[[Packet Capture on AWS|https://www.sans.org/reading-room/whitepapers/cloud/packet-capture-aws-37905]] (Teri Radichel)|!|
|2017.07.20|SANS|[[Automating Cloud Security to Mitigate Risk|https://www.sans.org/reading-room/whitepapers/analyst/automating-cloud-security-mitigate-risk-37880]] (Dave Shackleford)|!|
|2017.06.27|SANS|[[Zero-Touch Detection and Investigation of Cloud Breaches: A Review of Lacework's Cloud Workload Security Platform|https://www.sans.org/reading-room/whitepapers/analyst/zero-touch-detection-investigation-cloud-breaches-review-laceworks-cloud-workload-security-platform-37840]] (Matt Bromiley)|!|
|2017.06.15|SANS|[[Testing Web Apps with Dynamic Scanning in Development and Operations|https://www.sans.org/reading-room/whitepapers/analyst/testing-web-apps-dynamic-scanning-development-operations-37820]] (Barbara Filkins)|!|
|2017.06.07|SANS|[[Security by Design: The Role of Vulnerability Scanning in Web App Security|https://www.sans.org/reading-room/whitepapers/analyst/security-design-role-vulnerability-scanning-web-app-security-37810]] (Barbara Filkins)|!|
|2017.03.20|SANS|[[Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017|https://www.sans.org/reading-room/whitepapers/analyst/cyber-security-trends-aiming-target-increase-security-2017-37702]] (John Pescatore)|!|
|2017.03.13|SANS|[[Cloud Security Monitoring|https://www.sans.org/reading-room/whitepapers/cloud/cloud-security-monitoring-37672]] (Balaji Balakrishnan)|!|
|2016.11.22|SANS|[[Security Assurance of Docker Containers|https://www.sans.org/reading-room/whitepapers/cloud/security-assurance-docker-containers-37432]] (Stefan Winkle)|!|
|2016.10.10|SANS|[[Security and Accountability in the Cloud Data Center: A SANS Survey|https://www.sans.org/reading-room/whitepapers/analyst/security-accountability-cloud-data-center-survey-37327]] (Dave Shackleford)|!|
|2016.08.04|SANS|[[Changing the Perspective of Information Security in the Cloud: Cloud Access Security Brokers and Cloud Identity and Access Management|https://www.sans.org/reading-room/whitepapers/cloud/changing-perspective-information-security-cloud-cloud-access-security-brokers-cloud-identity-access-management-37150]] (Jennifer Johns)|!|
|2016.05.06|SANS|[[Full Packet Capture Infrastructure Based on Docker Containers|https://www.sans.org/reading-room/whitepapers/cloud/full-packet-capture-infrastructure-based-docker-containers-36977]] (Mauricio Espinosa Gomez )|!|
|2016.04.27|SANS|[[Cloud Security Framework Audit Methods |https://www.sans.org/reading-room/whitepapers/cloud/cloud-security-framework-audit-methods-36922]] (Diana Salazar)|!|
|2016.04.21|SANS|[[Incident Response in Amazon EC2: First Responders Guide to Security Incidents in the Cloud|https://www.sans.org/reading-room/whitepapers/cloud/incident-response-amazon-ec2-first-responders-guide-security-incidents-cloud-36902]] (Tom Arnold)|!|
|2016.02.10|SANS|[[Implementing the Critical Security Controls in the Cloud|https://www.sans.org/reading-room/whitepapers/cloud/implementing-critical-security-controls-cloud-36725]] (Jon Mark Allen)|!|
|2015.12.28|SANS|[[Moving Legacy Software and FOSS to the Cloud, Securely|https://www.sans.org/reading-room/whitepapers/cloud/moving-legacy-software-foss-cloud-securely-36567]] (Larry Llewellyn)|!|
|2015.11.10|SANS|[[Cloud Assessment Survival Guide|https://www.sans.org/reading-room/whitepapers/cloud/cloud-assessment-survival-guide-36427]] (Edward Zamora)|!|
|2015.04.01|SANS|[[Proposal for standard Cloud Computing Security SLAs - Key Metrics for Safeguarding Confidential Data in the Cloud|https://www.sans.org/reading-room/whitepapers/cloud/proposal-standard-cloud-computing-security-slas-key-metrics-safeguarding-confidential-data-cloud-35872]] (Michael Hoehl)|!|
|2014.08.11|SANS|[[Its 10PM...Do you know where your cloud is?|https://www.sans.org/reading-room/whitepapers/cloud/10pmdo-cloud-is-35332]] (Robert J. Mavretich)|!|
|2013.09.17|SANS|[[The Security Onion Cloud Client Network Security Monitoring for the Cloud|https://www.sans.org/reading-room/whitepapers/cloud/security-onion-cloud-client-network-security-monitoring-cloud-34335]] (Joshua Brower)|!|
|2013.08.21|SANS|[[Simplifying Cloud Access Without Sacrificing Corporate Control: A Review of McAfees Integrated Web and Identity Solutions|https://www.sans.org/reading-room/whitepapers/analyst/simplifying-cloud-access-sacrificing-corporate-control-review-mcafees-integrated-web-identity-solutions-35005]] (Dave Shackleford)|!|
|2012.11.27|SANS|[[An Introduction To Securing a Cloud Environment|https://www.sans.org/reading-room/whitepapers/cloud/introduction-securing-cloud-environment-34052]] (Todd Steiner)|!|
|2012.04.16|SANS|[[Diskless Cluster Computing: Security Benefit of oneSIS and Git|https://www.sans.org/reading-room/whitepapers/cloud/diskless-cluster-computing-security-benefit-onesis-git-33924]] (Aron Warren)|!|
|2011.10.18|SANS|[[Cloud Computing - Maze in the Haze|https://www.sans.org/reading-room/whitepapers/cloud/cloud-computing-maze-haze-33819]] (Godha Iyengar)|!|
|2011.03.01|SANS|[[Following Incidents into the Cloud|https://www.sans.org/reading-room/whitepapers/cloud/incidents-cloud-33619]] (Jeff Reed)|!|
|2010.08.06|SANS|[[Cloud Security and Compliance: A Primer|https://www.sans.org/reading-room/whitepapers/analyst/cloud-security-compliance-primer-34910]] (Dave Shackleford)|!|
|2010.05.20|SANS|[[A Guide to Virtualization Hardening Guides|https://www.sans.org/reading-room/whitepapers/analyst/guide-virtualization-hardening-guides-34900]] (Dave Shackleford)|!|
!SWIPO
[>img(auto,100px)[iCSF/SWIPO.png]]SWIPO est l'association "Switching Cloud Providers and Porting Data" promue par la Commission Européenne.
Elle a pour mission :
< //To develop voluntary Codes of Conduct for the proper application of the EU Free Flow of Non-Personal Data Regulation / Article 6 "Porting of Data"//
__Liens__
* Site SWIPO ⇒ https://swipo.eu/
* Téléchargements ⇒ https://swipo.eu/download-section/copyrighted-downloads/
|!Date|!Origine|!Titre|
|2020.07|SWIPO|Code of Conduct; Common High Level principles+++^*[»] The Common High level Principles describe the background of the SWIPO initiative and provide more insight on the regulation under which the SWIPO Codes of Conduct have been developed ===|
|2020.07|SWIPO|Code of Conduct; Common Terminology+++^*[»] The Common Terminology document provides an overview with all terms, abbreviations and specific words used in the Codes ===|
|2020.10|SWIPO|IaaS Code of Conduct+++^*[»] The IaaS Code of Conduct describes the Code of Conduct for Infrastructure As A Service for Cloud Providers ===|
|2020.10|SWIPO|IaaS Code of Conduct Transparency Statement+++^*[»] This document provides the IaaS Cloud Provider with a mandatory transparency statement they are to present to their customer(s) ===|
|2020.07|SWIPO|SaaS Code of Conduct+++^*[»] The SaaS Code of Conduct describes the Code of Conduct for Software As A Service Providers. This includes the mandatory transparency statement as well ===|
|2020.11|SWIPO|Complaints and Appeals+++^*[»] If you are unhappy with the way your Cloud Provider is handling your complaint, you can download this document to review how to file a compliant to SWIPO ===|
|2020.09|SWIPO|Adherence Declaration Form+++^*[»] With this form, you can declare any of your services compliant to the SWIPO AISBL developed Codes of Conduct ===|
|2020.07|SWIPO|Common Governance+++^*[»] If you are interested in how SWIPO AISBL operates internally ===|
|2020.07|SWIPO|Common Policies+++^*[»] If you are interested in the Common Policies used within SWIPO ===|
|2020.07|SWIPO|Approaches on Certification Schemes+++^*[»] SWIPO developed a view on Certification Schemes related to the developed Codes of Conduct ===|
<<tiddler .ReplaceTiddlerTitle with: [[Webographie - SWIPO]]>>
<<tabs tBestP 'AWS' '' [[Ref-BestP##AWS]] 'Azure' '' [[Ref-BestP##Azu]] 'GCP' '' [[Ref-BestP##GCP]] 'Kubernetes' '' [[Ref-BestP##K8s]] 'Docker' '' [[Ref-BestP##Dkr]]>>
/%
!AWS
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
|!Date|!Source|!Titres et liens|!Keywords|
||AWS|[[Security Best Practices for Amazon S3|https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html]]||
<<tiddler .ReplaceTiddlerTitle with: [[Bonnes Pratiques - AWS]]>>
!Azu
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
<<tiddler .ReplaceTiddlerTitle with: [[Bonnes Pratiques - Azure]]>>
!GCP
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
<<tiddler .ReplaceTiddlerTitle with: [[Bonnes Pratiques - GCP]]>>
!K8s
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
|!Date|!Source|!Titres et liens|!Keywords|
||CISecurity|[[Hardening|https://www.cisecurity.org/benchmark/kubernetes/]] (version 1.5.0)|Hardening|
<<tiddler .ReplaceTiddlerTitle with: [[Bonnes Pratiques - Kubernetes]]>>
!Dkr
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
|!Date|!Source|!Titres et liens|!Keywords|
|2016.08.19|Docker|[[Introduction to Container Security (pdf)|https://www.docker.com/sites/default/files/WP_IntrotoContainerSecurity_08.19.2016.pdf]]|Container Security|
||Docker|[[Docker development best practices|https://docs.docker.com/develop/dev-best-practices/]]|Best_Practices|
||Docker|[[Protect the Docker daemon socket|https://docs.docker.com/engine/security/https]]|Misc|
||Docker|[[KB000318: How do I enable the remote API for dockerd|https://success.docker.com/article/how-do-i-enable-the-remote-api-for-dockerd]]|Misc|
||CISecurity|[[Hardening|https://www.cisecurity.org/benchmark/docker/]]|Hardening|
<<tiddler .ReplaceTiddlerTitle with: [[Bonnes Pratiques - Docker]]>>
!Otr
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
|!Date|!Source|!Titres et liens|!Keywords|
|2018.11.17|NCSC UK|[[Cloud security guidance|https://www.ncsc.gov.uk/collection/cloud-security]]|Guidance|
<<tiddler .ReplaceTiddlerTitle with: [[Autres Ressources]]>>
!end
%/
<<tiddler .ReplaceTiddlerTitle with: [[Bonnes Pratiques - Divers]]>>
<<tabs tRess 'AWS' '' [[Ref-Ressources##AWS]] 'Azure' '' [[Ref-Ressources##Azu]] 'GCP' '' [[Ref-Ressources##GCP]] 'Kubernetes' '' [[Ref-Ressources##K8s]] 'Docker' '' [[Ref-BestP##Dkr]]>>
/%
!AWS
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
<<tiddler .ReplaceTiddlerTitle with: [[Ressources sur AWS]]>>
!Azu
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
Azure Security Center
|2020.08.25|//Microsoft Azure//|[[Become an Azure Security Center Ninja|https://techcommunity.microsoft.com/t5/azure-security-center/become-an-azure-security-center-ninja/ba-p/1608761]]|Azure Security Center|
<<tiddler .ReplaceTiddlerTitle with: [[Ressources sur Azure]]>>
!GCP
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
<<tiddler .ReplaceTiddlerTitle with: [[Ressources sur GCP]]>>
!K8s
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
|[[Overview of Cloud Native Security|https://kubernetes.io/docs/concepts/security/overview/]]|[[Kubernetes|https://kubernetes.io/]]|Defines a model for thinking about Kubernetes security in the context of Cloud Native security|
|[[Awesome K8s Security|https://github.com/magnologan/awesome-k8s-security]]|[[Magno Logan|https://github.com/magnologan/]]|Curated list for Awesome Kubernetes Security resources|
<<tiddler .ReplaceTiddlerTitle with: [[Ressources sur Kubernetes]]>>
!Dkr
|>|>|>| [img(100px,auto)[iCSF/Work.gif]] |
<<tiddler .ReplaceTiddlerTitle with: [[Ressources sur Docker]]>>
!end
%/
<<tiddler .ReplaceTiddlerTitle with: [[Diverses Ressources]]>>
Vous trouverez ci-dessous :
* des ''sources ouvertes et PRIMAIRES ''ou'' de grande QUALITÉ'' d'informations, les plus intéressantes (presse, personnalités, associations...)
* d'autres sources ''NON'' primaires, qui ne font le plus souvent que reprendre //avec plus ou moins de vérifications// ce qui a déà été écrit ailleurs, //avec plus ou moins de retard//, et parfois, tout simplement du copier/coller (avec conservation ds erreurs, des fautes d'orthographes ou de grammaire, et sans mise à jour lorsque le retard est tel que les informations sont devenues obsoletes...)
* des sources ''primaires et pertinentes'' ayant pour origine des ''entreprises commerciales''
* des podcasts
* des livres (en anglais)
<<tabs tSources 'Sources PRIMAIRES' '' [[Ref-PrimairesQuali]] 'Autres sources NON primaires' '' [[Ref-NON-Primaires]] 'Sociétés' '' [[Ref-Sociétés]] 'Podcasts' '' [[Ref-Podcasts]] 'Livres' '' [[Ref-Livres]]>>
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] |>|>| !
Article en cours de rédaction |
|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur crédibilité, lecture, téléchargement ou ré-utilisation.@@|
|>|>|>|!Les sites de synthèse (consultation quotidienne ou presque) |
|!Bleeping Computer|[[Site|https://bleepingcomputer.com]]||''Très bonnes synthèses'' avec des ''mises à jour pertinentes et rapides'' en cas d'événement majeur|
|!Dark Reading Cloud|[[Site|https://www.darkreading.com/cloud-security.asp]]|[[rss|https://www.darkreading.com/rss_simple.asp?f_n=647&f_ln=Cloud]]|Bonnes synthèses|
|>|>|>|!Les sites de synthèses (consultation hebdomadaire) |
|!TL;DR Security^^(Clint Gibler)^^ |[[blog|https://tldrsec.com/blog/]]|[[rss|https://tldrsec.com/feed.xml]]|Excellente synthèse hebdomadaire : articles, outils réflexions ~~di 17h~~|
|!The Cloud Security Reading List^^(Marco Lancini)^^ |[[blog|https://cloudseclist.com/issues/]] [[archives|https://cloudseclist.com/past-issues/]]|[[rss|https://cloudseclist.com/feed.xml]]|Excellente synthèse hebdomadaire : articles, outils réflexions ~~ma 17h~~|
|>|>|>|!Associations et groupes de travail|
|SANS Reading Room|Documents de recherche appliquée|https://www.sans.org/reading-room/whitepapers/cloud/ |
|>|>|>|!Experts sur LinkedIN|
|!Christophe Parisel|[[articles|https://www.linkedin.com/in/parisel/detail/recent-activity/shares/]]|mensuel : un article pertinent|
|!David das Naves|[[articles|https://www.linkedin.com/in/daviddasneves/detail/recent-activity/shares/]]|quotidien : reprise d'articles pertinents|
|!Arnaud Alcabez|[[articles|https://www.linkedin.com/in/alcabez/detail/recent-activity/shares/]]|quotidien : commentaires ou reprise d'articles|
/%
|>|>|>|!Presse|
|Titre|Site Web|Flux RSS|
|>|>|>|//à compléter//...|
%/
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] |>|>| !
