- 1 Application Security Weekly Episode #115 - July 20, 2020
- 2 1. Cloud Security Posture Management & Governance - 12:30 PM-01:00 PM
- 3 2. SIGRed RCE, Google Cloud 'Confidential VMs', & Twitter Hack Crypto Scam - 01:00 PM-01:30 PM
Application Security Weekly Episode #115 - July 20, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Cloud Security Posture Management & Governance - 12:30 PM-01:00 PM
Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!
Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit https://securityweekly.com/summercamp2020 and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!
Digital transformation is taking the IT industry by storm. As the pace of adoption of public cloud increases, security posture management and governance is usually not top of the mind of cloud engineering teams. Cost of leaving the misconfiguration undetected and not rectified sure adds up and what to say about compromise to reputation. Biarca Patrol grew organically in close collaboration with our customers to address this gap. Biarca Patrol is now being offered widely.
Bhasker is the Director of Engineering at Biarca and oversees the design and development of cutting-edge cloud solutions, with an emphasis on best practices and reliability engineering. Bhasker started his career in Silicon Valley where he was able to obtain engineering experience with several companies including Hewlett Packard, Broadcom, TiVo and security starting AOPTIX. Starting as a developer and soon moving into managing engineering teams, Bhasker brought together global teams for the deployment of server-side system software and tools, with an emphasis on embedded systems. Prior to working with the above firms, Bhasker held engineering and managerial positions at TATA and as an R&D scientist at the Defense Research and Development Organization. Bhasker has a Master’s Degree in Computer Science from Andhra University.
Kris Rajana is President and CTO at Biarca, Inc.
Kris brings 25+ years of storage/cloud experience and a big proponent of open source philosophy. His customer centric focus and approach to solving complex technical problems and execution has enabled Biarca to be a trusted advisor to many of our customers. Kris is responsible for engineering and management of distributed teams and execution to ensure “on time / on spec / on quality” delivery to Biarca’s global client base. His expertise in security posture management and compliance is key for our cloud security practice. Kris has led the efforts of customizing Biarca services/solutions across several industries such as health care, manufacturing, education, technology, media and entertainment. Kris holds a Ph.D from Penn State University and has continued his learning with many executive management courses at Stanford.
John Kinsella - Vice President of Container Security at Qualys Matt Alderman - CEO at Security Weekly Mike Shema - Product Security Lead at Square
2. SIGRed RCE, Google Cloud 'Confidential VMs', & Twitter Hack Crypto Scam - 01:00 PM-01:30 PM
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Visit https://securityweekly.com/webcasts to see what we have coming up! Learn about Rapid7’s Findings from the National Internet Cloud Exposure Report on August 13th and How to Create and Run a Conference, from the geniuses behind Layer8 Conference and Wild West Hackin Fest on August 19th! Our next technical training on August 27th will teach you about BootHole, SIGRed and SMBleed…Best Practices To Prioritize And Remediate Now! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
This week, SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers, Introducing Google Cloud Confidential Computing with Confidential VMs, Internet of Things devices: Stick to these security rules or you could face a ban, Google Cloud Unveils 'Confidential VMs' to Protect Data in Use, and more!
John Kinsella's Content:
Matt Alderman's Content:
- Site Reliability Engineering (SRE) 101 with DevOps vs SRE - Decoupling DevOps and RunOps – The Genesis of Site Reliability Engineering (SRE)
- Google Cloud Unveils New Service for Government Workloads - Currently available in private beta, Assured Workloads for Government seeks to simplify the process of configuring applications for compliance, while also ensuring compatibility between commercial and government cloud.
- Google Cloud Unveils 'Confidential VMs' to Protect Data in Use - Confidential Virtual Machines, now in beta, will let Google Cloud customers keep data encrypted while it's in use.
Mike Shema's Content:
- Apple, Biden, Musk and other high-profile Twitter accounts hacked in crypto scam that attracted lots of attention, second-guessing, and even a little bit of bitcoin. There's a lot of appsec to unpack, so we start with An update on our security incident from Twitter. For users, the NCSC has helpful guidelines for Social media: protecting what you publish.
- SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers shows once again the benefits of scrutinizing protocols and being clever with compression. Fans of giallo horror will know why I wish this was branded "Profondo Rosso" instead.
- Introducing Google Cloud Confidential Computing with Confidential VMs that follows Azure and AWS in addressing how to operate on encrypted data. Part of Google's announcement covers their new open source project that underpins this approach, Asylo.
- Internet of Things devices: Stick to these security rules or you could face a ban updates the progress of rules related to IoT that we last looked at in episode 93.