Key cyber of the week !

Yes, this week I absolutely enjoyed the cloud showing to people that it's by default a single point of failure ! Hopefully this will help cloud customers to realize that they can't go cheap on cloud, they MUST build resilient architecture, and its THEIR responsibility to do so.

The list of services that went down with the 2 massive AWS outages of this week is the list of organizations not able to properly configure or deploy cloud reliability.

Because yes you can do it, your workloads must be in multiple availability zones, but also in multiple regions. And yes you must do it, and yes it's at least 4 times more expensive, but this is the cloud !

When you did this on prem, when servers and responsible people would do right, you'd have to handle the same requirements, redundancy, multi sites, full diversity in your multiple internet connections (although this is still required even if you cloud) and so on.

So what happened to responsibility and accountability ? Vanished with the cloud ! Now, everybody just don't care, put one instance, no backup, and just hope for the best. Scary to say the least.

Anyways, this leads us to the key points of the week, and I apologize as I'm late, and even dropped some newsletters lately, had a lot of work, and this week was full training week on ISO 27701, with an exam (no result yet...crossing fingers) which was very interesting. It's good to see shared controls across multiple privacy laws and regulations, all following a same baseline, this is giving me hope. Getting this tight to cloud, you should encrypt everything before it does reach the dangerous cloud (on top of making sure your architecture will remain up when oups, we don't know what happened, the rabbit did eat the power cable and the cloud went down on all east-US).

So this week, just the key points and relevant things I saw :

1 - Teach your kids privacy, not deception - Smartwatches for children are a privacy and security nightmare

2 - The cloud leaks by nature, but it has a lot to do with wrong permissions as well - Not just buckets, are you aware of all your public resources ?

3 - A topic with an article that point to the right direction, in these cloudy times, almost always forgotten, responsibility, accountability, confidentiality, integrity, all of these very very basics - 9 Principles of Data Protection (one can see I was on privacy training :P )

4 - For all the cloud zombies that only cloud for cloud and understand nothing, do this because it's fancy to surf the trend, without actual business case and proper understanding - Why the cloud hangover !

5 - Meanwhile cloud based stuff get hacked as usual (I apologize, as everything is cloud nowadays, most failures are cloud too) - Hackers Steal $200 Million Worth of Cryptocurrency Tokens from Bitmart Exchange

6 - Do it yourself or be abused ! Vulnerabilities found in millions of WiFi Routers - You are hacked

7 - The cloud gives, the clouds takes - As Twitter removes blue badges for many, phishing targets verified accounts

8 - Judge dredd. Who needs the FBI when the cloud can do it all ! Microsoft Seizes Malicious Websites Used by Prolific Chinese APT Group

9 - Mobile phones are never controlled by the owner, it's an illusion - Pegasus Spyware Infects U.S. State Department iPhones

10 - The cloud leaks as usual - Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies

11 - That's funny as we joked about the traditional coming predictions articles, and here it starts - Cloud Security Predictions for 2022 (shhh, let me tell you, more leaks and massive failures and hacks !)

12 - My first favourite of this week : The cloud, hell of a big ducking SPOF ! AWS us-east-1 outage brings down services around the world - My poll about it ended up on trainee's fault :P with almost 50K views ! lol

13 - Cyber maturity involves one of the key pillars of cyber security : patch management - Next Trends for Risk Remediation: Cyber Maturity

14 - As incidents piles up in cyber : No Longer Optional: New U.S. Directives Require Surface Transportation and Aviation Sector to Report All Cybersecurity Incidents !

15 - Why people do not patch ? Hundreds of thousands of MikroTik devices still vulnerable to botnets

16 - Sonicwall patch time ! Unauthenticated full remote admin access via buffer overflow - It’s time to patch your SonicWall SMA 100 series appliances again!

17 - NPM supply chain attack again ! Check your packages ! Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers

18 - Volume of the botnet is back to 50% of what it was before law enforcement take down. Means its infrastructure is rebuilding and growing - Emotet Is Back and More Dangerous Than Before

19 - When it has "cloud" in the name or principles, it just means it is way more exposed than anything else to hacks and attacks - Microsoft, Google OAuth flaws can be abused in phishing attacks

20 - APIs took AWS down in a few minutes. Is your security testing ready for the API-first era?

21 - Do you have the proper security controls in place ? Data breach impacts 80,000 South Australian govt employees

22 - The nightmare of this week, on top of AWS repetitive failures : If you don't patch, you are hacked first - New zero-day exploit for Log4j Java library is an enterprise nightmare, But there is a "vaccine" for Log4j : Researchers release 'vaccine' for critical Log4Shell vulnerability

23 - AWS collapsing again ! Snapchat, Facebook Messenger, and more having issues as AWS faces downtime yet again , really funny, not like if all of these lacked of resources :P

24 - Would you detect an incident soon enough to minimize its impact ? Volvo Cars discloses security breach leading to R&D data theft

25 - As the cloud leak and fail constantly, it's good for you to be aware of the main reason of cloud failure and leaks, which is misconfiguration - SaaS Attacks: Lessons from Real-Life Misconfiguration Exploits

And that's about it ! Have a good week all ! I had a good morning on this sunday, as I shared earlier, got myself an ATV second hand, and this morning was my first trail with it, it was really cool ! Found myself a hobby that really disconnect from computing and all. When on the bike, just focusing on what happen around. Was frozen in the morning, but we get weird weather lately, lot of wind (not as bad as the tornados in the us :s that was horrible), but a lot of trees felt, so I helped removing some trees from the path, and with temperating going above freezing, it became really muddy. I headed home and had to shower the ATV, and my clothes :P Enjoy !