Article en cours de rédaction |
|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur crédibilité, lecture, téléchargement ou ré-utilisation.@@|
|>|>|>|!Les autres sites en français |
|Silicon.fr[img[iCSF/flag_fr.png]]|[[Site|https://silicon.fr]]|
|>|>|>|!Les autres sites en anglais |
|CBR Online|[[Site|https://cbronline.com]]|des synthèses avec plusieurs jours de retard|
|CXO Today|[[Site|https://www.cxotoday.com/]]|Reprises de nouvelles avec plusieurs jours de retard|
|DZone|[[Site|https://dzone.com/]]|parfois quelques articles originaux, mais la plupart du temps de la simple reprise, sans indication de l'origine réelle de l'article, avec plusieurs mois de retard.|
|ZDnet|[[Site|https://zdnet.com/]]|des reprises d'informations, des synthèses, parfois des articles originaux avec quelques pépites|
<<tiddler [[arOund0C]]>>
|ssTabl99|k
|>|>| ![<img(auto,50px)[iCSF/Work.gif]] Article en cours de rédaction [>img(auto,50px)[iCSF/Work.gif]] |
|>|>||
|>|>| !Livres en téléchargement gratuit sur des sites __non suspects__ |
|>|>|2020|
|''Container Security - Fundamental Technology Concepts that Protect Containerized Applications''
par Liz Rice
via Aqua Security
version [[PDF|https://cdn2.hubspot.net/hubfs/1665891/Assets/Container%20Security%20by%20Liz%20Rice%20-%20OReilly%20Apr%202020.pdf]] |''Building Secure & Reliable Systems - Best Practices for Designing, Implementing and Maintaining Systems''
par Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea & Adam Stubblefield
via Google Cloud
version [[PDF|https://static.googleusercontent.com/media/landing.google.com/en//sre/static/pdf/SRS.pdf]]||
|[<img[iCSF/Livre1.jpg]]''CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security''
par Raj Samani, Brian Honan, et Jim Reavis|[<img[iCSF/Livre2.jpg]]''Enterprise Cloud Security and Governance: Efficiently Set Data Protection and Privacy Principles''
par Zeal Vora |[<img[iCSF/Livre3.jpg]]''Mastering AWS Security''
par Albert Anthony |
|[<img[iCSF/Livre4.jpg]]''Microsoft Azure Security Center''
par Yuri Diogenes et Tom Shinder |[<img[iCSF/Livre5.jpg]]''Microsoft Azure Security Infrastructure''
par Yuri Diogenes, Debra Shinder, et Tom Shinder |[<img[iCSF/Livre6.jpg]]''Practical Cloud Security: A Guide for Secure Design and Deployment''
par Chris Dotson |
|>|>|2019|
|''Kubernetes Up & Running - Dive into the Future of Infrastructure''
par Brendan Burns, Joe Beda; Kelsey Hightower
via Microsoft Azure
version [[PDF|https://azure.microsoft.com/en-us/resources/kubernetes-up-and-running/]]|[<img(100px,auto)[iCSF/LivreJ2.jpg]]''Security, Privacy, and Digital Forensics in the Cloud''
par Lei Chen, Hassan Takabi, Nhien-An Le-Khac
[[lien|https://www.oreilly.com/library/view/security-privacy-and/9781119053286/]]||
!!Extrait de l'article "[[The Essential Cloud Security Books for Cybersecurity Professionals|https://solutionsreview.com/cloud-platforms/the-essential-cloud-security-books-for-cybersecurity-professionals/]] (Solutions Review, 31 août 2020) :
<<<
* "CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security" (Raj Samani, Brian Honan, Jim Reavis)
** //"CSA Guide to Cloud Computing brings you the most current and comprehensive understanding of cloud security issues and deployment techniques from industry thought leaders at the Cloud Security Alliance. For years the CSA has been at the forefront of research and analysis into the most pressing security and privacy related issues associated with cloud computing. CSA Guide to Cloud Computing provides you with a one-stop source for industry-leading content, as well as a roadmap into the future considerations that the cloud presents."//
* "Cloud Computing Security: Foundations and Challenges" (John R. Vacca)
** //"This book offers an overview of cloud security technology and implementation, while exploring practical solutions to a wide range of cloud computing security issues. With more organizations using cloud computing and cloud providers for data operations, proper security in these and other potentially vulnerable areas have become a priority for organizations of all sizes across the globe. Research efforts from both academia and industry in all security aspects related to cloud computing are gathered within one reference guide."//
* "Cybersecurity for Executives in the Age of Cloud" (Teri Radichel)
** //"With the rising cost of data breaches, executives need to understand the basics of cybersecurity so they can make strategic decisions that keep companies out of headlines and legal battles. Although top executives do not make the day-to-day technical decisions related to cybersecurity, they can direct the company from the top down to have a security mindset. As this book explains, executives can build systems and processes that track gaps and security problems while still allowing for innovation and achievement of business objectives."//
* "Cyber-Vigilance and Digital Trust: Cyber Security in the Era of Cloud Computing and IoT" (Wiem Tounsi)
** //"In today's landscape, organizations need to acquire and develop effective security tools and mechanisms - not only to keep up with cyber criminals, but also to stay one step ahead. Cyber-Vigilance and Digital Trust develops cyber security disciplines that serve this double objective, dealing with cyber security threats in a unique way. Specifically, the book reviews recent advances in cyber threat intelligence, trust management and risk analysis, and gives a formal and technical approach based on a data tainting mechanism to avoid data leakage in Android systems."//
* "Enterprise Cloud Security and Governance: Efficiently Set Data Protection and Privacy Principles" (Zeal Vora)
** //"Automating security tasks, such as Server Hardening with Ansible, and other automation services, such as Monit, will monitor other security daemons and take the necessary action in case these security daemons are stopped maliciously. In short, this book has everything you need to secure your Cloud environment with. It is your ticket to obtain industry-adopted best practices for developing a secure, highly available, and fault-tolerant architecture for organizations."//
* "Mastering AWS Security" (Albert Anthony)
** //"This book is for all IT professionals, system administrators and security analysts, solution architects and Chief Information Security Officers who are responsible for securing workloads in AWS for their organizations. Master AWS Security is helpful for all Solutions Architects who want to design and implement secure architecture on AWS by the following security by design principle, and is beneficial for personnel in Auditors and Project Management roles who want to understand how they can audit AWS workloads and manage security in AWS."//
* "Microsoft Azure Security Center" (Yuri Diogenes, Tom Shinder)
** //"You'll walk through securing any Azure workload, and optimizing key facets of modern security, from policies and identity to incident response and risk management. Brand-new coverage includes single-click remediation, IoT, improved container security, Azure Sentinel, and more. Whatever your security role, you'll learn how to save hours, days, or even weeks by solving problems in the most efficient and reliable ways possible."//
* "Microsoft Azure Security Infrastructure" " (Yuri Diogenes, Debra Shinder, Tom Shinder)
** //"You'll learn how to prepare infrastructure with Microsoft's integrated tools, prebuilt templates, and managed services–and use these to help safely build and manage any enterprise, mobile, web, or Internet of Things (IoT) system. The authors guide you through enforcing, managing, and verifying robust security at physical, network, host, application, and data layers."//
* "Practical Cloud Security: A Guide for Secure Design and Deployment" (Chris Dotson)
** //"Developers, IT architects, and security professionals will learn cloud-specific techniques for securing popular cloud platforms such as Amazon Web Services, Microsoft Azure, and IBM Cloud. Chris Dotson - an IBM senior technical staff member - shows you how to establish data asset management, identity and access management, vulnerability management, network security, and incident response in your cloud environment."//
* "Secure Cloud Transformation: The CIO'S Journey" (Richard Stiennon)
** //"All organizations are embarking on a journey to the cloud. Their users are online and taking advantage of productivity tools like SalesForce. Enterprises are in the midst of transitioning to Office 365 for email and Office tools. This book maps the journey of 16 leading enterprises around the world including Fannie Mae, Siemens, Google, Microsoft, and Amazon itself. It provides practical guidance for any CXO no matter what stage they are on of their journey."//
* "Security, Privacy, and Digital Forensics in the Cloud" (Lei Chen, Hassan Tabaki, Nhien-An Le-Khac)
** //"With the continuous growth of cloud computing and related services, security and privacy has become a critical issue. Written by some of the top experts in the field, this book specifically discusses security and privacy of the cloud, as well as the digital forensics of cloud data, applications, and services. The first half of the book enables readers to have a comprehensive understanding and background of cloud security, which will help them through the digital investigation guidance and recommendations found in the second half of the book."//
<<<
!!Extrait de l'article "[[The Essential Microsoft Azure Books for Cloud Professionals|https://solutionsreview.com/cloud-platforms/the-essential-microsoft-azure-books-for-cloud-professionals/]] (Solutions Review, 8 septembre 2020) :
<<<
* "Azure: Build, manage, and scale cloud applications using the Azure Infrastructure" (Mikey Lindsey)
** "//Microsoft Azure is a cloud computing platform that provides a wide variety of services that we can use without purchasing and arranging our hardware. It enables the fast development of solutions and provides the resources to complete tasks that may not be achievable in an on-premises environment. Azure Services like compute, storage, network, and application services allow us to put our effort into building great solutions without worrying about the assembly of physical infrastructure.//"
* Hands-On Cloud Administration in Azure: Implement, monitor, and manage important Azure services and components including IaaS and PaaS" (Mustafa Toroman)
** "//Azure continues to dominate the public cloud market and grow rapidly thanks to a number of recent innovations. […] Hands-On Cloud Administration in Azure starts with the basics of Azure cloud fundamentals and key concepts of the cloud computing ecosystem and services. Then, you will gradually get acquainted with core services provided by Azure, including Azure VNet, types and assignments of IP addresses, and network security groups.//"
* Mastering Azure Analytics: Architecting in the Cloud with Azure Data Lake, HDInsight, and Spark" (Zoiner Tejada)
** "//Microsoft Azure has over 20 platform-as-a-service (PaaS) offerings that can act in support of a big data analytics solution. So which one is right for your project? This practical book helps you understand the breadth of Azure services by organizing them into a reference framework you can use when crafting your own big data analytics solution. You'll not only be able to determine which service best fits the job, but also learn how to implement a complete solution that scales, provides human fault tolerance, and supports future needs.//"
* Mastering Azure Security: Safeguard your Azure workload with innovative cloud security measures" (Mustafa Toroman and Tom Janetscheck)
** "//Security is always integrated into cloud platforms, causing users to let their guard down as they take cloud security for granted.Cloud computing brings new security challenges, but you can overcome these with Microsoft Azure's shared responsibility model. Mastering Azure Security covers the latest security features provided by Microsoft to identify different threats and protect your Azure cloud using innovative techniques.//"
* Microsoft Azure Infrastructure Services for Architects: Designing Cloud Solutions" (John Savill)
** "//With Microsoft Azure challenging Amazon Web Services (AWS) for market share, there has been no better time for IT professionals to broaden and expand their knowledge of Microsoft's flagship virtualization and cloud computing service. Microsoft Azure Infrastructure Services for Architects: Designing Cloud Solutions helps readers develop the skills required to understand the capabilities of Microsoft Azure for Infrastructure Services and implement a public cloud to achieve full virtualization of data, both on and off premise.//"
* Microsoft Azure Security Center (2nd Edition)" (Yuri Diogenes and Tom Shinder)
** "//Reflecting updates through mid-2019, this book presents comprehensive Azure Security Center techniques for safeguarding cloud and hybrid environments. Leading Microsoft security and cloud experts Yuri Diogenes and Dr. Thomas Shinder help you apply Azure Security Center's robust protection, detection, and response capabilities in key operational scenarios.//"
* The Modern Data Warehouse in Azure: Building with Speed and Agility on Microsoft's Cloud Platform" (Matt How)
** "//Build a modern data warehouse on Microsoft's Azure Platform that is flexible, adaptable, and fast […] gone are the days when data warehousing projects were lumbering dinosaur-style projects that took forever, drained budgets, and produced business intelligence (BI) just in time to tell you what to do 10 years ago. This book will show you how to assemble a data warehouse solution like a jigsaw puzzle by connecting specific Azure technologies that address your own needs and bring value to your business.//"
* Practical Automated Machine Learning on Azure: Using Azure Machine Learning to Quickly Build AI Solutions" (Deepak Mukunthu, Parashar Shah, and Wee Hyong Tok)
** "//Develop smart applications without spending days and weeks building machine-learning models. With this practical book, you'll learn how to apply Automated Machine Learning, a process that uses machine learning to help people build machine learning models. Deepak Mukunthu, Parashar Shah, and Wee Hyong Tok provide a mix of technical depth, hands-on examples, and case studies that show how customers are solving real-world problems with this technology."
|ssTabl99|k
|>|>| ![<img(auto,50px)[iCSF/Work.gif]] Article en cours de rédaction [>img(auto,50px)[iCSF/Work.gif]] |
!!ADMIN Network & Security
* [[2020|https://www.admin-magazine.com/Archive/2020]]
** Numéro 56
*** [[Secure access to Kubernetes - Avoiding Pitfalls|https://www.admin-magazine.com/Archive/2020/56/Secure-access-to-Kubernetes]]
*** [[Export and analyze Azure AD sign-in and audit logs - Export Trade|https://www.admin-magazine.com/Archive/2020/56/Export-and-analyze-Azure-AD-sign-in-and-audit-logs]]
** Numéro 55
*** [[Prowling AWS - Snooping Around|https://www.admin-magazine.com/Archive/2020/55/Prowling-AWS]]
* [[2019|https://www.admin-magazine.com/Archive/2019]]
** Numéro 53
*** [[Protect Azure resources with Network Security Groups - Cloud Police|https://www.admin-magazine.com/Archive/2019/53/Protect-Azure-resources-with-Network-Security-Groups]], [[2|https://www.admin-magazine.com/Archive/2019/53/Protect-Azure-resources-with-Network-Security-Groups/(offset)/3]], [[3|https://www.admin-magazine.com/Archive/2019/53/Protect-Azure-resources-with-Network-Security-Groups/(offset)/6]]
*** [[Google Cloud Storage for backups - King of the Hill Challenge|https://www.admin-magazine.com/Archive/2019/53/Google-Cloud-Storage-for-backups]], [[2|https://www.admin-magazine.com/Archive/2019/53/Google-Cloud-Storage-for-backups/(offset)/3]], [[3|https://www.admin-magazine.com/Archive/2019/53/Google-Cloud-Storage-for-backups/(offset)/6]]
*** [[Domain name resolution with DNS over HTTPS - Secure Paths|https://www.admin-magazine.com/Archive/2019/53/Domain-name-resolution-with-DNS-over-HTTPS]]
** Numéro 52
*** [[Docker image security analysis - Pedigree|https://www.admin-magazine.com/Archive/2019/52/Docker-image-security-analysis]], [[2|https://www.admin-magazine.com/Archive/2019/52/Docker-image-security-analysis/(offset)/3]], [[3|https://www.admin-magazine.com/Archive/2019/52/Docker-image-security-analysis/(offset)/6]], [[4|https://www.admin-magazine.com/Archive/2019/52/Docker-image-security-analysis/(offset)/9]]
|ssTabl99|k
| [img(auto,50px)[iCSF/Work.gif]] | !
Article en cours de rédaction | [img(auto,50px)[iCSF/Work.gif]] |
|>|>|!France|
|Titre|Site Web|Flux RSS|
|//Intezer//|[[Blog|https://www.intezer.com/blog/]]|[[RSS|https://www.intezer.com/feed/]]|
|//Nuageo//|[[Blog|https://www.nuageo.fr/conseil/blog-cloud-computing/]]|[[RSS|https://www.nuageo.fr/feed/]]|
__Quelques podcasts à suivre :__
|Amazon|[[AWS Podcast|https://aws.amazon.com/podcasts/aws-podcast/]]|[[Flux RSS|https://d3gih7jbfe3jlq.cloudfront.net/aws-podcast.rss]]|
|Kaizenteq|[[Cloud Security Podcast|https://www.cloudsecuritypodcast.tv/]]|[[Flux RSS|https://anchor.fm/s/10fb9928/podcast/rss]]|
|Google|[[Google Cloud Platform Podcast|https://www.gcppodcast.com/]]|[[Flux RSS|https://feeds.feedburner.com/GcpPodcast]]|
|Google|[[Kubernetes Podcast from Google|https://kubernetespodcast.com/]]|[[Flux RSS|https://kubernetespodcast.com/feeds/audio.xml]]|
|Microsoft|[[Microsoft Cloud Show|http://feeds.microsoftcloudshow.com/microsoftcloudshowepisodes]]|[[Flux RSS|http://feeds.microsoftcloudshow.com/microsoftcloudshowepisodes]]|
|!Silver Lining|[[The podcast for Security Architecture, hosted by Moshe Ferber and Ariel Munafo|https://silverlining-il.castos.com/]]|[[Flux RSS|https://silverlining.media/feed/podcast]]|
|SoundCloud|[[The Doppler Cloud Podcast|https://soundcloud.com/cloudtp]]|[[Flux RSS|https://www.cloudtp.com/feed/]]|
__Quelques articles présentant des podcasts à suivre :__
|2020.02.13|Solutions Review|[[The 7 Best Cloud Security Podcasts You Should Listen To|https://solutionsreview.com/cloud-platforms/the-7-best-cloud-security-podcasts-you-should-listen-to/]]|Podcasts|
|2020.02.04|//ThreatStack//|[[25 Best Cloud Security Podcasts to Visit in 2020|https://www.threatstack.com/blog/25-best-cloud-security-podcasts-to-visit-in-2020]]|Podcasts|
|2018.09.17|//ThreatStack//|[[50 Best Cloud Security Podcasts|https://www.threatstack.com/blog/50-best-cloud-security-podcasts]]|Podcasts|
!!Autres Podcasts orientés "Cloud"
* [[Brakeing Down Security|http://www.brakeingsecurity.com/]] • [[BriefingsDirect|http://www.briefingsdirect.com]] •
* [[Cloud Engineering|https://softwareengineeringdaily.com/category/cloud-engineering/]] • [[Cloud Unfiltered|https://www.cisco.com/c/en/us/solutions/cloud/podcasts.html]] • [[CloudSkills.fm|https://cloudskills.fm/]] • [[Crypto-Gram Security|http://crypto-gram.libsyn.com/]] • [[Cyber Security Interviews|https://cybersecurityinterviews.com/]] • [[CyberWire|https://www.thecyberwire.com/podcasts/]] •
* [[Data Breach Today|https://www.databreachtoday.com/interviews]] • [[Day Two Cloud|https://packetpushers.net/series/day2cloud/]] • [[Defensive Security Podcast|http://defensivesecurity.org/]] • [[Deloitte On Cloud|https://www2.deloitte.com/us/en/pages/consulting/topics/cloud-podcast.html]] • [[DevelopSec|https://www.developsec.com/podcast/]] • [[Down the Security Rabbithole|http://podcast.wh1t3rabbit.net/]] •
* [[Enterprise Security Weekly|https://securityweekly.com/category-shows/enterprise-security-weekly/]] •
* [[Go Time|https://changelog.com/gotime]] • [[Google Cloud Platform Podcast|https://www.gcppodcast.com]] •
* [[Internet Storm Center|https://iscsansedu/]] •
* [[Packet Pushers|http://packetpushers.net/]] • [[Purple Squad Security|https://purplesquadseccom/]] •
* [[Risky Business|https://risky.biz/netcasts/risky-business/]] • [[RunAs Radio|http://runasradio.com]] •
* [[Screaming in the Cloud|https://www.stitcher.com/podcast/corey-quinn/screaming-in-the-cloud]] • [[Security in Five Podcast|https://securityinfive.libsyn.com/]] • [[Security Intelligence Podcast|https://securityintelligencecom/media/]] • [[Security Ledger|https://securityledger.com/category/podcasts/]] • [[Shared Security|https://sharedsecurity.net/]] • [[Smashing Security|https://www.smashingsecurity.com/]] • [[SurfWatch Labs|https://www.surfwatchlabs.com/podcasts]] •
* [[The Cloud Pod|https://www.thecloudpod.net/]] • [[The Cloudcast|https://www.thecloudcast.net/]] • [[The GDPR Guy|http://thegdprguy.com]] • [[Threatpost|https://threatpost.com/category/podcasts/]] •
* [[Venturi's Voice|https://www.venturi-group.com/podcast/]] • [[VMware Communities Roundtable|https://www.talkshoe.com/show/vmware-communities-roundtable]] •
__Quelques chaines You Tube à suivre :__
|Cloud Security Alliance|[[CSA|https://www.youtube.com/user/cloudsecalliance]]|.|
|SANS Institute|[[SANS|https://www.youtube.com/channel/UC2uPNhGken-ogEpJDi4ly6w]]|.|
* [[Certified Kubernetes Security Specialist Study Guide|https://github.com/stackrox/Kubernetes_Security_Specialist_Study_Guide]]
* [[Kubernetes Failure Stories|https://k8s.af/]] : //A compiled list of links to public failure stories related to Kubernetes. Most recent publications on top.//
* [[Kubernetes Failure Stories|https://srcco.de/posts/kubernetes-failure-stories.html]] : (2019.01.20)
* [[Kubernetes Failure Stories|https://github.com/hjacobs/kubernetes-failure-stories]] : sur GitHub
[img(50%,1px)[iCSF/BluePixel.gif]]
<<tabs tRefRP 'Amazon AWS' '' [[Ref-Presta-AWS]] 'Microsoft Azure' '' [[Ref-Presta-Azure]] 'Google GCP' '' [[Ref-Presta-GCP]]>>[img(50%,1px)[iCSF/BluePixel.gif]]
<<tabs tRefAWS 'Documents AWS' '' [[Ref-Presta-AWS-Docs]] 'Services AWS' '' [[Ref-Presta-AWS-Services]]>>[img(50%,1px)[iCSF/BluePixel.gif]]
|>|>|>| ![<img(auto,50px)[iCSF/Work.gif]][>img(auto,50px)[iCSF/AWS.png]]
Article en cours de rédaction |
||//AWS//|Portail [[AWS Security Documentation|https://docs.aws.amazon.com/security/]]|Documentation|
||//AWS//|Portail [[AWS Security Hub|https://aws.amazon.com/security-hub/]]|Security_Hub|
||//AWS//|[[Shared Responsibility Model|https://aws.amazon.com/compliance/shared-responsibility-model/]]|Shared_Responsibility|
||//AWS//|[[AWS security audit guidelines|https://docs.aws.amazon.com/general/latest/gr/aws-security-audit-guide.html]] ([[pdf|https://docs.aws.amazon.com/general/latest/gr/aws-general.pdf]])|Audit|
||//AWS//|[[Bucket Policy Examples|https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html]]|Bucket_Policy|
||//AWS//|[[Security Overview of AWS Lambda|https://d1.awsstatic.com/whitepapers/Overview-AWS-Lambda-Security.pdf]]|AWS_Lambda|
|2020.08.27|//AWS//|[[AWS Well-Architected Framework Security Design Principles|https://wa.aws.amazon.com/wat.pillar.security.en.html]]|Framework|
|2020.06.18|//AWS//|[[AWS Security Incident Response Guide (pdf)|https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf]]|Incident_Response|
|2020.03.20|//AWS//|[[Top 10 security items to improve in your AWS account|https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/]]|AWS Best_Practices|
|2020.01.15|//AWS//|[[Architecting for HIPAA Security and Compliance on Amazon Web Services|https://d1.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf]]|Compliance HIPAA|
|2019.11.19|//AWS//|[[Enabling a Threat Hunting Capability in AWS|https://pages.awscloud.com/rs/112-TZM-766/images/How-to-Build-a-Threat-Hunting-Capability-in-AWS_Whitepaper.pdf]]|Threat_Hunting|
|2019.06.29|//AWS//|[[Introducing the AWS Security Incident Response Whitepaper|https://aws.amazon.com/blogs/security/introducing-the-aws-security-incident-response-whitepaper/]]|Incident_Response|
|2019.06.24|//AWS//|[[AWS Security Hub Now Generally Available|https://aws.amazon.com/blogs/aws/aws-security-hub-now-generally-available/]]|SecurityHub|
|2019.06.19|//AWS//|[[Vulnerability and Penetration Testing|https://aws.amazon.com/security/penetration-testing/]]|PenTesting|
|2019.05.17|//AWS//|[[How can I secure the files in my Amazon S3 bucket?|https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/]]|Buckets|
|2019.05.14|//AWS//|[[AWS Security Incident Response Guide (pdf)|https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf]]+++*[»]> //Fundamentals of responding to security incidents within the AWS Cloud environment.//=== |Incident_Response Best_Practices|
|2019.05|//AWS//|[[Architecting for PCI DSS Scoping and Segmentation on AWS (pdf)|https://d1.awsstatic.com/whitepapers/pci-dss-scoping-on-aws.pdf]]|PCI_DSS|
|2019.04|//AWS//|[[Securing Internet of Things (IoT) with AWS (pdf)|https://d1.awsstatic.com/whitepapers/Security/Securing_IoT_with_AWS.pdf]]|IOT|
|2019.03|//AWS//|[[AWS Operational Resilience (pdf)|https://d1.awsstatic.com/whitepapers/compliance/AWS_Operational_Resilience.pdf]]|Resilience|
|2019.01.31|//AWS//|[[NIST Cybersecurity Framework (CSF) - Aligning to the NIST CSF in the AWS Cloud (pdf)|https://d1.awsstatic.com/whitepapers/compliance/NIST_Cybersecurity_Framework_CSF.pdf]]|NIST CyberSecurity_Framework Compliance|
|2018.12.20|//AWS//|[[AWS Security Checklist (pdf)|https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Checklist.pdf]]|Best_Practices|
|2018.12|//AWS//|[[AWS Best Practices for DDoS Resiliency (pdf)|https://d1.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf]]|
|2018.11|//AWS//|[[AWS Governance at Scale (pdf)|https://d1.awsstatic.com/whitepapers/Security/AWS_Governance_at_Scale.pdf]]|
|2018.07|//AWS//|[[AWS Well-Architected Framework - Security Pillar (pdf)|https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf]]|
|2017.11.06|//AWS//|[[New Amazon S3 Encryption & Security Features|https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/]]|
|2017.08.17|//AWS//|[[Building a Cloud-Specific Incident Response Plan|https://aws.amazon.com/blogs/publicsector/building-a-cloud-specific-incident-response-plan/]]|Incident_Response|
|2017.05|//AWS//|[[CSA Consensus Assessments Initiative Questionnaire (pdf)|https://d1.awsstatic.com/whitepapers/compliance/CSA_Consensus_Assessments_Initiative_Questionnaire.pdf]]|
|2017.05|//AWS//|[[AWS Risk & Compliance (pdf)|https://d1.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf]]|
|2017.05|//AWS//|[[AWS: Overview of Security Processes (pdf)|https://d1.awsstatic.com/whitepapers/aws-security-whitepaper.pdf]]|
|2017.04|//AWS//|[[AWS Key Management Service Best Practices (pdf)|https://d1.awsstatic.com/whitepapers/aws-kms-best-practices.pdf]]|
|2017.03|//AWS//|[[AWS Certifications, Programs, Reports, and Third-Party Attestations (pdf)|https://d1.awsstatic.com/whitepapers/compliance/AWS_Certifications_Programs_Reports_Third-Party_Attestations.pdf]]|
|2017.01|//AWS//|[[AWS Risk and Compliance Overview (pdf)|https://d1.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Overview.pdf]]|
|2017.01|//AWS//|[[AWS Answers to Key Compliance Questions (pdf)|https://d1.awsstatic.com/whitepapers/compliance/AWS_Auditing_Security_Checklist.pdf]]|
|2016.11|//AWS//|[[Secure Content Delivery with CloudFront (pdf)|https://d1.awsstatic.com/whitepapers/Security/Secure_content_delivery_with_CloudFront_whitepaper.pdf]]|
|2016.08.31|//AWS//|[[AWS Security Best Practices (pdf)|https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf]]+++*[»]> //This whitepaper provides security best practices that will help you define your Information Security Management System (ISMS) and build a set of security policies and processes for your organization so you can protect your data and assets in the AWS Cloud. It also provides an overview of different security topics such as identifying, categorizing and protecting your assets on AWS, managing access to AWS resources using accounts, users and groups and suggesting ways you can secure your data, your operating systems and applications and overall infrastructure in the cloud.//=== |
|2016.08|//AWS//|[[AWS Security Best Practices (pdf)|https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf]]|
|2016.08|//AWS//|[[Overview of AWS Security - Network Services (pdf)|https://d1.awsstatic.com/whitepapers/Security/Networking_Security_Whitepaper.pdf]]|
|2016.07|//AWS//|[[Introduction to AWS Security (pdf)|https://d1.awsstatic.com/whitepapers/Security/Intro_to_AWS_Security.pdf]]|
|2016.06|//AWS//|[[Overview of AWS Security - Analytics, Mobile, and Application Services (pdf)|https://d1.awsstatic.com/whitepapers/Security/Security_Analytics_Mobile_Services_Applications_Whitepaper.pdf]]|
|2016.06|//AWS//|[[Overview of AWS Security - Application Services (pdf)|https://d1.awsstatic.com/whitepapers/Security/Security_Application_Services_Whitepaper.pdf]]|
|2016.06|//AWS//|[[Overview of AWS Security - Compute Services (pdf)|https://d1.awsstatic.com/whitepapers/Security/Security_Compute_Services_Whitepaper.pdf]]|
|2016.06|//AWS//|[[Overview of AWS Security - Database Services (pdf)|https://d1.awsstatic.com/whitepapers/Security/Security_Database_Services_Whitepaper.pdf]]|
|2016.06|//AWS//|[[Introduction to AWS Security Processes (pdf)|https://d1.awsstatic.com/whitepapers/Security/Intro_Security_Practices.pdf]]|
|2016.06|//AWS//|[[Overview of AWS Security - Storage Services (pdf)|https://d1.awsstatic.com/whitepapers/Security/Security_Storage_Services_Whitepaper.pdf]]|
|2015.10|//AWS//|[[Introduction to Auditing the Use of AWS (pdf)|https://d1.awsstatic.com/whitepapers/compliance/AWS_Auditing_Security_Checklist.pdf]]|
|2015.10|//AWS//|[[Security at Scale: Governance in AWS (pdf)|https://d1.awsstatic.com/whitepapers/compliance/AWS_Security_at_Scale_Governance_in_AWS_Whitepaper.pdf]]|
|2015.10|//AWS//|[[Security at Scale: Logging in AWS (pdf)|https://d1.awsstatic.com/whitepapers/compliance/AWS_Security_at_Scale_Logging_in_AWS_Whitepaper.pdf]]|
|2015.08|//AWS//|[[Automating Governance on AWS (pdf)|https://d1.awsstatic.com/whitepapers/compliance/Automating_Governance_on_AWS.pdf]]|
|2014.12|//AWS//|[[Architecting for Genomic Data Security and Compliance in AWS (pdf)|https://d1.awsstatic.com/whitepapers/compliance/AWS_dBGaP_Genomics_on_AWS_Best_Practices.pdf]]|
|2014.11|//AWS//|[[Encrypting Data at Rest (pdf)|https://d1.awsstatic.com/whitepapers/AWS_Securing_Data_at_Rest_with_Encryption.pdf]]|
|>|!|>||
||//AWS//|[[AWS Global Condition Context Keys|https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html]]|
|>|!|>||
||//AWS//|[[AWS General Reference|https://docs.aws.amazon.com/general/latest/gr/Welcome.html]] ([[pdf|https://docs.aws.amazon.com/general/latest/gr/aws-general.pdf]])|
||//AWS//|[[AWS Security Credentials|https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html]]|
||//AWS//|[[Service Endpoints and Quotas|https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html]]|
||//AWS//|[[AWS Resources|https://docs.aws.amazon.com/general/latest/gr/aws-resources.html]]|
||//AWS//|[[AWS IP Address Ranges|https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html]]|
||//AWS//|[[AWS APIs|https://docs.aws.amazon.com/general/latest/gr/aws-apis.html]]|
||//AWS//|[[Document Conventions|https://docs.aws.amazon.com/general/latest/gr/docconventions.html]]|
||//AWS//|[[AWS Glossary|https://docs.aws.amazon.com/general/latest/gr/glos-chap.html]]|
||//AWS//|[[What Is Amazon CloudWatch Events?|https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatIsCloudWatchEvents.html]]|
||//AWS//|[[Amazon EventBridge|https://docs.aws.amazon.com/eventbridge/index.html]]|
||//AWS//|[[Network ACLs|https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html]]|
[img(50%,1px)[iCSF/BluePixel.gif]]
|2019.08.23|//Cloudonaut//|[[Complete AWS IAM Reference|https://iam.cloudonaut.io/]]|AWS IAM|
<<tiddler .ReplaceTiddlerTitle with: [[Ressources sur AWS]]>>
|>|>|>|>| ![<img(auto,50px)[iCSF/Work.gif]][>img(auto,50px)[iCSF/AWS.png]]
Article en cours de rédaction |
|>|>|>|>| Florilège des services AWS |
|[img[iCSF/awsAPIGW.png]]|AWS API Gateway|.|.|.|
|[img[iCSF/awsAthena.png]]|AWS Athena|.|.|.|
|.|AWS Audit Manager|.|.|.|
|[img[iCSF/awsAurora.png]]|AWS Aurora|.|.|.|
|[img[iCSF/awsCLI.png]]|AWS CLI|Command Line Interface|.|.|
|[img[iCSF/awsCloudFormation.png]]|AWS CloudFormation|.|.|.|
|[img[iCSF/awsCloudFront.png]]|AWS CloudFront|.|.|.|
|[img[iCSF/awsCloudHSM.png]]|AWS CloudHSM|Harware Security Module|.|.|
|[img[iCSF/awsCloudTrail.png]]|AWS CloudTrail|.|.|.|
|[img[iCSF/awsCloudWatch.png]]|AWS CloudWatch|.|.|.|
|[img[iCSF/awsCognito.png]]|AWS Cognito|.|.|.|
|[img[iCSF/awsConfig.png]]|AWS Config|.|.|.|
|[img[iCSF/awsControlTower.png]]|AWS Control Tower|.|.|.|
|[img[iCSF/awsDetective.png]]|AWS Detective|.|.|.|
|[img[iCSF/awsDirectConnect.png]]|AWS Direct Connect|.|.|.|
|[img[iCSF/awsDirectoryService.png]]|AWS Directory Service|.|.|.|
|[img[iCSF/awsDynamoDB.png]]|AWS DynamoDB|.|.|.|
|[img[iCSF/awsEBS.png]]|AWS EBS|Elactic Block Service|.|.|
|[img[iCSF/awsEC2.png]]|AWS EC2|Elastic Compute Cloud|.|.|
|[img[iCSF/awsEC2AutoScaling.png]]|AWS EC2 Auto-Scaling|Elastic Compute Cloud|.|.|
|[img[iCSF/awsEFS.png]]|AWS EFS|Elastic File System|.|.|
|[img[iCSF/awsELB.png]]|AWS ELB|Elastic Load Balancing|.|.|
|[img[iCSF/awsEMR.png]]|AWS EMR|.|.|.|
|.|AWS Elastic Beanstalk|.|.|.|
|.|AWS Federated Authentication|.|.|.|
|[img[iCSF/awsFirewallManager.png]]|AWS Firewall Manager|.|.|.|
|[img[iCSF/awsGuardDuty.png]]|AWS GuardDuty|.|.|.|
|[img[iCSF/awsIAM.png]]|AWS IAM|Identity and Access Management|.|.|
|.|AWS IAM Access Analyzer|Identity and Access Management|.|.|
|[img[iCSF/awsInspector.png]]|AWS Inspector|.|.|.|
|[img[iCSF/awsKMS.png]]|AWS KMS|.|.|.|
|[img[iCSF/awsKinesis.png]]|AWS Kinesis|.|.|.|
|[img[iCSF/awsKinesis.png]]|AWS Kinesis Data Analytics|.|.|.|
|[img[iCSF/awsKinesis.png]]|AWS Kinesis Data Streams|.|.|.|
|[img[iCSF/awsKinesis.png]]|AWS Kinesis Firehose|.|.|.|
|[img[iCSF/awsLambda.png]]|AWS Lambda|.|.|.|
|.|AWS Landing Zone|.|.|.|
|[img[iCSF/awsMacie.png]]|AWS Macie|.|.|.|
|[img[iCSF/awsManagementConsole.png]]|AWS Management Console|.|.|.|
|[img[iCSF/awsOrganizations.png]]|AWS Organizations|.|.|.|
|[img[iCSF/awsRDS.png]]|AWS RDS|.|.|.|
|[img[iCSF/awsRedshift.png]]|AWS RedShift|.|.|.|
|[img[iCSF/awsRoute53.png]]|AWS Route 53|.|.|.|
|[img[iCSF/awsGlacier.png]]|AWS S3 Glacier|.|.|.|
|.|AWS S3|.|.|.|
|.|AWS SDK|Software Development Kits|.|.|
|[img[iCSF/awsSecretsManager.png]]|AWS Secrets Manager|.|.|.|
|[img[iCSF/awsSecurityHub.png]]|AWS Security Hub||.|.|
|[img[iCSF/awsServiceCatalog.png]]|AWS Service Catalog||.|.|
|[img[iCSF/awsShield.png]]|AWS Shield||.|.|
|[img[iCSF/awsSNS.png]]|AWS SNS|Simple Notification Service|.|.|
|.|AWS Service Catalog|.|.|.|
|[img[iCSF/awsSSO.png]]|AWS SSO|Single Sign-On|.|.|
|[img[iCSF/awsSystemsManager.png]]|AWS Systems Manager|.|.|.|
|[img[iCSF/awsTransitGateway.png]]|AWS Transit Gateway|.|.|.|
|.|AWS VPC Flow Logs|.|.|.|
|[img[iCSF/awsVPN.png]]|.|.|.|.|
|[img[iCSF/awsVPC.png]]|AWS VPC|.|.|.|
|[img[iCSF/awsWAF.png]]|AWS WAF|Web Application firewall|.|.|
|.|.|.|.|.|
|>|>|>|>|AWS Cloud Adoption Framework (CAF)|
<<tiddler .ReplaceTiddlerTitle with: [[Liste des services AWS]]>>
La plupart des aspects liés à la sécurité d'Azure sont accessibles depuis le portail ⇒ https://docs.microsoft.com/en-us/security/
<<tabs tRefRPA 'Bonnes pratiques' '' [[Ref-Presta-Azure-BestP]] 'IaaS' '' [[Ref-Presta-Azure-IaaS]] 'Divers' '' [[Ref-Presta-Azure-Misc]]>>[img(50%,1px)[iCSF/BluePixel.gif]]
|>| ![<img(auto,50px)[iCSF/Work.gif]]
Article en cours de rédaction |
|2020.07.08|[[Azure Sentinel Best Practices|https://www.microsoft.com/security/blog/wp-content/uploads/2020/07/Azure-Sentinel-whitepaper.pdf]]|
|2020.07.01|//Microsoft Azure//|[[Azure Active Directory Data Security Considerations|https://azure.microsoft.com/en-us/resources/azure-active-directory-data-security-considerations/]]|AzureAD|
|2019.11.08|[[Azure Security Best Practices and Patterns|https://docs.microsoft.com/en-us/azure/security/fundamentals/best-practices-and-patterns]]|
|2019.04.18|[[Microsoft Azure Security Response in the Cloud (pdf)|https://aka.ms/SecurityResponsepaper]]|
|2019.04.18|[[Analyze Azure AD activity logs with Azure Monitor logs|https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-analyze-activity-logs-log-analytics]]|
|2019.04.19|[[Security Best Practices for Azure Solutions|https://azure.microsoft.com/resources/security-best-practices-for-azure-solutions]]|
||[[Azure Boundary Security Best Practices|https://docs.microsoft.com/en-us/azure/best-practices-network-security]]|
||[[Azure Database Security Best Practices|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternsazure-database-security-best-practices]]|
||[[Azure Data Security and Encryption Best Practices|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternsazure-security-data-encryption-best-practices]]|
||[[Azure Identity Management and Access Control Security Best Practices|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternsazure-security-identity-management-best-practices]]|
||[[Azure Network Security Best Practices|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternsazure-security-network-security-best-practices]]|
|2019.05.07|[[Azure Operational Security Best Practices|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternsazure-operational-security-best-practices]]|
|2019.05.07|[[Azure PaaS Best Practices|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternssecurity-paas-deployments]]|
|2019.05.07|[[Azure Service Fabric Security Best Practices|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternsazure-service-fabric-security-best-practices]]|
|2019.05.07|[[Best Practices for Azure VM Security|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternsazure-security-best-practices-vms]]|
||[[Implementing a Secure Hybrid Network Architecture in Azure|https://docs.microsoft.com/en-us/azure/guidance/guidance-iaas-ra-secure-vnet-hybrid]]|
||[[Internet of Things Security Best Practices|https://docs.microsoft.com/en-us/azure/security/azure-security-iot-best-practices]]|
||[[Securing PaaS Databases in Azure|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternssecurity-paas-applications-using-sql]]|
||[[Securing PaaS Web and Mobile Applications Using Azure App Service|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternssecurity-paas-applications-using-app-services]]|
||[[Securing PaaS Web and Mobile Applications Using Azure Storage|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternssecurity-paas-applications-using-storage]]|
|2019.05.07|[[Security Best Practices for IaaS Workloads in Azure|https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-patternsazure-security-iaas]]|
<<tiddler .ReplaceTiddlerTitle with: [[Ressources sur Azure : Bonnes Pratiques]]>>
|>| ![<img(auto,50px)[iCSF/Work.gif]]
Article en cours de rédaction |
|2019.02.11|[[Azure Stack at its core is an Infrastructure-as-a-Service (IaaS) platform|https://azure.microsoft.com/en-us/blog/azure-stack-iaas-part-one/]]|
|2019.02.26|[[Start with what you already have|https://azure.microsoft.com/en-us/blog/azure-stack-laas-part-two/]]|
|2019.03.08|[[Fundamentals of IaaS|https://azure.microsoft.com/en-us/blog/azure-stack-iaas-part-3/]]|
|2019.03.11|[[Protect your stuff|https://azure.microsoft.com/en-us/blog/azure-stack-iaas-part-four/]]|
|2019.03.20|[[Do it yourself|https://azure.microsoft.com/en-us/blog/azure-stack-iaas-part-five/]]|
|2019.03.27|[[Pay for what you use|https://azure.microsoft.com/en-us/blog/azure-stack-iaas-part-six/]]|
|2019.04.08|[[It takes a team|https://azure.microsoft.com/en-us/blog/azure-stack-iaas-part-seven/]]|
|2019.05.01|[[If you do it often, automate it|https://azure.microsoft.com/en-us/blog/azure-stack-iaas-part-seven-2/]]|
|2019.06.03|[[Build on the success of others|https://azure.microsoft.com/en-us/blog/azure-stack-iaas-part-nine/]]|
|2019.06.17|[[Journey to PaaS|https://azure.microsoft.com/en-us/blog/azure-stack-iaas-part-ten/]]|
<<tiddler .ReplaceTiddlerTitle with: [[Ressources sur Azure : IaaS]]>>
|>|>| ![<img(auto,50px)[iCSF/Work.gif]]
Article en cours de rédaction |
||[[Azure security logging and auditing|https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit]]|Audit Logging|
||[[Azure Security Center - Alerts Reference Guide|https://docs.microsoft.com/en-us/azure/security-center/alerts-reference]]|Native Alerting|
|2020.03.11|[[Security Recommendations - a Reference Guide|https://docs.microsoft.com/en-us/azure/security-center/recommendations-reference]]|Azure_Security_Center Best_Practices|
|2020.02.11|[[Container security in Security Center|https://docs.microsoft.com/en-us/azure/security-center/container-security]]|Containers Best_Practices|
|2020.01.29|[[Attack Simulator in Office 365|https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator]]|O365 Tools|
|2019.12.23|[[Azure Security Benchmarks Documentation|https://docs.microsoft.com/en-us/azure/security/benchmarks/]]|Azure Benchmarking|
|2019.09.09|[[Manage Emergency Access Accounts in Azure AD|https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-emergency-access]]|AzureAD Mitigation|
|2019.02.11|[[Azure for Secure Worldwide Public Sector Cloud Adoption|https://gallery.technet.microsoft.com/Azure-for-Secure-Worlwide-19b91d44]] ([[pdf|https://gallery.technet.microsoft.com/Azure-for-Secure-Worlwide-19b91d44/file/219878/2/Azure%20for%20WW%20Public%20Sector.pdf]])|Governance|
<<tiddler .ReplaceTiddlerTitle with: [[Ressources sur Azure : Divers]]>>
|>| ![<img(auto,50px)[iCSF/Work.gif]]
Article en cours de rédaction |
||//Google Cloud//|[[Auto-launching Packet Mirroring for application monitoring|https://cloud.google.com/solutions/auto-launching-packet-mirroring-for-application-monitoring]]|Packet_Mirroring|
||//Google Cloud//|[[Google Cloud security foundations guide (pdf)|https://services.google.com/fh/files/misc/google-cloud-security-foundations-guide.pdf]]|Foundation|
||//Google Cloud//|[[Cloud Security Blueprints for Anthos|https://github.com/GoogleCloudPlatform/anthos-security-blueprints]]|Anthos|
||//Google Cloud//|[[Anthos Security Blueprints: Frequently asked questions|https://cloud.google.com/architecture/blueprints/anthos-security-blueprints-faq]]|Anthos|
||//Google Cloud//|[[Cloud Foundation Toolkit Project|https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit]]|Foundation|
||//Google Cloud//|[[Terraform Example Foundation|https://github.com/terraform-google-modules/terraform-example-foundation]]|Terraform Foundation|
||//Google Cloud//|[[Exploring Container Security|https://cloud.google.com/blog/topics/exploring-container-security]]|Containers|
|2021.01.22|Anton Chuvakin|![[From Google Cloud Blog: "New whitepaper: Designing and deploying a data security strategy with Google Cloud"|https://medium.com/anton-on-security/from-google-cloud-blog-new-whitepaper-designing-and-deploying-a-data-security-strategy-with-50de78f2380a]]|GCP|
|2021.01.22|//SideChain//| → [[Designing and deploying a data security strategy with Google Cloud|https://services.google.com/fh/files/misc/designing_and_deploying_data_security_strategy.pdf]]|GCP|
|2020.02.05|//Google Cloud//|[[Google security whitepaper|https://cloud.google.com/security/overview/whitepaper]] ([[pdf|https://services.google.com/fh/files/misc/google_security_wp.pdf]])|Governance|
|2019.12.10|//Google Cloud//|[[Mitigating Security Incidents|https://cloud.google.com/kubernetes-engine/docs/how-to/security-mitigations]]|Incident_Handling|
|2019.12.05|//Google Cloud//|[[Hardening Your Cluster's Security|https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster]]|Hardening|
|2019.10.24|//Google Cloud//|[[Data Incident Response Process|https://cloud.google.com/security/incident-response/]]|Incident_Response|
|2019.09.11|//Google Cloud//|[[How to use Cloud Security Scanner - Getting Started with Cloud Security Command Center|https://www.youtube.com/watch?v=goJ_G2ygdSA]] (vidéo)|Scanning|
|2019.08.23|//Google Cloud//|[[Security Controls and Forensic Analysis for GKE apps|https://cloud.google.com/solutions/security-controls-and-forensic-analysis-for-GKE-apps]]|Controls Forensics|
|2018.09.11|//Google Cloud//|[[Trust Through Transparency: Incident Response in Google Cloud|https://cloud.google.com/blog/products/identity-security/trust-through-transparency-incident-response-in-google-cloud]]|Incident_Response|
|2018.09.07|//Google Cloud//|[[Data Incident Response Process (pdf)|https://services.google.com/fh/files/misc/data_incident_response_2018.pdf]]|Incident_Response|
|2018.03.21|//Google Cloud//|[[Google Infrastructure Security Design Overview|https://cloud.google.com/security/infrastructure/design/]] ([[pdf|https://cloud.google.com/security/infrastructure/design/resources/google_infrastructure_whitepaper_fa.pdf]])|Infrastructure Design|
|2017.05.18|//Google Cloud//|[[Google Cloud Security and Compliance Whitepaper (pdf)|https://static.googleusercontent.com/media/gsuite.google.com/en/files/google-apps-security-and-compliance-whitepaper.pdf]]|Compliance|
|2016.04.16|//Google Cloud//|[[Best Practices for DDoS Protection and Mitigationon Google Cloud Platform (pdf)|https://cloud.google.com/files/GCPDDoSprotection-04122016.pdf]]|Best_Practices DDoS|
<<tiddler .ReplaceTiddlerTitle with: [[Ressources sur GCP]]>>
|>|>| !Sigles de "A" à "Z" //...-__a__s-__a__-__S__ervice//" |
|ABAC|Attribute-Based Access Controls||
|!ACI|Azure Container Instance|+++[Azure »] https://azure.microsoft.com/en-us/services/container-instances/ ===|
|!ACK|AWS Controllers K8s|+++[AWS »] https://github.com/aws/aws-controllers-k8s ===|
|!ACR|Azure Container Registry||
|!AKS|Azure Kubernetes Service|+++[Azure »] https://azure.microsoft.com/en-us/services/service-fabric/ ===|
|ALB|Application Load Balancer|+++[AWS »] https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#desync-mitigation-mode ===|
|!ASC|Azure Security Center|
|!ASF|Azure Service Fabric|+++[Azure »] https://azure.microsoft.com/en-us/services/service-fabric/ ===|
|!ASP|__A__pplication __S__ervice __P__rovider|+++[»] __''Gartner''__ → https://www.gartner.com/it-glossary/asp-application-service-provider/
//An __A__pplication __S__ervice __P__rovider (ASP) is defined as an enterprise that delivers application functionality and associated services across a network to multiple customers using a rental or usage-based transaction-pricing model. Gartner defines the ASP market as the delivery of standardized application software via a network, though not particularly or exclusively the Internet, through an outsourcing contract predicated on usage-based transaction pricing. The ASP market is composed of a mix of service providers (Web hosting and IT outsourcing), independent software vendors and network/telecommunications providers.//=== |
|!AaaS|__A__pplication - __A__uthentification|!|
|!BaaS|__B__ackup - __B__ackend - __B__anking - __B__usinessas|!|
|!CASB|__C__loud __A__ccess __S__ecurity __B__rokers|+++[»] __''Gartner''__ → https://www.gartner.com/it-glossary/cloud-access-security-brokers-casbs/
//__C__loud __A__ccess __S__ecurity __B__rokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.//
__''Wikipedia''__ → https://en.wikipedia.org/wiki/Cloud_access_security_broker
A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. A CASB can offer a variety of services, including but not limited to monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware. === __//Divvycloud//__ → https://divvycloud.com/blog-casb/ ===|
|!CCSK|Certificate of Cloud Security Knowledge|+++[CSA »] https://cloudsecurityalliance.fr/go/CCSK ===|
|!CIEM|__C__loud __I__nfrastructure __E__ntitlement __M__anagement|+++[»] __//Divvycloud//__ → https://divvycloud.com/blog-ciem/ ===|
|!CISPA|__C__loud __I__nfrastructure __S__ecurity __P__osture __A__ssessment||
|CLB|Classic Load Balancer|+++[AWS »] https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-desync-mitigation-mode.html ===|
|CMMC|Cybersecurity Maturity Model Certification||
|!CMSP|__C__loud __M__anaged __S__ervice __P__rovider||
|!CNAPP|__C__loud-__N__ative __A__pplication __P__rotection __P__latform|+++[»] __//Divvycloud//__ → https://divvycloud.com/blog-cnapp/ ===|
|!CNI|Container Networking Interface||
|!CSPM|__C__loud __S__ecurity __P__osture __M__anagement|+++[»] __''Armor''__ → https://www.armor.com/blog/cspm-a-new-class-of-security-tools/
//__C__loud __S__ecurity __P__osture __M__anagement tools automatically check an environment against compliance and security violations and provide the steps necessary to remediate them — often automated with the click of a button.//
__//Divvycloud//__ → https://divvycloud.com/blog-cspm/ ===||
|!CSP|__C__loud __S__ervice __P__rovider||
|!CWPP|__C__loud __W__orkload __P__rotection __P__latforms|+++[»] __''Gartner''__
CWPP is defined by host-centric solutions that target the unique requirements of server workload protection in modern hybrid data center architectures.
