29 Sep, 2021 - Foggyweb Malware, New Cloud Data Framework + OWASP Top 10

Cloud Security News this week - 29 September 2021 Amazon Web Services, Google Cloud, IBM, and Microsoft have joined forces this week  with the Enterprise Data Management (EDM) Council to publish a framework for managing data in the cloud. The new cloud data management capabilities (CDMC) framework was developed over the last 18 months with participation from more than 100 leading companies. The framework can be found here Microsoft has published information this week on a new malware it calls FoggyWeb which has been deployed by Russia-linked threat actors Nobelium who are said to be behind the devastating SolarWinds supply chain attack. Microsoft’s published document can be found here For those of you familiar with OWASP (Open Web Application Security Project), OWASP celebrated its 20th anniversary last week with a 24-hour webinar +  launched their top 10 web security vulnerabilities for 2021 updated from 2017. It worth noting that there are a few updates relevant to cloud security - broken access control has moved from #5 to #1, insecure design and server side request forgery have now been added while security misconfiguration has made it to top 5.  You can read more about it here Trufflehog, a git repository scanner from Truffle Security was originally released in 2017. Recently an open source extension for chrome was released for Trufflehog that will help identify API Keys for SaaS and cloud providers that are often making their way into Javascript. Cloud Security Alliance released their The State of Cloud Security Risk, Compliance, and Misconfigurations report this month. Based on over 1000 responses from IT and security professionals. Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy: