You Down with ATP? Yeah, You Know Me
Join Jesse as he talks about Advanced Persistent Threats, otherwise known as APTs. He touches upon the easiest way to stop worrying about APTs, why you need to secure your IAM credentials, how proper security is the balance between the needs of service delivery and data availability, how you can’t track what you don’t know you have, the rise of cloud security posture management and why you might want to experiment with it, how confidential computing is essentially encryption of data via hardware, whether you can guess Jesse’s favorite part to Biden’s executive order on cybersecurity, and more.
- ABT1 Report: https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
- Securing Your Cloud Transformation Journey: https://onwireco.com/2021/06/08/securing-your-cloud-transformation-journey/
- TeamTNT Strikes Again: A Wake-Up Call to Start Securing Cloud Entitlements: https://securityboulevard.com/2021/06/teamtnt-strikes-again-a-wake-up-call-to-start-securing-cloud-entitlements/
- Secure Access Trade-offs for DevSecOps Teams: https://beta.darkreading.com/vulnerabilities-threats/secure-access-trade-offs-for-devsecops-teams?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
- Cyber Gangs: Who are they in 2021 and what do they Want?: https://securityintelligence.com/articles/cyber-crime-gangs-who-are-they-today/
- Required MFA is not Sufficient for Strong Security: A Report: https://www.darkreading.com/cloud/required-mfa-is-not-sufficient-for-strong-security-report/d/d-id/1341263
- With Cloud, CDO and CISO Concerns are Equally Important: https://www.itsecuritynews.info/with-cloud-cdo-and-ciso-concerns-are-equally-important/
- Colonial Pipeline CEO: Ransomware Attack Started via Pilfered ‘Legacy’ VPN Account: https://beta.darkreading.com/attacks-breaches/colonial-pipeline-ceo-ransomware-attack-started-via-pilfered-legacy-vpn-account
- Cloud Security: Why Being Intentional in Encryption Matters: https://securityintelligence.com/articles/cloud-security-intentional-encryption/
- CSPM explained: Filling the gaps in cloud security: https://www.csoonline.com/article/3620049/cspm-explained-filling-the-gaps-in-cloud-security.html
- Five worthy reads: Confidential computing–the way forward in cloud security: https://securityboulevard.com/2021/06/five-worthy-reads-confidential-computing-the-way-forward-in-cloud-security/
- Data Protection in the K-12 Cloud: https://securityboulevard.com/2021/06/data-protection-in-the-k-12-cloud/
- Cybersecurity Executive Order 2021: What it Means for Cloud and SaaS Security: https://thehackernews.com/2021/06/cybersecurity-executive-order-2021-what.html
- Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users: https://thehackernews.com/2021/06/hackers-can-exploit-samsung-pre.html
- Top 10 security items to improve in your AWS account: https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/
spend on security and privacy.
Cybersecurity Executive Order 2021: What it Means for Cloud and SaaS Security. Biden’s executive order on improving the nation’s cybersecurity is a dense read, but Hacker News breaks it down for us normal people. Can you guess my favorite part in the executive order? Email me with your answer.
Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users. I try not to pick on any particular company because everyone fails in some way or another, and everyone gets pwned at some point. However, I’ve heard Android users complain about the Samsung builds being full-up with junk you don’t need. Now, there’s even more reason to be suspicious of the default software. If I ran Android devices still, I’d consider going back to the days when I ran CyanogenMod and broke my phone every few days. Nah, I’ll keep my Apple device, thanks.
And that’s it for the week, folks. Securely yours Jesse Trucks.
Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.
Announcer: This has been a HumblePod production. Stay humble.
Join the newsletter
Cloud Security For Humans
Meanwhile in Security is a production of The Duckbill Group. Check out our other publications, Last Week in AWS, Screaming in the Cloud, and AWS Morning Brief.© The Duckbill Group, 2021