__//Divvycloud//__ → https://divvycloud.com/blog-cwpp/ ===|
|!CaaS|__C__hargeback - __C__ollaboration - __C__ommunication - __C__ompliance - __C__ontainer - __C__ontent - __C__rimeware|!|
|!DRaaS|''__D__isaster __R__ecovery-as-a-Service''|!|
|!DaaS|__D__atabase - __D__esktop|!|
|!EaaS|__E__mail - __E__ntreprise|!|
|!EBS|Elastic Block Store|+++[AWS »] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html ===|
|!EFK|Elastic search^^(object store)^^, FluentD^^(log routing and aggregation)^^, Kibana^^(visualization)^^||
|!EFS|Elastic File Systm|+++[AWS »] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEFS.html ===|
|!EKS|Amazon Elastic Kubernetes Service|!|
|!ELK|Elastic search^^(object store)^^, Logstash^^(log routing and aggregation)^^, Kibana^^(visualization)^^||
|!FaaS|__F__ailure - __F__orms - __F__ramework - __F__unction as-a-Service|!|
|FHE|Fully Homomorphic Encryption|
|!GaaS|__G__aming|!|
|!GKE|__G__oogle __K__ubernetes __E__ngine|!|
|!HaaS|__H__ardware|!|
|!IaC|__I__nfrastructure-__a__s-__C__ode|
|!IaaS|__I__nformation - ''__I__nfrastructure-as-a-Service'' - __I__ntegration|!|
|!JaaS|__J__ava - __J__uju|!|
|!KaaS|__K__nowledge|!|
|!LaaS|__L__ab - __L__ight - __L__ogging|!|
|MCAS|Microsoft Cloud App Security|+++[»] __Microsoft__ → https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security === |
|!MaaS|__M__alware - __M__etal - __M__obile - __M__ontoring|!|
|!MLaaS|__M__achine __L__earning - __M__etal - __M__obile - __M__ontoring|!|
|!NaaS|__N__etwork|!|
|!OaaS|__O__ptimization - __O__racle|!|
|OKE|__O__racle Cloud Infrastructure Container __E__ngine for __K__ubernetes|+++[»] __Oracle__ → https://www.oracle.com/cloud-native/container-engine-kubernetes/ === |
|OPA|Open Policy Agent (OPA)|+++[»] Vise à l'uniformisation des politiques sur différentes technologies et plateformes === |
|!PaaS|__P__ayment - ''__P__latform as-a-Service'' - __P__roduct|!|
|PAG|Privileged Access Groups|+++[Azure »] https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-features === |
|!QaaS|__Q__uality|!|
|!RASP|__R__untime __A__pplication __S__elf-__P__rotection|+++[»] __''Gartner''__ → https://www.gartner.com/it-glossary/runtime-application-self-protection-rasp/
//__R__untime __A__pplication __S__elf-__P__rotection (RASP) is a security technology that is built or linked into an application or application runtime environment, and is capable of controlling application execution and detecting and preventing real-time attacks.//=== |
|!RaaS|__R__ansomware - __R__ecovery - __R__eporting - __R__isk Assessment Program|!|
|!S3|Amazon Simple Storage Service|+++[AWS »] https://docs.aws.amazon.com/AmazonS3/latest/dev/Welcome.html === |
|!SASE|__S__ecure __A__ccess __S__ervice __E__dge|+++[»] __''Gartner''__ → https://www.gartner.com/doc/reprints?id=1-6QW0Z4A&ct=190528 === |
|!SECaaS|__SEC__ecurity|!|
|!SaaS|__S__ales - __SOC__ - ''__S__oftware-as-a-Service''|!|
|!TaaS|__T__erminology - __T__esting - __T__ransport|!|
|!UaaS|__U__nderstanding - __U__tility|!|
|!VaaS|__V__ideo - __V__oice|!|
|!WAAP|__W__eb __A__pplication and __A__PI __P__rotection ||
|!WAF|__W__eb __A__pplication __F__irewall||
|!WaaS|__W__orkforce - __W__orkplace - __W__orkstation as-a-Service|!|
|!XaaS|Everything|!|
|!YaaS|__Y__ou|!|
|!ZaaS|__Z__oning|!|
[img(25%,1px)[iCSF/BluePixel.gif]]
/% |<<tiddler [[Ref-Sigles-aaS]]>>|<<tiddler [[Ref-Sigles-CloudSec]]>>|<<tiddler [[Ref-Sigles-Cloud]]>>| %/
<<tiddler .ReplaceTiddlerTitle with: [[Sigles]]>>
|>|>| !Sigles Cloud et Sécurité |
|>|>||
|!|!Signification|!Commentaires|
|!ASP|__A__pplication __S__ervice __P__rovider|+++[»] __''Gartner''__ → https://www.gartner.com/it-glossary/asp-application-service-provider/
//An __A__pplication __S__ervice __P__rovider (ASP) is defined as an enterprise that delivers application functionality and associated services across a network to multiple customers using a rental or usage-based transaction-pricing model. Gartner defines the ASP market as the delivery of standardized application software via a network, though not particularly or exclusively the Internet, through an outsourcing contract predicated on usage-based transaction pricing. The ASP market is composed of a mix of service providers (Web hosting and IT outsourcing), independent software vendors and network/telecommunications providers.//=== |
|!CASB|__C__loud __A__ccess __S__ecurity __B__rokers|+++[»] __''Gartner''__ → https://www.gartner.com/it-glossary/cloud-access-security-brokers-casbs/
//__C__loud __A__ccess __S__ecurity __B__rokers (CASBs) are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.//
__''Wikipedia''__ → https://en.wikipedia.org/wiki/Cloud_access_security_broker
A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or cloud based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. A CASB can offer a variety of services, including but not limited to monitoring user activity, warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware. === |
|!CISPA|__C__loud __I__nfrastructure __S__ecurity __P__osture __A__ssessment||
|!CMSP|__C__loud __M__anaged __S__ervice __P__rovider||
|!CSP|__C__loud __S__ervice __P__rovider||
|!CSPM|__C__loud __S__ecurity __P__osture __M__anagement|+++[»] __''Armor''__ → https://www.armor.com/blog/cspm-a-new-class-of-security-tools/
//__C__loud __S__ecurity __P__osture __M__anagement tools automatically check an environment against compliance and security violations and provide the steps necessary to remediate them — often automated with the click of a button.//=== |
|!CWPP|__C__loud __W__orkload __P__rotection __P__latforms|+++[»] __''Gartner''__
CWPP is defined by host-centric solutions that target the unique requirements of server workload protection in modern hybrid data center architectures. === |
|!IaC|__I__nfrastructure-__a__s-__C__ode|
|!RASP|__R__untime __A__pplication __S__elf-__P__rotection|+++[»] __''Gartner''__ → https://www.gartner.com/it-glossary/runtime-application-self-protection-rasp/
//__R__untime __A__pplication __S__elf-__P__rotection (RASP) is a security technology that is built or linked into an application or application runtime environment, and is capable of controlling application execution and detecting and preventing real-time attacks.//=== |
|!SASE|__S__ecure __A__ccess __S__ervice __E__dge|+++[»] __''Gartner''__ → https://www.gartner.com/doc/reprints?id=1-6QW0Z4A&ct=190528 === |
|!WAAP|__W__eb __A__pplication and __A__PI __P__rotection ||
|!WAF|__W__eb __A__pplication __F__irewall||
|>|>| [img(25%,1px)[iCSF/BluePixel.gif]] |
|>|>| !Sigles de "A" à "Z" //...-__a__s-__a__-__S__ervice//" |
|>|>||
|!Sigle|!Signification|!Commentaires|
|!AaaS|__A__pplication - __A__uthentification|!|
|!BaaS|__B__ackup - __B__ackend - __B__anking - __B__usinessas|!|
|!CaaS|__C__ollaboration - __C__ommunication - __C__ompliance - __C__ontainer - __C__ontent - __C__rimeware|!|
|!DaaS|__D__atabase - __D__esktop|!|
|!DRaaS|''__D__isaster __R__ecovery-as-a-Service''|!|
|!EaaS|__E__mail - __E__ntreprise|!|
|!FaaS|__F__ailure - __F__orms - __F__ramework - __F__unction as-a-Service|!|
|!GaaS|__G__aming|!|
|!HaaS|__H__ardware|!|
|!IaaS|__I__nformation - ''__I__nfrastructure-as-a-Service'' - __I__ntegration|!|
|!JaaS|__J__ava - __J__uju|!|
|!KaaS|__K__nowledge|!|
|!LaaS|__L__ab - __L__ight - __L__ogging|!|
|!MaaS|__M__alware - __M__etal - __M__obile - __M__ontoring|!|
|!NaaS|__N__etwork|!|
|!OaaS|__O__racle|!|
|!PaaS|__P__ayment - ''__P__latform as-a-Service'' - __P__roduct|!|
|!QaaS|__Q__uality|!|
|!RaaS|__R__ansomware - __R__ecovery - __R__eporting - __R__isk Assessment Program|!|
|!SaaS|__S__ales - __SOC__ - ''__S__oftware-as-a-Service''|!|
|!SECaaS|__SEC__ecurity|!|
|!TaaS|__T__erminology - __T__esting - __T__ransport|!|
|!UaaS|__U__nderstanding - __U__tility|!|
|!VaaS|__V__ideo - __V__oice|!|
|!WaaS|__W__orkforce - __W__orkplace - __W__orkstation as-a-Service|!|
|!XaaS|Everything|!|
|!YaaS|__Y__ou|!|
|!ZaaS|__Z__oning|!|
|>|>| [img(25%,1px)[iCSF/BluePixel.gif]] |
|>|>|>|>|>|>| !Sigles Cloud et Produits |
|>|>|>|>|>|>||
|!Sigles|!Signification|!Lien|Azure|AWS|GCP|K8s|
|!ACI|Azure Container Instance|[[»|https://azure.microsoft.com/en-us/services/container-instances/]]|
|!AKS|Azure Kubernetes Service|[[»|https://azure.microsoft.com/en-us/services/service-fabric/]]|
|!ASF|Azure Service Fabric|[[»|https://azure.microsoft.com/en-us/services/service-fabric/]]|
|>|>|>|>|>|>| [img(25%,1px)[iCSF/BluePixel.gif]] |
Vous trouverez ici :
* des tableaux de bord de ''l'état de services Cloud'' et les pages "sécurité"+++^*[»]> <<tiddler Outils##EtatServices>>=== des //fournisseurs d'énergie Cloud//
* une liste de ''plus de 320 outils'' disponibles sur ''GitHub''+++*[»]> <<tiddler Outils##GitHub>>===
* une liste d'outils disponibles sur ''Code.Google''+++^*[»]> <<tiddler Outils##CodeGoogle>>===
* une liste de projets ''Open Source''+++^*[»]> <<tiddler Outils##OpenSource>>===, d'utilitaires et de scripts+++^*[»]> <<tiddler Outils##Misc>>=== ou ''en ligne''+++^*[»]> <<tiddler Outils##Online>>===
* une liste de sites avec des Travaux Pratiques+++^*[»]> <<tiddler Outils##HandsOnLabs>>=== et surtout des ''challenges'' sécurité ou de composants à tester en local ou dans le Cloud+++*[»]> <<tiddler Outils##Challenges>>===
* des références de ''sites''+++^*[»]> <<tiddler Outils##Sites>>===
* des ''numéros de ports TCP & UDP'' de références+++^*[»]> <<tiddler Outils##Ports>>===
* une liste de liens vers de la formation gratuite+++^*[»]> <<tiddler Outils##Formations>>===
[img(50%,1px)[iCSF/BluePixel.gif]]
<<tabs tOutils 'Etat des Services' '' [[Outils##EtatServices]] 'GitHub' '' [[Outils##GitHub]] 'Code.Google' '' [[Outils##CodeGoogle]] 'OpenSource' '' [[Outils##OpenSource]] 'En Ligne' '' [[Outils##Online]] 'Divers' '' [[Outils##Misc]] 'Challenges' '' [[Outils##Challenges]] 'Travaux Pratiques' '' [[Outils##HandsOnLabs]] 'Sites' '' [[Outils##Sites]] 'Ports TCP et UDP' '' [[Outils##Ports]] 'Plages IP' '' [[Outils##ASnIP]] 'Formations' '' [[Outils##Formations]]>>
/%
!EtatServices
<<tiddler Outils-EtatsServices>>
!GitHub
<<tiddler Outils-GitHub>>
!CodeGoogle
<<tiddler Outils-CodeGoogle>>
!OpenSource
<<tiddler Outils-OpenSource>>
!Online
<<tiddler Outils-Online>>
!Misc
<<tiddler Outils-Misc>>
!Challenges
<<tiddler Outils-Challenges>>
!HandsOnLabs
<<tiddler Outils-HandsOnLabs>>
!Sites
<<tiddler Outils-Sites>>
!Ports
<<tiddler Outils-Ports>>
!ASnIP
<<tiddler Outils-ASs+IPs>>
!Formations
<<tiddler Outils-Formations>>
!end
%/
|>|>|>|>|>|>|!Listes de __liens__ liés à la surveillance de l'état de dysfonctionnement d'environnement Cloud|
|>|>|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|ThousandEyes|>|>|>|>|>|[[Internet Outages Map|https://www.thousandeyes.com/outages]]|
|!CSP|!Etat|!Sécurité|![[DownDetector|https://downdetector.com/companies]]|![[Outage.report|https://outage.report/companies]]|!Twitter|![[WebSee|https://websee.com/]]|
|!Adobe|[[état|https://status.adobe.com/]]|.|.|.|.|
|!Amazon AWS|[[état|http://status.aws.amazon.com/]]|.|[[aws-amazon-web-services|https://downdetector.com/status/aws-amazon-web-services]]|.|[[AWSSecurityInfo|https://twitter.com/AWSSecurityInfo]]|[[lien|https://websee.com/company/5d15a98411cb99272c5ee616]]|
|!AWS CloudWatch|[[cloudwatch|http://aws.amazon.com/cloudwatch/]]|.|.|.|.|
|!Azure
//(historique)//|[[état|https://status.azure.com/fr-fr/status/]]
[[historique|https://status.azure.com/fr-fr/status/history/]]|.|[[windows-azure|https://downdetector.com/status/windows-azure/]]
[[windows-azure/archive|https://downdetector.com/status/windows-azure/archive/]]|.|.|[[lien|https://websee.com/company/5e25c9916df5dd0f16ed3b21]]|
|!Basecamp|[[état|https://status.basecamp.com/]]|.|.|.|.|
|!BitBucket.com|[[état|http://status.bitbucket.org/]]|.|[[bitbucket|https://downdetector.com/status/bitbucket]]|.|.|
|!Box|[[état|http://status.box.com/]]|.|[[box|https://downdetector.com/status/box]]|[[box|https://outage.report/box]]|.|
|!Cloudflare|[[état|https://www.cloudflarestatus.com/]]|.|[[cloudflare|https://downdetector.com/status/cloudflare]]|[[cloudflare|https://outage.report/cloudflare]]|.|
|!Connectwise|[[état|https://university.connectwise.com/University/SystemStatus/productHistory/ProductHistory.aspx]]|.|.|.|.|
|!GitHub|[[état|https://githubstatus.com/]]|.|.|.|.|
|!IBM|[[état|https://cloud.ibm.com/status?selected=status]], [[annonces|https://cloud.ibm.com/status?selected=announcement]]|.|[[ibm-cloud|https://downdetector.com/status/ibm-cloud/]]|.|.|[[IBM|https://websee.com/company/IBM]]|
|!Facebook|[[état|https://developers.facebook.com/status/]]|.|[[facebook|https://downdetector.com/status/facebook]]|[[facebook|https://outage.report/facebook]]|.|
|!GitHub|[[état|https://www.githubstatus.com/]] /% OLD:https://status.github.com/ %/|.|[[github|https://downdetector.com/status/github]]|.|.|
|!Google|[[état|https://status.cloud.google.com/]]|.|[[google-cloud|https://downdetector.com/status/google-cloud]]|.|.|
|!G suite|[[état|http://www.google.com/appsstatus#hl=fr&v=status]]|~|~|~|~|
|!iCloud|.|.|[[icloud|https://downdetector.com/status/icloud]]|.|.|
|!Office365|[[état|https://status.office365.com/]]|.|[[office-365|https://downdetector.com/status/office-365]]|.|.|
|!OneDrive|.|.||[[onedrive|https://downdetector.com/status/onedrive]]|.|
|!Outlook|.|.|[[outlook|https://downdetector.com/status/outlook]]|[[outlook|https://outage.report/outlook]]|.|
|!Outscale|[[état|https://status.outscale.com/]]|.|.|.|.|
|!OVH|[[état|https://www.ovh.com/fr/community/status/]]|.|.|[[ovh|https://outage.report/ovh]]|.|
|!Rackspace|[[état|https://status.rackspace.com/]]|.|[[rackspace|https://downdetector.com/status/rackspace]]|.|.|
|!Salesforce|[[état|http://trust.salesforce.com/trust/status/]]|.|[[salesforcecom|https://downdetector.com/status/salesforcecom]]|[[salesforcecom|https://outage.report/salesforcecom]]|.|
|!Sharepoint Online|.|.|[[sharepoint|https://downdetector.com/status/sharepoint]]|.|.|
|!Skype|[[état|https://support.skype.com/en/status/]]|.|[[skype|https://downdetector.com/status/skype]]|[[skype|https://outage.report/skype]]|.|
|!Slack|[[état|https://status.slack.com/]]|[[Sécurité|https://slack.com/intl/en-fr/security]]|[[slack|https://downdetector.com/status/slack]]|[[slack|https://outage.report/slack]]|.|
|!Wasabi|[[état|https://status.wasabi.com/]]|||.|
|>|>|>|>|!|>||
|>|Tableaux de bords consolidés|
|!Cloud Harmony|[[lien|https://cloudharmony.com/status]]|.|.|.|.|.|
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
|>|>|!Listes d'outils //Cloud et Sécurité// non commerciaux et disponibles sur GitHub|
|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|[[Aardvark|https://github.com/Netflix-Skunkworks/aardvark]]|[[Netflix|http://netflix.github.io/]]|Multi-account AWS IAM Access Advisor API|
|[[Aai|https://github.com/rams3sh/Aaia]]|[[Ramachandran-Seshadri|https://github.com/rams3sh]]|AWS Identity And Access Management Visualizer And Anomaly Finder ^^([[KitPloit|https://www.kitploit.com/2020/01/aaia-aws-identity-and-access-management.html]])^^|
|[[Action Hero|https://github.com/princespaghetti/actionhero]]|Anthony Barbieri|Sidecar style utility to assist with creating least privilege IAM Policies for AWS|
|[[Adaz|https://github.com/christophetd/Adaz]]|[[Christophe Tafani-Dereeper|http://christophetd.fr/]]|Automatically deploy customizable Active Directory labs in Azure ^^([[blog|https://blog.christophetd.fr/automating-the-provisioning-of-active-directory-labs-in-azure/]], [[KitPloit|https://www.kitploit.com/2020/11/adaz-automatically-deploy-customizable.html]])^^|
|[[AD Connect Dump|https://github.com/fox-it/adconnectdump]]|//[[Fox-IT|https://github.com/fox-it]]//|Azure AD Connect password extraction|
|[[AKS Checklist|https://github.com/lgmorand/aks-checklist]]|Louis-Guillaume Morand|Azure Kubernetes Service Checklist^^([[site|https://www.the-aks-checklist.com]])^^|
|[[AlertResponder|https://github.com/m-mizutani/AlertResponder]]|[[Masayoshi Mizutani|http://m-mizutani.github.io/]]|Automatic Security Alert Response Framework By AWS Serverless Application Model ^^([[KitPloit|https://www.kitploit.com/2020/01/alertresponder-automatic-security-alert.html]])^^|
|[[Amass|https://github.com/OWASP/Amass]]|Jeff Foley|In-depth DNS Enumeration and Network Mapping|
|[[Amazon S3 Find and Forget|https://github.com/awslabs/amazon-s3-find-and-forget]]|AWS|To handle data erasure requests from data lakes stored on Amazon S3 (pursuant to the GDPR)|
|[[AmiContained|https://github.com/genuinetools/amicontained]]|Genuine Tools|Container introspection tool to find out what container runtime is being used|
|[[Anchore|https://github.com/anchore/anchore-engine]]|//Anchore//|Service to Analyze Docker Images^^([[SecTechno|https://sectechno.com/anchore-service-to-analyze-docker-images/]])^^|
|[[ArmourBird CSF|https://github.com/armourbird/csf]]|[[Vaibhav Gupta|https://github.com/r3ver53r]]|Container Security Framework+++^*[»] https://twitter.com/ArmourBird === |
|[[ATT&CK GuardDuty Navigator|https://github.com/amrandazz/attack-guardduty-navigator]]|[[Anthony Randazzo|https://twitter.com/amrandazz]]|A MITRE ATT&CK Navigator export for AWS GuardDuty Findings|
|[[Attack Surface Analyzer|https://github.com/Microsoft/AttackSurfaceAnalyzer]]|Microsoft|Analyzes operating system's security configuration for changes during software installation|
|[[Audit2RAC|https://github.com/liggitt/audit2rbac]]|Jordan Liggitt|Autogenerate RBAC policies based on Kubernetes audit logs|
|[[AutoCERT|https://github.com/smallstep/autocert]]|//[[Smallstep|https://smallstep.com]]//|Kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers|
|[[AutoVPN|https://github.com/ttlequals0/autovpn]]|[[Dominick Krachtus|https://github.com/ttlequals0/]]|Create On Demand Disposable OpenVPN Endpoints on AWS^^([[KitPloit|https://www.kitploit.com/2020/09/autovpn-create-on-demand-disposable.html]], [[Sectechno|https://sectechno.com/autovpn-create-openvpn-endpoints-on-aws/]])^^|
