SolarWinds became the poster child for attacks on software supply chains last year when a group of threat actors injected malicious code known as Sunburst into the company’s software development system. It was subsequently distributed through an upgrade to it Orion product to thousands of government and enterprise customers worldwide.
SolarWinds learned from the experience and has introduced new software development practices and technology to strengthen the integrity of its build environment. It includes what SolarWinds says is the first-of-its-kind “parallel build” process, where the software development takes place through multiple highly secure duplicate paths to establish a basis for integrity checks.
Mike Stroyan discovered that cloud-init could log password hashes when
reporting schema failures. An attacker with access to these logs could
potentially use this to gain user credentials.
The FBI has warned that, in an attempt to gain access to sensitive data at organisations, crooks are using deepfake video when applying for remote working-at-home jobs.
Google has announced that Google Cloud users will have access to two new security features, namely native integration with the MITRE ATT&CK threat classification and response framework and baked-in protection against DDoS attacks.
Cloud Armor is Google’s brand name for its DDoS mitigation and web application firewall service. It replicates many of the techniques used in traditionally structured DDoS protection systems, including per-client rate limiting, captchas to help weed out bot requests, and machine learning to counteract Layer 7 attacks. MITRE inclusion allows users to map Google Cloud’s built-in security controls onto the MITRE ATT&CK rubric of threat classification and response planning, letting users automate certain types of security response.
Container and cloud security company Sysdig has announced a new capability, Drift Control, designed to detect and prevent container attacks at runtime.
Drift Control will function as part of Sysdig Secure, built to detect vulnerabilities in containers. Sysdig Secure is a component in Sysdig’s container intelligence platform, which includes several container-oriented security applications.
Aiming to detect, prevent and speed incident response for containers that were modified in production, also known as container drifts, Drift Control offers the ability to close “dangerous security gaps” created due to deviations from the trusted original container.