|![[Awesome AWS S3|https://github.com/mxm0z/awesome-sec-s3]]|[[Ygor Maximo|https://github.com/mxm0z]]|Collection of awesome AWS S3 tools to collect and enumerate exposed S3 buckets|
|![[Awesome Azure Security|https://github.com/kmcquade/awesome-azure-security]]|[[Kinnaird McQuade|https://kmcquade.com]]|Curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources|
|[[Awesome Serverless|https://github.com/anaibol/awesome-serverless]]|[[Juan Anibal Micheli|http://anib.al/]]|Curated list of awesome services, solutions and resources for serverless / nobackend applications|
|[[AWS Account Controller|https://github.com/iann0036/aws-account-controller]]|[[Ian Mckay|https://onecloudplease.com/]]|Self-service creation and deletion of sandbox-style accounts ^^[[article|https://onecloudplease.com/blog/automating-aws-account-deletion]]^^|
|[[AWS Allow Lister|https://github.com/salesforce/aws-allowlister/]]//Salesforce//|Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks|
|[[AWS Auto Remediate|https://github.com/servian/aws-auto-remediate]]|servian|Instantly remediates common security issues through the use of AWS Config|
|[[AWS Breaking Changes|https://github.com/SummitRoute/aws_breaking_changes]]|''Scott Piper''|List of changes announced for AWS that may break existing code|
|[[AWS Bucke tDump|https://github.com/jordanpotti/AWSBucketDump/]]|[[Jordan Potti|https://jordanpotti.com/]]|Security Tool to Look For Interesting Files in S3 Buckets|
|[[AWS CLI Repl|https://github.com/janakaud/aws-cli-repl]]|Janaka Bandara|REPL-mode wrapper/proxy for [aws-cli]|
|[[AWS Collect Unused Security Groups|https://github.com/bridgecrewio/aws-collect-unused-security-groups]]|[[Bridgecrew|http://bridgecrew.io/]]|Tracks unused security groups of an AWS account over period of time with control of the interval to sample the security groups|
|[[AWS Container Images Toolkit|https://github.com/awslabs/aws-container-images-toolkit]]|//AWS Labs//|Statically and dynamically identify public container images hosted on Docker Hub|
|[[AWS Controllers K8s (ACK)|https://github.com/aws/aws-controllers-k8s]]|AWS|ACK enables to manage AWS services from Kubernetes|
|[[AWS Credential Compromise Detection|https://github.com/Netflix-Skunkworks/aws-credential-compromise-detection]]|Netflix-Skunkworks |Example detection of compromise credentials in AWS|
|[[AWS Exposable Resources|https://github.com/SummitRoute/aws_exposable_resources]]|''Scott Piper''|Resource types that can be publicly exposed on AWS|
|[[AWS Fast Fixes|https://github.com/WarnerMedia/aws-fast-fixes/]]|Chris Farris|Scripts to quickly fix security and compliance issues|
|[[AWS IAMCTL|https://github.com/aws-samples/aws-iamctl/]]|//AWS//|AWS IAM role-comparison tool IAMCTL^^([[blog|https://aws.amazon.com/blogs/security/new-iamctl-tool-compares-multiple-iam-roles-and-policies/]])^^|
|[[AWS Incident Response Runbooks|https://github.com/aws-samples/aws-incident-response-runbooks]]|[[AWS|https://github.com/aws-samples]]|AWS Incident Response Runbook sample templates|
|[[AWS Inventory|https://github.com/nccgroup/aws-inventory]]|[[NCC Group|https://www.nccgroup.trust]]|Discover resources created in an AWS account|
|[[AWS IR|https://github.com/ThreatResponse/aws_ir]]|[[ThreatResponse|http://www.threatresponse.cloud/]]|Python installable command line utiltity for mitigation of host and key compromises|
|[[AWS IR Plugins|https://github.com/ThreatResponse/aws_ir_plugins]]|[[ThreatResponse|http://www.threatresponse.cloud/]]|Core incident handling plugins for aws_ir cli, incident pony, and more|
|[[AWS Key Triage Script|https://github.com/cedowens/aws_key_triage_tool]]|[[Cedric Owens|https://github.com/cedowens/]]|Automate initial triage/enumeration on a set of aws keys in an input file|
|[[AWS Lambda API Call Recorder|https://github.com/tobilg/aws-lambda-api-call-recorder]]|Tobilg|A recorder of AWS API calls for Lambda functions|
|^^[[AWS Managed Policies|https://github.com/SummitRoute/aws_managed_policies]]^^ (obsolete)|^^''Scott Piper''^^|^^Collection of the AWS Managed IAM policies^^|
|[[AWS Managed Policies|https://github.com/z0ph/aws_managed_policies]] (nouveau)|z0ph|Collection of the AWS Managed IAM policies|
|[[AWS Perspective|https://github.com/awslabs/aws-perspective]]|//AWS Labs//|Tool to visualize AWS Cloud workloads as architecture diagrams|
|[[AWS pwn|https://github.com/dagrz/aws_pwn]]|Daniel Grzelak|A collection of AWS penetration testing junk from 2017|
|[[AWS Recon|https://github.com/darkbitio/aws-recon]]|[[Darkbit|https://darkbit.io]]|Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata ^^([[KitPloit|https://www.kitploit.com/2020/08/aws-recon-multi-threaded-aws-inventory.html]])^^|
|[[AWS Report|https://github.com/bsd0x/awsreport]]|[[bsd0x|https://github.com/bsd0x/]]|Tool For Analyzing Amazon Resources^^([[KitPloit|https://www.kitploit.com/2020/08/aws-report-tool-for-analyzing-amazon.html]]|^^|
|[[AWS S3 DLP|https://github.com/darkbitio/aws-s3-dlp]]|[[Darkbit|https://darkbit.io]]|Built on top of CloudWatch events and Lambda functions to alert when data is transferred to S3 buckets outside of your organization ^^([[blog|https://darkbit.io/blog/simple-dlp-for-amazon-s3]])^^|
|[[AWS S3 Security Best Practice Sentinel|https://github.com/ausmartway/aws-s3-security-best-practice-sentinel]]|[[ausmartway|https://github.com/ausmartway]]|Sets of Sentinel policies to check that your S3 is inline with AWS S3 security best practices|
|[[AWS S3 Virusscan|https://github.com/widdix/aws-s3-virusscan]]|[[widdix|https://widdix.net]]|Free Antivirus for S3 Buckets|
|[[AWS Secipes|https://github.com/nccgroup/AWS-recipes]]|[[NCC Group|https://www.nccgroup.trust]]|A number of Recipes for AWS|
|[[AWS Secure Environment Accelerator|https://github.com/aws-samples/aws-secure-environment-accelerator]]|//Amazon AWS//|Helps deploy and operate secure multi-account AWS environments on an ongoing basis|
|[[AWS Serverless Security Workshop|https://github.com/aws-samples/aws-serverless-security-workshop]]|[[AWS|https://github.com/aws-samples]]|Techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora|
|[[AWS Report|https://github.com/gmdutra/aws-report]]|[[Gabriel M. Dutra|http://gmdutra.github.io/]]|Tool for analyzing amazon resources ^^([[KitPloit|https://www.kitploit.com/2020/01/aws-report-tool-for-analyzing-amazon.html]])^^|
|[[AWS Security Automation|https://github.com/awslabs/aws-security-automation]]|AWS|AWS repository of tools|
|[[AWSGen.py|https://github.com/m4ll0k/AWSGen.py]]|[[mallok|https://github.com/m4ll0k]]|Generates Permutations, Alterations And Mutations Of AWS S3 Buckets Names ^^([[KitPloit|https://www.kitploit.com/2020/03/awsgenpy-generates-permutations.html]])^^|
|[[Awspx|https://github.com/FSecureLABS/awspx]]|[[F-Secure LABS|https://labs.f-secure.com/]]|Graph-based tool for visualizing effective access and resource relationships in AWS environments ^^([[KitPloit|https://www.kitploit.com/2020/03/awspx-graph-based-tool-for-visualizing.html]])^^|
|[[AZ DynDNS|https://github.com/jsa2/azdyndns]]|[[Joosua Santasalo|https://github.com/jsa2]]|Azure Dyndns for a dime|
|[[AZ Sentinel|https://github.com/wortell/AZSentinel]]|Maarten Goet|PowerShell module for Azure Sentinel|
|[[Azucar|https://github.com/nccgroup/azucar]]|[[NCC Group|https://www.nccgroup.trust]]|Security auditing tool for Azure environments|
|[[AzureAD Attack Defense|https://github.com/Cloud-Architekt/AzureAD-Attack-Defense]]|[[Thomas Naunheim|https://www.cloud-architekt.net]]|!|
|[[Azure AD Lateral Movement|https://github.com/talmaor/AzureADLateralMovement]]|[[Tal maor|https://github.com/talmaor]]|Lateral Movement graph for Azure Active Directory ^^[[détails|https://medium.com/@talthemaor/lateral-movement-graph-for-azure-ad-7c5e0136e2d8]])^^ |
|[[Azure CIS Scanner|https://github.com/kbroughton/azure_cis_scanner]]|Kesten Broughton|Security Scanner based on CIS benchmark 1.1 inspired by Scout2|
|[[Azure Key Vault Explorer|https://github.com/microsoft/AzureKeyVaultExplorer]]|Microsoft|Azure Key Vault Explorer|
|[[Azure Sentinel|https://github.com/Azure/Azure-Sentinel]]|//Azure//|Azure Sentinel repository|
|[[Azure Service Operator|https://github.com/Azure/azure-service-operator]]|[[Azure|https://github.com/Azure]]|Enables to provision Azure resources and connect applications to them from within Kubernetes|
|[[Backup Runner|https://github.com/SummitRoute/backup_runner]]|''Scott Piper''|Setting up personal G Suite backups on AWS|
|[[Barq|https://github.com/Voulnet/barq]]|[[Mohammed Aldoub|https://www.twitter.com/Voulnet]]|AWS Cloud Post Exploitation framework ^^([[KitPloit|https://www.kitploit.com/2019/09/barq-aws-cloud-post-exploitation.html]])^^|
|[[Blob Hunter|https://github.com/cyberark/blobhunter]]|//CyberArk//|Scans Azure blob storage accounts for publicly opened blobs|
|[[BloodHound AD|https://github.com/BloodHoundAD/BloodHound]]|!|Graph-theory tool to reveal hidden relationships and attack paths in an Active Directory environment|
|[[BOtB|https://github.com/brompwnie/botb]]|[[Chris Le Roy|https://twitter.com/brompwnie]]|A Container Analysis and Exploitation Tool for Pentesters and Engineers ^^([[KitPloit|https://www.kitploit.com/2019/09/botb-container-analysis-and.html]], [[SecTechno|https://sectechno.com/botb-container-analysis-and-exploitation-tool/]])^^|
|[[BottleRocket OS|https://github.com/bottlerocket-os/bottlerocket]]|[[AWS BottlerRocket OS|https://github.com/bottlerocket-os]]|An operating system designed for hosting containers|
|[[Bucket Stream|https://github.com/eth0izzle/bucket-stream]]|eth0izzle|Find interesting Amazon S3 Buckets by watching certificate transparency logs|
|{{size75{[[ByteDance HIDS|https://github.com/bytedance/ByteDance-HIDS]]}}}|{{size75{Bytedance}}}|{{size75{Under development: ''CAREFULLY READ THE DOCUMENTATION''. Checks Cloud-Native Host-Based Intrusion Detection solution project to provide "//next-generation//" Threat Detection and Behavior Audition with modern architecture ^^([[KitPloit|https://www.kitploit.com/2021/01/bytedance-hids-cloud-native-host-based.html]])^^)}}}|
|[[Calico|https://github.com/projectcalico/calico]]|Project Calico|Cloud native connectivity and network policy|
|[[Caponeme|https://github.com/avishayil/caponeme]]|[[Avishay Bar|https://github.com/avishayil]]|Repository demonstrating the Capital One breach on your AWS account|
|[[Capsule|https://github.com/clastix/capsule]]|//[[Clastix|http://clastix.io]]//|Kubernetes multi-tenant Operator|
|[[Cartography|https://github.com/lyft/cartography]]|Lyft|//Framework that supports mapping trust relationships across a number of different cloud platforms//|
|[[Chaos Monkey|https://github.com/Netflix/chaosmonkey]]|[[Netflix|http://netflix.github.io/]]|Resiliency tool that helps applications tolerate random instance failures|
|[[Checkov|https://github.com/bridgecrewio/checkov]]|[[Bridgecrew|http://bridgecrew.io/]]|Prevent cloud misconfigurations during build time|
|[[Clair|https://github.com/coreos/clair]]|CoreOS|Static Analysis of Vulnerabilities for Applications and Docker Containers|
|[[CloudBrute|https://github.com/0xsha/CloudBrute]]|[[0xSha|https://0xsha.io]]|Tool to find a company (target) infrastructure, files, and apps on the top cloud providers|
|[[Cloud Burst|https://github.com/ustayready/CloudBurst]]|U Stay Ready|Red team framework for interacting with cloud providers to capture, compromise, and exfiltrate data|
|[[Cloud Check|https://github.com/ANK1036Official/Cloudcheck]]|Jackie Blanchovik|Checks using a test string if a Cloudflare DNS bypass is possible using CloudFail|
|[[Cloud Container Attack Tool (CCAT)|https://github.com/RhinoSecurityLabs/ccat]]|[[RhinoSecurity|https://rhinosecuritylabs.com/]]|Tool for testing security of container environment ^^([[KitPloit|https://www.kitploit.com/2019/12/ccat-cloud-container-attack-tool-for.html]])^^|
|[[Cloud Custodian|https://github.com/cloud-custodian/cloud-custodian]]|[[Cloud Custodian|https://cloudcustodian.io]]|Rules Engine for AWS fleet management: Cloud Security, Cost Optimization, and Governance, DSL in YAML for Policies to Query, Filter, and Take Actions on Resources ^^([[KitPloit|https://www.kitploit.com/2018/07/cloud-custodian-rules-engine-for-cloud.html]])^^|
|[[Cloud Forensics Utils|https://github.com/google/cloud-forensics-utils]]|Google|Python library to carry out DFIR analysis on the Cloud |
|![[Cloud Goat (2)|https://github.com/RhinoSecurityLabs/cloudgoat]]|[[RhinoSecurity|https://rhinosecuritylabs.com/]]|A "''Vulnerable'' by Design" AWS infrastructure setup tool|
|[[Cloud Inquisitor|https://github.com/RiotGames/cloud-inquisitor]]|RiotGames|Enforce ownership and data security within AWS|
|[[Cloud Keeper|https://github.com/mesosphere/cloudkeeper]]|Mesosphere/D2iQ|Housekeeping for Clouds|
|[[Cloud List|https://github.com/projectdiscovery/cloudlist]]|[[ProjectDiscovery|https://projectdiscovery.io/open-source]]|Lists Assets from multiple Cloud Providers ^^([[kitploit|https://www.kitploit.com/2021/02/cloudlist-tool-for-listing-assets-from.html]])^^|
|![[Cloud Mapper|https://github.com/duo-labs/cloudmapper]]|[[Duo Labs|https://duo.com/labs/]]|Tool for analyzing environments ^^([[SecTechno|https://sectechno.com/cloudmapper-analyze-your-amazon-web-services-aws/]])^^|
|[[Cloud Marker|https://github.com/cloudmarker/cloudmarker]]|[[Rohit Sehgal|https://github.com/r0hi7/]]|Cloud monitoring tool and framework (Azure, GCP)|
|[[Cloud Pentest Cheatsheets|https://github.com/dafthack/CloudPentestCheatsheets]]|[[Beau Bullock|https://github.com/dafthack]]|Collection of cheatsheets for tools related to pentesting organizations that leverage cloud providers (Microsoft Azure & O365, AWS, GCP)|
|[[Cloudquery|https://github.com/cloudquery/cloudquery]]|[[Cloudquery|https://cloudquery.io/]]|Transforms a cloud infrastructure into queryable SQL tables for easy monitoring, governance and security|
|![[Cloud Ranges|https://github.com/pry0cc/cloud-ranges]]|''[[pry0cc|https://0x00sec.org/]]''|A list of cloud ranges from different providers|
|[[Cloud Scout|https://github.com/SygniaLabs/security-cloud-scout]]|//[[Signia Labs|https://www.sygnia.co]]//|Plugin for BloodHound, to visualize cross platform attack paths|
|[[Cloud Scrapper|https://github.com/jordanpotti/CloudScraper]]|[[Jordan Potti|https://jordanpotti.com/]]|Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.|
|[[Cloud Security Audit|https://github.com/Appliscale/cloud-security-audit]]|Appliscale|A command line security audit tool for Amazon Web Services ^^([[KitPloit|https://www.kitploit.com/2019/07/cloud-security-audit-command-line.html]])^^|
|[[Cloud Security Suite|https://github.com/SecurityFTW/cs-suite]]|SecurityFTW|Tool for Auditing AWS & GCP Infrastructure ^^([[KitPloit|https://www.kitploit.com/2017/10/cloud-security-suite-one-stop-tool-for.html]])^^|
|[[cloud Service Enum|https://github.com/NotSoSecure/cloud-service-enum]]|[[Savan Gadhiya|https://github.com/NotSoSecure/]]|Discovers AWS/Azure/GCP services|
|[[Cloud Shell|https://github.com/azure/cloudshell]]|//Azure//|Container Image for Azure Cloud Shell+++*[»]> https://azure.microsoft.com/en-us/features/cloud-shell/ === |
|[[Cloud Sniper|https://github.com/nicolasriverocorvalan/cloud-sniper]]|[[Nicolás Rivero Corvalán|https://github.com/nicolasriverocorvalan/]]|Virtual Security Operations Center ^^([[KitPloit|https://www.kitploit.com/2020/08/cloud-sniper-virtual-security.html]])^^|
|[[Cloud Splaining|https://github.com/salesforce/cloudsplaining]]|Salesforce|AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet ^^([[KitPloit|https://www.kitploit.com/2020/08/cloudsplaining-aws-iam-security.html]]), ([[hakin9|https://hakin9.org/cloudsplaining-aws-iam-security-assessment-tool-that-identifies-violations-of-least-privilege-and-generates-a-risk-prioritized-report/]])^^|
|[[Cloud Sploit scans|https://github.com/cloudsploit/scans]]|CloudSploit|AWS security scanning checks|
|![[Cloud Tracker|https://github.com/duo-labs/cloudtracker]]|[[Duo Labs|https://duo.com/labs/]]|Tool for finding over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies|
|[[Cloud Unflare|https://github.com/greycatz/CloudUnflare]]|Grey Catz|Reconnaissance Real IP address for Cloudflare Bypass|
|[[ClusterFuzz|https://github.com/google/clusterfuzz]]|[[Google|https://opensource.google.com/]]|Scalable fuzzing infrastructure+++*[»]> https://google.github.io/clusterfuzz ===|
|[[Cnitch|https://github.com/nicholasjackson/cnitch]]|[[Nicholas Jackson|https://github.com/nicholasjackson/]]|Checks Docker Engine Processes Running as Root^^([[KitPloit|https://www.kitploit.com/2020/08/cnitch-container-snitch-checks-running.html]], [[SecTechno|https://sectechno.com/cnitch-checks-docker-engine-processes-running-as-root/]])^^ |
|[[ConMachi|https://github.com/nccgroup/ConMachi]]|[[NCC Group|https://www.nccgroup.trust]]|Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container|
|[[Container Security Workstation Playbook|https://github.com/raesene/container_sec_workstation]]|[[Rory McCune|http://raesene.github.io/]]|Playbooks for setting up a container security workstation with common tools for doing container security reviews|
|[[Copper|https://github.com/cloud66-oss/copper]]|[[Cloud 66 OSS|https://www.cloud66.com/]]|Configuration file validator for Kubernetes|
|[[CredKing|https://github.com/ustayready/CredKing]]|U Stay Ready|Password spraying using AWS Lambda for IP rotation|
|[[Cuckoo AWS|https://github.com/CheckPointSW/Cuckoo-AWS]]|Checkpoint|Cuckoo project extension: support to AWS and enables running emulations on auto-scaling infrastructure|
|[[CVE Scanner Exploiting POCs|https://github.com/gmatuz/cve-scanner-exploiting-pocs]]|[[Gabor Matuz|https://github.com/gmatuz/]]|Collection of ideas and specific exploits against Docker CVE scanners ^^([[Détails|https://medium.com/@matuzg/testing-docker-cve-scanners-part-2-5-exploiting-cve-scanners-b37766f73005]])^^|
|[[Cyber Range|https://github.com/secdevops-cuse/CyberRange]]|[[AWS Cyber Range|https://medium.com/aws-cyber-range/about]]|The Open-Source AWS Cyber Range ^^([[KitPloit|https://www.kitploit.com/2019/12/cyberrange-open-source-aws-cyber-range.html]]^^)|
|[[Dagda|https://github.com/eliasgranderubio/dagda]]|Elías Grande|To perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities|
|[[DAST operator|https://github.com/banzaicloud/dast-operator]]|//[[Banzai Cloud|https://banzaicloud.io]]//|Dynamic Application and API Security Testing|
|[[DEEPCE|https://github.com/stealthcopter/deepce/]]|[[Matthew Rollings|https://github.com/stealthcopter]]|Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)|
|[[Detection Rules|https://github.com/elastic/detection-rules]]|Elactic Security|Rules for the Detection Engine in Elastic Security |
|[[Docker Bench for Security|https://github.com/docker/docker-bench-security]]|Docker|Checks for dozens of common best-practices around deploying Docker containers in production|
|[[Docker ENT|https://github.com/r0hi7/DockerENT]]|[[Rohit Sehgal|https://github.com/r0hi7/]]|Analyze vulnerabilities and configuration issues with running docker container(s) and docker networks ^^([[KitPloit|https://www.kitploit.com/2020/09/dockerent-only-open-source-tool-to.html]])^^|
|[[Docker Image Analyzing Tools|https://github.com/katrinewi/Docker-image-analyzing-tools]]|Katrine Wist|Scripts for performing analysis of Docker images ^^([[pdf|https://arxiv.org/pdf/2006.02932.pdf]])^^ |
|[[Docker Let's Encrypt Nginx Proxy Companion|https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion]]|nginx-proxy|LetsEncrypt companion container for nginx-proxy|
|[[Docker Pwn.py|https://github.com/AbsoZed/DockerPwn.py]]|[[Dylan Barker|https://www.linkedin.com/in/DylanBarker1/]]|Automation for abusing an exposed Docker TCP Socket.|
|[[Docker Scan|https://github.com/cr0hn/dockerscan]]|[[cr0hn|https://www.linkedin.com/in/garciagarciadaniel/]]|Docker Security Analysis and Hacking Tools ^^([[KitPloit|https://www.kitploit.com/2018/07/security-monkey-tool-to-monitors-your.html]])^^|
|[[Docker Security Checker|https://github.com/madhuakula/docker-security-checker]]|[[Madhu Akula|https://madhuakula.com/kubernetes-goat]]|Dockerfile Security Checker using OPA Rego policies with Conftest ^^([[détails|https://blog.madhuakula.com/dockerfile-security-checks-using-opa-rego-policies-with-conftest-32ab2316172f]])^^ |
|[[Docker Security Playground|https://github.com/giper45/DockerSecurityPlayground]]|giper45|Microservices-based framework for the study of Network Security and Penetration Test techniques|
|[[Dockerfile From Image|https://github.com/LanikSJ/dfimage]]|LanikSJ|Reverse-engineer a Dockerfile from a Docker image|
|[[Dockscan|https://github.com/kost/dockscan]]|[[k0st|https://twitter.com/k0st]]|Security vulnerability and audit scanner for Docker installations|
|[[Dostainer|https://github.com/uchi-mata/dostainer]]|uchi-mata|Kubernetes Resource Exhaustion PoC Container|
|[[Dufflebag|https://github.com/BishopFox/dufflebag]]|[[Bishop Fox|http://www.bishopfox.com/]]|Search Exposed EBS Volumes For Secrets ^^([[KitPloit|https://www.kitploit.com/2020/02/dufflebag-search-exposed-ebs-volumes.html]])^^|
|[[DumpsterDiver|https://github.com/securing/DumpsterDiver]]|!|To search secrets in various filetypes like keys (AWS Access Key Azure Share Key, SSH keys...) or passwords|
|[[DVCA|https://github.com/m6a-UdS/dvca]]|//m6a-UdS//|Damn ''Vulnerable'' Cloud Application|
|[[DVFaaS|https://github.com/Voulnet/DVFaaS-Damn-Vulnerable-Functions-as-a-Service]]|[[Mohammed Aldoub|https://www.twitter.com/Voulnet]]|Damn ''Vulnerable'' Functions as a Service|
|[[DVSA|https://github.com/OWASP/DVSA]]|OWASP|Damn ''Vulnerable'' Serverless Application|
|[[EBS Direst Sec Tools|https://github.com/crypsisgroup/ebs-direct-sec-tools]]|//Palo Alto Networks//|Fun tools around the EBS Direct API|
|[[Edda|https://github.com/Netflix/edda]]|[[Netflix|http://netflix.github.io/]]|Service to track changes in your cloud|
|[[ElectricEye|https://github.com/jonrau1/ElectricEye]]|[[Jonathan Rau|https://www.linkedin.com/in/jonathan-r-2b2742112/]]|Continuously monitor your AWS services for configurations that can lead to degradation of confidentiality, integrity or availability|
|[[Enumerate IAM|https://github.com/andresriancho/enumerate-iam]]|[[Andres Riancho|https://github.com/andresriancho/]]|Enumerates the permissions associated with AWS credential set|
|[[Falco|https://github.com/falcosecurity/falco]]|[[Falco|https://falco.org/]]|Container Native Runtime Security|
|![[FestIN|https://github.com/cr0hn/festin]]||Powered S3 Bucket Finder and Weakness Discovery^^([[KitPloit|https://www.kitploit.com/2020/08/festin-s3-bucket-weakness-discovery.html]])^^|
|[[Fireprox|https://github.com/ustayready/fireprox]]|U Stay Ready|AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation |
|[[G-Scout|https://github.com/nccgroup/G-Scout]]|[[NCC Group|https://www.nccgroup.trust]]|Google Cloud Platform Security Tool|
|[[Galahad|https://github.com/UTSA-ICS/galahad]]|University of Texas|Revolutionary user computer environment (UCE) for the Amazon Cloud designed to be highly interactive while mitigating legacy and cloud-specific threats|
|[[Gatekeeper|https://github.com/open-policy-agent/gatekeeper]]|[[Open Policy Agent|https://www.openpolicyagent.org]]|Policy Controller for Kubernetes+++*[»]> https://www.openpolicyagent.org ===|
|[[GCPBucketBrute|https://github.com/RhinoSecurityLabs/GCPBucketBrute]]|[[RhinoSecurity|https://rhinosecuritylabs.com/]]|Enumerates Google Storage buckets, determines access granted, and if they can be privilege escalated|
|[[gcploit|https://github.com/dxa4481/gcploit]]|[[Dylan Ayrey|https://github.com/dxa4481/]]|GCP Exploit Framework|
|[[GCP SA Lister|https://github.com/ScaleSec/gcp_sa_lister]]|//[[ScaleSec|https://github.com/ScaleSec]]//|Crawls GCP Org and returns service accounts that have not been used in the past 90 days|
|[[Gimme AWS Creds|https://github.com/HBOCodeLabs/gimme-aws-creds]]|[[HBO Code Labs|https://github.com/HBOCodeLabs]]|A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials|
|[[GitLeaks|https://github.com/zricethezav/gitleaks]]|gitleaks|Scan git repos for secrets using regex and entropy |
|[[Git-Secrets|https://github.com/awslabs/git-secrets]]|AWS Labs|Prevents you from committing secrets and credentials into git repositories|
|[[GKE Auditor|https://github.com/google/gke-auditor]]|//[[Google Cloud|https://github.com/google/]]//|Detects a set of common Google Kubernetes Engine misconfigurations|
|[[Go Pillage Registries|https://github.com/nccgroup/go-pillage-registries]]|[[NCC Group|https://www.nccgroup.trust]]|Pentester-focused Docker registry tool to enumerate and pull images ^^([[blog|[https://research.nccgroup.com/2020/01/24/tool-release-enumerating-docker-registries-with-go-pillage-registries/]])^^ |
|[[Go365|https://github.com/optiv/Go365]]|//Optiv//|An Office365 User Attack Tool ^^([[KitPloit|https://www.kitploit.com/2020/12/go365-office365-user-attack-tool.html]])^^|
|[[Goldpinger|https://github.com/bloomberg/goldpinger]]|Bloomberg|Debugging tool for Kubernetes to test and display connectivity between nodes in the cluster|
|[[GSuite log exporter|https://github.com/GoogleCloudPlatform/professional-services/tree/master/tools/gsuite-exporter]]|[[GoogleCloudPlatform|https://github.com/GoogleCloudPlatform]]|Exporting data from the GSuite Admin APIs to a destination|
|[[Gorsair|https://github.com/Ullaakut/Gorsair]]|Ullaakut|Tool to remotely access the exposed Docker API of vulnerable Docker containers|
|[[Gosec|https://github.com/securego/gosec]]|SecureGo|Golang security checker|
|[[GOV.UK AWS|https://github.com/alphagov/govuk-aws]]|[[UK Government Digital Service|https://gds.blog.gov.uk/]]|GOV.UK repository for the Migration to AWS|
|[[GRR|https://github.com/google/grr]]|Google|GRR Rapid Response is an incident response framework focused on remote live forensics|
|[[Grype|https://github.com/anchore/grype]]|Anchore|Vulnerability scanner for container images and filesystems^^([[KitPloit|https://www.kitploit.com/2019/10/grype-vulnerability-scanner-for.html]], [[sectechno|https://sectechno.com/grype-vulnerability-scanner-for-container-images/]])^^|
|[[Hadolint|https://github.com/hadolint/hadolint]]|Haskell|Dockerfile linter, validate inline bash, written in Haskell |
|[[Hammer|https://github.com/dowjones/hammer/]]|Dow Jones|Protect the cloud with the power of the cloud (AWS) ^^([[KitPloit|https://www.kitploit.com/2019/08/dow-jones-hammer-protect-cloud-with.html]])^^|
|[[Harbor|https://github.com/goharbor/harbor]]|[[Harbor|https://goharbor.io/]]|Open source trusted cloud native registry project that stores, signs, and scans content|
|[[Hawk|https://github.com/T0pCyber/hawk]]|Paul Navarro (T0pCyber)|Powershell tool to gather information related to O365 intrusions and potential Breaches|
|[[Hayat|https://github.com/DenizParlak/hayat]]|Deniz Parlak|Auditing & Hardening Script For Google Cloud Platform ^^([[KitPloit|https://www.kitploit.com/2018/12/hayat-auditing-hardening-script-for.html]])^^|
|[[How Crew|https://github.com/bridgecrewio/HowCrew]]|[[Bridgecrew|http://bridgecrew.io/]]|Know-how tools for AWS and GCP cloud security|
|[[IAM Finder|https://github.com/prisma-cloud/IAMFinder]]|//Palo Alto Networks//|Enumerates and finds users and IAM roles in a target AWS account|
|[[IAM Live|https://github.com/iann0036/iamlive]]|iann0036/% ??? %/|Generate a basic IAM policy from AWS client-side monitoring (CSM)|
|[[IAM Policies CLI|https://github.com/mhlabs/iam-policies-cli]]|[[Lars Jacobsson||https://github.com/mhlabs/]]|CLI for generating AWS IAM policy documents based on the JSON definition used in the AWS Policy Generator|
|[[IAM Role Enumeration|https://gist.github.com/kmcquade/4d5788f8592953f5a3a65ec3f87385b4]]|[[Kinnaird McQuade|https://kmcquade.com]]|Enumerate AWS IAM users/roles without being authenticated to the victim account|
|[[Illuminatio|https://github.com/inovex/illuminatio]]|inovex|Kubernetes network policy validator|
|[[Infection Monkey|https://github.com/guardicore/monkey/]]|Guardicore|Automated pentest tool with AWS Security Hub integration|
|[[Inlets-Operator|https://github.com/inlets/inlets-operator]]|[[inlets|https://docs.inlets.dev]]|Public IPs for your private Kubernetes Services ^^([[blog|https://blog.alexellis.io/ingress-for-your-local-kubernetes-cluster/]])^^|
|[[Inspektor-Gadget|https://github.com/kinvolk/inspektor-gadget]]|[[Kinvolk|https://kinvolk.io]]|Collection of gadgets for debugging and introspecting Kubernetes applications using BPF|
|[[Isolated Network Experiment|https://github.com/SummitRoute/isolated_network_experiment]]|''Scott Piper''|CDK app to setup an isolated AWS network to experiment with ways of exfiltrating data|
|[[Janssen|https://github.com/JanssenProject/home]]|Janssen Project|Cloud Native Identity and Access Management Platform|
|[[K8S Mirror|https://github.com/darkbitio/k8s-mirror]]|//[[DarkBit|https://darkbit.io/]]//|Creates a local mirror of a Kubernetes cluster in a docker container to support offline reviewing|
|[[K8s Snapshots|https://github.com/miracle2k/k8s-snapshots]]|miracle2k|Automatic Volume Snapshots on Kubernetes|
|[[K8s Security Demos|https://github.com/cloudogu/k8s-security-demos]]|//[[Cloudogu|https://cloudogu.com/]]//|Demos for several kubernetes security features |
|[[K8s Security Policies|https://github.com/raspbernetes/k8s-security-policies]]|[[raspbernetes|https://raspbernetes.github.io/]]|Security policies library to secure Kubernetes clusters configurations, based on CIS Kubernetes benchmark and rules defined in Kubesec.io|
|[[k9s|https://github.com/derailed/k9s]]|Fernand Galiana|Kubernetes CLI To Manage Your Clusters In Style!|
|[[Kail|https://github.com/boz/kail]]|Boz|__K__ubernetes t__ail__s streams logs from all containers of all matched|
|[[KCCSS|https://github.com/octarinesec/kccss]]|[[Octarine|https://www.octarinesec.com/]]|K8s Common Configuration Scoring System|
|[[KConMon|https://github.com/Stono/kconmon]]|[[Karl Stoney]]|K8s node connectivity tool that preforms frequent tests, and exposes Prometheus enriched metrics |
|[[Kconnect|https://github.com/fidelity/kconnect]]|[[Fidelity Investments|https://github.com/fidelity/kconnect]]|K8s Connection Manager CLI|
|[[Kctf|https://github.com/google/kctf]]|//Google Cloud//|Kubernetes-based infrastructure for CTF competitions ^^([[site|https://google.github.io/kctf/]])^^|
|[[Keyctl unmask|https://github.com/antitree/keyctl-unmask]]|Mark Manning|Demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings|
|[[Key Inspector|https://github.com/kromtech/key-inspector]]|Kromtech|Fast and easy to check your AWS and SSH Keys for encryption and file permissions settings|
|[[Klar|https://github.com/optiopay/klar]]|[[OptioPay Group|https://optiopay.com/]]|Analysis of images stored in a private or public Docker registry for security vulnerabilities using Clair ^^([[KitPloit|https://www.kitploit.com/2020/05/klar-integration-of-clair-and-docker.html]])^^|
|[[Konstraint|https://github.com/plexsystems/konstraint]]|Nix Wizard|CLI tool to assist with the creation and management of constraints when using Gatekeeper|
|[[Krane|https://github.com/appvia/krane]]|[[AppVia|https://www.appvia.io/appvia-solutions]]|K8s RBAC static Analysis & visualisation tool|
|[[Kube Alien|https://github.com/nixwizard/kube-alien]]|Dmitry Roshchin/nixwizard|Launches attack on k8s cluster from within|
|[[Kube Audit|https://github.com/Shopify/kubeaudit]]|Shopify|Audits Kubernetes clusters against common security controls|
|[[Kube Auto-Analyzer|https://github.com/nccgroup/kube-auto-analyzer]]|[[NCC Group|https://www.nccgroup.trust]]|K8s Auto Analyzer|
|[[Kube Bench|https://github.com/aquasecurity/kube-bench]]|[[Aqua|https://aquasec.com/]]|Checks whether Kubernetes is deployed according to security best practices|
|[[Kube Bot|https://github.com/anshumanbh/kubebot]]|Anshuman Bhartiya|A security testing Slackbot built with a Kubernetes backend on the Google Cloud Platform ^^([[KitPloit|https://www.kitploit.com/2019/04/kubebot-security-testing-slackbot-built.html]])^^|
|[[Kube Box|https://github.com/astefanutti/kubebox]]|astefanutti|Terminal And Web Console For Kubernetes ^^([[KitPloit|https://www.kitploit.com/2020/07/kubebox-terminal-and-web-console-for.html]], [[SecTechno|https://sectechno.com/kubebox-terminal-and-web-console-for-kubernetes/]], [[hakin9|https://hakin9.org/kubebox-terminal-and-web-console-for-kubernetes/]])^^|
|[[Kube Fluentd Operator|https://github.com/vmware/kube-fluentd-operator]]|VMware|Auto-configuration of Fluentd daemon-set based on Kubernetes metadata|
|[[Kube Hunter|https://github.com/aquasecurity/kube-hunter]]|[[Aqua|https://aquasec.com/]]|Hunt for security weaknesses in Kubernetes clusters ^^([[SecTechno|https://sectechno.com/kube-hunter-hunt-for-security-weaknesses-in-kubernetes-clusters/]])^^|
|[[Kube Invaders|https://github.com/lucky-sideburn/KubeInvaders]]|[[Eugenio Marzo|https://github.com/lucky-sideburn]]|Chaos Engineering Tool for Kubernetes and Openshift |
|[[Kube Linter|https://github.com/stackrox/kube-linter]]|//StackRox//|KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices|
|[[Kube Scan|https://github.com/octarinesec/kube-scan]]|[[Octarine|https://www.octarinesec.com/]]|Octarine k8s cluster risk assessment tool ^^([[SecTechno|https://sectechno.com/kube-scan-kubernetes-risk-assessment-tool/]])^^ |
|[[Kube Score|https://github.com/zegl/kube-score]]|[[Gustav Westling|https://westling.dev]]|K8s object analysis with recommendations for improved reliability and security^^([[KitPloit|https://www.kitploit.com/2020/10/kube-score-kubernetes-object-analysis.html]])^^|
|[[Kube Sec|https://github.com/controlplaneio/kubesec]]|[[Control plane|https://kubesec.io/]]|Security risk analysis for Kubernetes resources+++*[»]> https://kubesec.io
https://control-plane.io/ ===|
|[[Kube Shell|https://github.com/cloudnativelabs/kube-shell]]|cloudnativelabs|An integrated shell for working with the Kubernetes CLI|
|[[Kube Tap|https://github.com/soluble-ai/kubetap]]|soluble-ai|Kubectl plugin to interactively proxy Kubernetes Services with ease ^^([[web|https://soluble-ai.github.io/kubetap/]])^^|
|[[Kube Xray|https://github.com/jfrog/kubexray]]|JFrog Ltd|Monitors pods in a Kubernetes cluster to help you detect security & license violations in containers running inside the pod|
|[[Kubectl AWS Secrets|https://github.com/xmin-github/kubectl-aws-secrets]]|[[xmin-github|https://github.com/xmin-github]]|Imports an AWS SSM parameters service to protect access to applications, services, and IT resources into Kubernetes as secrets|
|[[Kubectl Fuzzy|https://github.com/d-kuro/kubectl-fuzzy]]|d-kuro|Fuzzy and partial string search for kubectl|
|[[Kubei|https://github.com/Portshift/Kubei]]|//Portshift//|Kubernetes Runtime Vulnerability Scanner^^([[KitPloit|https://www.kitploit.com/2020/07/kubei-flexible-kubernetes-runtime.html]], [[SecTechno|https://sectechno.com/kubei-kubernetes-runtime-vulnerability-scanner/]])^^|
|[[Kubeletctl|https://github.com/cyberark/kubeletctl]]|[[Cyberark|https://github.com/cyberark]]|Command line tool that implement kubelet's API|
|[[Kubernetes Examples|https://github.com/ContainerSolutions/kubernetes-examples/]]|//[[Container Solutions|https://www.container-solutions.com/]]//|Minimal self-contained examples of standard Kubernetes features and patterns in YAML |
|[[Kubernetes IN Docker|https://github.com/kubernetes-sigs/kind]]|[[Kubernetes SIGs|https://github.com/kubernetes-sigs]]|Tool for running local Kubernetes clusters using Docker container "nodes"|
|[[Kubernetes Local Security Testing Lab|https://github.com/raesene/kube_security_lab/]]|[[Rory McCune|http://raesene.github.io/]]|Makes use of Docker and specifically kind to create a lab environment for testing Kubernetes exploits and security tools entirely locally on a single machine|
|[[Kubernetes Network Policy Recipes|https://github.com/ahmetb/kubernetes-network-policy-recipes]]|[[Ahmet Alp Balkan|https://github.com/ahmetb]]|Example recipes for Kubernetes Network Policies|
|[[Kubi Scan|https://github.com/cyberark/KubiScan]]|[[Cyberark|https://github.com/cyberark]]|To scan Kubernetes cluster for risky permissions|
|[[LambdaGuard|https://github.com/Skyscanner/lambdaguard]]|[[Skyscanner|http://www.skyscanner.net/]]|AWS Lambda auditing tool designed to create asset visibility and provide actionable results|
|[[LazyDocker|https://github.com/jesseduffield/lazydocker]]|[[Jesse Duffield|https://github.com/jesseduffield/]]|Lazier way to manage everything Docker|
|[[Leapp|https://github.com/Noovolari/leapp]]|[[Leapp|https://www.leapp.cloud/]]|DevTool Desktop App designed to manage and secure Cloud Access in multi-account environments|
|[[Leonidas|https://github.com/FSecureLABS/leonidas]]|//F-Secure Labs//|Automated Attack Simulation In The Cloud, Complete With Detection Use Cases^^([[KitPloit|https://www.kitploit.com/2020/11/leonidas-automated-attack-simulation-in.html]])^^|
|[[Litmus|https://github.com/litmuschaos/litmus/]]|[[Litmus Chaos|https://litmuschaos.io]]|Toolset to do cloud-native chaos engineering ^^([[blog|https://www.cncf.io/blog/2020/08/28/introduction-to-litmuschaos/]])^^|
|[[LSH|https://github.com/tobilg/lsh]]|Tobilg|Run interactive shell commands on AWS Lambda|
|[[Mandiant Azure AD Investigator|https://github.com/fireeye/Mandiant-Azure-AD-Investigator]]|//FireEye//|Auditing script that lets organizations check their Microsoft 365 tenants for IOCs| |
|[[MicroBurst|https://github.com/NetSPI/MicroBurst]]|NetSPI|PowerShell Toolkit for Attacking Azure|
|[[MicroScanner|https://github.com/aquasecurity/microscanner]]|[[Aqua|https://aquasec.com/]]|Scans container images for package Flaws|
|[[MKIT|https://github.com/darkbitio/mkit]]|//[[DarkBit|https://darkbit.io/]]//|__M__anaged __K__ubernetes __I__nspection __T__ool that validates common security-related configuration settings of managed Kubernetes cluster objects and workloads/resources running inside|
|[[Mondoo|https://github.com/mondoolabs/mondoo]]|[[Mondoo Labs|https://mondoo.io/]]|Cloud-Native Security and Vulnerability Risk Management ^^([[KitPloit|https://www.kitploit.com/2019/09/mondoo-cloud-native-security-and.html]])^^|
|[[MSOLSpray|https://github.com/dafthack/MSOLSpray]]|[[Beau Bullock|https://github.com/dafthack]]|Password spraying tool for Microsoft Online accounts (Azure/O365) ^^([[KitPloit|https://www.kitploit.com/2020/04/msolspray-password-spraying-tool-for.html]])^^|
|[[MSSpray|https://github.com/SecurityRiskAdvisors/msspray.git]]|//[[Security Risk Advisors|https://securityriskadvisors.com/]]//|Password attacks and MFA validation against various endpoints in Azure and Office 365|
|[[Nginx Proxy|https://github.com/nginx-proxy/nginx-proxy]]|nginx-proxy|Automated nginx proxy for Docker containers using docker-gen|
|[[Nimbostratus|https://github.com/andresriancho/nimbostratus]]|Andres Riancho|Tools for fingerprinting and exploiting Amazon cloud infrastructures ^^([[KitPloit|https://www.kitploit.com/2013/09/nimbostratus-tools-for-fingerprinting.html]])^^|
|[[Nimbostratus-target|https://github.com/andresriancho/nimbostratus-target]]|Andres Riancho|A target infrastructure you can use for running the nimbostratus tools|
|[[O365 Attack Toolkit|https://github.com/mdsecactivebreach/o365-attack-toolkit]]|MDSec|A toolkit to attack Office365|
|[[O365 Squatting|https://github.com/O365Squad/O365-Squatting]]|O365Squad|Creates a list of typo squatted domains and checks against O365 infrastructure|
|[[O365 User Enumeration|https://github.com/gremwell/o365enum]]|[[Gremwell|http://www.gremwell.com/]]|Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover, or office.com login page^^([[KitPloit|https://www.kitploit.com/2020/10/o365enum-enumerate-valid-usernames-from.html]])^^|
|[[OffensiveCloudDistribution|https://github.com/jordanpotti/OffensiveCloudDistribution]]|[[Jordan Potti|https://jordanpotti.com/]]|Leverage the ability of Terraform and AWS to distribute large security scans across numerous cloud instances|
|[[Office-365-Extractor|https://github.com/jrentenaar/Office-365-Extractor]]|jrentenaar|Complete and reliable extraction of the Unified Audit Log (UAL)|
|[[OG AWS|https://github.com/open-guides/og-aws]]|open-guides|AWS - a practical guide|
|[[Okta AWS account access|https://gist.github.com/alsmola/58a0f729e0960208df20e1ad11fcf007]]|[[Alex Smolen|https://alexsmolen.com/]]|List Okta account access to AWS IAM roles|
|[[OpenCSPM|https://github.com/OpenCSPM/opencspm]]|OpenCSPM|Open Cloud Security Posture Management Engine to gain deeper insight into the cloud configuration and metadata to help understand and reduce risk over time|
|[[Open Policy Agent|https://github.com/open-policy-agent/opa]]|[[Open Policy Agent|https://www.openpolicyagent.org]]|Open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack|
|[[OPA Image Scanner|https://github.com/sysdiglabs/opa-image-scanner]]|[[Sysdig|https://github.com/sysdiglabs/opa-image-scanner]]|K8s Admission Controller for Image Scanning using OPA ^^([[détails|https://sysdiglabs.github.io/sysdig-admission-controller/]])^^ |
|[[PacBot|https://github.com/tmobile/pacbot]]|T-Mobile|Policy as Code Bot for continuous compliance monitoring and reporting, and security automation ^^([[KitPloit|https://www.kitploit.com/2019/05/pacbot-platform-for-continuous.html]])^^|
|[[Pacu|https://github.com/RhinoSecurityLabs/pacu]]|[[RhinoSecurity|https://rhinosecuritylabs.com/]]|The AWS Exploitation Framework, Designed For Testing The Security Of Amazon Web Services Environments ^^([[KitPloit|https://www.kitploit.com/2018/11/pacu-aws-exploitation-framework.html]])^^|
|[[PandorasBox|https://github.com/adversis/PandorasBox]]|Adversis|Quick audit of Public Box files and folders|
|[[Panther|https://github.com/panther-labs/panther]]|[[Panther Labs|https://runpanther.io/]]|Detect threats with log data and improve cloud security posture ^^([[SecTechno|https://sectechno.com/panther-better-data-leads-to-better-visibility/]])^^ |
|[[Parliament|https://github.com/duo-labs/parliament]]|[[Duo Labs|https://duo.com/labs/]]|AWS IAM linting library|
|[[Parsec-Cloud|https://github.com/Scille/parsec-cloud]]|[[Scille|https://parsec.cloud]]|Secure Cloud Framework ^^([[site|https://parsec.cloud]], [[KitPloit|https://www.kitploit.com/2020/05/parsec-secure-cloud-framework.html]])^^ |
|[[PenTesting|https://github.com/aaaguirrep/pentest]]|[[Arsenio Aguirre|https://cloudaudit.app/]]|Docker for Pentest - Image With The More Used Tools To Create A Pentest Environment Easily And Quickly ^^([[KitPloit|https://www.kitploit.com/2020/07/docker-for-pentest-image-with-more-used.html]])^^|
|[[Permission Manager|https://github.com/sighupio/permission-manager]]|[[SIGHUP|https://github.com/sighupio/]]|K8s RBAC Framework ^^([[SecTechno|https://sectechno.com/permission-manager-kubernetes-rbac-framework/]])^^|
|[[PMapper|https://github.com/nccgroup/PMapper]]|[[NCC Group|https://www.nccgroup.trust]]|A tool for quickly evaluating IAM permissions in AWS|
|[[Polaris|https://github.com/FairwindsOps/polaris]]|[[Fairwinds Ops|https://www.fairwinds.com/polaris]]|Validation of best practices in your Kubernetes clusters |
|[[Portieris|https://github.com/IBM/portieris]]|IBM|A Kubernetes Admission Controller for verifying image trust with Notary|
|[[PowerZure|https://github.com/hausec/PowerZure]]|[[Hausec|https://hausec.com/]]|Shell script to assist in assessing Azure security ^^([[KitPloit|https://www.kitploit.com/2020/11/powerzure-powershell-framework-to.html]])^^|
|[[PrismX|https://github.com/omaidf/PrismX]]|Omaid Faizyar|Cloud Security Dashboard for AWS - based on ScoutSuite|
|[[Project Lockdown|https://github.com/ScaleSec/project_lockdown]]|//[[ScaleSec|https://github.com/ScaleSec]]//|GCP Auto Remediation Suite for High Risk Events^^([[blog|https://scalesec.com/news/announcing-project-lockdown/]])^^|
|![[Prowler|https://github.com/toniblyx/prowler]]|[[Toni de la Fuente|https://github.com/toniblyx]]|AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool|
|[[ProxyCannon-NG|https://github.com/proxycannon/proxycannon-ng]]|Sprocket Security|Private botnet using multiple cloud environments for pentesters and red teamers|
|[[PurpleCloud|https://github.com/iknowjason/PurpleCloud]]|I Know Jason|Pentest Cyber Range for a small Active Directory Domain|
|[[py365|https://github.com/mrrothe/py365]]|[[Martin Rothe|https://blog.rothe.uk]]|Set of Python scripts for finding threats in Office365|
|[[Rakkess|https://github.com/corneliusweig/rakkess]]|corneliusweig|Kubectl plugin to show access matrix for Kubernetes resources ^^([[SecTechno|https://sectechno.com/rakkess-show-access-matrix-for-kubernetes/]])^^|
|[[Red Kube|https://github.com/lightspin-tech/red-kube]]|[[Lightspin|https://lightspin.io/]]|Red Team KubeCTL Cheat Sheet |
|[[Regula|https://github.com/fugue/regula]]|[[Fugue|https://fugue.co]]|Checks Terraform for AWS, Azure and GCP security and CIS compliance using Open Policy Agent/Rego|
|[[Repokid|https://github.com/Netflix/Repokid]]|[[Netflix|http://netflix.github.io/]]|AWS Least Privilege for Distributed, High-Velocity Deployment|
|[[Request AAD Refresh Token|https://github.com/leechristensen/RequestAADRefreshToken/]]|//SpecterOps//|Obtains a refresh token for an Azure-AD-authenticated Windows user|
|[[RESTler|https://github.com/microsoft/restler-fuzzer]]|//Microsoft//|Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services ^^([[KitPloit|https://www.kitploit.com/2020/12/restler-first-stateful-rest-api-fuzzing.html]])^^|
|[[ROADtoken|https://github.com/dirkjanm/ROADtoken]]|[[Dirk-jan Mollema|http://dirkjanm.io/]]|PoC to obtain a cookie that can be used with SSO and Azure AD|
|[[ROADtools|https://github.com/dirkjanm/ROADtools]]|[[Dirk-jan Mollema|http://dirkjanm.io/]]|Azure AD exploration framework|
|[[S3 Enum|https://github.com/koenrh/s3enum]]|[[Koen Rouwhorst|https://www.koenrouwhorst.nl/]]|Fast Amazon S3 bucket enumeration tool for pentesters. ^^([[KitPloit|https://www.kitploit.com/2020/01/s3enum-fast-amazon-s3-bucket.html]])^^|
|[[S3 Finder|github.com/magisterquis/s3finder]]|[[magisterquis/|https://github.com/magisterquis/]]|Yet another open S3 bucket finder|
|[[S3 Insights|https://github.com/kurmiashish/S3Insights/]]|[[Ashish Kurmi|https://www.linkedin.com/in/ashish-kurmi-3428aa24/]]|Platform for efficiently deriving security insights about S3 data through metadata analysis ^^([[article|https://medium.com/@kurmiashish/s3insights-58f24046cde3]])^^|
|[[S3 Inspector|https://github.com/kromtech/s3-inspector]]|Kromtech|Tool to check AWS S3 bucket permissions|
|[[S3 Recon|https://github.com/clarketm/s3recon]]|[[Travis Clarke|https://github.com/clarketm]]|Amazon S3 bucket finder and crawler|
|[[S3 Reverse|https://github.com/hahwul/s3reverse]]|hahwul|The format of various S3 buckets is convert in one format ^^([[KitPloit|https://www.kitploit.com/2020/04/s3reverse-format-of-various-s3-buckets_26.html]])^^|
|[[S3 Scanner|https://github.com/sa7mon/S3Scanner]]|sa7mon|A tool to find open S3 buckets and dump their contents|
|[[S3 Tk|https://github.com/ankane/s3tk]]|[[Andrew Kane|https://ankane.org]]|Security Toolkit For Amazon S3 ^^([[KitPloit|https://www.kitploit.com/2020/01/s3tk-security-toolkit-for-amazon-s3.html]])^^|
|[[S3 Viewer|https://github.com/SharonBrizinov/s3viewer]]|[[Sharon Brizinov|http://sharonbrizinov.com]]|Publicly Open Amazon AWS S3 Bucket Viewer|
|[[SadCloud|https://github.com/nccgroup/sadcloud]]|[[NCC Group|https://www.nccgroup.trust]]|Tool for standing up (and tearing down!) purposefully insecure cloud infrastructure|
|[[Sand Castle|https://github.com/0xSearches/sandcastle]]|[[0xSearches|https://ysx.me.uk/sandcastle]]|Python script for AWS S3 bucket enumeration ^^([[KitPloit|https://www.kitploit.com/2020/04/sandcastle-python-script-for-aws-s3.html]])^^|
|[[Scout Suite|https://github.com/nccgroup/ScoutSuite]]|[[NCC Group|https://www.nccgroup.trust]]|Multi-Cloud Security Auditing Tool (AWS, Azure, GCP) ^^([[KitPloit|https://www.kitploit.com/2019/09/scoutsuite-multi-cloud-security.html]])^^|
|[[Scout2|https://github.com/nccgroup/Scout2]]|[[NCC Group|https://www.nccgroup.trust]]|Security auditing tool for AWS environments|
|[[SearchGiant|https://github.com/burdzwastaken/searchgiant_cli]]|Matt Burdan|Commandline utility to acquire forensic data from cloud services|
|[[SecurityAsCode.AWS|https://github.com/Zocdoc/ZocSec.SecurityAsCode.AWS]]|ZocDoc|Use AWS's in-built technologies to automate the remediation of common security problems|
|[[SecurityAsCode.GitHub|https://github.com/Zocdoc/ZocSec.SecurityAsCode.GitHub]]|ZocDoc|Use AWS's in-built technologies to automate the remediation of common security problems|
|![[Security Bucket Brigade|https://github.com/databricks/security-bucket-brigade]]|DataBricks|Incident Response Plan in case of a Bucket incident|
|[[Security Monkey|https://github.com/Netflix/security_monkey]]|[[Netflix|http://netflix.github.io/]]|Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time ^^([[KitPloit|https://www.kitploit.com/2018/07/security-monkey-tool-to-monitors-your.html]])^^|
|[[Security Research|https://github.com/RhinoSecurityLabs/Security-Research/]]|[[RhinoSecurity|https://rhinosecuritylabs.com/]]|!|
|[[Self-Service Security Assessment|https://github.com/awslabs/aws-security-assessment-solution]]|//AWS Labs//|Provide AWS customers 2 security assessment reports from Prowler" and "ScoutSuite"|
|[[Sentinel Attack|https://github.com/BlueTeamLabs/sentinel-attack/]]|BlueTeamLabs |Repository of Sentinel alerts and hunting queries leveraging Sysmon and the MITRE ATT&CK framework|
|[[Serverless-Goat|https://github.com/OWASP/Serverless-Goat]]|OWASP|A ''vulnerable'' serverless application demonstrating common serverless security flaws|
|[[Serverless-Prey|https://github.com/pumasecurity/serverless-prey]]|Puma Security|Serverless Functions for establishing Reverse Shells to Lambda, Azure Functions, and Google Cloud Functions ^^([[KitPloit|https://www.kitploit.com/2020/04/serverless-prey-serverless-functions.html]])^^|
|[[Shield Advanced|https://github.com/TheDataShed/shield-advanced]]|[[Roger G. Coram|https://www.thedatashed.co.uk/]]|Scripts and Lambdas to help with automated deployment of AWS Shield Advanced |
|[[Simian Army|https://github.com/Netflix/SimianArmy]]|[[Netflix|http://netflix.github.io/]]|Resiliency tool that helps applications tolerate random instance failures|
|[[SimuLand|https://github.com/OTRF/SimuLand]]|[[Open Threat Research Forge|https://github.com/OTRF/]]|Cloud Templates and scripts to deploy network Mordor environments to simulate adversaries, generate/collect data and learn more about adversary tradecraft from a defensive perspective|
|[[SkyArk|https://github.com/cyberark/SkyArk]]|//CyberArk//|To discover, assess and secure the most privileged entities in Azure and AWS with 2 scanning modules: AzureStealth and AWStealth^^([[KitPloit|https://www.kitploit.com/2020/08/skyark-helps-to-discover-assess-and.html]]^^|
|[[SkyWrapper|https://github.com/cyberark/SkyWrapper]]|[[Cyberark|https://github.com/cyberark]]|To discover suspicious creation forms and uses of temporary tokens in AWS^^([[KitPloit|https://www.kitploit.com/2020/04/skywrapper-tool-that-helps-to-discover.html]]^^ |
|[[Slack-Watchman|https://github.com/PaperMtn/slack-watchman]]|PaperMtn|Monitoring you Slack workspaces for sensitive information |
|[[SlackWebhooksGithubCrawler|https://github.com/Gruppio/SlackWebhooksGithubCrawler]]|[[Michele Gruppioni|https://github.com/Gruppio]]|Search for Slack Webhooks token publicly exposed on Github|
|[[Slurp|https://github.com/hehnope/slurp]]|[[hehnope|https://github.com/hehnope/]]|S3 bucket enumerator|
|[[Slurp|https://github.com/bbb31/slurp]]|[[bbb31|https://github.com/bbb31]]|Preventing malicious takeover of the retired slurp AWS tool...|
|[[Smogcloud|https://github.com/BishopFox/smogcloud]]|[[Bishop Fox|http://www.bishopfox.com/]]|Find cloud assets that no one wants exposed|
|[[SpaceSiren|https://github.com/spacesiren/spacesiren]]|[[Kevin Hicks|https://khicks.net]] & [[Shaun M|https://github.com/inhumantsar]]|Honey token manager and alert system for AWS^^([[KitPloit|https://www.kitploit.com/2020/09/spacesiren-honey-token-manager-and.html]])^^|
|[[SSHizzle|https://github.com/ThalesGroup/sshizzle]]|//Thales Group//|Serverless, Zero-Trust SSH for Microsoft Azure|
|[[Starboard|https://github.com/aquasecurity/starboard]]|[[Aqua|https://aquasec.com/]]|Kubernetes-native security tool kit|
|[[Starboard Octant Plugin|https://github.com/aquasecurity/starboard-octant-plugin]]|[[Aqua|https://aquasec.com/]]|An Octant (Kubernetes workload visualizer) plugin for Starboard|
|[[StormSpotter|https://github.com/Azure/Stormspotter]]|Microsoft Azure|Azure Red Team tool for graphing Azure and Azure Active Directory objects|
|[[Syft|https://github.com/anchore/syft]]|//Anchore//|A CLI tool and go library for generating a Software Bill of Materials (SBOM) from container images and filesystems|
|[[Synator|https://github.com/TheYkk/synator]]|[[Kaan Karakaya|https://github.com/TheYkk/]]|Synchronizes your Secrets and ConfigMaps with your desired namespaces|
|[[Sysdig|https://github.com/draios/sysdig]]|[[draios|http://www.sysdig.org/]]|Linux system exploration and troubleshooting tool with first class support for containers ^^([[KitPloit|https://www.kitploit.com/2014/04/sysdig-linux-system-troubleshooting-tool.html]])^^|
|[[Sysdig Inspect|https://github.com/draios/sysdig-inspect]]|[[draios|http://www.sysdig.org/]]|A powerful opensource interface for container troubleshooting and security investigation|
|[[Taken|https://github.com/In3tinct/Taken]]|[[In3tinct|https://github.com/In3tinct/]]|Takeover AWS Ips And Have A Working POC For Subdomain Takeover ^^([[KitPloit|https://www.kitploit.com/2020/10/taken-takeover-aws-ips-and-have-working.html]])^^|
|[[Teh S3 Bucketeers|https://github.com/tomdev/teh_s3_bucketeers/]]|tomdev|S3 Buckets enumeration|
|[[Terraform AWS SCP|https://github.com/ScaleSec/terraform_aws_scp]]|//[[ScaleSec|https://github.com/ScaleSec]]//|AWS Organizations Service Control Policies (SCPs) written in HashiCorp Terraform|
|[[Terraform Deployment Pentesting|https://github.com/kmcquade/terraform-deployment-pentesting]]|[[Kinnaird McQuade|https://kmcquade.com]]|Bits of Terraform that you can use to do bad things in CI/CD pipelines that run Terraform|
|[[Terrascan|https://github.com/accurics/terrascan]]|//Accurics//|Detect Compliance And Security Violations Across Infrastructure As Code ^^([[KitPloit|https://www.kitploit.com/2020/12/terrascan-detect-compliance-and.html]])^^|
|[[Terrier|https://github.com/heroku/terrier]]|[[Heroku|https://heroku.com/]]|Image And Container Analysis Tool To Identify And Verify The Presence Of Specific Files According To Their Hashes ^^([[KitPloit|https://www.kitploit.com/2020/04/terrier-image-and-container-analysis.html]])^^|
|[[Tfsec|https://github.com/tfsec/tfsec]]|tfsec|Security scanner for your Terraform code^^([[KitPloit|https://www.kitploit.com/2020/11/tfsec-security-scanner-for-your.html]])^^|
|[[ThreatMapper|https://github.com/deepfence/ThreatMapper]]|Deepfense|Identify vulnerabilities in running containers, images, hosts and repositories |
|[[ThreatPrep|https://github.com/ThreatResponse/ThreatPrep]]|[[ThreatResponse|http://www.threatresponse.cloud/]]|Python module for evaluation of AWS account best practices around incident|
|[[Tracee|https://github.com/aquasecurity/tracee]]|Aqua Security|Container and system event tracing using eBPF ^^([[KitPloit|https://www.kitploit.com/2020/11/tracee-container-and-system-event.html]])^^|
|[[Trailscraper|https://github.com/flosell/trailscraper]]|[[Florian Sellmayr|https://flosell.github.io/]]|A command-line tool to get valuable information out of AWS CloudTrail|
|[[Trident|https://github.com/praetorian-inc/trident]]|[[Praetorian|https://www.praetorian.com]]|Automated password spraying tool^^([[KitPloit|https://www.kitploit.com/2020/11/trident-automated-password-spraying-tool.html]], [[darknet|https://www.darknet.org.uk/2020/10/trident-automated-password-spraying-tool/]])^^|
|[[Trireme Kubernetes|https://github.com/aporeto-inc/trireme-kubernetes]]|//[[Aporeto|https://www.aporeto.com/]]//|Simple, straightforward implementation of the Kubernetes Network Policies specifications|
|[[Trivy|https://github.com/aquasecurity/trivy]]|Aqua Security|Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI|
|[[TruffleHog|https://github.com/dxa4481/truffleHog]]|[[Dylan Ayrey|https://github.com/dxa4481/]]|Searches through git repositories for high entropy strings and secrets, digging deep into commit history |
|[[Tsunami Security Scanner|https://github.com/google/tsunami-security-scanner]]|Google|General purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence|
|[[Tsunami Security Scanner Plugins|http://github.com/google/tsunami-security-scanner-plugins]]|Google|Central repository for Tsunami scanning plugins|
|[[Turbinia|https://github.com/google/turbinia]]|Google|Automation and Scaling of Digital Forensics Tools in the Cloud ^^([[KitPloit|https://www.kitploit.com/2019/03/turbinia-automation-and-scaling-of.html]])^^|
|[[UhOh365|https://github.com/Raikia/UhOh365]]|Raikia|Enumeration Office365 users without performing any login attempts ^^(kitploit|https://www.kitploit.com/2021/01/uhoh365-script-that-can-see-if-email.html]])^^|
|[[Update Cloud IPs|https://github.com/chrismaddalena/UsefulScripts/blob/master/UpdateCloudIPs.py]]|[[Christopher Maddalena|https://medium.com/@cmaddy]]|Script to collect AWS, Azure and GCP IP address range|
|[[Vault|https://github.com/hashicorp/vault]]|[[HashiCorp|https://hashicorp.com]]|Tool for securely accessing secrets+++*[»]> https://www.vaultproject.io === ^^([[KitPloit|https://www.kitploit.com/2020/05/vault-tool-for-secrets-management.html]])^^ |
|[[VPS Docker For Pentest|https://github.com/aaaguirrep/vps-docker-for-pentest]]|[[Arsenio Aguirre|https://cloudaudit.app/]]|Creates A VPS On GCP Or Digital Ocean Easily With The Docker For Pentest ^^([[KitPloit|https://www.kitploit.com/2020/09/vps-docker-for-pentest-create-vps-on.html]])^^|
|[[VyAPI|https://github.com/appsecco/VyAPI]]|[[AppSecCo|https://appsecco.com]]|The Modern Cloud-Based Vulnerable Hybrid Android App|
|[[Website OpenID Proxy|https://github.com/wolfeidau/website-openid-proxy]]||Provides OpenID authenticated access to a static website hosted in an S3 bucket|
|[[WeirdAAL|https://github.com/carnal0wnage/weirdAAL]]|carnal0wnage|//Recon framework, very similar to Pacu//|
|[[Whale Scan|https://github.com/nccgroup/whalescan]]|[[NCC Group|https://www.nccgroup.trust]]|Vulnerability scanner for Windows containers, with benchmark and CVEs/vulnerable packages checks|
|[[Which Cloud|https://github.com/bcoe/which-cloud]]|Benjamin E. Coe|Return which CSP an IP address belongs to (AWS, GCE, etc). NOT updated since 2015|
|[[Xendbg|https://github.com/nccgroup/xendbg]]|[[NCC Group|https://www.nccgroup.trust]]|A feature-complete reference implementation of a modern Xen VMI debugger|
|[[Zephyrus|https://github.com/DenizParlak/Zephyrus]]|Deniz Parlak|Auditing & Hardening Tool for Kubernetes|
|[[Zeus|https://github.com/DenizParlak/Zeus]]|Deniz Parlak|AWS Auditing & Hardening Tool|
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
/%
https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Ftobilg
%/
|>|>|!Listes d'outils //Cloud et Sécurité// non commerciaux et disponibles sur Google Code|
|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|[[gcutil|https://code.google.com/p/google-compute-engine-tools/downloads/list]]|Google||
|[[gsutil|https://cloud.google.com/storage/docs/gsutil]]|Google||
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
|>|>|!Listes d'outils //Cloud et Sécurité// non commerciaux et disponibles en Open Source|
|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|[[APICheck|https://owasp.org/www-project-apicheck/]]|[[OWASP|https://owasp.org/]]|DevSecOps toolset for HTTP APIs|
|[[Kanister|https://code.google.com/p/google-compute-engine-tools/downloads/list]]|[[Kasten|https://www.kasten.io/]]|Enables to manage (backup and restore) application data on Kubernetes|
|[[OpenCSPM|https://darkbit.io/blog/announcing-opencspm]]|[[Darkbit|https://darkbit.io/]]|Cloud Security Posture Management and Workflow Platform|
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
|>|>|!Listes de d'__outils en ligne__ de sécurité liés au Cloud |
|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|[[GrayHatWarfare|https://buckets.grayhatwarfare.com/]]|Gray Hat Warfare|Generates lists of likely bucket names, makes requests to the S3 API to determine if the bucket exists and contains publicly exposed files|
|[[AWS Inspector|https://aws.amazon.com/inspector/]]|//Amazon AWS//|Built-in AWS service that can do vulnerability scanning|
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
/% tbd
https://miner.datadrifter.xyz/
%/
|>|>|!Listes de __scripts__ ou d'__utilitaires__ ou __d'articles__ |
|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
|[[Check AWS Snapshots Not Attached To Any AMI.sh|https://gist.github.com/daniilyar/45d3fc1867bf435d8c21e9e4864ff472]]|[[daniilyar|https://gist.github.com/daniilyar]]|AWS: check if there is no orphaned EBS snapshots (orphaned == not attached to any 'available' AMI)|
|[[Cloud Operations Sandbox|https://github.com/GoogleCloudPlatform/cloud-ops-sandbox]]|//Google Cloud//|Open source tool that helps practitioners to learn Service Reliability Engineering practices from Google and apply them on their cloud services using Cloud Operations suite of tools|
|[[How To Find Unused Amazon EC2 Security Groups|https://stackoverflow.com/questions/24685508/how-to-find-unused-amazon-ec2-security-groups]]|||
|[[PayloadsAllTheThings|https://github.com/swisskyrepo/PayloadsAllTheThings]]|[[Swissky|https://github.com/swisskyrepo]]|A list of useful payloads and bypass for Web Application Security and Pentest/CTF |
|[[Search for Open AWS S3 Buckets|https://buckets.grayhatwarfare.com]]|[[GrayHatWarfare]]|Tool to Search for Open AWS S3 Buckets|
|>|>|!Listes de __challenges__ de sécurité liés au Cloud ou d'environnement de tests volontairement __vulnérables__|
|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|[[Bust a Kube|https://www.bustakube.com/]]|Jay Beale, InGuardians|''Intentionally-vulnerable'' Kubernetes cluster, to self-train on attacking and defending Kubernetes clusters|
|[[CDK Goat|https://github.com/bridgecrewio/cdkgoat]]|[[BridgeCrew|http://bridgecrew.io]]|''Intentionally-vulnerable by design'' AWS CDK repository|
|[[CFN Goat|https://github.com/bridgecrewio/cfngoat]]|[[BridgeCrew|http://bridgecrew.io]]|''Intentionally-vulnerable by design'' Cloudformation Template|
|![[Cloud Goat (2)|https://github.com/RhinoSecurityLabs/cloudgoat]]|[[RhinoSecurity|https://rhinosecuritylabs.com/]]|A "''Vulnerable'' by Design" AWS infrastructure setup tool|
|[[CONVEX|https://github.com/Azure/Convex]]|//Microsoft Azure//|Group of CTFs independently deployable into participant Azure environments|
|[[CVE Scanner Testing|https://github.com/gmatuz/cve-scanner-testing]]|[[Gabor Matuz|https://github.com/gmatuz/]]|A ''deliberately vulnerable'' Docker images created in different ways to check Docker image CVE scanners|
|[[DVCA|https://github.com/m6a-UdS/dvca]]|//m6a-UdS//|Damn ''Vulnerable'' Cloud Application|
|[[DVCA|https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/]]|Damn Vulnerable Crypto App|An app with really insecure crypto. To be used to see/test/exploit weak cryptographic implementations|
|[[DVSA|https://github.com/OWASP/DVSA]]|OWASP|Damn ''Vulnerable'' Serverless Application|
|![[Flaws|https://summitroute.com/blog/2017/02/26/flaws_challenge/]]|''Scott Piper''|The first [[flaws.cloud|http://flaws.cloud/]] challenge (with hints)|
|![[Flaws2|https://summitroute.com/blog/2017/02/26/flaws_challenge/]]|''Scott Piper''|The second [[flaws2.cloud|http://flaws2.cloud/]] challenge (Attacker and Defender profiles)|
|[[IoT Goat|https://github.com/OWASP/IoTGoat/]]|OWASP|A ''deliberately insecure'' firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.|
|[[KaiMonkey|https://github.com/accurics/KaiMonkey]]|//Accurics//|"Vulnerable by Design" Terraform Infrastructure|
|[[Kubernetes CTF|https://github.com/NodyHub/k8s-ctf-rocks]]|[[Jan Harrie|https://blog.nody.cc/]] / [[Julien Bachmann|https://github.com/0xmilkmix]]|K8s Easter CTF - 2020|
|[[Kubernetes Goat|https://github.com/madhuakula/kubernetes-goat]]|[[Madhu Akula|https://madhuakula.com/kubernetes-goat]]|"Vulnerable by Design" Kubernetes Cluster|
|[[Sad Cloud|https://github.com/nccgroup/sadcloud]]|[[NCC Group|https://www.nccgroup.trust]]|Tool for standing up (and tearing down!) ''purposefully insecure'' cloud infrastructure|
|[[Serverless-Goat|https://github.com/OWASP/Serverless-Goat]]|OWASP|A ''vulnerable'' serverless application demonstrating common serverless security flaws|
|[[Splunk Attack Range|https://github.com/splunk/attack_range]]|[[Splunk|http://dev.splunk.com]]|Creates vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk|
|[[TerraGoat|https://github.com/bridgecrewio/terragoat]]|[[BridgeCrew|http://bridgecrew.io]]|''Intentionally-vulnerable by design'' AWS Terraform Infrastructure|
|>|>|!Listes d'autres outils de sécurité non commerciaux|
|[[Bucket Finder|https://digi.ninja/files/bucket_finder_1.1.tar.bz2]]|Diji.Ninja|Simple tool which requires a wordlist to go off and check each word to see if that bucket name exists in the Amazon's S3 system.|
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
|>|!Listes de sites de références ou d'articles avec des listes d'outils|
|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|>|!Docker|
|[[Docker Trusted Registry overview|https://docs.docker.com/ee/dtr/]]|DTR: enterprise-grade image storage solution|
|[[DTR architecture|https://docs.docker.com/ee/dtr/architecture/]]|DTR: containerized application that runs on a Docker Universal Control Plane cluster|
|>|!Kubernetes|
|[[OperatorHub|https://www.operatorhub.io/]]|Home for the Kubernetes community to share Operators|
|[[33(+) Kubernetes security tools|https://sysdig.com/blog/33-kubernetes-security-tools/]]|Liste d'outils de sécurité Kubernetes par catégories : image scanning and static analysis, runtime security, network security, image distribution and secrets management, security audit, end-to-end Kubernetes security commercial products|
|>|!Vulnérabilités de containers|
|[[VulnerableContainers.org|https://vulnerablecontainers.org/]]|Top 1000 containers from Docker Hub scanned with trivy, and scored using the risk based approach from Kenna Security|
|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
|>|>|>|>| !Listes de ports par défaut |
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Elle n'est pas exhastive et peut contenir des erreurs.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les auteurs de cet article se DÉGAGENT de TOUTE RESPONSABILITÉ quant à son utilisation.@@|
|!Protocole |!Port(s) |!Direction |!Composant |!Objet |
|TCP | !443|Entrée |Kubernetes Master|Kubernetes API server |
|TCP | !2375|Entrée |Docker |HTTP connections |
|TCP | !2376|Entrée |Docker |HTTPS connections |
|TCP | !2379|Entrée |Kubernetes Master|etcd server client API |
|TCP | !2380|Entrée |Kubernetes Master|etcd server client API |
|TCP | !4001|Entrée |Kubernetes Master|etcd server client API (obsolètes) |
|TCP | !4194|Entrée |Kubernetes Master|cAdvisor |
|TCP | !6443|Entrée |Kubernetes Master|Kubernetes API server |
|TCP | !7001|Entrée |Kubernetes Master|etcd server client API (obsolètes) |
|TCP | !10248|Entrée |Kubernetes Master|Read-only Healthz-server (statistiques, obsolète) |
|TCP | !10250|Entrée |Kubernetes Master|Kubelet API (/pods, /runningpods, /containerLogs)|
|TCP | !10251|Entrée |Kubernetes Master|kube-scheduler |
|TCP | !10252|Entrée |Kubernetes Master|kube-controller-manager |
|TCP | !10255|Entrée |Kubernetes Master|Read-only Kubelet API (/stats, /metrics, /pods) |
|TCP | !10250|Entrée |Kubernetes Worker|Kubelet API |
|TCP | !10255|Entrée |Kubernetes Worker|Read-only Kubelet API |
|TCP | !30000|Entrée |Kubernetes Worker|Dashboard |
|TCP | !30000 à 32767|Entrée |Kubernetes Worker|NodePort Services |
|TCP | !44134|Entrée |Kubernetes Worker|Helmtiller, weave, calico |
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
!!Numéros d'AS et Plages d'adresses IP
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Elle n'est pas exhastive et peut contenir des erreurs.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les auteurs de cet article se DÉGAGENT de TOUTE RESPONSABILITÉ quant à son utilisation.@@|
|!CSP |![[Numéro d'AS|https://www.peeringdb.com/]] / Looking Glass|!Plage d'adresses IP|!Liens |!Téléchargement |
|Amazon AWS|AS 16509|.|[[page|https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html]]|[[JSON|https://ip-ranges.amazonaws.com/ip-ranges.json]]|
|Microsoft Azure|AS 8068, 8069 et 8075|.|.|[[JSON|https://www.microsoft.com/en-us/download/details.aspx?id=41653]] : [[Public|https://www.microsoft.com/en-us/download/details.aspx?id=56519]], [[US Gov|http://www.microsoft.com/en-us/download/details.aspx?id=57063]], [[Allemagne|http://www.microsoft.com/en-us/download/details.aspx?id=57064]], [[Chine|http://www.microsoft.com/en-us/download/details.aspx?id=57062]]|
|Google Cloud|.|.|[[page|https://cloud.google.com/compute/docs/faq#find_ip_range]]|[[JSON|http://www.gstatic.com/ipranges/json]]|
|>|>|>|>|!|
|OVH Cloud|AS 16276 / [[Looking Glass|https://lg.ovh.net/]]|.|.|.|
|>|>|>|>|!|
|IBM Cloud|.|.|.|.|
|Oracle Cloud|AS 31898|.|.|.|
|>|>|>|>|!|
|Architecture interne|.|10.x.x.x
172.16.x.x à 172.31.x.x
192.168.x.x|[[RFC 1918|https://tools.ietf.org/html/rfc1918]]|.|
|Architecture interne|64512 à 65534
4200000000 à 4294967294|.|.|[[RFC 6996|https://tools.ietf.org/html/rfc6996]]|
|>|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
|>|>|!Environnements pour Travaux Pratiques |
|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|Docker|//Katacoda//|[[Learn Docker & Containers using Interactive Browser-Based Scenarios|https://katacoda.com/courses/docker]]|
|Kubernetes|//Katacoda//|[[Learn Kubernetes using Interactive Browser-Based Scenarios|https://katacoda.com/courses/kubernetes]]|
|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
|>|>|>|!Liens vers des formations gratuites |
|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|2020.04.11|GitHub|[[Breaking and Pwning Apps and Servers on AWS and Azure - Free Training Courseware and Labs|https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training]]|Training|
|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
<<tiddler fAll2Tabs7 with: _AlertM>>
|>|>|>|!Liens vers des resources gratuites |
|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Cette liste est fournie à titre INFORMATIF et à des fins de SENSIBILISATION.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Les éléments en faisant partie ne sont NI avalisés, NI recommandés, NI conseillés par les auteurs de cet article.
<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Ces derniers se DÉGAGENT de TOUTE RESPONSABILITÉ quant à leur téléchargement ou utilisation.@@|
|2020.04|Jan Harrie|[[Docker & Kubernetes Readings|https://github.com/NodyHub/docker-k8s-resources]]: A collection of Docker and Kubernetes resources |Docker Kubernetes|
||US MoJ|[[Ministry of Justice Cloud Platform Master Repo|https://github.com/ministryofjustice/cloud-platform/]]||
|>|>|>|!@@color:#f00;font-size:125%;<html><i class="fa fa-exclamation-triangle" aria-hidden="true"></i></html> — Bien LIRE le cartouche en tête de ce tableau.@@|
